[llvm] [BOLT] Gadget scanner: detect authentication oracles (PR #135663)
Anatoly Trosinenko via llvm-commits
llvm-commits at lists.llvm.org
Wed May 28 03:48:56 PDT 2025
================
@@ -717,6 +740,457 @@ SrcSafetyAnalysis::create(BinaryFunction &BF,
RegsToTrackInstsFor);
}
+/// A state representing which registers are safe to be used as the destination
+/// operand of an authentication instruction.
+///
+/// Similar to SrcState, it is the responsibility of the analysis to take
+/// register aliasing into account.
+///
+/// Depending on the implementation, it may be possible that an authentication
----------------
atrosinenko wrote:
There are indeed several architecture extensions related to PAuth on AArch64 that influence the behavior of sign and auth operations (aside from simply choosing the hash algorithms): `FEAT_PAuth`, `FEAT_FPAC`, `FEAT_EPAC`, `FEAT_PAuth2`, ... As far as I understand, it is `FEAT_FPAC` that controls whether the authentication instruction traps on failure.
https://github.com/llvm/llvm-project/pull/135663
More information about the llvm-commits
mailing list