This is an archive of the discontinued LLVM Phabricator instance.

Differential D119296

KCFI sanitizer
ClosedPublic

Authored by samitolvanen on Feb 8 2022, 3:30 PM.

Details

Reviewers
aaron.ballman
pcc
nickdesaulniers
ardb
kees
joaomoreira
MaskRay
efriedma
Commits
rGcff5bef948c9: KCFI sanitizer
rG67504c95494f: KCFI sanitizer
Summary

The KCFI sanitizer, enabled with -fsanitize=kcfi, implements a
forward-edge control flow integrity scheme for indirect calls. It
uses a !kcfi_type metadata node to attach a type identifier for each
function and injects verification code before indirect calls.

Unlike the current CFI schemes implemented in LLVM, KCFI does not
require LTO, does not alter function references to point to a jump
table, and never breaks function address equality. KCFI is intended
to be used in low-level code, such as operating system kernels,
where the existing schemes can cause undue complications because
of the aforementioned properties. However, unlike the existing
schemes, KCFI is limited to validating only indirect calls and is
not compatible with executable-only memory.

KCFI does not provide runtime support, but always traps when a
type mismatch is encountered. Users of the scheme are expected
to handle the trap. With -fsanitize=kcfi, Clang emits a kcfi
operand bundle to indirect calls, and LLVM lowers this to a
known architecture-specific sequence of instructions for each
callsite to make runtime patching easier for users who require this
functionality.

A KCFI type identifier is a 32-bit constant produced by taking the
lower half of xxHash64 from a C++ mangled typename. If a program
contains indirect calls to assembly functions, they must be
manually annotated with the expected type identifiers to prevent
errors. To make this easier, Clang generates a weak SHN_ABS
__kcfi_typeid_<function> symbol for each address-taken function
declaration, which can be used to annotate functions in assembly
as long as at least one C translation unit linked into the program
takes the function address. For example on AArch64, we might have
the following code:

.c:
  int f(void);
  int (*p)(void) = f;
  p();

.s:
  .4byte __kcfi_typeid_f
  .global f
  f:
    ...

Note that X86 uses a different preamble format for compatibility
with Linux kernel tooling. See the comments in
X86AsmPrinter::emitKCFITypeId for details.

As users of KCFI may need to locate trap locations for binary
validation and error handling, LLVM can additionally emit the
locations of traps to a .kcfi_traps section.

Similarly to other sanitizers, KCFI checking can be disabled for
a function with a no_sanitize("kcfi") function attribute.

Diff Detail

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
samitolvanen added inline comments.Jun 2 2022, 2:17 PM
llvm/lib/Target/X86/X86ISelLowering.h
83

Is there a reason why you really need specific KCFI_ nodes instead of only embedding the hash information into an attribute at the Machine Instruction?

This implementation is similar to CALL_RVMARKER, CALL_BTI and basically all other pseudo call instructions in LLVM. Is adding an attribute to MachineInstr the preferred approach instead?

I would also suggest that you at least don't name these as "KCFI_something", as in the future others might want to reuse the same structure for other CFI approaches.

Always happy to hear suggestions for alternative naming. Did you have something in mind?

joaomoreira added inline comments.Jun 2 2022, 2:41 PM
llvm/lib/Target/X86/X86ISelLowering.h
83

This implementation is similar to CALL_RVMARKER, CALL_BTI and basically all other pseudo call instructions in LLVM. Is adding an attribute to MachineInstr the preferred approach instead?

My understanding is that if, every time a new mitigation or optimization comes in, you create a new opcode for it, it will eventually bloat to non-feasibility.

Imagine you have some mitigation like kguard being implemented. Now you can have calls which are KCFI checked but not KGUARD checked; then KCFI not-checked but KGUARD checked; then KCFI and KGUARD checked.; then none-checked. And then you need all these variations for tail calls (which imho is a first, minor, instance of the problem)...

So, in general, my understanding is that this approach works, yeah, but that in the long term it could become a hassle... so ideally we should use attributes to define these sub-specific instructions instead of opcodes.

I would also suggest that you at least don't name these as "KCFI_something", as in the future others might want to reuse the same structure for other CFI approaches.

Always happy to hear suggestions for alternative naming. Did you have something in mind?

I think switching from KCFI into CFI would already be good enough, as in the end these are all implementing the control-flow integrity concept.

samitolvanen added inline comments.Jun 2 2022, 3:59 PM
llvm/lib/Target/X86/X86ISelLowering.h
83

My understanding is that if, every time a new mitigation or optimization comes in, you create a new opcode for it, it will eventually bloat to non-feasibility.

I do agree, if there are enough call variants that can be combined, this will quickly get messy. So far this probably just hasn't been an issue. I'm not particularly happy about the multiple pseudo instructions here either.

@pcc, any thoughts about the best way to make this cleaner? Should we switch to a MachineInstr attribute, or perhaps pass another operand with the specific call type, or something else?

so ideally we should use attributes to define these sub-specific instructions instead of opcodes.

One concern I have with using an attribute is that we have to ensure that no pass accidentally drops it while transforming the call instruction or replacing it with something else. That's not an issue if we have a separate pseudo instruction with the type as an operand. Did you run into any issues with this?

Also, how do you serialize the type attribute in MIR? Something similar to debug-instr-number?

I think switching from KCFI into CFI would already be good enough

Sure, sounds good to me. I'll change the naming once we have a consensus on the correct approach here.

MaskRay requested changes to this revision.Jun 6 2022, 10:33 PM

Please don't land the patch this state. There are several questions which should be sorted out first.

a) Naming

About the 'k' prefix: this is generic and does not need to be coupled with "kernel",
but perhaps an argument can be made that the 'k' does not need to refer to "kernel".

b) -fsanitize=function (D1338)

It is a very similar feature but uses prolog data (after the function label)
instead of prefix data (before the function label), with some limitation that
only available on x86 and restricted to C++.
I am thinking whether we can lift the C++ restriction (we'll need to move away from
CGM.GetAddrOfRTTIDescriptor) and switch to prefix data (easier to add more ports). @pcc

c) inliner

Add this change to enabling inlining

--- i/llvm/lib/Transforms/Utils/InlineFunction.cpp
+++ w/llvm/lib/Transforms/Utils/InlineFunction.cpp
@@ -1776,6 +1776,8 @@ llvm::InlineResult llvm::InlineFunction(CallBase &CB, InlineFunctionInfo &IFI,
         continue;
       if (Tag == LLVMContext::OB_clang_arc_attachedcall)
         continue;
+      if (Tag == LLVMContext::OB_kcfi)
+        continue;
 
       return InlineResult::failure("unsupported operand bundle");
     }

d) x86-64 scheme

Why is the following scheme picked? How are the double-int3 before and after movl useful?

        .type   test,@function
        .globl  __cfi_test                      # @test
        .type   __cfi_test,@function
__cfi_test:
        int3
        int3
        movl    $917620134, %eax                # imm = 0x36B1C5A6
        int3
        int3

e) __kcfi_typeid_*

This deserves a better description in the summary.

Is it useful to suppress the typeid symbol for _Z (if some C++ projects want to use this feature)? A mangled name has encoded the type information.

IIUC the current scheme only works when two TUs have address-taken declarations of the same name but with different signatures,
and done by a linker warning.

ELF linkers don't error for two SHN_ABS STB_GLOBAL symbols of the same st_value.
When the st_value fields differ, there will be a diagnostic. If needed, the specialized diagnostic can be added there.
But I'd prefer the lld patch to be separate and be properly tested (I add myself as a reviewer for lld/ELF changes to catch possibly unintended usage, sorry!)

% cat a.s
.globl foo
.set foo, 1
% cat b.s
.globl foo
.set foo, 2
% ld.lld a.o b.o
ld.lld: error: duplicate symbol: foo
>>> defined in a.o
>>> defined in b.o
clang/docs/ControlFlowIntegrity.rst
314

Don't repeat the heading.

clang/lib/CodeGen/CodeGenModule.cpp
2326
if (!(llvm::isAlnum(C) || C == '_' || C == '.'))
  return false;
6808

T

clang/lib/CodeGen/CodeGenModule.h
1465

Unlikely Emit*, there are many set* functions which use the correct case, so there is no excuse using the wrong case.

clang/lib/Driver/SanitizerArgs.cpp
727
llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp
1363

early return

1369

Use getCodePointerSIze().

A 4-byte PC-relative relocation is insufficient if text and data are more than 31-bit away.

llvm/lib/MC/MCObjectFileInfo.cpp
1149

Remove SHF_WRITE. The section doesn't need a dynamic relocation.

llvm/lib/Target/X86/X86AsmPrinter.cpp
140

For a temporary symbol (STB_LOCAL), no need to add __ prefix.

llvm/test/CodeGen/AArch64/kcfi-bti.ll
5

Add a test with "patchable-function-entry"="2"

This revision now requires changes to proceed.Jun 6 2022, 10:33 PM
samitolvanen added a comment.Jun 7 2022, 9:43 AM
In D119296#3562409, @MaskRay wrote:

a) Naming

About the 'k' prefix: this is generic and does not need to be coupled with "kernel",
but perhaps an argument can be made that the 'k' does not need to refer to "kernel".

This scheme was specifically designed for the kernel, hence the name. Clang has other CFI schemes for user space, and while this might be useful for other low-level software, everyone else is probably better off using -fsanitize=cfi. I'm always happy to hear ideas for improving naming, of course!

c) inliner

Add this change to enabling inlining

Good catch, I'll fix that in the next version.

d) x86-64 scheme

Why is the following scheme picked? How are the double-int3 before and after movl useful?

This preamble format was specifically requested by x86 kernel maintainers to avoid special casing objtool and to accommodate runtime patching. I'll add a comment to explain this.

e) __kcfi_typeid_*

This deserves a better description in the summary.

Sure, I'll add better description.

Is it useful to suppress the typeid symbol for _Z (if some C++ projects want to use this feature)? A mangled name has encoded the type information.

It's not, we still need a symbol that can be referenced directly in assembly code without having to compute the actual hash.

IIUC the current scheme only works when two TUs have address-taken declarations of the same name but with different signatures,
and done by a linker warning.

Yes, this will build, but an indirect call from the TU with an incorrect declaration will result in a runtime error.

ELF linkers don't error for two SHN_ABS STB_GLOBAL symbols of the same st_value.
When the st_value fields differ, there will be a diagnostic. If needed, the specialized diagnostic can be added there.

OK, so we could just not make the symbols weak and end up failing at link time if there's a mismatch. That sounds reasonable to me.

But I'd prefer the lld patch to be separate and be properly tested (I add myself as a reviewer for lld/ELF changes to catch possibly unintended usage, sorry!)

Sure, I'll drop the lld change from this patch and we can improve the error message later. I'll address the remaining inline comments you had in the next version as well. Thanks for taking a look!

llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp
1369

Use getCodePointerSIze().

A 4-byte PC-relative relocation is insufficient if text and data are more than 31-bit away.

I did use that earlier, but the kernel maintainers specifically requested that I use a 32-bit offset instead to reduce memory overhead. The kernel uses this scheme also for static call addresses, so the 31-bit limit doesn't seem to be a concern in practise.

samitolvanen updated this revision to Diff 434974.Jun 7 2022, 3:35 PM
samitolvanen marked 9 inline comments as done.
  • Addressed Fangrui's feedback.
  • Renamed KCFI_* DAG nodes and pseudo instructions to CFI_* for now based on Joao's feedback. Still looking for more feedback on the best way to implement this part.
lld/ELF/Symbols.cpp
553 ↗(On Diff #433795)

Dropped the lld changes for now, and will send another patch to improve the error message later.

llvm/test/CodeGen/AArch64/kcfi-bti.ll
5

Added the "patchable-function-entry"="2" test to AArch64/kcfi.ll.

samitolvanen edited the summary of this revision. (Show Details)Jun 7 2022, 3:36 PM
samitolvanen added a comment.Jun 7 2022, 4:22 PM
In D119296#3562409, @MaskRay wrote:

ELF linkers don't error for two SHN_ABS STB_GLOBAL symbols of the same st_value.
When the st_value fields differ, there will be a diagnostic. If needed, the specialized diagnostic can be added there.

After testing this a bit further, it looks like this won't work with LTO where we're not yet linking ELF object files. For example:

$ llvm-modextract -b -n 0 -o - sound/soc/sh/rcar/dma.o | llvm-dis | grep __kcfi_typeid_rsnd_mod_get_status
module asm ".globl __kcfi_typeid_rsnd_mod_get_status"
module asm ".set __kcfi_typeid_rsnd_mod_get_status, 463955820"
$ llvm-modextract -b -n 0 -o - sound/soc/sh/rcar/cmd.o | llvm-dis | grep __kcfi_typeid_rsnd_mod_get_status
module asm ".globl __kcfi_typeid_rsnd_mod_get_status"
module asm ".set __kcfi_typeid_rsnd_mod_get_status, 463955820"
$ ld.lld -r -o test.o sound/soc/sh/rcar/dma.o sound/soc/sh/rcar/cmd.o
ld.lld: error: duplicate symbol: __kcfi_typeid_rsnd_mod_get_status
>>> defined in sound/soc/sh/rcar/dma.o
>>> defined in sound/soc/sh/rcar/cmd.o

Do you have any thoughts on how to solve this without going back to a weak symbol?

Harbormaster completed remote builds in B168425: Diff 434974.Jun 7 2022, 4:42 PM
samitolvanen updated this revision to Diff 435685.Jun 9 2022, 2:21 PM
  • Per Fangrui's request, added comments explaining the X86 preamble format, and a note about it to the patch summary.
  • Switched back to .weak for the __kcfi_typeid_ symbols to fix compatibility with LTO. Whether we need a warning for symbol value mismatches and how this should be implemented can be addressed later. The warning isn't critical for the functionality and mismatches should be extremely rare.
samitolvanen edited the summary of this revision. (Show Details)Jun 9 2022, 2:22 PM
Herald added a subscriber: kristof.beyls. · View Herald TranscriptJun 9 2022, 2:22 PM
Harbormaster completed remote builds in B168915: Diff 435685.Jun 9 2022, 3:42 PM
ychen added inline comments.Jun 9 2022, 6:13 PM
clang/lib/CodeGen/CodeGenModule.cpp
2317

FYI: using prefix data may not work for the C++ coroutine. (https://github.com/llvm/llvm-project/issues/49689) because corosplit pass may clone coro functions and change its function type. But prefix data is opaque, so there is no way to detect this, and then drop the prefix data in the corosplit pass.

If this is a concern for now or for the near future, it might be better to use alternative approaches like D115844.

samitolvanen added inline comments.Jun 10 2022, 9:18 AM
clang/lib/CodeGen/CodeGenModule.cpp
2317

FYI: using prefix data may not work for the C++ coroutine.

Thanks for the link, that's interesting. The Linux kernel doesn't use C++ so this isn't a concern there, but I suppose there could theoretically also be C++ users for this feature. @pcc, any thoughts if we should just switch from prefix data to a metadata node here?

samitolvanen updated this revision to Diff 438010.Jun 17 2022, 12:43 PM

Rebased after ToT member function name changes.

Harbormaster completed remote builds in B170588: Diff 438010.Jun 17 2022, 2:21 PM
samitolvanen updated this revision to Diff 439099.Jun 22 2022, 11:05 AM

Switched from prefix data + attribute to a metadata node based on previous discussion. This seems to be a cleaner solution overall.

Harbormaster completed remote builds in B171379: Diff 439099.Jun 22 2022, 11:06 AM
samitolvanen updated this revision to Diff 439137.Jun 22 2022, 1:00 PM

Fixed the debug output in InstCombine to use metadata as well.

Harbormaster completed remote builds in B171407: Diff 439137.Jun 22 2022, 2:37 PM
pcc added inline comments.Jun 23 2022, 6:59 PM
clang/lib/CodeGen/CodeGenModule.cpp
2317

I think the issue with coroutines was more about the fact that the function was cloned (invalidating the relative reference in the prefix data) than that the function type was changed. I seem to recall from a discussion with the coroutine folks that the functions created by the coroutine pass with different types aren't actually intended to be called directly from C/C++, so the fact that the types are changed doesn't matter.

I think the main advantage of metadata here would be in doing things like the check for type mismatches in direct calls more easily, so it seems like a reasonable approach even though the rationale is different.

6817

It would be better to have a separate function for computing the KCFI type ids than to try and reuse this one, since you don't need the MDStrings (i.e. unnecessary string uniquing) in your new caller. It also isn't appropriate to pass MetadataIdMap in your new caller because you'll end up with inconsistent values added to MetadataIdMap if we end up calling the other caller (e.g. if both CFI and KCFI are enabled), but that's moot if you avoid it.

llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
2546

For PAuth ABI the motivation for avoiding the gap between check and call was around avoiding spilling the verified pointer, is this not possible with KCFI?

llvm/lib/Target/X86/X86AsmPrinter.cpp
124

If this is just about satisfying objtool do these symbols need to be exported or can they just be STB_LOCAL?

llvm/lib/Target/X86/X86ISelLowering.h
83

Would it make sense to add a field to MachineInstr::ExtraInfo to hold the additional information here? That way you can avoid increasing the size of MachineInstr.

llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
3119

With CFI, if this situation occurs we unconditionally crash, the rationale being that if we end up in this situation it is a situation unexpected by the developer and may even be intended to be unreachable at runtime, so it's best to crash if it does occur. The same approach is used for things like UBSan integer overflow checks if the optimizer figures out that the overflow will always happen. If I'm understanding the code correctly KCFI will just let the call occur in this case and I'm not sure if that's a good idea.

samitolvanen planned changes to this revision.Jun 24 2022, 10:45 AM
samitolvanen added inline comments.
clang/lib/CodeGen/CodeGenModule.cpp
6817

The code in SanitizerArgs.cpp doesn't allow both CFI and KCFI to be enabled at the same time, but you're right, it's probably better to just split this into a separate function for KCFI. I'll do that in the next version.

llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
2546

I don't believe that's a concern here. We might emit instructions for setting up call arguments between the check and the call, but nothing should spill the pointer or change the target register anymore. The main reason to avoid bundling the check and the call is to avoid further complications with expanding the remaining pseudo instructions.

llvm/lib/Target/X86/X86AsmPrinter.cpp
124

They don't have to be exported, but we ran into some objtool confusion when the parent function was weak, so it's easier to just use the same linkage for the preamble symbol.

llvm/lib/Target/X86/X86ISelLowering.h
83

I'll look into it. Per offline discussion, we might need a similar construction for SDNode to avoid increasing memory usage too much should we go with type hash attributes instead.

llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
3119

The difference here is that unlike with CFI, we never emit KCFI checks for direct calls in the back-end. While this code drops unnecessary kcfi operand bundles from the IR, it doesn't actually change the machine code we generate.

Also, I would argue that KCFI should focus only on runtime protection of actual indirect calls, and otherwise shouldn't trap on potential undefined behavior that already exists. Causing a runtime failure for something we can detect at compile-time and don't aim to protect against doesn't sound ideal, especially in the kernel where we prefer to avoid crashing unnecessarily. I did consider changing this to a warning though, so the developers are notified of potential issues, but opted for debug logging for now. Thoughts?

samitolvanen updated this revision to Diff 440389.Jun 27 2022, 2:09 PM
  • Moved to a standalone function for generating KCFI type hashes in Clang.
  • Switched from pseudo instructions to a MachineInstr::ExtraInfo + SDNode attributes.
  • Added KCFI passes for emitting the indirect call checks.
llvm/lib/Target/X86/X86ISelLowering.h
83

In my testing, adding a uint32_t attribute to SDNode increased max RSS by ~0.15% during a kernel build. As there's no ExtraInfo type construction in SDNode currently, adding one would increase memory usage more. Perhaps we can look into that if more attributes are needed?

Harbormaster completed remote builds in B172321: Diff 440389.Jun 27 2022, 4:07 PM
nickdesaulniers accepted this revision.Jun 30 2022, 11:21 AM

I see you modified the mir parser & printer; consider adding a .mir test.

Still LGTM. Might be nice to document the generated asm more for other compiler vendors to better understand the implementation, rather than having to read the tests added here.

clang/lib/CodeGen/CodeGenFunction.h
4616

Should this parameter be an ArrayRef? This might be a more precise type, but seeing an impl type kind of breaks the whole pImpl idiom; I'm pretty sure that's what ArrayRef is for.
https://llvm.org/docs/ProgrammersManual.html#llvm-adt-arrayref-h
That said, this header is pretty inconsistent in the use of SmallVectorImp vs ArrayRef, but I *think* ArrayRef is strongly preferred.

llvm/lib/CodeGen/MachineInstr.cpp
1773–1774

If FirstOp is false, reassign it false? Is that right? I see that's what's done on L1763, but..."what?"

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
7835–7847

Can we check whether the CallBase is an indirect call first before bothering with getting the operand bundle?

7836–7854

Are we able to reorder these?

CLI.setDebugLoc ...
  ...
if (Bundle && CB.isIndirectCall) {
  ...
  CLI.setCFIType ...
llvm/lib/Target/AArch64/AArch64KCFI.cpp
107

const auto &SubTarget = ...

llvm/lib/Target/X86/X86KCFI.cpp
111

const auto &SubTarget = ...

samitolvanen updated this revision to Diff 441546.Jun 30 2022, 4:07 PM
samitolvanen marked 3 inline comments as done.

Added a MIR parser test for cfi-type, address Nick's other feedback.

samitolvanen added a comment.Jun 30 2022, 4:08 PM
In D119296#3623059, @nickdesaulniers wrote:

I see you modified the mir parser & printer; consider adding a .mir test.

I added a .mir test for parsing the cfi-type. The machine instructions generated for the various call types are covered in the .ll tests.

Might be nice to document the generated asm more for other compiler vendors to better understand the implementation, rather than having to read the tests added here.

The exact instruction sequence is also documented in the kernel patches in case other compiler vendors want to implement this, but sure, that makes sense. I assume comments in the various AsmPrinter functions would be sufficient?

clang/lib/CodeGen/CodeGenFunction.h
4616

I don't believe I can use ArrayRef when I need to append to the list, it appears to be read-only.

llvm/lib/CodeGen/MachineInstr.cpp
1773–1774

Ah yes, it looks like this has been copied a few times earlier already. I'll stop the cycle.

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
7836–7854

We can reorder these, but this does follow the same convention as the rest of the function. I assume CallLoweringInfo was specifically designed so that the arguments can all be initialized in one statement.

Harbormaster completed remote builds in B173145: Diff 441546.Jun 30 2022, 5:27 PM
MaskRay added a comment.Jul 1 2022, 12:42 PM

It uses LLVM prefix data to store a type identifier for each function and injects verification code before indirect calls.

Is "prefix data" stale now?

MaskRay added a comment.EditedJul 1 2022, 12:45 PM

There are 30+ comments not marked as "done". Having so many is distracting to reviewers as it's unclear whether this is in a ready-for-review state.
I personally definitely don't consider this in a ready-for-land state.

clang/include/clang/Basic/Features.def
233

move before modules for an alphabetical order.

MaskRay requested changes to this revision.Jul 1 2022, 12:59 PM
MaskRay added inline comments.
clang/lib/CodeGen/CodeGenModule.cpp
2312

delete blank line

2318

delete blank line

clang/test/CodeGen/kcfi.c
3

If -O2 has different behavior, having the test in clang/test/CodeGen is likely a layering violation.
Optimization tests should be placed in llvm/test/, in the relevant pass. Folks working on llvm optimizations generally don't want to test every frontend.

clang/test/Driver/fsanitize.c
652

Use modern spelling --target=. -target is deprecated

This revision now requires changes to proceed.Jul 1 2022, 12:59 PM
MaskRay added inline comments.Jul 1 2022, 1:29 PM
clang/lib/CodeGen/CodeGenModule.h
1467

End with a period.

This function can be lower-case as well. There is no strong precedent to keep it upper-case.

clang/lib/Driver/SanitizerArgs.cpp
63–65

This is incorrect.

If a violation is found, ud2 is executed. ud2 is not followed by normal control flow so I don't think recovery from the error is supported.

This seems like Unrecoverable

clang/test/CodeGen/kcfi.c
3

If may be useful to have a -x c++ test.

Add a not-address-taken external linkage function.

8

Optional: COM: is fine. But to make non-RUN non-CHECK lines stand out (from editor highlighting), a simpler /// suffices as well.

llvm/docs/LangRef.rst
7240
MaskRay added inline comments.Jul 1 2022, 1:38 PM
llvm/lib/Target/X86/X86AsmPrinter.cpp
130

A previous comment isn't done. This doesn't explain that the double-int3 before and after the identifier is an objtool requirement (or similar).

samitolvanen edited the summary of this revision. (Show Details)Jul 6 2022, 11:24 AM
samitolvanen updated this revision to Diff 442647.Jul 6 2022, 11:26 AM
samitolvanen marked 31 inline comments as done.

Addressed Fangrui's feedback.

samitolvanen added a comment.Jul 6 2022, 11:26 AM
In D119296#3625796, @MaskRay wrote:

It uses LLVM prefix data to store a type identifier for each function and injects verification code before indirect calls.

Is "prefix data" stale now?

Yes, I forgot to update the commit message here. Fixed.

There are 30+ comments not marked as "done". Having so many is distracting to reviewers as it's unclear whether this is in a ready-for-review state.

My bad, I wasn't familiar with the convention here. I've just been marking my replies as done.

I personally definitely don't consider this in a ready-for-land state.

I left some questions about your comments below. PTAL.

samitolvanen added inline comments.Jul 6 2022, 11:26 AM
clang/lib/Driver/SanitizerArgs.cpp
63–65

This variable is only used to indicate whether -fno-sanitize-recover command line parameter can be used with the sanitizer. It makes no sense to allow this with KCFI as we always emit a recoverable instruction sequence, hence it's included here.

