This is an archive of the discontinued LLVM Phabricator instance.

Differential D118355

Add -mmanual-endbr switch to allow manual selection of control-flow protection
Needs ReviewPublic

Authored by gftg on Jan 27 2022, 5:38 AM.

Details

Reviewers
xiangzhangllvm
pengfei
erichkeane
joaomoreira
aaron.ballman
Summary

GCC has plans [1] to add a new switch that enables finer-grained control
of the insertion of CET stuff in generated code. This patch duplicates
their implementation within LLVM, in the hope that it can also be used
by Xen maintainers.

[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102953

---8<---
With -fcf-protection=branch, clang automatically adds control-flow
protection to indirect calls and jumps. On X86, this translates to ENDBR
instructions being added to the prologues of functions.

This patch adds a new switch, '-mmanual-endbr', which tells the compiler
that, even though -fcf-protection is in use, functions should not get
the instrumentation automatically. Instead, it allows users to manually
add the new attribute, 'cf_check', to functions that require it.

When -mmanual-endbr is set, llvm refrains from automatically adding
ENDBR instructions to functions' prologues, which would have been
automatically added by -fcf-protection=branch. Although this works
correctly, missing ENDBR instructions where they are actually needed
could lead to broken binaries, which would fail only in running time.

Thus, when the backend detects that a function could be reached from an
indirect jump (e.g. when it has its address taken, or belongs to the
exported set of functions), a diagnostic warning is emitted, which
should help developers find missing occurrences of the 'cf_check'
attribute.

Depends on D118052.

Diff Detail

Event Timeline

gftg created this revision.Jan 27 2022, 5:38 AM
Herald added a reviewer: aaron.ballman. · View Herald TranscriptJan 27 2022, 5:38 AM
Herald added subscribers: ormris, dexonsmith, dang and 4 others. · View Herald Transcript
gftg requested review of this revision.Jan 27 2022, 5:38 AM
Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptJan 27 2022, 5:38 AM
Herald added subscribers: llvm-commits, cfe-commits. · View Herald Transcript
gftg added a comment.EditedJan 27 2022, 5:48 AM

This patch as-is doesn't build. Building it requires another change that I know is wrong, so I'm posting it below to ask for your help:

    [RFC] How to add more bits to the Type class?

    After reading https://reviews.llvm.org/D50630, I learned that keeping
    the size of the 'Type' class to a minimum (currently 24 bytes, where 8
    bytes are due to the various Bit Field classes) is desired. However,
    while trying to add a new function attribute (see the precious patches
    in this series), the new bit caused FunctionTypeBitfields to become 4
    bytes larger (previously 8 bytes), which becomes the larger member of
    the Bit Field union. The whole Type class increased in size to 32 bytes
    up from 24 (an 8-byte increase).

    This patch does the easy workaround of letting the size of the Type
    class grow to 32 bytes. However, I would like to know how to avoid this
    while still being able to add the new function attribute. I know it's a
    lot to ask, but could somebody teach me how to do this "the proper way"?

    Cheers,
    Gabriel

diff --git a/clang/include/clang/AST/Type.h b/clang/include/clang/AST/Type.h
index 7a00c7d2be8c..4d359d08a522 100644
--- a/clang/include/clang/AST/Type.h
+++ b/clang/include/clang/AST/Type.h
@@ -1824,7 +1824,7 @@ protected:
   Type(TypeClass tc, QualType canon, TypeDependence Dependence)
       : ExtQualsTypeCommonBase(this,
                                canon.isNull() ? QualType(this_(), 0) : canon) {
-    static_assert(sizeof(*this) <= 8 + sizeof(ExtQualsTypeCommonBase),
+    static_assert(sizeof(*this) <= 16 + sizeof(ExtQualsTypeCommonBase),
                   "changing bitfields changed sizeof(Type)!");
     static_assert(alignof(decltype(*this)) % sizeof(void *) == 0,
                   "Insufficient alignment!");

I realize that sending extra diffs here is probably not how this community works, but please bear with me while I get used to it (I'm a newcomer).

ormris removed a subscriber: ormris.Jan 27 2022, 10:02 AM
Harbormaster completed remote builds in B146003: Diff 403620.Jan 27 2022, 10:51 AM
joaomoreira mentioned this in D118438: [X86] Implement -mibt-fix-direct=<aggressive,conservative,none>.Jan 27 2022, 11:56 PM
nickdesaulniers added a subscriber: nickdesaulniers.Feb 9 2022, 9:15 AM
martong removed a subscriber: martong.May 5 2022, 2:43 AM
Herald added a project: Restricted Project. · View Herald TranscriptMay 5 2022, 2:43 AM
Herald added a subscriber: MaskRay. · View Herald Transcript
xiangzhangllvm added inline comments.May 5 2022, 6:07 PM
llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
156–161

I am a little puzzle here. Let me copy your patch description here:

>When -mmanual-endbr is set, llvm refrains from automatically adding
>ENDBR instructions to functions' prologues, which would have been
>automatically added by -fcf-protection=branch. Although this works
>correctly, missing ENDBR instructions where they are actually needed
>could lead to broken binaries, which would fail only in running time.

I think the purpose of "-mmanual-endbr" should be "Supplementary Way" for the cases which the CET can't correctly insert endbr in automatic way.
Here (in if (needsPrologueENDBR(MF, M)) ) the automatic way will insert the endbr. So I think the job for "-mmanual-endbr" should be done in parallel with the old condition. Some like:

if (ManualENDBR ){
  do something
}else { // automatic
  if (needsPrologueENDBR(MF, M)) {insert endbr}
 }
}
joaomoreira added inline comments.May 5 2022, 11:26 PM
llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
156–161

I don't think the idea of -mmanual-endbr is to have a supplementary way for corner cases where CET misses automatic placement. In my understanding the goal is to set the compiler to not emit ENDBRs unless the attribute cf_check is used, thus providing a way to manually reduce the number of valid targets.

For reference, here is a link for -mmanual-endbr on gcc, https://gcc.gnu.org/legacy-ml/gcc-patches/2018-12/msg00713.html and here are patches on xen that use the feature (and that also mention this review): https://www.mail-archive.com/xen-devel@lists.xenproject.org/msg114160.html

xiangzhangllvm added inline comments.May 6 2022, 5:43 PM
llvm/lib/Target/X86/X86IndirectBranchTracking.cpp
156–161

Thanks! Ok, for "limit number of ENDBR instructions to reduce program size" here the code logic is make sense.

dexonsmith removed a subscriber: dexonsmith.May 10 2022, 10:00 AM

Revision Contents

PathSize
clang/
include/
clang/
AST/
20 lines
7 lines
Basic/
6 lines
4 lines
4 lines
3 lines
CodeGen/
10 lines
Driver/
2 lines
lib/
AST/
16 lines
2 lines
3 lines
CodeGen/
3 lines
8 lines
Driver/
ToolChains/
2 lines
Frontend/
6 lines
Sema/
10 lines
21 lines
Serialization/
1 line
test/
CodeGen/
X86/
4 lines
7 lines
Misc/
1 line
Sema/
23 lines
23 lines
5 lines
llvm/
bindings/
go/
llvm/
1 line
docs/
1 line
7 lines
include/
llvm/
AsmParser/
1 line
Bitcode/
1 line
IR/
3 lines
4 lines
3 lines
lib/
AsmParser/
1 line
Bitcode/
Reader/
2 lines
Writer/
2 lines
Target/
X86/
2 lines
23 lines
Transforms/
Utils/
1 line
test/
CodeGen/
X86/
62 lines
71 lines

Diff 403620

clang/include/clang/AST/Type.h

Show First 20 LinesShow All 1,580 Lines▼ Show 20 Linesprotected:
class FunctionTypeBitfields { class FunctionTypeBitfields {
friend class FunctionProtoType; friend class FunctionProtoType;
friend class FunctionType; friend class FunctionType;
unsigned : NumTypeBits; unsigned : NumTypeBits;
/// Extra information which affects how the function is called, like /// Extra information which affects how the function is called, like
/// regparm and the calling convention. /// regparm and the calling convention.
unsigned ExtInfo : 13; unsigned ExtInfo : 14;
/// The ref-qualifier associated with a \c FunctionProtoType. /// The ref-qualifier associated with a \c FunctionProtoType.
/// ///
/// This is a value of type \c RefQualifierKind. /// This is a value of type \c RefQualifierKind.
unsigned RefQualifier : 2; unsigned RefQualifier : 2;
/// Used only by FunctionProtoType, put here to pack with the /// Used only by FunctionProtoType, put here to pack with the
/// other bitfields. /// other bitfields.
▲ Show 20 LinesShow All 2,059 Lines▼ Show 20 Linespublic:
// * Codegen // * Codegen
class ExtInfo { class ExtInfo {
friend class FunctionType; friend class FunctionType;
// Feel free to rearrange or add bits, but if you go over 16, you'll need to // Feel free to rearrange or add bits, but if you go over 16, you'll need to
// adjust the Bits field below, and if you add bits, you'll need to adjust // adjust the Bits field below, and if you add bits, you'll need to adjust
// Type::FunctionTypeBitfields::ExtInfo as well. // Type::FunctionTypeBitfields::ExtInfo as well.
// | CC |noreturn|produces|nocallersavedregs|regparm|nocfcheck|cmsenscall| // | CC |noreturn|produces|nocallersavedregs|regparm|nocfcheck|cfcheck|cmsenscall|
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-    // |  CC  |noreturn|produces|nocallersavedregs|regparm|nocfcheck|cfcheck|cmsenscall|
-    // |0 .. 4|   5    |    6   |       7         |8 .. 10|    11   |   12  |    13    |
+    // |  CC
+    // |noreturn|produces|nocallersavedregs|regparm|nocfcheck|cfcheck|cmsenscall|
+    // |0 .. 4|   5    |    6   |       7         |8 .. 10|    11   |   12  | 13
+    // |
Lint: Pre-merge checks: clang-format: please reformat the code ``` - // | CC…
// |0 .. 4| 5 | 6 | 7 |8 .. 10| 11 | 12 | // |0 .. 4| 5 | 6 | 7 |8 .. 10| 11 | 12 | 13 |
// //
// regparm is either 0 (no regparm attribute) or the regparm value+1. // regparm is either 0 (no regparm attribute) or the regparm value+1.
enum { CallConvMask = 0x1F }; enum { CallConvMask = 0x1F };
enum { NoReturnMask = 0x20 }; enum { NoReturnMask = 0x20 };
enum { ProducesResultMask = 0x40 }; enum { ProducesResultMask = 0x40 };
enum { NoCallerSavedRegsMask = 0x80 }; enum { NoCallerSavedRegsMask = 0x80 };
enum { enum {
RegParmMask = 0x700, RegParmMask = 0x700,
RegParmOffset = 8 RegParmOffset = 8
}; };
enum { NoCfCheckMask = 0x800 }; enum { NoCfCheckMask = 0x800 };
enum { CmseNSCallMask = 0x1000 }; enum { CfCheckMask = 0x1000 };
enum { CmseNSCallMask = 0x2000 };
uint16_t Bits = CC_C; uint16_t Bits = CC_C;
ExtInfo(unsigned Bits) : Bits(static_cast<uint16_t>(Bits)) {} ExtInfo(unsigned Bits) : Bits(static_cast<uint16_t>(Bits)) {}
public: public:
// Constructor with no defaults. Use this when you know that you // Constructor with no defaults. Use this when you know that you
// have all the elements (when reading an AST file for example). // have all the elements (when reading an AST file for example).
ExtInfo(bool noReturn, bool hasRegParm, unsigned regParm, CallingConv cc, ExtInfo(bool noReturn, bool hasRegParm, unsigned regParm, CallingConv cc,
bool producesResult, bool noCallerSavedRegs, bool NoCfCheck, bool producesResult, bool noCallerSavedRegs, bool NoCfCheck,
bool cmseNSCall) { bool CfCheck, bool cmseNSCall) {
assert((!hasRegParm || regParm < 7) && "Invalid regparm value"); assert((!hasRegParm || regParm < 7) && "Invalid regparm value");
Bits = ((unsigned)cc) | (noReturn ? NoReturnMask : 0) | Bits = ((unsigned)cc) | (noReturn ? NoReturnMask : 0) |
(producesResult ? ProducesResultMask : 0) | (producesResult ? ProducesResultMask : 0) |
(noCallerSavedRegs ? NoCallerSavedRegsMask : 0) | (noCallerSavedRegs ? NoCallerSavedRegsMask : 0) |
(hasRegParm ? ((regParm + 1) << RegParmOffset) : 0) | (hasRegParm ? ((regParm + 1) << RegParmOffset) : 0) |
(NoCfCheck ? NoCfCheckMask : 0) | (NoCfCheck ? NoCfCheckMask : 0) |
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-             (NoCfCheck ? NoCfCheckMask : 0) |
-             (CfCheck ? CfCheckMask : 0) |
+             (NoCfCheck ? NoCfCheckMask : 0) | (CfCheck ? CfCheckMask : 0) |
Lint: Pre-merge checks: clang-format: please reformat the code ``` - (NoCfCheck ? NoCfCheckMask : 0) |…
(CfCheck ? CfCheckMask : 0) |
(cmseNSCall ? CmseNSCallMask : 0); (cmseNSCall ? CmseNSCallMask : 0);
} }
// Constructor with all defaults. Use when for example creating a // Constructor with all defaults. Use when for example creating a
// function known to use defaults. // function known to use defaults.
ExtInfo() = default; ExtInfo() = default;
// Constructor with just the calling convention, which is an important part // Constructor with just the calling convention, which is an important part
// of the canonical type. // of the canonical type.
ExtInfo(CallingConv CC) : Bits(CC) {} ExtInfo(CallingConv CC) : Bits(CC) {}
bool getNoReturn() const { return Bits & NoReturnMask; } bool getNoReturn() const { return Bits & NoReturnMask; }
bool getProducesResult() const { return Bits & ProducesResultMask; } bool getProducesResult() const { return Bits & ProducesResultMask; }
bool getCmseNSCall() const { return Bits & CmseNSCallMask; } bool getCmseNSCall() const { return Bits & CmseNSCallMask; }
bool getNoCallerSavedRegs() const { return Bits & NoCallerSavedRegsMask; } bool getNoCallerSavedRegs() const { return Bits & NoCallerSavedRegsMask; }
bool getNoCfCheck() const { return Bits & NoCfCheckMask; } bool getNoCfCheck() const { return Bits & NoCfCheckMask; }
bool getCfCheck() const { return Bits & CfCheckMask; }
bool getHasRegParm() const { return ((Bits & RegParmMask) >> RegParmOffset) != 0; } bool getHasRegParm() const { return ((Bits & RegParmMask) >> RegParmOffset) != 0; }
unsigned getRegParm() const { unsigned getRegParm() const {
unsigned RegParm = (Bits & RegParmMask) >> RegParmOffset; unsigned RegParm = (Bits & RegParmMask) >> RegParmOffset;
if (RegParm > 0) if (RegParm > 0)
--RegParm; --RegParm;
return RegParm; return RegParm;
} }
Show All 40 Lines public:
ExtInfo withNoCfCheck(bool noCfCheck) const { ExtInfo withNoCfCheck(bool noCfCheck) const {
if (noCfCheck) if (noCfCheck)
return ExtInfo(Bits | NoCfCheckMask); return ExtInfo(Bits | NoCfCheckMask);
else else
return ExtInfo(Bits & ~NoCfCheckMask); return ExtInfo(Bits & ~NoCfCheckMask);
} }
ExtInfo withCfCheck(bool cfCheck) const {
if (cfCheck)
return ExtInfo(Bits | CfCheckMask);
else
return ExtInfo(Bits & ~CfCheckMask);
}
ExtInfo withRegParm(unsigned RegParm) const { ExtInfo withRegParm(unsigned RegParm) const {
assert(RegParm < 7 && "Invalid regparm value"); assert(RegParm < 7 && "Invalid regparm value");
return ExtInfo((Bits & ~RegParmMask) | return ExtInfo((Bits & ~RegParmMask) |
((RegParm + 1) << RegParmOffset)); ((RegParm + 1) << RegParmOffset));
} }
ExtInfo withCallingConv(CallingConv cc) const { ExtInfo withCallingConv(CallingConv cc) const {
return ExtInfo((Bits & ~CallConvMask) | (unsigned) cc); return ExtInfo((Bits & ~CallConvMask) | (unsigned) cc);
▲ Show 20 LinesShow All 3,518 LinesShow Last 20 Lines

