Skip to content

Introduce aarch64-unknown-linux-pauthtest target #155722

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jchlanda wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Introduce aarch64-unknown-linux-pauthtest target #155722

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
7b3429f
Introduce `aarch64-unknown-linux-pauthtest`
jchlanda Apr 3, 2026
bd4e193
Define ptrauth call operand bundle and introduce `const_ptr_aut`
jchlanda Apr 3, 2026
dab6660
New signature of `get_fn_addr`, teach Rust how to sign fn pointers
jchlanda Apr 3, 2026
eb1d96d
Add pauth attributes and first IR tests
jchlanda Apr 3, 2026
faa53c3
Add support for init/fini signing and correctly sign extern weak globals
jchlanda Apr 3, 2026
c4b61c4
Teach bootstrap how to build rust_test_helpers for pauthtest
jchlanda Apr 3, 2026
b4b1a89
For pauthtest landing pads must be signed
jchlanda Apr 3, 2026
c790f2b
PR feedback: pauth dir for codegen-llvm tests
jchlanda Apr 27, 2026
1c50d19
PR feedback: minicore, LLVMRustConstPtrAuth and in-code docs
jchlanda Apr 28, 2026
c6d74b5
Override static libraries and warn on linking against that kind of libs
jchlanda Apr 29, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 10 additions & 3 deletions compiler/rustc_codegen_gcc/src/common.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ use gccjit::{LValue, RValue, ToRValue, Type};
use rustc_abi::Primitive::Pointer;
use rustc_abi::{self as abi, HasDataLayout};
use rustc_codegen_ssa::traits::{
BaseTypeCodegenMethods, ConstCodegenMethods, MiscCodegenMethods, StaticCodegenMethods,
BaseTypeCodegenMethods, ConstCodegenMethods, MiscCodegenMethods, PacMetadata,
StaticCodegenMethods,
};
use rustc_middle::mir::Mutability;
use rustc_middle::mir::interpret::{GlobalAlloc, PointerArithmetic, Scalar};
Expand Down Expand Up @@ -229,7 +230,13 @@ impl<'gcc, 'tcx> ConstCodegenMethods for CodegenCx<'gcc, 'tcx> {
None
}

fn scalar_to_backend(&self, cv: Scalar, layout: abi::Scalar, ty: Type<'gcc>) -> RValue<'gcc> {
fn scalar_to_backend_with_pac(
&self,
cv: Scalar,
layout: abi::Scalar,
ty: Type<'gcc>,
_pac: Option<PacMetadata>,
) -> RValue<'gcc> {
let bitsize = if layout.is_bool() { 1 } else { layout.size(self).bits() };
match cv {
Scalar::Int(int) => {
Expand Down Expand Up @@ -278,7 +285,7 @@ impl<'gcc, 'tcx> ConstCodegenMethods for CodegenCx<'gcc, 'tcx> {
}
value
}
GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance),
GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance, None),
GlobalAlloc::VTable(ty, dyn_ty) => {
let alloc = self
.tcx
Expand Down
6 changes: 4 additions & 2 deletions compiler/rustc_codegen_gcc/src/context.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@ use gccjit::{
use rustc_abi::{Align, HasDataLayout, PointeeInfo, Size, TargetDataLayout, VariantIdx};
use rustc_codegen_ssa::base::wants_msvc_seh;
use rustc_codegen_ssa::errors as ssa_errors;
use rustc_codegen_ssa::traits::{BackendTypes, BaseTypeCodegenMethods, MiscCodegenMethods};
use rustc_codegen_ssa::traits::{
BackendTypes, BaseTypeCodegenMethods, MiscCodegenMethods, PacMetadata,
};
use rustc_data_structures::base_n::{ALPHANUMERIC_ONLY, ToBaseN};
use rustc_data_structures::fx::{FxHashMap, FxHashSet};
use rustc_middle::mir::interpret::Allocation;
Expand Down Expand Up @@ -403,7 +405,7 @@ impl<'gcc, 'tcx> MiscCodegenMethods<'tcx> for CodegenCx<'gcc, 'tcx> {
get_fn(self, instance)
}