Also, ud2 absolutely is recoverable in the kernel, and Linux specifically uses ud2 to trigger warnings in assembly code.

clang/test/CodeGen/kcfi.c
3

If -O2 has different behavior, having the test in clang/test/CodeGen is likely a layering violation.

Good point, the -O2 test isn't actually relevant anymore as we no longer rely on it. I'll drop it.

Optimization tests should be placed in llvm/test/, in the relevant pass.

Yes, the InstCombine test below covers this already.

3

If may be useful to have a -x c++ test.

Would you mind elaborating on this? The main difference with -x c++ is the name mangling, I'm not sure if that adds much value in this case.

Add a not-address-taken external linkage function.

Added.

clang/test/Driver/fsanitize.c
652

Use modern spelling --target=. -target is deprecated

It doesn't look like --target works here:

clang-15: error: unsupported option '--target'; did you mean '-target'?

Also the rest of the file uses -target, so perhaps these can all be updated at once when the flag is deprecated?

llvm/lib/Target/X86/X86AsmPrinter.cpp
130

A previous comment isn't done. This doesn't explain that the double-int3 before and after the identifier is an objtool requirement (or similar).

These are not objtool requirements, and I believe the comments do explain why the int3 padding is added. The first two are to reserve some space for runtime patching this code, and the latter two is to avoid call target gadgets in the checks. I'm obviously happy to improve the comments, is there something specific you'd like me to add?

Harbormaster completed remote builds in B173956: Diff 442647.Jul 6 2022, 12:46 PM
samitolvanen updated this revision to Diff 443022.Jul 7 2022, 12:05 PM
samitolvanen marked 2 inline comments as done.

Addressed the rest of Fangrui's comments after clarifying the open questions with him offline.

MaskRay added inline comments.Jul 7 2022, 12:18 PM
clang/lib/Driver/SanitizerArgs.cpp
63–65

ud2 being recoverable in the kernel is insufficient. The IR should consider this recoverable. In the presence of a failure, the control flow should be transferred as if no failure happens. E.g. for an asan out-of-bounds failure, the code should behave as if the failure is ignored.

samitolvanen marked an inline comment as done.Jul 7 2022, 12:46 PM
samitolvanen added inline comments.
clang/lib/Driver/SanitizerArgs.cpp
63–65

ud2 being recoverable in the kernel is insufficient. The IR should consider this recoverable. In the presence of a failure, the control flow should be transferred as if no failure happens. E.g. for an asan out-of-bounds failure, the code should behave as if the failure is ignored.

Sure, that's exactly now the code we emit here works as well. There are no traps emitted to the IR code, we only add an operand bundle to indirect calls, which doesn't affect the control flow as far as the IR is concerned.

Harbormaster completed remote builds in B174233: Diff 443022.Jul 7 2022, 2:16 PM
samitolvanen updated this revision to Diff 444022.Jul 12 2022, 11:19 AM
samitolvanen marked 2 inline comments as done.
  • Added a missing equivalency check to MachineInstr.
MaskRay added a comment.Jul 12 2022, 8:23 PM

Mostly looks good.

clang/lib/CodeGen/CodeGenModule.cpp
2325

Use llvm::all_of or llvm::any_of

llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
332

Add const. Delete blank line after the declaration.

350

Add const

384

delete blank line

401

delete blank line

llvm/lib/Target/AArch64/AArch64KCFI.cpp
63

delete blank line

104

delete blank line

llvm-project doesn't typically add a blank line after a variable declaration. please fix other places in this patch.

112

delete blank line

118

don't use early return if the then part is simple.

llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp
1185
} else if (Info.CFIType) {
  ...
}
llvm/lib/Target/X86/X86KCFI.cpp
102

delete blank line

108

MaskRayUnsubmittedDone
delete blank line

116

delete blank line

122

Fix this in a way similar to AArch64.

samitolvanen updated this revision to Diff 444395.Jul 13 2022, 12:48 PM
samitolvanen marked 14 inline comments as done.

Addressed Fangrui's feedback.

llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
332

Deleted the blank line, but this can't be const because it's assigned to in the if statement below.

MaskRay accepted this revision.Jul 13 2022, 12:52 PM

Worth waiting a bit and checking whether @pcc has more comments.

This revision is now accepted and ready to land.Jul 13 2022, 12:52 PM
Harbormaster completed remote builds in B175220: Diff 444395.Jul 13 2022, 4:18 PM
samitolvanen updated this revision to Diff 445523.Jul 18 2022, 8:43 AM
  • Simplified AArch64 by dropping the KCFI_CHECK_BTI pseudo and just using a different caller-saved temporary register if needed.
  • Added -verify-machineinstrs to llc tests.
Harbormaster completed remote builds in B176049: Diff 445523.Jul 18 2022, 11:03 AM
samitolvanen planned changes to this revision.Jul 22 2022, 4:12 PM

Based on the recent LKML discussions about X86 retbleed mitigations (https://lore.kernel.org/lkml/20220716230344.239749011@linutronix.de/), we're going to need some changes to the code generated for X86.

MaskRay added a comment.Jul 22 2022, 4:16 PM

(Will read new updates.)

Note that release/15.x is branching soon (https://discourse.llvm.org/t/llvm-15-0-0-release-schedule/63495): 2022-07-26.
It seems that we can miss the branch to have more time mature the feature and have it for 16.0.

samitolvanen updated this revision to Diff 447476.Jul 25 2022, 2:36 PM

Addressed conflicts with X86 retbleed mitigations (https://lore.kernel.org/lkml/20220716230344.239749011@linutronix.de/):

  1. Changed the type check instruction sequence emitted by X86AsmPrinter::LowerKCFI_CHECK not to include the full constant, which allows us to freely position the function preamble without worrying about call target gadgets at indirect call sites.
  2. Changed the lowering code to take patchable-function-prefix into account, and allowed -fpatchable-function-entry=N,M where M>0 to be used in Clang with KCFI.
  3. As we must maintain alignment of the function entry on X86 to avoid performance regressions (https://lore.kernel.org/lkml/87ilnuuiw8.ffs@tglx/), changed the preamble padding to ensure the function entry remains aligned with KCFI, also when combined with patchable-function-prefix.
This revision is now accepted and ready to land.Jul 25 2022, 2:36 PM
Herald added a subscriber: mingmingl. · View Herald TranscriptJul 25 2022, 2:36 PM
samitolvanen edited the summary of this revision. (Show Details)Jul 25 2022, 2:37 PM
In D119296#3673297, @MaskRay wrote:

It seems that we can miss the branch to have more time mature the feature and have it for 16.0.

Sure, that sounds reasonable.

Harbormaster completed remote builds in B177471: Diff 447476.Jul 25 2022, 4:15 PM
joaomoreira accepted this revision.Jul 27 2022, 8:44 PM

I really like this revision. It removes the redundancy of having KCFI passes both in CodeGen and in the backend; it detangles CALL instructions from KCFI by creating a new MIR instruction; it fixes alignment while still supporting the -fpatchable-function-entry option; it doesn't add hashes/gadgets through the code as it was before needed by the use of cmp instructions. With all this said, the patch LGTM.

I tested the patch compiling toy snippets and also compiling the kernel and found no issues.

Some minor suggestions/not so relevant:

  • Change the name of CFIType to CFIHash, as it is probably more descriptive.
  • Change the KCFI.* into CFI.* where the passes/structures can be re-used by a different CFI approach. For example, X86KCFI::emitCheck can be easily re-used by other CFI schemes. Similarly, the LowerKCFI_CHECK function can also be easily re-used. Because these other approaches are hypothetical by now, this is not a big deal... but may be subject to changes in the future, in case someone comes up with new schemes.
  • Deny the ENDBR64/32 opcodes as valid hashes for the CFIType. There was an effort in the past to prevent it from being emitted as an immediate, thus, perhaps, we should also care. Since FineIBT may inherit hashes from KCFI, it would be great to prevent these from becoming valid indirect targets or needing to be checked.

Some relevant optimizations/improvements for future work:

  • When LTO is used, hashes may be suppressed for non-local + non-address taken functions.
  • As suggested by Andy Cooper, add a salt attribute that allows to differentiate hashes of functions with the same prototype.
llvm/include/llvm/CodeGen/SelectionDAGNodes.h
625

I wonder if CFIHash would be a more descriptive name.

samitolvanen updated this revision to Diff 448454.Jul 28 2022, 3:13 PM
  • Ensured that we don't emit ENDBR64/32 as the type hash on X86.
samitolvanen added a comment.Jul 28 2022, 3:13 PM
In D119296#3684022, @joaomoreira wrote:

Some minor suggestions/not so relevant:

  • Change the name of CFIType to CFIHash, as it is probably more descriptive.

My thinking here was that Type is more generic than a Hash, but I don't really have a strong opinion about this.

  • Change the KCFI.* into CFI.* where the passes/structures can be re-used by a different CFI approach. For example, X86KCFI::emitCheck can be easily re-used by other CFI schemes. Similarly, the LowerKCFI_CHECK function can also be easily re-used. Because these other approaches are hypothetical by now, this is not a big deal... but may be subject to changes in the future, in case someone comes up with new schemes.

Sure, it should be trivial for a future patch that wants to reuse this code to rename the functions and classes as needed.

  • Deny the ENDBR64/32 opcodes as valid hashes for the CFIType. There was an effort in the past to prevent it from being emitted as an immediate, thus, perhaps, we should also care. Since FineIBT may inherit hashes from KCFI, it would be great to prevent these from becoming valid indirect targets or needing to be checked.

Good point. It should be quite unlikely that we'll end up randomly generating ENDBR as a hash, but I added a helper to the X86 code to ensure we don't end up emitting these values.

Some relevant optimizations/improvements for future work:

  • When LTO is used, hashes may be suppressed for non-local + non-address taken functions.
  • As suggested by Andy Cooper, add a salt attribute that allows to differentiate hashes of functions with the same prototype.

Agreed, and another request from Peter Z was to add a flag to omit ENDBR from functions with the !kcfi_type attribute. I think these can all be separate follow-up patches.

Harbormaster completed remote builds in B178159: Diff 448454.Jul 28 2022, 5:09 PM
joaomoreira added inline comments.Aug 12 2022, 12:00 PM
llvm/lib/Target/X86/X86AsmPrinter.cpp
126

Can we use another constant blinding scheme, such as a Value++ or anything else? This way, we would prevent endbrs from being emitted in the indirect branch guards too.

Since we are using Value (prologue) and ~Value (caller/guard) for doing the checks, we also need to check if ~ENDBR was picked as a KCFIType, otherwise ENDBR will be emitted in the ibranch guards.

llvm/test/CodeGen/X86/kcfi.ll
92

We need to also ensure/test that these are not emitted in the caller/indirect branch guards.

I assume that in the current scheme (blinding with ~Value) would be unfeasible to do this, so maybe we need a different approach for masking (as suggested above).

samitolvanen updated this revision to Diff 452339.Aug 12 2022, 5:47 PM
samitolvanen marked 2 inline comments as done.
  • Changed MaskKCFIType to also avoid negative invalid patterns and return Value + 1 for clarity.
llvm/lib/Target/X86/X86AsmPrinter.cpp
126

Can we use another constant blinding scheme, such as a Value++ or anything else? This way, we would prevent endbrs from being emitted in the indirect branch guards too.

Since we are using Value (prologue) and ~Value (caller/guard) for doing the checks, we also need to check if ~ENDBR was picked as a KCFIType, otherwise ENDBR will be emitted in the ibranch guards.

I don't mind changing this to Value + 1, but that actually doesn't change anything because we emit -Value in indirect call checks, not ~Value. Therefore, using ~Value works equally well here.

Specifically, this code currently emits ~Valuein the preamble and -(~Value) == Value + 1 in the indirect call check. Switching to Value + 1 simply reverses the order; we'll emit Value + 1 in the preamble and -(Value + 1) == ~Value in the indirect call check.

However, you are right that we also need to avoid -ENDBR in this function. I'll fix that and clarify the comment.

llvm/test/CodeGen/X86/kcfi.ll
92

Added a test for -ENDBR too.

Harbormaster completed remote builds in B181026: Diff 452339.Aug 12 2022, 6:58 PM
joaomoreira added inline comments.Aug 13 2022, 1:02 AM
llvm/lib/Target/X86/X86AsmPrinter.cpp
126

Oops, got confused with the operands, tks for clearing it up. Otherwise, changes LGTM.

MaskRay added a comment.Aug 18 2022, 4:45 PM

OK, so we could just not make the symbols weak and end up failing at link time if there's a mismatch. That sounds reasonable to me.

For STB_WEAK SHN_ABS __kcfi_typeid_*, there is no duplicate definition error. Is this behavior intentional?
Note: I don't think we should change lld to recognize some symbol prefix and enforce more rigid diagnostics.
An error must be implemented with existing ELF features.

clang/lib/CodeGen/CodeGenModule.cpp
2345–2347
if (const llvm::MDNode *MD = F.getMetadata(llvm::LLVMContext::MD_kcfi_type))
  Type = ...
else
  continue;
MaskRay added inline comments.Aug 18 2022, 4:47 PM
llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
330

const?

331

delete blank line

MaskRay added a reviewer: efriedma.Aug 18 2022, 4:47 PM
samitolvanen updated this revision to Diff 453838.Aug 18 2022, 5:15 PM
samitolvanen marked 3 inline comments as done.

Addressed Fangrui's comments.

samitolvanen added a comment.Aug 18 2022, 5:15 PM
In D119296#3733753, @MaskRay wrote:

For STB_WEAK SHN_ABS __kcfi_typeid_*, there is no duplicate definition error. Is this behavior intentional?

Yes, this is by design. Multiple translation units must be able to take the address of the same function declaration, and it must be possible to link them together.

Note: I don't think we should change lld to recognize some symbol prefix and enforce more rigid diagnostics.
An error must be implemented with existing ELF features.

Sure, that's reasonable. I don't think we need more diagnostics here as __kcfi_typeid_ value mismatches are unlikely, but should the need arise, we can figure out the best way to implement them later. Note that this must also work with LTO when linking bitcode files, so we can't rely on ELF features alone.

llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp
330

This can't be const because we assign to this array below in the for (auto &Reg : ScratchRegs) loop.

Harbormaster completed remote builds in B182119: Diff 453838.Aug 18 2022, 7:36 PM
efriedma added inline comments.Aug 19 2022, 12:41 PM
clang/docs/ControlFlowIntegrity.rst
319

To clarify, by "indirect call checking", do you mean function pointers specifically? Or does this also work for C++ vtables/member function pointers?

samitolvanen added inline comments.Aug 19 2022, 12:47 PM
clang/docs/ControlFlowIntegrity.rst
319

Yes, function pointers only. I'll clarify this part.

samitolvanen updated this revision to Diff 454096.Aug 19 2022, 1:28 PM
samitolvanen marked an inline comment as done.

Clarified that KCFI checks only function pointers in the documentation.

Harbormaster completed remote builds in B182287: Diff 454096.Aug 19 2022, 2:23 PM
kees accepted this revision.Aug 19 2022, 3:12 PM
This revision was landed with ongoing or failed builds.Aug 24 2022, 12:02 PM
Closed by commit rG67504c95494f: KCFI sanitizer (authored by samitolvanen). · Explain Why
This revision was automatically updated to reflect the committed changes.
samitolvanen added a commit: rG67504c95494f: KCFI sanitizer.
samitolvanen added a reverting change: rGa79060e27544: Revert "KCFI sanitizer".Aug 24 2022, 12:31 PM
samitolvanen added inline comments.Aug 24 2022, 12:35 PM
llvm/include/llvm/CodeGen/MachineInstr.h
265

This fails on 32-bit architectures as PointerEmbeddedInt doesn't allow storing 32 bits in a 32-bit pointer:

// Note: This '<' is correct; using '<=' would result in some shifts
// overflowing their storage types.
static_assert(Bits < sizeof(uintptr_t) * CHAR_BIT,
              "Cannot embed more bits than we have in a pointer!")
samitolvanen added inline comments.Aug 24 2022, 3:46 PM
llvm/include/llvm/CodeGen/MachineInstr.h
265

PointerSumType also needs space for a tag, which we don't have in a 32-bit pointer. Looks like we just need to always store CFIType in ExtraInfo to avoid this issue, similarly to HeapAllocMarker.

samitolvanen added a commit: rGcff5bef948c9: KCFI sanitizer.Aug 24 2022, 3:46 PM
samitolvanen mentioned this in D148385: [RISCV] Implement KCFI operand bundle lowering.Apr 14 2023, 3:14 PM
samitolvanen mentioned this in rG62fa708ceb02: [RISCV] Implement KCFI operand bundle lowering.Jun 23 2023, 11:40 AM
samitolvanen mentioned this in rG83835e22c7cd: [RISCV] Implement KCFI operand bundle lowering.Jun 23 2023, 3:58 PM

Revision Contents

PathSize
clang/
docs/
13 lines
2 lines
include/
clang/
Basic/
1 line
3 lines
lib/
CodeGen/
4 lines
3 lines
8 lines
9 lines
75 lines
Driver/
15 lines
3 lines
test/
CodeGen/
58 lines
Driver/
12 lines
llvm/
docs/
40 lines
include/
llvm/
CodeGen/
3 lines
GlobalISel/
3 lines
8 lines
58 lines
5 lines
9 lines
IR/
1 line
3 lines
1 line
MC/
3 lines
lib/
CodeGen/
AsmPrinter/
27 lines
GlobalISel/
6 lines
MIRParser/
1 line
1 line
17 lines
6 lines
5 lines
39 lines
SelectionDAG/
3 lines
16 lines
IR/
3 lines
5 lines
33 lines
MC/
19 lines
Target/
AArch64/
2 lines
106 lines
1 line
5 lines
2 lines
9 lines
5 lines
115 lines
3 lines
1 line
GISel/
5 lines
X86/
1 line
4 lines
6 lines
81 lines
1 line
4 lines
2 lines
8 lines
9 lines
126 lines
49 lines
29 lines
Transforms/
InstCombine/
25 lines
Scalar/
10 lines
Utils/
2 lines
test/
Bitcode/
1 line
CodeGen/
AArch64/
1 line
1 line
92 lines
47 lines
79 lines
MIR/
X86/
42 lines
X86/
2 lines
52 lines
117 lines
2 lines
Transforms/
InstCombine/
25 lines
TailCallElim/
10 lines
Verifier/
16 lines
39 lines
utils/
gn/
secondary/
llvm/
lib/
Target/
AArch64/
1 line
X86/
1 line

Diff 455316

clang/docs/ControlFlowIntegrity.rst

Show First 20 LinesShow All 300 Lines▼ Show 20 Lines
programs, whereas ``-fsanitize=cfi-icall`` can protect both C and C++ programs. programs, whereas ``-fsanitize=cfi-icall`` can protect both C and C++ programs.
On the other hand, ``-fsanitize=function`` conforms more closely with the C++ On the other hand, ``-fsanitize=function`` conforms more closely with the C++
standard and user expectations around interaction with shared libraries; standard and user expectations around interaction with shared libraries;
the identity of function pointers is maintained, and calls across shared the identity of function pointers is maintained, and calls across shared
library boundaries are no different from calls within a single program or library boundaries are no different from calls within a single program or
shared library. shared library.
.. _kcfi:
``-fsanitize=kcfi``
-------------------
This is an alternative indirect call control-flow integrity scheme designed
MaskRayUnsubmitted
Done
ReplyInline Actions
-------------------
- KCFI, enabled by ``-fsanitize=kcfi``, is an alternative indirect call
+ This is an alternative indirect call
control-flow integrity scheme designed for low-level system software, such

Don't repeat the heading.

MaskRay: Don't repeat the heading.
for low-level system software, such as operating system kernels. Unlike
``-fsanitize=cfi-icall``, it doesn't require ``-flto``, won't result in
function pointers being replaced with jump table references, and never breaks
cross-DSO function address equality. These properties make KCFI easier to
adopt in low-level software. KCFI is limited to checking only function
efriedmaUnsubmitted
Done
ReplyInline Actions

To clarify, by "indirect call checking", do you mean function pointers specifically? Or does this also work for C++ vtables/member function pointers?

efriedma: To clarify, by "indirect call checking", do you mean function pointers specifically? Or does…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Yes, function pointers only. I'll clarify this part.

samitolvanen: Yes, function pointers only. I'll clarify this part.
pointers, and isn't compatible with executable-only memory.
Member Function Pointer Call Checking Member Function Pointer Call Checking
===================================== =====================================
This scheme checks that indirect calls via a member function pointer This scheme checks that indirect calls via a member function pointer
take place using an object of the correct dynamic type. Specifically, we take place using an object of the correct dynamic type. Specifically, we
check that the dynamic type of the member function referenced by the member check that the dynamic type of the member function referenced by the member
function pointer matches the "function pointer" part of the member function function pointer matches the "function pointer" part of the member function
pointer, and that the member function's class type is related to the base pointer, and that the member function's class type is related to the base
▲ Show 20 LinesShow All 76 LinesShow Last 20 Lines

clang/docs/UsersManual.rst

Show First 20 LinesShow All 1,714 Lines▼ Show 20 Lines - .. _opt_fsanitize_undefined:
``-fsanitize=undefined``: :doc:`UndefinedBehaviorSanitizer`, ``-fsanitize=undefined``: :doc:`UndefinedBehaviorSanitizer`,
a fast and compatible undefined behavior checker. a fast and compatible undefined behavior checker.
- ``-fsanitize=dataflow``: :doc:`DataFlowSanitizer`, a general data - ``-fsanitize=dataflow``: :doc:`DataFlowSanitizer`, a general data
flow analysis. flow analysis.
- ``-fsanitize=cfi``: :doc:`control flow integrity <ControlFlowIntegrity>` - ``-fsanitize=cfi``: :doc:`control flow integrity <ControlFlowIntegrity>`
checks. Requires ``-flto``. checks. Requires ``-flto``.
- ``-fsanitize=kcfi``: kernel indirect call forward-edge control flow
integrity.
- ``-fsanitize=safe-stack``: :doc:`safe stack <SafeStack>` - ``-fsanitize=safe-stack``: :doc:`safe stack <SafeStack>`
protection against stack-based memory corruption errors. protection against stack-based memory corruption errors.
There are more fine-grained checks available: see There are more fine-grained checks available: see
the :ref:`list <ubsan-checks>` of specific kinds of the :ref:`list <ubsan-checks>` of specific kinds of
undefined behavior that can be detected and the :ref:`list <cfi-schemes>` undefined behavior that can be detected and the :ref:`list <cfi-schemes>`
of control flow integrity schemes. of control flow integrity schemes.
▲ Show 20 LinesShow All 2,560 LinesShow Last 20 Lines

clang/include/clang/Basic/Features.def

Show First 20 LinesShow All 222 Lines▼ Show 20 Lines
FEATURE(is_pod, LangOpts.CPlusPlus) FEATURE(is_pod, LangOpts.CPlusPlus)
FEATURE(is_polymorphic, LangOpts.CPlusPlus) FEATURE(is_polymorphic, LangOpts.CPlusPlus)
FEATURE(is_sealed, LangOpts.CPlusPlus &&LangOpts.MicrosoftExt) FEATURE(is_sealed, LangOpts.CPlusPlus &&LangOpts.MicrosoftExt)
FEATURE(is_trivial, LangOpts.CPlusPlus) FEATURE(is_trivial, LangOpts.CPlusPlus)
FEATURE(is_trivially_assignable, LangOpts.CPlusPlus) FEATURE(is_trivially_assignable, LangOpts.CPlusPlus)
FEATURE(is_trivially_constructible, LangOpts.CPlusPlus) FEATURE(is_trivially_constructible, LangOpts.CPlusPlus)
FEATURE(is_trivially_copyable, LangOpts.CPlusPlus) FEATURE(is_trivially_copyable, LangOpts.CPlusPlus)
FEATURE(is_union, LangOpts.CPlusPlus) FEATURE(is_union, LangOpts.CPlusPlus)
FEATURE(kcfi, LangOpts.Sanitize.has(SanitizerKind::KCFI))
FEATURE(modules, LangOpts.Modules) FEATURE(modules, LangOpts.Modules)
FEATURE(safe_stack, LangOpts.Sanitize.has(SanitizerKind::SafeStack)) FEATURE(safe_stack, LangOpts.Sanitize.has(SanitizerKind::SafeStack))
MaskRayUnsubmitted
Done
ReplyInline Actions

move before modules for an alphabetical order.