clang/include/clang/AST/TypeProperties.td

Show First 20 LinesShow All 278 Lines▼ Show 20 Lines def : Property<"producesResult", Bool> {
let Read = [{ node->getExtInfo().getProducesResult() }]; let Read = [{ node->getExtInfo().getProducesResult() }];
} }
def : Property<"noCallerSavedRegs", Bool> { def : Property<"noCallerSavedRegs", Bool> {
let Read = [{ node->getExtInfo().getNoCallerSavedRegs() }]; let Read = [{ node->getExtInfo().getNoCallerSavedRegs() }];
} }
def : Property<"noCfCheck", Bool> { def : Property<"noCfCheck", Bool> {
let Read = [{ node->getExtInfo().getNoCfCheck() }]; let Read = [{ node->getExtInfo().getNoCfCheck() }];
} }
def : Property<"cfCheck", Bool> {
let Read = [{ node->getExtInfo().getCfCheck() }];
}
def : Property<"cmseNSCall", Bool> { def : Property<"cmseNSCall", Bool> {
let Read = [{ node->getExtInfo().getCmseNSCall() }]; let Read = [{ node->getExtInfo().getCmseNSCall() }];
} }
} }
let Class = FunctionNoProtoType in { let Class = FunctionNoProtoType in {
def : Creator<[{ def : Creator<[{
auto extInfo = FunctionType::ExtInfo(noReturn, hasRegParm, regParm, auto extInfo = FunctionType::ExtInfo(noReturn, hasRegParm, regParm,
callingConvention, producesResult, callingConvention, producesResult,
noCallerSavedRegs, noCfCheck, noCallerSavedRegs, noCfCheck,
cmseNSCall); cfCheck, cmseNSCall);
return ctx.getFunctionNoProtoType(returnType, extInfo); return ctx.getFunctionNoProtoType(returnType, extInfo);
}]>; }]>;
} }
let Class = FunctionProtoType in { let Class = FunctionProtoType in {
def : Property<"variadic", Bool> { def : Property<"variadic", Bool> {
let Read = [{ node->isVariadic() }]; let Read = [{ node->isVariadic() }];
} }
Show All 17 Lines let Read = [{ node->hasExtParameterInfos()
? node->getExtParameterInfos() ? node->getExtParameterInfos()
: llvm::ArrayRef<FunctionProtoType::ExtParameterInfo>() }]; : llvm::ArrayRef<FunctionProtoType::ExtParameterInfo>() }];
} }
def : Creator<[{ def : Creator<[{
auto extInfo = FunctionType::ExtInfo(noReturn, hasRegParm, regParm, auto extInfo = FunctionType::ExtInfo(noReturn, hasRegParm, regParm,
callingConvention, producesResult, callingConvention, producesResult,
noCallerSavedRegs, noCfCheck, noCallerSavedRegs, noCfCheck,
cmseNSCall); cfCheck, cmseNSCall);
FunctionProtoType::ExtProtoInfo epi; FunctionProtoType::ExtProtoInfo epi;
epi.ExtInfo = extInfo; epi.ExtInfo = extInfo;
epi.Variadic = variadic; epi.Variadic = variadic;
epi.HasTrailingReturn = trailingReturn; epi.HasTrailingReturn = trailingReturn;
epi.TypeQuals = methodQualifiers; epi.TypeQuals = methodQualifiers;
epi.RefQualifier = refQualifier; epi.RefQualifier = refQualifier;
epi.ExceptionSpec = exceptionSpecifier; epi.ExceptionSpec = exceptionSpecifier;
epi.ExtParameterInfos = epi.ExtParameterInfos =
▲ Show 20 LinesShow All 582 LinesShow Last 20 Lines

clang/include/clang/Basic/Attr.td

Show First 20 LinesShow All 2,950 Lines▼ Show 20 Lines
} }
def AnyX86NoCfCheck : DeclOrTypeAttr, TargetSpecificAttr<TargetAnyX86>{ def AnyX86NoCfCheck : DeclOrTypeAttr, TargetSpecificAttr<TargetAnyX86>{
let Spellings = [GCC<"nocf_check">]; let Spellings = [GCC<"nocf_check">];
let Subjects = SubjectList<[FunctionLike]>; let Subjects = SubjectList<[FunctionLike]>;
let Documentation = [AnyX86NoCfCheckDocs]; let Documentation = [AnyX86NoCfCheckDocs];
} }
def AnyX86CfCheck : DeclOrTypeAttr, TargetSpecificAttr<TargetAnyX86>{
let Spellings = [GCC<"cf_check">];
let Subjects = SubjectList<[FunctionLike]>;
let Documentation = [AnyX86NoCfCheckDocs];
}
def X86ForceAlignArgPointer : InheritableAttr, TargetSpecificAttr<TargetAnyX86> { def X86ForceAlignArgPointer : InheritableAttr, TargetSpecificAttr<TargetAnyX86> {
let Spellings = [GCC<"force_align_arg_pointer">]; let Spellings = [GCC<"force_align_arg_pointer">];
// Technically, this appertains to a FunctionDecl, but the target-specific // Technically, this appertains to a FunctionDecl, but the target-specific
// code silently allows anything function-like (such as typedefs or function // code silently allows anything function-like (such as typedefs or function
// pointers), but does not apply the attribute to them. // pointers), but does not apply the attribute to them.
let Documentation = [X86ForceAlignArgPointerDocs]; let Documentation = [X86ForceAlignArgPointerDocs];
} }
▲ Show 20 LinesShow All 950 LinesShow Last 20 Lines

clang/include/clang/Basic/AttrDocs.td

Show First 20 LinesShow All 4,593 Lines▼ Show 20 Lines
X86 Supports Indirect Branch Tracking (IBT) as part of Control-Flow X86 Supports Indirect Branch Tracking (IBT) as part of Control-Flow
Enforcement Technology (CET). IBT instruments ENDBR instructions used to Enforcement Technology (CET). IBT instruments ENDBR instructions used to
specify valid targets of indirect call / jmp. specify valid targets of indirect call / jmp.
The ``nocf_check`` attribute has two roles: The ``nocf_check`` attribute has two roles:
1. Appertains to a function - do not add ENDBR instruction at the beginning of 1. Appertains to a function - do not add ENDBR instruction at the beginning of
the function. the function.
2. Appertains to a function pointer - do not track the target function of this 2. Appertains to a function pointer - do not track the target function of this
pointer (by adding nocf_check prefix to the indirect-call instruction). pointer (by adding nocf_check prefix to the indirect-call instruction).
Conversely, when ``-mmannual-endbr`` is in effect, clang will refrain from
adding ENDBR instructions at the beginnings of functions; instead, users can
manually select which functions get the instruction with the use of the
``cf_check`` attribute.
}]; }];
} }
def SwiftCallDocs : Documentation { def SwiftCallDocs : Documentation {
let Category = DocCatVariable; let Category = DocCatVariable;
let Content = [{ let Content = [{
The ``swiftcall`` attribute indicates that a function should be called The ``swiftcall`` attribute indicates that a function should be called
using the Swift calling convention for a function or function pointer. using the Swift calling convention for a function or function pointer.
▲ Show 20 LinesShow All 1,656 LinesShow Last 20 Lines

clang/include/clang/Basic/CodeGenOptions.def

Show First 20 LinesShow All 102 Lines▼ Show 20 LinesCODEGENOPT(InstrumentFunctionsAfterInlining , 1, 0) ///< Set when
///< -finstrument-functions-after-inlining is enabled. ///< -finstrument-functions-after-inlining is enabled.
CODEGENOPT(InstrumentFunctionEntryBare , 1, 0) ///< Set when CODEGENOPT(InstrumentFunctionEntryBare , 1, 0) ///< Set when
///< -finstrument-function-entry-bare is enabled. ///< -finstrument-function-entry-bare is enabled.
CODEGENOPT(CFProtectionReturn , 1, 0) ///< if -fcf-protection is CODEGENOPT(CFProtectionReturn , 1, 0) ///< if -fcf-protection is
///< set to full or return. ///< set to full or return.
CODEGENOPT(CFProtectionBranch , 1, 0) ///< if -fcf-protection is CODEGENOPT(CFProtectionBranch , 1, 0) ///< if -fcf-protection is
///< set to full or branch. ///< set to full or branch.
CODEGENOPT(IBTSeal, 1, 0) ///< set to optimize CFProtectionBranch. CODEGENOPT(IBTSeal, 1, 0) ///< set to optimize CFProtectionBranch.
CODEGENOPT(ManualENDBR , 1, 0) ///< if -mmanual-endbr is set, which tells the
///< compiler not to add ENDBR instructions to
///< functions prologues automatically.
CODEGENOPT(XRayInstrumentFunctions , 1, 0) ///< Set when -fxray-instrument is CODEGENOPT(XRayInstrumentFunctions , 1, 0) ///< Set when -fxray-instrument is
///< enabled. ///< enabled.
CODEGENOPT(StackSizeSection , 1, 0) ///< Set when -fstack-size-section is enabled. CODEGENOPT(StackSizeSection , 1, 0) ///< Set when -fstack-size-section is enabled.
CODEGENOPT(ForceDwarfFrameSection , 1, 0) ///< Set when -fforce-dwarf-frame is CODEGENOPT(ForceDwarfFrameSection , 1, 0) ///< Set when -fforce-dwarf-frame is
///< enabled. ///< enabled.
///< Set when -fxray-always-emit-customevents is enabled. ///< Set when -fxray-always-emit-customevents is enabled.
CODEGENOPT(XRayAlwaysEmitCustomEvents , 1, 0) CODEGENOPT(XRayAlwaysEmitCustomEvents , 1, 0)
▲ Show 20 LinesShow All 350 LinesShow Last 20 Lines

clang/include/clang/Basic/DiagnosticSemaKinds.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 3,317 Lines▼ Show 20 Linesdef warn_attribute_ignored_on_non_definition :
Warning<"%0 attribute ignored on a non-definition declaration">, Warning<"%0 attribute ignored on a non-definition declaration">,
InGroup<IgnoredAttributes>; InGroup<IgnoredAttributes>;
def warn_attribute_ignored_on_inline : def warn_attribute_ignored_on_inline :
Warning<"%0 attribute ignored on inline function">, Warning<"%0 attribute ignored on inline function">,
InGroup<IgnoredAttributes>; InGroup<IgnoredAttributes>;
def warn_nocf_check_attribute_ignored : def warn_nocf_check_attribute_ignored :
Warning<"'nocf_check' attribute ignored; use -fcf-protection to enable the attribute">, Warning<"'nocf_check' attribute ignored; use -fcf-protection to enable the attribute">,
InGroup<IgnoredAttributes>; InGroup<IgnoredAttributes>;
def warn_cf_check_attribute_ignored :
Warning<"'cf_check' attribute ignored; use -fcf-protection to enable the attribute">,
InGroup<IgnoredAttributes>;
def warn_attribute_after_definition_ignored : Warning< def warn_attribute_after_definition_ignored : Warning<
"attribute %0 after definition is ignored">, "attribute %0 after definition is ignored">,
InGroup<IgnoredAttributes>; InGroup<IgnoredAttributes>;
def warn_attributes_likelihood_ifstmt_conflict def warn_attributes_likelihood_ifstmt_conflict
: Warning<"conflicting attributes %0 are ignored">, : Warning<"conflicting attributes %0 are ignored">,
InGroup<IgnoredAttributes>; InGroup<IgnoredAttributes>;
def warn_cxx11_gnu_attribute_on_type : Warning< def warn_cxx11_gnu_attribute_on_type : Warning<
"attribute %0 ignored, because it cannot be applied to a type">, "attribute %0 ignored, because it cannot be applied to a type">,
▲ Show 20 LinesShow All 8,147 LinesShow Last 20 Lines

