[PAC][Driver] Support ptrauth flags only on ARM64 Darwin or with pauthtest ABI #113152

kovdan01 · 2024-10-21T10:43:37Z

Most ptrauth flags are ABI-affecting, so usually we do not want them to be
exposed to end users. Allow them only in the following cases:

ARM64 Darwin (under certain conditions, some ptrauth driver flags are
intended to be used in this case);
pauthtest ABI (it's intended to be used for experimenting with signing schema
and the signing schema is explicitly encoded in the pauth elf marking).

Leave -faarch64-jump-table-hardening available for all AArch64 targets
since it's not ABI-affecting.

kovdan01 · 2024-10-21T10:43:44Z

This stack of pull requests is managed by Graphite. Learn more about stacking.

llvmbot · 2024-10-21T17:41:15Z

@llvm/pr-subscribers-clang

Author: Daniil Kovalev (kovdan01)

Changes

Most ptrauth flags are ABI-affecting, so allow them only for Linux and
Darwin OS which explicitly support pointer authentication. Leave
-faarch64-jump-table-hardening available for all AArch64 targets since
it's not ABI-affecting.

Full diff: https://github.com/llvm/llvm-project/pull/113152.diff

6 Files Affected:

(modified) clang/include/clang/Driver/ToolChain.h (+3)
(modified) clang/lib/Driver/ToolChain.cpp (+42)
(modified) clang/lib/Driver/ToolChains/Clang.cpp (-28)
(modified) clang/lib/Driver/ToolChains/Darwin.cpp (+3)
(modified) clang/lib/Driver/ToolChains/Linux.cpp (+6-2)
(modified) clang/test/Driver/aarch64-ptrauth.c (+43-24)

diff --git a/clang/include/clang/Driver/ToolChain.h b/clang/include/clang/Driver/ToolChain.h
index 5347e29be91439..0c0fccec4b933b 100644
--- a/clang/include/clang/Driver/ToolChain.h
+++ b/clang/include/clang/Driver/ToolChain.h
@@ -240,6 +240,9 @@ class ToolChain {
                                 llvm::opt::ArgStringList &CC1Args,
                                 ArrayRef<StringRef> Paths);
 
+  static void addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,
+                                  llvm::opt::ArgStringList &CC1Args);
+
   static std::string concat(StringRef Path, const Twine &A, const Twine &B = "",
                             const Twine &C = "", const Twine &D = "");
   ///@}
diff --git a/clang/lib/Driver/ToolChain.cpp b/clang/lib/Driver/ToolChain.cpp
index 016db9469c6bec..9c53986756caaa 100644
--- a/clang/lib/Driver/ToolChain.cpp
+++ b/clang/lib/Driver/ToolChain.cpp
@@ -1264,6 +1264,48 @@ void ToolChain::addExternCSystemIncludeIfExists(const ArgList &DriverArgs,
   }
 }
 
+/*static*/ void
+ToolChain::addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,
+                               llvm::opt::ArgStringList &CC1Args) {
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_intrinsics,
+                          options::OPT_fno_ptrauth_intrinsics);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_calls,
+                          options::OPT_fno_ptrauth_calls);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_returns,
+                          options::OPT_fno_ptrauth_returns);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_auth_traps,
+                          options::OPT_fno_ptrauth_auth_traps);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_vtable_pointer_address_discrimination,
+      options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_vtable_pointer_type_discrimination,
+      options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
+      options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_function_pointer_type_discrimination,
+      options::OPT_fno_ptrauth_function_pointer_type_discrimination);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_indirect_gotos,
+                          options::OPT_fno_ptrauth_indirect_gotos);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_init_fini,
+                          options::OPT_fno_ptrauth_init_fini);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_init_fini_address_discrimination,
+      options::OPT_fno_ptrauth_init_fini_address_discrimination);
+}
+
 /*static*/ std::string ToolChain::concat(StringRef Path, const Twine &A,
                                          const Twine &B, const Twine &C,
                                          const Twine &D) {
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp
index 84bb77d451641a..fdfc0787098a48 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -1784,34 +1784,6 @@ void Clang::AddAArch64TargetArgs(const ArgList &Args,
 
   AddUnalignedAccessWarning(CmdArgs);
 
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_intrinsics,
-                    options::OPT_fno_ptrauth_intrinsics);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_calls,
-                    options::OPT_fno_ptrauth_calls);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_returns,
-                    options::OPT_fno_ptrauth_returns);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_auth_traps,
-                    options::OPT_fno_ptrauth_auth_traps);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_vtable_pointer_address_discrimination,
-      options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_vtable_pointer_type_discrimination,
-      options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
-      options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_function_pointer_type_discrimination,
-      options::OPT_fno_ptrauth_function_pointer_type_discrimination);
-
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_indirect_gotos,
-                    options::OPT_fno_ptrauth_indirect_gotos);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_init_fini,
-                    options::OPT_fno_ptrauth_init_fini);
-  Args.addOptInFlag(CmdArgs,
-                    options::OPT_fptrauth_init_fini_address_discrimination,
-                    options::OPT_fno_ptrauth_init_fini_address_discrimination);
   Args.addOptInFlag(CmdArgs, options::OPT_faarch64_jump_table_hardening,
                     options::OPT_fno_aarch64_jump_table_hardening);
 }
diff --git a/clang/lib/Driver/ToolChains/Darwin.cpp b/clang/lib/Driver/ToolChains/Darwin.cpp
index 87380869f6fdab..3874cc3d98e80a 100644
--- a/clang/lib/Driver/ToolChains/Darwin.cpp
+++ b/clang/lib/Driver/ToolChains/Darwin.cpp
@@ -3137,6 +3137,9 @@ void Darwin::addClangTargetOptions(
     if (!RequiresSubdirectorySearch)
       CC1Args.push_back("-fno-modulemap-allow-subdirectory-search");
   }
+
+  if (getTriple().isAArch64())
+    addPointerAuthFlags(DriverArgs, CC1Args);
 }
 
