[clang][ptrauth] add support for options parameter to __ptrauth

This PR adds support for an 'options' parameter for the __ptrauth
qualifier.

The initial version only exposes the authehntication modes:
 * "strip"
 * "sign-and-strip"
 * "sign-and-auth"

There are other options that will be added in future, but for now
these are the modes already representable by PointerAuthQualifier.

The initial support for authentication mode controls exist to support
ABI changes over time, and as a byproduct support basic initial tests
for option parsing.

Author: ojhunt

clang/include/clang/Basic/Attr.td

@@ -3568,7 +3568,8 @@ def PointerAuth : TypeAttr {
   let Spellings = [CustomKeyword<"__ptrauth">];
   let Args = [IntArgument<"Key">,
               BoolArgument<"AddressDiscriminated", 1>,
-              IntArgument<"ExtraDiscriminator", 1>];
+              IntArgument<"ExtraDiscriminator", 1>,
+              StringArgument<"Options", 1>];
   let Documentation = [PtrAuthDocs];
 }
 

clang/include/clang/Basic/DiagnosticParseKinds.td

@@ -1722,7 +1722,7 @@ def warn_pragma_unroll_cuda_value_in_parens : Warning<
   InGroup<CudaCompat>;
 
 def err_ptrauth_qualifier_bad_arg_count : Error<
-  "'__ptrauth' qualifier must take between 1 and 3 arguments">;
+  "'__ptrauth' qualifier must take between 1 and 4 arguments">;
 
 def warn_cuda_attr_lambda_position : Warning<
   "nvcc does not allow '__%0__' to appear after the parameter list in lambdas">,

clang/include/clang/Basic/DiagnosticSemaKinds.td

@@ -1036,6 +1036,24 @@ def err_ptrauth_address_discrimination_invalid : Error<
 def err_ptrauth_extra_discriminator_invalid : Error<
   "invalid extra discriminator flag '%0'; '__ptrauth' requires a value between '0' and '%1'">;
 
+// __ptrauth qualifier options string
+def note_ptrauth_evaluating_options
+    : Note<"options parameter evaluated to '%0'">;
+def err_ptrauth_invalid_option
+    : Error<"'%0' options parameter %1">;
+def err_ptrauth_unknown_authentication_option
+    : Error<"unknown '%0' authentication option '%1'">;
+def err_ptrauth_repeated_authentication_option
+    : Error<"repeated '%0' authentication %select{mode|option}1">;
+def note_ptrauth_previous_authentication_option
+    : Note<"previous '%0' authentication %select{mode|option}1">;
+def err_ptrauth_unexpected_option_end
+    : Error<"unexpected end of options parameter for %0">;
+def err_ptrauth_option_unexpected_token
+    : Error<"unexpected character '%0' in '%1' options">;
+def err_ptrauth_option_missing_comma
+    : Error<"missing comma between '%0' options">;
+
 /// main()
 // static main() is not an error in C, just in C++.
 def warn_static_main : Warning<"'main' should not be declared static">,
@@ -1728,8 +1746,8 @@ def note_expr_evaluates_to : Note<
 
 
 def subst_user_defined_msg : TextSubstitution<
-  "%select{the message|the expression}0 in "
-  "%select{a static assertion|this asm operand}0">;
+  "%select{the message|the expression|the expression}0 in "
+  "%select{a static assertion|this asm operand|a pointer authentication option}0">;
 
 def err_user_defined_msg_invalid : Error<
   "%sub{subst_user_defined_msg}0 must be a string literal or an "

clang/include/clang/Basic/LangOptions.h

@@ -65,6 +65,12 @@ enum class PointerAuthenticationMode : unsigned {
   SignAndAuth
 };
 
+static constexpr llvm::StringLiteral PointerAuthenticationOptionStrip = "strip";
+static constexpr llvm::StringLiteral PointerAuthenticationOptionSignAndStrip =
+    "sign-and-strip";
+static constexpr llvm::StringLiteral PointerAuthenticationOptionSignAndAuth =
+    "sign-and-auth";
+
 /// Bitfields of LangOptions, split out from LangOptions in order to ensure that
 /// this large collection of bitfields is a trivial class type.
 class LangOptionsBase {

clang/include/clang/Sema/Sema.h

@@ -5691,7 +5691,7 @@ class Sema final : public SemaBase {
   void ActOnFinishDelayedCXXMethodDeclaration(Scope *S, Decl *Method);
   void ActOnFinishDelayedMemberInitializers(Decl *Record);
 