MaskRay: move before `modules` for an alphabetical order.
FEATURE(shadow_call_stack, FEATURE(shadow_call_stack,
LangOpts.Sanitize.has(SanitizerKind::ShadowCallStack)) LangOpts.Sanitize.has(SanitizerKind::ShadowCallStack))
FEATURE(tls, PP.getTargetInfo().isTLSSupported()) FEATURE(tls, PP.getTargetInfo().isTLSSupported())
FEATURE(underlying_type, LangOpts.CPlusPlus) FEATURE(underlying_type, LangOpts.CPlusPlus)
FEATURE(experimental_library, LangOpts.ExperimentalLibrary) FEATURE(experimental_library, LangOpts.ExperimentalLibrary)
// C11 features supported by other languages as extensions. // C11 features supported by other languages as extensions.
EXTENSION(c_alignas, true) EXTENSION(c_alignas, true)
Show All 40 Lines

clang/include/clang/Basic/Sanitizers.def

Show First 20 LinesShow All 121 Lines▼ Show 20 Lines
SANITIZER("cfi-mfcall", CFIMFCall) SANITIZER("cfi-mfcall", CFIMFCall)
SANITIZER("cfi-unrelated-cast", CFIUnrelatedCast) SANITIZER("cfi-unrelated-cast", CFIUnrelatedCast)
SANITIZER("cfi-nvcall", CFINVCall) SANITIZER("cfi-nvcall", CFINVCall)
SANITIZER("cfi-vcall", CFIVCall) SANITIZER("cfi-vcall", CFIVCall)
SANITIZER_GROUP("cfi", CFI, SANITIZER_GROUP("cfi", CFI,
CFIDerivedCast | CFIICall | CFIMFCall | CFIUnrelatedCast | CFIDerivedCast | CFIICall | CFIMFCall | CFIUnrelatedCast |
CFINVCall | CFIVCall) CFINVCall | CFIVCall)
// Kernel Control Flow Integrity
SANITIZER("kcfi", KCFI)
// Safe Stack // Safe Stack
SANITIZER("safe-stack", SafeStack) SANITIZER("safe-stack", SafeStack)
// Shadow Call Stack // Shadow Call Stack
SANITIZER("shadow-call-stack", ShadowCallStack) SANITIZER("shadow-call-stack", ShadowCallStack)
// -fsanitize=undefined includes all the sanitizers which have low overhead, no // -fsanitize=undefined includes all the sanitizers which have low overhead, no
// ABI or address space layout implications, and only catch undefined behavior. // ABI or address space layout implications, and only catch undefined behavior.
▲ Show 20 LinesShow All 55 LinesShow Last 20 Lines

clang/lib/CodeGen/CGCall.cpp

Show First 20 LinesShow All 5,362 Lines▼ Show 20 Lines if (UnusedReturnSizePtr)
pushFullExprCleanup<CallLifetimeEnd>(NormalEHLifetimeMarker, SRetAlloca, pushFullExprCleanup<CallLifetimeEnd>(NormalEHLifetimeMarker, SRetAlloca,
UnusedReturnSizePtr); UnusedReturnSizePtr);
llvm::BasicBlock *InvokeDest = CannotThrow ? nullptr : getInvokeDest(); llvm::BasicBlock *InvokeDest = CannotThrow ? nullptr : getInvokeDest();
SmallVector<llvm::OperandBundleDef, 1> BundleList = SmallVector<llvm::OperandBundleDef, 1> BundleList =
getBundlesForFunclet(CalleePtr); getBundlesForFunclet(CalleePtr);
if (SanOpts.has(SanitizerKind::KCFI) &&
!isa_and_nonnull<FunctionDecl>(TargetDecl))
EmitKCFIOperandBundle(ConcreteCallee, BundleList);
if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(CurFuncDecl)) if (const FunctionDecl *FD = dyn_cast_or_null<FunctionDecl>(CurFuncDecl))
if (FD->hasAttr<StrictFPAttr>()) if (FD->hasAttr<StrictFPAttr>())
// All calls within a strictfp function are marked strictfp // All calls within a strictfp function are marked strictfp
Attrs = Attrs.addFnAttribute(getLLVMContext(), llvm::Attribute::StrictFP); Attrs = Attrs.addFnAttribute(getLLVMContext(), llvm::Attribute::StrictFP);
AssumeAlignedAttrEmitter AssumeAlignedAttrEmitter(*this, TargetDecl); AssumeAlignedAttrEmitter AssumeAlignedAttrEmitter(*this, TargetDecl);
Attrs = AssumeAlignedAttrEmitter.TryEmitAsCallSiteAttribute(Attrs); Attrs = AssumeAlignedAttrEmitter.TryEmitAsCallSiteAttribute(Attrs);
▲ Show 20 LinesShow All 287 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenFunction.h

Show First 20 LinesShow All 4,606 Lines▼ Show 20 Linespublic:
/// Convert a value into a format suitable for passing to a runtime /// Convert a value into a format suitable for passing to a runtime
/// sanitizer handler. /// sanitizer handler.
llvm::Value *EmitCheckValue(llvm::Value *V); llvm::Value *EmitCheckValue(llvm::Value *V);
/// Emit a description of a source location in a format suitable for /// Emit a description of a source location in a format suitable for
/// passing to a runtime sanitizer handler. /// passing to a runtime sanitizer handler.
llvm::Constant *EmitCheckSourceLocation(SourceLocation Loc); llvm::Constant *EmitCheckSourceLocation(SourceLocation Loc);
void EmitKCFIOperandBundle(const CGCallee &Callee,
SmallVectorImpl<llvm::OperandBundleDef> &Bundles);
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Should this parameter be an ArrayRef? This might be a more precise type, but seeing an impl type kind of breaks the whole pImpl idiom; I'm pretty sure that's what ArrayRef is for.
https://llvm.org/docs/ProgrammersManual.html#llvm-adt-arrayref-h
That said, this header is pretty inconsistent in the use of SmallVectorImp vs ArrayRef, but I *think* ArrayRef is strongly preferred.

nickdesaulniers: Should this parameter be an `ArrayRef`? This might be a more precise type, but seeing an impl…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

I don't believe I can use ArrayRef when I need to append to the list, it appears to be read-only.

samitolvanen: I don't believe I can use `ArrayRef` when I need to append to the list, it appears to be read…
/// Create a basic block that will either trap or call a handler function in /// Create a basic block that will either trap or call a handler function in
/// the UBSan runtime with the provided arguments, and create a conditional /// the UBSan runtime with the provided arguments, and create a conditional
/// branch to it. /// branch to it.
void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked, void EmitCheck(ArrayRef<std::pair<llvm::Value *, SanitizerMask>> Checked,
SanitizerHandler Check, ArrayRef<llvm::Constant *> StaticArgs, SanitizerHandler Check, ArrayRef<llvm::Constant *> StaticArgs,
ArrayRef<llvm::Value *> DynamicArgs); ArrayRef<llvm::Value *> DynamicArgs);
/// Emit a slow path cross-DSO CFI check which calls __cfi_slowpath /// Emit a slow path cross-DSO CFI check which calls __cfi_slowpath
▲ Show 20 LinesShow All 237 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenFunction.cpp

Show First 20 LinesShow All 2,600 Lines▼ Show 20 Linesvoid CodeGenFunction::EmitSanitizerStatReport(llvm::SanitizerStatKind SSK) {
if (!CGM.getCodeGenOpts().SanitizeStats) if (!CGM.getCodeGenOpts().SanitizeStats)
return; return;
llvm::IRBuilder<> IRB(Builder.GetInsertBlock(), Builder.GetInsertPoint()); llvm::IRBuilder<> IRB(Builder.GetInsertBlock(), Builder.GetInsertPoint());
IRB.SetCurrentDebugLocation(Builder.getCurrentDebugLocation()); IRB.SetCurrentDebugLocation(Builder.getCurrentDebugLocation());
CGM.getSanStats().create(IRB, SSK); CGM.getSanStats().create(IRB, SSK);
} }
void CodeGenFunction::EmitKCFIOperandBundle(
const CGCallee &Callee, SmallVectorImpl<llvm::OperandBundleDef> &Bundles) {
const FunctionProtoType *FP =
Callee.getAbstractInfo().getCalleeFunctionProtoType();
if (FP)
Bundles.emplace_back("kcfi", CGM.CreateKCFITypeId(FP->desugar()));
}
llvm::Value * llvm::Value *
CodeGenFunction::FormResolverCondition(const MultiVersionResolverOption &RO) { CodeGenFunction::FormResolverCondition(const MultiVersionResolverOption &RO) {
llvm::Value *Condition = nullptr; llvm::Value *Condition = nullptr;
if (!RO.Conditions.Architecture.empty()) if (!RO.Conditions.Architecture.empty())
Condition = EmitX86CpuIs(RO.Conditions.Architecture); Condition = EmitX86CpuIs(RO.Conditions.Architecture);
if (!RO.Conditions.Features.empty()) { if (!RO.Conditions.Features.empty()) {
▲ Show 20 LinesShow All 172 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.h

Show First 20 LinesShow All 1,434 Lines▼ Show 20 Linespublic:
/// Emit type metadata for the given vtable using the given layout. /// Emit type metadata for the given vtable using the given layout.
void EmitVTableTypeMetadata(const CXXRecordDecl *RD, void EmitVTableTypeMetadata(const CXXRecordDecl *RD,
llvm::GlobalVariable *VTable, llvm::GlobalVariable *VTable,
const VTableLayout &VTLayout); const VTableLayout &VTLayout);
/// Generate a cross-DSO type identifier for MD. /// Generate a cross-DSO type identifier for MD.
llvm::ConstantInt *CreateCrossDsoCfiTypeId(llvm::Metadata *MD); llvm::ConstantInt *CreateCrossDsoCfiTypeId(llvm::Metadata *MD);
/// Generate a KCFI type identifier for T.
llvm::ConstantInt *CreateKCFITypeId(QualType T);
/// Create a metadata identifier for the given type. This may either be an /// Create a metadata identifier for the given type. This may either be an
/// MDString (for external identifiers) or a distinct unnamed MDNode (for /// MDString (for external identifiers) or a distinct unnamed MDNode (for
/// internal identifiers). /// internal identifiers).
llvm::Metadata *CreateMetadataIdentifierForType(QualType T); llvm::Metadata *CreateMetadataIdentifierForType(QualType T);
/// Create a metadata identifier that is intended to be used to check virtual /// Create a metadata identifier that is intended to be used to check virtual
/// calls via a member function pointer. /// calls via a member function pointer.
llvm::Metadata *CreateMetadataIdentifierForVirtualMemPtrType(QualType T); llvm::Metadata *CreateMetadataIdentifierForVirtualMemPtrType(QualType T);
/// Create a metadata identifier for the generalization of the given type. /// Create a metadata identifier for the generalization of the given type.
/// This may either be an MDString (for external identifiers) or a distinct /// This may either be an MDString (for external identifiers) or a distinct
/// unnamed MDNode (for internal identifiers). /// unnamed MDNode (for internal identifiers).
llvm::Metadata *CreateMetadataIdentifierGeneralized(QualType T); llvm::Metadata *CreateMetadataIdentifierGeneralized(QualType T);
/// Create and attach type metadata to the given function. /// Create and attach type metadata to the given function.
void CreateFunctionTypeMetadataForIcall(const FunctionDecl *FD, void CreateFunctionTypeMetadataForIcall(const FunctionDecl *FD,
llvm::Function *F); llvm::Function *F);
/// Set type metadata to the given function.
void setKCFIType(const FunctionDecl *FD, llvm::Function *F);
MaskRayUnsubmitted
Done
ReplyInline Actions
/// Set type hash as prefix data to the given function
- void SetKCFITypePrefix(const FunctionDecl *FD, llvm::Function *F);
+ void setKCFITypePrefix(const FunctionDecl *FD, llvm::Function *F);
/// Emit KCFI type identifier constants and remove unused identifiers

Unlikely Emit*, there are many set* functions which use the correct case, so there is no excuse using the wrong case.

MaskRay: Unlikely `Emit*`, there are many `set*` functions which use the correct case, so there is no…
/// Emit KCFI type identifier constants and remove unused identifiers.
MaskRayUnsubmitted
Done
ReplyInline Actions

End with a period.

This function can be lower-case as well. There is no strong precedent to keep it upper-case.

MaskRay: End with a period. This function can be lower-case as well. There is no strong precedent to…
void finalizeKCFITypes();
/// Whether this function's return type has no side effects, and thus may /// Whether this function's return type has no side effects, and thus may
/// be trivially discarded if it is unused. /// be trivially discarded if it is unused.
bool MayDropFunctionReturn(const ASTContext &Context, QualType ReturnType); bool MayDropFunctionReturn(const ASTContext &Context, QualType ReturnType);
/// Returns whether this module needs the "all-vtables" type identifier. /// Returns whether this module needs the "all-vtables" type identifier.
bool NeedAllVtablesTypeId() const; bool NeedAllVtablesTypeId() const;
/// Create and attach type metadata for the given vtable. /// Create and attach type metadata for the given vtable.
▲ Show 20 LinesShow All 258 LinesShow Last 20 Lines

clang/lib/CodeGen/CodeGenModule.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 42 Lines▼ Show 20 Lines
#include "clang/Basic/Module.h" #include "clang/Basic/Module.h"
#include "clang/Basic/SourceManager.h" #include "clang/Basic/SourceManager.h"
#include "clang/Basic/TargetInfo.h" #include "clang/Basic/TargetInfo.h"
#include "clang/Basic/Version.h" #include "clang/Basic/Version.h"
#include "clang/CodeGen/BackendUtil.h" #include "clang/CodeGen/BackendUtil.h"
#include "clang/CodeGen/ConstantInitBuilder.h" #include "clang/CodeGen/ConstantInitBuilder.h"
#include "clang/Frontend/FrontendDiagnostic.h" #include "clang/Frontend/FrontendDiagnostic.h"
#include "llvm/ADT/STLExtras.h" #include "llvm/ADT/STLExtras.h"
#include "llvm/ADT/StringExtras.h"
#include "llvm/ADT/StringSwitch.h" #include "llvm/ADT/StringSwitch.h"
#include "llvm/ADT/Triple.h" #include "llvm/ADT/Triple.h"
#include "llvm/Analysis/TargetLibraryInfo.h" #include "llvm/Analysis/TargetLibraryInfo.h"
#include "llvm/Frontend/OpenMP/OMPIRBuilder.h" #include "llvm/Frontend/OpenMP/OMPIRBuilder.h"
#include "llvm/IR/CallingConv.h" #include "llvm/IR/CallingConv.h"
#include "llvm/IR/DataLayout.h" #include "llvm/IR/DataLayout.h"
#include "llvm/IR/Intrinsics.h" #include "llvm/IR/Intrinsics.h"
#include "llvm/IR/LLVMContext.h" #include "llvm/IR/LLVMContext.h"
#include "llvm/IR/Module.h" #include "llvm/IR/Module.h"
#include "llvm/IR/ProfileSummary.h" #include "llvm/IR/ProfileSummary.h"
#include "llvm/ProfileData/InstrProfReader.h" #include "llvm/ProfileData/InstrProfReader.h"
#include "llvm/Support/CRC.h" #include "llvm/Support/CRC.h"
#include "llvm/Support/CodeGen.h" #include "llvm/Support/CodeGen.h"
#include "llvm/Support/CommandLine.h" #include "llvm/Support/CommandLine.h"
#include "llvm/Support/ConvertUTF.h" #include "llvm/Support/ConvertUTF.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/MD5.h" #include "llvm/Support/MD5.h"
#include "llvm/Support/TimeProfiler.h" #include "llvm/Support/TimeProfiler.h"
#include "llvm/Support/X86TargetParser.h" #include "llvm/Support/X86TargetParser.h"
#include "llvm/Support/xxhash.h"
using namespace clang; using namespace clang;
using namespace CodeGen; using namespace CodeGen;
static llvm::cl::opt<bool> LimitedCoverage( static llvm::cl::opt<bool> LimitedCoverage(
"limited-coverage-experimental", llvm::cl::Hidden, "limited-coverage-experimental", llvm::cl::Hidden,
llvm::cl::desc("Emit limited coverage mapping information (experimental)")); llvm::cl::desc("Emit limited coverage mapping information (experimental)"));
▲ Show 20 LinesShow All 494 Lines▼ Show 20 Linesvoid CodeGenModule::Release() {
EmitDeferredUnusedCoverageMappings(); EmitDeferredUnusedCoverageMappings();
CodeGenPGO(*this).setValueProfilingFlag(getModule()); CodeGenPGO(*this).setValueProfilingFlag(getModule());
if (CoverageMapping) if (CoverageMapping)
CoverageMapping->emit(); CoverageMapping->emit();
if (CodeGenOpts.SanitizeCfiCrossDso) { if (CodeGenOpts.SanitizeCfiCrossDso) {
CodeGenFunction(*this).EmitCfiCheckFail(); CodeGenFunction(*this).EmitCfiCheckFail();
CodeGenFunction(*this).EmitCfiCheckStub(); CodeGenFunction(*this).EmitCfiCheckStub();
} }
if (LangOpts.Sanitize.has(SanitizerKind::KCFI))
finalizeKCFITypes();
emitAtAvailableLinkGuard(); emitAtAvailableLinkGuard();
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

This is the only call site for these two methods, and they both loop over every function in the module. Can/should we merge the methods in order to fuse the loops?

nickdesaulniers: This is the only call site for these two methods, and they both loop over every function in the…
if (Context.getTargetInfo().getTriple().isWasm()) if (Context.getTargetInfo().getTriple().isWasm())
EmitMainVoidAlias(); EmitMainVoidAlias();
if (getTriple().isAMDGPU()) { if (getTriple().isAMDGPU()) {
// Emit reference of __amdgpu_device_library_preserve_asan_functions to // Emit reference of __amdgpu_device_library_preserve_asan_functions to
// preserve ASAN functions in bitcode libraries. // preserve ASAN functions in bitcode libraries.
if (LangOpts.Sanitize.has(SanitizerKind::Address)) { if (LangOpts.Sanitize.has(SanitizerKind::Address)) {
auto *FT = llvm::FunctionType::get(VoidTy, {}); auto *FT = llvm::FunctionType::get(VoidTy, {});
▲ Show 20 LinesShow All 165 Lines▼ Show 20 Linesvoid CodeGenModule::Release() {
} }
if (LangOpts.Sanitize.has(SanitizerKind::CFIICall)) { if (LangOpts.Sanitize.has(SanitizerKind::CFIICall)) {
getModule().addModuleFlag(llvm::Module::Override, getModule().addModuleFlag(llvm::Module::Override,
"CFI Canonical Jump Tables", "CFI Canonical Jump Tables",
CodeGenOpts.SanitizeCfiCanonicalJumpTables); CodeGenOpts.SanitizeCfiCanonicalJumpTables);
} }
if (LangOpts.Sanitize.has(SanitizerKind::KCFI))
getModule().addModuleFlag(llvm::Module::Override, "kcfi", 1);
if (CodeGenOpts.CFProtectionReturn && if (CodeGenOpts.CFProtectionReturn &&
Target.checkCFProtectionReturnSupported(getDiags())) { Target.checkCFProtectionReturnSupported(getDiags())) {
// Indicate that we want to instrument return control flow protection. // Indicate that we want to instrument return control flow protection.
getModule().addModuleFlag(llvm::Module::Min, "cf-protection-return", getModule().addModuleFlag(llvm::Module::Min, "cf-protection-return",
1); 1);
} }
if (CodeGenOpts.CFProtectionBranch && if (CodeGenOpts.CFProtectionBranch &&
▲ Show 20 LinesShow All 894 Lines▼ Show 20 Lines
llvm::ConstantInt *CodeGenModule::CreateCrossDsoCfiTypeId(llvm::Metadata *MD) { llvm::ConstantInt *CodeGenModule::CreateCrossDsoCfiTypeId(llvm::Metadata *MD) {
llvm::MDString *MDS = dyn_cast<llvm::MDString>(MD); llvm::MDString *MDS = dyn_cast<llvm::MDString>(MD);
if (!MDS) return nullptr; if (!MDS) return nullptr;
return llvm::ConstantInt::get(Int64Ty, llvm::MD5Hash(MDS->getString())); return llvm::ConstantInt::get(Int64Ty, llvm::MD5Hash(MDS->getString()));
} }
llvm::ConstantInt *CodeGenModule::CreateKCFITypeId(QualType T) {
if (auto *FnType = T->getAs<FunctionProtoType>())
T = getContext().getFunctionType(
FnType->getReturnType(), FnType->getParamTypes(),
FnType->getExtProtoInfo().withExceptionSpec(EST_None));
std::string OutName;
llvm::raw_string_ostream Out(OutName);
getCXXABI().getMangleContext().mangleTypeName(T, Out);
nickdesaulniersUnsubmitted
Done
ReplyInline Actions
if (auto *MDS =
  return llvm::ConstantInt ...
return nullptr;
nickdesaulniers: ``` if (auto *MDS = return llvm::ConstantInt ... return nullptr; ```
return llvm::ConstantInt::get(Int32Ty,
static_cast<uint32_t>(llvm::xxHash64(OutName)));
}
void CodeGenModule::SetLLVMFunctionAttributes(GlobalDecl GD, void CodeGenModule::SetLLVMFunctionAttributes(GlobalDecl GD,
const CGFunctionInfo &Info, const CGFunctionInfo &Info,
llvm::Function *F, bool IsThunk) { llvm::Function *F, bool IsThunk) {
unsigned CallingConv; unsigned CallingConv;
llvm::AttributeList PAL; llvm::AttributeList PAL;
ConstructAttributeList(F->getName(), Info, GD, PAL, CallingConv, ConstructAttributeList(F->getName(), Info, GD, PAL, CallingConv,
/*AttrOnCallSite=*/false, IsThunk); /*AttrOnCallSite=*/false, IsThunk);
F->setAttributes(PAL); F->setAttributes(PAL);
▲ Show 20 LinesShow All 602 Lines▼ Show 20 Linesvoid CodeGenModule::CreateFunctionTypeMetadataForIcall(const FunctionDecl *FD,
F->addTypeMetadata(0, CreateMetadataIdentifierGeneralized(FD->getType())); F->addTypeMetadata(0, CreateMetadataIdentifierGeneralized(FD->getType()));
// Emit a hash-based bit set entry for cross-DSO calls. // Emit a hash-based bit set entry for cross-DSO calls.
if (CodeGenOpts.SanitizeCfiCrossDso) if (CodeGenOpts.SanitizeCfiCrossDso)
if (auto CrossDsoTypeId = CreateCrossDsoCfiTypeId(MD)) if (auto CrossDsoTypeId = CreateCrossDsoCfiTypeId(MD))
F->addTypeMetadata(0, llvm::ConstantAsMetadata::get(CrossDsoTypeId)); F->addTypeMetadata(0, llvm::ConstantAsMetadata::get(CrossDsoTypeId));
} }
void CodeGenModule::setKCFIType(const FunctionDecl *FD, llvm::Function *F) {
if (isa<CXXMethodDecl>(FD) && !cast<CXXMethodDecl>(FD)->isStatic())
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
return;
llvm::LLVMContext &Ctx = F->getContext();
llvm::MDBuilder MDB(Ctx);
F->setMetadata(llvm::LLVMContext::MD_kcfi_type,
ychenUnsubmitted
Done
ReplyInline Actions

FYI: using prefix data may not work for the C++ coroutine. (https://github.com/llvm/llvm-project/issues/49689) because corosplit pass may clone coro functions and change its function type. But prefix data is opaque, so there is no way to detect this, and then drop the prefix data in the corosplit pass.

If this is a concern for now or for the near future, it might be better to use alternative approaches like D115844.

ychen: FYI: using prefix data may not work for the C++ coroutine. (https://github.com/llvm/llvm…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

FYI: using prefix data may not work for the C++ coroutine.

Thanks for the link, that's interesting. The Linux kernel doesn't use C++ so this isn't a concern there, but I suppose there could theoretically also be C++ users for this feature. @pcc, any thoughts if we should just switch from prefix data to a metadata node here?

samitolvanen: > FYI: using prefix data may not work for the C++ coroutine. Thanks for the link, that's…
pccUnsubmitted
Done
ReplyInline Actions

I think the issue with coroutines was more about the fact that the function was cloned (invalidating the relative reference in the prefix data) than that the function type was changed. I seem to recall from a discussion with the coroutine folks that the functions created by the coroutine pass with different types aren't actually intended to be called directly from C/C++, so the fact that the types are changed doesn't matter.

I think the main advantage of metadata here would be in doing things like the check for type mismatches in direct calls more easily, so it seems like a reasonable approach even though the rationale is different.

pcc: I think the issue with coroutines was more about the fact that the function was cloned…
llvm::MDNode::get(
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

While string based attributes are easier to work with in LLVM, I wonder if this should be made into an actual keyword. This involves some boilerplate additions to:

  • llvm/include/llvm/AsmParser/LLToken.h
  • llvm/include/llvm/Bitcode/LLVMBitCodes.h
  • llvm/include/llvm/IR/Attributes.td
  • llvm/lib/AsmParser/LLLexer.cpp
  • llvm/lib/Bitcode/Reader/BitcodeReader.cpp
  • llvm/lib/Bitcode/Writer/BitcodeWriter.cpp
  • llvm/lib/Transforms/Utils/CodeExtractor.cpp
  • llvm/test/Bitcode/attributes.ll
  • llvm/include/llvm/IR/Attributes.td

I haven't seen guidance as to which is preferred or what the tradeoffs are. These string attrs are way less boilerplate, but not seeing support in CodeExtractor makes me slightly dubious. Let me ask on LLVM's discourse (or open question to other reviewers).
https://discourse.llvm.org/t/ir-string-vs-tablegend-attributes-and-boilerplate/61914

Also, this reminds me; isn't there a fn attr we use today in the kernel to blanket say "don't instrument this?" I wonder if that needs to be updated to know about disabling CFI, if I'm remembering correctly and that is necessary. I'm thinking of noinstr in the Linux kernel, which looks like it sets a bunch of things.

nickdesaulniers: While string based attributes are easier to work with in LLVM, I wonder if this should be made…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Also, this reminds me; isn't there a fn attr we use today in the kernel to blanket say "don't instrument this?" I wonder if that needs to be updated to know about disabling CFI, if I'm remembering correctly and that is necessary. I'm thinking of noinstr in the Linux kernel, which looks like it sets a bunch of things.

I don't think we want to disable CFI for everything that has __noinstr as this covers a fair amount of code. For arm64, we disable CFI only for functions that actually shouldn't have it enabled.

samitolvanen: > Also, this reminds me; isn't there a fn attr we use today in the kernel to blanket say "don't…
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
Ctx, MDB.createConstant(CreateKCFITypeId(FD->getType()))));
}
static bool allowKCFIIdentifier(StringRef Name) {
// KCFI type identifier constants are only necessary for external assembly
// functions, which means it's safe to skip unusual names. Subset of
// MCAsmInfo::isAcceptableChar() and MCAsmInfoXCOFF::isAcceptableChar().
MaskRayUnsubmitted
Done
ReplyInline Actions

Use llvm::all_of or llvm::any_of

MaskRay: Use `llvm::all_of` or `llvm::any_of`
return llvm::all_of(Name, [](const char &C) {
MaskRayUnsubmitted
Done
ReplyInline Actions
if (!(llvm::isAlnum(C) || C == '_' || C == '.'))
  return false;
MaskRay: ``` if (!(llvm::isAlnum(C) || C == '_' || C == '.')) return false; ```
return llvm::isAlnum(C) || C == '_' || C == '.';
});
}
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Is this more concise using llvm::all_of from llvm/ADT/STLExtras.h?

nickdesaulniers: Is this more concise using `llvm::all_of` from llvm/ADT/STLExtras.h?
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Yes, but also slower. This is the same function that we use in LLVM to check for acceptable promotion alias names (https://reviews.llvm.org/D104058). Should this be moved into a helper function somewhere? If so, where?

samitolvanen: Yes, but also slower. This is the same function that we use in LLVM to check for acceptable…
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Seeing as it was originally based off of MCAsmInfo::isAcceptableChar, perhaps MCAsmInfo or one of its subclasses?

nickdesaulniers: Seeing as it was originally based off of MCAsmInfo::isAcceptableChar, perhaps MCAsmInfo or one…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

perhaps MCAsmInfo or one of its subclasses?