 void Darwin::addClangCC1ASTargetOptions(
diff --git a/clang/lib/Driver/ToolChains/Linux.cpp b/clang/lib/Driver/ToolChains/Linux.cpp
index ae5abf44fb5566..9f38adbd691c27 100644
--- a/clang/lib/Driver/ToolChains/Linux.cpp
+++ b/clang/lib/Driver/ToolChains/Linux.cpp
@@ -529,8 +529,12 @@ void Linux::addClangTargetOptions(const llvm::opt::ArgList &DriverArgs,
                                   llvm::opt::ArgStringList &CC1Args,
                                   Action::OffloadKind DeviceOffloadKind) const {
   llvm::Triple Triple(ComputeEffectiveClangTriple(DriverArgs));
-  if (Triple.isAArch64() && Triple.getEnvironment() == llvm::Triple::PAuthTest)
-    handlePAuthABI(getDriver(), DriverArgs, CC1Args);
+  if (Triple.isAArch64()) {
+    addPointerAuthFlags(DriverArgs, CC1Args);
+    if (Triple.getEnvironment() == llvm::Triple::PAuthTest)
+      handlePAuthABI(getDriver(), DriverArgs, CC1Args);
+  }
+
   Generic_ELF::addClangTargetOptions(DriverArgs, CC1Args, DeviceOffloadKind);
 }
 
diff --git a/clang/test/Driver/aarch64-ptrauth.c b/clang/test/Driver/aarch64-ptrauth.c
index 88841ee0b0b7bb..b16fb1ea3b1aca 100644
--- a/clang/test/Driver/aarch64-ptrauth.c
+++ b/clang/test/Driver/aarch64-ptrauth.c
@@ -4,7 +4,7 @@
 // NONE:     "-cc1"
 // NONE-NOT: "-fptrauth-
 
-// RUN: %clang -### -c --target=aarch64 \
+// RUN: %clang -### -c --target=aarch64-linux \
 // RUN:   -fno-ptrauth-intrinsics -fptrauth-intrinsics \
 // RUN:   -fno-ptrauth-calls -fptrauth-calls \
 // RUN:   -fno-ptrauth-returns -fptrauth-returns \
@@ -17,7 +17,20 @@
 // RUN:   -fno-ptrauth-init-fini-address-discrimination -fptrauth-init-fini-address-discrimination \
 // RUN:   -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
 // RUN:   %s 2>&1 | FileCheck %s --check-prefix=ALL
-// ALL: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls" "-fptrauth-returns" "-fptrauth-auth-traps" "-fptrauth-vtable-pointer-address-discrimination" "-fptrauth-vtable-pointer-type-discrimination" "-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos" "-fptrauth-init-fini" "-fptrauth-init-fini-address-discrimination" "-faarch64-jump-table-hardening"
+// RUN: %clang -### -c --target=arm64-darwin \
+// RUN:   -fno-ptrauth-intrinsics -fptrauth-intrinsics \
+// RUN:   -fno-ptrauth-calls -fptrauth-calls \
+// RUN:   -fno-ptrauth-returns -fptrauth-returns \
+// RUN:   -fno-ptrauth-auth-traps -fptrauth-auth-traps \
+// RUN:   -fno-ptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-address-discrimination \
+// RUN:   -fno-ptrauth-vtable-pointer-type-discrimination -fptrauth-vtable-pointer-type-discrimination \
+// RUN:   -fno-ptrauth-type-info-vtable-pointer-discrimination -fptrauth-type-info-vtable-pointer-discrimination \
+// RUN:   -fno-ptrauth-indirect-gotos -fptrauth-indirect-gotos \
+// RUN:   -fno-ptrauth-init-fini -fptrauth-init-fini \
+// RUN:   -fno-ptrauth-init-fini-address-discrimination -fptrauth-init-fini-address-discrimination \
+// RUN:   -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
+// RUN:   %s 2>&1 | FileCheck %s --check-prefix=ALL
+// ALL: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls" "-fptrauth-returns" "-fptrauth-auth-traps" "-fptrauth-vtable-pointer-address-discrimination" "-fptrauth-vtable-pointer-type-discrimination" "-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos" "-fptrauth-init-fini" "-fptrauth-init-fini-address-discrimination"{{.*}} "-faarch64-jump-table-hardening"
 
 // RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI1
 // RUN: %clang -### -c --target=aarch64-linux-pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI1
@@ -40,7 +53,7 @@
 // RUN:   -fno-aarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
 
 //// Non-linux OS: pauthtest ABI has no effect in terms of passing ptrauth cc1 flags.
-//// An error about unsupported ABI will be emitted later in pipeline (see ERR2 below)
+//// An error about unsupported ABI will be emitted later in pipeline (see ERR3 below)
 // RUN: %clang -### -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
 
 // PAUTHABI2:      "-cc1"
@@ -55,7 +68,13 @@
 // PAUTHABI3-NOT:  "-fptrauth-
 // PAUTHABI3-NOT: "-faarch64-jump-table-hardening"
 
-// RUN: not %clang -### -c --target=x86_64 -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+//// Non-AArch64.
+// RUN: not %clang -### -c --target=x86_64-linux -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+// RUN:   -fptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-type-discrimination \
+// RUN:   -fptrauth-type-info-vtable-pointer-discrimination -fptrauth-indirect-gotos -fptrauth-init-fini \
+// RUN:   -fptrauth-init-fini-address-discrimination -faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefixes=ERR1,ERR2
+//// Non-linux and non-Darwin OS.
+// RUN: not %clang -### -c --target=aarch64 -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
 // RUN:   -fptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-type-discrimination \
 // RUN:   -fptrauth-type-info-vtable-pointer-discrimination -fptrauth-indirect-gotos -fptrauth-init-fini \
 // RUN:   -fptrauth-init-fini-address-discrimination -faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=ERR1
@@ -69,50 +88,50 @@
 // ERR1-NEXT: error: unsupported option '-fptrauth-indirect-gotos' for target '{{.*}}'
 // ERR1-NEXT: error: unsupported option '-fptrauth-init-fini' for target '{{.*}}'
 // ERR1-NEXT: error: unsupported option '-fptrauth-init-fini-address-discrimination' for target '{{.*}}'
-// ERR1-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for target '{{.*}}'
+// ERR2-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for target '{{.*}}'
 
