[llvm] [BOLT][binary-analysis] Add initial pac-ret gadget scanner (PR #122304)

LLVM Continuous Integration via llvm-commits llvm-commits at lists.llvm.org
Mon Feb 24 11:34:14 PST 2025 

llvm-ci wrote:

LLVM Buildbot has detected a new failure on builder `premerge-monolithic-linux` running on `premerge-linux-1` while building `bolt` at step 7 "test-build-unified-tree-check-all".

Full details are available at: https://lab.llvm.org/buildbot/#/builders/153/builds/23691

<details>
<summary>Here is the relevant piece of the build log for the reference</summary>

```
Step 7 (test-build-unified-tree-check-all) failure: test (failure)
******************** TEST 'BOLT :: binary-analysis/AArch64/gs-pacret-autiasp.s' FAILED ********************
Exit Code: 1

Command Output (stderr):
--
RUN: at line 1: /build/buildbot/premerge-monolithic-linux/build/bin/clang  --target=x86_64-unknown-linux-gnu -fPIE -fuse-ld=lld -Wl,--unresolved-symbols=ignore-all -Wl,--build-id=none -pie --target=aarch64-linux-gnu -nostartfiles -nostdlib -ffreestanding -march=armv9.5-a+pauth-lr -mbranch-protection=pac-ret /build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/gs-pacret-autiasp.s /build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/../../Inputs/asm_main.c -o /build/buildbot/premerge-monolithic-linux/build/tools/bolt/test/binary-analysis/AArch64/Output/gs-pacret-autiasp.s.tmp.exe
+ /build/buildbot/premerge-monolithic-linux/build/bin/clang --target=x86_64-unknown-linux-gnu -fPIE -fuse-ld=lld -Wl,--unresolved-symbols=ignore-all -Wl,--build-id=none -pie --target=aarch64-linux-gnu -nostartfiles -nostdlib -ffreestanding -march=armv9.5-a+pauth-lr -mbranch-protection=pac-ret /build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/gs-pacret-autiasp.s /build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/../../Inputs/asm_main.c -o /build/buildbot/premerge-monolithic-linux/build/tools/bolt/test/binary-analysis/AArch64/Output/gs-pacret-autiasp.s.tmp.exe
ld.lld: warning: cannot find entry symbol _start; not setting start address
RUN: at line 2: /build/buildbot/premerge-monolithic-linux/build/bin/llvm-bolt-binary-analysis --scanners=pacret /build/buildbot/premerge-monolithic-linux/build/tools/bolt/test/binary-analysis/AArch64/Output/gs-pacret-autiasp.s.tmp.exe 2>&1 | /build/buildbot/premerge-monolithic-linux/build/bin/FileCheck /build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/gs-pacret-autiasp.s
+ /build/buildbot/premerge-monolithic-linux/build/bin/llvm-bolt-binary-analysis --scanners=pacret /build/buildbot/premerge-monolithic-linux/build/tools/bolt/test/binary-analysis/AArch64/Output/gs-pacret-autiasp.s.tmp.exe
+ /build/buildbot/premerge-monolithic-linux/build/bin/FileCheck /build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/gs-pacret-autiasp.s
/build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/gs-pacret-autiasp.s:16:17: error: CHECK-LABEL: expected string not found in input
// CHECK-LABEL: GS-PACRET: non-protected ret found in function f1, basic block .LBB{{[0-9]+}}, at address
                ^
<stdin>:1:1: note: scanning from here
BOLT-INFO: shared object or position-independent executable detected
^
<stdin>:8:1: note: possible intended match here
GS-PACRET: non-protected ret found in function f1, basic block .Ltmp0, at address 10270
^

Input file: <stdin>
Check file: /build/buildbot/premerge-monolithic-linux/llvm-project/bolt/test/binary-analysis/AArch64/gs-pacret-autiasp.s

-dump-input=help explains the following input dump.

Input was:
<<<<<<
            1: BOLT-INFO: shared object or position-independent executable detected 
label:16'0     X~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ error: no match found
            2: BOLT-INFO: Target architecture: aarch64 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            3: BOLT-INFO: BOLT version: 850b49297615a613ac83adca2c9cf823a4b8ef95 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            4: BOLT-INFO: first alloc address is 0x0 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            5: BOLT-INFO: creating new program header table at address 0x200000, offset 0x200000 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            6: BOLT-WARNING: non-relocation mode for AArch64 is not fully supported 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
            7:  
label:16'0     ~
            8: GS-PACRET: non-protected ret found in function f1, basic block .Ltmp0, at address 10270 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
label:16'1     ?                                                                                        possible intended match
            9:  The return instruction is 00010270: ret 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           10:  The 1 instructions that write to the return register after any authentication are: 
label:16'0     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
           11:  1. 0001026c: ldp x29, x30, [sp], #0x10 
...

```

</details>

https://github.com/llvm/llvm-project/pull/122304

More information about the llvm-commits mailing list