llvm
diff --git a/‎.ci/metrics/metrics.py‎
Lines changed: 7 additions & 18 deletions b/‎.ci/metrics/metrics.py‎
Lines changed: 7 additions & 18 deletions
diff --git a/‎.github/workflows/build-ci-container.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/build-ci-container.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/commit-access-greeter.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/commit-access-greeter.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/commit-access-review.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/commit-access-review.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release-asset-audit.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release-asset-audit.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release-binaries-all.yml‎
Lines changed: 3 additions & 1 deletion b/‎.github/workflows/release-binaries-all.yml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.github/workflows/release-binaries.yml‎
Lines changed: 3 additions & 1 deletion b/‎.github/workflows/release-binaries.yml‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎.github/workflows/scorecard.yml‎
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/scorecard.yml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎bolt/include/bolt/Passes/NonPacProtectedRetAnalysis.h‎ renamed to ‎bolt/include/bolt/Passes/PAuthGadgetScanner.h‎
Lines changed: 69 additions & 50 deletions b/‎bolt/include/bolt/Passes/NonPacProtectedRetAnalysis.h‎ renamed to ‎bolt/include/bolt/Passes/PAuthGadgetScanner.h‎
Lines changed: 69 additions & 50 deletions
diff --git a/‎bolt/include/bolt/Utils/CommandLineOpts.h‎
Lines changed: 1 addition & 0 deletions b/‎bolt/include/bolt/Utils/CommandLineOpts.h‎
Lines changed: 1 addition & 0 deletions
@@ -215,25 +215,14 @@ def buildkite_get_metrics(
             if job["name"] not in BUILDKITE_WORKFLOW_TO_TRACK:
                 continue
 
+            # Don't count canceled jobs.
+            if job["canceled_at"]:
+                continue
+
             created_at = dateutil.parser.isoparse(job["created_at"])
-            scheduled_at = (
-                created_at
-                if job["scheduled_at"] is None
-                else dateutil.parser.isoparse(job["scheduled_at"])
-            )
-            started_at = (
-                scheduled_at
-                if job["started_at"] is None
-                else dateutil.parser.isoparse(job["started_at"])
-            )
-            if job["canceled_at"] is None:
-                finished_at = (
-                    started_at
-                    if job["finished_at"] is None
-                    else dateutil.parser.isoparse(job["finished_at"])
-                )
-            else:
-                finished_at = dateutil.parser.isoparse(job["canceled_at"])
+            scheduled_at = dateutil.parser.isoparse(job["scheduled_at"])
+            started_at = dateutil.parser.isoparse(job["started_at"])
+            finished_at = dateutil.parser.isoparse(job["finished_at"])
 
             job_name = BUILDKITE_WORKFLOW_TO_TRACK[job["name"]]
             queue_time = (started_at - scheduled_at).seconds
 
@@ -27,9 +27,9 @@ jobs:
           # The arch names should match the names used on dockerhub.
           # See https://github.com/docker-library/official-images#architectures-other-than-amd64
           - arch: amd64
-            runs-on: depot-ubuntu-22.04-16
+            runs-on: depot-ubuntu-24.04-16
           - arch: arm64v8
-            runs-on: depot-ubuntu-22.04-arm-16
+            runs-on: depot-ubuntu-24.04-arm-16
     steps:
       - name: Checkout LLVM
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
@@ -15,7 +15,7 @@ jobs:
     if: >-
       github.repository_owner == 'llvm' &&
       github.event.label.name == 'infra:commit-access-request'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
 
@@ -12,7 +12,7 @@ permissions:
 jobs:
   commit-access-review:
     if: github.repository_owner == 'llvm'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
       - name: Fetch LLVM sources
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
@@ -19,7 +19,7 @@ permissions:
 jobs:
   audit:
     name: "Release Asset Audit"
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     if: github.repository == 'llvm/llvm-project'
     steps:
       - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 #v4.1.6
 
@@ -57,7 +57,7 @@ jobs:
   setup-variables:
     if: >-
       (github.event_name != 'pull_request' || github.event.action != 'closed')
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     outputs:
       release-version: ${{ steps.vars.outputs.release-version }}
       upload: ${{ steps.vars.outputs.upload }}
@@ -85,6 +85,8 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
+        # We use ubuntu-22.04 rather than the latest version to make the built
+        # binaries more portable (eg functional aginast older glibc).
         runs-on:
           - ubuntu-22.04
           - ubuntu-22.04-arm
 