 
-// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR2
+// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR3
 //// The ABI is not specified explicitly, and for non-Linux pauthtest environment does not correspond
 //// to pauthtest ABI (each OS target defines this behavior separately). Do not emit an error.
 // RUN:     %clang -c --target=aarch64-pauthtest       %s -o /dev/null
-// ERR2: error: unknown target ABI 'pauthtest'
+// ERR3: error: unknown target ABI 'pauthtest'
 
 //// PAuth ABI is encoded as environment part of the triple, so don't allow to explicitly set other environments.
-// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR3
-// ERR3: error: unsupported option '-mabi=pauthtest' for target 'aarch64-unknown-linux-gnu'
+// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR4
+// ERR4: error: unsupported option '-mabi=pauthtest' for target 'aarch64-unknown-linux-gnu'
 // RUN: %clang -### -c --target=aarch64-linux-pauthtest -mabi=pauthtest %s
 
 //// The only branch protection option compatible with PAuthABI is BTI.
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=pac-ret %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR4
+// RUN:   FileCheck %s --check-prefix=ERR5
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -mbranch-protection=pac-ret %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR4
-// ERR4: error: unsupported option '-mbranch-protection=pac-ret' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR5
+// ERR5: error: unsupported option '-mbranch-protection=pac-ret' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=gcs %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR5
+// RUN:   FileCheck %s --check-prefix=ERR6
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -mbranch-protection=gcs %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR5
-// ERR5: error: unsupported option '-mbranch-protection=gcs' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR6
+// ERR6: error: unsupported option '-mbranch-protection=gcs' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=standard %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR6
+// RUN:   FileCheck %s --check-prefix=ERR7
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -mbranch-protection=standard %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR6
-// ERR6: error: unsupported option '-mbranch-protection=standard' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR7
+// ERR7: error: unsupported option '-mbranch-protection=standard' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=all %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR7
+// RUN:   FileCheck %s --check-prefix=ERR8
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -msign-return-address=all %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR7
-// ERR7: error: unsupported option '-msign-return-address=all' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR8
+// ERR8: error: unsupported option '-msign-return-address=all' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=non-leaf %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR8
+// RUN:   FileCheck %s --check-prefix=ERR9
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -msign-return-address=non-leaf %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR8
-// ERR8: error: unsupported option '-msign-return-address=non-leaf' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR9
+// ERR9: error: unsupported option '-msign-return-address=non-leaf' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=none %s
 // RUN: %clang -### -c --target=aarch64-linux-pauthtest       -msign-return-address=none %s

llvmbot · 2024-10-21T17:41:16Z

@llvm/pr-subscribers-clang-driver

Author: Daniil Kovalev (kovdan01)

Changes

Most ptrauth flags are ABI-affecting, so allow them only for Linux and
Darwin OS which explicitly support pointer authentication. Leave
-faarch64-jump-table-hardening available for all AArch64 targets since
it's not ABI-affecting.

Full diff: https://github.com/llvm/llvm-project/pull/113152.diff

6 Files Affected:

(modified) clang/include/clang/Driver/ToolChain.h (+3)
(modified) clang/lib/Driver/ToolChain.cpp (+42)
(modified) clang/lib/Driver/ToolChains/Clang.cpp (-28)
(modified) clang/lib/Driver/ToolChains/Darwin.cpp (+3)
(modified) clang/lib/Driver/ToolChains/Linux.cpp (+6-2)
(modified) clang/test/Driver/aarch64-ptrauth.c (+43-24)

diff --git a/clang/include/clang/Driver/ToolChain.h b/clang/include/clang/Driver/ToolChain.h
index 5347e29be91439..0c0fccec4b933b 100644
--- a/clang/include/clang/Driver/ToolChain.h
+++ b/clang/include/clang/Driver/ToolChain.h
@@ -240,6 +240,9 @@ class ToolChain {
                                 llvm::opt::ArgStringList &CC1Args,
                                 ArrayRef<StringRef> Paths);
 
+  static void addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,
+                                  llvm::opt::ArgStringList &CC1Args);
+
   static std::string concat(StringRef Path, const Twine &A, const Twine &B = "",
                             const Twine &C = "", const Twine &D = "");
   ///@}
diff --git a/clang/lib/Driver/ToolChain.cpp b/clang/lib/Driver/ToolChain.cpp
index 016db9469c6bec..9c53986756caaa 100644
--- a/clang/lib/Driver/ToolChain.cpp
+++ b/clang/lib/Driver/ToolChain.cpp
@@ -1264,6 +1264,48 @@ void ToolChain::addExternCSystemIncludeIfExists(const ArgList &DriverArgs,
   }
 }
 
