[HWASan] personality-thunk should inherit BTI/GCS/PAC flags via createWithDefaultAttr

[lubanshan]

Replace the Function::Create + manual BTI attribute logic(a76cf06) in instrumentPersonalityFunctions with Function::createWithDefaultAttr. This ensures that all module-level default attributes are automatically inherited by every __hwasan_personality_thunk.

Update personality-bti.ll to only verify that the branch protection flags are correctly propagated from module.flags into the thunk's attribute group.

[github-actions]

Thank you for submitting a Pull Request (PR) to the LLVM Project!

This PR will be automatically labeled and the relevant teams will be notified.

If you wish to, you can add reviewers by using the "Reviewers" section on this page.

If this is not working for you, it is probably because you do not have write permissions for the repository. In which case you can instead tag reviewers by name in a comment by using @ followed by their GitHub username.

If you have received no comments on your PR for a week, you can request a review by "ping"ing the PR by adding a comment “Ping”. The common courtesy "ping" rate is once a week. Please remember that you are asking for valuable time from other developers.

If you have further questions, they may be answered by the LLVM GitHub User Guide.

You can also ask questions in a comment on this PR, on the LLVM Discord or on the forums.

[llvmbot]

@llvm/pr-subscribers-compiler-rt-sanitizer

Author: None (zenshan)

Changes

Replace the Function::Create + manual BTI attribute logic(a76cf06) in instrumentPersonalityFunctions with Function::createWithDefaultAttr. This ensures that all module-level default attributes are automatically inherited by every __hwasan_personality_thunk.

Update personality-bti.ll to only verify that the branch protection flags are correctly propagated from module.flags into the thunk's attribute group.

---

Full diff: https://github.com/llvm/llvm-project/pull/139216.diff

2 Files Affected:

• (modified) llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp (+2-8)
• (modified) llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll (+15-11)

diff --git a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
index 2f7712171bab2..b78fc114d45ca 100644
--- a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
@@ -1843,16 +1843,10 @@ void HWAddressSanitizer::instrumentPersonalityFunctions() {
         Int32Ty, {Int32Ty, Int32Ty, Int64Ty, PtrTy, PtrTy}, false);
     bool IsLocal = P.first && (!isa<GlobalValue>(P.first) ||
                                cast<GlobalValue>(P.first)->hasLocalLinkage());
-    auto *ThunkFn = Function::Create(ThunkFnTy,
+    auto *ThunkFn = Function::createWithDefaultAttr(ThunkFnTy,
                                      IsLocal ? GlobalValue::InternalLinkage
                                              : GlobalValue::LinkOnceODRLinkage,
-                                     ThunkName, &M);
-    // TODO: think about other attributes as well.
-    if (any_of(P.second, [](const Function *F) {
-          return F->hasFnAttribute("branch-target-enforcement");
-        })) {
-      ThunkFn->addFnAttr("branch-target-enforcement");
-    }
+                                     /*AddrSpace=*/0, ThunkName, &M);
     if (!IsLocal) {
       ThunkFn->setVisibility(GlobalValue::HiddenVisibility);
       ThunkFn->setComdat(M.getOrInsertComdat(ThunkName));
diff --git a/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll b/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll
index 3183a184c9d0d..4f7df1de6daf9 100644
--- a/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll
+++ b/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll
@@ -1,15 +1,22 @@
+; Test that HWASan personality-thunks correctly inherit branch protection attributes from module flags.
+
 ; RUN: opt < %s -mtriple aarch64-linux-android29 -passes=hwasan -S | FileCheck %s --check-prefix=NOPERS
 ; RUN: opt < %s -mtriple aarch64-linux-android30 -passes=hwasan -S | FileCheck %s --check-prefix=PERS
 
