[BOLT][NFC] Simplify RAState tracking

- Remove 'Authenticating' and 'Signing' MCAnnotations.
- The same logic can be done using only 'Signed' and 'Unsigned' annotations.
- To check if an instruction is signing or authenticating, we can use
  the PSignOnLR, and PAuthOnLR functions.

Author: bgergely0

bolt/include/bolt/Core/MCPlus.h

@@ -72,9 +72,7 @@ class MCAnnotation {
     kLabel,               /// MCSymbol pointing to this instruction.
     kSize,                /// Size of the instruction.
     kDynamicBranch,       /// Jit instruction patched at runtime.
-    kSigning,             /// Inst is a signing instruction (paciasp, etc.).
     kSigned,              /// Inst is in a range where RA is signed.
-    kAuthenticating,      /// Authenticating inst (e.g. autiasp).
     kUnsigned,            /// Inst is in a range where RA is unsigned.
     kRememberState,       /// Inst has rememberState CFI.
     kRestoreState,        /// Inst has restoreState CFI.

bolt/include/bolt/Core/MCPlusBuilder.h

@@ -1361,18 +1361,6 @@ class MCPlusBuilder {
   /// Return true if \p Inst has Signed RA annotation.
   bool isRASigned(const MCInst &Inst) const;
 
-  /// Stores RA Signing annotation on \p Inst.
-  void setRASigning(MCInst &Inst) const;
-
-  /// Return true if \p Inst has Signing RA annotation.
-  bool isRASigning(const MCInst &Inst) const;
-
-  /// Stores Authenticating annotation on \p Inst.
-  void setAuthenticating(MCInst &Inst) const;
-
-  /// Return true if \p Inst has Authenticating annotation.
-  bool isAuthenticating(const MCInst &Inst) const;
-
   /// Stores RA Unsigned annotation on \p Inst.
   void setRAUnsigned(MCInst &Inst) const;
 

bolt/include/bolt/Passes/InsertNegateRAStatePass.h

@@ -28,15 +28,6 @@ class InsertNegateRAState : public BinaryFunctionPass {
   void runOnFunction(BinaryFunction &BF);
 
 private:
-  /// Loops over all instructions and adds OpNegateRAState CFI
-  /// after any pointer signing or authenticating instructions,
-  /// which operate on the LR, except fused pauth + ret instructions
-  /// (such as RETAA). Normal pauth and psign instructions are "special cases",
-  /// meaning they always need an OpNegateRAState CFI after them.
-  /// Fused pauth + ret instructions are not, they work as any other
-  /// instruction.
-  /// Returns true, if any OpNegateRAState CFIs were added.
-  bool addNegateRAStateAfterPSignOrPAuth(BinaryFunction &BF);
   /// Because states are tracked as MCAnnotations on individual instructions,
   /// newly inserted instructions do not have a state associated with them.
   /// New states are "inherited" from the last known state.

bolt/lib/Core/MCPlusBuilder.cpp

@@ -195,24 +195,6 @@ bool MCPlusBuilder::isRASigned(const MCInst &Inst) const {
   return hasAnnotation(Inst, MCAnnotation::kSigned);
 }
 
-void MCPlusBuilder::setRASigning(MCInst &Inst) const {
-  assert(!hasAnnotation(Inst, MCAnnotation::kSigning));
-  setAnnotationOpValue(Inst, MCAnnotation::kSigning, true);
-}
-
-bool MCPlusBuilder::isRASigning(const MCInst &Inst) const {
-  return hasAnnotation(Inst, MCAnnotation::kSigning);
-}
-
-void MCPlusBuilder::setAuthenticating(MCInst &Inst) const {
-  assert(!hasAnnotation(Inst, MCAnnotation::kAuthenticating));
-  setAnnotationOpValue(Inst, MCAnnotation::kAuthenticating, true);
-}
-
-bool MCPlusBuilder::isAuthenticating(const MCInst &Inst) const {
-  return hasAnnotation(Inst, MCAnnotation::kAuthenticating);
-}
-
 void MCPlusBuilder::setRAUnsigned(MCInst &Inst) const {
   assert(!hasAnnotation(Inst, MCAnnotation::kUnsigned));
   setAnnotationOpValue(Inst, MCAnnotation::kUnsigned, true);
@@ -223,8 +205,7 @@ bool MCPlusBuilder::isRAUnsigned(const MCInst &Inst) const {
 }
 
 bool MCPlusBuilder::isRAStateUnknown(const MCInst &Inst) const {
-  return !(isRAUnsigned(Inst) || isRASigned(Inst) || isRASigning(Inst) ||
-           isAuthenticating(Inst));
+  return !(isRAUnsigned(Inst) || isRASigned(Inst));
 }
 
 std::optional<MCLandingPad> MCPlusBuilder::getEHInfo(const MCInst &Inst) const {

bolt/lib/Passes/InsertNegateRAStatePass.cpp

@@ -34,9 +34,6 @@ void InsertNegateRAState::runOnFunction(BinaryFunction &BF) {
     return;
   }
 
