[llvm] [PAC][InstCombine] Replace auth+sign with resign (PR #130807)

Anatoly Trosinenko via llvm-commits llvm-commits at lists.llvm.org
Thu Mar 27 09:19:16 PDT 2025 

atrosinenko wrote:

For the record, in the discussion of #130809 the following example was proposed which is more relevant here:
```c
void* f3(void *p) {
  void* authed = __builtin_ptrauth_auth(p, 2, 1234);
  __asm__(""::"m"(authed));
  return __builtin_ptrauth_sign_unauthenticated(authed, 3, 42);
}
```
Turned out, with this PR, the following is emitted:
```
f3:
        sub     sp, sp, #16
        mov     x16, x0
        add     x8, sp, #8
        mov     x17, #1234
        autda   x16, x17
        mov     x17, x16
        xpacd   x17
        cmp     x16, x17
        b.eq    .Lauth_success_0
        brk     #0xc472
.Lauth_success_0:
        str     x16, [sp, #8]
        mov     x0, x16
        //APP
        //NO_APP
        mov     w8, #42
        pacdb   x0, x8
        add     sp, sp, #16
        ret
```
which does not seem safe. Though, the input of InstCombiner (the last invocation) is
```llvm
; Function Attrs: nounwind uwtable
define dso_local ptr @f3(ptr noundef %p) local_unnamed_addr #0 {
entry:
  %authed = alloca ptr, align 8
  call void @llvm.lifetime.start.p0(i64 8, ptr nonnull %authed) #4
  %0 = ptrtoint ptr %p to i64
  %1 = tail call i64 @llvm.ptrauth.auth(i64 %0, i32 2, i64 1234)
  %2 = inttoptr i64 %1 to ptr
  store ptr %2, ptr %authed, align 8, !tbaa !9
  call void asm sideeffect "", "*m"(ptr nonnull elementtype(ptr) %authed) #4, !srcloc !13
  %3 = load ptr, ptr %authed, align 8, !tbaa !9
  %4 = ptrtoint ptr %3 to i64
  %5 = call i64 @llvm.ptrauth.sign(i64 %4, i32 3, i64 42)
  %6 = inttoptr i64 %5 to ptr
  call void @llvm.lifetime.end.p0(i64 8, ptr nonnull %authed) #4
  ret ptr %6
}
```
Meaning it is probably not an issue of this PR, as even replacing `const auto *CI = dyn_cast<CallBase>(Ptr)` with `const auto *CI = dyn_cast<CallBase>(Ptr->stripPointerCasts())` would not help. On the other hand, simple cases that would be handled by `stripPointerCasts()` are seemingly handled before simplifying intrinsics calls anyway:
```llvm
define i64 @test_ptrauth_auth_sign_same_schema(ptr %p) {
; CHECK-LABEL: @test_ptrauth_auth_sign_same_schema(
; CHECK-NEXT:    [[P_INT:%.*]] = ptrtoint ptr [[P:%.*]] to i64
; CHECK-NEXT:    [[RESIGNED:%.*]] = call i64 @llvm.ptrauth.resign(i64 [[P_INT]], i32 1, i64 1234, i32 1, i64 1234)
; CHECK-NEXT:    ret i64 [[RESIGNED]]
;
  %p.int = ptrtoint ptr %p to i64
  %authed = call i64 @llvm.ptrauth.auth(i64 %p.int, i32 1, i64 1234)
  %authed.ptr = inttoptr i64 %authed to ptr
  %authed.ptr.int = ptrtoint ptr %authed.ptr to i64
  %resigned = call i64 @llvm.ptrauth.sign(i64 %authed.ptr.int, i32 1, i64 1234)
  ret i64 %resigned
}
```

https://github.com/llvm/llvm-project/pull/130807

More information about the llvm-commits mailing list