rust-lang · jchlanda · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026 · Apr 3, 2026
diff --git a/compiler/rustc_codegen_gcc/src/common.rs b/compiler/rustc_codegen_gcc/src/common.rs
@@ -2,7 +2,8 @@ use gccjit::{LValue, RValue, ToRValue, Type};
 use rustc_abi::Primitive::Pointer;
 use rustc_abi::{self as abi, HasDataLayout};
 use rustc_codegen_ssa::traits::{
-    BaseTypeCodegenMethods, ConstCodegenMethods, MiscCodegenMethods, StaticCodegenMethods,
+    BaseTypeCodegenMethods, ConstCodegenMethods, MiscCodegenMethods, PacMetadata,
+    StaticCodegenMethods,
 };
 use rustc_middle::mir::Mutability;
 use rustc_middle::mir::interpret::{GlobalAlloc, PointerArithmetic, Scalar};
@@ -229,7 +230,13 @@ impl<'gcc, 'tcx> ConstCodegenMethods for CodegenCx<'gcc, 'tcx> {
         None
     }
 
-    fn scalar_to_backend(&self, cv: Scalar, layout: abi::Scalar, ty: Type<'gcc>) -> RValue<'gcc> {
+    fn scalar_to_backend_with_pac(
+        &self,
+        cv: Scalar,
+        layout: abi::Scalar,
+        ty: Type<'gcc>,
+        _pac: Option<PacMetadata>,
+    ) -> RValue<'gcc> {
         let bitsize = if layout.is_bool() { 1 } else { layout.size(self).bits() };
         match cv {
             Scalar::Int(int) => {
@@ -278,7 +285,7 @@ impl<'gcc, 'tcx> ConstCodegenMethods for CodegenCx<'gcc, 'tcx> {
                         }
                         value
                     }
-                    GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance),
+                    GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance, None),
                     GlobalAlloc::VTable(ty, dyn_ty) => {
                         let alloc = self
                             .tcx

diff --git a/compiler/rustc_codegen_gcc/src/context.rs b/compiler/rustc_codegen_gcc/src/context.rs
@@ -5,7 +5,9 @@ use gccjit::{Block, CType, Context, Function, FunctionType, LValue, Location, RV
 use rustc_abi::{Align, HasDataLayout, PointeeInfo, Size, TargetDataLayout, VariantIdx};
 use rustc_codegen_ssa::base::wants_msvc_seh;
 use rustc_codegen_ssa::errors as ssa_errors;
-use rustc_codegen_ssa::traits::{BackendTypes, BaseTypeCodegenMethods, MiscCodegenMethods};
+use rustc_codegen_ssa::traits::{
+    BackendTypes, BaseTypeCodegenMethods, MiscCodegenMethods, PacMetadata,
+};
 use rustc_data_structures::base_n::{ALPHANUMERIC_ONLY, ToBaseN};
 use rustc_data_structures::fx::{FxHashMap, FxHashSet};
 use rustc_middle::mir::interpret::Allocation;
@@ -398,7 +400,7 @@ impl<'gcc, 'tcx> MiscCodegenMethods<'tcx> for CodegenCx<'gcc, 'tcx> {
         get_fn(self, instance)
     }
 
-    fn get_fn_addr(&self, instance: Instance<'tcx>) -> RValue<'gcc> {
+    fn get_fn_addr(&self, instance: Instance<'tcx>, _pac: Option<PacMetadata>) -> RValue<'gcc> {
         let func_name = self.tcx.symbol_name(instance).name;
 
         let func = if let Some(variable) = self.get_declared_value(func_name) {

diff --git a/compiler/rustc_codegen_llvm/src/attributes.rs b/compiler/rustc_codegen_llvm/src/attributes.rs
@@ -9,9 +9,12 @@ use rustc_middle::ty::{self, Instance, TyCtxt};
 use rustc_session::config::{BranchProtection, FunctionReturn, OptLevel, PAuthKey, PacRet};
 use rustc_span::sym;
 use rustc_symbol_mangling::mangle_internal_symbol;
-use rustc_target::spec::{Arch, FramePointer, SanitizerSet, StackProbeType, StackProtector};
+use rustc_target::spec::{
+    Arch, FramePointer, LlvmAbi, SanitizerSet, StackProbeType, StackProtector,
+};
 use smallvec::SmallVec;
 
+use crate::common::pauth_fn_attrs;
 use crate::context::SimpleCx;
 use crate::errors::{PackedStackBackchainNeedsSoftfloat, SanitizerMemtagRequiresMte};
 use crate::llvm::AttributePlace::Function;
@@ -601,6 +604,12 @@ pub(crate) fn llfn_attrs_from_instance<'ll, 'tcx>(
         }
     }
 
