llvm-project/clang/test/CodeGen/ptrauth-function-attributes.c

// RUN: %clang_cc1 -triple arm64-apple-ios                    -emit-llvm %s  -o - | FileCheck %s --check-prefixes=ALL,OFF
// RUN: %clang_cc1 -triple arm64e-apple-ios                   -emit-llvm %s  -o - | FileCheck %s --check-prefixes=ALL,OFF
// RUN: %clang_cc1 -triple aarch64-linux-gnu                  -emit-llvm %s  -o - | FileCheck %s --check-prefixes=ALL,OFF

// RUN: %clang_cc1 -triple arm64-apple-ios   -fptrauth-calls  -emit-llvm %s  -o - | FileCheck %s --check-prefixes=ALL,CALLS
// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-calls  -emit-llvm %s  -o - | FileCheck %s --check-prefixes=ALL,CALLS

// RUN: %clang_cc1 -triple arm64-apple-ios   -fptrauth-returns -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,RETS
// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-returns -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,RETS

// RUN: %clang_cc1 -triple arm64-apple-ios   -fptrauth-auth-traps -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,TRAPS
// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-auth-traps -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,TRAPS

// RUN: %clang_cc1 -triple arm64-apple-ios   -fptrauth-indirect-gotos -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS
// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-indirect-gotos -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,GOTOS

// RUN: %clang_cc1 -triple arm64e-apple-ios  -faarch64-jump-table-hardening -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,JMPTBL
// RUN: %clang_cc1 -triple aarch64-linux-gnu -faarch64-jump-table-hardening -emit-llvm %s -o - | FileCheck %s --check-prefixes=ALL,JMPTBL

// ALL: define {{(dso_local )?}}void @test() #0
void test() {
}

// CALLS: attributes #0 = {{{.*}} "ptrauth-calls" {{.*}}}

// RETS: attributes #0 = {{{.*}} "ptrauth-returns" {{.*}}}

// TRAPS: attributes #0 = {{{.*}} "ptrauth-auth-traps" {{.*}}}

// GOTOS: attributes #0 = {{{.*}} "ptrauth-indirect-gotos" {{.*}}}

// JMPTBL: attributes #0 = {{{.*}} "aarch64-jump-table-hardening" {{.*}}}

// OFF-NOT: attributes {{.*}} "ptrauth-
[clang] Wire -fptrauth-returns to "ptrauth-returns" fn attribute. (#102416) We already ended up with -fptrauth-returns, the feature macro, the lang opt, and the actual backend lowering. The only part left is threading it all through PointerAuthOptions, to drive the addition of the "ptrauth-returns" attribute to generated functions. While there, do minor cleanup on ptrauth-function-attributes.c. This also adds ptrauth_key_return_address to ptrauth.h. 2024-08-09 11:49:50 -07:00			`// RUN: %clang_cc1 -triple arm64-apple-ios -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,OFF`
[clang] Implement function pointer signing and authenticated function calls (#93906) The functions are currently always signed/authenticated with zero discriminator. Co-Authored-By: John McCall <rjmccall@apple.com> 2024-06-21 10:20:15 -07:00			`// RUN: %clang_cc1 -triple arm64e-apple-ios -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,OFF`
			`// RUN: %clang_cc1 -triple aarch64-linux-gnu -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,OFF`

[clang] Wire -fptrauth-returns to "ptrauth-returns" fn attribute. (#102416) We already ended up with -fptrauth-returns, the feature macro, the lang opt, and the actual backend lowering. The only part left is threading it all through PointerAuthOptions, to drive the addition of the "ptrauth-returns" attribute to generated functions. While there, do minor cleanup on ptrauth-function-attributes.c. This also adds ptrauth_key_return_address to ptrauth.h. 2024-08-09 11:49:50 -07:00			`// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-calls -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,CALLS`
[clang] Implement function pointer signing and authenticated function calls (#93906) The functions are currently always signed/authenticated with zero discriminator. Co-Authored-By: John McCall <rjmccall@apple.com> 2024-06-21 10:20:15 -07:00			`// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-calls -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,CALLS`