clang/include/clang/CodeGen/CGFunctionInfo.h

Show First 20 LinesShow All 580 Lines▼ Show 20 Linesclass CGFunctionInfo final
/// How many arguments to pass inreg. /// How many arguments to pass inreg.
unsigned HasRegParm : 1; unsigned HasRegParm : 1;
unsigned RegParm : 3; unsigned RegParm : 3;
/// Whether this function has nocf_check attribute. /// Whether this function has nocf_check attribute.
unsigned NoCfCheck : 1; unsigned NoCfCheck : 1;
/// Whether this function has cf_check attribute.
unsigned CfCheck : 1;
RequiredArgs Required; RequiredArgs Required;
/// The struct representing all arguments passed in memory. Only used when /// The struct representing all arguments passed in memory. Only used when
/// passing non-trivial types with inalloca. Not part of the profile. /// passing non-trivial types with inalloca. Not part of the profile.
llvm::StructType *ArgStruct; llvm::StructType *ArgStruct;
unsigned ArgStructAlign : 31; unsigned ArgStructAlign : 31;
unsigned HasExtParameterInfos : 1; unsigned HasExtParameterInfos : 1;
▲ Show 20 LinesShow All 72 Lines▼ Show 20 Linespublic:
bool isReturnsRetained() const { return ReturnsRetained; } bool isReturnsRetained() const { return ReturnsRetained; }
/// Whether this function no longer saves caller registers. /// Whether this function no longer saves caller registers.
bool isNoCallerSavedRegs() const { return NoCallerSavedRegs; } bool isNoCallerSavedRegs() const { return NoCallerSavedRegs; }
/// Whether this function has nocf_check attribute. /// Whether this function has nocf_check attribute.
bool isNoCfCheck() const { return NoCfCheck; } bool isNoCfCheck() const { return NoCfCheck; }
/// Whether this function has cf_check attribute.
bool isCfCheck() const { return CfCheck; }
/// getASTCallingConvention() - Return the AST-specified calling /// getASTCallingConvention() - Return the AST-specified calling
/// convention. /// convention.
CallingConv getASTCallingConvention() const { CallingConv getASTCallingConvention() const {
return CallingConv(ASTCallingConvention); return CallingConv(ASTCallingConvention);
} }
/// getCallingConvention - Return the user specified calling /// getCallingConvention - Return the user specified calling
/// convention, which has been translated into an LLVM CC. /// convention, which has been translated into an LLVM CC.
Show All 10 Linespublic:
bool getHasRegParm() const { return HasRegParm; } bool getHasRegParm() const { return HasRegParm; }
unsigned getRegParm() const { return RegParm; } unsigned getRegParm() const { return RegParm; }
FunctionType::ExtInfo getExtInfo() const { FunctionType::ExtInfo getExtInfo() const {
return FunctionType::ExtInfo(isNoReturn(), getHasRegParm(), getRegParm(), return FunctionType::ExtInfo(isNoReturn(), getHasRegParm(), getRegParm(),
getASTCallingConvention(), isReturnsRetained(), getASTCallingConvention(), isReturnsRetained(),
isNoCallerSavedRegs(), isNoCfCheck(), isNoCallerSavedRegs(), isNoCfCheck(),
isCmseNSCall()); isCfCheck(), isCmseNSCall());
} }
CanQualType getReturnType() const { return getArgsBuffer()[0].type; } CanQualType getReturnType() const { return getArgsBuffer()[0].type; }
ABIArgInfo &getReturnInfo() { return getArgsBuffer()[0].info; } ABIArgInfo &getReturnInfo() { return getArgsBuffer()[0].info; }
const ABIArgInfo &getReturnInfo() const { return getArgsBuffer()[0].info; } const ABIArgInfo &getReturnInfo() const { return getArgsBuffer()[0].info; }
ArrayRef<ExtParameterInfo> getExtParameterInfos() const { ArrayRef<ExtParameterInfo> getExtParameterInfos() const {
Show All 24 Lines void Profile(llvm::FoldingSetNodeID &ID) {
ID.AddBoolean(InstanceMethod); ID.AddBoolean(InstanceMethod);
ID.AddBoolean(ChainCall); ID.AddBoolean(ChainCall);
ID.AddBoolean(NoReturn); ID.AddBoolean(NoReturn);
ID.AddBoolean(ReturnsRetained); ID.AddBoolean(ReturnsRetained);
ID.AddBoolean(NoCallerSavedRegs); ID.AddBoolean(NoCallerSavedRegs);
ID.AddBoolean(HasRegParm); ID.AddBoolean(HasRegParm);
ID.AddInteger(RegParm); ID.AddInteger(RegParm);
ID.AddBoolean(NoCfCheck); ID.AddBoolean(NoCfCheck);
ID.AddBoolean(CfCheck);
ID.AddBoolean(CmseNSCall); ID.AddBoolean(CmseNSCall);
ID.AddInteger(Required.getOpaqueData()); ID.AddInteger(Required.getOpaqueData());
ID.AddBoolean(HasExtParameterInfos); ID.AddBoolean(HasExtParameterInfos);
if (HasExtParameterInfos) { if (HasExtParameterInfos) {
for (auto paramInfo : getExtParameterInfos()) for (auto paramInfo : getExtParameterInfos())
ID.AddInteger(paramInfo.getOpaqueValue()); ID.AddInteger(paramInfo.getOpaqueValue());
} }
getReturnType().Profile(ID); getReturnType().Profile(ID);
Show All 12 Lines static void Profile(llvm::FoldingSetNodeID &ID,
ID.AddBoolean(InstanceMethod); ID.AddBoolean(InstanceMethod);
ID.AddBoolean(ChainCall); ID.AddBoolean(ChainCall);
ID.AddBoolean(info.getNoReturn()); ID.AddBoolean(info.getNoReturn());
ID.AddBoolean(info.getProducesResult()); ID.AddBoolean(info.getProducesResult());
ID.AddBoolean(info.getNoCallerSavedRegs()); ID.AddBoolean(info.getNoCallerSavedRegs());
ID.AddBoolean(info.getHasRegParm()); ID.AddBoolean(info.getHasRegParm());
ID.AddInteger(info.getRegParm()); ID.AddInteger(info.getRegParm());
ID.AddBoolean(info.getNoCfCheck()); ID.AddBoolean(info.getNoCfCheck());
ID.AddBoolean(info.getCfCheck());
ID.AddBoolean(info.getCmseNSCall()); ID.AddBoolean(info.getCmseNSCall());
ID.AddInteger(required.getOpaqueData()); ID.AddInteger(required.getOpaqueData());
ID.AddBoolean(!paramInfos.empty()); ID.AddBoolean(!paramInfos.empty());
if (!paramInfos.empty()) { if (!paramInfos.empty()) {
for (auto paramInfo : paramInfos) for (auto paramInfo : paramInfos)
ID.AddInteger(paramInfo.getOpaqueValue()); ID.AddInteger(paramInfo.getOpaqueValue());
} }
resultType.Profile(ID); resultType.Profile(ID);
Show All 11 Lines

clang/include/clang/Driver/Options.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,925 Lines▼ Show 20 Linesdef finstrument_function_entry_bare : Flag<["-"], "finstrument-function-entry-bare">, Group<f_Group>, Flags<[CC1Option]>,
MarshallingInfoFlag<CodeGenOpts<"InstrumentFunctionEntryBare">>; MarshallingInfoFlag<CodeGenOpts<"InstrumentFunctionEntryBare">>;
def fcf_protection_EQ : Joined<["-"], "fcf-protection=">, Flags<[CoreOption, CC1Option]>, Group<f_Group>, def fcf_protection_EQ : Joined<["-"], "fcf-protection=">, Flags<[CoreOption, CC1Option]>, Group<f_Group>,
HelpText<"Instrument control-flow architecture protection. Options: return, branch, full, none.">, Values<"return,branch,full,none">; HelpText<"Instrument control-flow architecture protection. Options: return, branch, full, none.">, Values<"return,branch,full,none">;
def fcf_protection : Flag<["-"], "fcf-protection">, Group<f_Group>, Flags<[CoreOption, CC1Option]>, def fcf_protection : Flag<["-"], "fcf-protection">, Group<f_Group>, Flags<[CoreOption, CC1Option]>,
Alias<fcf_protection_EQ>, AliasArgs<["full"]>, Alias<fcf_protection_EQ>, AliasArgs<["full"]>,
HelpText<"Enable cf-protection in 'full' mode">; HelpText<"Enable cf-protection in 'full' mode">;
def mibt_seal : Flag<["-"], "mibt-seal">, Group<m_Group>, Flags<[CoreOption, CC1Option]>, def mibt_seal : Flag<["-"], "mibt-seal">, Group<m_Group>, Flags<[CoreOption, CC1Option]>,
HelpText<"Optimize fcf-protection=branch/full (requires LTO).">; HelpText<"Optimize fcf-protection=branch/full (requires LTO).">;
def mmanual_endbr : Flag<["-"], "mmanual-endbr">, Group<m_Group>, Flags<[CoreOption, CC1Option]>,
HelpText<"Used with -fcf-protection, but tells the compiler to refrain from automatically adding ENDBR instructions to function prologues">;
defm xray_instrument : BoolFOption<"xray-instrument", defm xray_instrument : BoolFOption<"xray-instrument",
LangOpts<"XRayInstrument">, DefaultFalse, LangOpts<"XRayInstrument">, DefaultFalse,
PosFlag<SetTrue, [CC1Option], "Generate XRay instrumentation sleds on function entry and exit">, PosFlag<SetTrue, [CC1Option], "Generate XRay instrumentation sleds on function entry and exit">,
NegFlag<SetFalse>>; NegFlag<SetFalse>>;
def fxray_instruction_threshold_EQ : def fxray_instruction_threshold_EQ :
JoinedOrSeparate<["-"], "fxray-instruction-threshold=">, JoinedOrSeparate<["-"], "fxray-instruction-threshold=">,
▲ Show 20 LinesShow All 4,579 LinesShow Last 20 Lines

clang/lib/AST/ASTContext.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 9,664 Lines▼ Show 20 Lines if (lbaseInfo.getHasRegParm() != rbaseInfo.getHasRegParm())
return {}; return {};
if (lbaseInfo.getRegParm() != rbaseInfo.getRegParm()) if (lbaseInfo.getRegParm() != rbaseInfo.getRegParm())
return {}; return {};
if (lbaseInfo.getProducesResult() != rbaseInfo.getProducesResult()) if (lbaseInfo.getProducesResult() != rbaseInfo.getProducesResult())
return {}; return {};
if (lbaseInfo.getNoCallerSavedRegs() != rbaseInfo.getNoCallerSavedRegs()) if (lbaseInfo.getNoCallerSavedRegs() != rbaseInfo.getNoCallerSavedRegs())
return {}; return {};
// The following checks generate incompatible function pointer type
// warning when functions have cf_check/nocf_check attributes and get
// assigned to function pointers without them or vice-versa.
// For instance:
//
// int __attribute__((cf_check)) foo(void) { return 0 };
// int (*fooptr)(void) = &foo;
//
// produces:
//
// warning: incompatible function pointer types initializing 'int (*)(void)'
// with an expression of type 'int (*)(void) __attribute__((cf_check))'
// [-Wincompatible-function-pointer-types]
if (lbaseInfo.getNoCfCheck() != rbaseInfo.getNoCfCheck()) if (lbaseInfo.getNoCfCheck() != rbaseInfo.getNoCfCheck())
return {}; return {};
if (lbaseInfo.getCfCheck() != rbaseInfo.getCfCheck())
return {};
// FIXME: some uses, e.g. conditional exprs, really want this to be 'both'. // FIXME: some uses, e.g. conditional exprs, really want this to be 'both'.
bool NoReturn = lbaseInfo.getNoReturn() || rbaseInfo.getNoReturn(); bool NoReturn = lbaseInfo.getNoReturn() || rbaseInfo.getNoReturn();
if (lbaseInfo.getNoReturn() != NoReturn) if (lbaseInfo.getNoReturn() != NoReturn)
allLTypes = false; allLTypes = false;
if (rbaseInfo.getNoReturn() != NoReturn) if (rbaseInfo.getNoReturn() != NoReturn)
allRTypes = false; allRTypes = false;
▲ Show 20 LinesShow All 2,222 LinesShow Last 20 Lines

clang/lib/AST/ASTStructuralEquivalence.cpp

Show First 20 LinesShow All 613 Lines▼ Show 20 Lines if (EI1.getRegParm() != EI2.getRegParm())
return false; return false;
if (EI1.getProducesResult() != EI2.getProducesResult()) if (EI1.getProducesResult() != EI2.getProducesResult())
return false; return false;
if (EI1.getNoCallerSavedRegs() != EI2.getNoCallerSavedRegs()) if (EI1.getNoCallerSavedRegs() != EI2.getNoCallerSavedRegs())
return false; return false;
if (EI1.getNoCfCheck() != EI2.getNoCfCheck()) if (EI1.getNoCfCheck() != EI2.getNoCfCheck())
return false; return false;
if (EI1.getCfCheck() != EI2.getCfCheck())
return false;
return true; return true;
} }
/// Check the equivalence of exception specifications. /// Check the equivalence of exception specifications.
static bool IsEquivalentExceptionSpec(StructuralEquivalenceContext &Context, static bool IsEquivalentExceptionSpec(StructuralEquivalenceContext &Context,
const FunctionProtoType *Proto1, const FunctionProtoType *Proto1,
const FunctionProtoType *Proto2) { const FunctionProtoType *Proto2) {
▲ Show 20 LinesShow All 1,526 LinesShow Last 20 Lines