+    if sess.target.llvm_abiname == LlvmAbi::Pauthtest {
+        for &ptrauth_attr in pauth_fn_attrs() {
+            to_add.push(llvm::CreateAttrString(cx.llcx, ptrauth_attr));
+        }
+    }
+
     to_add.extend(target_features_attr(cx, tcx, function_features));
 
     attributes::apply_to_llfn(llfn, Function, &to_add);

diff --git a/compiler/rustc_codegen_llvm/src/base.rs b/compiler/rustc_codegen_llvm/src/base.rs
@@ -25,12 +25,13 @@ use rustc_middle::mono::Visibility;
 use rustc_middle::ty::TyCtxt;
 use rustc_session::config::{DebugInfo, Offload};
 use rustc_span::Symbol;
-use rustc_target::spec::SanitizerSet;
+use rustc_target::spec::{LlvmAbi, SanitizerSet};
 
 use super::ModuleLlvm;
 use crate::attributes;
 use crate::builder::Builder;
 use crate::builder::gpu_offload::OffloadGlobals;
+use crate::common::pauth_fn_attrs;
 use crate::context::CodegenCx;
 use crate::llvm::{self, Value};
 
@@ -123,7 +124,18 @@ pub(crate) fn compile_codegen_unit(
             if let Some(entry) =
                 maybe_create_entry_wrapper::<Builder<'_, '_, '_>>(&cx, cx.codegen_unit)
             {
-                let attrs = attributes::sanitize_attrs(&cx, tcx, SanitizerFnAttrs::default());
+                let mut attrs = attributes::sanitize_attrs(&cx, tcx, SanitizerFnAttrs::default());
+                // When pointer authentication is enabled, ensure that the ptrauth-* attributes are
+                // also attached to the entry wrapper.
+                //
+                // FIXME(jchlanda) If it ever becomes necessary to ensure that all compiler
+                // generated functions receive the ptrauth-* attributes, `declare_fn` or
+                // `declare_raw_fn` could be used to provide those.
+                if cx.sess().target.llvm_abiname == LlvmAbi::Pauthtest {
+                    for &ptrauth_attr in pauth_fn_attrs() {
+                        attrs.push(llvm::CreateAttrString(cx.llcx, ptrauth_attr));
+                    }
+                }
                 attributes::apply_to_llfn(entry, llvm::AttributePlace::Function, &attrs);
             }
 
@@ -140,6 +152,30 @@ pub(crate) fn compile_codegen_unit(
                 cx.add_objc_module_flags();
             }
 
+            if cx.sess().target.llvm_abiname == LlvmAbi::Pauthtest {
+                // FIXME(jchlanda): In LLVM/Clang, there are also `aarch64-elf-pauthabi-platform`
+                // and `aarch64-elf-pauthabi-version` module flags. These are emitted into the
+                // PAuth core info section of the resulting ELF, which the linker uses to enforce
+                // binary compatibility.
+                //
+                // We intentionally do not emit these flags now, since only a subset of features
+                // included in clang's pauthtest is currently supported. By default, the absence of
+                // this info is treated as compatible with any binary.
+                //
+                // Please note, that this would cause compatibility issues, specifically runtime
+                // crashes due to authentication failures (while compiling and linking
+                // successfully) when linking against binaries that support larger set of features
+                // (for example, signing of C++ member function pointers, virtual function
+                // pointers, virtual table pointers).
+                //
+                // Link to PAuth core info documentation:
+                // <https://github.com/ARM-software/abi-aa/blob/2025Q4/pauthabielf64/pauthabielf64.rst#core-information>
+                if cx.sess().opts.unstable_opts.ptrauth_elf_got {
+                    cx.add_ptrauth_elf_got_flag();
+                }
+                cx.add_ptrauth_sign_personality_flag();
+            }
+
             // Finalize code coverage by injecting the coverage map. Note, the coverage map will
             // also be added to the `llvm.compiler.used` variable, created next.
             if cx.sess().instrument_coverage() {

diff --git a/compiler/rustc_codegen_llvm/src/builder.rs b/compiler/rustc_codegen_llvm/src/builder.rs
@@ -7,7 +7,7 @@ pub(crate) mod autodiff;
 pub(crate) mod gpu_offload;
 
 use libc::{c_char, c_uint};
-use rustc_abi::{self as abi, Align, Size, WrappingRange};
+use rustc_abi::{self as abi, Align, CanonAbi, Size, WrappingRange};
 use rustc_codegen_ssa::MemFlags;
 use rustc_codegen_ssa::common::{IntPredicate, RealPredicate, SynchronizationScope, TypeKind};
 use rustc_codegen_ssa::mir::operand::{OperandRef, OperandValue};
@@ -25,7 +25,7 @@ use rustc_sanitizers::{cfi, kcfi};
 use rustc_session::config::OptLevel;
 use rustc_span::Span;
 use rustc_target::callconv::{FnAbi, PassMode};
-use rustc_target::spec::{Arch, HasTargetSpec, SanitizerSet, Target};
+use rustc_target::spec::{Arch, HasTargetSpec, LlvmAbi, SanitizerSet, Target};
 use smallvec::SmallVec;
 use tracing::{debug, instrument};
 
