[BOLT] Add allow-experimental-pacret flag

- put feature behind new flag.
- to not fail because of the missing flag, read OpNegateRAState CFIs
    normally from binaries.
- in the beginning of MarkRAStates Pass, remove all OpNegateRAState CFIs.

Author: bgergely0

bolt/include/bolt/Utils/CommandLineOpts.h

@@ -72,6 +72,7 @@ extern llvm::cl::opt<std::string> OutputFilename;
 extern llvm::cl::opt<std::string> PerfData;
 extern llvm::cl::opt<bool> PrintCacheMetrics;
 extern llvm::cl::opt<bool> PrintSections;
+extern llvm::cl::opt<bool> AllowPacret;
 
 // The format to use with -o in aggregation mode (perf2bolt)
 enum ProfileFormatKind { PF_Fdata, PF_YAML };

bolt/lib/Core/BinaryFunction.cpp

@@ -64,6 +64,7 @@ extern cl::opt<bool> Instrument;
 extern cl::opt<bool> StrictMode;
 extern cl::opt<bool> UpdateDebugSections;
 extern cl::opt<unsigned> Verbosity;
+extern cl::opt<bool> AllowPacret;
 
 extern bool BinaryAnalysisMode;
 extern HeatmapModeKind HeatmapMode;
@@ -2785,10 +2786,12 @@ struct CFISnapshot {
       llvm_unreachable("unsupported CFI opcode");
       break;
     case MCCFIInstruction::OpNegateRAState:
-      if (!(opts::BinaryAnalysisMode || opts::HeatmapMode)) {
-        llvm_unreachable("BOLT-ERROR: binaries using pac-ret hardening (e.g. "
-                         "as produced by '-mbranch-protection=pac-ret') are "
-                         "currently not supported by BOLT.");
+      if (!(opts::BinaryAnalysisMode || opts::HeatmapMode ||
+            opts::AllowPacret)) {
+        llvm_unreachable(
+            "BOLT-ERROR: support for binaries using pac-ret hardening (e.g. as "
+            "produced by '-mbranch-protection=pac-ret') is experimental\n"
+            "BOLT-ERROR: set --allow-experimental-pacret to allow processing");
       }
       break;
     case MCCFIInstruction::OpRememberState:
@@ -2804,7 +2807,6 @@ struct CFISnapshot {
   void advanceTo(int32_t State) {
     for (int32_t I = CurState, E = State; I != E; ++I) {
       const MCCFIInstruction &Instr = FDE[I];
-      assert(Instr.getOperation() != MCCFIInstruction::OpNegateRAState);
       if (Instr.getOperation() != MCCFIInstruction::OpRestoreState) {
         update(Instr, I);
         continue;
@@ -2932,10 +2934,12 @@ struct CFISnapshotDiff : public CFISnapshot {
       llvm_unreachable("unsupported CFI opcode");
       return false;
     case MCCFIInstruction::OpNegateRAState:
-      if (!(opts::BinaryAnalysisMode || opts::HeatmapMode)) {
-        llvm_unreachable("BOLT-ERROR: binaries using pac-ret hardening (e.g. "
-                         "as produced by '-mbranch-protection=pac-ret') are "
-                         "currently not supported by BOLT.");
+      if (!(opts::BinaryAnalysisMode || opts::HeatmapMode ||
+            opts::AllowPacret)) {
+        llvm_unreachable(
+            "BOLT-ERROR: support for binaries using pac-ret hardening (e.g. as "
+            "produced by '-mbranch-protection=pac-ret') is experimental\n"
+            "BOLT-ERROR: set --allow-experimental-pacret to allow processing");
       }
       break;
     case MCCFIInstruction::OpRememberState:
@@ -3089,10 +3093,12 @@ BinaryFunction::unwindCFIState(int32_t FromState, int32_t ToState,
       llvm_unreachable("unsupported CFI opcode");
       break;
     case MCCFIInstruction::OpNegateRAState:
-      if (!(opts::BinaryAnalysisMode || opts::HeatmapMode)) {
-        llvm_unreachable("BOLT-ERROR: binaries using pac-ret hardening (e.g. "
-                         "as produced by '-mbranch-protection=pac-ret') are "
-                         "currently not supported by BOLT.");
+      if (!(opts::BinaryAnalysisMode || opts::HeatmapMode ||
+            opts::AllowPacret)) {
+        llvm_unreachable(
+            "BOLT-ERROR: support for binaries using pac-ret hardening (e.g. as "
+            "produced by '-mbranch-protection=pac-ret') is experimental\n"
+            "BOLT-ERROR: set --allow-experimental-pacret to allow processing");
       }
       break;
     case MCCFIInstruction::OpGnuArgsSize:

bolt/lib/Core/Exceptions.cpp

@@ -650,6 +650,14 @@ bool CFIReaderWriter::fillCFIInfoFor(BinaryFunction &Function) const {
         // the RA State. The actual state for instructions are worked out in
         // MarkRAStates based on these annotations.
         Function.setInstModifiesRAState(DW_CFA_AARCH64_negate_ra_state, Offset);
+        // To have the --allow-experimental-pacret flag, we have to add the
+        // OpNegateRAState CFI, and remove it later in MarkRAStates. Unittests
+        // on AArch64 would be broken otherwise, as some AArch64 platforms will
+        // have pac-ret for linker inserted functions, e.g.
+        // __do_global_dtors_aux. The user cannot remove the
+        // .cfi_negate_ra_state from such functions.
+        Function.addCFIInstruction(
+            Offset, MCCFIInstruction::createNegateRAState(nullptr));
         break;
       }
       if (opts::Verbosity >= 1)

bolt/lib/Passes/MarkRAStates.cpp

@@ -43,6 +43,25 @@ void MarkRAStates::runOnFunction(BinaryFunction &BF) {
 
   BinaryContext &BC = BF.getBinaryContext();
 
+  // Because of the --allow-experimental-pacret flag,
+  // we cannot remove all OpNegateRAStates at FillCFIInfoFor,
+  // but we still need to remove them here, because their pre-optimization
+  // locations would be incorrect after optimizations.
+  std::vector<BinaryBasicBlock *> Blocks(BF.pbegin(), BF.pend());
+  for (BinaryBasicBlock *BB : Blocks) {
+    for (auto II = BB->begin(); II != BB->end();) {
+      MCInst &Instr = *II;
+      if (BC.MIB->isCFI(Instr)) {
+        const MCCFIInstruction *CFI = BF.getCFIFor(Instr);
+        if (CFI->getOperation() == MCCFIInstruction::OpNegateRAState) {
+          II = BB->erasePseudoInstruction(II);
+          continue;
+        }
+      }
+      ++II;
+    }
+  }
+
   for (BinaryBasicBlock &BB : BF) {
     for (auto It = BB.begin(); It != BB.end(); ++It) {
       MCInst &Inst = *It;
@@ -57,6 +76,8 @@ void MarkRAStates::runOnFunction(BinaryFunction &BF) {
         BF.setIgnored();
         BC.outs() << "BOLT-INFO: inconsistent RAStates in function "
                   << BF.getPrintName() << "\n";
+        BC.outs()
+            << "BOLT-INFO: ptr sign/auth inst without .cfi_negate_ra_state\n";
         return;
       }
     }
@@ -77,6 +98,8 @@ void MarkRAStates::runOnFunction(BinaryFunction &BF) {
           // RA signing instructions should only follow unsigned RA state.
           BC.outs() << "BOLT-INFO: inconsistent RAStates in function "
                     << BF.getPrintName() << "\n";
+          BC.outs() << "BOLT-INFO: ptr signing inst encountered in Signed RA "
+                       "state.\n";
           BF.setIgnored();
           return;
         }
@@ -86,6 +109,8 @@ void MarkRAStates::runOnFunction(BinaryFunction &BF) {
           // RA authenticating instructions should only follow signed RA state.
           BC.outs() << "BOLT-INFO: inconsistent RAStates in function "
                     << BF.getPrintName() << "\n";
+          BC.outs() << "BOLT-INFO: ptr authenticating inst encountered in "
+                       "Unsigned RA state.\n";
           BF.setIgnored();
           return;
         }

bolt/lib/Rewrite/BinaryPassManager.cpp

@@ -275,6 +275,11 @@ static cl::opt<bool> ShortenInstructions("shorten-instructions",
                                          cl::desc("shorten instructions"),
                                          cl::init(true),
                                          cl::cat(BoltOptCategory));
+
+cl::opt<bool> AllowPacret(
+    "allow-experimental-pacret",
+    cl::desc("Enable processing binaries with pac-ret (experimental)"),
+    cl::cat(BoltOptCategory));
 } // namespace opts
 
 namespace llvm {