See rnk's comment from the ThinLTO patch (https://reviews.llvm.org/D104058#2891756):

We can't call MC from here due to library layering.

samitolvanen: > perhaps MCAsmInfo or one of its subclasses? See rnk's comment from the ThinLTO patch (https…
void CodeGenModule::finalizeKCFITypes() {
llvm::Module &M = getModule();
for (auto &F : M.functions()) {
// Remove KCFI type metadata from non-address-taken local functions.
bool AddressTaken = F.hasAddressTaken();
if (!AddressTaken && F.hasLocalLinkage())
F.eraseMetadata(llvm::LLVMContext::MD_kcfi_type);
// Generate a constant with the expected KCFI type identifier for all
// address-taken function declarations to support annotating indirectly
// called assembly functions.
if (!AddressTaken || !F.isDeclaration())
continue;
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

You could probably drop this continue.

nickdesaulniers: You could probably drop this `continue`.
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Can we not compute whether the address was taken BEFORE adding the prefix + Fn Attr and avoid adding these only to remove them later?

nickdesaulniers: Can we not compute whether the address was taken BEFORE adding the prefix + Fn Attr and avoid…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Can we not compute whether the address was taken BEFORE adding the prefix + Fn Attr and avoid adding these only to remove them later?

Setting these in SetFunctionAttributes where we have convenient access to the FunctionDecl seemed like the right thing to do, and I don't believe we know whether the address is taken until we're done with the module. Is there a better place for this?

samitolvanen: > Can we not compute whether the address was taken BEFORE adding the prefix + Fn Attr and avoid…
const llvm::ConstantInt *Type;
if (const llvm::MDNode *MD = F.getMetadata(llvm::LLVMContext::MD_kcfi_type))
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Maybe allowKCFIIdentifier should accept a StringRef rather than std::string? or would that break the for each char loop?

nickdesaulniers: Maybe `allowKCFIIdentifier` should accept a `StringRef` rather than `std::string`? or would…
Type = llvm::mdconst::extract<llvm::ConstantInt>(MD->getOperand(0));
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

You could probably avoid re-checking "__kcfi_typeid_" repeatedly?

nickdesaulniers: You could probably avoid re-checking `"__kcfi_typeid_"` repeatedly?
MaskRayUnsubmitted
Done
ReplyInline Actions
if (const llvm::MDNode *MD = F.getMetadata(llvm::LLVMContext::MD_kcfi_type))
  Type = ...
else
  continue;
MaskRay: ``` if (const llvm::MDNode *MD = F.getMetadata(llvm::LLVMContext::MD_kcfi_type)) Type = ...
else
continue;
StringRef Name = F.getName();
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Prefer llvm::Twine for building up strings via concatenation efficiently.
https://llvm.org/docs/ProgrammersManual.html#the-twine-class

nickdesaulniers: Prefer llvm::Twine for building up strings via concatenation efficiently. https://llvm.
if (!allowKCFIIdentifier(Name))
continue;
std::string Asm = (".weak __kcfi_typeid_" + Name + "\n.set __kcfi_typeid_" +
Name + ", " + Twine(Type->getZExtValue()) + "\n")
.str();
M.appendModuleInlineAsm(Asm);
}
pccUnsubmitted
Done
ReplyInline Actions

Won't this bloat symbol tables with mostly unused entries? I was thinking you could make them hidden, but that wouldn't have an effect on kernel modules. Maybe you should have this be opt-in with an attribute and have the kernel's asmlinkage expand to the attribute.

pcc: Won't this bloat symbol tables with mostly unused entries? I was thinking you could make them…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

This adds ~2k symbols to an arm64 defconfig vmlinux, which is a fair amount, but quite minimal compared to the ~38k jump table symbols we emit with the existing CFI scheme. I did consider using an attribute to reduce the bloat, but since the extra symbols aren't causing any actual issues at the moment, I figured this is something we can optimize later.

samitolvanen: This adds ~2k symbols to an arm64 defconfig vmlinux, which is a fair amount, but quite minimal…
}
void CodeGenModule::SetFunctionAttributes(GlobalDecl GD, llvm::Function *F, void CodeGenModule::SetFunctionAttributes(GlobalDecl GD, llvm::Function *F,
bool IsIncompleteFunction, bool IsIncompleteFunction,
bool IsThunk) { bool IsThunk) {
if (llvm::Intrinsic::ID IID = F->getIntrinsicID()) { if (llvm::Intrinsic::ID IID = F->getIntrinsicID()) {
// If this is an intrinsic function, set the function's attributes // If this is an intrinsic function, set the function's attributes
// to the intrinsic's attributes. // to the intrinsic's attributes.
F->setAttributes(llvm::Intrinsic::getAttributes(getLLVMContext(), IID)); F->setAttributes(llvm::Intrinsic::getAttributes(getLLVMContext(), IID));
▲ Show 20 LinesShow All 66 Lines▼ Show 20 Linesvoid CodeGenModule::SetFunctionAttributes(GlobalDecl GD, llvm::Function *F,
// Don't emit entries for function declarations in the cross-DSO mode. This // Don't emit entries for function declarations in the cross-DSO mode. This
// is handled with better precision by the receiving DSO. But if jump tables // is handled with better precision by the receiving DSO. But if jump tables
// are non-canonical then we need type metadata in order to produce the local // are non-canonical then we need type metadata in order to produce the local
// jump table. // jump table.
if (!CodeGenOpts.SanitizeCfiCrossDso || if (!CodeGenOpts.SanitizeCfiCrossDso ||
!CodeGenOpts.SanitizeCfiCanonicalJumpTables) !CodeGenOpts.SanitizeCfiCanonicalJumpTables)
CreateFunctionTypeMetadataForIcall(FD, F); CreateFunctionTypeMetadataForIcall(FD, F);
if (LangOpts.Sanitize.has(SanitizerKind::KCFI))
setKCFIType(FD, F);
if (getLangOpts().OpenMP && FD->hasAttr<OMPDeclareSimdDeclAttr>()) if (getLangOpts().OpenMP && FD->hasAttr<OMPDeclareSimdDeclAttr>())
getOpenMPRuntime().emitDeclareSimdFunction(FD, F); getOpenMPRuntime().emitDeclareSimdFunction(FD, F);
if (CodeGenOpts.InlineMaxStackSize != UINT_MAX) if (CodeGenOpts.InlineMaxStackSize != UINT_MAX)
F->addFnAttr("inline-max-stacksize", llvm::utostr(CodeGenOpts.InlineMaxStackSize)); F->addFnAttr("inline-max-stacksize", llvm::utostr(CodeGenOpts.InlineMaxStackSize));
if (const auto *CB = FD->getAttr<CallbackAttr>()) { if (const auto *CB = FD->getAttr<CallbackAttr>()) {
// Annotate the callback behavior as metadata: // Annotate the callback behavior as metadata:
▲ Show 20 LinesShow All 4,345 Lines▼ Show 20 Lines if (auto InitFunction = getOpenMPRuntime().emitThreadPrivateVarDefinition(
VD, Addr, RefExpr->getBeginLoc(), PerformInit)) VD, Addr, RefExpr->getBeginLoc(), PerformInit))
CXXGlobalInits.push_back(InitFunction); CXXGlobalInits.push_back(InitFunction);
} }
} }
llvm::Metadata * llvm::Metadata *
CodeGenModule::CreateMetadataIdentifierImpl(QualType T, MetadataTypeMap &Map, CodeGenModule::CreateMetadataIdentifierImpl(QualType T, MetadataTypeMap &Map,
StringRef Suffix) { StringRef Suffix) {
if (auto *FnType = T->getAs<FunctionProtoType>()) if (auto *FnType = T->getAs<FunctionProtoType>())
MaskRayUnsubmitted
Done
ReplyInline Actions
StringRef Suffix,
- bool OnlyExternal /*=true*/) {
+ bool OnlyExternal) {
if (auto *FnType = T->getAs<FunctionProtoType>())

T

MaskRay: T
T = getContext().getFunctionType( T = getContext().getFunctionType(
FnType->getReturnType(), FnType->getParamTypes(), FnType->getReturnType(), FnType->getParamTypes(),
FnType->getExtProtoInfo().withExceptionSpec(EST_None)); FnType->getExtProtoInfo().withExceptionSpec(EST_None));
llvm::Metadata *&InternalId = Map[T.getCanonicalType()]; llvm::Metadata *&InternalId = Map[T.getCanonicalType()];
if (InternalId) if (InternalId)
return InternalId; return InternalId;
if (isExternallyVisible(T->getLinkage())) { if (isExternallyVisible(T->getLinkage())) {
pccUnsubmitted
Done
ReplyInline Actions

It would be better to have a separate function for computing the KCFI type ids than to try and reuse this one, since you don't need the MDStrings (i.e. unnecessary string uniquing) in your new caller. It also isn't appropriate to pass MetadataIdMap in your new caller because you'll end up with inconsistent values added to MetadataIdMap if we end up calling the other caller (e.g. if both CFI and KCFI are enabled), but that's moot if you avoid it.

pcc: It would be better to have a separate function for computing the KCFI type ids than to try and…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

The code in SanitizerArgs.cpp doesn't allow both CFI and KCFI to be enabled at the same time, but you're right, it's probably better to just split this into a separate function for KCFI. I'll do that in the next version.

samitolvanen: The code in SanitizerArgs.cpp doesn't allow both CFI and KCFI to be enabled at the same time…
std::string OutName; std::string OutName;
llvm::raw_string_ostream Out(OutName); llvm::raw_string_ostream Out(OutName);
getCXXABI().getMangleContext().mangleTypeName(T, Out); getCXXABI().getMangleContext().mangleTypeName(T, Out);
Out << Suffix; Out << Suffix;
InternalId = llvm::MDString::get(getLLVMContext(), Out.str()); InternalId = llvm::MDString::get(getLLVMContext(), Out.str());
} else { } else {
InternalId = llvm::MDNode::getDistinct(getLLVMContext(), InternalId = llvm::MDNode::getDistinct(getLLVMContext(),
▲ Show 20 LinesShow All 266 LinesShow Last 20 Lines

clang/lib/Driver/SanitizerArgs.cpp

Show All 31 Linesstatic const SanitizerMask NeedsUbsanRt =
SanitizerKind::CFI | SanitizerKind::FloatDivideByZero | SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
SanitizerKind::ObjCCast; SanitizerKind::ObjCCast;
static const SanitizerMask NeedsUbsanCxxRt = static const SanitizerMask NeedsUbsanCxxRt =
SanitizerKind::Vptr | SanitizerKind::CFI; SanitizerKind::Vptr | SanitizerKind::CFI;
static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr; static const SanitizerMask NotAllowedWithTrap = SanitizerKind::Vptr;
static const SanitizerMask NotAllowedWithMinimalRuntime = static const SanitizerMask NotAllowedWithMinimalRuntime =
SanitizerKind::Function | SanitizerKind::Vptr; SanitizerKind::Function | SanitizerKind::Vptr;
static const SanitizerMask RequiresPIE = static const SanitizerMask RequiresPIE =
SanitizerKind::DataFlow | SanitizerKind::HWAddress | SanitizerKind::Scudo; SanitizerKind::DataFlow | SanitizerKind::HWAddress | SanitizerKind::Scudo |
SanitizerKind::KCFI;
static const SanitizerMask NeedsUnwindTables = static const SanitizerMask NeedsUnwindTables =
SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread | SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Thread |
SanitizerKind::Memory | SanitizerKind::DataFlow; SanitizerKind::Memory | SanitizerKind::DataFlow;
static const SanitizerMask SupportsCoverage = static const SanitizerMask SupportsCoverage =
SanitizerKind::Address | SanitizerKind::HWAddress | SanitizerKind::Address | SanitizerKind::HWAddress |
SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress | SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress |
SanitizerKind::MemtagStack | SanitizerKind::MemtagHeap | SanitizerKind::MemtagStack | SanitizerKind::MemtagHeap |
SanitizerKind::MemtagGlobals | SanitizerKind::Memory | SanitizerKind::MemtagGlobals | SanitizerKind::Memory |
SanitizerKind::KernelMemory | SanitizerKind::Leak | SanitizerKind::KernelMemory | SanitizerKind::Leak |
SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds | SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Bounds |
SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
SanitizerKind::DataFlow | SanitizerKind::Fuzzer | SanitizerKind::DataFlow | SanitizerKind::Fuzzer |
SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero | SanitizerKind::FuzzerNoLink | SanitizerKind::FloatDivideByZero |
SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack | SanitizerKind::SafeStack | SanitizerKind::ShadowCallStack |
SanitizerKind::Thread | SanitizerKind::ObjCCast; SanitizerKind::Thread | SanitizerKind::ObjCCast;
static const SanitizerMask RecoverableByDefault = static const SanitizerMask RecoverableByDefault =
SanitizerKind::Undefined | SanitizerKind::Integer | SanitizerKind::Undefined | SanitizerKind::Integer |
SanitizerKind::ImplicitConversion | SanitizerKind::Nullability | SanitizerKind::ImplicitConversion | SanitizerKind::Nullability |
SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast; SanitizerKind::FloatDivideByZero | SanitizerKind::ObjCCast;
static const SanitizerMask Unrecoverable = static const SanitizerMask Unrecoverable =
SanitizerKind::Unreachable | SanitizerKind::Return; SanitizerKind::Unreachable | SanitizerKind::Return;
static const SanitizerMask AlwaysRecoverable = static const SanitizerMask AlwaysRecoverable = SanitizerKind::KernelAddress |
SanitizerKind::KernelAddress | SanitizerKind::KernelHWAddress; SanitizerKind::KernelHWAddress |
SanitizerKind::KCFI;
MaskRayUnsubmitted
Done
ReplyInline Actions

This is incorrect.

If a violation is found, ud2 is executed. ud2 is not followed by normal control flow so I don't think recovery from the error is supported.

This seems like Unrecoverable

MaskRay: This is incorrect. If a violation is found, ud2 is executed. ud2 is not followed by normal…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

This variable is only used to indicate whether -fno-sanitize-recover command line parameter can be used with the sanitizer. It makes no sense to allow this with KCFI as we always emit a recoverable instruction sequence, hence it's included here.

Also, ud2 absolutely is recoverable in the kernel, and Linux specifically uses ud2 to trigger warnings in assembly code.

samitolvanen: This variable is only used to indicate whether `-fno-sanitize-recover` command line parameter…
MaskRayUnsubmitted
Done
ReplyInline Actions

ud2 being recoverable in the kernel is insufficient. The IR should consider this recoverable. In the presence of a failure, the control flow should be transferred as if no failure happens. E.g. for an asan out-of-bounds failure, the code should behave as if the failure is ignored.

MaskRay: ud2 being recoverable in the kernel is insufficient. The IR should consider this recoverable.
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

ud2 being recoverable in the kernel is insufficient. The IR should consider this recoverable. In the presence of a failure, the control flow should be transferred as if no failure happens. E.g. for an asan out-of-bounds failure, the code should behave as if the failure is ignored.

Sure, that's exactly now the code we emit here works as well. There are no traps emitted to the IR code, we only add an operand bundle to indirect calls, which doesn't affect the control flow as far as the IR is concerned.

samitolvanen: > ud2 being recoverable in the kernel is insufficient. The IR should consider this recoverable.
static const SanitizerMask NeedsLTO = SanitizerKind::CFI; static const SanitizerMask NeedsLTO = SanitizerKind::CFI;
static const SanitizerMask TrappingSupported = static const SanitizerMask TrappingSupported =
(SanitizerKind::Undefined & ~SanitizerKind::Vptr) | SanitizerKind::Integer | (SanitizerKind::Undefined & ~SanitizerKind::Vptr) | SanitizerKind::Integer |
SanitizerKind::Nullability | SanitizerKind::LocalBounds | SanitizerKind::Nullability | SanitizerKind::LocalBounds |
SanitizerKind::CFI | SanitizerKind::FloatDivideByZero | SanitizerKind::CFI | SanitizerKind::FloatDivideByZero |
SanitizerKind::ObjCCast; SanitizerKind::ObjCCast;
static const SanitizerMask TrappingDefault = SanitizerKind::CFI; static const SanitizerMask TrappingDefault = SanitizerKind::CFI;
static const SanitizerMask CFIClasses = static const SanitizerMask CFIClasses =
▲ Show 20 LinesShow All 87 Lines▼ Show 20 Lines SanitizerMask Mask;
SanitizerKind::Nullability | SanitizerKind::Nullability |
SanitizerKind::FloatDivideByZero}}; SanitizerKind::FloatDivideByZero}};
for (auto BL : Ignorelists) { for (auto BL : Ignorelists) {
if (!(Kinds & BL.Mask)) if (!(Kinds & BL.Mask))
continue; continue;
clang::SmallString<64> Path(D.ResourceDir); clang::SmallString<64> Path(D.ResourceDir);
llvm::sys::path::append(Path, "share", BL.File); llvm::sys::path::append(Path, "share", BL.File);
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

none of the other kernel variants of SanitizerKind support these ignore lists. Do we plan to use them for the Linux kernel?

nickdesaulniers: none of the other kernel variants of `SanitizerKind` support these ignore lists. Do we plan to…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Not at the moment. I'll drop the ignore list changes.

samitolvanen: Not at the moment. I'll drop the ignore list changes.
if (D.getVFS().exists(Path)) if (D.getVFS().exists(Path))
IgnorelistFiles.push_back(std::string(Path.str())); IgnorelistFiles.push_back(std::string(Path.str()));
else if (BL.Mask == SanitizerKind::CFI && DiagnoseErrors) else if (BL.Mask == SanitizerKind::CFI && DiagnoseErrors)
// If cfi_ignorelist.txt cannot be found in the resource dir, driver // If cfi_ignorelist.txt cannot be found in the resource dir, driver
// should fail. // should fail.
D.Diag(clang::diag::err_drv_missing_sanitizer_ignorelist) << Path; D.Diag(clang::diag::err_drv_missing_sanitizer_ignorelist) << Path;
} }
validateSpecialCaseListFormat( validateSpecialCaseListFormat(
▲ Show 20 LinesShow All 531 Lines▼ Show 20 Lines if (CfiCrossDso && CfiICallGeneralizePointers && DiagnoseErrors)
<< "-fsanitize-cfi-cross-dso" << "-fsanitize-cfi-cross-dso"
<< "-fsanitize-cfi-icall-generalize-pointers"; << "-fsanitize-cfi-icall-generalize-pointers";
CfiCanonicalJumpTables = CfiCanonicalJumpTables =
Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables, Args.hasFlag(options::OPT_fsanitize_cfi_canonical_jump_tables,
options::OPT_fno_sanitize_cfi_canonical_jump_tables, true); options::OPT_fno_sanitize_cfi_canonical_jump_tables, true);
} }
if (AllAddedKinds & SanitizerKind::KCFI && DiagnoseErrors) {
if (AllAddedKinds & SanitizerKind::CFI)
D.Diag(diag::err_drv_argument_not_allowed_with)
<< "-fsanitize=kcfi"
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Can we use lastArgumentForMask here to be slightly more precise?

nickdesaulniers: Can we use `lastArgumentForMask` here to be slightly more precise?
<< lastArgumentForMask(D, Args, SanitizerKind::CFI);
}
Stats = Args.hasFlag(options::OPT_fsanitize_stats, Stats = Args.hasFlag(options::OPT_fsanitize_stats,
options::OPT_fno_sanitize_stats, false); options::OPT_fno_sanitize_stats, false);
if (MinimalRuntime) { if (MinimalRuntime) {
MaskRayUnsubmitted
Done
ReplyInline Actions
// With -fpatchable-function-entry=N,M, where M > 0,
- // llvm::AsmPrinter::emitFunctionHeader injects nops before before the
+ // llvm::AsmPrinter::emitFunctionHeader injects nops before the
// KCFI type identifier, which is currently unsupported.
MaskRay:
SanitizerMask IncompatibleMask = SanitizerMask IncompatibleMask =
Kinds & ~setGroupBits(CompatibleWithMinimalRuntime); Kinds & ~setGroupBits(CompatibleWithMinimalRuntime);
if (IncompatibleMask && DiagnoseErrors) if (IncompatibleMask && DiagnoseErrors)
D.Diag(clang::diag::err_drv_argument_not_allowed_with) D.Diag(clang::diag::err_drv_argument_not_allowed_with)
<< "-fsanitize-minimal-runtime" << "-fsanitize-minimal-runtime"
<< lastArgumentForMask(D, Args, IncompatibleMask); << lastArgumentForMask(D, Args, IncompatibleMask);
SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds; SanitizerMask NonTrappingCfi = Kinds & SanitizerKind::CFI & ~TrappingKinds;
▲ Show 20 LinesShow All 646 LinesShow Last 20 Lines

clang/lib/Driver/ToolChain.cpp

Show First 20 LinesShow All 1,084 Lines▼ Show 20 Lines SanitizerMask Res =
SanitizerKind::UnsignedShiftBase | SanitizerKind::ImplicitConversion | SanitizerKind::UnsignedShiftBase | SanitizerKind::ImplicitConversion |
SanitizerKind::Nullability | SanitizerKind::LocalBounds; SanitizerKind::Nullability | SanitizerKind::LocalBounds;
if (getTriple().getArch() == llvm::Triple::x86 || if (getTriple().getArch() == llvm::Triple::x86 ||
getTriple().getArch() == llvm::Triple::x86_64 || getTriple().getArch() == llvm::Triple::x86_64 ||
getTriple().getArch() == llvm::Triple::arm || getTriple().isWasm() || getTriple().getArch() == llvm::Triple::arm || getTriple().isWasm() ||
getTriple().isAArch64() || getTriple().isRISCV()) getTriple().isAArch64() || getTriple().isRISCV())
Res |= SanitizerKind::CFIICall; Res |= SanitizerKind::CFIICall;
if (getTriple().getArch() == llvm::Triple::x86_64 || if (getTriple().getArch() == llvm::Triple::x86_64 ||
getTriple().isAArch64(64))
Res |= SanitizerKind::KCFI;
if (getTriple().getArch() == llvm::Triple::x86_64 ||
getTriple().isAArch64(64) || getTriple().isRISCV()) getTriple().isAArch64(64) || getTriple().isRISCV())
Res |= SanitizerKind::ShadowCallStack; Res |= SanitizerKind::ShadowCallStack;
if (getTriple().isAArch64(64)) if (getTriple().isAArch64(64))
Res |= SanitizerKind::MemTag; Res |= SanitizerKind::MemTag;
return Res; return Res;
} }
void ToolChain::AddCudaIncludeArgs(const ArgList &DriverArgs, void ToolChain::AddCudaIncludeArgs(const ArgList &DriverArgs,
▲ Show 20 LinesShow All 221 LinesShow Last 20 Lines

clang/test/CodeGen/kcfi.c

  • This file was added.
// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -o - %s | FileCheck %s
// RUN: %clang_cc1 -triple x86_64-unknown-linux-gnu -emit-llvm -fsanitize=kcfi -x c++ -o - %s | FileCheck %s
#if !__has_feature(kcfi)
MaskRayUnsubmitted
Done
ReplyInline Actions

If -O2 has different behavior, having the test in clang/test/CodeGen is likely a layering violation.
Optimization tests should be placed in llvm/test/, in the relevant pass. Folks working on llvm optimizations generally don't want to test every frontend.

MaskRay: If `-O2` has different behavior, having the test in clang/test/CodeGen is likely a layering…
MaskRayUnsubmitted
Done
ReplyInline Actions

If may be useful to have a -x c++ test.

Add a not-address-taken external linkage function.

MaskRay: If may be useful to have a `-x c++` test. Add a not-address-taken external linkage function.
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

If may be useful to have a -x c++ test.

Would you mind elaborating on this? The main difference with -x c++ is the name mangling, I'm not sure if that adds much value in this case.

Add a not-address-taken external linkage function.

Added.

samitolvanen: > If may be useful to have a `-x c++` test. Would you mind elaborating on this? The main…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

If -O2 has different behavior, having the test in clang/test/CodeGen is likely a layering violation.

Good point, the -O2 test isn't actually relevant anymore as we no longer rely on it. I'll drop it.

Optimization tests should be placed in llvm/test/, in the relevant pass.

Yes, the InstCombine test below covers this already.

samitolvanen: > If -O2 has different behavior, having the test in clang/test/CodeGen is likely a layering…
#error Missing kcfi?
#endif
/// Must emit __kcfi_typeid symbols for address-taken function declarations
// CHECK: module asm ".weak __kcfi_typeid_[[F4:[a-zA-Z0-9_]+]]"
MaskRayUnsubmitted
Done
ReplyInline Actions

Optional: COM: is fine. But to make non-RUN non-CHECK lines stand out (from editor highlighting), a simpler /// suffices as well.

