[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: Detect address materialization and arithmetics (PR #132540)

[Kristof Beyls via llvm-branch-commits]

================
@@ -587,6 +587,22 @@ class MCPlusBuilder {
     return getNoRegister();
   }
 
+  virtual MCPhysReg getSafelyMaterializedAddressReg(const MCInst &Inst) const {
+    llvm_unreachable("not implemented");
+    return getNoRegister();
+  }
+
+  /// Analyzes if this instruction can safely perform address arithmetics.
----------------
kbeyls wrote:

Similar here, I think a definition is needed for what "safely performing address arithmetics" means here.

I'm assuming that "safe" here is in the context of a particular threat model.
Different threat models may require different definitions of "safe". In other words, what is "safe" under one threat model, might not be safe under another threat model.

I think that the threat model should be described as accurately as possible in at least the comment documenting these methods.

Is my guess correct that roughly the threat model is "The assumption is that values stored in data memory are 'unsafe', because the attackers under our threat model (question: can we point to a written up threat model somewhere?) are assumed to be able to change values in writeable data memory. In contrast, values in code memory or in registers are assumed to not be changeable by an attacker".

https://github.com/llvm/llvm-project/pull/132540