+!llvm.module.flags = !{!0, !1, !2}
+!0 = !{i32 8, !"branch-target-enforcement", i32 1}
+!1 = !{i32 8, !"guarded-control-stack",     i32 1}
+!2 = !{i32 8, !"sign-return-address",       i32 1}
+
 ; NOPERS: define void @nostack() #{{[0-9]+}} {
 ; PERS: define void @nostack() #{{[0-9]+}} {
-define void @nostack() sanitize_hwaddress "branch-target-enforcement" {
+define void @nostack() sanitize_hwaddress {
   ret void
 }
 
 ; NOPERS: define void @stack1() #{{[0-9]+}} {
 ; PERS: personality {{.*}} @__hwasan_personality_thunk
-define void @stack1() sanitize_hwaddress "branch-target-enforcement" {
+define void @stack1() sanitize_hwaddress {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -18,7 +25,7 @@ define void @stack1() sanitize_hwaddress "branch-target-enforcement" {
 
 ; NOPERS: personality ptr @global
 ; PERS: personality {{.*}} @__hwasan_personality_thunk.global
-define void @stack2() sanitize_hwaddress "branch-target-enforcement" personality ptr @global {
+define void @stack2() sanitize_hwaddress personality ptr @global {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -32,7 +39,7 @@ define internal void @local() {
 
 ; NOPERS: personality ptr @local
 ; PERS: personality {{.*}} @__hwasan_personality_thunk.local
-define void @stack3() sanitize_hwaddress "branch-target-enforcement" personality ptr @local {
+define void @stack3() sanitize_hwaddress personality ptr @local {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -40,7 +47,7 @@ define void @stack3() sanitize_hwaddress "branch-target-enforcement" personality
 
 ; NOPERS: personality ptr @local_alias
 ; PERS: personality {{.*}} @__hwasan_personality_thunk.local_alias
-define void @stack4() sanitize_hwaddress "branch-target-enforcement" personality ptr @local_alias {
+define void @stack4() sanitize_hwaddress personality ptr @local_alias {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -48,7 +55,7 @@ define void @stack4() sanitize_hwaddress "branch-target-enforcement" personality
 
 ; NOPERS: personality ptr inttoptr (i64 1 to ptr)
 ; PERS: personality ptr @__hwasan_personality_thunk.
-define void @stack5() sanitize_hwaddress "branch-target-enforcement" personality ptr inttoptr (i64 1 to ptr) {
+define void @stack5() sanitize_hwaddress personality ptr inttoptr (i64 1 to ptr) {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -56,7 +63,7 @@ define void @stack5() sanitize_hwaddress "branch-target-enforcement" personality
 
 ; NOPERS: personality ptr inttoptr (i64 2 to ptr)
 ; PERS: personality ptr @__hwasan_personality_thunk..1
-define void @stack6() sanitize_hwaddress "branch-target-enforcement" personality ptr inttoptr (i64 2 to ptr) {
+define void @stack6() sanitize_hwaddress personality ptr inttoptr (i64 2 to ptr) {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -65,9 +72,6 @@ define void @stack6() sanitize_hwaddress "branch-target-enforcement" personality
 declare void @global()
 declare void @sink(ptr)
 
-!llvm.module.flags = !{!0}
-!0 = !{i32 8, !"branch-target-enforcement", i32 1}
-
 ; PERS: define linkonce_odr hidden i32 @__hwasan_personality_thunk(i32 %0, i32 %1, i64 %2, ptr %3, ptr %4) [[ATTRS:#[0-9]+]] comdat
 ; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, ptr %3, ptr %4, ptr null, ptr @_Unwind_GetGR, ptr @_Unwind_GetCFA)
 ; PERS: ret i32 %5
@@ -92,4 +96,4 @@ declare void @sink(ptr)
 ; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, ptr %3, ptr %4, ptr inttoptr (i64 2 to ptr), ptr @_Unwind_GetGR, ptr @_Unwind_GetCFA)
 ; PERS: ret i32 %5
 
-; PERS: {{.*}}[[ATTRS]] = {{.*}}branch-target-enforcement
+; PERS: {{.*}}[[ATTRS]] = {{.*branch-target-enforcement.*guarded-control-stack.*sign-return-address}}

[llvmbot]

@llvm/pr-subscribers-llvm-transforms

Author: None (zenshan)

Changes

Replace the Function::Create + manual BTI attribute logic(a76cf06) in instrumentPersonalityFunctions with Function::createWithDefaultAttr. This ensures that all module-level default attributes are automatically inherited by every __hwasan_personality_thunk.