+/*static*/ void
+ToolChain::addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,
+                               llvm::opt::ArgStringList &CC1Args) {
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_intrinsics,
+                          options::OPT_fno_ptrauth_intrinsics);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_calls,
+                          options::OPT_fno_ptrauth_calls);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_returns,
+                          options::OPT_fno_ptrauth_returns);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_auth_traps,
+                          options::OPT_fno_ptrauth_auth_traps);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_vtable_pointer_address_discrimination,
+      options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_vtable_pointer_type_discrimination,
+      options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
+      options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_function_pointer_type_discrimination,
+      options::OPT_fno_ptrauth_function_pointer_type_discrimination);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_indirect_gotos,
+                          options::OPT_fno_ptrauth_indirect_gotos);
+
+  DriverArgs.addOptInFlag(CC1Args, options::OPT_fptrauth_init_fini,
+                          options::OPT_fno_ptrauth_init_fini);
+
+  DriverArgs.addOptInFlag(
+      CC1Args, options::OPT_fptrauth_init_fini_address_discrimination,
+      options::OPT_fno_ptrauth_init_fini_address_discrimination);
+}
+
 /*static*/ std::string ToolChain::concat(StringRef Path, const Twine &A,
                                          const Twine &B, const Twine &C,
                                          const Twine &D) {
diff --git a/clang/lib/Driver/ToolChains/Clang.cpp b/clang/lib/Driver/ToolChains/Clang.cpp
index 84bb77d451641a..fdfc0787098a48 100644
--- a/clang/lib/Driver/ToolChains/Clang.cpp
+++ b/clang/lib/Driver/ToolChains/Clang.cpp
@@ -1784,34 +1784,6 @@ void Clang::AddAArch64TargetArgs(const ArgList &Args,
 
   AddUnalignedAccessWarning(CmdArgs);
 
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_intrinsics,
-                    options::OPT_fno_ptrauth_intrinsics);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_calls,
-                    options::OPT_fno_ptrauth_calls);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_returns,
-                    options::OPT_fno_ptrauth_returns);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_auth_traps,
-                    options::OPT_fno_ptrauth_auth_traps);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_vtable_pointer_address_discrimination,
-      options::OPT_fno_ptrauth_vtable_pointer_address_discrimination);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_vtable_pointer_type_discrimination,
-      options::OPT_fno_ptrauth_vtable_pointer_type_discrimination);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_type_info_vtable_pointer_discrimination,
-      options::OPT_fno_ptrauth_type_info_vtable_pointer_discrimination);
-  Args.addOptInFlag(
-      CmdArgs, options::OPT_fptrauth_function_pointer_type_discrimination,
-      options::OPT_fno_ptrauth_function_pointer_type_discrimination);
-
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_indirect_gotos,
-                    options::OPT_fno_ptrauth_indirect_gotos);
-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_init_fini,
-                    options::OPT_fno_ptrauth_init_fini);
-  Args.addOptInFlag(CmdArgs,
-                    options::OPT_fptrauth_init_fini_address_discrimination,
-                    options::OPT_fno_ptrauth_init_fini_address_discrimination);
   Args.addOptInFlag(CmdArgs, options::OPT_faarch64_jump_table_hardening,
                     options::OPT_fno_aarch64_jump_table_hardening);
 }
diff --git a/clang/lib/Driver/ToolChains/Darwin.cpp b/clang/lib/Driver/ToolChains/Darwin.cpp
index 87380869f6fdab..3874cc3d98e80a 100644
--- a/clang/lib/Driver/ToolChains/Darwin.cpp
+++ b/clang/lib/Driver/ToolChains/Darwin.cpp
@@ -3137,6 +3137,9 @@ void Darwin::addClangTargetOptions(
     if (!RequiresSubdirectorySearch)
       CC1Args.push_back("-fno-modulemap-allow-subdirectory-search");
   }
+
+  if (getTriple().isAArch64())
+    addPointerAuthFlags(DriverArgs, CC1Args);
 }
 
 void Darwin::addClangCC1ASTargetOptions(
diff --git a/clang/lib/Driver/ToolChains/Linux.cpp b/clang/lib/Driver/ToolChains/Linux.cpp
index ae5abf44fb5566..9f38adbd691c27 100644
--- a/clang/lib/Driver/ToolChains/Linux.cpp
+++ b/clang/lib/Driver/ToolChains/Linux.cpp
@@ -529,8 +529,12 @@ void Linux::addClangTargetOptions(const llvm::opt::ArgList &DriverArgs,
                                   llvm::opt::ArgStringList &CC1Args,
                                   Action::OffloadKind DeviceOffloadKind) const {
   llvm::Triple Triple(ComputeEffectiveClangTriple(DriverArgs));
-  if (Triple.isAArch64() && Triple.getEnvironment() == llvm::Triple::PAuthTest)
-    handlePAuthABI(getDriver(), DriverArgs, CC1Args);
+  if (Triple.isAArch64()) {
+    addPointerAuthFlags(DriverArgs, CC1Args);
+    if (Triple.getEnvironment() == llvm::Triple::PAuthTest)
+      handlePAuthABI(getDriver(), DriverArgs, CC1Args);
+  }
+
   Generic_ELF::addClangTargetOptions(DriverArgs, CC1Args, DeviceOffloadKind);
 }
 
diff --git a/clang/test/Driver/aarch64-ptrauth.c b/clang/test/Driver/aarch64-ptrauth.c
index 88841ee0b0b7bb..b16fb1ea3b1aca 100644
--- a/clang/test/Driver/aarch64-ptrauth.c
+++ b/clang/test/Driver/aarch64-ptrauth.c
@@ -4,7 +4,7 @@
 // NONE:     "-cc1"
 // NONE-NOT: "-fptrauth-
 
