[llvm] [PAC][InstCombine] Replace auth+sign with resign (PR #130807)
Kristof Beyls via llvm-commits
llvm-commits at lists.llvm.org
Thu Mar 13 08:33:41 PDT 2025
================
@@ -2978,6 +2978,29 @@ Instruction *InstCombinerImpl::visitCallInst(CallInst &CI) {
Intrinsic::getOrInsertDeclaration(II->getModule(), NewIntrin);
return CallInst::Create(NewFn, CallArgs);
}
+ case Intrinsic::ptrauth_sign: {
+ // auth + sign can be replaced with resign, which prevents unsafe
+ // spills and reloads of intermediate authenticated value.
----------------
kbeyls wrote:
I wonder if this comment would be easier to understand by a reader who hasn't worked much on pointer authentication if it explained this in a bit more detail, for example as: `After auth, a raw, non-signed pointer resides in a register. Later compiler passes may end up spilling and reloading this raw pointer to memory, which undermines the security property that pointer authentication aims to give (not having certain classes of pointers residing unsigned/raw in memory).
By rewriting an authentication followed by a signing operation as a single resign, we eliminate the possibility of the intermediate unsigned pointer being spilled to memory`
https://github.com/llvm/llvm-project/pull/130807
More information about the llvm-commits
mailing list