@@ -16,6 +16,8 @@ on:
         description: "Runner to use for the build"
         required: true
         type: choice
+        # We use ubuntu-22.04 rather than the latest version to make the built
+        # binaries more portable (eg functional aginast older glibc).
         options:
           - ubuntu-22.04
           - ubuntu-22.04-arm
@@ -276,7 +278,7 @@ jobs:
     if: >-
       github.event_name != 'pull_request' &&
       needs.prepare.outputs.upload == 'true'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     permissions:
       contents: write # For release uploads
       id-token: write     # For artifact attestations
 
@@ -31,12 +31,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -49,14 +49,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@80f993039571a6de66594ecaa432875a6942e8e0 # v2.20.6
         with:
           sarif_file: results.sarif
@@ -1,13 +1,13 @@
-//===- bolt/Passes/NonPacProtectedRetAnalysis.h -----------------*- C++ -*-===//
+//===- bolt/Passes/PAuthGadgetScanner.h -------------------------*- C++ -*-===//
 //
 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
 // See https://llvm.org/LICENSE.txt for license information.
 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
 //
 //===----------------------------------------------------------------------===//
 
-#ifndef BOLT_PASSES_NONPACPROTECTEDRETANALYSIS_H
-#define BOLT_PASSES_NONPACPROTECTEDRETANALYSIS_H
+#ifndef BOLT_PASSES_PAUTHGADGETSCANNER_H
+#define BOLT_PASSES_PAUTHGADGETSCANNER_H
 
 #include "bolt/Core/BinaryContext.h"
 #include "bolt/Core/BinaryFunction.h"
@@ -173,85 +173,104 @@ struct MCInstReference {
 
 raw_ostream &operator<<(raw_ostream &OS, const MCInstReference &);
 
-struct GeneralDiagnostic {
-  std::string Text;
-  GeneralDiagnostic(const std::string &Text) : Text(Text) {}
-  bool operator==(const GeneralDiagnostic &RHS) const {
-    return Text == RHS.Text;
-  }
+namespace PAuthGadgetScanner {
+
+class PacRetAnalysis;
+struct State;
+
+/// Description of a gadget kind that can be detected. Intended to be
+/// statically allocated to be attached to reports by reference.
+class GadgetKind {
+  const char *Description;
+
+public:
+  GadgetKind(const char *Description) : Description(Description) {}
+
+  const StringRef getDescription() const { return Description; }
 };
 
-raw_ostream &operator<<(raw_ostream &OS, const GeneralDiagnostic &Diag);
+/// Base report located at some instruction, without any additional information.
+struct Report {
+  MCInstReference Location;
+
+  Report(MCInstReference Location) : Location(Location) {}
+  virtual ~Report() {}
 
-namespace NonPacProtectedRetAnalysis {
-struct Annotation {
-  MCInstReference RetInst;
-  Annotation(MCInstReference RetInst) : RetInst(RetInst) {}
-  virtual bool operator==(const Annotation &RHS) const {
-    return RetInst == RHS.RetInst;
-  }
-  Annotation &operator=(const Annotation &Other) {
-    if (this == &Other)
-      return *this;
-    RetInst = Other.RetInst;
-    return *this;
-  }
-  virtual ~Annotation() {}
   virtual void generateReport(raw_ostream &OS,
                               const BinaryContext &BC) const = 0;
+
+  // The two methods below are called by Analysis::computeDetailedInfo when
+  // iterating over the reports.
+  virtual const ArrayRef<MCPhysReg> getAffectedRegisters() const { return {}; }
+  virtual void setOverwritingInstrs(const ArrayRef<MCInstReference> Instrs) {}
+
+  void printBasicInfo(raw_ostream &OS, const BinaryContext &BC,
+                      StringRef IssueKind) const;
 };
 