-// RUN: %clang -### -c --target=aarch64 \
+// RUN: %clang -### -c --target=aarch64-linux \
 // RUN:   -fno-ptrauth-intrinsics -fptrauth-intrinsics \
 // RUN:   -fno-ptrauth-calls -fptrauth-calls \
 // RUN:   -fno-ptrauth-returns -fptrauth-returns \
@@ -17,7 +17,20 @@
 // RUN:   -fno-ptrauth-init-fini-address-discrimination -fptrauth-init-fini-address-discrimination \
 // RUN:   -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
 // RUN:   %s 2>&1 | FileCheck %s --check-prefix=ALL
-// ALL: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls" "-fptrauth-returns" "-fptrauth-auth-traps" "-fptrauth-vtable-pointer-address-discrimination" "-fptrauth-vtable-pointer-type-discrimination" "-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos" "-fptrauth-init-fini" "-fptrauth-init-fini-address-discrimination" "-faarch64-jump-table-hardening"
+// RUN: %clang -### -c --target=arm64-darwin \
+// RUN:   -fno-ptrauth-intrinsics -fptrauth-intrinsics \
+// RUN:   -fno-ptrauth-calls -fptrauth-calls \
+// RUN:   -fno-ptrauth-returns -fptrauth-returns \
+// RUN:   -fno-ptrauth-auth-traps -fptrauth-auth-traps \
+// RUN:   -fno-ptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-address-discrimination \
+// RUN:   -fno-ptrauth-vtable-pointer-type-discrimination -fptrauth-vtable-pointer-type-discrimination \
+// RUN:   -fno-ptrauth-type-info-vtable-pointer-discrimination -fptrauth-type-info-vtable-pointer-discrimination \
+// RUN:   -fno-ptrauth-indirect-gotos -fptrauth-indirect-gotos \
+// RUN:   -fno-ptrauth-init-fini -fptrauth-init-fini \
+// RUN:   -fno-ptrauth-init-fini-address-discrimination -fptrauth-init-fini-address-discrimination \
+// RUN:   -fno-aarch64-jump-table-hardening -faarch64-jump-table-hardening \
+// RUN:   %s 2>&1 | FileCheck %s --check-prefix=ALL
+// ALL: "-cc1"{{.*}} "-fptrauth-intrinsics" "-fptrauth-calls" "-fptrauth-returns" "-fptrauth-auth-traps" "-fptrauth-vtable-pointer-address-discrimination" "-fptrauth-vtable-pointer-type-discrimination" "-fptrauth-type-info-vtable-pointer-discrimination" "-fptrauth-indirect-gotos" "-fptrauth-init-fini" "-fptrauth-init-fini-address-discrimination"{{.*}} "-faarch64-jump-table-hardening"
 
 // RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI1
 // RUN: %clang -### -c --target=aarch64-linux-pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI1
@@ -40,7 +53,7 @@
 // RUN:   -fno-aarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
 
 //// Non-linux OS: pauthtest ABI has no effect in terms of passing ptrauth cc1 flags.
-//// An error about unsupported ABI will be emitted later in pipeline (see ERR2 below)
+//// An error about unsupported ABI will be emitted later in pipeline (see ERR3 below)
 // RUN: %clang -### -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
 
 // PAUTHABI2:      "-cc1"
@@ -55,7 +68,13 @@
 // PAUTHABI3-NOT:  "-fptrauth-
 // PAUTHABI3-NOT: "-faarch64-jump-table-hardening"
 
-// RUN: not %clang -### -c --target=x86_64 -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+//// Non-AArch64.
+// RUN: not %clang -### -c --target=x86_64-linux -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
+// RUN:   -fptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-type-discrimination \
+// RUN:   -fptrauth-type-info-vtable-pointer-discrimination -fptrauth-indirect-gotos -fptrauth-init-fini \
+// RUN:   -fptrauth-init-fini-address-discrimination -faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefixes=ERR1,ERR2
+//// Non-linux and non-Darwin OS.
+// RUN: not %clang -### -c --target=aarch64 -fptrauth-intrinsics -fptrauth-calls -fptrauth-returns -fptrauth-auth-traps \
 // RUN:   -fptrauth-vtable-pointer-address-discrimination -fptrauth-vtable-pointer-type-discrimination \
 // RUN:   -fptrauth-type-info-vtable-pointer-discrimination -fptrauth-indirect-gotos -fptrauth-init-fini \
 // RUN:   -fptrauth-init-fini-address-discrimination -faarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=ERR1
@@ -69,50 +88,50 @@
 // ERR1-NEXT: error: unsupported option '-fptrauth-indirect-gotos' for target '{{.*}}'
 // ERR1-NEXT: error: unsupported option '-fptrauth-init-fini' for target '{{.*}}'
 // ERR1-NEXT: error: unsupported option '-fptrauth-init-fini-address-discrimination' for target '{{.*}}'
-// ERR1-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for target '{{.*}}'
+// ERR2-NEXT: error: unsupported option '-faarch64-jump-table-hardening' for target '{{.*}}'
 
 
-// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR2
+// RUN: not %clang -c --target=aarch64 -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR3
 //// The ABI is not specified explicitly, and for non-Linux pauthtest environment does not correspond
 //// to pauthtest ABI (each OS target defines this behavior separately). Do not emit an error.
 // RUN:     %clang -c --target=aarch64-pauthtest       %s -o /dev/null
-// ERR2: error: unknown target ABI 'pauthtest'
+// ERR3: error: unknown target ABI 'pauthtest'
 
 //// PAuth ABI is encoded as environment part of the triple, so don't allow to explicitly set other environments.
-// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR3
-// ERR3: error: unsupported option '-mabi=pauthtest' for target 'aarch64-unknown-linux-gnu'
+// RUN: not %clang -### -c --target=aarch64-linux-gnu -mabi=pauthtest %s 2>&1 | FileCheck %s --check-prefix=ERR4
+// ERR4: error: unsupported option '-mabi=pauthtest' for target 'aarch64-unknown-linux-gnu'
 // RUN: %clang -### -c --target=aarch64-linux-pauthtest -mabi=pauthtest %s
 