@@ -429,6 +429,11 @@ impl<'a, 'll, 'tcx> BuilderMethods<'a, 'tcx> for Builder<'a, 'll, 'tcx> {
             bundles.push(kcfi_bundle);
         }
 
+        let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
+        if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
+            bundles.push(p);
+        }
+
         let invoke = unsafe {
             llvm::LLVMBuildInvokeWithOperandBundles(
                 self.llbuilder,
@@ -1406,6 +1411,11 @@ impl<'a, 'll, 'tcx> BuilderMethods<'a, 'tcx> for Builder<'a, 'll, 'tcx> {
             bundles.push(kcfi_bundle);
         }
 
+        let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
+        if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
+            bundles.push(p);
+        }
+
         let call = unsafe {
             llvm::LLVMBuildCallWithOperandBundles(
                 self.llbuilder,
@@ -1836,6 +1846,11 @@ impl<'a, 'll, 'tcx> Builder<'a, 'll, 'tcx> {
             bundles.push(kcfi_bundle);
         }
 
+        let pauth = self.ptrauth_operand_bundle(llfn, fn_abi);
+        if let Some(p) = pauth.as_ref().map(|b| b.as_ref()) {
+            bundles.push(p);
+        }
+
         let callbr = unsafe {
             llvm::LLVMBuildCallBr(
                 self.llbuilder,
@@ -1955,6 +1970,40 @@ impl<'a, 'll, 'tcx> Builder<'a, 'll, 'tcx> {
         kcfi_bundle
     }
 
+    // Emits pauth operand bundle.
+    fn ptrauth_operand_bundle(
+        &mut self,
+        llfn: &'ll Value,
+        fn_abi: Option<&FnAbi<'tcx, Ty<'tcx>>>,
+    ) -> Option<llvm::OperandBundleBox<'ll>> {
+        if self.sess().target.llvm_abiname != LlvmAbi::Pauthtest {
+            return None;
+        }
+        // Pointer authentication support is currently limited to extern "C" calls; filter out other
+        // ABIs.
+        if fn_abi?.conv != CanonAbi::C {
+            return None;
+        }
+        // Filter out LLVM intrinsics.
+        if llvm::get_value_name(llfn).starts_with(b"llvm.") {
+            return None;
+        }
+
+        // FIXME(jchlanda) Operand bundles should only be attached to indirect function calls.
+        // However, function pointer signing is currently performed in `get_fn_addr`, which causes
+        // the logic to be applied too broadly, including to function values (not just pointers).
+        // As a result, direct calls using signed function values must also receive operand
+        // bundles.
+        // Once this is resolved, we should analyze each call and skip direct calls. See the
+        // discussion in the rust-lang issue: <https://github.com/rust-lang/rust/issues/152532>
+        let key: u32 = 0;
+        let discriminator: u64 = 0;
+        Some(llvm::OperandBundleBox::new(
+            "ptrauth",
+            &[self.const_u32(key), self.const_u64(discriminator)],
+        ))
+    }
+
     /// Emits a call to `llvm.instrprof.increment`. Used by coverage instrumentation.
     #[instrument(level = "debug", skip(self))]
     pub(crate) fn instrprof_increment(

diff --git a/compiler/rustc_codegen_llvm/src/common.rs b/compiler/rustc_codegen_llvm/src/common.rs
@@ -4,23 +4,81 @@ use std::borrow::Borrow;
 
 use libc::{c_char, c_uint};
 use rustc_abi::Primitive::Pointer;
-use rustc_abi::{self as abi, HasDataLayout as _};
+use rustc_abi::{self as abi, ExternAbi, HasDataLayout as _};
 use rustc_ast::Mutability;
 use rustc_codegen_ssa::common::TypeKind;
 use rustc_codegen_ssa::traits::*;
 use rustc_data_structures::stable_hash::{StableHash, StableHasher};
 use rustc_hashes::Hash128;
+use rustc_hir::def::DefKind;
 use rustc_hir::def_id::DefId;
 use rustc_middle::bug;
 use rustc_middle::mir::interpret::{GlobalAlloc, PointerArithmetic, Scalar};
-use rustc_middle::ty::TyCtxt;
+use rustc_middle::ty::{Instance, TyCtxt};
 use rustc_session::cstore::DllImport;
+use rustc_target::spec::LlvmAbi;
 use tracing::debug;
 