MaskRay: Optional: `COM:` is fine. But to make non-RUN non-CHECK lines stand out (from editor…
// CHECK: module asm ".set __kcfi_typeid_[[F4]], [[#%d,HASH:]]"
/// Must not __kcfi_typeid symbols for non-address-taken declarations
// CHECK-NOT: module asm ".weak __kcfi_typeid_{{f6|_Z2f6v}}"
typedef int (*fn_t)(void);
// CHECK: define dso_local{{.*}} i32 @{{f1|_Z2f1v}}(){{.*}} !kcfi_type ![[#TYPE:]]
int f1(void) { return 0; }
// CHECK: define dso_local{{.*}} i32 @{{f2|_Z2f2v}}(){{.*}} !kcfi_type ![[#TYPE2:]]
unsigned int f2(void) { return 2; }
// CHECK-LABEL: define dso_local{{.*}} i32 @{{__call|_Z6__callPFivE}}(ptr{{.*}} %f)
int __call(fn_t f) __attribute__((__no_sanitize__("kcfi"))) {
// CHECK-NOT: call{{.*}} i32 %{{.}}(){{.*}} [ "kcfi"
return f();
}
// CHECK: define dso_local{{.*}} i32 @{{call|_Z4callPFivE}}(ptr{{.*}} %f){{.*}}
int call(fn_t f) {
// CHECK: call{{.*}} i32 %{{.}}(){{.*}} [ "kcfi"(i32 [[#HASH]]) ]
return f();
}
// CHECK-DAG: define internal{{.*}} i32 @{{f3|_ZL2f3v}}(){{.*}} !kcfi_type ![[#TYPE]]
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

TIL about CHECK-DAG!
https://llvm.org/docs/CommandGuide/FileCheck.html#the-check-dag-directive

nickdesaulniers: TIL about CHECK-DAG! https://llvm.org/docs/CommandGuide/FileCheck.html#the-check-dag-directive
static int f3(void) { return 1; }
// CHECK-DAG: declare !kcfi_type ![[#TYPE]]{{.*}} i32 @[[F4]]()
extern int f4(void);
/// Must not emit !kcfi_type for non-address-taken local functions
// CHECK: define internal{{.*}} i32 @{{f5|_ZL2f5v}}()
// CHECK-NOT: !kcfi_type
// CHECK-SAME: {
static int f5(void) { return 2; }
// CHECK-DAG: declare !kcfi_type ![[#TYPE]]{{.*}} i32 @{{f6|_Z2f6v}}()
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

How about a direct call to f5? That should have no hash, right? Perhaps test that test has no hash as well?

nickdesaulniers: How about a direct call to `f5`? That should have no hash, right? Perhaps test that `test` has…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

test is a global function, which needs to have a hash as it could be indirectly called from another module.

Note that we don't need hashes in non-address-taken local functions, but the initial patch emitted them anyway. I changed the code to drop those hashes and added a directly called static f5(void) to the test.

samitolvanen: `test` is a global function, which needs to have a hash as it could be indirectly called from…
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Oh, that's nice!

nickdesaulniers: Oh, that's nice!
extern int f6(void);
int test(void) {
return call(f1) +
__call((fn_t)f2) +
call(f3) +
call(f4) +
f5() +
f6();
}
// CHECK-DAG: ![[#]] = !{i32 4, !"kcfi", i32 1}
aaron.ballmanUnsubmitted
Done
ReplyInline Actions
// CHECK-DAG: declare void @__kcfi_check_fail(i64, i8*)
- int test() {
+ int test(void) {
return call(f1) +
aaron.ballman:
// CHECK-DAG: ![[#TYPE]] = !{i32 [[#HASH]]}
// CHECK-DAG: ![[#TYPE2]] = !{i32 [[#%d,HASH2:]]}

clang/test/Driver/fsanitize.c

Show First 20 LinesShow All 643 Lines▼ Show 20 Lines
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-icall -fno-sanitize-cfi-canonical-jump-tables -fvisibility=hidden -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-CFI-CANONICAL-JUMP-TABLES // RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-icall -fno-sanitize-cfi-canonical-jump-tables -fvisibility=hidden -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-NO-CFI-CANONICAL-JUMP-TABLES
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-icall -fvisibility=hidden -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-CANONICAL-JUMP-TABLES // RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi-icall -fvisibility=hidden -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-CANONICAL-JUMP-TABLES
// CHECK-CFI-CANONICAL-JUMP-TABLES: -fsanitize-cfi-canonical-jump-tables // CHECK-CFI-CANONICAL-JUMP-TABLES: -fsanitize-cfi-canonical-jump-tables
// CHECK-NO-CFI-CANONICAL-JUMP-TABLES-NOT: -fsanitize-cfi-canonical-jump-tables // CHECK-NO-CFI-CANONICAL-JUMP-TABLES-NOT: -fsanitize-cfi-canonical-jump-tables
// RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi -fsanitize-stats -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-STATS // RUN: %clang -target x86_64-linux-gnu -fsanitize=cfi -fsanitize-stats -flto -c %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-CFI-STATS
// CHECK-CFI-STATS: -fsanitize-stats // CHECK-CFI-STATS: -fsanitize-stats
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kcfi -fsanitize=cfi -flto -fvisibility=hidden %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-KCFI-NOCFI
MaskRayUnsubmitted
Done
ReplyInline Actions

Use modern spelling --target=. -target is deprecated

MaskRay: Use modern spelling `--target=`. `-target ` is deprecated
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Use modern spelling --target=. -target is deprecated

It doesn't look like --target works here:

clang-15: error: unsupported option '--target'; did you mean '-target'?

Also the rest of the file uses -target, so perhaps these can all be updated at once when the flag is deprecated?

samitolvanen: > Use modern spelling `--target=`. `-target ` is deprecated It doesn't look like `--target`…
// CHECK-KCFI-NOCFI: error: invalid argument '-fsanitize=kcfi' not allowed with '-fsanitize=cfi'
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kcfi -fsanitize-trap=kcfi %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-KCFI-NOTRAP
// CHECK-KCFI-NOTRAP: error: unsupported argument 'kcfi' to option '-fsanitize-trap='
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kcfi %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-KCFI
// CHECK-KCFI: "-fsanitize=kcfi"
// RUN: %clang -target x86_64-linux-gnu -fsanitize=kcfi -fno-sanitize-recover=kcfi %s -### 2>&1 | FileCheck %s --check-prefix=CHECK-KCFI-RECOVER
// CHECK-KCFI-RECOVER: error: unsupported argument 'kcfi' to option '-fno-sanitize-recover='
// RUN: %clang_cl -fsanitize=address -c -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MD -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MD -MDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -MT -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -MT -MTd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// RUN: %clang_cl -fsanitize=address -c -LD -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL // RUN: %clang_cl -fsanitize=address -c -LD -LDd -### -- %s 2>&1 | FileCheck %s -check-prefix=CHECK-ASAN-DEBUGRTL
// CHECK-ASAN-DEBUGRTL: error: invalid argument // CHECK-ASAN-DEBUGRTL: error: invalid argument
// CHECK-ASAN-DEBUGRTL: not allowed with '-fsanitize=address' // CHECK-ASAN-DEBUGRTL: not allowed with '-fsanitize=address'
▲ Show 20 LinesShow All 288 LinesShow Last 20 Lines

llvm/docs/LangRef.rst

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,645 Lines▼ Show 20 Lines
Pointer Authentication Operand Bundles Pointer Authentication Operand Bundles
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Pointer Authentication operand bundles are characterized by the Pointer Authentication operand bundles are characterized by the
``"ptrauth"`` operand bundle tag. They are described in the ``"ptrauth"`` operand bundle tag. They are described in the
`Pointer Authentication <PointerAuth.html#operand-bundle>`__ document. `Pointer Authentication <PointerAuth.html#operand-bundle>`__ document.
.. _ob_kcfi:
KCFI Operand Bundles
^^^^^^^^^^^^^^^^^^^^
A ``"kcfi"`` operand bundle on an indirect call indicates that the call will
be preceded by a runtime type check, which validates that the call target is
prefixed with a :ref:`type identifier<md_kcfi_type>` that matches the operand
bundle attribute. For example:
.. code-block:: llvm
call void %0() ["kcfi"(i32 1234)]
Clang emits KCFI operand bundles and the necessary metadata with
``-fsanitize=kcfi``.
.. _moduleasm: .. _moduleasm:
Module-Level Inline Assembly Module-Level Inline Assembly
---------------------------- ----------------------------
Modules may contain "module-level inline asm" blocks, which corresponds Modules may contain "module-level inline asm" blocks, which corresponds
to the GCC "file scope inline asm" blocks. These blocks are internally to the GCC "file scope inline asm" blocks. These blocks are internally
concatenated by LLVM and treated as a single unit, but may be separated concatenated by LLVM and treated as a single unit, but may be separated
▲ Show 20 LinesShow All 4,546 Lines▼ Show 20 Lines
.. code-block:: text .. code-block:: text
@__llvm_rtti_proxy = private unnamed_addr constant ptr @_ZTIFvvE @__llvm_rtti_proxy = private unnamed_addr constant ptr @_ZTIFvvE
define void @_Z3funv() !func_sanitize !0 { define void @_Z3funv() !func_sanitize !0 {
return void return void
} }
!0 = !{i32 846595819, ptr @__llvm_rtti_proxy} !0 = !{i32 846595819, ptr @__llvm_rtti_proxy}
.. _md_kcfi_type:
'``kcfi_type``' Metadata
^^^^^^^^^^^^^^^^^^^^^^^^
The ``kcfi_type`` metadata can be used to attach a type identifier to
functions that can be called indirectly. The type data is emitted before the
function entry in the assembly. Indirect calls with the :ref:`kcfi operand
MaskRayUnsubmitted
Done
ReplyInline Actions
functions that can be called indirectly. The type data is emitted before the
- function entry. Indirect calls with the :ref:`kcfi operand bundle<ob_kcfi>`
+ function entry in the assembly. Indirect calls with the :ref:`kcfi operand bundle<ob_kcfi>`
will emit a check that compares the type identifier to the metadata.
MaskRay:
bundle<ob_kcfi>` will emit a check that compares the type identifier to the
metadata.
Example:
.. code-block:: text
define dso_local i32 @f() !kcfi_type !0 {
ret i32 0
}
!0 = !{i32 12345678}
Clang emits ``kcfi_type`` metadata nodes for address-taken functions with
``-fsanitize=kcfi``.
Module Flags Metadata Module Flags Metadata
===================== =====================
Information about the module as a whole is difficult to convey to LLVM's Information about the module as a whole is difficult to convey to LLVM's
subsystems. The LLVM IR isn't sufficient to transmit this information. subsystems. The LLVM IR isn't sufficient to transmit this information.
The ``llvm.module.flags`` named metadata exists in order to facilitate The ``llvm.module.flags`` named metadata exists in order to facilitate
this. These flags are in the form of key / value pairs --- much like a this. These flags are in the form of key / value pairs --- much like a
dictionary --- making it easy for any subsystem who cares about a flag to dictionary --- making it easy for any subsystem who cares about a flag to
▲ Show 20 LinesShow All 18,043 LinesShow Last 20 Lines

llvm/include/llvm/CodeGen/AsmPrinter.h

Show First 20 LinesShow All 395 Lines▼ Show 20 Linespublic:
void emitFrameAlloc(const MachineInstr &MI); void emitFrameAlloc(const MachineInstr &MI);
void emitStackSizeSection(const MachineFunction &MF); void emitStackSizeSection(const MachineFunction &MF);
void emitStackUsage(const MachineFunction &MF); void emitStackUsage(const MachineFunction &MF);
void emitBBAddrMapSection(const MachineFunction &MF); void emitBBAddrMapSection(const MachineFunction &MF);
void emitKCFITrapEntry(const MachineFunction &MF, const MCSymbol *Symbol);
virtual void emitKCFITypeId(const MachineFunction &MF);
void emitPseudoProbe(const MachineInstr &MI); void emitPseudoProbe(const MachineInstr &MI);
void emitRemarksSection(remarks::RemarkStreamer &RS); void emitRemarksSection(remarks::RemarkStreamer &RS);
/// Get the CFISection type for a function. /// Get the CFISection type for a function.
CFISection getFunctionCFISectionType(const Function &F) const; CFISection getFunctionCFISectionType(const Function &F) const;
/// Get the CFISection type for a function. /// Get the CFISection type for a function.
▲ Show 20 LinesShow All 442 LinesShow Last 20 Lines

llvm/include/llvm/CodeGen/GlobalISel/CallLowering.h

Show First 20 LinesShow All 138 Lines▼ Show 20 Lines struct CallLoweringInfo {
/// True if the function's return value can be lowered to registers. /// True if the function's return value can be lowered to registers.
bool CanLowerReturn = true; bool CanLowerReturn = true;
/// VReg to hold the hidden sret parameter. /// VReg to hold the hidden sret parameter.
Register DemoteRegister; Register DemoteRegister;
/// The stack index for sret demotion. /// The stack index for sret demotion.
int DemoteStackIndex; int DemoteStackIndex;
/// Expected type identifier for indirect calls with a CFI check.
const ConstantInt *CFIType = nullptr;
}; };
/// Argument handling is mostly uniform between the four places that /// Argument handling is mostly uniform between the four places that
/// make these decisions: function formal arguments, call /// make these decisions: function formal arguments, call
/// instruction args, call instruction returns and function /// instruction args, call instruction returns and function
/// returns. However, once a decision has been made on where an /// returns. However, once a decision has been made on where an
/// argument should go, exactly what happens can vary slightly. This /// argument should go, exactly what happens can vary slightly. This
/// class abstracts the differences. /// class abstracts the differences.
▲ Show 20 LinesShow All 438 LinesShow Last 20 Lines

llvm/include/llvm/CodeGen/MachineFunction.h

Show First 20 LinesShow All 1,022 Lines▼ Show 20 Linespublic:
uint32_t *allocateRegMask(); uint32_t *allocateRegMask();
ArrayRef<int> allocateShuffleMask(ArrayRef<int> Mask); ArrayRef<int> allocateShuffleMask(ArrayRef<int> Mask);
/// Allocate and construct an extra info structure for a `MachineInstr`. /// Allocate and construct an extra info structure for a `MachineInstr`.
/// ///
/// This is allocated on the function's allocator and so lives the life of /// This is allocated on the function's allocator and so lives the life of
/// the function. /// the function.
MachineInstr::ExtraInfo *createMIExtraInfo( MachineInstr::ExtraInfo *
ArrayRef<MachineMemOperand *> MMOs, MCSymbol *PreInstrSymbol = nullptr, createMIExtraInfo(ArrayRef<MachineMemOperand *> MMOs,
MCSymbol *PostInstrSymbol = nullptr, MDNode *HeapAllocMarker = nullptr); MCSymbol *PreInstrSymbol = nullptr,
MCSymbol *PostInstrSymbol = nullptr,
MDNode *HeapAllocMarker = nullptr, uint32_t CFIType = 0);
/// Allocate a string and populate it with the given external symbol name. /// Allocate a string and populate it with the given external symbol name.
const char *createExternalSymbolName(StringRef Name); const char *createExternalSymbolName(StringRef Name);
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
// Label Manipulation. // Label Manipulation.
/// getJTISymbol - Return the MCSymbol for the specified non-empty jump table. /// getJTISymbol - Return the MCSymbol for the specified non-empty jump table.
▲ Show 20 LinesShow All 301 LinesShow Last 20 Lines

llvm/include/llvm/CodeGen/MachineInstr.h

Show All 10 Lines
// the back end. // the back end.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_CODEGEN_MACHINEINSTR_H #ifndef LLVM_CODEGEN_MACHINEINSTR_H
#define LLVM_CODEGEN_MACHINEINSTR_H #define LLVM_CODEGEN_MACHINEINSTR_H
#include "llvm/ADT/DenseMapInfo.h" #include "llvm/ADT/DenseMapInfo.h"
#include "llvm/ADT/PointerEmbeddedInt.h"
#include "llvm/ADT/PointerSumType.h" #include "llvm/ADT/PointerSumType.h"
#include "llvm/ADT/SmallSet.h" #include "llvm/ADT/SmallSet.h"
#include "llvm/ADT/ilist.h" #include "llvm/ADT/ilist.h"
#include "llvm/ADT/ilist_node.h" #include "llvm/ADT/ilist_node.h"
#include "llvm/ADT/iterator_range.h" #include "llvm/ADT/iterator_range.h"
#include "llvm/CodeGen/MachineMemOperand.h" #include "llvm/CodeGen/MachineMemOperand.h"
#include "llvm/CodeGen/MachineOperand.h" #include "llvm/CodeGen/MachineOperand.h"
#include "llvm/CodeGen/TargetOpcodes.h" #include "llvm/CodeGen/TargetOpcodes.h"
▲ Show 20 LinesShow All 112 Lines▼ Show 20 Linesprivate:
OperandCapacity CapOperands; // Capacity of the Operands array. OperandCapacity CapOperands; // Capacity of the Operands array.
/// Internal implementation detail class that provides out-of-line storage for /// Internal implementation detail class that provides out-of-line storage for
/// extra info used by the machine instruction when this info cannot be stored /// extra info used by the machine instruction when this info cannot be stored
/// in-line within the instruction itself. /// in-line within the instruction itself.
/// ///
/// This has to be defined eagerly due to the implementation constraints of /// This has to be defined eagerly due to the implementation constraints of
/// `PointerSumType` where it is used. /// `PointerSumType` where it is used.
class ExtraInfo final class ExtraInfo final : TrailingObjects<ExtraInfo, MachineMemOperand *,
: TrailingObjects<ExtraInfo, MachineMemOperand *, MCSymbol *, MDNode *> { MCSymbol *, MDNode *, uint32_t> {
public: public:
static ExtraInfo *create(BumpPtrAllocator &Allocator, static ExtraInfo *create(BumpPtrAllocator &Allocator,
ArrayRef<MachineMemOperand *> MMOs, ArrayRef<MachineMemOperand *> MMOs,
MCSymbol *PreInstrSymbol = nullptr, MCSymbol *PreInstrSymbol = nullptr,
MCSymbol *PostInstrSymbol = nullptr, MCSymbol *PostInstrSymbol = nullptr,
MDNode *HeapAllocMarker = nullptr) { MDNode *HeapAllocMarker = nullptr,
uint32_t CFIType = 0) {
bool HasPreInstrSymbol = PreInstrSymbol != nullptr; bool HasPreInstrSymbol = PreInstrSymbol != nullptr;
bool HasPostInstrSymbol = PostInstrSymbol != nullptr; bool HasPostInstrSymbol = PostInstrSymbol != nullptr;
bool HasHeapAllocMarker = HeapAllocMarker != nullptr; bool HasHeapAllocMarker = HeapAllocMarker != nullptr;
bool HasCFIType = CFIType != 0;
auto *Result = new (Allocator.Allocate( auto *Result = new (Allocator.Allocate(
totalSizeToAlloc<MachineMemOperand *, MCSymbol *, MDNode *>( totalSizeToAlloc<MachineMemOperand *, MCSymbol *, MDNode *, uint32_t>(
MMOs.size(), HasPreInstrSymbol + HasPostInstrSymbol, MMOs.size(), HasPreInstrSymbol + HasPostInstrSymbol,
HasHeapAllocMarker), HasHeapAllocMarker, HasCFIType),
alignof(ExtraInfo))) alignof(ExtraInfo)))
ExtraInfo(MMOs.size(), HasPreInstrSymbol, HasPostInstrSymbol, ExtraInfo(MMOs.size(), HasPreInstrSymbol, HasPostInstrSymbol,
HasHeapAllocMarker); HasHeapAllocMarker, HasCFIType);
// Copy the actual data into the trailing objects. // Copy the actual data into the trailing objects.
std::copy(MMOs.begin(), MMOs.end(), std::copy(MMOs.begin(), MMOs.end(),
Result->getTrailingObjects<MachineMemOperand *>()); Result->getTrailingObjects<MachineMemOperand *>());
if (HasPreInstrSymbol) if (HasPreInstrSymbol)
Result->getTrailingObjects<MCSymbol *>()[0] = PreInstrSymbol; Result->getTrailingObjects<MCSymbol *>()[0] = PreInstrSymbol;
if (HasPostInstrSymbol) if (HasPostInstrSymbol)
Result->getTrailingObjects<MCSymbol *>()[HasPreInstrSymbol] = Result->getTrailingObjects<MCSymbol *>()[HasPreInstrSymbol] =
PostInstrSymbol; PostInstrSymbol;
if (HasHeapAllocMarker) if (HasHeapAllocMarker)
Result->getTrailingObjects<MDNode *>()[0] = HeapAllocMarker; Result->getTrailingObjects<MDNode *>()[0] = HeapAllocMarker;
if (HasCFIType)
Result->getTrailingObjects<uint32_t>()[0] = CFIType;
return Result; return Result;
} }
ArrayRef<MachineMemOperand *> getMMOs() const { ArrayRef<MachineMemOperand *> getMMOs() const {
return makeArrayRef(getTrailingObjects<MachineMemOperand *>(), NumMMOs); return makeArrayRef(getTrailingObjects<MachineMemOperand *>(), NumMMOs);
} }
MCSymbol *getPreInstrSymbol() const { MCSymbol *getPreInstrSymbol() const {
return HasPreInstrSymbol ? getTrailingObjects<MCSymbol *>()[0] : nullptr; return HasPreInstrSymbol ? getTrailingObjects<MCSymbol *>()[0] : nullptr;
} }
MCSymbol *getPostInstrSymbol() const { MCSymbol *getPostInstrSymbol() const {
return HasPostInstrSymbol return HasPostInstrSymbol
? getTrailingObjects<MCSymbol *>()[HasPreInstrSymbol] ? getTrailingObjects<MCSymbol *>()[HasPreInstrSymbol]
: nullptr; : nullptr;
} }
MDNode *getHeapAllocMarker() const { MDNode *getHeapAllocMarker() const {
return HasHeapAllocMarker ? getTrailingObjects<MDNode *>()[0] : nullptr; return HasHeapAllocMarker ? getTrailingObjects<MDNode *>()[0] : nullptr;
} }
uint32_t getCFIType() const {
return HasCFIType ? getTrailingObjects<uint32_t>()[0] : 0;
}
private: private:
friend TrailingObjects; friend TrailingObjects;
// Description of the extra info, used to interpret the actual optional // Description of the extra info, used to interpret the actual optional
// data appended. // data appended.
// //
// Note that this is not terribly space optimized. This leaves a great deal // Note that this is not terribly space optimized. This leaves a great deal
// of flexibility to fit more in here later. // of flexibility to fit more in here later.
const int NumMMOs; const int NumMMOs;
const bool HasPreInstrSymbol; const bool HasPreInstrSymbol;
const bool HasPostInstrSymbol; const bool HasPostInstrSymbol;
const bool HasHeapAllocMarker; const bool HasHeapAllocMarker;
const bool HasCFIType;
// Implement the `TrailingObjects` internal API. // Implement the `TrailingObjects` internal API.
size_t numTrailingObjects(OverloadToken<MachineMemOperand *>) const { size_t numTrailingObjects(OverloadToken<MachineMemOperand *>) const {
return NumMMOs; return NumMMOs;
} }
size_t numTrailingObjects(OverloadToken<MCSymbol *>) const { size_t numTrailingObjects(OverloadToken<MCSymbol *>) const {
return HasPreInstrSymbol + HasPostInstrSymbol; return HasPreInstrSymbol + HasPostInstrSymbol;
} }
size_t numTrailingObjects(OverloadToken<MDNode *>) const { size_t numTrailingObjects(OverloadToken<MDNode *>) const {
return HasHeapAllocMarker; return HasHeapAllocMarker;
} }
size_t numTrailingObjects(OverloadToken<uint32_t>) const {
return HasCFIType;
}
// Just a boring constructor to allow us to initialize the sizes. Always use // Just a boring constructor to allow us to initialize the sizes. Always use
// the `create` routine above. // the `create` routine above.
ExtraInfo(int NumMMOs, bool HasPreInstrSymbol, bool HasPostInstrSymbol, ExtraInfo(int NumMMOs, bool HasPreInstrSymbol, bool HasPostInstrSymbol,
bool HasHeapAllocMarker) bool HasHeapAllocMarker, bool HasCFIType)
: NumMMOs(NumMMOs), HasPreInstrSymbol(HasPreInstrSymbol), : NumMMOs(NumMMOs), HasPreInstrSymbol(HasPreInstrSymbol),
HasPostInstrSymbol(HasPostInstrSymbol), HasPostInstrSymbol(HasPostInstrSymbol),
HasHeapAllocMarker(HasHeapAllocMarker) {} HasHeapAllocMarker(HasHeapAllocMarker), HasCFIType(HasCFIType) {}
}; };
/// Enumeration of the kinds of inline extra info available. It is important /// Enumeration of the kinds of inline extra info available. It is important
/// that the `MachineMemOperand` inline kind has a tag value of zero to make /// that the `MachineMemOperand` inline kind has a tag value of zero to make
/// it accessible as an `ArrayRef`. /// it accessible as an `ArrayRef`.
enum ExtraInfoInlineKinds { enum ExtraInfoInlineKinds {
EIIK_MMO = 0, EIIK_MMO = 0,
EIIK_PreInstrSymbol, EIIK_PreInstrSymbol,
EIIK_PostInstrSymbol, EIIK_PostInstrSymbol,
EIIK_CFIType,
EIIK_OutOfLine EIIK_OutOfLine
}; };
// We store extra information about the instruction here. The common case is // We store extra information about the instruction here. The common case is
// expected to be nothing or a single pointer (typically a MMO or a symbol). // expected to be nothing or a single pointer (typically a MMO or a symbol).
// We work to optimize this common case by storing it inline here rather than // We work to optimize this common case by storing it inline here rather than
// requiring a separate allocation, but we fall back to an allocation when // requiring a separate allocation, but we fall back to an allocation when
// multiple pointers are needed. // multiple pointers are needed.
PointerSumType<ExtraInfoInlineKinds, PointerSumType<
PointerSumTypeMember<EIIK_MMO, MachineMemOperand *>, ExtraInfoInlineKinds, PointerSumTypeMember<EIIK_MMO, MachineMemOperand *>,
PointerSumTypeMember<EIIK_PreInstrSymbol, MCSymbol *>, PointerSumTypeMember<EIIK_PreInstrSymbol, MCSymbol *>,
PointerSumTypeMember<EIIK_PostInstrSymbol, MCSymbol *>, PointerSumTypeMember<EIIK_PostInstrSymbol, MCSymbol *>,
PointerSumTypeMember<EIIK_CFIType, PointerEmbeddedInt<uint32_t, 32>>,
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

