[BOLT] Gadget scanner: detect authentication oracles

Implement the detection of authentication instructions whose results can
be inspected by an attacker to know whether authentication succeeded.

As the properties of output registers of authentication instructions are
inspected, add a second set of analysis-related classes to iterate over
the instructions in reverse order.

Author: atrosinenko

bolt/include/bolt/Passes/PAuthGadgetScanner.h

@@ -261,6 +261,15 @@ class ClobberingInfo : public ExtraInfo {
   void print(raw_ostream &OS, const MCInstReference Location) const override;
 };
 
+class LeakageInfo : public ExtraInfo {
+  SmallVector<MCInstReference> LeakingInstrs;
+
+public:
+  LeakageInfo(const ArrayRef<MCInstReference> Instrs) : LeakingInstrs(Instrs) {}
+
+  void print(raw_ostream &OS, const MCInstReference Location) const override;
+};
+
 /// A brief version of a report that can be further augmented with the details.
 ///
 /// It is common for a particular type of gadget detector to be tied to some
@@ -302,6 +311,9 @@ class FunctionAnalysis {
   void findUnsafeUses(SmallVector<BriefReport<MCPhysReg>> &Reports);
   void augmentUnsafeUseReports(const ArrayRef<BriefReport<MCPhysReg>> Reports);
 
+  void findUnsafeDefs(SmallVector<BriefReport<MCPhysReg>> &Reports);
+  void augmentUnsafeDefReports(const ArrayRef<BriefReport<MCPhysReg>> Reports);
+
 public:
   FunctionAnalysis(BinaryFunction &BF, MCPlusBuilder::AllocatorIdTy AllocatorId,
                    bool PacRetGadgetsOnly)