Update personality-bti.ll to only verify that the branch protection flags are correctly propagated from module.flags into the thunk's attribute group.

---

Full diff: https://github.com/llvm/llvm-project/pull/139216.diff

2 Files Affected:

• (modified) llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp (+2-8)
• (modified) llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll (+15-11)

diff --git a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
index 2f7712171bab2..b78fc114d45ca 100644
--- a/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
+++ b/llvm/lib/Transforms/Instrumentation/HWAddressSanitizer.cpp
@@ -1843,16 +1843,10 @@ void HWAddressSanitizer::instrumentPersonalityFunctions() {
         Int32Ty, {Int32Ty, Int32Ty, Int64Ty, PtrTy, PtrTy}, false);
     bool IsLocal = P.first && (!isa<GlobalValue>(P.first) ||
                                cast<GlobalValue>(P.first)->hasLocalLinkage());
-    auto *ThunkFn = Function::Create(ThunkFnTy,
+    auto *ThunkFn = Function::createWithDefaultAttr(ThunkFnTy,
                                      IsLocal ? GlobalValue::InternalLinkage
                                              : GlobalValue::LinkOnceODRLinkage,
-                                     ThunkName, &M);
-    // TODO: think about other attributes as well.
-    if (any_of(P.second, [](const Function *F) {
-          return F->hasFnAttribute("branch-target-enforcement");
-        })) {
-      ThunkFn->addFnAttr("branch-target-enforcement");
-    }
+                                     /*AddrSpace=*/0, ThunkName, &M);
     if (!IsLocal) {
       ThunkFn->setVisibility(GlobalValue::HiddenVisibility);
       ThunkFn->setComdat(M.getOrInsertComdat(ThunkName));
diff --git a/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll b/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll
index 3183a184c9d0d..4f7df1de6daf9 100644
--- a/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll
+++ b/llvm/test/Instrumentation/HWAddressSanitizer/personality-bti.ll
@@ -1,15 +1,22 @@
+; Test that HWASan personality-thunks correctly inherit branch protection attributes from module flags.
+
 ; RUN: opt < %s -mtriple aarch64-linux-android29 -passes=hwasan -S | FileCheck %s --check-prefix=NOPERS
 ; RUN: opt < %s -mtriple aarch64-linux-android30 -passes=hwasan -S | FileCheck %s --check-prefix=PERS
 
+!llvm.module.flags = !{!0, !1, !2}
+!0 = !{i32 8, !"branch-target-enforcement", i32 1}
+!1 = !{i32 8, !"guarded-control-stack",     i32 1}
+!2 = !{i32 8, !"sign-return-address",       i32 1}
+
 ; NOPERS: define void @nostack() #{{[0-9]+}} {
 ; PERS: define void @nostack() #{{[0-9]+}} {
-define void @nostack() sanitize_hwaddress "branch-target-enforcement" {
+define void @nostack() sanitize_hwaddress {
   ret void
 }
 
 ; NOPERS: define void @stack1() #{{[0-9]+}} {
 ; PERS: personality {{.*}} @__hwasan_personality_thunk
-define void @stack1() sanitize_hwaddress "branch-target-enforcement" {
+define void @stack1() sanitize_hwaddress {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -18,7 +25,7 @@ define void @stack1() sanitize_hwaddress "branch-target-enforcement" {
 
