[llvm] [BOLT][AArch64] Handle OpNegateRAState to enable optimizing binaries with pac-ret hardening (PR #120064)

Paschalis Mpeis via llvm-commits llvm-commits at lists.llvm.org
Mon Oct 6 04:09:34 PDT 2025 

Gergely =?utf-8?q?Bálint?= <balintgergely99 at gmail.com>,Gergely Balint
 <gergely.balint at arm.com>,Gergely Balint <gergely.balint at arm.com>,Gergely
 Balint <gergely.balint at arm.com>
Message-ID:
In-Reply-To: <llvm.org/llvm/llvm-project/pull/120064 at github.com>


================
@@ -0,0 +1,228 @@
+# Optimizing binaries with pac-ret hardening
+
+This is a design document about processing the `DW_CFA_AARCH64_negate_ra_state`
+DWARF instruction in BOLT. As it describes internal design decisions, the
+intended audience is BOLT developers. The document is an updated version of the
+[RFC posted on the LLVM Discourse](https://discourse.llvm.org/t/rfc-bolt-aarch64-handle-opnegaterastate-to-enable-optimizing-binaries-with-pac-ret-hardening/86594).
+
+
+`DW_CFA_AARCH64_negate_ra_state` is also referred to as  `.cfi_negate_ra_state`
+in assembly, or `OpNegateRAState` in BOLT sources. In this document, I will use
+**negate-ra-state** as a shorthand.
+
+## Introduction
+
+### Pointer Authentication
+
+For more information, see the [pac-ret section of the BOLT-binary-analysis document](BinaryAnalysis.md#pac-ret-analysis).
+
+### DW_CFA_AARCH64_negate_ra_state
+
+The negate-ra-state CFI is a vendor-specific Call Frame Instruction defined in
+the [Arm ABI](https://github.com/ARM-software/abi-aa/blob/main/aadwarf64/aadwarf64.rst#id1).
+
+```
+The DW_CFA_AARCH64_negate_ra_state operation negates bit[0] of the RA_SIGN_STATE pseudo-register.
+```
+
+This bit indicates to the unwinder whether the current return address is signed
+or not (hence the name). The unwinder uses this information to authenticate the
+pointer, and remove the Pointer Authentication Code (PAC) bits.
+Incorrect placment of negate-ra-state CFIs causes the unwinder to either attempt
----------------
paschalis-mpeis wrote:

```suggestion
Incorrect placement of negate-ra-state CFIs causes the unwinder to either attempt
```

https://github.com/llvm/llvm-project/pull/120064

More information about the llvm-commits mailing list