fn get_fn_addr(&self, instance: Instance<'tcx>) -> RValue<'gcc> {
fn get_fn_addr(&self, instance: Instance<'tcx>, _pac: Option<PacMetadata>) -> RValue<'gcc> {
let func_name = self.tcx.symbol_name(instance).name;

let func = if let Some(variable) = self.get_declared_value(func_name) {
Expand Down
9 changes: 8 additions & 1 deletion compiler/rustc_codegen_llvm/src/attributes.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,10 @@ use rustc_middle::ty::{self, TyCtxt};
use rustc_session::config::{BranchProtection, FunctionReturn, OptLevel, PAuthKey, PacRet};
use rustc_span::sym;
use rustc_symbol_mangling::mangle_internal_symbol;
use rustc_target::spec::{Arch, FramePointer, SanitizerSet, StackProbeType, StackProtector};
use rustc_target::spec::{Arch, Env, FramePointer, SanitizerSet, StackProbeType, StackProtector};
use smallvec::SmallVec;

use crate::common::pauth_fn_attrs;
use crate::context::SimpleCx;
use crate::errors::{PackedStackBackchainNeedsSoftfloat, SanitizerMemtagRequiresMte};
use crate::llvm::AttributePlace::Function;
Expand Down Expand Up @@ -605,6 +606,12 @@ pub(crate) fn llfn_attrs_from_instance<'ll, 'tcx>(
}
}

if sess.target.env == Env::Pauthtest {
Copy link
Copy Markdown
Author

@jchlanda jchlanda Apr 24, 2026
edited by rustbot
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a full context I'm going to bring comments from a draft PR into this one:

@asl
Note that pauthtest in clang is an interim thing. How we can enable pauth on, say, bare-metal platform? Or on some downstream platform?

@jchlanda
While there is already code gated by Env in codegen llvm, pauthtest is an outlier, such that all its functionality is behind the environment checks. Handling it earlier in the pipeline would make for a better design, one that decouples target/triple specifics from pauth logic. Maybe Session would be a good candidate to hold that info?

Clang does just that by solving platform/environment specifics on the driver level and later on basing the logic on language flags that are there regardless of the platform. Finally the flags are resolved to a concrete signing schema.

@tgross35

Note that pauthtest in clang is an interim thing. How we can enable pauth on, say, bare-metal platform? Or on some downstream platform?

Specifically for this bit, I suggested on libc that env could be set to musl since that's what most libraries will care about, and then use the TargetOptions.cfg_abi field for pauthtest. Which means that you can cfg(target_abi = "pauthtest") regardless of whether it's musl or bare metal.

Either way, it could also be encapsulated in an .should_emit_pauth() -> bool function that can do the relevant checks in one place.

View changes since the review

Copy link
Copy Markdown
Author

@jchlanda jchlanda Apr 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've created a follow up task to unify handling of pointer authentication features.

for &ptrauth_attr in pauth_fn_attrs() {
to_add.push(llvm::CreateAttrString(cx.llcx, ptrauth_attr));
}
}

to_add.extend(target_features_attr(cx, tcx, function_features));

attributes::apply_to_llfn(llfn, Function, &to_add);
Expand Down
36 changes: 34 additions & 2 deletions compiler/rustc_codegen_llvm/src/base.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,13 @@ use rustc_middle::mono::Visibility;
use rustc_middle::ty::TyCtxt;
use rustc_session::config::{DebugInfo, Offload};
use rustc_span::Symbol;
use rustc_target::spec::SanitizerSet;
use rustc_target::spec::{Env, SanitizerSet};

use super::ModuleLlvm;
use crate::attributes;
use crate::builder::Builder;
use crate::builder::gpu_offload::OffloadGlobals;
use crate::common::pauth_fn_attrs;
use crate::context::CodegenCx;
use crate::llvm::{self, Value};

