[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: clarify MCPlusBuilder callbacks interface (PR #136147)

2025-05-22 Thread Kristof Beyls via llvm-branch-commits
@@ -787,19 +794,20 @@ shouldReportSigningOracle(const BinaryContext &BC, const MCInstReference &Inst, const SrcState &S) { static const GadgetKind SigningOracleKind("signing oracle found"); - MCPhysReg SignedReg = BC.MIB->getSignedReg(Inst); - if

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: clarify MCPlusBuilder callbacks interface (PR #136147)

2025-05-22 Thread Kristof Beyls via llvm-branch-commits
kbeyls wrote: > @kbeyls Looks like something went wrong with the UI, and only the "cover > letter" was sent instead of the full review. Ah yes, my apologies... Hopefully you can see the inline comments now... https://github.com/llvm/llvm-project/pull/136147

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: clarify MCPlusBuilder callbacks interface (PR #136147)

2025-05-22 Thread Kristof Beyls via llvm-branch-commits
kbeyls wrote: Thanks, this mostly looks good to me. I just left a few nit-picky questions or comments inline https://github.com/llvm/llvm-project/pull/136147 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: account for BRK when searching for auth oracles (PR #137975)

2025-06-24 Thread Kristof Beyls via llvm-branch-commits
@@ -1751,6 +1750,25 @@ class AArch64MCPlusBuilder : public MCPlusBuilder { Inst.addOperand(MCOperand::createImm(0)); } + bool isTrap(const MCInst &Inst) const override { +if (Inst.getOpcode() != AArch64::BRK) + return false; +// Only match the immediate val

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: detect untrusted LR before tail call (PR #137224)

2025-06-24 Thread Kristof Beyls via llvm-branch-commits
https://github.com/kbeyls commented: Thanks, mostly looks good, I only have 1 nitpicky comment about the underlying reason why the pauth analyzer should have a slightly different "definition" of what is considered a tail call versus BOLT overall. https://github.com/llvm/llvm-project/pull/13722

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: fix LR to be safe in leaf functions without CFG (PR #141824)

2025-06-23 Thread Kristof Beyls via llvm-branch-commits
https://github.com/kbeyls edited https://github.com/llvm/llvm-project/pull/141824 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: fix LR to be safe in leaf functions without CFG (PR #141824)

2025-06-23 Thread Kristof Beyls via llvm-branch-commits
https://github.com/kbeyls approved this pull request. This looks like a great simple improvement, thanks! https://github.com/llvm/llvm-project/pull/141824 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cg

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: detect untrusted LR before tail call (PR #137224)

2025-06-25 Thread Kristof Beyls via llvm-branch-commits
https://github.com/kbeyls edited https://github.com/llvm/llvm-project/pull/137224 ___ llvm-branch-commits mailing list llvm-branch-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits

[llvm-branch-commits] [llvm] [BOLT] Gadget scanner: detect untrusted LR before tail call (PR #137224)

2025-06-25 Thread Kristof Beyls via llvm-branch-commits
@@ -1319,6 +1319,83 @@ shouldReportReturnGadget(const BinaryContext &BC, const MCInstReference &Inst, return make_gadget_report(RetKind, Inst, *RetReg); } +/// While BOLT already marks some of the branch instructions as tail calls, +/// this function tries to improve the co

<    1   2