clang/lib/AST/TypePrinter.cpp

Show First 20 LinesShow All 997 Lines▼ Show 20 Lines if (Info.getProducesResult())
OS << " __attribute__((ns_returns_retained))"; OS << " __attribute__((ns_returns_retained))";
if (Info.getRegParm()) if (Info.getRegParm())
OS << " __attribute__((regparm (" OS << " __attribute__((regparm ("
<< Info.getRegParm() << ")))"; << Info.getRegParm() << ")))";
if (Info.getNoCallerSavedRegs()) if (Info.getNoCallerSavedRegs())
OS << " __attribute__((no_caller_saved_registers))"; OS << " __attribute__((no_caller_saved_registers))";
if (Info.getNoCfCheck()) if (Info.getNoCfCheck())
OS << " __attribute__((nocf_check))"; OS << " __attribute__((nocf_check))";
if (Info.getCfCheck())
OS << " __attribute__((cf_check))";
} }
void TypePrinter::printFunctionNoProtoBefore(const FunctionNoProtoType *T, void TypePrinter::printFunctionNoProtoBefore(const FunctionNoProtoType *T,
raw_ostream &OS) { raw_ostream &OS) {
// If needed for precedence reasons, wrap the inner part in grouping parens. // If needed for precedence reasons, wrap the inner part in grouping parens.
SaveAndRestore<bool> PrevPHIsEmpty(HasEmptyPlaceHolder, false); SaveAndRestore<bool> PrevPHIsEmpty(HasEmptyPlaceHolder, false);
printBefore(T->getReturnType(), OS); printBefore(T->getReturnType(), OS);
if (!PrevPHIsEmpty.get()) if (!PrevPHIsEmpty.get())
▲ Show 20 LinesShow All 705 Lines▼ Show 20 Lines#include "clang/Basic/AttrList.inc"
case attr::NSReturnsRetained: case attr::NSReturnsRetained:
OS << "ns_returns_retained"; OS << "ns_returns_retained";
break; break;
// FIXME: When Sema learns to form this AttributedType, avoid printing the // FIXME: When Sema learns to form this AttributedType, avoid printing the
// attribute again in printFunctionProtoAfter. // attribute again in printFunctionProtoAfter.
case attr::AnyX86NoCfCheck: OS << "nocf_check"; break; case attr::AnyX86NoCfCheck: OS << "nocf_check"; break;
case attr::AnyX86CfCheck: OS << "cf_check"; break;
Lint: Pre-merge checks
Inline Actions

clang-format: please reformat the code

-  case attr::AnyX86CfCheck: OS << "cf_check"; break;
+  case attr::AnyX86CfCheck:
+    OS << "cf_check";
+    break;
Lint: Pre-merge checks: clang-format: please reformat the code ``` - case attr::AnyX86CfCheck: OS << "cf_check"; break…
case attr::CDecl: OS << "cdecl"; break; case attr::CDecl: OS << "cdecl"; break;
case attr::FastCall: OS << "fastcall"; break; case attr::FastCall: OS << "fastcall"; break;
case attr::StdCall: OS << "stdcall"; break; case attr::StdCall: OS << "stdcall"; break;
case attr::ThisCall: OS << "thiscall"; break; case attr::ThisCall: OS << "thiscall"; break;
case attr::SwiftCall: OS << "swiftcall"; break; case attr::SwiftCall: OS << "swiftcall"; break;
case attr::SwiftAsyncCall: OS << "swiftasynccall"; break; case attr::SwiftAsyncCall: OS << "swiftasynccall"; break;
case attr::VectorCall: OS << "vectorcall"; break; case attr::VectorCall: OS << "vectorcall"; break;
case attr::Pascal: OS << "pascal"; break; case attr::Pascal: OS << "pascal"; break;
▲ Show 20 LinesShow All 563 LinesShow Last 20 Lines

clang/lib/CodeGen/CGCall.cpp

Show First 20 LinesShow All 818 Lines▼ Show 20 LinesCGFunctionInfo *CGFunctionInfo::create(unsigned llvmCC,
FI->ASTCallingConvention = info.getCC(); FI->ASTCallingConvention = info.getCC();
FI->InstanceMethod = instanceMethod; FI->InstanceMethod = instanceMethod;
FI->ChainCall = chainCall; FI->ChainCall = chainCall;
FI->CmseNSCall = info.getCmseNSCall(); FI->CmseNSCall = info.getCmseNSCall();
FI->NoReturn = info.getNoReturn(); FI->NoReturn = info.getNoReturn();
FI->ReturnsRetained = info.getProducesResult(); FI->ReturnsRetained = info.getProducesResult();
FI->NoCallerSavedRegs = info.getNoCallerSavedRegs(); FI->NoCallerSavedRegs = info.getNoCallerSavedRegs();
FI->NoCfCheck = info.getNoCfCheck(); FI->NoCfCheck = info.getNoCfCheck();
FI->CfCheck = info.getCfCheck();
FI->Required = required; FI->Required = required;
FI->HasRegParm = info.getHasRegParm(); FI->HasRegParm = info.getHasRegParm();
FI->RegParm = info.getRegParm(); FI->RegParm = info.getRegParm();
FI->ArgStruct = nullptr; FI->ArgStruct = nullptr;
FI->ArgStructAlign = 0; FI->ArgStructAlign = 0;
FI->NumArgs = argTypes.size(); FI->NumArgs = argTypes.size();
FI->HasExtParameterInfos = !paramInfos.empty(); FI->HasExtParameterInfos = !paramInfos.empty();
FI->getArgsBuffer()[0].type = resultType; FI->getArgsBuffer()[0].type = resultType;
▲ Show 20 LinesShow All 1,268 Lines▼ Show 20 Lines if (TargetDecl->hasAttr<RestrictAttr>())
RetAttrs.addAttribute(llvm::Attribute::NoAlias); RetAttrs.addAttribute(llvm::Attribute::NoAlias);
if (TargetDecl->hasAttr<ReturnsNonNullAttr>() && if (TargetDecl->hasAttr<ReturnsNonNullAttr>() &&
!CodeGenOpts.NullPointerIsValid) !CodeGenOpts.NullPointerIsValid)
RetAttrs.addAttribute(llvm::Attribute::NonNull); RetAttrs.addAttribute(llvm::Attribute::NonNull);
if (TargetDecl->hasAttr<AnyX86NoCallerSavedRegistersAttr>()) if (TargetDecl->hasAttr<AnyX86NoCallerSavedRegistersAttr>())
FuncAttrs.addAttribute("no_caller_saved_registers"); FuncAttrs.addAttribute("no_caller_saved_registers");
if (TargetDecl->hasAttr<AnyX86NoCfCheckAttr>()) if (TargetDecl->hasAttr<AnyX86NoCfCheckAttr>())
FuncAttrs.addAttribute(llvm::Attribute::NoCfCheck); FuncAttrs.addAttribute(llvm::Attribute::NoCfCheck);
if (TargetDecl->hasAttr<AnyX86CfCheckAttr>())
FuncAttrs.addAttribute(llvm::Attribute::CfCheck);
if (TargetDecl->hasAttr<LeafAttr>()) if (TargetDecl->hasAttr<LeafAttr>())
FuncAttrs.addAttribute(llvm::Attribute::NoCallback); FuncAttrs.addAttribute(llvm::Attribute::NoCallback);
HasOptnone = TargetDecl->hasAttr<OptimizeNoneAttr>(); HasOptnone = TargetDecl->hasAttr<OptimizeNoneAttr>();
if (auto *AllocSize = TargetDecl->getAttr<AllocSizeAttr>()) { if (auto *AllocSize = TargetDecl->getAttr<AllocSizeAttr>()) {
Optional<unsigned> NumElemsParam; Optional<unsigned> NumElemsParam;
if (AllocSize->getNumElemsParam().isValid()) if (AllocSize->getNumElemsParam().isValid())
NumElemsParam = AllocSize->getNumElemsParam().getLLVMIndex(); NumElemsParam = AllocSize->getNumElemsParam().getLLVMIndex();
▲ Show 20 LinesShow All 3,411 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.cpp

Show First 20 LinesShow All 709 Lines▼ Show 20 Lines if (CodeGenOpts.CFProtectionBranch &&
// Indicate that we want to instrument branch control flow protection. // Indicate that we want to instrument branch control flow protection.
getModule().addModuleFlag(llvm::Module::Override, "cf-protection-branch", getModule().addModuleFlag(llvm::Module::Override, "cf-protection-branch",
1); 1);
} }
if (CodeGenOpts.IBTSeal) if (CodeGenOpts.IBTSeal)
getModule().addModuleFlag(llvm::Module::Override, "ibt-seal", 1); getModule().addModuleFlag(llvm::Module::Override, "ibt-seal", 1);
if (CodeGenOpts.ManualENDBR) {
// Indicate that the compiler should not automatically add ENDBR
// instructions to function prologues. Instead, each function that
// requires it must have the 'cf_check' attribute manually added in
// the source code.
getModule().addModuleFlag(llvm::Module::Override, "manual-endbr", 1);
}
// Add module metadata for return address signing (ignoring // Add module metadata for return address signing (ignoring
// non-leaf/all) and stack tagging. These are actually turned on by function // non-leaf/all) and stack tagging. These are actually turned on by function
// attributes, but we use module metadata to emit build attributes. This is // attributes, but we use module metadata to emit build attributes. This is
// needed for LTO, where the function attributes are inside bitcode // needed for LTO, where the function attributes are inside bitcode
// serialised into a global variable by the time build attributes are // serialised into a global variable by the time build attributes are
// emitted, so we can't access them. // emitted, so we can't access them.
if (Context.getTargetInfo().hasFeature("ptrauth") && if (Context.getTargetInfo().hasFeature("ptrauth") &&
LangOpts.getSignReturnAddressScope() != LangOpts.getSignReturnAddressScope() !=
▲ Show 20 LinesShow All 5,919 LinesShow Last 20 Lines

clang/lib/Driver/ToolChains/Clang.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 6,166 Lines▼ Show 20 Lines
if (Arg *A = Args.getLastArg(options::OPT_fcf_protection_EQ)) { if (Arg *A = Args.getLastArg(options::OPT_fcf_protection_EQ)) {
CmdArgs.push_back( CmdArgs.push_back(
Args.MakeArgString(Twine("-fcf-protection=") + A->getValue())); Args.MakeArgString(Twine("-fcf-protection=") + A->getValue()));
} }
if (IsUsingLTO) if (IsUsingLTO)
Args.AddLastArg(CmdArgs, options::OPT_mibt_seal); Args.AddLastArg(CmdArgs, options::OPT_mibt_seal);
Args.AddLastArg(CmdArgs, options::OPT_mmanual_endbr);
// Forward -f options with positive and negative forms; we translate these by // Forward -f options with positive and negative forms; we translate these by
// hand. Do not propagate PGO options to the GPU-side compilations as the // hand. Do not propagate PGO options to the GPU-side compilations as the
// profile info is for the host-side compilation only. // profile info is for the host-side compilation only.
if (!(IsCudaDevice || IsHIPDevice)) { if (!(IsCudaDevice || IsHIPDevice)) {
if (Arg *A = getLastProfileSampleUseArg(Args)) { if (Arg *A = getLastProfileSampleUseArg(Args)) {
auto *PGOArg = Args.getLastArg( auto *PGOArg = Args.getLastArg(
options::OPT_fprofile_generate, options::OPT_fprofile_generate_EQ, options::OPT_fprofile_generate, options::OPT_fprofile_generate_EQ,
options::OPT_fcs_profile_generate, options::OPT_fcs_profile_generate,
▲ Show 20 LinesShow All 1,936 LinesShow Last 20 Lines

clang/lib/Frontend/CompilerInvocation.cpp

Show First 20 LinesShow All 1,470 Lines▼ Show 20 Lines#undef CODEGEN_OPTION_WITH_MARSHALLING
else if (Opts.CFProtectionReturn) else if (Opts.CFProtectionReturn)
GenerateArg(Args, OPT_fcf_protection_EQ, "return", SA); GenerateArg(Args, OPT_fcf_protection_EQ, "return", SA);
else if (Opts.CFProtectionBranch) else if (Opts.CFProtectionBranch)
GenerateArg(Args, OPT_fcf_protection_EQ, "branch", SA); GenerateArg(Args, OPT_fcf_protection_EQ, "branch", SA);
if (Opts.IBTSeal) if (Opts.IBTSeal)
GenerateArg(Args, OPT_mibt_seal, SA); GenerateArg(Args, OPT_mibt_seal, SA);
if (Opts.ManualENDBR)
GenerateArg(Args, OPT_mmanual_endbr, SA);
for (const auto &F : Opts.LinkBitcodeFiles) { for (const auto &F : Opts.LinkBitcodeFiles) {
bool Builtint = F.LinkFlags == llvm::Linker::Flags::LinkOnlyNeeded && bool Builtint = F.LinkFlags == llvm::Linker::Flags::LinkOnlyNeeded &&
F.PropagateAttrs && F.Internalize; F.PropagateAttrs && F.Internalize;
GenerateArg(Args, GenerateArg(Args,
Builtint ? OPT_mlink_builtin_bitcode : OPT_mlink_bitcode_file, Builtint ? OPT_mlink_builtin_bitcode : OPT_mlink_bitcode_file,
F.Filename, SA); F.Filename, SA);
} }
▲ Show 20 LinesShow All 328 Lines▼ Show 20 Lines else if (Name == "branch")
Opts.CFProtectionBranch = 1; Opts.CFProtectionBranch = 1;
else if (Name != "none") else if (Name != "none")
Diags.Report(diag::err_drv_invalid_value) << A->getAsString(Args) << Name; Diags.Report(diag::err_drv_invalid_value) << A->getAsString(Args) << Name;
} }
if (Opts.PrepareForLTO && Args.hasArg(OPT_mibt_seal)) if (Opts.PrepareForLTO && Args.hasArg(OPT_mibt_seal))
Opts.IBTSeal = 1; Opts.IBTSeal = 1;
if (Args.hasArg(OPT_mmanual_endbr))
Opts.ManualENDBR = 1;
for (auto *A : for (auto *A :
Args.filtered(OPT_mlink_bitcode_file, OPT_mlink_builtin_bitcode)) { Args.filtered(OPT_mlink_bitcode_file, OPT_mlink_builtin_bitcode)) {
CodeGenOptions::BitcodeFileToLink F; CodeGenOptions::BitcodeFileToLink F;
F.Filename = A->getValue(); F.Filename = A->getValue();
if (A->getOption().matches(OPT_mlink_builtin_bitcode)) { if (A->getOption().matches(OPT_mlink_builtin_bitcode)) {
F.LinkFlags = llvm::Linker::Flags::LinkOnlyNeeded; F.LinkFlags = llvm::Linker::Flags::LinkOnlyNeeded;
// When linking CUDA bitcode, propagate function attributes so that // When linking CUDA bitcode, propagate function attributes so that
// e.g. libdevice gets fast-math attrs if we're building with fast-math. // e.g. libdevice gets fast-math attrs if we're building with fast-math.
▲ Show 20 LinesShow All 2,874 LinesShow Last 20 Lines

