[llvm] [BOLT] Gadget scanner: implement finer-grained --scanners option (PR #176135)

[Anatoly Trosinenko via llvm-commits]

================
@@ -286,13 +286,23 @@ static cl::opt<bool> WriteBoltInfoSection(
     "bolt-info", cl::desc("write bolt info section in the output binary"),
     cl::init(true), cl::Hidden, cl::cat(BoltOutputCategory));
 
-cl::bits<GadgetScannerKind> GadgetScannersToRun(
-    "scanners", cl::desc("which gadget scanners to run"),
+static cl::list<GadgetScannerKind> GadgetScannersToRun(
+    "scanners", cl::desc("Which gadget scanners to run"),
     cl::values(
-        clEnumValN(GS_PACRET, "pacret",
-                   "pac-ret: return address protection (subset of \"pauth\")"),
-        clEnumValN(GS_PAUTH, "pauth", "All Pointer Authentication scanners"),
-        clEnumValN(GS_ALL, "all", "All implemented scanners")),
+        clEnumValN(GS_PTRAUTH_RETURN_TARGETS, "ptrauth-pac-ret",
+                   "Unprotected returns (pac-ret)"),
+        clEnumValN(GS_PTRAUTH_TAIL_CALLS, "ptrauth-tail-calls",
+                   "Tail calls performed with unprotected link register"),
+        clEnumValN(GS_PTRAUTH_BRANCH_AND_CALL_TARGETS, "ptrauth-forward-cf",
+                   "Unprotected calls and branches (forward control-flow)"),
+        clEnumValN(GS_PTRAUTH_SIGN_ORACLES, "ptrauth-sign-oracles",
+                   "Signing of untrusted pointers (signing oracles)"),
+        clEnumValN(GS_PTRAUTH_AUTH_ORACLES, "ptrauth-auth-oracles",
+                   "Authentication oracles"),
+
+        clEnumValN(GS_PTRAUTH_ALL_MASK, "ptrauth-all",
+                   "All Pointer Authentication scanners"),
----------------
atrosinenko wrote:

As far as I remember, originally there was an intention to keep `bolt/lib/Passes/PAuthGadgetScanner.cpp` (this identifier uses `PAuth`...) target-neutral when possible and keep target-dependent logic in the corresponding subclasses of `MCPlusBuilder`. Thus, one could probably say that gadget scanner *might* technically grow to support other targets someday.

By the way, looks like it is "ptrauth" term that turned out to be generally used in command line options of other tools:
```
$ ./bin/clang --help-hidden | grep -i pauth
$ ./bin/opt --help-hidden | grep -i pauth
$ ./bin/llc --help-hidden | grep -i pauth
$ ./bin/clang --help-hidden | grep -i ptrauth
  -fptrauth-auth-traps    Enable traps on authentication failures
  -fptrauth-block-descriptor-pointers
  -fptrauth-calls         Enable signing and authentication of all indirect calls
  -fptrauth-elf-got       Enable authentication of pointers from GOT (ELF only)
  -fptrauth-function-pointer-type-discrimination
  -fptrauth-indirect-gotos
  -fptrauth-init-fini-address-discrimination
  -fptrauth-init-fini     Enable signing of function pointers in init/fini arrays
  -fptrauth-intrinsics    Enable pointer authentication intrinsics
  -fptrauth-objc-class-ro Enable signing and authentication for ObjC class_ro pointers
  -fptrauth-objc-interface-sel
  -fptrauth-objc-isa      Enable signing and authentication of Objective-C object's 'isa' field
  -fptrauth-returns       Enable signing and authentication of return addresses
  -fptrauth-type-info-vtable-pointer-discrimination
  -fptrauth-vtable-pointer-address-discrimination
  -fptrauth-vtable-pointer-type-discrimination
$ ./bin/opt --help-hidden | grep -i ptrauth
  --aarch64-ptrauth-auth-checks=<value>                                      - Check pointer authentication auth/resign failures
      --aarch64-ptrauth                                                         - AArch64 Pointer Authentication
$ ./bin/llc --help-hidden | grep -i ptrauth
  --aarch64-ptrauth-auth-checks=<value>                                      - Check pointer authentication auth/resign failures
```

https://github.com/llvm/llvm-project/pull/176135