[clang] Wire -fptrauth-returns to "ptrauth-returns" fn attribute. (#102416) We already ended up with -fptrauth-returns, the feature macro, the lang opt, and the actual backend lowering. The only part left is threading it all through PointerAuthOptions, to drive the addition of the "ptrauth-returns" attribute to generated functions. While there, do minor cleanup on ptrauth-function-attributes.c. This also adds ptrauth_key_return_address to ptrauth.h. 2024-08-09 11:49:50 -07:00			`// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-returns -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,RETS`
			`// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-returns -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,RETS`

[clang] Implement -fptrauth-auth-traps. (#102417) This provides -fptrauth-auth-traps, which at the frontend level only controls the addition of the "ptrauth-auth-traps" function attribute. The attribute in turn controls various aspects of backend codegen, by providing the guarantee that every "auth" operation generated will trap on failure. This can either be delegated to the hardware (if AArch64 FPAC is known to be available), in which case this attribute doesn't change codegen. Otherwise, if FPAC isn't available, this asks the backend to emit additional instructions to check and trap on auth failure. 2024-08-09 12:32:01 -07:00			`// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-auth-traps -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,TRAPS`
			`// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-auth-traps -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,TRAPS`

[PAC][clang][test] Implement missing tests for some PAuth features (#100206) Implement tests for the following PAuth-related features: - driver, preprocessor and ELF codegen tests for type_info vtable pointer discrimination #99726; - driver, preprocessor, and ELF codegen (emitting function attributes) + sema (emitting errors) tests for indirect gotos signing #97647; - ELF codegen tests for ubsan type checks + auth #99590; - ELF codegen tests for constant global init with polymorphic MI #99741; - ELF codegen tests for C++ member function pointers auth #99576. 2024-07-25 00:24:50 +03:00			`// RUN: %clang_cc1 -triple arm64-apple-ios -fptrauth-indirect-gotos -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,GOTOS`
			`// RUN: %clang_cc1 -triple aarch64-linux-gnu -fptrauth-indirect-gotos -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,GOTOS`
[AArch64][PAC] Sign block addresses used in indirectbr. (#97647) Enabled in clang using: -fptrauth-indirect-gotos and at the IR level using function attribute: "ptrauth-indirect-gotos" Signing uses IA and a per-function integer discriminator. The discriminator isn't ABI-visible, and is currently: ptrauth_string_discriminator("<function_name> blockaddress") A sufficiently sophisticated frontend could benefit from per-indirectbr discrimination, which would need additional machinery, such as allowing "ptrauth" bundles on indirectbr. For our purposes, the simple scheme above is sufficient. This approach doesn't support subtracting label addresses and using the result as offsets, because each label address is signed. Pointer arithmetic on signed pointers corrupts the signature bits, and because label address expressions aren't typed beyond void*, we can't do anything reliably intelligent on the arithmetic exprs. Not signing addresses when used to form offsets would allow easily hijacking control flow by overwriting the offset. This diagnoses the basic cases (`&&lbl2 - &&lbl1`) in the frontend, while we evaluate either alternative implementations (e.g., lowering blockaddress to a bb number, and indirectbr to a checked jump-table), or better diagnostics (both at the frontend level and on unencodable IR constants). 2024-07-22 21:24:39 -07:00
[PAC][Driver] Add `-faarch64-jump-table-hardening` flag (#113149) The flag is placed together with pointer authentication flags since they serve the same security purpose of protecting against attacks on control flow. The flag is not ABI-affecting and might be enabled separately if needed, but it's also intended to be enabled as part of pauth-enabled environments (e.g. pauthtest). See also codegen implementation #97666. 2024-12-05 11:34:29 +03:00			`// RUN: %clang_cc1 -triple arm64e-apple-ios -faarch64-jump-table-hardening -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,JMPTBL`
			`// RUN: %clang_cc1 -triple aarch64-linux-gnu -faarch64-jump-table-hardening -emit-llvm %s -o - \| FileCheck %s --check-prefixes=ALL,JMPTBL`