This fails on 32-bit architectures as PointerEmbeddedInt doesn't allow storing 32 bits in a 32-bit pointer:

// Note: This '<' is correct; using '<=' would result in some shifts
// overflowing their storage types.
static_assert(Bits < sizeof(uintptr_t) * CHAR_BIT,
              "Cannot embed more bits than we have in a pointer!")
samitolvanen: This fails on 32-bit architectures as `PointerEmbeddedInt` doesn't allow storing 32 bits in a…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

PointerSumType also needs space for a tag, which we don't have in a 32-bit pointer. Looks like we just need to always store CFIType in ExtraInfo to avoid this issue, similarly to HeapAllocMarker.

samitolvanen: `PointerSumType` also needs space for a tag, which we don't have in a 32-bit pointer. Looks…
PointerSumTypeMember<EIIK_OutOfLine, ExtraInfo *>> PointerSumTypeMember<EIIK_OutOfLine, ExtraInfo *>>
Info; Info;
DebugLoc DbgLoc; // Source line information. DebugLoc DbgLoc; // Source line information.
/// Unique instruction number. Used by DBG_INSTR_REFs to refer to the values /// Unique instruction number. Used by DBG_INSTR_REFs to refer to the values
/// defined by this instruction. /// defined by this instruction.
unsigned DebugInstrNum; unsigned DebugInstrNum;
▲ Show 20 LinesShow All 492 Lines▼ Show 20 Lines MDNode *getHeapAllocMarker() const {
if (!Info) if (!Info)
return nullptr; return nullptr;
if (ExtraInfo *EI = Info.get<EIIK_OutOfLine>()) if (ExtraInfo *EI = Info.get<EIIK_OutOfLine>())
return EI->getHeapAllocMarker(); return EI->getHeapAllocMarker();
return nullptr; return nullptr;
} }
/// Helper to extract a CFI type hash if one has been added.
uint32_t getCFIType() const {
if (!Info)
return 0;
if (uint32_t Type = Info.get<EIIK_CFIType>())
return Type;
if (ExtraInfo *EI = Info.get<EIIK_OutOfLine>())
return EI->getCFIType();
return 0;
}
/// API for querying MachineInstr properties. They are the same as MCInstrDesc /// API for querying MachineInstr properties. They are the same as MCInstrDesc
/// queries but they are bundle aware. /// queries but they are bundle aware.
enum QueryType { enum QueryType {
IgnoreBundle, // Ignore bundles IgnoreBundle, // Ignore bundles
AnyInBundle, // Return true if any instruction in bundle has property AnyInBundle, // Return true if any instruction in bundle has property
AllInBundle // Return true if all instructions in bundle have property AllInBundle // Return true if all instructions in bundle have property
}; };
▲ Show 20 LinesShow All 1,015 Lines▼ Show 20 Lines
void cloneInstrSymbols(MachineFunction &MF, const MachineInstr &MI); void cloneInstrSymbols(MachineFunction &MF, const MachineInstr &MI);
/// Set a marker on instructions that denotes where we should create and emit /// Set a marker on instructions that denotes where we should create and emit
/// heap alloc site labels. This waits until after instruction selection and /// heap alloc site labels. This waits until after instruction selection and
/// optimizations to create the label, so it should still work if the /// optimizations to create the label, so it should still work if the
/// instruction is removed or duplicated. /// instruction is removed or duplicated.
void setHeapAllocMarker(MachineFunction &MF, MDNode *MD); void setHeapAllocMarker(MachineFunction &MF, MDNode *MD);
/// Set the CFI type for the instruction.
void setCFIType(MachineFunction &MF, uint32_t Type);
/// Return the MIFlags which represent both MachineInstrs. This /// Return the MIFlags which represent both MachineInstrs. This
/// should be used when merging two MachineInstrs into one. This routine does /// should be used when merging two MachineInstrs into one. This routine does
/// not modify the MIFlags of this MachineInstr. /// not modify the MIFlags of this MachineInstr.
uint16_t mergeFlagsWith(const MachineInstr& Other) const; uint16_t mergeFlagsWith(const MachineInstr& Other) const;
static uint16_t copyFlagsFromInstruction(const Instruction &I); static uint16_t copyFlagsFromInstruction(const Instruction &I);
/// Copy all flags to MachineInst MIFlags /// Copy all flags to MachineInst MIFlags
▲ Show 20 LinesShow All 62 Lines▼ Show 20 Linesprivate:
const TargetRegisterClass *getRegClassConstraintEffectForVRegImpl( const TargetRegisterClass *getRegClassConstraintEffectForVRegImpl(
unsigned OpIdx, Register Reg, const TargetRegisterClass *CurRC, unsigned OpIdx, Register Reg, const TargetRegisterClass *CurRC,
const TargetInstrInfo *TII, const TargetRegisterInfo *TRI) const; const TargetInstrInfo *TII, const TargetRegisterInfo *TRI) const;
/// Stores extra instruction information inline or allocates as ExtraInfo /// Stores extra instruction information inline or allocates as ExtraInfo
/// based on the number of pointers. /// based on the number of pointers.
void setExtraInfo(MachineFunction &MF, ArrayRef<MachineMemOperand *> MMOs, void setExtraInfo(MachineFunction &MF, ArrayRef<MachineMemOperand *> MMOs,
MCSymbol *PreInstrSymbol, MCSymbol *PostInstrSymbol, MCSymbol *PreInstrSymbol, MCSymbol *PostInstrSymbol,
MDNode *HeapAllocMarker); MDNode *HeapAllocMarker, uint32_t CFIType);
}; };
/// Special DenseMapInfo traits to compare MachineInstr* by *value* of the /// Special DenseMapInfo traits to compare MachineInstr* by *value* of the
/// instruction rather than by pointer value. /// instruction rather than by pointer value.
/// The hashing and equality testing functions ignore definitions so this is /// The hashing and equality testing functions ignore definitions so this is
/// useful for CSE, etc. /// useful for CSE, etc.
struct MachineInstrExpressionTrait : DenseMapInfo<MachineInstr*> { struct MachineInstrExpressionTrait : DenseMapInfo<MachineInstr*> {
static inline MachineInstr *getEmptyKey() { static inline MachineInstr *getEmptyKey() {
Show All 29 Lines

llvm/include/llvm/CodeGen/SelectionDAGNodes.h

Show First 20 LinesShow All 616 Lines▼ Show 20 Linesprivate:
/// Source line information. /// Source line information.
DebugLoc debugLoc; DebugLoc debugLoc;
/// Return a pointer to the specified value type. /// Return a pointer to the specified value type.
static const EVT *getValueTypeList(EVT VT); static const EVT *getValueTypeList(EVT VT);
SDNodeFlags Flags; SDNodeFlags Flags;
uint32_t CFIType = 0;
joaomoreiraUnsubmitted
Not Done
ReplyInline Actions

I wonder if CFIHash would be a more descriptive name.

joaomoreira: I wonder if CFIHash would be a more descriptive name.
public: public:
/// Unique and persistent id per SDNode in the DAG. Used for debug printing. /// Unique and persistent id per SDNode in the DAG. Used for debug printing.
/// We do not place that under `#if LLVM_ENABLE_ABI_BREAKING_CHECKS` /// We do not place that under `#if LLVM_ENABLE_ABI_BREAKING_CHECKS`
/// intentionally because it adds unneeded complexity without noticeable /// intentionally because it adds unneeded complexity without noticeable
/// benefits (see discussion with @thakis in D120714). /// benefits (see discussion with @thakis in D120714).
uint16_t PersistentId; uint16_t PersistentId;
//===--------------------------------------------------------------------===// //===--------------------------------------------------------------------===//
▲ Show 20 LinesShow All 333 Lines▼ Show 20 Lines#include "llvm/IR/ConstrainedOps.def"
SDNodeFlags getFlags() const { return Flags; } SDNodeFlags getFlags() const { return Flags; }
void setFlags(SDNodeFlags NewFlags) { Flags = NewFlags; } void setFlags(SDNodeFlags NewFlags) { Flags = NewFlags; }
/// Clear any flags in this node that aren't also set in Flags. /// Clear any flags in this node that aren't also set in Flags.
/// If Flags is not in a defined state then this has no effect. /// If Flags is not in a defined state then this has no effect.
void intersectFlagsWith(const SDNodeFlags Flags); void intersectFlagsWith(const SDNodeFlags Flags);
void setCFIType(uint32_t Type) { CFIType = Type; }
uint32_t getCFIType() const { return CFIType; }
/// Return the number of values defined/returned by this operator. /// Return the number of values defined/returned by this operator.
unsigned getNumValues() const { return NumValues; } unsigned getNumValues() const { return NumValues; }
/// Return the type of a specified result. /// Return the type of a specified result.
EVT getValueType(unsigned ResNo) const { EVT getValueType(unsigned ResNo) const {
assert(ResNo < NumValues && "Illegal result number!"); assert(ResNo < NumValues && "Illegal result number!");
return ValueList[ResNo]; return ValueList[ResNo];
} }
▲ Show 20 LinesShow All 2,130 LinesShow Last 20 Lines

llvm/include/llvm/CodeGen/TargetLowering.h

Show First 20 LinesShow All 3,927 Lines▼ Show 20 Linespublic:
} }
/// Return true if the target supports that a subset of CSRs for the given /// Return true if the target supports that a subset of CSRs for the given
/// machine function is handled explicitly via copies. /// machine function is handled explicitly via copies.
virtual bool supportSplitCSR(MachineFunction *MF) const { virtual bool supportSplitCSR(MachineFunction *MF) const {
return false; return false;
} }
/// Return true if the target supports kcfi operand bundles.
virtual bool supportKCFIBundles() const { return false; }
/// Perform necessary initialization to handle a subset of CSRs explicitly /// Perform necessary initialization to handle a subset of CSRs explicitly
/// via copies. This function is called at the beginning of instruction /// via copies. This function is called at the beginning of instruction
/// selection. /// selection.
virtual void initializeSplitCSR(MachineBasicBlock *Entry) const { virtual void initializeSplitCSR(MachineBasicBlock *Entry) const {
llvm_unreachable("Not Implemented"); llvm_unreachable("Not Implemented");
} }
/// Insert explicit copies in entry and exit blocks. We copy a subset of /// Insert explicit copies in entry and exit blocks. We copy a subset of
▲ Show 20 LinesShow All 103 Lines▼ Show 20 Lines struct CallLoweringInfo {
ArgListTy Args; ArgListTy Args;
SelectionDAG &DAG; SelectionDAG &DAG;
SDLoc DL; SDLoc DL;
const CallBase *CB = nullptr; const CallBase *CB = nullptr;
SmallVector<ISD::OutputArg, 32> Outs; SmallVector<ISD::OutputArg, 32> Outs;
SmallVector<SDValue, 32> OutVals; SmallVector<SDValue, 32> OutVals;
SmallVector<ISD::InputArg, 32> Ins; SmallVector<ISD::InputArg, 32> Ins;
SmallVector<SDValue, 4> InVals; SmallVector<SDValue, 4> InVals;
const ConstantInt *CFIType = nullptr;
CallLoweringInfo(SelectionDAG &DAG) CallLoweringInfo(SelectionDAG &DAG)
: RetSExt(false), RetZExt(false), IsVarArg(false), IsInReg(false), : RetSExt(false), RetZExt(false), IsVarArg(false), IsInReg(false),
DoesNotReturn(false), IsReturnValueUsed(true), IsConvergent(false), DoesNotReturn(false), IsReturnValueUsed(true), IsConvergent(false),
IsPatchPoint(false), IsPreallocated(false), NoMerge(false), IsPatchPoint(false), IsPreallocated(false), NoMerge(false),
DAG(DAG) {} DAG(DAG) {}
CallLoweringInfo &setDebugLoc(const SDLoc &dl) { CallLoweringInfo &setDebugLoc(const SDLoc &dl) {
▲ Show 20 LinesShow All 106 Lines▼ Show 20 Lines CallLoweringInfo &setIsPreallocated(bool Value = true) {
return *this; return *this;
} }
CallLoweringInfo &setIsPostTypeLegalization(bool Value=true) { CallLoweringInfo &setIsPostTypeLegalization(bool Value=true) {
IsPostTypeLegalization = Value; IsPostTypeLegalization = Value;
return *this; return *this;
} }
CallLoweringInfo &setCFIType(const ConstantInt *Type) {
CFIType = Type;
return *this;
}
ArgListTy &getArgs() { ArgListTy &getArgs() {
return Args; return Args;
} }
}; };
/// This structure is used to pass arguments to makeLibCall function. /// This structure is used to pass arguments to makeLibCall function.
struct MakeLibCallOptions { struct MakeLibCallOptions {
// By passing type list before soften to makeLibCall, the target hook // By passing type list before soften to makeLibCall, the target hook
▲ Show 20 LinesShow All 829 LinesShow Last 20 Lines

llvm/include/llvm/IR/FixedMetadataKinds.def

Show First 20 LinesShow All 41 Lines▼ Show 20 Lines
LLVM_FIXED_MD_KIND(MD_vcall_visibility, "vcall_visibility", 28) LLVM_FIXED_MD_KIND(MD_vcall_visibility, "vcall_visibility", 28)
LLVM_FIXED_MD_KIND(MD_noundef, "noundef", 29) LLVM_FIXED_MD_KIND(MD_noundef, "noundef", 29)
LLVM_FIXED_MD_KIND(MD_annotation, "annotation", 30) LLVM_FIXED_MD_KIND(MD_annotation, "annotation", 30)
LLVM_FIXED_MD_KIND(MD_nosanitize, "nosanitize", 31) LLVM_FIXED_MD_KIND(MD_nosanitize, "nosanitize", 31)
LLVM_FIXED_MD_KIND(MD_func_sanitize, "func_sanitize", 32) LLVM_FIXED_MD_KIND(MD_func_sanitize, "func_sanitize", 32)
LLVM_FIXED_MD_KIND(MD_exclude, "exclude", 33) LLVM_FIXED_MD_KIND(MD_exclude, "exclude", 33)
LLVM_FIXED_MD_KIND(MD_memprof, "memprof", 34) LLVM_FIXED_MD_KIND(MD_memprof, "memprof", 34)
LLVM_FIXED_MD_KIND(MD_callsite, "callsite", 35) LLVM_FIXED_MD_KIND(MD_callsite, "callsite", 35)
LLVM_FIXED_MD_KIND(MD_kcfi_type, "kcfi_type", 36)

llvm/include/llvm/IR/InstrTypes.h

Show First 20 LinesShow All 2,073 Lines▼ Show 20 Linespublic:
bool hasReadingOperandBundles() const; bool hasReadingOperandBundles() const;
/// Return true if this operand bundle user has operand bundles that /// Return true if this operand bundle user has operand bundles that
/// may write to the heap. /// may write to the heap.
bool hasClobberingOperandBundles() const { bool hasClobberingOperandBundles() const {
for (const auto &BOI : bundle_op_infos()) { for (const auto &BOI : bundle_op_infos()) {
if (BOI.Tag->second == LLVMContext::OB_deopt || if (BOI.Tag->second == LLVMContext::OB_deopt ||
BOI.Tag->second == LLVMContext::OB_funclet || BOI.Tag->second == LLVMContext::OB_funclet ||
BOI.Tag->second == LLVMContext::OB_ptrauth) BOI.Tag->second == LLVMContext::OB_ptrauth ||
BOI.Tag->second == LLVMContext::OB_kcfi)
continue; continue;
// This instruction has an operand bundle that is not known to us. // This instruction has an operand bundle that is not known to us.
// Assume the worst. // Assume the worst.
return true; return true;
} }
return false; return false;
▲ Show 20 LinesShow All 348 LinesShow Last 20 Lines

llvm/include/llvm/IR/LLVMContext.h

Show First 20 LinesShow All 88 Lines▼ Show 20 Lines enum : unsigned {
OB_deopt = 0, // "deopt" OB_deopt = 0, // "deopt"
OB_funclet = 1, // "funclet" OB_funclet = 1, // "funclet"
OB_gc_transition = 2, // "gc-transition" OB_gc_transition = 2, // "gc-transition"
OB_cfguardtarget = 3, // "cfguardtarget" OB_cfguardtarget = 3, // "cfguardtarget"
OB_preallocated = 4, // "preallocated" OB_preallocated = 4, // "preallocated"
OB_gc_live = 5, // "gc-live" OB_gc_live = 5, // "gc-live"
OB_clang_arc_attachedcall = 6, // "clang.arc.attachedcall" OB_clang_arc_attachedcall = 6, // "clang.arc.attachedcall"
OB_ptrauth = 7, // "ptrauth" OB_ptrauth = 7, // "ptrauth"
OB_kcfi = 8, // "kcfi"
}; };
/// getMDKindID - Return a unique non-zero ID for the specified metadata kind. /// getMDKindID - Return a unique non-zero ID for the specified metadata kind.
/// This ID is uniqued across modules in the current LLVMContext. /// This ID is uniqued across modules in the current LLVMContext.
unsigned getMDKindID(StringRef Name) const; unsigned getMDKindID(StringRef Name) const;
/// getMDKindNames - Populate client supplied SmallVector with the name for /// getMDKindNames - Populate client supplied SmallVector with the name for
/// custom metadata IDs registered in this LLVMContext. /// custom metadata IDs registered in this LLVMContext.
▲ Show 20 LinesShow All 248 LinesShow Last 20 Lines

llvm/include/llvm/MC/MCObjectFileInfo.h

Show All 10 Lines
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#ifndef LLVM_MC_MCOBJECTFILEINFO_H #ifndef LLVM_MC_MCOBJECTFILEINFO_H
#define LLVM_MC_MCOBJECTFILEINFO_H #define LLVM_MC_MCOBJECTFILEINFO_H
#include "llvm/ADT/Optional.h" #include "llvm/ADT/Optional.h"
#include "llvm/ADT/Triple.h" #include "llvm/ADT/Triple.h"
#include "llvm/BinaryFormat/Swift.h" #include "llvm/BinaryFormat/Swift.h"
#include "llvm/MC/MCSection.h"
#include "llvm/Support/VersionTuple.h" #include "llvm/Support/VersionTuple.h"
#include <array> #include <array>
namespace llvm { namespace llvm {
class MCContext; class MCContext;
class MCSection; class MCSection;
▲ Show 20 LinesShow All 327 Lines▼ Show 20 Linespublic:
MCSection *getStackMapSection() const { return StackMapSection; } MCSection *getStackMapSection() const { return StackMapSection; }
MCSection *getFaultMapSection() const { return FaultMapSection; } MCSection *getFaultMapSection() const { return FaultMapSection; }
MCSection *getRemarksSection() const { return RemarksSection; } MCSection *getRemarksSection() const { return RemarksSection; }
MCSection *getStackSizesSection(const MCSection &TextSec) const; MCSection *getStackSizesSection(const MCSection &TextSec) const;
MCSection *getBBAddrMapSection(const MCSection &TextSec) const; MCSection *getBBAddrMapSection(const MCSection &TextSec) const;
MCSection *getKCFITrapSection(const MCSection &TextSec) const;
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

can we take a StringRef instead (and include the right header)?

nickdesaulniers: can we take a StringRef instead (and include the right header)?
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

and include the right headers for both parameters?

nickdesaulniers: and include the right headers for both parameters?
MCSection *getPseudoProbeSection(const MCSection *TextSec) const; MCSection *getPseudoProbeSection(const MCSection *TextSec) const;
MCSection *getPseudoProbeDescSection(StringRef FuncName) const; MCSection *getPseudoProbeDescSection(StringRef FuncName) const;
// ELF specific sections. // ELF specific sections.
MCSection *getDataRelROSection() const { return DataRelROSection; } MCSection *getDataRelROSection() const { return DataRelROSection; }
const MCSection *getMergeableConst4Section() const { const MCSection *getMergeableConst4Section() const {
return MergeableConst4Section; return MergeableConst4Section;
▲ Show 20 LinesShow All 123 LinesShow Last 20 Lines

llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp

Show First 20 LinesShow All 929 Lines▼ Show 20 Lines if (MAI->hasSubsectionsViaSymbols()) {
// and use the .alt_entry attribute to mark the function's real entry point // and use the .alt_entry attribute to mark the function's real entry point
// as an alternative entry point to the prefix-data symbol. // as an alternative entry point to the prefix-data symbol.
MCSymbol *PrefixSym = OutContext.createLinkerPrivateTempSymbol(); MCSymbol *PrefixSym = OutContext.createLinkerPrivateTempSymbol();
OutStreamer->emitLabel(PrefixSym); OutStreamer->emitLabel(PrefixSym);
emitGlobalConstant(F.getParent()->getDataLayout(), F.getPrefixData()); emitGlobalConstant(F.getParent()->getDataLayout(), F.getPrefixData());
// Emit an .alt_entry directive for the actual function symbol. // Emit an .alt_entry directive for the actual function symbol.
OutStreamer->emitSymbolAttribute(CurrentFnSym, MCSA_AltEntry); OutStreamer->emitSymbolAttribute(CurrentFnSym, MCSA_AltEntry);
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

consider saving this to a bool scoped to the if (F.hasPrefixData()) { block.

nickdesaulniers: consider saving this to a `bool` scoped to the `if (F.hasPrefixData()) {` block.
} else { } else {
emitGlobalConstant(F.getParent()->getDataLayout(), F.getPrefixData()); emitGlobalConstant(F.getParent()->getDataLayout(), F.getPrefixData());
} }
} }
// Emit KCFI type information before patchable-function-prefix nops.
emitKCFITypeId(*MF);
// Emit M NOPs for -fpatchable-function-entry=N,M where M>0. We arbitrarily // Emit M NOPs for -fpatchable-function-entry=N,M where M>0. We arbitrarily
// place prefix data before NOPs. // place prefix data before NOPs.
unsigned PatchableFunctionPrefix = 0; unsigned PatchableFunctionPrefix = 0;
unsigned PatchableFunctionEntry = 0; unsigned PatchableFunctionEntry = 0;
(void)F.getFnAttribute("patchable-function-prefix") (void)F.getFnAttribute("patchable-function-prefix")
.getValueAsString() .getValueAsString()
.getAsInteger(10, PatchableFunctionPrefix); .getAsInteger(10, PatchableFunctionPrefix);
(void)F.getFnAttribute("patchable-function-entry") (void)F.getFnAttribute("patchable-function-entry")
▲ Show 20 LinesShow All 395 Lines▼ Show 20 Lines for (const MachineBasicBlock &MBB : MF) {
// always be computed from their offsets. // always be computed from their offsets.
emitLabelDifferenceAsULEB128(MBB.getEndSymbol(), MBBSymbol); emitLabelDifferenceAsULEB128(MBB.getEndSymbol(), MBBSymbol);
OutStreamer->emitULEB128IntValue(getBBAddrMapMetadata(MBB)); OutStreamer->emitULEB128IntValue(getBBAddrMapMetadata(MBB));
PrevMBBEndSymbol = MBB.getEndSymbol(); PrevMBBEndSymbol = MBB.getEndSymbol();
} }
OutStreamer->popSection(); OutStreamer->popSection();
} }
void AsmPrinter::emitKCFITrapEntry(const MachineFunction &MF,
const MCSymbol *Symbol) {
MCSection *Section =
getObjFileLowering().getKCFITrapSection(*MF.getSection());
if (!Section)
return;
MaskRayUnsubmitted
Done
ReplyInline Actions

early return

MaskRay: early return
OutStreamer->pushSection();
OutStreamer->switchSection(Section);
MCSymbol *Loc = OutContext.createLinkerPrivateTempSymbol();
OutStreamer->emitLabel(Loc);
MaskRayUnsubmitted
Done
ReplyInline Actions

Use getCodePointerSIze().

A 4-byte PC-relative relocation is insufficient if text and data are more than 31-bit away.

MaskRay: Use getCodePointerSIze(). A 4-byte PC-relative relocation is insufficient if text and data are…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Use getCodePointerSIze().

A 4-byte PC-relative relocation is insufficient if text and data are more than 31-bit away.

