Add Intel CET to getTargetInfo (#15433)

This follows PR #15415 which added Intel CET IBT support and LDC PR #4437 to add support for the new CET target in order to maintain a common interface between DMD and LDC. Later it would be useful to do the same for GDC as well.
2025-04-26 05:00:16 +03:00 · 2023-08-27 10:35:41 +02:00 · 2023-08-27 10:35:41 +02:00 · a2695d8822
commit a2695d8822
parent ce2cd4cbef
5 changed files with 34 additions and 0 deletions
--- a/changelog/dmd.intel-cet-ibt-protection.dd
+++ b/changelog/dmd.intel-cet-ibt-protection.dd
@ -0,0 +1,22 @@
+Added support for Intel CET (Control-flow Enforcement Technology) IBT (Indirect Branch Tracking) protection
+
+CET is a technology that is useful for preventing an attacker from redirecting a program's control flow,
+specifically IBT prevents an attacker from causing an indirect branch to go to an unintended place.
+
+Intel IBT expects the compiler to emit special instructions (`endbr32` and `endbr64`) which in older processors
+that do not support IBT are equivalent to `nop` instructions, consequently a program compiled with active IBT
+will be compatible on any x86 processor and the protection will be opportunistically active on supported processors.
+
+To enable Intel IBT protection in DMD you need to pass the `-fIBT` flag to the compiler, consequently the compiler
+will manage the emission of instructions for IBT by itself.
+Be careful when using inline assembly, the compiler will not automatically handle IBT inside an inline assembly.
+
+To find out within a D program whether IBT has been activated or not use the traits getTargetInfo as follows:
+
+---
+// IBT active
+static assert(__traits(getTargetInfo, "CET") == 1);  // CET == 1 if IBT is active
+
+// IBT not active
+static assert(__traits(getTargetInfo, "CET") == 0);  // CET == 0 if IBT is not active
+---
--- a/compiler/src/dmd/frontend.h
+++ b/compiler/src/dmd/frontend.h
@ -8284,6 +8284,7 @@ private:
        cppStd = 1,
        floatAbi = 2,
        objectFormat = 3,
+        CET = 4,
    };

 public:
--- a/compiler/src/dmd/target.d
+++ b/compiler/src/dmd/target.d
@ -1206,6 +1206,7 @@ extern (C++) struct Target
        cppStd,
        floatAbi,
        objectFormat,
+        CET
    }

    /**
@ -1248,6 +1249,8 @@ extern (C++) struct Target
                return stringExp("");
            case cppStd.stringof:
                return new IntegerExp(params.cplusplus);
+            case CET.stringof:
+                return new IntegerExp(driverParams.ibt);

            default:
                return null;
--- a/compiler/test/compilable/cet_disabled.d
+++ b/compiler/test/compilable/cet_disabled.d
@ -0,0 +1,3 @@
+// Test for Intel CET protection disabled
+
+static assert(__traits(getTargetInfo, "CET") == 0);
--- a/compiler/test/compilable/cet_ibt.d
+++ b/compiler/test/compilable/cet_ibt.d
@ -0,0 +1,5 @@
+// REQUIRED_ARGS: -fIBT
+
+// Test for Intel CET IBT (branch) protection
+
+static assert(__traits(getTargetInfo, "CET") == 1);