[llvm] [llvm-exegesis][AArch64] Check for PAC keys before disabling them (PR #138643)

Fri Aug 8 12:17:42 PDT 2025

atrosinenko wrote:

By the way, what is the timeline of the related issues and fixes? It should probably help with the review to enumerate all the issues and attempted solutions. Here is what I can see:
* **ISSUE:** iterating over all available opcodes on AArch64 (something like `--mode=latency --opcode-index=-1`) made the benchmarks fail with "Illegal instruction" error on CPUs implementing FEAT_FPAC
  - IIUC this error is per-opcode thanks to signal handling set up by the snippet executor and it doesn't seem to influence the return code of the entire `llvm-exegesis` process
  - I'm not sure if it is possible to configure Linux kernel so that failed authentications would result in a non-recoverable error instead of a regular SIGILL - this would increase the importance of handling `AUT*` instructions properly, but I'm not aware of such configurations
  - or maybe some sort of semi-automatic checking was performed to ensure that all instructions are handled properly
* **SOLUTION:** proposed in PR #132346
  - the original solution was to reject PAuth-related opcodes unconditionally
  - extra code to disable the keys instead was added later during the review
* **ISSUE:** merging the above PR resulted in build failures because `PR_PAC_SET_ENABLED_KEYS` was missing in header files on old systems - reverted in #134971
* **SOLUTION:** the patch was reapplied in #136868 with fixes for build failures
* **ISSUE:** run-time errors were observed on some buildbots after applying the fixed version, so it was reverted in #142382
  - one hypothesis was that `prctl` may return error due to keys being disabled or unsupported by the kernel
  - another hypothesis was that llvm-exegesis crashes because it was started with PAuth enabled, stored some signed pointers here and there and later crashed on dereferencing these pointers with disabled keys
* **SOLUTION:** this PR tries to fix #136868 by handling unsupported `prctl` operations and already disabled keys gracefully. Furthermore, it adds a command-line option for users to override the default behavior
  - it is probably still unsafe to disable the keys when llvm-exegesis is built with PAuth-hardening

Please feel free to correct me as I likely missed some points.

Given the above, another approach could be to have three modes of operation:
* skip `AUT*` instructions as unsupported (use by default)
* measure `AUT*` instructions as regular instructions (i.e. no custom snippet generation, just do not skip them) - in case the user wants to measure `AUT*` instructions on a CPU without FEAT_FPAC
* same as the above option, but disable the keys first - in case the user wants to measure `AUT*` instructions on a CPU with FEAT_FPAC, assuming disabling the keys does not affect timings significantly and llvm-exegesis and the run-time libraries are built _as appropriate_

And someday the fourth mode could be implemented - custom snippet generation, so that correctly-signed pointers are passed to authentication instructions :)

Have I forgotten any other issues that we would like to solve?

https://github.com/llvm/llvm-project/pull/138643