I did use that earlier, but the kernel maintainers specifically requested that I use a 32-bit offset instead to reduce memory overhead. The kernel uses this scheme also for static call addresses, so the 31-bit limit doesn't seem to be a concern in practise.

samitolvanen: > Use getCodePointerSIze(). > > A 4-byte PC-relative relocation is insufficient if text and…
OutStreamer->emitAbsoluteSymbolDiff(Symbol, Loc, 4);
OutStreamer->popSection();
}
void AsmPrinter::emitKCFITypeId(const MachineFunction &MF) {
const Function &F = MF.getFunction();
if (const MDNode *MD = F.getMetadata(LLVMContext::MD_kcfi_type))
emitGlobalConstant(F.getParent()->getDataLayout(),
mdconst::extract<ConstantInt>(MD->getOperand(0)));
}
void AsmPrinter::emitPseudoProbe(const MachineInstr &MI) { void AsmPrinter::emitPseudoProbe(const MachineInstr &MI) {
if (PP) { if (PP) {
auto GUID = MI.getOperand(0).getImm(); auto GUID = MI.getOperand(0).getImm();
auto Index = MI.getOperand(1).getImm(); auto Index = MI.getOperand(1).getImm();
auto Type = MI.getOperand(2).getImm(); auto Type = MI.getOperand(2).getImm();
auto Attr = MI.getOperand(3).getImm(); auto Attr = MI.getOperand(3).getImm();
DILocation *DebugLoc = MI.getDebugLoc(); DILocation *DebugLoc = MI.getDebugLoc();
PP->emitPseudoProbe(GUID, Index, Type, Attr, DebugLoc); PP->emitPseudoProbe(GUID, Index, Type, Attr, DebugLoc);
▲ Show 20 LinesShow All 2,541 LinesShow Last 20 Lines

llvm/lib/CodeGen/GlobalISel/CallLowering.cpp

Show First 20 LinesShow All 149 Lines▼ Show 20 Lines if (MaybeAlign Alignment = CB.getRetAlign()) {
if (*Alignment > Align(1)) { if (*Alignment > Align(1)) {
ReturnHintAlignReg = MRI.cloneVirtualRegister(ResRegs[0]); ReturnHintAlignReg = MRI.cloneVirtualRegister(ResRegs[0]);
Info.OrigRet.Regs[0] = ReturnHintAlignReg; Info.OrigRet.Regs[0] = ReturnHintAlignReg;
ReturnHintAlign = *Alignment; ReturnHintAlign = *Alignment;
} }
} }
} }
auto Bundle = CB.getOperandBundle(LLVMContext::OB_kcfi);
if (Bundle && CB.isIndirectCall()) {
Info.CFIType = cast<ConstantInt>(Bundle->Inputs[0]);
assert(Info.CFIType->getType()->isIntegerTy(32) && "Invalid CFI type");
}
Info.CB = &CB; Info.CB = &CB;
Info.KnownCallees = CB.getMetadata(LLVMContext::MD_callees); Info.KnownCallees = CB.getMetadata(LLVMContext::MD_callees);
Info.CallConv = CallConv; Info.CallConv = CallConv;
Info.SwiftErrorVReg = SwiftErrorVReg; Info.SwiftErrorVReg = SwiftErrorVReg;
Info.IsMustTailCall = CB.isMustTailCall(); Info.IsMustTailCall = CB.isMustTailCall();
Info.IsTailCall = CanBeTailCalled; Info.IsTailCall = CanBeTailCalled;
Info.IsVarArg = IsVarArg; Info.IsVarArg = IsVarArg;
if (!lowerCall(MIRBuilder, Info)) if (!lowerCall(MIRBuilder, Info))
▲ Show 20 LinesShow All 1,052 LinesShow Last 20 Lines

llvm/lib/CodeGen/MIRParser/MILexer.h

Show First 20 LinesShow All 119 Lines▼ Show 20 Lines enum TokenKind {
kw_liveins, kw_liveins,
kw_successors, kw_successors,
kw_floatpred, kw_floatpred,
kw_intpred, kw_intpred,
kw_shufflemask, kw_shufflemask,
kw_pre_instr_symbol, kw_pre_instr_symbol,
kw_post_instr_symbol, kw_post_instr_symbol,
kw_heap_alloc_marker, kw_heap_alloc_marker,
kw_cfi_type,
kw_bbsections, kw_bbsections,
kw_unknown_size, kw_unknown_size,
kw_unknown_address, kw_unknown_address,
kw_ir_block_address_taken, kw_ir_block_address_taken,
kw_machine_block_address_taken, kw_machine_block_address_taken,
// Metadata types. // Metadata types.
kw_distinct, kw_distinct,
▲ Show 20 LinesShow All 113 LinesShow Last 20 Lines

llvm/lib/CodeGen/MIRParser/MILexer.cpp

Show First 20 LinesShow All 264 Lines▼ Show 20 Lines return StringSwitch<MIToken::TokenKind>(Identifier)
.Case("liveins", MIToken::kw_liveins) .Case("liveins", MIToken::kw_liveins)
.Case("successors", MIToken::kw_successors) .Case("successors", MIToken::kw_successors)
.Case("floatpred", MIToken::kw_floatpred) .Case("floatpred", MIToken::kw_floatpred)
.Case("intpred", MIToken::kw_intpred) .Case("intpred", MIToken::kw_intpred)
.Case("shufflemask", MIToken::kw_shufflemask) .Case("shufflemask", MIToken::kw_shufflemask)
.Case("pre-instr-symbol", MIToken::kw_pre_instr_symbol) .Case("pre-instr-symbol", MIToken::kw_pre_instr_symbol)
.Case("post-instr-symbol", MIToken::kw_post_instr_symbol) .Case("post-instr-symbol", MIToken::kw_post_instr_symbol)
.Case("heap-alloc-marker", MIToken::kw_heap_alloc_marker) .Case("heap-alloc-marker", MIToken::kw_heap_alloc_marker)
.Case("cfi-type", MIToken::kw_cfi_type)
.Case("bbsections", MIToken::kw_bbsections) .Case("bbsections", MIToken::kw_bbsections)
.Case("unknown-size", MIToken::kw_unknown_size) .Case("unknown-size", MIToken::kw_unknown_size)
.Case("unknown-address", MIToken::kw_unknown_address) .Case("unknown-address", MIToken::kw_unknown_address)
.Case("distinct", MIToken::kw_distinct) .Case("distinct", MIToken::kw_distinct)
.Case("ir-block-address-taken", MIToken::kw_ir_block_address_taken) .Case("ir-block-address-taken", MIToken::kw_ir_block_address_taken)
.Case("machine-block-address-taken", MIToken::kw_machine_block_address_taken) .Case("machine-block-address-taken", MIToken::kw_machine_block_address_taken)
.Default(MIToken::Identifier); .Default(MIToken::Identifier);
} }
▲ Show 20 LinesShow All 482 LinesShow Last 20 Lines

llvm/lib/CodeGen/MIRParser/MIParser.cpp

Show First 20 LinesShow All 1,010 Lines▼ Show 20 Linesbool MIParser::parse(MachineInstr *&MI) {
unsigned OpCode, Flags = 0; unsigned OpCode, Flags = 0;
if (Token.isError() || parseInstruction(OpCode, Flags)) if (Token.isError() || parseInstruction(OpCode, Flags))
return true; return true;
// Parse the remaining machine operands. // Parse the remaining machine operands.
while (!Token.isNewlineOrEOF() && Token.isNot(MIToken::kw_pre_instr_symbol) && while (!Token.isNewlineOrEOF() && Token.isNot(MIToken::kw_pre_instr_symbol) &&
Token.isNot(MIToken::kw_post_instr_symbol) && Token.isNot(MIToken::kw_post_instr_symbol) &&
Token.isNot(MIToken::kw_heap_alloc_marker) && Token.isNot(MIToken::kw_heap_alloc_marker) &&
Token.isNot(MIToken::kw_cfi_type) &&
Token.isNot(MIToken::kw_debug_location) && Token.isNot(MIToken::kw_debug_location) &&
Token.isNot(MIToken::kw_debug_instr_number) && Token.isNot(MIToken::kw_debug_instr_number) &&
Token.isNot(MIToken::coloncolon) && Token.isNot(MIToken::lbrace)) { Token.isNot(MIToken::coloncolon) && Token.isNot(MIToken::lbrace)) {
auto Loc = Token.location(); auto Loc = Token.location();
Optional<unsigned> TiedDefIdx; Optional<unsigned> TiedDefIdx;
if (parseMachineOperandAndTargetFlags(OpCode, Operands.size(), MO, TiedDefIdx)) if (parseMachineOperandAndTargetFlags(OpCode, Operands.size(), MO, TiedDefIdx))
return true; return true;
Operands.push_back( Operands.push_back(
Show All 14 Linesbool MIParser::parse(MachineInstr *&MI) {
if (Token.is(MIToken::kw_post_instr_symbol)) if (Token.is(MIToken::kw_post_instr_symbol))
if (parsePreOrPostInstrSymbol(PostInstrSymbol)) if (parsePreOrPostInstrSymbol(PostInstrSymbol))
return true; return true;
MDNode *HeapAllocMarker = nullptr; MDNode *HeapAllocMarker = nullptr;
if (Token.is(MIToken::kw_heap_alloc_marker)) if (Token.is(MIToken::kw_heap_alloc_marker))
if (parseHeapAllocMarker(HeapAllocMarker)) if (parseHeapAllocMarker(HeapAllocMarker))
return true; return true;
unsigned CFIType = 0;
if (Token.is(MIToken::kw_cfi_type)) {
lex();
if (Token.isNot(MIToken::IntegerLiteral))
return error("expected an integer literal after 'cfi-type'");
// getUnsigned is sufficient for 32-bit integers.
if (getUnsigned(CFIType))
return true;
lex();
// Lex past trailing comma if present.
if (Token.is(MIToken::comma))
lex();
}
unsigned InstrNum = 0; unsigned InstrNum = 0;
if (Token.is(MIToken::kw_debug_instr_number)) { if (Token.is(MIToken::kw_debug_instr_number)) {
lex(); lex();
if (Token.isNot(MIToken::IntegerLiteral)) if (Token.isNot(MIToken::IntegerLiteral))
return error("expected an integer literal after 'debug-instr-number'"); return error("expected an integer literal after 'debug-instr-number'");
if (getUnsigned(InstrNum)) if (getUnsigned(InstrNum))
return true; return true;
lex(); lex();
▲ Show 20 LinesShow All 63 Lines▼ Show 20 Linesbool MIParser::parse(MachineInstr *&MI) {
if (assignRegisterTies(*MI, Operands)) if (assignRegisterTies(*MI, Operands))
return true; return true;
if (PreInstrSymbol) if (PreInstrSymbol)
MI->setPreInstrSymbol(MF, PreInstrSymbol); MI->setPreInstrSymbol(MF, PreInstrSymbol);
if (PostInstrSymbol) if (PostInstrSymbol)
MI->setPostInstrSymbol(MF, PostInstrSymbol); MI->setPostInstrSymbol(MF, PostInstrSymbol);
if (HeapAllocMarker) if (HeapAllocMarker)
MI->setHeapAllocMarker(MF, HeapAllocMarker); MI->setHeapAllocMarker(MF, HeapAllocMarker);
if (CFIType)
MI->setCFIType(MF, CFIType);
if (!MemOperands.empty()) if (!MemOperands.empty())
MI->setMemRefs(MF, MemOperands); MI->setMemRefs(MF, MemOperands);
if (InstrNum) if (InstrNum)
MI->setDebugInstrNum(InstrNum); MI->setDebugInstrNum(InstrNum);
return false; return false;
} }
bool MIParser::parseStandaloneMBB(MachineBasicBlock *&MBB) { bool MIParser::parseStandaloneMBB(MachineBasicBlock *&MBB) {
▲ Show 20 LinesShow All 2,381 LinesShow Last 20 Lines

llvm/lib/CodeGen/MIRPrinter.cpp

Show First 20 LinesShow All 813 Lines▼ Show 20 Linesvoid MIPrinter::print(const MachineInstr &MI) {
} }
if (MDNode *HeapAllocMarker = MI.getHeapAllocMarker()) { if (MDNode *HeapAllocMarker = MI.getHeapAllocMarker()) {
if (NeedComma) if (NeedComma)
OS << ','; OS << ',';
OS << " heap-alloc-marker "; OS << " heap-alloc-marker ";
HeapAllocMarker->printAsOperand(OS, MST); HeapAllocMarker->printAsOperand(OS, MST);
NeedComma = true; NeedComma = true;
} }
if (uint32_t CFIType = MI.getCFIType()) {
if (NeedComma)
OS << ',';
OS << " cfi-type " << CFIType;
NeedComma = true;
}
if (auto Num = MI.peekDebugInstrNum()) { if (auto Num = MI.peekDebugInstrNum()) {
if (NeedComma) if (NeedComma)
OS << ','; OS << ',';
OS << " debug-instr-number " << Num; OS << " debug-instr-number " << Num;
NeedComma = true; NeedComma = true;
} }
▲ Show 20 LinesShow All 125 LinesShow Last 20 Lines

llvm/lib/CodeGen/MachineFunction.cpp

Show First 20 LinesShow All 524 Lines▼ Show 20 LinesMachineFunction::getMachineMemOperand(const MachineMemOperand *MMO,
return new (Allocator) MachineMemOperand( return new (Allocator) MachineMemOperand(
MMO->getPointerInfo(), Flags, MMO->getSize(), MMO->getBaseAlign(), MMO->getPointerInfo(), Flags, MMO->getSize(), MMO->getBaseAlign(),
MMO->getAAInfo(), MMO->getRanges(), MMO->getSyncScopeID(), MMO->getAAInfo(), MMO->getRanges(), MMO->getSyncScopeID(),
MMO->getSuccessOrdering(), MMO->getFailureOrdering()); MMO->getSuccessOrdering(), MMO->getFailureOrdering());
} }
MachineInstr::ExtraInfo *MachineFunction::createMIExtraInfo( MachineInstr::ExtraInfo *MachineFunction::createMIExtraInfo(
ArrayRef<MachineMemOperand *> MMOs, MCSymbol *PreInstrSymbol, ArrayRef<MachineMemOperand *> MMOs, MCSymbol *PreInstrSymbol,
MCSymbol *PostInstrSymbol, MDNode *HeapAllocMarker) { MCSymbol *PostInstrSymbol, MDNode *HeapAllocMarker, uint32_t CFIType) {
return MachineInstr::ExtraInfo::create(Allocator, MMOs, PreInstrSymbol, return MachineInstr::ExtraInfo::create(Allocator, MMOs, PreInstrSymbol,
PostInstrSymbol, HeapAllocMarker); PostInstrSymbol, HeapAllocMarker,
CFIType);
} }
const char *MachineFunction::createExternalSymbolName(StringRef Name) { const char *MachineFunction::createExternalSymbolName(StringRef Name) {
char *Dest = Allocator.Allocate<char>(Name.size() + 1); char *Dest = Allocator.Allocate<char>(Name.size() + 1);
llvm::copy(Name, Dest); llvm::copy(Name, Dest);
Dest[Name.size()] = 0; Dest[Name.size()] = 0;
return Dest; return Dest;
} }
▲ Show 20 LinesShow All 987 LinesShow Last 20 Lines

llvm/lib/CodeGen/MachineInstr.cpp

Show First 20 LinesShow All 295 Lines▼ Show 20 Lines if (unsigned N = NumOperands - 1 - OpNo)
moveOperands(Operands + OpNo, Operands + OpNo + 1, N, MRI); moveOperands(Operands + OpNo, Operands + OpNo + 1, N, MRI);
--NumOperands; --NumOperands;
} }
void MachineInstr::setExtraInfo(MachineFunction &MF, void MachineInstr::setExtraInfo(MachineFunction &MF,
ArrayRef<MachineMemOperand *> MMOs, ArrayRef<MachineMemOperand *> MMOs,
MCSymbol *PreInstrSymbol, MCSymbol *PreInstrSymbol,
MCSymbol *PostInstrSymbol, MCSymbol *PostInstrSymbol,
MDNode *HeapAllocMarker) { MDNode *HeapAllocMarker, uint32_t CFIType) {
bool HasPreInstrSymbol = PreInstrSymbol != nullptr; bool HasPreInstrSymbol = PreInstrSymbol != nullptr;
bool HasPostInstrSymbol = PostInstrSymbol != nullptr; bool HasPostInstrSymbol = PostInstrSymbol != nullptr;
bool HasHeapAllocMarker = HeapAllocMarker != nullptr; bool HasHeapAllocMarker = HeapAllocMarker != nullptr;
int NumPointers = bool HasCFIType = CFIType != 0;
MMOs.size() + HasPreInstrSymbol + HasPostInstrSymbol + HasHeapAllocMarker; int NumPointers = MMOs.size() + HasPreInstrSymbol + HasPostInstrSymbol +
HasHeapAllocMarker + HasCFIType;
// Drop all extra info if there is none. // Drop all extra info if there is none.
if (NumPointers <= 0) { if (NumPointers <= 0) {
Info.clear(); Info.clear();
return; return;
} }
// If more than one pointer, then store out of line. Store heap alloc markers // If more than one pointer, then store out of line. Store heap alloc markers
// out of line because PointerSumType cannot hold more than 4 tag types with // out of line because PointerSumType cannot hold more than 4 tag types with
// 32-bit pointers. // 32-bit pointers.
// FIXME: Maybe we should make the symbols in the extra info mutable? // FIXME: Maybe we should make the symbols in the extra info mutable?
else if (NumPointers > 1 || HasHeapAllocMarker) { else if (NumPointers > 1 || HasHeapAllocMarker) {
Info.set<EIIK_OutOfLine>(MF.createMIExtraInfo( Info.set<EIIK_OutOfLine>(MF.createMIExtraInfo(
MMOs, PreInstrSymbol, PostInstrSymbol, HeapAllocMarker)); MMOs, PreInstrSymbol, PostInstrSymbol, HeapAllocMarker, CFIType));
return; return;
} }
// Otherwise store the single pointer inline. // Otherwise store the single pointer inline.
if (HasPreInstrSymbol) if (HasPreInstrSymbol)
Info.set<EIIK_PreInstrSymbol>(PreInstrSymbol); Info.set<EIIK_PreInstrSymbol>(PreInstrSymbol);
else if (HasPostInstrSymbol) else if (HasPostInstrSymbol)
Info.set<EIIK_PostInstrSymbol>(PostInstrSymbol); Info.set<EIIK_PostInstrSymbol>(PostInstrSymbol);
else if (HasCFIType)
Info.set<EIIK_CFIType>(CFIType);
else else
Info.set<EIIK_MMO>(MMOs[0]); Info.set<EIIK_MMO>(MMOs[0]);
} }
void MachineInstr::dropMemRefs(MachineFunction &MF) { void MachineInstr::dropMemRefs(MachineFunction &MF) {
if (memoperands_empty()) if (memoperands_empty())
return; return;
setExtraInfo(MF, {}, getPreInstrSymbol(), getPostInstrSymbol(), setExtraInfo(MF, {}, getPreInstrSymbol(), getPostInstrSymbol(),
getHeapAllocMarker()); getHeapAllocMarker(), getCFIType());
} }
void MachineInstr::setMemRefs(MachineFunction &MF, void MachineInstr::setMemRefs(MachineFunction &MF,
ArrayRef<MachineMemOperand *> MMOs) { ArrayRef<MachineMemOperand *> MMOs) {
if (MMOs.empty()) { if (MMOs.empty()) {
dropMemRefs(MF); dropMemRefs(MF);
return; return;
} }
setExtraInfo(MF, MMOs, getPreInstrSymbol(), getPostInstrSymbol(), setExtraInfo(MF, MMOs, getPreInstrSymbol(), getPostInstrSymbol(),
getHeapAllocMarker()); getHeapAllocMarker(), getCFIType());
} }
void MachineInstr::addMemOperand(MachineFunction &MF, void MachineInstr::addMemOperand(MachineFunction &MF,
MachineMemOperand *MO) { MachineMemOperand *MO) {
SmallVector<MachineMemOperand *, 2> MMOs; SmallVector<MachineMemOperand *, 2> MMOs;
MMOs.append(memoperands_begin(), memoperands_end()); MMOs.append(memoperands_begin(), memoperands_end());
MMOs.push_back(MO); MMOs.push_back(MO);
setMemRefs(MF, MMOs); setMemRefs(MF, MMOs);
▲ Show 20 LinesShow All 91 Lines▼ Show 20 Linesvoid MachineInstr::setPreInstrSymbol(MachineFunction &MF, MCSymbol *Symbol) {
// If there was only one symbol and we're removing it, just clear info. // If there was only one symbol and we're removing it, just clear info.
if (!Symbol && Info.is<EIIK_PreInstrSymbol>()) { if (!Symbol && Info.is<EIIK_PreInstrSymbol>()) {
Info.clear(); Info.clear();
return; return;
} }
setExtraInfo(MF, memoperands(), Symbol, getPostInstrSymbol(), setExtraInfo(MF, memoperands(), Symbol, getPostInstrSymbol(),
getHeapAllocMarker()); getHeapAllocMarker(), getCFIType());
} }
void MachineInstr::setPostInstrSymbol(MachineFunction &MF, MCSymbol *Symbol) { void MachineInstr::setPostInstrSymbol(MachineFunction &MF, MCSymbol *Symbol) {
// Do nothing if old and new symbols are the same. // Do nothing if old and new symbols are the same.
if (Symbol == getPostInstrSymbol()) if (Symbol == getPostInstrSymbol())
return; return;
// If there was only one symbol and we're removing it, just clear info. // If there was only one symbol and we're removing it, just clear info.
if (!Symbol && Info.is<EIIK_PostInstrSymbol>()) { if (!Symbol && Info.is<EIIK_PostInstrSymbol>()) {
Info.clear(); Info.clear();
return; return;
} }
setExtraInfo(MF, memoperands(), getPreInstrSymbol(), Symbol, setExtraInfo(MF, memoperands(), getPreInstrSymbol(), Symbol,
getHeapAllocMarker()); getHeapAllocMarker(), getCFIType());
} }
void MachineInstr::setHeapAllocMarker(MachineFunction &MF, MDNode *Marker) { void MachineInstr::setHeapAllocMarker(MachineFunction &MF, MDNode *Marker) {
// Do nothing if old and new symbols are the same. // Do nothing if old and new symbols are the same.
if (Marker == getHeapAllocMarker()) if (Marker == getHeapAllocMarker())
return; return;
setExtraInfo(MF, memoperands(), getPreInstrSymbol(), getPostInstrSymbol(), setExtraInfo(MF, memoperands(), getPreInstrSymbol(), getPostInstrSymbol(),
Marker); Marker, getCFIType());
}
void MachineInstr::setCFIType(MachineFunction &MF, uint32_t Type) {
// Do nothing if old and new types are the same.
if (Type == getCFIType())
return;
setExtraInfo(MF, memoperands(), getPreInstrSymbol(), getPostInstrSymbol(),
getHeapAllocMarker(), Type);
} }
void MachineInstr::cloneInstrSymbols(MachineFunction &MF, void MachineInstr::cloneInstrSymbols(MachineFunction &MF,
const MachineInstr &MI) { const MachineInstr &MI) {
if (this == &MI) if (this == &MI)
// Nothing to do for a self-clone! // Nothing to do for a self-clone!
return; return;
▲ Show 20 LinesShow All 137 Lines▼ Show 20 Lines if (isDebugInstr())
if (getDebugLoc() && Other.getDebugLoc() && if (getDebugLoc() && Other.getDebugLoc() &&
getDebugLoc() != Other.getDebugLoc()) getDebugLoc() != Other.getDebugLoc())
return false; return false;
// If pre- or post-instruction symbols do not match then the two instructions // If pre- or post-instruction symbols do not match then the two instructions
// are not identical. // are not identical.
if (getPreInstrSymbol() != Other.getPreInstrSymbol() || if (getPreInstrSymbol() != Other.getPreInstrSymbol() ||
getPostInstrSymbol() != Other.getPostInstrSymbol()) getPostInstrSymbol() != Other.getPostInstrSymbol())
return false; return false;
// Call instructions with different CFI types are not identical.
if (isCall() && getCFIType() != Other.getCFIType())
return false;
return true; return true;
} }
const MachineFunction *MachineInstr::getMF() const { const MachineFunction *MachineInstr::getMF() const {
return getParent()->getParent(); return getParent()->getParent();
} }
MachineInstr *MachineInstr::removeFromParent() { MachineInstr *MachineInstr::removeFromParent() {
▲ Show 20 LinesShow All 1,102 Lines▼ Show 20 Linesvoid MachineInstr::print(raw_ostream &OS, ModuleSlotTracker &MST,
if (MDNode *HeapAllocMarker = getHeapAllocMarker()) { if (MDNode *HeapAllocMarker = getHeapAllocMarker()) {
if (!FirstOp) { if (!FirstOp) {
FirstOp = false; FirstOp = false;
OS << ','; OS << ',';
} }
OS << " heap-alloc-marker "; OS << " heap-alloc-marker ";
HeapAllocMarker->printAsOperand(OS, MST); HeapAllocMarker->printAsOperand(OS, MST);
} }
if (uint32_t CFIType = getCFIType()) {
if (!FirstOp)
OS << ',';
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

If FirstOp is false, reassign it false? Is that right? I see that's what's done on L1763, but..."what?"

nickdesaulniers: If `FirstOp` is `false`, reassign it `false`? Is that right? I see that's what's done on L1763…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Ah yes, it looks like this has been copied a few times earlier already. I'll stop the cycle.

samitolvanen: Ah yes, it looks like this has been copied a few times earlier already. I'll stop the cycle.
OS << " cfi-type " << CFIType;
}
if (DebugInstrNum) { if (DebugInstrNum) {
if (!FirstOp) if (!FirstOp)
OS << ","; OS << ",";
OS << " debug-instr-number " << DebugInstrNum; OS << " debug-instr-number " << DebugInstrNum;
} }
if (!SkipDebugLoc) { if (!SkipDebugLoc) {
▲ Show 20 LinesShow All 568 LinesShow Last 20 Lines

llvm/lib/CodeGen/SelectionDAG/InstrEmitter.cpp

Show First 20 LinesShow All 1,057 Lines▼ Show 20 Lines if (ScratchRegs)
for (unsigned i = 0; ScratchRegs[i]; ++i) for (unsigned i = 0; ScratchRegs[i]; ++i)
MIB.addReg(ScratchRegs[i], RegState::ImplicitDefine | MIB.addReg(ScratchRegs[i], RegState::ImplicitDefine |
RegState::EarlyClobber); RegState::EarlyClobber);
// Set the memory reference descriptions of this instruction now that it is // Set the memory reference descriptions of this instruction now that it is
// part of the function. // part of the function.
MIB.setMemRefs(cast<MachineSDNode>(Node)->memoperands()); MIB.setMemRefs(cast<MachineSDNode>(Node)->memoperands());
// Set the CFI type.
MIB->setCFIType(*MF, Node->getCFIType());
// Insert the instruction into position in the block. This needs to // Insert the instruction into position in the block. This needs to
// happen before any custom inserter hook is called so that the // happen before any custom inserter hook is called so that the
// hook knows where in the block to insert the replacement code. // hook knows where in the block to insert the replacement code.
MBB->insert(InsertPos, MIB); MBB->insert(InsertPos, MIB);
// The MachineInstr may also define physregs instead of virtregs. These // The MachineInstr may also define physregs instead of virtregs. These
// physreg values can reach other instructions in different ways: // physreg values can reach other instructions in different ways:
// //
▲ Show 20 LinesShow All 282 LinesShow Last 20 Lines

llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 7,826 Lines▼ Show 20 Linesvoid SelectionDAGBuilder::LowerCallTo(const CallBase &CB, SDValue Callee,
// Target-dependent constraints are checked within TLI->LowerCallTo. // Target-dependent constraints are checked within TLI->LowerCallTo.
if (isTailCall && !isInTailCallPosition(CB, DAG.getTarget())) if (isTailCall && !isInTailCallPosition(CB, DAG.getTarget()))
isTailCall = false; isTailCall = false;
// Disable tail calls if there is an swifterror argument. Targets have not // Disable tail calls if there is an swifterror argument. Targets have not
// been updated to support tail calls. // been updated to support tail calls.
if (TLI.supportSwiftError() && SwiftErrorVal) if (TLI.supportSwiftError() && SwiftErrorVal)
isTailCall = false; isTailCall = false;
ConstantInt *CFIType = nullptr;
if (CB.isIndirectCall()) {
if (auto Bundle = CB.getOperandBundle(LLVMContext::OB_kcfi)) {
if (!TLI.supportKCFIBundles())
report_fatal_error(
"Target doesn't support calls with kcfi operand bundles.");
CFIType = cast<ConstantInt>(Bundle->Inputs[0]);
assert(CFIType->getType()->isIntegerTy(32) && "Invalid CFI type");
}
}
TargetLowering::CallLoweringInfo CLI(DAG); TargetLowering::CallLoweringInfo CLI(DAG);
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Can we check whether the CallBase is an indirect call first before bothering with getting the operand bundle?

nickdesaulniers: Can we check whether the `CallBase` is an indirect call first before bothering with getting the…
CLI.setDebugLoc(getCurSDLoc()) CLI.setDebugLoc(getCurSDLoc())
.setChain(getRoot()) .setChain(getRoot())
.setCallee(RetTy, FTy, Callee, std::move(Args), CB) .setCallee(RetTy, FTy, Callee, std::move(Args), CB)
.setTailCall(isTailCall) .setTailCall(isTailCall)
.setConvergent(CB.isConvergent()) .setConvergent(CB.isConvergent())
.setIsPreallocated( .setIsPreallocated(
CB.countOperandBundlesOfType(LLVMContext::OB_preallocated) != 0); CB.countOperandBundlesOfType(LLVMContext::OB_preallocated) != 0)
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Are we able to reorder these?

