[llvm] [AArch64][PAC] Protect the entire function if pac-ret+leaf is passed (PR #140895)

Wed Jul 2 07:38:42 PDT 2025

================
@@ -74,19 +74,19 @@ define hidden noundef i32 @baz_async(i32 noundef %a) #0 uwtable(async) {
 ; CHECK-V8A-NEXT:    bl _Z3bari
 ; CHECK-V8A-NEXT:    ldr x30, [sp], #16 // 8-byte Folded Reload
 ; CHECK-V8A-NEXT:    .cfi_def_cfa_offset 0
+; CHECK-V8A-NEXT:    .cfi_restore w30
 ; CHECK-V8A-NEXT:    hint #29
 ; CHECK-V8A-NEXT:    .cfi_negate_ra_state
-; CHECK-V8A-NEXT:    .cfi_restore w30
 ; CHECK-V8A-NEXT:    b _Z3bari
 ; CHECK-V8A-NEXT:  .LBB1_2: // %if.else
 ; CHECK-V8A-NEXT:    .cfi_restore_state
 ; CHECK-V8A-NEXT:    bl _Z4quuxi
 ; CHECK-V8A-NEXT:    add w0, w0, #1
 ; CHECK-V8A-NEXT:    ldr x30, [sp], #16 // 8-byte Folded Reload
 ; CHECK-V8A-NEXT:    .cfi_def_cfa_offset 0
+; CHECK-V8A-NEXT:    .cfi_restore w30
----------------
atrosinenko wrote:

After thinking a bit more, I returned to the original variant, as it adds less corner cases to `AArch64FrameLowering` and still seems to be correct according to DWARF specification, because a dedicated virtual register is defined by DWARF on AArch64 to track whether link register is currently signed:
```
foo:
  // x30 is in x30
  // RA_SIGN_STATE[0] is 0, i.e. x30 is not signed
  paciasp
  .cfi_negate_ra_state
  // x30 is still in x30
  // RA_SIGN_STATE[0] is 1, i.e. x30 is signed
  str x30, [sp, #-16]!
  .cfi_def_cfa_offset 16
  .cfi_offset w30, -16
  // x30 is on stack
  // RA_SIGN_STATE[0] is 1, i.e. the stored value is signed
  // At this point, there is no location containing the original, non-signed  value of LR
...
  ldr x30, [sp], #16
  .cfi_restore w30
  // x30 is in x30, but it is still signed
...
  autiasp
  .cfi_negate_ra_state
  // x30 is in x30 and is not signed
```
Aside from adding less complexity to AArch64FrameLowering, this prevents x30 from being described as still being stored on the stack, while the actual value to be authenticated and returned to is already in x30.

https://github.com/llvm/llvm-project/pull/140895
