[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: detect untrusted LR before tail call (PR #137224)
Kristof Beyls via llvm-branch-commits
llvm-branch-commits at lists.llvm.org
Tue Jun 24 06:00:53 PDT 2025
================
@@ -1319,6 +1319,83 @@ shouldReportReturnGadget(const BinaryContext &BC, const MCInstReference &Inst,
return make_gadget_report(RetKind, Inst, *RetReg);
}
+/// While BOLT already marks some of the branch instructions as tail calls,
+/// this function tries to improve the coverage by including less obvious cases
+/// when it is possible to do without introducing too many false positives.
----------------
kbeyls wrote:
Do you happen to know whether it would be a good idea to adapt what BOLT overall considers as tail calls to also include the cases that this function adds in addition?
Basically, does there need to be a separate "definition" of what is considered a tail call, only for the pauth analysis, versus the "definition" of a tail call in all other places in BOLT?
If there is a good reason why there has to be a difference, maybe it makes sense to explain in this comment why that is the case?
https://github.com/llvm/llvm-project/pull/137224
More information about the llvm-branch-commits
mailing list