-  // Attach .cfi_negate_ra_state to the "trivial" cases first.
-  addNegateRAStateAfterPSignOrPAuth(BF);
-
   inferUnknownStates(BF);
 
   for (FunctionFragment &FF : BF.getLayout().fragments()) {
@@ -67,24 +64,6 @@ void InsertNegateRAState::runOnFunction(BinaryFunction &BF) {
   }
 }
 
-bool InsertNegateRAState::addNegateRAStateAfterPSignOrPAuth(
-    BinaryFunction &BF) {
-  BinaryContext &BC = BF.getBinaryContext();
-  bool FoundAny = false;
-  for (BinaryBasicBlock &BB : BF) {
-    for (auto Iter = BB.begin(); Iter != BB.end(); ++Iter) {
-      MCInst &Inst = *Iter;
-      if (BC.MIB->isPSignOnLR(Inst) ||
-          (BC.MIB->isPAuthOnLR(Inst) && !BC.MIB->isPAuthAndRet(Inst))) {
-        Iter = BF.addCFIInstruction(
-            &BB, Iter + 1, MCCFIInstruction::createNegateRAState(nullptr));
-        FoundAny = true;
-      }
-    }
-  }
-  return FoundAny;
-}
-
 void InsertNegateRAState::coverFunctionFragmentStart(BinaryFunction &BF,
                                                      FunctionFragment &FF) {
   BinaryContext &BC = BF.getBinaryContext();
@@ -102,8 +81,7 @@ void InsertNegateRAState::coverFunctionFragmentStart(BinaryFunction &BF,
       });
   // If a function is already split in the input, the first FF can also start
   // with Signed state. This covers that scenario as well.
-  if (BC.MIB->isRASigned(*((*FirstNonEmpty)->begin())) ||
-      BC.MIB->isAuthenticating(*((*FirstNonEmpty)->begin()))) {
+  if (BC.MIB->isRASigned(*((*FirstNonEmpty)->begin()))) {
     BF.addCFIInstruction(*FirstNonEmpty, (*FirstNonEmpty)->begin(),
                          MCCFIInstruction::createNegateRAState(nullptr));
   }
@@ -121,10 +99,10 @@ void InsertNegateRAState::inferUnknownStates(BinaryFunction &BF) {
         continue;
 
       if (!FirstIter && BC.MIB->isRAStateUnknown(Inst)) {
-        if (BC.MIB->isRASigned(PrevInst) || BC.MIB->isRASigning(PrevInst)) {
+        if (BC.MIB->isRASigned(PrevInst) || BC.MIB->isPSignOnLR(PrevInst)) {
           BC.MIB->setRASigned(Inst);
         } else if (BC.MIB->isRAUnsigned(PrevInst) ||
-                   BC.MIB->isAuthenticating(PrevInst)) {
+                   BC.MIB->isPAuthOnLR(PrevInst)) {
           BC.MIB->setRAUnsigned(Inst);
         }
       } else {

bolt/lib/Passes/MarkRAStates.cpp

@@ -78,7 +78,9 @@ void MarkRAStates::runOnFunction(BinaryFunction &BF) {
           BF.setIgnored();
           return;
         }
-        BC.MIB->setRASigning(Inst);
+        // The signing instruction itself is unsinged, but the next will be
+        // signed.
+        BC.MIB->setRAUnsigned(Inst);
       } else if (BC.MIB->isPAuthOnLR(Inst)) {
         if (!RAState) {
           // RA authenticating instructions should only follow signed RA state.
@@ -89,7 +91,9 @@ void MarkRAStates::runOnFunction(BinaryFunction &BF) {
           BF.setIgnored();
           return;
         }
-        BC.MIB->setAuthenticating(Inst);
+        // The authenticating instruction itself is signed, but the next will be
+        // unsigned.
+        BC.MIB->setRASigned(Inst);
       } else if (RAState) {
         BC.MIB->setRASigned(Inst);
       } else {