 ; NOPERS: personality ptr @global
 ; PERS: personality {{.*}} @__hwasan_personality_thunk.global
-define void @stack2() sanitize_hwaddress "branch-target-enforcement" personality ptr @global {
+define void @stack2() sanitize_hwaddress personality ptr @global {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -32,7 +39,7 @@ define internal void @local() {
 
 ; NOPERS: personality ptr @local
 ; PERS: personality {{.*}} @__hwasan_personality_thunk.local
-define void @stack3() sanitize_hwaddress "branch-target-enforcement" personality ptr @local {
+define void @stack3() sanitize_hwaddress personality ptr @local {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -40,7 +47,7 @@ define void @stack3() sanitize_hwaddress "branch-target-enforcement" personality
 
 ; NOPERS: personality ptr @local_alias
 ; PERS: personality {{.*}} @__hwasan_personality_thunk.local_alias
-define void @stack4() sanitize_hwaddress "branch-target-enforcement" personality ptr @local_alias {
+define void @stack4() sanitize_hwaddress personality ptr @local_alias {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -48,7 +55,7 @@ define void @stack4() sanitize_hwaddress "branch-target-enforcement" personality
 
 ; NOPERS: personality ptr inttoptr (i64 1 to ptr)
 ; PERS: personality ptr @__hwasan_personality_thunk.
-define void @stack5() sanitize_hwaddress "branch-target-enforcement" personality ptr inttoptr (i64 1 to ptr) {
+define void @stack5() sanitize_hwaddress personality ptr inttoptr (i64 1 to ptr) {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -56,7 +63,7 @@ define void @stack5() sanitize_hwaddress "branch-target-enforcement" personality
 
 ; NOPERS: personality ptr inttoptr (i64 2 to ptr)
 ; PERS: personality ptr @__hwasan_personality_thunk..1
-define void @stack6() sanitize_hwaddress "branch-target-enforcement" personality ptr inttoptr (i64 2 to ptr) {
+define void @stack6() sanitize_hwaddress personality ptr inttoptr (i64 2 to ptr) {
   %p = alloca i8
   call void @sink(ptr %p)
   ret void
@@ -65,9 +72,6 @@ define void @stack6() sanitize_hwaddress "branch-target-enforcement" personality
 declare void @global()
 declare void @sink(ptr)
 
-!llvm.module.flags = !{!0}
-!0 = !{i32 8, !"branch-target-enforcement", i32 1}
-
 ; PERS: define linkonce_odr hidden i32 @__hwasan_personality_thunk(i32 %0, i32 %1, i64 %2, ptr %3, ptr %4) [[ATTRS:#[0-9]+]] comdat
 ; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, ptr %3, ptr %4, ptr null, ptr @_Unwind_GetGR, ptr @_Unwind_GetCFA)
 ; PERS: ret i32 %5
@@ -92,4 +96,4 @@ declare void @sink(ptr)
 ; PERS: %5 = tail call i32 @__hwasan_personality_wrapper(i32 %0, i32 %1, i64 %2, ptr %3, ptr %4, ptr inttoptr (i64 2 to ptr), ptr @_Unwind_GetGR, ptr @_Unwind_GetCFA)
 ; PERS: ret i32 %5
 
-; PERS: {{.*}}[[ATTRS]] = {{.*}}branch-target-enforcement
+; PERS: {{.*}}[[ATTRS]] = {{.*branch-target-enforcement.*guarded-control-stack.*sign-return-address}}

[lubanshan]

@pcc @fmayer please help review, thanks!

[fmayer]

Hmm I initially has this as well, but I am not sure if that's better. The Codegen looks at the function attributes, so that is what I decided to look at as well.

[pcc]

createWithDefaultAttr should only be used in special cases where no function context is available and then only before LTO because there are no default attributes during LTO. If we did want to add attributes I think they should be copied from the original function (i.e. the function with the personality attribute). This may involve reworking the code to allow the target-cpu/target-features to be treated as keys in the PersonalityFns map so we decided to go with the quick fix for now.

[lubanshan]

OK, thanks for your comments @pcc @fmayer , close this PR.