clang/lib/Sema/SemaDeclAttr.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,167 Lines▼ Show 20 Lines
static void handleNoCfCheckAttr(Sema &S, Decl *D, const ParsedAttr &Attrs) { static void handleNoCfCheckAttr(Sema &S, Decl *D, const ParsedAttr &Attrs) {
if (!S.getLangOpts().CFProtectionBranch) if (!S.getLangOpts().CFProtectionBranch)
S.Diag(Attrs.getLoc(), diag::warn_nocf_check_attribute_ignored); S.Diag(Attrs.getLoc(), diag::warn_nocf_check_attribute_ignored);
else else
handleSimpleAttribute<AnyX86NoCfCheckAttr>(S, D, Attrs); handleSimpleAttribute<AnyX86NoCfCheckAttr>(S, D, Attrs);
} }
static void handleCfCheckAttr(Sema &S, Decl *D, const ParsedAttr &Attrs) {
if (!S.getLangOpts().CFProtectionBranch)
S.Diag(Attrs.getLoc(), diag::warn_cf_check_attribute_ignored);
else
handleSimpleAttribute<AnyX86CfCheckAttr>(S, D, Attrs);
}
bool Sema::CheckAttrNoArgs(const ParsedAttr &Attrs) { bool Sema::CheckAttrNoArgs(const ParsedAttr &Attrs) {
if (!Attrs.checkExactlyNumArgs(*this, 0)) { if (!Attrs.checkExactlyNumArgs(*this, 0)) {
Attrs.setInvalid(); Attrs.setInvalid();
return true; return true;
} }
return false; return false;
} }
▲ Show 20 LinesShow All 6,178 Lines▼ Show 20 Lines case ParsedAttr::AT_Naked:
handleNakedAttr(S, D, AL); handleNakedAttr(S, D, AL);
break; break;
case ParsedAttr::AT_NoReturn: case ParsedAttr::AT_NoReturn:
handleNoReturnAttr(S, D, AL); handleNoReturnAttr(S, D, AL);
break; break;
case ParsedAttr::AT_AnyX86NoCfCheck: case ParsedAttr::AT_AnyX86NoCfCheck:
handleNoCfCheckAttr(S, D, AL); handleNoCfCheckAttr(S, D, AL);
break; break;
case ParsedAttr::AT_AnyX86CfCheck:
handleCfCheckAttr(S, D, AL);
break;
case ParsedAttr::AT_NoThrow: case ParsedAttr::AT_NoThrow:
if (!AL.isUsedAsTypeAttr()) if (!AL.isUsedAsTypeAttr())
handleSimpleAttribute<NoThrowAttr>(S, D, AL); handleSimpleAttribute<NoThrowAttr>(S, D, AL);
break; break;
case ParsedAttr::AT_CUDAShared: case ParsedAttr::AT_CUDAShared:
handleSharedAttr(S, D, AL); handleSharedAttr(S, D, AL);
break; break;
case ParsedAttr::AT_VecReturn: case ParsedAttr::AT_VecReturn:
▲ Show 20 LinesShow All 791 LinesShow Last 20 Lines

clang/lib/Sema/SemaType.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 129 Lines▼ Show 20 Lines
// Function type attributes. // Function type attributes.
#define FUNCTION_TYPE_ATTRS_CASELIST \ #define FUNCTION_TYPE_ATTRS_CASELIST \
case ParsedAttr::AT_NSReturnsRetained: \ case ParsedAttr::AT_NSReturnsRetained: \
case ParsedAttr::AT_NoReturn: \ case ParsedAttr::AT_NoReturn: \
case ParsedAttr::AT_Regparm: \ case ParsedAttr::AT_Regparm: \
case ParsedAttr::AT_CmseNSCall: \ case ParsedAttr::AT_CmseNSCall: \
case ParsedAttr::AT_AnyX86NoCallerSavedRegisters: \ case ParsedAttr::AT_AnyX86NoCallerSavedRegisters: \
case ParsedAttr::AT_AnyX86CfCheck: \
case ParsedAttr::AT_AnyX86NoCfCheck: \ case ParsedAttr::AT_AnyX86NoCfCheck: \
CALLING_CONV_ATTRS_CASELIST CALLING_CONV_ATTRS_CASELIST
// Microsoft-specific type qualifiers. // Microsoft-specific type qualifiers.
#define MS_TYPE_ATTRS_CASELIST \ #define MS_TYPE_ATTRS_CASELIST \
case ParsedAttr::AT_Ptr32: \ case ParsedAttr::AT_Ptr32: \
case ParsedAttr::AT_Ptr64: \ case ParsedAttr::AT_Ptr64: \
case ParsedAttr::AT_SPtr: \ case ParsedAttr::AT_SPtr: \
▲ Show 20 LinesShow All 7,418 Lines▼ Show 20 Lines if (!unwrapped.isFunctionType())
return true; return true;
FunctionType::ExtInfo EI = FunctionType::ExtInfo EI =
unwrapped.get()->getExtInfo().withNoCfCheck(true); unwrapped.get()->getExtInfo().withNoCfCheck(true);
type = unwrapped.wrap(S, S.Context.adjustFunctionType(unwrapped.get(), EI)); type = unwrapped.wrap(S, S.Context.adjustFunctionType(unwrapped.get(), EI));
return true; return true;
} }
if (attr.getKind() == ParsedAttr::AT_AnyX86CfCheck) {
if (!S.getLangOpts().CFProtectionBranch) {
S.Diag(attr.getLoc(), diag::warn_cf_check_attribute_ignored);
attr.setInvalid();
return true;
}
if (S.CheckAttrTarget(attr) || S.CheckAttrNoArgs(attr))
return true;
// If this is not a function type, warning will be asserted by subject
// check.
if (!unwrapped.isFunctionType())
return true;
FunctionType::ExtInfo EI = unwrapped.get()->getExtInfo().withCfCheck(true);
type = unwrapped.wrap(S, S.Context.adjustFunctionType(unwrapped.get(), EI));
return true;
}
if (attr.getKind() == ParsedAttr::AT_Regparm) { if (attr.getKind() == ParsedAttr::AT_Regparm) {
unsigned value; unsigned value;
if (S.CheckRegparmAttr(attr, value)) if (S.CheckRegparmAttr(attr, value))
return true; return true;
// Delay if this is not a function type. // Delay if this is not a function type.
if (!unwrapped.isFunctionType()) if (!unwrapped.isFunctionType())
return false; return false;
▲ Show 20 LinesShow All 1,536 LinesShow Last 20 Lines

clang/lib/Serialization/ASTWriter.cpp

Show First 20 LinesShow All 596 Lines▼ Show 20 Linesvoid ASTWriter::WriteTypeAbbrevs() {
Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::VBR, 6)); // ReturnType Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::VBR, 6)); // ReturnType
Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::Fixed, 1)); // NoReturn Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::Fixed, 1)); // NoReturn
Abv->Add(BitCodeAbbrevOp(0)); // HasRegParm Abv->Add(BitCodeAbbrevOp(0)); // HasRegParm
Abv->Add(BitCodeAbbrevOp(0)); // RegParm Abv->Add(BitCodeAbbrevOp(0)); // RegParm
Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::Fixed, 4)); // CC Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::Fixed, 4)); // CC
Abv->Add(BitCodeAbbrevOp(0)); // ProducesResult Abv->Add(BitCodeAbbrevOp(0)); // ProducesResult
Abv->Add(BitCodeAbbrevOp(0)); // NoCallerSavedRegs Abv->Add(BitCodeAbbrevOp(0)); // NoCallerSavedRegs
Abv->Add(BitCodeAbbrevOp(0)); // NoCfCheck Abv->Add(BitCodeAbbrevOp(0)); // NoCfCheck
Abv->Add(BitCodeAbbrevOp(0)); // CfCheck
Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::Fixed, 1)); // CmseNSCall Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::Fixed, 1)); // CmseNSCall
// FunctionProtoType // FunctionProtoType
Abv->Add(BitCodeAbbrevOp(0)); // IsVariadic Abv->Add(BitCodeAbbrevOp(0)); // IsVariadic
Abv->Add(BitCodeAbbrevOp(0)); // HasTrailingReturn Abv->Add(BitCodeAbbrevOp(0)); // HasTrailingReturn
Abv->Add(BitCodeAbbrevOp(0)); // TypeQuals Abv->Add(BitCodeAbbrevOp(0)); // TypeQuals
Abv->Add(BitCodeAbbrevOp(0)); // RefQualifier Abv->Add(BitCodeAbbrevOp(0)); // RefQualifier
Abv->Add(BitCodeAbbrevOp(EST_None)); // ExceptionSpec Abv->Add(BitCodeAbbrevOp(EST_None)); // ExceptionSpec
Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::VBR, 6)); // NumParams Abv->Add(BitCodeAbbrevOp(BitCodeAbbrevOp::VBR, 6)); // NumParams
▲ Show 20 LinesShow All 6,284 LinesShow Last 20 Lines

clang/test/CodeGen/X86/x86-mmanual-endbr.c

  • This file was added.
// RUN: %clang -target i386-unknown-unknown -o - -emit-llvm -S -fcf-protection=branch -mmanual-endbr %s | FileCheck %s --check-prefix=MANUALENDBR
// MANUALENDBR: "manual-endbr", i32 1
__attribute__((cf_check)) void foo() {}

clang/test/CodeGen/attributes.c

Show First 20 LinesShow All 111 Lines▼ Show 20 Lines
// CHECK: call void %{{[a-z0-9]+}}() [[NOCF_CHECK_CALL:#[0-9]+]] // CHECK: call void %{{[a-z0-9]+}}() [[NOCF_CHECK_CALL:#[0-9]+]]
typedef void (*f_t)(void); typedef void (*f_t)(void);
void t24(f_t f1) { void t24(f_t f1) {
__attribute__((nocf_check)) f_t p = f1; __attribute__((nocf_check)) f_t p = f1;
(*p)(); (*p)();
} }
// CHECK: call void %{{[a-z0-9]+}}() [[CF_CHECK_CALL:#[0-9]+]]
void t25(f_t f1) {
__attribute__((cf_check)) f_t p = f1;
(*p)();
}
// CHECK: attributes [[NUW]] = { noinline nounwind{{.*}} } // CHECK: attributes [[NUW]] = { noinline nounwind{{.*}} }
// CHECK: attributes [[NR]] = { noinline noreturn nounwind{{.*}} } // CHECK: attributes [[NR]] = { noinline noreturn nounwind{{.*}} }
// CHECK: attributes [[COLDDEF]] = { cold {{.*}}} // CHECK: attributes [[COLDDEF]] = { cold {{.*}}}
// CHECK: attributes [[COLDDECL]] = { cold {{.*}}} // CHECK: attributes [[COLDDECL]] = { cold {{.*}}}
// CHECK: attributes [[HOTDEF]] = { hot {{.*}}} // CHECK: attributes [[HOTDEF]] = { hot {{.*}}}
// CHECK: attributes [[HOTDECL]] = { hot {{.*}}} // CHECK: attributes [[HOTDECL]] = { hot {{.*}}}
// CHECK: attributes [[NOCF_CHECK_FUNC]] = { nocf_check {{.*}}} // CHECK: attributes [[NOCF_CHECK_FUNC]] = { nocf_check {{.*}}}
// CHECK: attributes [[COLDSITE]] = { cold {{.*}}} // CHECK: attributes [[COLDSITE]] = { cold {{.*}}}
// CHECK: attributes [[HOTSITE]] = { hot {{.*}}} // CHECK: attributes [[HOTSITE]] = { hot {{.*}}}
// CHECK: attributes [[NOCF_CHECK_CALL]] = { nocf_check } // CHECK: attributes [[NOCF_CHECK_CALL]] = { nocf_check }
// CHECK: attributes [[CF_CHECK_CALL]] = { cf_check }