-use crate::consts::const_alloc_to_llvm;
+use crate::consts::{IsInitOrFini, IsStatic, const_alloc_to_llvm};
 pub(crate) use crate::context::CodegenCx;
 use crate::context::{GenericCx, SCx};
-use crate::llvm::{self, BasicBlock, ConstantInt, FALSE, TRUE, ToLlvmBool, Type, Value};
+use crate::llvm::{
+    self, BasicBlock, ConstantInt, FALSE, TRUE, ToLlvmBool, Type, Value, const_ptr_auth,
+};
+
+#[inline]
+pub(crate) fn pauth_fn_attrs() -> &'static [&'static str] {
+    // FIXME(jchlanda) This is not an exhaustive list of all `ptrauth`-related attributes, but only
+    // those currently supported. The list is expected to grow as additional functionality is
+    // implemented, particularly for C++ interoperability.
+    &[
+        "aarch64-jump-table-hardening",
+        "ptrauth-indirect-gotos",
+        "ptrauth-calls",
+        "ptrauth-returns",
+        "ptrauth-auth-traps",
+    ]
+}
+
+pub(crate) fn maybe_sign_fn_ptr<'ll, 'tcx>(
+    cx: &CodegenCx<'ll, '_>,
+    instance: Instance<'tcx>,
+    llfn: &'ll llvm::Value,
+    pac: PacMetadata,
+) -> &'ll llvm::Value {
+    if cx.sess().target.llvm_abiname != LlvmAbi::Pauthtest {
+        return llfn;
+    }
+
+    // Only free functions or methods
+    let def_id = instance.def_id();
+    if !matches!(cx.tcx.def_kind(def_id), DefKind::Fn | DefKind::AssocFn) {
+        return llfn;
+    }
+    // Only C ABI
+    let abi = cx.tcx.fn_sig(def_id).skip_binder().abi();
+    if !matches!(abi, ExternAbi::C { .. } | ExternAbi::System { .. }) {
+        return llfn;
+    }
+    // Ignore LLVM intrinsics
+    if llvm::get_value_name(llfn).starts_with(b"llvm.") {
+        return llfn;
+    }
+    if Some(def_id) == cx.tcx.lang_items().eh_personality() {
+        return llfn;
+    }
+
+    let addr_diversity = match pac.addr_diversity {
+        AddressDiversity::None => None,
+        AddressDiversity::Real => Some(llfn),
+        AddressDiversity::Synthetic(val) => {
+            let llval = cx.const_u64(val);
+            let llty = cx.val_ty(llfn);
+            Some(unsafe { llvm::LLVMConstIntToPtr(llval, llty) })
+        }
+    };
+    const_ptr_auth(llfn, pac.key, pac.disc, addr_diversity)
+}
 
 /*
 * A note on nomenclature of linking: "extern", "foreign", and "upcall".
@@ -268,7 +326,13 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
         })
     }
 
-    fn scalar_to_backend(&self, cv: Scalar, layout: abi::Scalar, llty: &'ll Type) -> &'ll Value {
+    fn scalar_to_backend_with_pac(
+        &self,
+        cv: Scalar,
+        layout: abi::Scalar,
+        llty: &'ll Type,
+        pac: Option<PacMetadata>,
+    ) -> &'ll Value {
         let bitsize = if layout.is_bool() { 1 } else { layout.size(self).bits() };
         match cv {
             Scalar::Int(int) => {
@@ -297,8 +361,12 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
                                 self.const_bitcast(llval, llty)
                             };
                         } else {
-                            let init =
-                                const_alloc_to_llvm(self, alloc.inner(), /*static*/ false);
+                            let init = const_alloc_to_llvm(
+                                self,
+                                alloc.inner(),
+                                IsStatic::No,
+                                IsInitOrFini::No,
+                            );
                             let alloc = alloc.inner();
                             let value = match alloc.mutability {
                                 Mutability::Mut => self.static_addr_of_mut(init, alloc.align, None),
@@ -319,7 +387,7 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
                             value
                         }
                     }
-                    GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance),
+                    GlobalAlloc::Function { instance, .. } => self.get_fn_addr(instance, pac),
                     GlobalAlloc::VTable(ty, dyn_ty) => {
                         let alloc = self
                             .tcx
@@ -330,7 +398,12 @@ impl<'ll, 'tcx> ConstCodegenMethods for CodegenCx<'ll, 'tcx> {
                                 }),
                             )))
                             .unwrap_memory();
-                        let init = const_alloc_to_llvm(self, alloc.inner(), /*static*/ false);
+                        let init = const_alloc_to_llvm(
+                            self,
+                            alloc.inner(),
+                            IsStatic::No,
+                            IsInitOrFini::No,
+                        );
                         self.static_addr_of_impl(init, alloc.inner().align, None)
                     }
                     GlobalAlloc::Static(def_id) => {