================
@@ -591,7 +591,9 @@ obscure_indirect_call_arg_nocfg:
.globl safe_lr_at_function_entry_nocfg
.type safe_lr_at_function_entry_nocfg,@function
safe_lr_at_function_entry_nocfg:
-// CHECK-NOT: safe_lr_at_function_entry_nocfg
+// Due to state being reset after a label, paciasp is reported as
+// a signing oracle - this is a known false positive, ignore it.
+// CHECK-NOT: non-protected call{{.*}}safe_lr_at_function_entry_nocfg
cbz x0, 1f
ret // LR is safe at the start of the
function
1:
----------------
kbeyls wrote:
<!--__GRAPHITE_HTML_TAG_START__--><p class='graphite__hidden'><i>[Re: lines
+594 to +600]</i></p><!--__GRAPHITE_HTML_TAG_END__-->
I'm wondering if this false positive pattern could end up appearing quite a few
times in real code, specifically in code that has been shrink-wrap optimized?
Did you run this scanner on a larger code base? How many and what kind of false
positives did you see?
<!--__GRAPHITE_HTML_TAG_START__--><p class='graphite__hidden'>See this comment
inline on <a
href="https://app.graphite.dev/github/pr/llvm/llvm-project/134146?utm_source=unchanged-line-comment";>Graphite</a>.</p><!--__GRAPHITE_HTML_TAG_END__-->
https://github.com/llvm/llvm-project/pull/134146
_______________________________________________
llvm-branch-commits mailing list
llvm-branch-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-branch-commits