-struct Gadget : public Annotation {
-  std::vector<MCInstReference> OverwritingRetRegInst;
-  virtual bool operator==(const Gadget &RHS) const {
-    return Annotation::operator==(RHS) &&
-           OverwritingRetRegInst == RHS.OverwritingRetRegInst;
+struct GadgetReport : public Report {
+  // The particular kind of gadget that is detected.
+  const GadgetKind &Kind;
+  // The set of registers related to this gadget report (possibly empty).
+  SmallVector<MCPhysReg> AffectedRegisters;
+  // The instructions that clobber the affected registers.
+  // There is no one-to-one correspondence with AffectedRegisters: for example,
+  // the same register can be overwritten by different instructions in different
+  // preceding basic blocks.
+  SmallVector<MCInstReference> OverwritingInstrs;
+
+  GadgetReport(const GadgetKind &Kind, MCInstReference Location,
+               const BitVector &AffectedRegisters)
+      : Report(Location), Kind(Kind),
+        AffectedRegisters(AffectedRegisters.set_bits()) {}
+
+  void generateReport(raw_ostream &OS, const BinaryContext &BC) const override;
+
+  const ArrayRef<MCPhysReg> getAffectedRegisters() const override {
+    return AffectedRegisters;
   }
-  Gadget(MCInstReference RetInst,
-         const std::vector<MCInstReference> &OverwritingRetRegInst)
-      : Annotation(RetInst), OverwritingRetRegInst(OverwritingRetRegInst) {}
-  virtual void generateReport(raw_ostream &OS,
-                              const BinaryContext &BC) const override;
-};
 
-struct GenDiag : public Annotation {
-  GeneralDiagnostic Diag;
-  virtual bool operator==(const GenDiag &RHS) const {
-    return Annotation::operator==(RHS) && Diag == RHS.Diag;
+  void setOverwritingInstrs(const ArrayRef<MCInstReference> Instrs) override {
+    OverwritingInstrs.assign(Instrs.begin(), Instrs.end());
   }
-  GenDiag(MCInstReference RetInst, const std::string &Text)
-      : Annotation(RetInst), Diag(Text) {}
+};
+
+/// Report with a free-form message attached.
+struct GenericReport : public Report {
+  std::string Text;
+  GenericReport(MCInstReference Location, const std::string &Text)
+      : Report(Location), Text(Text) {}
   virtual void generateReport(raw_ostream &OS,
                               const BinaryContext &BC) const override;
 };
 
-class PacRetAnalysis;
-
 struct FunctionAnalysisResult {
-  SmallSet<MCPhysReg, 1> RegistersAffected;
-  std::vector<std::shared_ptr<Annotation>> Diagnostics;
+  std::vector<std::shared_ptr<Report>> Diagnostics;
 };
 
 class Analysis : public BinaryFunctionPass {
   void runOnFunction(BinaryFunction &Function,
                      MCPlusBuilder::AllocatorIdTy AllocatorId);
-  FunctionAnalysisResult
-  computeDfState(PacRetAnalysis &PRA, BinaryFunction &BF,
-                 MCPlusBuilder::AllocatorIdTy AllocatorId);
+  FunctionAnalysisResult findGadgets(BinaryFunction &BF,
+                                     MCPlusBuilder::AllocatorIdTy AllocatorId);
+
+  void computeDetailedInfo(BinaryFunction &BF,
+                           MCPlusBuilder::AllocatorIdTy AllocatorId,
+                           FunctionAnalysisResult &Result);
 
   std::map<const BinaryFunction *, FunctionAnalysisResult> AnalysisResults;
   std::mutex AnalysisResultsMutex;
 
 public:
   explicit Analysis() : BinaryFunctionPass(false) {}
 
-  const char *getName() const override { return "non-pac-protected-rets"; }
+  const char *getName() const override { return "pauth-gadget-scanner"; }
 
   /// Pass entry point
   Error runOnFunctions(BinaryContext &BC) override;
 };
 
-} // namespace NonPacProtectedRetAnalysis
+} // namespace PAuthGadgetScanner
 } // namespace bolt
 } // namespace llvm
 
 
@@ -37,6 +37,7 @@ extern llvm::cl::opt<unsigned> BucketsPerLine;
 extern llvm::cl::opt<bool> DiffOnly;
 extern llvm::cl::opt<bool> EnableBAT;
 extern llvm::cl::opt<bool> EqualizeBBCounts;
+extern llvm::cl::opt<bool> ForcePatch;
 extern llvm::cl::opt<bool> RemoveSymtab;
 extern llvm::cl::opt<unsigned> ExecutionCountThreshold;
 extern llvm::cl::opt<unsigned> HeatmapBlock;