 //// The only branch protection option compatible with PAuthABI is BTI.
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=pac-ret %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR4
+// RUN:   FileCheck %s --check-prefix=ERR5
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -mbranch-protection=pac-ret %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR4
-// ERR4: error: unsupported option '-mbranch-protection=pac-ret' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR5
+// ERR5: error: unsupported option '-mbranch-protection=pac-ret' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=gcs %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR5
+// RUN:   FileCheck %s --check-prefix=ERR6
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -mbranch-protection=gcs %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR5
-// ERR5: error: unsupported option '-mbranch-protection=gcs' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR6
+// ERR6: error: unsupported option '-mbranch-protection=gcs' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -mbranch-protection=standard %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR6
+// RUN:   FileCheck %s --check-prefix=ERR7
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -mbranch-protection=standard %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR6
-// ERR6: error: unsupported option '-mbranch-protection=standard' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR7
+// ERR7: error: unsupported option '-mbranch-protection=standard' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=all %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR7
+// RUN:   FileCheck %s --check-prefix=ERR8
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -msign-return-address=all %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR7
-// ERR7: error: unsupported option '-msign-return-address=all' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR8
+// ERR8: error: unsupported option '-msign-return-address=all' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: not %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=non-leaf %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR8
+// RUN:   FileCheck %s --check-prefix=ERR9
 // RUN: not %clang -### -c --target=aarch64-linux-pauthtest       -msign-return-address=non-leaf %s 2>&1 | \
-// RUN:   FileCheck %s --check-prefix=ERR8
-// ERR8: error: unsupported option '-msign-return-address=non-leaf' for target 'aarch64-unknown-linux-pauthtest'
+// RUN:   FileCheck %s --check-prefix=ERR9
+// ERR9: error: unsupported option '-msign-return-address=non-leaf' for target 'aarch64-unknown-linux-pauthtest'
 
 // RUN: %clang -### -c --target=aarch64-linux -mabi=pauthtest -msign-return-address=none %s
 // RUN: %clang -### -c --target=aarch64-linux-pauthtest       -msign-return-address=none %s

kovdan01 · 2024-10-28T13:48:50Z

Would be glad to see everyone's feedback on the changes.

kovdan01 · 2024-11-09T16:55:44Z

Would be glad to see everyone's feedback on the changes.

kovdan01 · 2024-11-19T17:59:54Z

@MaskRay As discussed in #96160 (comment), this drops support for ptrauth driver flags, but with an exception for apple targets - to the best of my knowledge, they have use cases for them. Also tagging @ahmedbougacha

Note: as stated in PR description, the jump table hardening flag (#113149) is left intact since it's not ABI-affecting.

asl · 2024-11-20T08:26:09Z

I think we'd need to keep driver flags for pauthtest ABI as the intention is to enable easier bringup of pointer authentication ABI on a new target:

pauthest is intended to be used for experimenting with signing schema w/o changing compiler
the signing schema is explicitly encoded in the pauth elf marking

Though certainly for other named ABIs (say, platform dependent) they should be disabled by default and it is up to platform to decide on signing schema.

kovdan01 · 2024-11-24T22:07:57Z

I think we'd need to keep driver flags for pauthtest ABI as the intention is to enable easier bringup of pointer authentication ABI on a new target

@asl Thanks for suggestion, addressed in 515574c, and updated the PR description correspondingly.

MaskRay · 2024-12-07T19:01:58Z

clang/lib/Driver/ToolChains/Linux.cpp

    CC1Args.push_back("-faarch64-jump-table-hardening");
 }

+static void addPointerAuthFlags(const llvm::opt::ArgList &DriverArgs,


There is a lot of duplication with Darwin.cpp.

Thanks for suggestion, moved common code to ToolChain::addPointerAuthFlags, see 3afcc78

MaskRay · 2024-12-07T19:03:31Z

clang/lib/Driver/ToolChains/Clang.cpp


  AddUnalignedAccessWarning(CmdArgs);

-  Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_intrinsics,


https://maskray.me/blog/2023-08-25-clang-wunused-command-line-argument#target-specific-options

You can make these options TargetSpecific and only handle them for Linux and Darwin. Then these options will lead to errors for other platforms.

You can make these options TargetSpecific and only handle them for Linux and Darwin.

@MaskRay It looks like they are already declared as TargetSpecific - see https://github.com/llvm/llvm-project/blob/41cde46/clang/include/clang/Driver/Options.td#L4337-L4357. Please let me know if I'm missing smth and you meant smth else.

I'm afraid that you missed the point. Keep the code in Clang.cpp but do the following

// Clang.cpp if (Linux pauth abi or isDarwin) { claim these pauth options }

@MaskRay This would explicitly require adding each platform that would want to add pauth here. I don't think this is something desired (do we really want to add further, say, OpenBSD, FreeBSD and other platforms in the condition?)

Yes for such straightforward CC1 forwarding options. The alternative requires a new function in CommonArgs.cpp and changes to various ToolChains/XX.cpp files, which is worse.

@MaskRay Applied your suggestion in 346d1ef

I'm afraid that you missed the point. Keep the code in Clang.cpp but do the following

// Clang.cpp if (Linux pauth abi or isDarwin) { claim these pauth options }

MaskRay

.

kovdan01 · 2024-12-16T08:32:38Z

@MaskRay Previous comments should now be addressed, would be glad to see your feedback on the new version of the PR

MaskRay · 2024-12-17T17:51:15Z

clang/test/Driver/aarch64-ptrauth.c

 // RUN:   -fno-ptrauth-type-info-vtable-pointer-discrimination -fno-ptrauth-indirect-gotos \
 // RUN:   -fno-ptrauth-init-fini -fno-ptrauth-init-fini-address-discrimination \
-// RUN:   -fno-aarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=PAUTHABI2
+// RUN:   -fno-aarch64-jump-table-hardening %s 2>&1 | FileCheck %s --check-prefix=PAUTHTEST2


It's not necessary to change PAUTHABI test prefixes to PAUTHTEST. Unnecessary churn.