Expand Down Expand Up @@ -123,7 +124,14 @@ pub(crate) fn compile_codegen_unit(
if let Some(entry) =
maybe_create_entry_wrapper::<Builder<'_, '_, '_>>(&cx, cx.codegen_unit)
{
let attrs = attributes::sanitize_attrs(&cx, tcx, SanitizerFnAttrs::default());
let mut attrs = attributes::sanitize_attrs(&cx, tcx, SanitizerFnAttrs::default());
// When pointer authentication is enabled, ensure that the ptrauth-* attributes are
// also attached to the entry wrapper.
if cx.sess().target.env == Env::Pauthtest {
for &ptrauth_attr in pauth_fn_attrs() {
attrs.push(llvm::CreateAttrString(cx.llcx, ptrauth_attr));
}
}
attributes::apply_to_llfn(entry, llvm::AttributePlace::Function, &attrs);
}

Expand All @@ -140,6 +148,30 @@ pub(crate) fn compile_codegen_unit(
cx.add_objc_module_flags();
}

if cx.sess().target.env == Env::Pauthtest {
// FIXME(jchlanda): In LLVM/Clang, there are also `aarch64-elf-pauthabi-platform`
// and `aarch64-elf-pauthabi-version` module flags. These are emitted into the
// PAuth core info section of the resulting ELF, which the linker uses to enforce
// binary compatibility.
//
// We intentionally do not emit these flags now, since only a subset of features
// included in pauthtest ABI is currently supported. By default, the absence of
// this info is treated as compatible with any binary.
//
// Please note, that this would cause compatibility issues, specifically runtime
// crashes due to authentication failures (while compiling and linking
// successfully) when linking against binaries that support larger set of features
// (for example, signing of C++ member function pointers, virtual function
// pointers, virtual table pointers).
//
// Link to PAuth core info documentation:
// <https://github.com/ARM-software/abi-aa/blob/2025Q4/pauthabielf64/pauthabielf64.rst#core-information>
if cx.sess().opts.unstable_opts.ptrauth_elf_got {
cx.add_ptrauth_elf_got_flag();
}
cx.add_ptrauth_sign_personality_flag();
}

// Finalize code coverage by injecting the coverage map. Note, the coverage map will
// also be added to the `llvm.compiler.used` variable, created next.
if cx.sess().instrument_coverage() {
Expand Down
53 changes: 51 additions & 2 deletions compiler/rustc_codegen_llvm/src/builder.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ pub(crate) mod autodiff;
pub(crate) mod gpu_offload;

use libc::{c_char, c_uint};
use rustc_abi::{self as abi, Align, Size, WrappingRange};
use rustc_abi::{self as abi, Align, CanonAbi, Size, WrappingRange};
use rustc_codegen_ssa::MemFlags;
use rustc_codegen_ssa::common::{IntPredicate, RealPredicate, SynchronizationScope, TypeKind};
use rustc_codegen_ssa::mir::operand::{OperandRef, OperandValue};
Expand All @@ -25,7 +25,7 @@ use rustc_sanitizers::{cfi, kcfi};
use rustc_session::config::OptLevel;
use rustc_span::Span;
use rustc_target::callconv::{FnAbi, PassMode};
use rustc_target::spec::{Arch, HasTargetSpec, SanitizerSet, Target};
use rustc_target::spec::{Arch, Env, HasTargetSpec, SanitizerSet, Target};
use smallvec::SmallVec;
use tracing::{debug, instrument};