-  enum class StringEvaluationContext { StaticAssert = 0, Asm = 1 };
+  enum class StringEvaluationContext { StaticAssert = 0, Asm = 1, PtrauthOptions = 2 };
 
   bool EvaluateAsString(Expr *Message, APValue &Result, ASTContext &Ctx,
                         StringEvaluationContext EvalContext,

clang/lib/Parse/ParseDecl.cpp

@@ -3427,7 +3427,7 @@ void Parser::ParsePtrauthQualifier(ParsedAttributes &Attrs) {
   T.consumeClose();
   SourceLocation EndLoc = T.getCloseLocation();
 
-  if (ArgExprs.empty() || ArgExprs.size() > 3) {
+  if (ArgExprs.empty() || ArgExprs.size() > 4) {
     Diag(KwLoc, diag::err_ptrauth_qualifier_bad_arg_count);
     return;
   }

clang/lib/Sema/SemaType.cpp

@@ -8350,14 +8350,16 @@ static void HandleNeonVectorTypeAttr(QualType &CurType, const ParsedAttr &Attr,
 /// Handle the __ptrauth qualifier.
 static void HandlePtrAuthQualifier(ASTContext &Ctx, QualType &T,
                                    const ParsedAttr &Attr, Sema &S) {
-
-  assert((Attr.getNumArgs() > 0 && Attr.getNumArgs() <= 3) &&
-         "__ptrauth qualifier takes between 1 and 3 arguments");
+  assert((Attr.getNumArgs() > 0 && Attr.getNumArgs() <= 4) &&
+         "__ptrauth qualifier takes between 1 and 4 arguments");
+  StringRef AttrName = Attr.getAttrName()->getName();
   Expr *KeyArg = Attr.getArgAsExpr(0);
   Expr *IsAddressDiscriminatedArg =
       Attr.getNumArgs() >= 2 ? Attr.getArgAsExpr(1) : nullptr;
   Expr *ExtraDiscriminatorArg =
       Attr.getNumArgs() >= 3 ? Attr.getArgAsExpr(2) : nullptr;
+  Expr *AuthenticationOptionsArg =
+      Attr.getNumArgs() >= 4 ? Attr.getArgAsExpr(3) : nullptr;
 
   unsigned Key;
   if (S.checkConstantPointerAuthKey(KeyArg, Key)) {
@@ -8374,20 +8376,191 @@ static void HandlePtrAuthQualifier(ASTContext &Ctx, QualType &T,
   IsInvalid |= !S.checkPointerAuthDiscriminatorArg(
       ExtraDiscriminatorArg, Sema::PADAK_ExtraDiscPtrAuth, ExtraDiscriminator);
 