[clang] Implement function pointer signing and authenticated function calls (#93906) The functions are currently always signed/authenticated with zero discriminator. Co-Authored-By: John McCall <rjmccall@apple.com> 2024-06-21 10:20:15 -07:00			`// ALL: define {{(dso_local )?}}void @test() #0`
			`void test() {`
			`}`

			`// CALLS: attributes #0 = {{{.}} "ptrauth-calls" {{.}}}`

[clang] Wire -fptrauth-returns to "ptrauth-returns" fn attribute. (#102416) We already ended up with -fptrauth-returns, the feature macro, the lang opt, and the actual backend lowering. The only part left is threading it all through PointerAuthOptions, to drive the addition of the "ptrauth-returns" attribute to generated functions. While there, do minor cleanup on ptrauth-function-attributes.c. This also adds ptrauth_key_return_address to ptrauth.h. 2024-08-09 11:49:50 -07:00			`// RETS: attributes #0 = {{{.}} "ptrauth-returns" {{.}}}`

[clang] Implement -fptrauth-auth-traps. (#102417) This provides -fptrauth-auth-traps, which at the frontend level only controls the addition of the "ptrauth-auth-traps" function attribute. The attribute in turn controls various aspects of backend codegen, by providing the guarantee that every "auth" operation generated will trap on failure. This can either be delegated to the hardware (if AArch64 FPAC is known to be available), in which case this attribute doesn't change codegen. Otherwise, if FPAC isn't available, this asks the backend to emit additional instructions to check and trap on auth failure. 2024-08-09 12:32:01 -07:00			`// TRAPS: attributes #0 = {{{.}} "ptrauth-auth-traps" {{.}}}`

[AArch64][PAC] Sign block addresses used in indirectbr. (#97647) Enabled in clang using: -fptrauth-indirect-gotos and at the IR level using function attribute: "ptrauth-indirect-gotos" Signing uses IA and a per-function integer discriminator. The discriminator isn't ABI-visible, and is currently: ptrauth_string_discriminator("<function_name> blockaddress") A sufficiently sophisticated frontend could benefit from per-indirectbr discrimination, which would need additional machinery, such as allowing "ptrauth" bundles on indirectbr. For our purposes, the simple scheme above is sufficient. This approach doesn't support subtracting label addresses and using the result as offsets, because each label address is signed. Pointer arithmetic on signed pointers corrupts the signature bits, and because label address expressions aren't typed beyond void*, we can't do anything reliably intelligent on the arithmetic exprs. Not signing addresses when used to form offsets would allow easily hijacking control flow by overwriting the offset. This diagnoses the basic cases (`&&lbl2 - &&lbl1`) in the frontend, while we evaluate either alternative implementations (e.g., lowering blockaddress to a bb number, and indirectbr to a checked jump-table), or better diagnostics (both at the frontend level and on unencodable IR constants). 2024-07-22 21:24:39 -07:00			`// GOTOS: attributes #0 = {{{.}} "ptrauth-indirect-gotos" {{.}}}`

[PAC][Driver] Add `-faarch64-jump-table-hardening` flag (#113149) The flag is placed together with pointer authentication flags since they serve the same security purpose of protecting against attacks on control flow. The flag is not ABI-affecting and might be enabled separately if needed, but it's also intended to be enabled as part of pauth-enabled environments (e.g. pauthtest). See also codegen implementation #97666. 2024-12-05 11:34:29 +03:00			`// JMPTBL: attributes #0 = {{{.}} "aarch64-jump-table-hardening" {{.}}}`

[clang] Implement function pointer signing and authenticated function calls (#93906) The functions are currently always signed/authenticated with zero discriminator. Co-Authored-By: John McCall <rjmccall@apple.com> 2024-06-21 10:20:15 -07:00			`// OFF-NOT: attributes {{.*}} "ptrauth-`