Changed back to PAUTHABI, thanks

…htest ABI Most ptrauth flags are ABI-affecting, so usually we do not want them to be exposed to end users. Allow them only in the following cases: - ARM64 Darwin (under certain conditions, some ptrauth driver flags are intended to be used in this case); - pauthtest ABI (it's intended to be used for experimenting with signing schema and the signing schema is explicitly encoded in the pauth elf marking). Leave `-faarch64-jump-table-hardening` available for all AArch64 targets since it's not ABI-affecting.

kovdan01 · 2025-10-27T15:19:00Z

The rebase history was cluttered due to this being part of stack of PRs, so I've just force-pushed the correct rebased version of the changes as a single commit.

Since this is the last PR in the stack and it's already approved, I hope that missing updates history is not a critical issue, but it allows to keep things simpler.

llvm-ci · 2025-10-29T11:20:35Z

LLVM Buildbot has detected a new failure on builder bolt-aarch64-ubuntu-clang running on bolt-worker-aarch64 while building clang at step 5 "build-clang-bolt".

Full details are available at: https://lab.llvm.org/buildbot/#/builders/128/builds/8116

Here is the relevant piece of the build log for the reference

Step 5 (build-clang-bolt) failure: build (failure)
...
29.248 [8/2/3351] Linking CXX static library lib/libclangIndex.a
29.328 [6/3/3352] Linking CXX static library lib/libclangCrossTU.a
29.449 [5/3/3353] Linking CXX static library lib/libclangExtractAPI.a
29.749 [5/2/3354] Linking CXX static library lib/libclangStaticAnalyzerCore.a
30.109 [4/2/3355] Linking CXX static library lib/libclangCodeGen.a
30.428 [4/1/3356] Linking CXX static library lib/libclangStaticAnalyzerCheckers.a
30.472 [3/1/3357] Linking CXX static library lib/libclangStaticAnalyzerFrontend.a
30.508 [2/1/3358] Linking CXX static library lib/libclangFrontendTool.a
31.319 [1/1/3359] Linking CXX executable bin/clang-22
175.227 [0/1/3360] Creating executable symlink bin/clang
FAILED: bin/clang 
/usr/bin/cmake -E cmake_symlink_executable bin/clang-22 bin/clang && cd /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver && /usr/bin/cmake -E create_symlink clang-22 /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/./bin/clang++ && cd /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver && /usr/bin/cmake -E create_symlink clang-22 /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/./bin/clang-cl && cd /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver && /usr/bin/cmake -E create_symlink clang-22 /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/./bin/clang-cpp && cd /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver && /usr/bin/python3 /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/llvm-project/clang/tools/driver/../../utils/perf-training/perf-helper.py bolt-optimize --method INSTRUMENT --input /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/bin/clang-22 --instrumented-output /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/./bin/clang-bolt.inst --fdata /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver/../../utils/perf-training/prof.fdata --perf-training-binary-dir /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver/../../utils/perf-training --readelf /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/bin/llvm-readobj --bolt /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/bin/llvm-bolt --lit /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/./bin/llvm-lit --merge-fdata /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/bin/merge-fdata
Running: /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/bin/llvm-bolt /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/bin/clang-22 -o /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/./bin/clang-bolt.inst -instrument --instrumentation-file-append-pid --instrumentation-file=/home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver/../../utils/perf-training/prof.fdata
BOLT-INFO: shared object or position-independent executable detected
BOLT-INFO: Target architecture: aarch64
BOLT-INFO: BOLT version: <unknown>
BOLT-INFO: first alloc address is 0x0
BOLT-INFO: creating new program header table at address 0x8a00000, offset 0x8a00000
BOLT-INFO: enabling relocation mode
BOLT-INFO: forcing -jump-tables=move for instrumentation
BOLT-WARNING: 1 collisions detected while hashing binary objects. Use -v=1 to see the list.
BOLT-INFO: MarkRAStates ran on 2 functions. Ignored 0 functions (0.00%) because of CFI inconsistencies
BOLT-INFO: number of removed linker-inserted veneers: 0
BOLT-INFO: 0 out of 154886 functions in the binary (0.0%) have non-empty execution profile
BOLT-INSTRUMENTER: Number of indirect call site descriptors: 60567
BOLT-INSTRUMENTER: Number of indirect call target descriptors: 152687
BOLT-INSTRUMENTER: Number of function descriptors: 152671
BOLT-INSTRUMENTER: Number of branch counters: 2008104
BOLT-INSTRUMENTER: Number of ST leaf node counters: 1023117
BOLT-INSTRUMENTER: Number of direct call counters: 0
BOLT-INSTRUMENTER: Total number of counters: 3031221
BOLT-INSTRUMENTER: Total size of counters: 24249768 bytes (static alloc memory)
BOLT-INSTRUMENTER: Total size of string table emitted: 15983911 bytes in file
BOLT-INSTRUMENTER: Total size of descriptors: 223994644 bytes in file
BOLT-INSTRUMENTER: Profile will be saved to file /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver/../../utils/perf-training/prof.fdata
BOLT-INFO: removed 22179 empty blocks
BOLT-INFO: merged 6 duplicate CFG edges
BOLT-INFO: Starting stub-insertion pass
BOLT-INFO: Inserted 1480 stubs in the hot area and 0 stubs in the cold area. Shared 172221 times, iterated 4 times.
BOLT-INFO: rewritten pac-ret DWARF info in 2 out of 155188 functions (0.00%).
BOLT-INFO: padding code to 0x13200000 to accommodate hot text
BOLT-INFO: output linked against instrumentation runtime library, lib entry point is 0x15e388c0
BOLT-INFO: clear procedure is 0x15e37540
BOLT-INFO: patched build-id (flipped last bit)
BOLT-INFO: setting __bolt_runtime_start to 0x15e388c0
BOLT-INFO: setting __bolt_runtime_fini to 0x15e38954
BOLT-INFO: setting __hot_start to 0x8c00000
BOLT-INFO: setting __hot_end to 0x13051628
Running: /usr/bin/python3 /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/./bin/llvm-lit -v /home/buildbot/workspace/bolt-aarch64-ubuntu-clang/build/tools/clang/tools/driver/../../utils/perf-training/bolt-fdata