clang/test/Misc/pragma-attribute-supported-attributes-list.test

Show All 9 Lines
// CHECK-NEXT: AVRSignal (SubjectMatchRule_function) // CHECK-NEXT: AVRSignal (SubjectMatchRule_function)
// CHECK-NEXT: AbiTag (SubjectMatchRule_record_not_is_union, SubjectMatchRule_variable, SubjectMatchRule_function, SubjectMatchRule_namespace) // CHECK-NEXT: AbiTag (SubjectMatchRule_record_not_is_union, SubjectMatchRule_variable, SubjectMatchRule_function, SubjectMatchRule_namespace)
// CHECK-NEXT: AcquireHandle (SubjectMatchRule_function, SubjectMatchRule_type_alias, SubjectMatchRule_variable_is_parameter) // CHECK-NEXT: AcquireHandle (SubjectMatchRule_function, SubjectMatchRule_type_alias, SubjectMatchRule_variable_is_parameter)
// CHECK-NEXT: Alias (SubjectMatchRule_function, SubjectMatchRule_variable_is_global) // CHECK-NEXT: Alias (SubjectMatchRule_function, SubjectMatchRule_variable_is_global)
// CHECK-NEXT: AlignValue (SubjectMatchRule_variable, SubjectMatchRule_type_alias) // CHECK-NEXT: AlignValue (SubjectMatchRule_variable, SubjectMatchRule_type_alias)
// CHECK-NEXT: AlwaysDestroy (SubjectMatchRule_variable) // CHECK-NEXT: AlwaysDestroy (SubjectMatchRule_variable)
// CHECK-NEXT: AlwaysInline (SubjectMatchRule_function) // CHECK-NEXT: AlwaysInline (SubjectMatchRule_function)
// CHECK-NEXT: Annotate () // CHECK-NEXT: Annotate ()
// CHECK-NEXT: AnyX86CfCheck (SubjectMatchRule_hasType_functionType)
// CHECK-NEXT: AnyX86NoCfCheck (SubjectMatchRule_hasType_functionType) // CHECK-NEXT: AnyX86NoCfCheck (SubjectMatchRule_hasType_functionType)
// CHECK-NEXT: ArcWeakrefUnavailable (SubjectMatchRule_objc_interface) // CHECK-NEXT: ArcWeakrefUnavailable (SubjectMatchRule_objc_interface)
// CHECK-NEXT: ArmBuiltinAlias (SubjectMatchRule_function) // CHECK-NEXT: ArmBuiltinAlias (SubjectMatchRule_function)
// CHECK-NEXT: AssumeAligned (SubjectMatchRule_objc_method, SubjectMatchRule_function) // CHECK-NEXT: AssumeAligned (SubjectMatchRule_objc_method, SubjectMatchRule_function)
// CHECK-NEXT: Assumption (SubjectMatchRule_function, SubjectMatchRule_objc_method) // CHECK-NEXT: Assumption (SubjectMatchRule_function, SubjectMatchRule_objc_method)
// CHECK-NEXT: Availability ((SubjectMatchRule_record, SubjectMatchRule_enum, SubjectMatchRule_enum_constant, SubjectMatchRule_field, SubjectMatchRule_function, SubjectMatchRule_namespace, SubjectMatchRule_objc_category, SubjectMatchRule_objc_implementation, SubjectMatchRule_objc_interface, SubjectMatchRule_objc_method, SubjectMatchRule_objc_property, SubjectMatchRule_objc_protocol, SubjectMatchRule_record, SubjectMatchRule_type_alias, SubjectMatchRule_variable)) // CHECK-NEXT: Availability ((SubjectMatchRule_record, SubjectMatchRule_enum, SubjectMatchRule_enum_constant, SubjectMatchRule_field, SubjectMatchRule_function, SubjectMatchRule_namespace, SubjectMatchRule_objc_category, SubjectMatchRule_objc_implementation, SubjectMatchRule_objc_interface, SubjectMatchRule_objc_method, SubjectMatchRule_objc_property, SubjectMatchRule_objc_protocol, SubjectMatchRule_record, SubjectMatchRule_type_alias, SubjectMatchRule_variable))
// CHECK-NEXT: BPFPreserveAccessIndex (SubjectMatchRule_record) // CHECK-NEXT: BPFPreserveAccessIndex (SubjectMatchRule_record)
// CHECK-NEXT: BTFDeclTag (SubjectMatchRule_variable, SubjectMatchRule_function, SubjectMatchRule_record, SubjectMatchRule_field, SubjectMatchRule_type_alias) // CHECK-NEXT: BTFDeclTag (SubjectMatchRule_variable, SubjectMatchRule_function, SubjectMatchRule_record, SubjectMatchRule_field, SubjectMatchRule_type_alias)
▲ Show 20 LinesShow All 170 LinesShow Last 20 Lines

clang/test/Sema/attr-cf_check.c

  • This file was added.
// RUN: %clang_cc1 -triple=x86_64-unknown-unknown -verify -fcf-protection=branch -fsyntax-only %s
// Function pointer definition.
typedef void (*FuncPointerWithCfCheck)(void) __attribute__((cf_check)); // no-warning
typedef void (*FuncPointer)(void);
// Dont allow function declaration and definition mismatch.
void __attribute__((cf_check)) testCfCheck(); // expected-note {{previous declaration is here}}
void testCfCheck(){}; // expected-error {{conflicting types for 'testCfCheck'}}
// No variable or parameter declaration
__attribute__((cf_check)) int i; // expected-warning {{'cf_check' attribute only applies to function}}
void testCfCheckImpl(double __attribute__((cf_check)) i) {} // expected-warning {{'cf_check' attribute only applies to function}}
// Allow attributed function pointers as well as casting between attributed
// and non-attributed function pointers.
void testCfCheckMismatch(FuncPointer f) {
FuncPointerWithCfCheck fCfCheck = f; // expected-warning {{incompatible function pointer types}}
(*fCfCheck)(); // no-warning
}
// 'cf_check' Attribute has no parameters.
int testCfCheckParams() __attribute__((cf_check(1))); // expected-error {{'cf_check' attribute takes no arguments}}

clang/test/Sema/attr-cf_check.cpp

  • This file was added.
// RUN: %clang_cc1 -triple=i386-unknown-unknown -verify -fcf-protection=branch -std=c++11 -fsyntax-only %s
// Function pointer definition.
[[gnu::cf_check]] typedef void (*FuncPointerWithCfCheck)(void); // no-warning
typedef void (*FuncPointer)(void);
// Dont allow function declaration and definition mismatch.
[[gnu::cf_check]] void testCfCheck(); // expected-note {{previous declaration is here}}
void testCfCheck(){}; // expected-error {{conflicting types for 'testCfCheck'}}
// No variable or parameter declaration
int [[gnu::cf_check]] i; // expected-error {{'cf_check' attribute cannot be applied to types}}
void testCfCheckImpl(double i [[gnu::cf_check]]) {} // expected-warning {{'cf_check' attribute only applies to functions and function pointers}}
// Allow attributed function pointers as well as casting between attributed
// and non-attributed function pointers.
void testCfCheckMismatch(FuncPointer f) {
FuncPointerWithCfCheck fCfCheck = f; // expected-error {{cannot initialize a variable of type}}
(*fCfCheck)(); // no-warning
}
// 'cf_check' Attribute has no parameters.
[[gnu::cf_check(1)]] int testCfCheckParams(); // expected-error {{'cf_check' attribute takes no arguments}}

clang/test/Sema/cf_check_attr_not_allowed.c

  • This file was added.
// RUN: %clang_cc1 -triple powerpc-unknown-linux-gnu -fsyntax-only -verify -fcf-protection=branch %s
// RUN: %clang_cc1 -triple arm-unknown-linux-gnu -fsyntax-only -verify -fcf-protection=branch %s
// RUN: %clang_cc1 -triple arm-unknown-linux-gnu -fsyntax-only -verify %s
void __attribute__((cf_check)) foo(); // expected-warning-re{{{{((unknown attribute 'cf_check' ignored)|('cf_check' attribute ignored; use -fcf-protection to enable the attribute))}}}}

llvm/bindings/go/llvm/ir_test.go

Show First 20 LinesShow All 81 Lines▼ Show 20 Lines attrTests := []string{
"sspreq", "sspreq",
"sspstrong", "sspstrong",
"sanitize_thread", "sanitize_thread",
"sanitize_memory", "sanitize_memory",
"uwtable", "uwtable",
"zeroext", "zeroext",
"cold", "cold",
"nocf_check", "nocf_check",
"cf_check",
} }
for _, name := range attrTests { for _, name := range attrTests {
testAttribute(t, name) testAttribute(t, name)
} }
} }
func TestDebugLoc(t *testing.T) { func TestDebugLoc(t *testing.T) {
▲ Show 20 LinesShow All 67 LinesShow Last 20 Lines

llvm/docs/BitCodeFormat.rst

Show First 20 LinesShow All 1,072 Lines▼ Show 20 Lines
* code 68: ``noundef`` * code 68: ``noundef``
* code 69: ``byref`` * code 69: ``byref``
* code 70: ``mustprogress`` * code 70: ``mustprogress``
* code 74: ``vscale_range(<Min>[, <Max>])`` * code 74: ``vscale_range(<Min>[, <Max>])``
* code 75: ``swiftasync`` * code 75: ``swiftasync``
* code 76: ``nosanitize_coverage`` * code 76: ``nosanitize_coverage``
* code 77: ``elementtype`` * code 77: ``elementtype``
* code 78: ``disable_sanitizer_instrumentation`` * code 78: ``disable_sanitizer_instrumentation``
* code 79: ``cf_check``
.. note:: .. note::
The ``allocsize`` attribute has a special encoding for its arguments. Its two The ``allocsize`` attribute has a special encoding for its arguments. Its two
arguments, which are 32-bit integers, are packed into one 64-bit integer value arguments, which are 32-bit integers, are packed into one 64-bit integer value
(i.e. ``(EltSizeParam << 32) | NumEltsParam``), with ``NumEltsParam`` taking on (i.e. ``(EltSizeParam << 32) | NumEltsParam``), with ``NumEltsParam`` taking on
the sentinel value -1 if it is not specified. the sentinel value -1 if it is not specified.
.. note:: .. note::
▲ Show 20 LinesShow All 308 LinesShow Last 20 Lines

llvm/docs/LangRef.rst

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,109 Lines▼ Show 20 Lines``uwtable``
the ELF x86-64 abi, but it can be disabled for some compilation the ELF x86-64 abi, but it can be disabled for some compilation
units. units.
``nocf_check`` ``nocf_check``
This attribute indicates that no control-flow check will be performed on This attribute indicates that no control-flow check will be performed on
the attributed entity. It disables -fcf-protection=<> for a specific the attributed entity. It disables -fcf-protection=<> for a specific
entity to fine grain the HW control flow protection mechanism. The flag entity to fine grain the HW control flow protection mechanism. The flag
is target independent and currently appertains to a function or function is target independent and currently appertains to a function or function
pointer. pointer.
``cf_check``
This attribute manually indicates that control-flow check will be performed
on the attributed entity. It only makes sense together with -mmanual-endbr,
which tells the compiler that -fcf-protection=<> should not guess which
functions need HW control flow protection. Instead, functions that need it
will have the ``cf_check`` attribute manually added to the source code. The
flag is target independent and appertains only to functions.
``shadowcallstack`` ``shadowcallstack``
This attribute indicates that the ShadowCallStack checks are enabled for This attribute indicates that the ShadowCallStack checks are enabled for
the function. The instrumentation checks that the return address for the the function. The instrumentation checks that the return address for the
function has not changed between the function prolog and epilog. It is function has not changed between the function prolog and epilog. It is
currently x86_64-specific. currently x86_64-specific.
``mustprogress`` ``mustprogress``
This attribute indicates that the function is required to return, unwind, This attribute indicates that the function is required to return, unwind,
or interact with the environment in an observable way e.g. via a volatile or interact with the environment in an observable way e.g. via a volatile
▲ Show 20 LinesShow All 21,802 LinesShow Last 20 Lines

llvm/include/llvm/AsmParser/LLToken.h

Show First 20 LinesShow All 212 Lines▼ Show 20 Linesenum Kind {
kw_nonlazybind, kw_nonlazybind,
kw_nomerge, kw_nomerge,
kw_nonnull, kw_nonnull,
kw_noprofile, kw_noprofile,
kw_noredzone, kw_noredzone,
kw_noreturn, kw_noreturn,
kw_nosync, kw_nosync,
kw_nocf_check, kw_nocf_check,
kw_cf_check,
kw_nounwind, kw_nounwind,
kw_nosanitize_coverage, kw_nosanitize_coverage,
kw_null_pointer_is_valid, kw_null_pointer_is_valid,
kw_optforfuzzing, kw_optforfuzzing,
kw_optnone, kw_optnone,
kw_optsize, kw_optsize,
kw_preallocated, kw_preallocated,
kw_readnone, kw_readnone,
▲ Show 20 LinesShow All 275 LinesShow Last 20 Lines

llvm/include/llvm/Bitcode/LLVMBitCodes.h

Show First 20 LinesShow All 671 Lines▼ Show 20 Linesenum AttributeKindCodes {
ATTR_KIND_NO_CALLBACK = 71, ATTR_KIND_NO_CALLBACK = 71,
ATTR_KIND_HOT = 72, ATTR_KIND_HOT = 72,
ATTR_KIND_NO_PROFILE = 73, ATTR_KIND_NO_PROFILE = 73,
ATTR_KIND_VSCALE_RANGE = 74, ATTR_KIND_VSCALE_RANGE = 74,
ATTR_KIND_SWIFT_ASYNC = 75, ATTR_KIND_SWIFT_ASYNC = 75,
ATTR_KIND_NO_SANITIZE_COVERAGE = 76, ATTR_KIND_NO_SANITIZE_COVERAGE = 76,
ATTR_KIND_ELEMENTTYPE = 77, ATTR_KIND_ELEMENTTYPE = 77,
ATTR_KIND_DISABLE_SANITIZER_INSTRUMENTATION = 78, ATTR_KIND_DISABLE_SANITIZER_INSTRUMENTATION = 78,
ATTR_KIND_CF_CHECK = 79,
}; };
enum ComdatSelectionKindCodes { enum ComdatSelectionKindCodes {
COMDAT_SELECTION_KIND_ANY = 1, COMDAT_SELECTION_KIND_ANY = 1,
COMDAT_SELECTION_KIND_EXACT_MATCH = 2, COMDAT_SELECTION_KIND_EXACT_MATCH = 2,
COMDAT_SELECTION_KIND_LARGEST = 3, COMDAT_SELECTION_KIND_LARGEST = 3,
COMDAT_SELECTION_KIND_NO_DUPLICATES = 4, COMDAT_SELECTION_KIND_NO_DUPLICATES = 4,
COMDAT_SELECTION_KIND_SAME_SIZE = 5, COMDAT_SELECTION_KIND_SAME_SIZE = 5,
Show All 14 Lines