Expand Down Expand Up @@ -429,6 +429,11 @@ impl<'a, 'll, 'tcx> BuilderMethods<'a, 'tcx> for Builder<'a, 'll, 'tcx> {
bundles.push(kcfi_bundle);
}

let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
bundles.push(p);
}

let invoke = unsafe {
llvm::LLVMBuildInvokeWithOperandBundles(
self.llbuilder,
Expand Down Expand Up @@ -1402,6 +1407,11 @@ impl<'a, 'll, 'tcx> BuilderMethods<'a, 'tcx> for Builder<'a, 'll, 'tcx> {
bundles.push(kcfi_bundle);
}

let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
bundles.push(p);
}

let call = unsafe {
llvm::LLVMBuildCallWithOperandBundles(
self.llbuilder,
Expand Down Expand Up @@ -1849,6 +1859,11 @@ impl<'a, 'll, 'tcx> Builder<'a, 'll, 'tcx> {
bundles.push(kcfi_bundle);
}

let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
bundles.push(p);
}

let callbr = unsafe {
llvm::LLVMBuildCallBr(
self.llbuilder,
Expand Down Expand Up @@ -1968,6 +1983,40 @@ impl<'a, 'll, 'tcx> Builder<'a, 'll, 'tcx> {
kcfi_bundle
}

// Emits pauth operand bundle.
fn ptrauth_operand_bundle(
&mut self,
llfn: &'ll Value,
fn_abi: Option<&FnAbi<'tcx, Ty<'tcx>>>,
) -> Option<llvm::OperandBundleBox<'ll>> {
if self.sess().target.env != Env::Pauthtest {
return None;
}
// Pointer authentication support is currently limited to extern "C" calls; filter out other
// ABIs.
if fn_abi?.conv != CanonAbi::C {
return None;
}
// Filter out LLVM intrinsics.
if llvm::get_value_name(llfn).starts_with(b"llvm.") {
return None;
}

// FIXME(jchlanda) Operand bundles should only be attached to indirect function calls.
// However, function pointer signing is currently performed in `get_fn_addr`, which causes
// the logic to be applied too broadly, including to function values (not just pointers).
// As a result, direct calls using signed function values must also receive operand
// bundles.
// Once this is resolved, we should analyze each call and skip direct calls. See the
// discussion in the rust-lang issue: <https://github.com/rust-lang/rust/issues/152532>
let key: u32 = 0;
let discriminator: u64 = 0;
Some(llvm::OperandBundleBox::new(
"ptrauth",
&[self.const_u32(key), self.const_u64(discriminator)],
))
}

/// Emits a call to `llvm.instrprof.increment`. Used by coverage instrumentation.
#[instrument(level = "debug", skip(self))]
pub(crate) fn instrprof_increment(
Expand Down
91 changes: 82 additions & 9 deletions compiler/rustc_codegen_llvm/src/common.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,81 @@ use std::borrow::Borrow;

use libc::{c_char, c_uint};
use rustc_abi::Primitive::Pointer;
use rustc_abi::{self as abi, HasDataLayout as _};
use rustc_abi::{self as abi, ExternAbi, HasDataLayout as _};
use rustc_ast::Mutability;
use rustc_codegen_ssa::common::TypeKind;
use rustc_codegen_ssa::traits::*;
use rustc_data_structures::stable_hasher::{HashStable, StableHasher};
use rustc_hashes::Hash128;
use rustc_hir::def::DefKind;
use rustc_hir::def_id::DefId;
use rustc_middle::bug;
use rustc_middle::mir::interpret::{GlobalAlloc, PointerArithmetic, Scalar};
use rustc_middle::ty::TyCtxt;
use rustc_middle::ty::{Instance, TyCtxt};
use rustc_session::cstore::DllImport;
use rustc_target::spec::Env;
use tracing::debug;

use crate::consts::const_alloc_to_llvm;
use crate::consts::{IsInitOrFini, IsStatic, const_alloc_to_llvm};
pub(crate) use crate::context::CodegenCx;
use crate::context::{GenericCx, SCx};
use crate::llvm::{self, BasicBlock, ConstantInt, FALSE, TRUE, ToLlvmBool, Type, Value};
use crate::llvm::{
self, BasicBlock, ConstantInt, FALSE, TRUE, ToLlvmBool, Type, Value, const_ptr_auth,
};

