[llvm] [AArch64][PAC] Lower jump-tables using hardened pseudo. (PR #97666)

Sun Jul 7 23:51:24 PDT 2024

================
@@ -1143,6 +1143,32 @@ def JumpTableDest8 : Pseudo<(outs GPR64:$dst, GPR64sp:$scratch),
                      Sched<[]>;
 }
 
+// A hardened but more expensive version of jump-table dispatch.
+// This combines the target address computation (otherwise done using the
+// JumpTableDest pseudos above) with the branch itself (otherwise done using
+// a plain BR) in a single non-attackable sequence.
+//
+// We take the final entry index as an operand to allow isel freedom. This does
+// mean that the index can be attacker-controlled.  To address that, we also do
+// limited checking of the offset, mainly ensuring it still points within the
+// jump-table array.  When it doesn't, this branches to the first entry.
----------------
kovdan01 wrote:

Nit: in AsmPrinter, you have the following comment:

```
// This picks entry #0 on failure.
// We might want to trap instead.
```

You probably want to mention that "We might want to trap instead" here (and in PR description) as well. Such behavior actually looks more suitable as for me, but I'm OK with branching to the first entry as for now.

https://github.com/llvm/llvm-project/pull/97666