-  if (IsInvalid) {
-    Attr.setInvalid();
-    return;
+  std::optional<PointerAuthenticationMode> AuthenticationMode = std::nullopt;
+  SourceRange AuthenticationModeRange;
+
+  if (AuthenticationOptionsArg && !AuthenticationOptionsArg->containsErrors() ) {
+    std::string OptionsString;
+    bool IsInitialized = false;
+    const StringLiteral *OptionsStringLiteral = dyn_cast<StringLiteral>(AuthenticationOptionsArg);
+    auto ReportEvaluationOfExpressionIfNeeded = [&](){
+      if (OptionsStringLiteral || !IsInitialized)
+        return;
+      S.Diag(AuthenticationOptionsArg->getBeginLoc(),
+        diag::note_ptrauth_evaluating_options) << OptionsString << AuthenticationOptionsArg->getSourceRange();
+    };
+    auto DiagnoseInvalidOptionsParameter = [&](llvm::StringRef Reason, std::optional<char> InvalidCh, auto Location) {
+      S.Diag(AuthenticationOptionsArg->getExprLoc(),
+             diag::err_ptrauth_invalid_option)
+          << AttrName << Reason << Location << !!InvalidCh << (InvalidCh ? *InvalidCh : '\0');
+      Attr.setInvalid();
+      ReportEvaluationOfExpressionIfNeeded();
+    };
+    if (AuthenticationOptionsArg->isValueDependent() || AuthenticationOptionsArg->isTypeDependent()) {
+      DiagnoseInvalidOptionsParameter("is dependent", std::nullopt, AuthenticationOptionsArg->getSourceRange());
+      return;
+    }
+    if (OptionsStringLiteral) {
+      if (OptionsStringLiteral->containsNonAsciiOrNull()) {
+        DiagnoseInvalidOptionsParameter("contains invalid characters", std::nullopt, AuthenticationOptionsArg->getSourceRange());
+        return;
+      }
+      OptionsString = OptionsStringLiteral->getString();
+    } else if (S.EvaluateAsString(AuthenticationOptionsArg, OptionsString, S.Context, Sema::StringEvaluationContext::PtrauthOptions, /*ErrorOnInvalidMessage=*/false)) {
+      for (char Ch : OptionsString) {
+        if (!Ch || !isascii(Ch)) {
+          DiagnoseInvalidOptionsParameter("contains invalid characters", Ch, AuthenticationOptionsArg->getSourceRange());
+          return;
+        }
+      }
+    } else {
+      Attr.setInvalid();
+      return;
+    }
+    IsInitialized = true;
+    bool HasSeenOption = false;
+    unsigned CurrentIdx = 0;
+
+    auto OptionStringIdxLocation = [&](unsigned Idx) {
+      if (OptionsStringLiteral)
+        return OptionsStringLiteral->getLocationOfByte(Idx, Ctx.getSourceManager(), Ctx.getLangOpts(), Ctx.getTargetInfo());
+      return AuthenticationOptionsArg->getBeginLoc();
+    };
+    auto OptionStringRange = [&](unsigned StartIdx, unsigned EndIdx) {
+      if (!OptionsStringLiteral)
+        return AuthenticationOptionsArg->getSourceRange();
+      return SourceRange(OptionStringIdxLocation(StartIdx),
+                        OptionStringIdxLocation(EndIdx));
+    };
+    auto NextOption = [&]() -> std::optional<std::pair<unsigned, unsigned>> {
+      auto ConsumeChar = [&](auto Filter) -> char {
+        if (CurrentIdx >= OptionsString.size())
+          return 0;
+        char Current = OptionsString[CurrentIdx];
+        if (!Filter(Current))
+          return 0;
+        ++CurrentIdx;
+        return Current;
+      };
+      auto SkipWhiteSpace = [&]() {
+        while (ConsumeChar(isWhitespace)) {
+          // this space is intentionally left blank
+        }
+      };
+      auto MatchCharacter = [](char MatchChar) {
+        return [MatchChar](char Ch){ return MatchChar == Ch; };
+      };
+      SkipWhiteSpace();
+      if (CurrentIdx == OptionsString.size())
+        return std::nullopt;
+      if (HasSeenOption) {
+        if (!ConsumeChar(MatchCharacter(','))) {
+          SourceLocation ErrorLocation = OptionStringIdxLocation(CurrentIdx);
+          S.Diag(ErrorLocation, diag::err_ptrauth_option_missing_comma)
+            << AttrName << ErrorLocation;
+          ReportEvaluationOfExpressionIfNeeded();
+          return std::nullopt;
+        }
+        SkipWhiteSpace();
+      }
+      HasSeenOption = true;
+      if (CurrentIdx == OptionsString.size()) {
+        SourceLocation ErrorLocation = OptionStringIdxLocation(CurrentIdx);
+        S.Diag(ErrorLocation, diag::err_ptrauth_unexpected_option_end)