…htest ABI (llvm#113152) Most ptrauth flags are ABI-affecting, so usually we do not want them to be exposed to end users. Allow them only in the following cases: - ARM64 Darwin (under certain conditions, some ptrauth driver flags are intended to be used in this case); - pauthtest ABI (it's intended to be used for experimenting with signing schema and the signing schema is explicitly encoded in the pauth elf marking). Leave `-faarch64-jump-table-hardening` available for all AArch64 targets since it's not ABI-affecting.

kovdan01 mentioned this pull request Oct 21, 2024

[PAC][Driver] Add -faarch64-jump-table-hardening flag #113149

Merged

This was referenced Oct 21, 2024

[PAC][clang] Add new features to pauthtest ABI #113150

Merged

[PAC][clang] Handle pauthtest environment and ABI in Linux-specific code #113151

Merged

kovdan01 requested a review from asl October 21, 2024 10:45

kovdan01 marked this pull request as ready for review October 21, 2024 17:40

llvmbot added clang Clang issues not falling into any other category clang:driver 'clang' and 'clang++' user-facing binaries. Not 'clang-cl' labels Oct 21, 2024

kovdan01 requested review from MaskRay, ahmedbougacha, dwblaikie, jh7370, kbeyls and smithp35 October 21, 2024 17:43

kovdan01 self-assigned this Oct 25, 2024

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from 418ead4 to 5fb854a Compare November 19, 2024 17:53

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 8878834 to e610387 Compare November 19, 2024 17:54

kovdan01 changed the title ~~[PAC][Driver] Support ptrauth flags only on AArch64 Linux and ARM64 Darwin~~ [PAC][Driver] Support ptrauth flags only on ARM64 Darwin Nov 19, 2024

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from 5fb854a to c4de0f5 Compare November 24, 2024 21:54

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from e610387 to 515574c Compare November 24, 2024 21:54

kovdan01 changed the title ~~[PAC][Driver] Support ptrauth flags only on ARM64 Darwin~~ [PAC][Driver] Support ptrauth flags only on ARM64 Darwin or with pauthtest ABI Nov 24, 2024

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from c4de0f5 to 9d72205 Compare November 25, 2024 07:53

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 515574c to 226cfcf Compare November 25, 2024 07:53

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from 9d72205 to 4ff3cdb Compare December 5, 2024 08:37

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 226cfcf to 35c39c5 Compare December 5, 2024 08:38

MaskRay reviewed Dec 7, 2024

View reviewed changes

MaskRay requested changes Dec 7, 2024

View reviewed changes

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from 4ff3cdb to de4d000 Compare December 7, 2024 21:16

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 35c39c5 to 3afcc78 Compare December 7, 2024 21:17

kovdan01 requested a review from MaskRay December 7, 2024 21:18

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from de4d000 to 491c455 Compare December 16, 2024 08:30

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 3afcc78 to 346d1ef Compare December 16, 2024 08:30

MaskRay approved these changes Dec 17, 2024

View reviewed changes

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from 491c455 to 74c5de1 Compare December 17, 2024 20:29

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 346d1ef to 1e731d3 Compare December 17, 2024 20:30

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 6deb38d to 115e915 Compare September 8, 2025 15:28

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from 74c5de1 to 7af8e3d Compare September 8, 2025 15:28

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from 115e915 to c3322cf Compare September 15, 2025 09:55

kovdan01 force-pushed the users/kovdan01/pauthtest-linux-specific branch from 67a2a15 to 7cba9a3 Compare September 16, 2025 06:57

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from c3322cf to cc552d5 Compare September 16, 2025 06:58

Base automatically changed from users/kovdan01/pauthtest-linux-specific to main October 24, 2025 11:48

kovdan01 force-pushed the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch from cc552d5 to bbc6ac9 Compare October 27, 2025 15:15

kovdan01 merged commit 4d6fb88 into main Oct 29, 2025
10 checks passed

kovdan01 deleted the users/kovdan01/ptrauth-flags-only-on-linux-and-darwin branch October 29, 2025 10:54

github-project-automation bot moved this from In Progress to Done in Pointer Authentication Tasks Oct 29, 2025


		AddUnalignedAccessWarning(CmdArgs);

		Args.addOptInFlag(CmdArgs, options::OPT_fptrauth_intrinsics,

[PAC][Driver] Support ptrauth flags only on ARM64 Darwin or with pauthtest ABI #113152

[PAC][Driver] Support ptrauth flags only on ARM64 Darwin or with pauthtest ABI #113152

Uh oh!

Conversation

kovdan01 commented Oct 21, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

kovdan01 commented Oct 21, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

llvmbot commented Oct 21, 2024

Uh oh!

llvmbot commented Oct 21, 2024

Uh oh!

kovdan01 commented Oct 28, 2024

Uh oh!

kovdan01 commented Nov 9, 2024

Uh oh!

kovdan01 commented Nov 19, 2024

Uh oh!

asl commented Nov 20, 2024

Uh oh!

kovdan01 commented Nov 24, 2024

Uh oh!

MaskRay Dec 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

MaskRay left a comment

Choose a reason for hiding this comment

Uh oh!

kovdan01 commented Dec 16, 2024

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

kovdan01 commented Oct 27, 2025

Uh oh!

Uh oh!

llvm-ci commented Oct 29, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

kovdan01 commented Oct 21, 2024 •

edited

Loading

kovdan01 commented Oct 21, 2024 •

edited

Loading

MaskRay Dec 7, 2024 •

edited

Loading