#[inline]
pub(crate) fn pauth_fn_attrs() -> &'static [&'static str] {
// FIXME(jchlanda) This is not an exhaustive list of all `ptrauth`-related attributes, but only
// those currently supported. The list is expected to grow as additional functionality is
// implemented, particularly for C++ interoperability.
&[
"aarch64-jump-table-hardening",
"ptrauth-indirect-gotos",
"ptrauth-calls",
"ptrauth-returns",
"ptrauth-auth-traps",
]
}

pub(crate) fn maybe_sign_fn_ptr<'ll, 'tcx>(
cx: &CodegenCx<'ll, '_>,
instance: Instance<'tcx>,
llfn: &'ll llvm::Value,
pac: PacMetadata,
) -> &'ll llvm::Value {
if cx.sess().target.env != Env::Pauthtest {
return llfn;
}

// Only free functions or methods
let def_id = instance.def_id();
if !matches!(cx.tcx.def_kind(def_id), DefKind::Fn | DefKind::AssocFn) {
return llfn;
}
// Only C ABI
let abi = cx.tcx.fn_sig(def_id).skip_binder().abi();
if !matches!(abi, ExternAbi::C { .. }) {
return llfn;
}
// Ignore LLVM intrinsics
if llvm::get_value_name(llfn).starts_with(b"llvm.") {
return llfn;
}
if Some(def_id) == cx.tcx.lang_items().eh_personality() {
return llfn;
}

let addr_diversity = match pac.addr_diversity {
AddressDiversity::None => None,
AddressDiversity::Real => Some(llfn),
AddressDiversity::Synthetic(val) => {
let llval = cx.const_u64(val);
let llty = cx.val_ty(llfn);
Some(unsafe { llvm::LLVMConstIntToPtr(llval, llty) })
}
};
const_ptr_auth(llfn, pac.key, pac.disc, addr_diversity)
}

/*
* A note on nomenclature of linking: "extern", "foreign", and "upcall".
Expand Down Expand Up @@ -268,7 +326,13 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
})
}

fn scalar_to_backend(&self, cv: Scalar, layout: abi::Scalar, llty: &'ll Type) -> &'ll Value {
fn scalar_to_backend_with_pac(
&self,
cv: Scalar,
layout: abi::Scalar,
llty: &'ll Type,
pac: Option<PacMetadata>,
) -> &'ll Value {
let bitsize = if layout.is_bool() { 1 } else { layout.size(self).bits() };
match cv {
Scalar::Int(int) => {
Expand Down Expand Up @@ -297,8 +361,12 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
self.const_bitcast(llval, llty)
};
} else {
let init =
const_alloc_to_llvm(self, alloc.inner(), /*static*/ false);
let init = const_alloc_to_llvm(
self,
alloc.inner(),
IsStatic::No,
IsInitOrFini::No,
);
let alloc = alloc.inner();
let value = match alloc.mutability {
Mutability::Mut => self.static_addr_of_mut(init, alloc.align, None),
Expand All @@ -319,7 +387,7 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
value
}
}
GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance),
GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance, pac),
GlobalAlloc::VTable(ty, dyn_ty) => {
let alloc = self
.tcx
Expand All @@ -330,7 +398,12 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
}),
)))
.unwrap_memory();
let init = const_alloc_to_llvm(self, alloc.inner(), /*static*/ false);
let init = const_alloc_to_llvm(
self,
alloc.inner(),
IsStatic::No,
IsInitOrFini::No,
);
self.static_addr_of_impl(init, alloc.inner().align, None)
}
GlobalAlloc::Static(def_id) => {
Expand Down
Loading
Loading