[NFC][Clang][Aarch64] Add missing test file

The commit rL345273 by @LukeCheeseman has a missing test file,
see https://reviews.llvm.org/D51429
This patch adds the missing test file.

Patch by Luke Cheeseman

Differential revision: https://reviews.llvm.org/D54148

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@346303 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/test/Driver/aarch64-security-options.c b/test/Driver/aarch64-security-options.c
new file mode 100644 (file)
index 0000000..9ba5067
--- /dev/null
+++ b/test/Driver/aarch64-security-options.c
@@ -0,0 +1,54 @@
+// Check the -msign-return-address= option, which has a required argument to
+// select scope.
+// RUN: %clang -target aarch64--none-eabi -c %s -### -msign-return-address=none                             2>&1 | \
+// RUN: FileCheck %s --check-prefix=RA-OFF      --check-prefix=KEY-A --check-prefix=BTE-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -msign-return-address=non-leaf                         2>&1 | \
+// RUN: FileCheck %s --check-prefix=RA-NON-LEAF --check-prefix=KEY-A --check-prefix=BTE-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -msign-return-address=all                              2>&1 | \
+// RUN: FileCheck %s --check-prefix=RA-ALL      --check-prefix=KEY-A --check-prefix=BTE-OFF
+
+// Check that the -msign-return-address= option can also accept the signing key
+// to use.
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -msign-return-address=non-leaf                   2>&1 | \
+// RUN: FileCheck %s --check-prefix=RA-NON-LEAF --check-prefix=KEY-B --check-prefix=BTE-OFF
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -msign-return-address=all                        2>&1 | \
+// RUN: FileCheck %s --check-prefix=RA-ALL      --check-prefix=KEY-B --check-prefix=BTE-OFF
+
+// -mbranch-protection with standard
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mbranch-protection=standard                                2>&1 | \
+// RUN: FileCheck %s --check-prefix=RA-NON-LEAF --check-prefix=KEY-A --check-prefix=BTE-ON
+
+// If the -msign-return-address and -mbranch-protection are both used, the
+// right-most one controls return address signing.
+// RUN: %clang -target aarch64--none-eabi -c %s -### -msign-return-address=non-leaf -mbranch-protection=none     2>&1 | \
+// RUN: FileCheck %s --check-prefix=CONFLICT
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mbranch-protection=pac-ret -msign-return-address=none     2>&1 | \
+// RUN: FileCheck %s --check-prefix=CONFLICT
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -msign-return-address=foo     2>&1 | \
+// RUN: FileCheck %s --check-prefix=BAD-RA-PROTECTION
+
+// RUN: %clang -target aarch64--none-eabi -c %s -### -mbranch-protection=bar     2>&1 | \
+// RUN: FileCheck %s --check-prefix=BAD-BP-PROTECTION
+
+// RA-OFF: "-msign-return-address=none"
+// RA-NON-LEAF: "-msign-return-address=non-leaf"
+// RA-ALL: "-msign-return-address=all"
+
+// KEY-A: "-msign-return-address-key=a_key"
+
+// BTE-OFF-NOT: "-mbranch-target-enforce"
+// BTE-ON: "-mbranch-target-enforce"
+
+// CONFLICT: "-msign-return-address=none"
+
+// BAD-RA-PROTECTION: invalid branch protection option 'foo' in '-msign-return-address={{.*}}'
+// BAD-BP-PROTECTION: invalid branch protection option 'bar' in '-mbranch-protection={{.*}}'
+
+// BAD-B-KEY-COMBINATION: invalid branch protection option 'b-key' in '-mbranch-protection={{.*}}'
+// BAD-LEAF-COMBINATION: invalid branch protection option 'leaf' in '-mbranch-protection={{.*}}'