[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: Detect address materialization and arithmetics (PR #132540)

[Kristof Beyls via llvm-branch-commits]

================
@@ -335,6 +335,50 @@ class PacRetAnalysis
     });
   }
 
+  BitVector getClobberedRegs(const MCInst &Point) const {
+    BitVector Clobbered(NumRegs, false);
+    // Assume a call can clobber all registers, including callee-saved
+    // registers. There's a good chance that callee-saved registers will be
+    // saved on the stack at some point during execution of the callee.
+    // Therefore they should also be considered as potentially modified by an
+    // attacker/written to.
+    // Also, not all functions may respect the AAPCS ABI rules about
+    // caller/callee-saved registers.
+    if (BC.MIB->isCall(Point))
+      Clobbered.set();
+    else
+      BC.MIB->getClobberedRegs(Point, Clobbered);
+    return Clobbered;
+  }
+
+  // Returns all registers that can be treated as if they are written by an
+  // authentication instruction.
+  SmallVector<MCPhysReg> getAuthenticatedRegs(const MCInst &Point,
----------------
kbeyls wrote:

Since this function is being changed to no longer return strictly only the registers that are authenticated by the instruction in `Point`, I think it would be best to adjust the name of this function accordingly.

I'm not sure I can easily come up with a better name. Would any of the following names be better?
- `getSafeToDerefRegs`
- `getNonAttackerControlledRegs`
or maybe
- `getSafeRegsWrittenBy` (since this method only returns registers written by `Point`?)

https://github.com/llvm/llvm-project/pull/132540