llvm/include/llvm/IR/Attributes.td

Show First 20 LinesShow All 163 Lines▼ Show 20 Lines
def NoReturn : EnumAttr<"noreturn", [FnAttr]>; def NoReturn : EnumAttr<"noreturn", [FnAttr]>;
/// Function does not synchronize. /// Function does not synchronize.
def NoSync : EnumAttr<"nosync", [FnAttr]>; def NoSync : EnumAttr<"nosync", [FnAttr]>;
/// Disable Indirect Branch Tracking. /// Disable Indirect Branch Tracking.
def NoCfCheck : EnumAttr<"nocf_check", [FnAttr]>; def NoCfCheck : EnumAttr<"nocf_check", [FnAttr]>;
/// Enable Indirect Branch Tracking.
def CfCheck : EnumAttr<"cf_check", [FnAttr]>;
/// Function should not be instrumented. /// Function should not be instrumented.
def NoProfile : EnumAttr<"noprofile", [FnAttr]>; def NoProfile : EnumAttr<"noprofile", [FnAttr]>;
/// Function doesn't unwind stack. /// Function doesn't unwind stack.
def NoUnwind : EnumAttr<"nounwind", [FnAttr]>; def NoUnwind : EnumAttr<"nounwind", [FnAttr]>;
/// No SanitizeCoverage instrumentation. /// No SanitizeCoverage instrumentation.
def NoSanitizeCoverage : EnumAttr<"nosanitize_coverage", [FnAttr]>; def NoSanitizeCoverage : EnumAttr<"nosanitize_coverage", [FnAttr]>;
▲ Show 20 LinesShow All 171 LinesShow Last 20 Lines

llvm/include/llvm/IR/Function.h

Show First 20 LinesShow All 546 Lines▼ Show 20 Linespublic:
} }
void setDoesNotReturn() { void setDoesNotReturn() {
addFnAttr(Attribute::NoReturn); addFnAttr(Attribute::NoReturn);
} }
/// Determine if the function should not perform indirect branch tracking. /// Determine if the function should not perform indirect branch tracking.
bool doesNoCfCheck() const { return hasFnAttribute(Attribute::NoCfCheck); } bool doesNoCfCheck() const { return hasFnAttribute(Attribute::NoCfCheck); }
/// Determine if the function is manually set to perform indirect branch
/// tracking.
bool doesCfCheck() const { return hasFnAttribute(Attribute::CfCheck); }
/// Determine if the function cannot unwind. /// Determine if the function cannot unwind.
bool doesNotThrow() const { bool doesNotThrow() const {
return hasFnAttribute(Attribute::NoUnwind); return hasFnAttribute(Attribute::NoUnwind);
} }
void setDoesNotThrow() { void setDoesNotThrow() {
addFnAttr(Attribute::NoUnwind); addFnAttr(Attribute::NoUnwind);
} }
▲ Show 20 LinesShow All 355 LinesShow Last 20 Lines

llvm/include/llvm/IR/InstrTypes.h

Show First 20 LinesShow All 1,860 Lines▼ Show 20 Linespublic:
} }
/// Determine if the call cannot return. /// Determine if the call cannot return.
bool doesNotReturn() const { return hasFnAttr(Attribute::NoReturn); } bool doesNotReturn() const { return hasFnAttr(Attribute::NoReturn); }
void setDoesNotReturn() { addFnAttr(Attribute::NoReturn); } void setDoesNotReturn() { addFnAttr(Attribute::NoReturn); }
/// Determine if the call should not perform indirect branch tracking. /// Determine if the call should not perform indirect branch tracking.
bool doesNoCfCheck() const { return hasFnAttr(Attribute::NoCfCheck); } bool doesNoCfCheck() const { return hasFnAttr(Attribute::NoCfCheck); }
/// Determine if the call could perform indirect branch tracking.
bool doesCfCheck() const { return hasFnAttr(Attribute::CfCheck); }
/// Determine if the call cannot unwind. /// Determine if the call cannot unwind.
bool doesNotThrow() const { return hasFnAttr(Attribute::NoUnwind); } bool doesNotThrow() const { return hasFnAttr(Attribute::NoUnwind); }
void setDoesNotThrow() { addFnAttr(Attribute::NoUnwind); } void setDoesNotThrow() { addFnAttr(Attribute::NoUnwind); }
/// Determine if the invoke cannot be duplicated. /// Determine if the invoke cannot be duplicated.
bool cannotDuplicate() const { return hasFnAttr(Attribute::NoDuplicate); } bool cannotDuplicate() const { return hasFnAttr(Attribute::NoDuplicate); }
void setCannotDuplicate() { addFnAttr(Attribute::NoDuplicate); } void setCannotDuplicate() { addFnAttr(Attribute::NoDuplicate); }
▲ Show 20 LinesShow All 531 LinesShow Last 20 Lines

llvm/lib/AsmParser/LLLexer.cpp

Show First 20 LinesShow All 664 Lines▼ Show 20 Lines#define KEYWORD(STR) \
KEYWORD(nonlazybind); KEYWORD(nonlazybind);
KEYWORD(nomerge); KEYWORD(nomerge);
KEYWORD(nonnull); KEYWORD(nonnull);
KEYWORD(noprofile); KEYWORD(noprofile);
KEYWORD(noredzone); KEYWORD(noredzone);
KEYWORD(noreturn); KEYWORD(noreturn);
KEYWORD(nosync); KEYWORD(nosync);
KEYWORD(nocf_check); KEYWORD(nocf_check);
KEYWORD(cf_check);
KEYWORD(noundef); KEYWORD(noundef);
KEYWORD(nounwind); KEYWORD(nounwind);
KEYWORD(nosanitize_coverage); KEYWORD(nosanitize_coverage);
KEYWORD(null_pointer_is_valid); KEYWORD(null_pointer_is_valid);
KEYWORD(optforfuzzing); KEYWORD(optforfuzzing);
KEYWORD(optnone); KEYWORD(optnone);
KEYWORD(optsize); KEYWORD(optsize);
KEYWORD(preallocated); KEYWORD(preallocated);
▲ Show 20 LinesShow All 513 LinesShow Last 20 Lines

llvm/lib/Bitcode/Reader/BitcodeReader.cpp

Show First 20 LinesShow All 1,441 Lines▼ Show 20 Linesstatic Attribute::AttrKind getAttrFromCode(uint64_t Code) {
case bitc::ATTR_KIND_NO_RED_ZONE: case bitc::ATTR_KIND_NO_RED_ZONE:
return Attribute::NoRedZone; return Attribute::NoRedZone;
case bitc::ATTR_KIND_NO_RETURN: case bitc::ATTR_KIND_NO_RETURN:
return Attribute::NoReturn; return Attribute::NoReturn;
case bitc::ATTR_KIND_NOSYNC: case bitc::ATTR_KIND_NOSYNC:
return Attribute::NoSync; return Attribute::NoSync;
case bitc::ATTR_KIND_NOCF_CHECK: case bitc::ATTR_KIND_NOCF_CHECK:
return Attribute::NoCfCheck; return Attribute::NoCfCheck;
case bitc::ATTR_KIND_CF_CHECK:
return Attribute::CfCheck;
case bitc::ATTR_KIND_NO_PROFILE: case bitc::ATTR_KIND_NO_PROFILE:
return Attribute::NoProfile; return Attribute::NoProfile;
case bitc::ATTR_KIND_NO_UNWIND: case bitc::ATTR_KIND_NO_UNWIND:
return Attribute::NoUnwind; return Attribute::NoUnwind;
case bitc::ATTR_KIND_NO_SANITIZE_COVERAGE: case bitc::ATTR_KIND_NO_SANITIZE_COVERAGE:
return Attribute::NoSanitizeCoverage; return Attribute::NoSanitizeCoverage;
case bitc::ATTR_KIND_NULL_POINTER_IS_VALID: case bitc::ATTR_KIND_NULL_POINTER_IS_VALID:
return Attribute::NullPointerIsValid; return Attribute::NullPointerIsValid;
▲ Show 20 LinesShow All 5,687 LinesShow Last 20 Lines

llvm/lib/Bitcode/Writer/BitcodeWriter.cpp

Show First 20 LinesShow All 678 Lines▼ Show 20 Linesstatic uint64_t getAttrKindEncoding(Attribute::AttrKind Kind) {
case Attribute::NoRedZone: case Attribute::NoRedZone:
return bitc::ATTR_KIND_NO_RED_ZONE; return bitc::ATTR_KIND_NO_RED_ZONE;
case Attribute::NoReturn: case Attribute::NoReturn:
return bitc::ATTR_KIND_NO_RETURN; return bitc::ATTR_KIND_NO_RETURN;
case Attribute::NoSync: case Attribute::NoSync:
return bitc::ATTR_KIND_NOSYNC; return bitc::ATTR_KIND_NOSYNC;
case Attribute::NoCfCheck: case Attribute::NoCfCheck:
return bitc::ATTR_KIND_NOCF_CHECK; return bitc::ATTR_KIND_NOCF_CHECK;
case Attribute::CfCheck:
return bitc::ATTR_KIND_CF_CHECK;
case Attribute::NoProfile: case Attribute::NoProfile:
return bitc::ATTR_KIND_NO_PROFILE; return bitc::ATTR_KIND_NO_PROFILE;
case Attribute::NoUnwind: case Attribute::NoUnwind:
return bitc::ATTR_KIND_NO_UNWIND; return bitc::ATTR_KIND_NO_UNWIND;
case Attribute::NoSanitizeCoverage: case Attribute::NoSanitizeCoverage:
return bitc::ATTR_KIND_NO_SANITIZE_COVERAGE; return bitc::ATTR_KIND_NO_SANITIZE_COVERAGE;
case Attribute::NullPointerIsValid: case Attribute::NullPointerIsValid:
return bitc::ATTR_KIND_NULL_POINTER_IS_VALID; return bitc::ATTR_KIND_NULL_POINTER_IS_VALID;
▲ Show 20 LinesShow All 4,281 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,158 Lines▼ Show 20 LinesX86TargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
bool IsSibcall = false; bool IsSibcall = false;
bool IsGuaranteeTCO = MF.getTarget().Options.GuaranteedTailCallOpt || bool IsGuaranteeTCO = MF.getTarget().Options.GuaranteedTailCallOpt ||
CallConv == CallingConv::Tail || CallConv == CallingConv::SwiftTail; CallConv == CallingConv::Tail || CallConv == CallingConv::SwiftTail;
bool IsCalleePopSRet = !IsGuaranteeTCO && hasCalleePopSRet(Outs, Subtarget); bool IsCalleePopSRet = !IsGuaranteeTCO && hasCalleePopSRet(Outs, Subtarget);
X86MachineFunctionInfo *X86Info = MF.getInfo<X86MachineFunctionInfo>(); X86MachineFunctionInfo *X86Info = MF.getInfo<X86MachineFunctionInfo>();
bool HasNCSR = (CB && isa<CallInst>(CB) && bool HasNCSR = (CB && isa<CallInst>(CB) &&
CB->hasFnAttr("no_caller_saved_registers")); CB->hasFnAttr("no_caller_saved_registers"));
bool HasNoCfCheck = (CB && CB->doesNoCfCheck()); bool HasNoCfCheck = (CB && CB->doesNoCfCheck());
bool HasCfCheck = (CB && CB->doesCfCheck());
bool IsIndirectCall = (CB && isa<CallInst>(CB) && CB->isIndirectCall()); bool IsIndirectCall = (CB && isa<CallInst>(CB) && CB->isIndirectCall());
const Module *M = MF.getMMI().getModule(); const Module *M = MF.getMMI().getModule();
Metadata *IsCFProtectionSupported = M->getModuleFlag("cf-protection-branch"); Metadata *IsCFProtectionSupported = M->getModuleFlag("cf-protection-branch");
MachineFunction::CallSiteInfo CSInfo; MachineFunction::CallSiteInfo CSInfo;
if (CallConv == CallingConv::X86_INTR) if (CallConv == CallingConv::X86_INTR)
report_fatal_error("X86 interrupts may not be called directly"); report_fatal_error("X86 interrupts may not be called directly");
▲ Show 20 LinesShow All 481 Lines▼ Show 20 Lines if (isTailCall) {
// function making a tail call to a function returning int. // function making a tail call to a function returning int.
MF.getFrameInfo().setHasTailCall(); MF.getFrameInfo().setHasTailCall();
SDValue Ret = DAG.getNode(X86ISD::TC_RETURN, dl, NodeTys, Ops); SDValue Ret = DAG.getNode(X86ISD::TC_RETURN, dl, NodeTys, Ops);
DAG.addCallSiteInfo(Ret.getNode(), std::move(CSInfo)); DAG.addCallSiteInfo(Ret.getNode(), std::move(CSInfo));
return Ret; return Ret;
} }
if (HasNoCfCheck && IsCFProtectionSupported && IsIndirectCall) { if (HasNoCfCheck && IsCFProtectionSupported && IsIndirectCall) {
assert(!HasCfCheck && "cf_check and nocf_check used at the same time");
Chain = DAG.getNode(X86ISD::NT_CALL, dl, NodeTys, Ops); Chain = DAG.getNode(X86ISD::NT_CALL, dl, NodeTys, Ops);
} else if (CLI.CB && objcarc::hasAttachedCallOpBundle(CLI.CB)) { } else if (CLI.CB && objcarc::hasAttachedCallOpBundle(CLI.CB)) {
// Calls with a "clang.arc.attachedcall" bundle are special. They should be // Calls with a "clang.arc.attachedcall" bundle are special. They should be
// expanded to the call, directly followed by a special marker sequence and // expanded to the call, directly followed by a special marker sequence and
// a call to a ObjC library function. Use the CALL_RVMARKER to do that. // a call to a ObjC library function. Use the CALL_RVMARKER to do that.
assert(!isTailCall && assert(!isTailCall &&
"tail calls cannot be marked with clang.arc.attachedcall"); "tail calls cannot be marked with clang.arc.attachedcall");
assert(Is64Bit && "clang.arc.attachedcall is only supported in 64bit mode"); assert(Is64Bit && "clang.arc.attachedcall is only supported in 64bit mode");
▲ Show 20 LinesShow All 32,759 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86IndirectBranchTracking.cpp