+            << AttrName << ErrorLocation;
+        ReportEvaluationOfExpressionIfNeeded();
+      }
+      unsigned OptionStartIdx = CurrentIdx;
+      while (ConsumeChar(isalpha) || ConsumeChar(MatchCharacter('-'))) {
+        // this space is intentionally left blank
+      }
+      unsigned OptionEndIdx = CurrentIdx;
+      if (OptionStartIdx == OptionEndIdx) {
+        StringRef ErrorString(&OptionsString[CurrentIdx], 1);
+        SourceLocation ErrorLocation = OptionStringIdxLocation(OptionStartIdx);
+        S.Diag(ErrorLocation, diag::err_ptrauth_option_unexpected_token) << ErrorString << AttrName << ErrorLocation;
+        ReportEvaluationOfExpressionIfNeeded();
+        IsInvalid = true;
+        return std::nullopt;
+      }
+      return std::make_pair(OptionStartIdx, OptionEndIdx);
+    };
+
+    auto OptionHandler = [&](StringRef TokenStr, SourceRange TokenRange,
+                             auto Value, auto *Option, SourceRange *OptionRange) {
+      SourceRange DiagnosedRange = TokenRange;
+      if (!OptionsStringLiteral)
+        DiagnosedRange = AuthenticationOptionsArg->getSourceRange();
+      if (!*Option) {
+        *Option = Value;
+        *OptionRange = DiagnosedRange;
+        return true;
+      }
+      bool IsAuthenticationMode =
+        std::is_same_v<decltype(Value), PointerAuthenticationMode>;
+      S.Diag(OptionRange->getBegin(), diag::err_ptrauth_repeated_authentication_option)
+          << AttrName << !IsAuthenticationMode << *OptionRange;
+      IsInvalid = true;
+      if (OptionsStringLiteral)
+        S.Diag(OptionRange->getBegin(),
+               diag::note_ptrauth_previous_authentication_option)
+               << AttrName << !IsAuthenticationMode << *OptionRange;
+      return false;
+    };
+    llvm::DenseMap<StringRef, std::function<bool(llvm::StringRef, SourceRange)>> OptionHandlers = {
+        {PointerAuthenticationOptionStrip,
+         [&](StringRef TokenStr, SourceRange Range) {
+           return OptionHandler(TokenStr, Range,
+                                PointerAuthenticationMode::Strip,
+                                &AuthenticationMode, &AuthenticationModeRange);
+         }},
+        {PointerAuthenticationOptionSignAndStrip,
+         [&](StringRef TokenStr, SourceRange Range) {
+           return OptionHandler(TokenStr, Range,
+                                PointerAuthenticationMode::SignAndStrip,
+                                &AuthenticationMode, &AuthenticationModeRange);
+         }},
+        {PointerAuthenticationOptionSignAndAuth,
+         [&](StringRef TokenStr, SourceRange Range) {
+           return OptionHandler(TokenStr, Range,
+                                PointerAuthenticationMode::SignAndAuth,
+                                &AuthenticationMode, &AuthenticationModeRange);
+         }}};
+    while (std::optional<std::pair<unsigned, unsigned>> Option = NextOption()) {
+      StringRef OptionString(&OptionsString[Option->first],
+                             Option->second - Option->first);
+      SourceRange OptionRange = OptionStringRange(Option->first,
+                                                  Option->second);
+      auto Handler = OptionHandlers.find(OptionString);
+      if (Handler == OptionHandlers.end()) {
+        S.Diag(OptionStringIdxLocation(Option->first),
+               diag::err_ptrauth_unknown_authentication_option)
+            << AttrName << OptionString << OptionRange;
+        IsInvalid = true;
+        break;
+      }
+      if (!Handler->second(OptionString, OptionRange)) {
+        IsInvalid = true;
+        break;
+      }
+    }
   }
 
   if (!T->isSignableType() && !T->isDependentType()) {
     S.Diag(Attr.getLoc(), diag::err_ptrauth_qualifier_nonpointer) << T;
+    IsInvalid = true;
+  }
+
+  if (IsInvalid) {
     Attr.setInvalid();
     return;
   }
+  if (!AuthenticationMode)
+    AuthenticationMode = PointerAuthenticationMode::SignAndAuth;
 
   if (T.getPointerAuth()) {
     S.Diag(Attr.getLoc(), diag::err_ptrauth_qualifier_redundant)
-        << T << Attr.getAttrName()->getName();
+    << T << AttrName;
     Attr.setInvalid();
     return;
   }