Show All 17 Lines
#include "X86.h" #include "X86.h"
#include "X86InstrInfo.h" #include "X86InstrInfo.h"
#include "X86Subtarget.h" #include "X86Subtarget.h"
#include "X86TargetMachine.h" #include "X86TargetMachine.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/CodeGen/MachineFunctionPass.h" #include "llvm/CodeGen/MachineFunctionPass.h"
#include "llvm/CodeGen/MachineInstrBuilder.h" #include "llvm/CodeGen/MachineInstrBuilder.h"
#include "llvm/CodeGen/MachineModuleInfo.h" #include "llvm/CodeGen/MachineModuleInfo.h"
#include "llvm/IR/DiagnosticInfo.h"
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "x86-indirect-branch-tracking" #define DEBUG_TYPE "x86-indirect-branch-tracking"
cl::opt<bool> IndirectBranchTracking( cl::opt<bool> IndirectBranchTracking(
"x86-indirect-branch-tracking", cl::init(false), cl::Hidden, "x86-indirect-branch-tracking", cl::init(false), cl::Hidden,
cl::desc("Enable X86 indirect branch tracking pass.")); cl::desc("Enable X86 indirect branch tracking pass."));
▲ Show 20 LinesShow All 92 Lines▼ Show 20 Lines
} }
bool X86IndirectBranchTrackingPass::runOnMachineFunction(MachineFunction &MF) { bool X86IndirectBranchTrackingPass::runOnMachineFunction(MachineFunction &MF) {
const X86Subtarget &SubTarget = MF.getSubtarget<X86Subtarget>(); const X86Subtarget &SubTarget = MF.getSubtarget<X86Subtarget>();
const Module *M = MF.getMMI().getModule(); const Module *M = MF.getMMI().getModule();
// Check that the cf-protection-branch is enabled. // Check that the cf-protection-branch is enabled.
Metadata *isCFProtectionSupported = M->getModuleFlag("cf-protection-branch"); Metadata *isCFProtectionSupported = M->getModuleFlag("cf-protection-branch");
Metadata *ManualENDBR = M->getModuleFlag("manual-endbr");
// NB: We need to enable IBT in jitted code if JIT compiler is CET // NB: We need to enable IBT in jitted code if JIT compiler is CET
// enabled. // enabled.
const X86TargetMachine *TM = const X86TargetMachine *TM =
static_cast<const X86TargetMachine *>(&MF.getTarget()); static_cast<const X86TargetMachine *>(&MF.getTarget());
#ifdef __CET__ #ifdef __CET__
bool isJITwithCET = TM->isJIT(); bool isJITwithCET = TM->isJIT();
#else #else
bool isJITwithCET = false; bool isJITwithCET = false;
#endif #endif
if (!isCFProtectionSupported && !IndirectBranchTracking && !isJITwithCET) if (!isCFProtectionSupported && !IndirectBranchTracking && !isJITwithCET)
return false; return false;
// True if the current MF was changed and false otherwise. // True if the current MF was changed and false otherwise.
bool Changed = false; bool Changed = false;
TII = SubTarget.getInstrInfo(); TII = SubTarget.getInstrInfo();
EndbrOpcode = SubTarget.is64Bit() ? X86::ENDBR64 : X86::ENDBR32; EndbrOpcode = SubTarget.is64Bit() ? X86::ENDBR64 : X86::ENDBR32;
// If function is reachable indirectly, mark the first BB with ENDBR. // If function is reachable indirectly, mark the first BB with ENDBR.
if (needsPrologueENDBR(MF, M)) { if (needsPrologueENDBR(MF, M)) {
if (!ManualENDBR || MF.getFunction().doesCfCheck()) {
auto MBB = MF.begin(); auto MBB = MF.begin();
Changed |= addENDBR(*MBB, MBB->begin()); Changed |= addENDBR(*MBB, MBB->begin());
} else {
// When -mmanual-endbr is in effect, the compiler does not
xiangzhangllvmUnsubmitted
Not Done
ReplyInline Actions

I am a little puzzle here. Let me copy your patch description here:

>When -mmanual-endbr is set, llvm refrains from automatically adding
>ENDBR instructions to functions' prologues, which would have been
>automatically added by -fcf-protection=branch. Although this works
>correctly, missing ENDBR instructions where they are actually needed
>could lead to broken binaries, which would fail only in running time.

I think the purpose of "-mmanual-endbr" should be "Supplementary Way" for the cases which the CET can't correctly insert endbr in automatic way.
Here (in if (needsPrologueENDBR(MF, M)) ) the automatic way will insert the endbr. So I think the job for "-mmanual-endbr" should be done in parallel with the old condition. Some like:

if (ManualENDBR ){
  do something
}else { // automatic
  if (needsPrologueENDBR(MF, M)) {insert endbr}
 }
}
xiangzhangllvm: I am a little puzzle here. Let me copy your patch description here: ``` >When -mmanual-endbr…
joaomoreiraUnsubmitted
Not Done
ReplyInline Actions

I don't think the idea of -mmanual-endbr is to have a supplementary way for corner cases where CET misses automatic placement. In my understanding the goal is to set the compiler to not emit ENDBRs unless the attribute cf_check is used, thus providing a way to manually reduce the number of valid targets.

For reference, here is a link for -mmanual-endbr on gcc, https://gcc.gnu.org/legacy-ml/gcc-patches/2018-12/msg00713.html and here are patches on xen that use the feature (and that also mention this review): https://www.mail-archive.com/xen-devel@lists.xenproject.org/msg114160.html

joaomoreira: I don't think the idea of -mmanual-endbr is to have a supplementary way for corner cases where…
xiangzhangllvmUnsubmitted
Not Done
ReplyInline Actions

Thanks! Ok, for "limit number of ENDBR instructions to reduce program size" here the code logic is make sense.

xiangzhangllvm: Thanks! Ok, for "limit number of ENDBR instructions to reduce program size" here the code…
// automatically add ENDBR instructions at the entry points of any
// functions, unless the function has the 'cf_check' attribute.
// Thus, every function that would need it (i.e. functions that
// could be jumped into from a function pointer (e.g. address
// taken functions)) should have the 'cf_check' attribute manually
// added to it. When they don't, the following diagnostics message
// helps programmers find the missing attribute.
DiagnosticInfoOptimizationFailure Diag(
MF.getFunction(), NULL,
"Function is possibly accessed from indirect branch, "
"but has no 'cf_check' attribute");
LLVMContext &Ctx = MF.getFunction().getContext();
Ctx.diagnose(Diag);
}
} }
for (auto &MBB : MF) { for (auto &MBB : MF) {
// Find all basic blocks that their address was taken (for example // Find all basic blocks that their address was taken (for example
// in the case of indirect jump) and add ENDBR instruction. // in the case of indirect jump) and add ENDBR instruction.
if (MBB.hasAddressTaken()) if (MBB.hasAddressTaken())
Changed |= addENDBR(MBB, MBB.begin()); Changed |= addENDBR(MBB, MBB.begin());
Show All 39 Lines

llvm/lib/Transforms/Utils/CodeExtractor.cpp

Show First 20 LinesShow All 952 Lines▼ Show 20 Lines if (Attr.isStringAttribute()) {
case Attribute::SpeculativeLoadHardening: case Attribute::SpeculativeLoadHardening:
case Attribute::StackProtect: case Attribute::StackProtect:
case Attribute::StackProtectReq: case Attribute::StackProtectReq:
case Attribute::StackProtectStrong: case Attribute::StackProtectStrong:
case Attribute::StrictFP: case Attribute::StrictFP:
case Attribute::UWTable: case Attribute::UWTable:
case Attribute::VScaleRange: case Attribute::VScaleRange:
case Attribute::NoCfCheck: case Attribute::NoCfCheck:
case Attribute::CfCheck:
case Attribute::MustProgress: case Attribute::MustProgress:
case Attribute::NoProfile: case Attribute::NoProfile:
break; break;
// These attributes cannot be applied to functions. // These attributes cannot be applied to functions.
case Attribute::Alignment: case Attribute::Alignment:
case Attribute::ByVal: case Attribute::ByVal:
case Attribute::Dereferenceable: case Attribute::Dereferenceable:
case Attribute::DereferenceableOrNull: case Attribute::DereferenceableOrNull:
▲ Show 20 LinesShow All 910 LinesShow Last 20 Lines

llvm/test/CodeGen/X86/cf_check.ll

  • This file was added.
; RUN: llc -mtriple=x86_64-unknown-unknown -x86-indirect-branch-tracking < %s | FileCheck %s
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; This test verifies the handling of ''cf_check'' attribute by the backend. ;;
;; The file was generated using the following C code: ;;
;; ;;
;; void NoCfCheckFunc(void) {} ;;
;; void __attribute__((cf_check)) CfCheckFunc(void) {} ;;
;; ;;
;; typedef void(*FuncPointer)(void); ;;
;; void CfCheckCall(FuncPointer f) { ;;
;; __attribute__((cf_check)) FuncPointer p = f; ;;
;; (*p)(); ;;
;; CfCheckFunc(); ;;
;; } ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Make sure that a function without ''*cf_check'' attributes is not instrumented
; with endbr instruction when ''-mmanual-endbr'' is in effect
define void @NoCfCheckFunc() #0 {
; CHECK-LABEL: NoCfCheckFunc
; CHECK-NOT: endbr64
entry:
ret void
}
; Make sure that a function with ''cf_check'' attribute is instrumented
; with endbr instruction at the beginning.
define void @CfCheckFunc() #1 {
; CHECK-LABEL: CfCheckFunc
; CHECK: endbr64
entry:
ret void
}
; Ensure the notrack prefix is not added before an indirect call using a pointer
; with ''cf_check'' attribute. Also ensure a direct call to a function with
; the ''cf_check'' attribute is correctly generated without notrack prefix.
define void @CfCheckCall(void ()* %0) #0 {
; CHECK-LABEL: CfCheckCall
; CHECK-NOT: notrack call
; CHECK: callq CfCheckFunc
entry:
%1 = alloca void ()*, align 8
%2 = alloca void ()*, align 8
store void ()* %0, void ()** %1, align 8
%3 = load void ()*, void ()** %1, align 8
store void ()* %3, void ()** %2, align 8
%4 = load void ()*, void ()** %2, align 8
call void %4() #2
call void @CfCheckFunc() #2
ret void
}
attributes #0 = { noinline nounwind optnone uwtable "frame-pointer"="all" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #1 = { cf_check noinline nounwind optnone uwtable "frame-pointer"="all" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #2 = { cf_check }
!llvm.module.flags = !{!0, !1}
!0 = !{i32 4, !"cf-protection-branch", i32 1}
!1 = !{i32 4, !"manual-endbr", i32 1}

llvm/test/CodeGen/X86/missing_cf_check.ll

  • This file was added.
; RUN: llc -mtriple=x86_64-unknown-unknown -x86-indirect-branch-tracking < %s 2>&1 | FileCheck %s
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Test that the compiler generates diagnostic messages for function pointer ;;
;; assignments in -mmanual-endbr mode. ;;
;; This program has been generated from the following source: ;;
;; ;;
;; __attribute__((nocf_check)) void foo(void) {} ;;
;; __attribute__((cf_check)) void bar(void) {} ;;
;; void baz(void) {} ;;
;; ;;
;; void foobar(void) { ;;
;; void (*fooptr)(void) = &foo; /* Should always warn. */ ;;
;; void (*barptr)(void) = &bar; /* Should never warn. */ ;;
;; void (*bazptr)(void) = &baz; /* Should warn with -mmanual-endbr. */ ;;
;; (*fooptr)(); ;;
;; (*barptr)(); ;;
;; (*bazptr)(); ;;
;; } ;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; Ensure that functions with 'nocf_check' attribute generate a
; diagnostics message when assigned to function pointer.
define dso_local void @foo() #0 {
entry:
ret void
}
; No warning should be generated for this function
define dso_local void @bar() #1 {
entry:
ret void
}
; Ensure that functions without 'cf_check' attribute generate a
; diagnostics message when assigned to function pointer in
; -mmanual-endbr mode.
define dso_local void @baz() #2 {
entry:
ret void
}
; Function Attrs: noinline nounwind optnone uwtable
define dso_local void @foobar() #2 {
entry:
%0 = alloca void ()*, align 8
%1 = alloca void ()*, align 8
%2 = alloca void ()*, align 8
store void ()* @foo, void ()** %0, align 8
store void ()* @bar, void ()** %1, align 8
store void ()* @baz, void ()** %2, align 8
%3 = load void ()*, void ()** %0, align 8
call void %3()
%4 = load void ()*, void ()** %1, align 8
call void %4()
%5 = load void ()*, void ()** %2, align 8
call void %5()
ret void
}
attributes #0 = { nocf_check noinline nounwind optnone uwtable "frame-pointer"="all" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #1 = { cf_check noinline nounwind optnone uwtable "frame-pointer"="all" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
attributes #2 = { noinline nounwind optnone uwtable "frame-pointer"="all" "min-legal-vector-width"="0" "no-trapping-math"="true" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" "tune-cpu"="generic" }
!llvm.module.flags = !{!0, !1}
!0 = !{i32 4, !"cf-protection-branch", i32 1}
!1 = !{i32 4, !"manual-endbr", i32 1}
; CHECK: warning: <unknown>:0:0: Function is possibly accessed from indirect branch, but has no 'cf_check' attribute
; CHECK: warning: <unknown>:0:0: Function is possibly accessed from indirect branch, but has no 'cf_check' attribute