CLI.setDebugLoc ...
  ...
if (Bundle && CB.isIndirectCall) {
  ...
  CLI.setCFIType ...
nickdesaulniers: Are we able to reorder these? ``` CLI.setDebugLoc ... ... if (Bundle && CB.isIndirectCall) {…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

We can reorder these, but this does follow the same convention as the rest of the function. I assume CallLoweringInfo was specifically designed so that the arguments can all be initialized in one statement.

samitolvanen: We can reorder these, but this does follow the same convention as the rest of the function. I…
.setCFIType(CFIType);
std::pair<SDValue, SDValue> Result = lowerInvokable(CLI, EHPadBB); std::pair<SDValue, SDValue> Result = lowerInvokable(CLI, EHPadBB);
if (Result.first.getNode()) { if (Result.first.getNode()) {
Result.first = lowerRangeToAssertZExt(DAG, CB, Result.first); Result.first = lowerRangeToAssertZExt(DAG, CB, Result.first);
setValue(&CB, Result.first); setValue(&CB, Result.first);
} }
// The last element of CLI.InVals has the SDValue for swifterror return. // The last element of CLI.InVals has the SDValue for swifterror return.
▲ Show 20 LinesShow All 527 Lines▼ Show 20 Linesvoid SelectionDAGBuilder::visitCall(const CallInst &I) {
} }
// Deopt bundles are lowered in LowerCallSiteWithDeoptBundle, and we don't // Deopt bundles are lowered in LowerCallSiteWithDeoptBundle, and we don't
// have to do anything here to lower funclet bundles. // have to do anything here to lower funclet bundles.
// CFGuardTarget bundles are lowered in LowerCallTo. // CFGuardTarget bundles are lowered in LowerCallTo.
assert(!I.hasOperandBundlesOtherThan( assert(!I.hasOperandBundlesOtherThan(
{LLVMContext::OB_deopt, LLVMContext::OB_funclet, {LLVMContext::OB_deopt, LLVMContext::OB_funclet,
LLVMContext::OB_cfguardtarget, LLVMContext::OB_preallocated, LLVMContext::OB_cfguardtarget, LLVMContext::OB_preallocated,
LLVMContext::OB_clang_arc_attachedcall}) && LLVMContext::OB_clang_arc_attachedcall, LLVMContext::OB_kcfi}) &&
"Cannot lower calls with arbitrary operand bundles!"); "Cannot lower calls with arbitrary operand bundles!");
SDValue Callee = getValue(I.getCalledOperand()); SDValue Callee = getValue(I.getCalledOperand());
if (I.countOperandBundlesOfType(LLVMContext::OB_deopt)) if (I.countOperandBundlesOfType(LLVMContext::OB_deopt))
LowerCallSiteWithDeoptBundle(&I, Callee, nullptr); LowerCallSiteWithDeoptBundle(&I, Callee, nullptr);
else else
// Check if we can potentially perform a tail call. More detailed checking // Check if we can potentially perform a tail call. More detailed checking
▲ Show 20 LinesShow All 2,972 LinesShow Last 20 Lines

llvm/lib/IR/Instructions.cpp

Show First 20 LinesShow All 499 Lines▼ Show 20 LinesCallBase *CallBase::removeOperandBundle(CallBase *CB, uint32_t ID,
return CreateNew ? Create(CB, Bundles, InsertPt) : CB; return CreateNew ? Create(CB, Bundles, InsertPt) : CB;
} }
bool CallBase::hasReadingOperandBundles() const { bool CallBase::hasReadingOperandBundles() const {
// Implementation note: this is a conservative implementation of operand // Implementation note: this is a conservative implementation of operand
// bundle semantics, where *any* non-assume operand bundle (other than // bundle semantics, where *any* non-assume operand bundle (other than
// ptrauth) forces a callsite to be at least readonly. // ptrauth) forces a callsite to be at least readonly.
return hasOperandBundlesOtherThan(LLVMContext::OB_ptrauth) && return hasOperandBundlesOtherThan(
{LLVMContext::OB_ptrauth, LLVMContext::OB_kcfi}) &&
getIntrinsicID() != Intrinsic::assume; getIntrinsicID() != Intrinsic::assume;
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// CallInst Implementation // CallInst Implementation
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
void CallInst::init(FunctionType *FTy, Value *Func, ArrayRef<Value *> Args, void CallInst::init(FunctionType *FTy, Value *Func, ArrayRef<Value *> Args,
▲ Show 20 LinesShow All 4,353 LinesShow Last 20 Lines

llvm/lib/IR/LLVMContext.cpp

Show First 20 LinesShow All 81 Lines▼ Show 20 Lines assert(ClangAttachedCall->second == LLVMContext::OB_clang_arc_attachedcall &&
"clang.arc.attachedcall operand bundle id drifted!"); "clang.arc.attachedcall operand bundle id drifted!");
(void)ClangAttachedCall; (void)ClangAttachedCall;
auto *PtrauthEntry = pImpl->getOrInsertBundleTag("ptrauth"); auto *PtrauthEntry = pImpl->getOrInsertBundleTag("ptrauth");
assert(PtrauthEntry->second == LLVMContext::OB_ptrauth && assert(PtrauthEntry->second == LLVMContext::OB_ptrauth &&
"ptrauth operand bundle id drifted!"); "ptrauth operand bundle id drifted!");
(void)PtrauthEntry; (void)PtrauthEntry;
auto *KCFIEntry = pImpl->getOrInsertBundleTag("kcfi");
assert(KCFIEntry->second == LLVMContext::OB_kcfi &&
"kcfi operand bundle id drifted!");
(void)KCFIEntry;
SyncScope::ID SingleThreadSSID = SyncScope::ID SingleThreadSSID =
pImpl->getOrInsertSyncScopeID("singlethread"); pImpl->getOrInsertSyncScopeID("singlethread");
assert(SingleThreadSSID == SyncScope::SingleThread && assert(SingleThreadSSID == SyncScope::SingleThread &&
"singlethread synchronization scope ID drifted!"); "singlethread synchronization scope ID drifted!");
(void)SingleThreadSSID; (void)SingleThreadSSID;
SyncScope::ID SystemSSID = SyncScope::ID SystemSSID =
pImpl->getOrInsertSyncScopeID(""); pImpl->getOrInsertSyncScopeID("");
▲ Show 20 LinesShow All 279 LinesShow Last 20 Lines

llvm/lib/IR/Verifier.cpp

Show First 20 LinesShow All 2,145 Lines▼ Show 20 Lines if (Pair.first == LLVMContext::MD_prof) {
" or 'synthetic_function_entry_count'", " or 'synthetic_function_entry_count'",
MD); MD);
// Check second operand. // Check second operand.
Check(MD->getOperand(1) != nullptr, "second operand should not be null", Check(MD->getOperand(1) != nullptr, "second operand should not be null",
MD); MD);
Check(isa<ConstantAsMetadata>(MD->getOperand(1)), Check(isa<ConstantAsMetadata>(MD->getOperand(1)),
"expected integer argument to function_entry_count", MD); "expected integer argument to function_entry_count", MD);
} else if (Pair.first == LLVMContext::MD_kcfi_type) {
MDNode *MD = Pair.second;
Check(MD->getNumOperands() == 1,
"!kcfi_type must have exactly one operand", MD);
Check(MD->getOperand(0) != nullptr, "!kcfi_type operand must not be null",
MD);
Check(isa<ConstantAsMetadata>(MD->getOperand(0)),
"expected a constant operand for !kcfi_type", MD);
Constant *C = cast<ConstantAsMetadata>(MD->getOperand(0))->getValue();
Check(isa<ConstantInt>(C),
"expected a constant integer operand for !kcfi_type", MD);
IntegerType *Type = cast<ConstantInt>(C)->getType();
Check(Type->getBitWidth() == 32,
"expected a 32-bit integer constant operand for !kcfi_type", MD);
} }
} }
} }
void Verifier::visitConstantExprsRecursively(const Constant *EntryC) { void Verifier::visitConstantExprsRecursively(const Constant *EntryC) {
if (!ConstantExprVisited.insert(EntryC).second) if (!ConstantExprVisited.insert(EntryC).second)
return; return;
▲ Show 20 LinesShow All 450 Lines▼ Show 20 Lines Check(pred_empty(Entry),
"Entry block to function must not have predecessors!", Entry); "Entry block to function must not have predecessors!", Entry);
// The address of the entry block cannot be taken, unless it is dead. // The address of the entry block cannot be taken, unless it is dead.
if (Entry->hasAddressTaken()) { if (Entry->hasAddressTaken()) {
Check(!BlockAddress::lookup(Entry)->isConstantUsed(), Check(!BlockAddress::lookup(Entry)->isConstantUsed(),
"blockaddress may not be used with the entry block!", Entry); "blockaddress may not be used with the entry block!", Entry);
} }
unsigned NumDebugAttachments = 0, NumProfAttachments = 0; unsigned NumDebugAttachments = 0, NumProfAttachments = 0,
NumKCFIAttachments = 0;
// Visit metadata attachments. // Visit metadata attachments.
for (const auto &I : MDs) { for (const auto &I : MDs) {
// Verify that the attachment is legal. // Verify that the attachment is legal.
auto AllowLocs = AreDebugLocsAllowed::No; auto AllowLocs = AreDebugLocsAllowed::No;
switch (I.first) { switch (I.first) {
default: default:
break; break;
case LLVMContext::MD_dbg: { case LLVMContext::MD_dbg: {
Show All 14 Lines for (const auto &I : MDs) {
AllowLocs = AreDebugLocsAllowed::Yes; AllowLocs = AreDebugLocsAllowed::Yes;
break; break;
} }
case LLVMContext::MD_prof: case LLVMContext::MD_prof:
++NumProfAttachments; ++NumProfAttachments;
Check(NumProfAttachments == 1, Check(NumProfAttachments == 1,
"function must have a single !prof attachment", &F, I.second); "function must have a single !prof attachment", &F, I.second);
break; break;
case LLVMContext::MD_kcfi_type:
++NumKCFIAttachments;
Check(NumKCFIAttachments == 1,
"function must have a single !kcfi_type attachment", &F,
I.second);
break;
} }
// Verify the metadata itself. // Verify the metadata itself.
visitMDNode(*I.second, AllowLocs); visitMDNode(*I.second, AllowLocs);
} }
} }
// If this function is actually an intrinsic, verify that it is only used in // If this function is actually an intrinsic, verify that it is only used in
▲ Show 20 LinesShow All 685 Lines▼ Show 20 Lines if (Intrinsic::ID ID = (Intrinsic::ID)F->getIntrinsicID())
visitIntrinsicCall(ID, Call); visitIntrinsicCall(ID, Call);
// Verify that a callsite has at most one "deopt", at most one "funclet", at // Verify that a callsite has at most one "deopt", at most one "funclet", at
// most one "gc-transition", at most one "cfguardtarget", at most one // most one "gc-transition", at most one "cfguardtarget", at most one
// "preallocated" operand bundle, and at most one "ptrauth" operand bundle. // "preallocated" operand bundle, and at most one "ptrauth" operand bundle.
bool FoundDeoptBundle = false, FoundFuncletBundle = false, bool FoundDeoptBundle = false, FoundFuncletBundle = false,
FoundGCTransitionBundle = false, FoundCFGuardTargetBundle = false, FoundGCTransitionBundle = false, FoundCFGuardTargetBundle = false,
FoundPreallocatedBundle = false, FoundGCLiveBundle = false, FoundPreallocatedBundle = false, FoundGCLiveBundle = false,
FoundPtrauthBundle = false, FoundPtrauthBundle = false, FoundKCFIBundle = false,
FoundAttachedCallBundle = false; FoundAttachedCallBundle = false;
for (unsigned i = 0, e = Call.getNumOperandBundles(); i < e; ++i) { for (unsigned i = 0, e = Call.getNumOperandBundles(); i < e; ++i) {
OperandBundleUse BU = Call.getOperandBundleAt(i); OperandBundleUse BU = Call.getOperandBundleAt(i);
uint32_t Tag = BU.getTagID(); uint32_t Tag = BU.getTagID();
if (Tag == LLVMContext::OB_deopt) { if (Tag == LLVMContext::OB_deopt) {
Check(!FoundDeoptBundle, "Multiple deopt operand bundles", Call); Check(!FoundDeoptBundle, "Multiple deopt operand bundles", Call);
FoundDeoptBundle = true; FoundDeoptBundle = true;
} else if (Tag == LLVMContext::OB_gc_transition) { } else if (Tag == LLVMContext::OB_gc_transition) {
Show All 19 Lines if (Tag == LLVMContext::OB_deopt) {
FoundPtrauthBundle = true; FoundPtrauthBundle = true;
Check(BU.Inputs.size() == 2, Check(BU.Inputs.size() == 2,
"Expected exactly two ptrauth bundle operands", Call); "Expected exactly two ptrauth bundle operands", Call);
Check(isa<ConstantInt>(BU.Inputs[0]) && Check(isa<ConstantInt>(BU.Inputs[0]) &&
BU.Inputs[0]->getType()->isIntegerTy(32), BU.Inputs[0]->getType()->isIntegerTy(32),
"Ptrauth bundle key operand must be an i32 constant", Call); "Ptrauth bundle key operand must be an i32 constant", Call);
Check(BU.Inputs[1]->getType()->isIntegerTy(64), Check(BU.Inputs[1]->getType()->isIntegerTy(64),
"Ptrauth bundle discriminator operand must be an i64", Call); "Ptrauth bundle discriminator operand must be an i64", Call);
} else if (Tag == LLVMContext::OB_kcfi) {
Check(!FoundKCFIBundle, "Multiple kcfi operand bundles", Call);
FoundKCFIBundle = true;
Check(BU.Inputs.size() == 1, "Expected exactly one kcfi bundle operand",
Call);
Check(isa<ConstantInt>(BU.Inputs[0]) &&
BU.Inputs[0]->getType()->isIntegerTy(32),
"Kcfi bundle operand must be an i32 constant", Call);
} else if (Tag == LLVMContext::OB_preallocated) { } else if (Tag == LLVMContext::OB_preallocated) {
Check(!FoundPreallocatedBundle, "Multiple preallocated operand bundles", Check(!FoundPreallocatedBundle, "Multiple preallocated operand bundles",
Call); Call);
FoundPreallocatedBundle = true; FoundPreallocatedBundle = true;
Check(BU.Inputs.size() == 1, Check(BU.Inputs.size() == 1,
"Expected exactly one preallocated bundle operand", Call); "Expected exactly one preallocated bundle operand", Call);
auto Input = dyn_cast<IntrinsicInst>(BU.Inputs.front()); auto Input = dyn_cast<IntrinsicInst>(BU.Inputs.front());
Check(Input && Check(Input &&
▲ Show 20 LinesShow All 3,270 LinesShow Last 20 Lines

llvm/lib/MC/MCObjectFileInfo.cpp

Show First 20 LinesShow All 1,135 Lines▼ Show 20 LinesMCObjectFileInfo::getBBAddrMapSection(const MCSection &TextSec) const {
// Use the text section's begin symbol and unique ID to create a separate // Use the text section's begin symbol and unique ID to create a separate
// .llvm_bb_addr_map section associated with every unique text section. // .llvm_bb_addr_map section associated with every unique text section.
return Ctx->getELFSection(".llvm_bb_addr_map", ELF::SHT_LLVM_BB_ADDR_MAP, return Ctx->getELFSection(".llvm_bb_addr_map", ELF::SHT_LLVM_BB_ADDR_MAP,
Flags, 0, GroupName, true, ElfSec.getUniqueID(), Flags, 0, GroupName, true, ElfSec.getUniqueID(),
cast<MCSymbolELF>(TextSec.getBeginSymbol())); cast<MCSymbolELF>(TextSec.getBeginSymbol()));
} }
MCSection * MCSection *
MCObjectFileInfo::getKCFITrapSection(const MCSection &TextSec) const {
if (Ctx->getObjectFileType() != MCContext::IsELF)
return nullptr;
const MCSectionELF &ElfSec = static_cast<const MCSectionELF &>(TextSec);
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

or just cast.
https://llvm.org/docs/ProgrammersManual.html#the-isa-cast-and-dyn-cast-templates

nickdesaulniers: or just `cast`. https://llvm.org/docs/ProgrammersManual.html#the-isa-cast-and-dyn-cast-templates
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

err...up/down-cast vertigo. NVM.

nickdesaulniers: err...up/down-cast vertigo. NVM.
unsigned Flags = ELF::SHF_LINK_ORDER | ELF::SHF_ALLOC;
MaskRayUnsubmitted
Done
ReplyInline Actions

Remove SHF_WRITE. The section doesn't need a dynamic relocation.

MaskRay: Remove SHF_WRITE. The section doesn't need a dynamic relocation.
StringRef GroupName;
if (const MCSymbol *Group = ElfSec.getGroup()) {
GroupName = Group->getName();
Flags |= ELF::SHF_GROUP;
}
return Ctx->getELFSection(".kcfi_traps", ELF::SHT_PROGBITS, Flags, 0,
GroupName,
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Why don't you initialize Flags to these values, rather than set them here?

nickdesaulniers: Why don't you initialize `Flags` to these values, rather than set them here?
/*IsComdat=*/true, ElfSec.getUniqueID(),
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

/*IsComdat=*/true

nickdesaulniers: `/*IsComdat=*/true`
cast<MCSymbolELF>(TextSec.getBeginSymbol()));
}
MCSection *
MCObjectFileInfo::getPseudoProbeSection(const MCSection *TextSec) const { MCObjectFileInfo::getPseudoProbeSection(const MCSection *TextSec) const {
if (Ctx->getObjectFileType() == MCContext::IsELF) { if (Ctx->getObjectFileType() == MCContext::IsELF) {
const auto *ElfSec = static_cast<const MCSectionELF *>(TextSec); const auto *ElfSec = static_cast<const MCSectionELF *>(TextSec);
// Create a separate section for probes that comes with a comdat function. // Create a separate section for probes that comes with a comdat function.
if (const MCSymbol *Group = ElfSec->getGroup()) { if (const MCSymbol *Group = ElfSec->getGroup()) {
auto *S = static_cast<MCSectionELF *>(PseudoProbeSection); auto *S = static_cast<MCSectionELF *>(PseudoProbeSection);
auto Flags = S->getFlags() | ELF::SHF_GROUP; auto Flags = S->getFlags() | ELF::SHF_GROUP;
return Ctx->getELFSection(S->getName(), S->getType(), Flags, return Ctx->getELFSection(S->getName(), S->getType(), Flags,
Show All 30 Lines

llvm/lib/Target/AArch64/AArch64.h

Show All 36 Lines
FunctionPass *createAArch64AdvSIMDScalar(); FunctionPass *createAArch64AdvSIMDScalar();
FunctionPass *createAArch64ISelDag(AArch64TargetMachine &TM, FunctionPass *createAArch64ISelDag(AArch64TargetMachine &TM,
CodeGenOpt::Level OptLevel); CodeGenOpt::Level OptLevel);
FunctionPass *createAArch64StorePairSuppressPass(); FunctionPass *createAArch64StorePairSuppressPass();
FunctionPass *createAArch64ExpandPseudoPass(); FunctionPass *createAArch64ExpandPseudoPass();
FunctionPass *createAArch64SLSHardeningPass(); FunctionPass *createAArch64SLSHardeningPass();
FunctionPass *createAArch64IndirectThunks(); FunctionPass *createAArch64IndirectThunks();
FunctionPass *createAArch64SpeculationHardeningPass(); FunctionPass *createAArch64SpeculationHardeningPass();
FunctionPass *createAArch64KCFIPass();
FunctionPass *createAArch64LoadStoreOptimizationPass(); FunctionPass *createAArch64LoadStoreOptimizationPass();
ModulePass *createAArch64LowerHomogeneousPrologEpilogPass(); ModulePass *createAArch64LowerHomogeneousPrologEpilogPass();
FunctionPass *createAArch64SIMDInstrOptPass(); FunctionPass *createAArch64SIMDInstrOptPass();
ModulePass *createAArch64PromoteConstantPass(); ModulePass *createAArch64PromoteConstantPass();
FunctionPass *createAArch64ConditionOptimizerPass(); FunctionPass *createAArch64ConditionOptimizerPass();
FunctionPass *createAArch64A57FPLoadBalancing(); FunctionPass *createAArch64A57FPLoadBalancing();
FunctionPass *createAArch64A53Fix835769(); FunctionPass *createAArch64A53Fix835769();
FunctionPass *createFalkorHWPFFixPass(); FunctionPass *createFalkorHWPFFixPass();
Show All 25 Lines
void initializeAArch64CondBrTuningPass(PassRegistry &); void initializeAArch64CondBrTuningPass(PassRegistry &);
void initializeAArch64CompressJumpTablesPass(PassRegistry&); void initializeAArch64CompressJumpTablesPass(PassRegistry&);
void initializeAArch64ConditionalComparesPass(PassRegistry&); void initializeAArch64ConditionalComparesPass(PassRegistry&);
void initializeAArch64ConditionOptimizerPass(PassRegistry&); void initializeAArch64ConditionOptimizerPass(PassRegistry&);
void initializeAArch64DeadRegisterDefinitionsPass(PassRegistry&); void initializeAArch64DeadRegisterDefinitionsPass(PassRegistry&);
void initializeAArch64ExpandPseudoPass(PassRegistry&); void initializeAArch64ExpandPseudoPass(PassRegistry&);
void initializeAArch64SLSHardeningPass(PassRegistry&); void initializeAArch64SLSHardeningPass(PassRegistry&);
void initializeAArch64SpeculationHardeningPass(PassRegistry&); void initializeAArch64SpeculationHardeningPass(PassRegistry&);
void initializeAArch64KCFIPass(PassRegistry &);
void initializeAArch64LoadStoreOptPass(PassRegistry&); void initializeAArch64LoadStoreOptPass(PassRegistry&);
void initializeAArch64LowerHomogeneousPrologEpilogPass(PassRegistry &); void initializeAArch64LowerHomogeneousPrologEpilogPass(PassRegistry &);
void initializeAArch64MIPeepholeOptPass(PassRegistry &); void initializeAArch64MIPeepholeOptPass(PassRegistry &);
void initializeAArch64SIMDInstrOptPass(PassRegistry&); void initializeAArch64SIMDInstrOptPass(PassRegistry&);
void initializeAArch64O0PreLegalizerCombinerPass(PassRegistry &); void initializeAArch64O0PreLegalizerCombinerPass(PassRegistry &);
void initializeAArch64PreLegalizerCombinerPass(PassRegistry&); void initializeAArch64PreLegalizerCombinerPass(PassRegistry&);
void initializeAArch64PostLegalizerCombinerPass(PassRegistry &); void initializeAArch64PostLegalizerCombinerPass(PassRegistry &);
void initializeAArch64PostLegalizerLoweringPass(PassRegistry &); void initializeAArch64PostLegalizerLoweringPass(PassRegistry &);
Show All 13 Lines

llvm/lib/Target/AArch64/AArch64AsmPrinter.cpp

Show First 20 LinesShow All 105 Lines▼ Show 20 Linespublic:
void LowerFAULTING_OP(const MachineInstr &MI); void LowerFAULTING_OP(const MachineInstr &MI);
void LowerPATCHABLE_FUNCTION_ENTER(const MachineInstr &MI); void LowerPATCHABLE_FUNCTION_ENTER(const MachineInstr &MI);
void LowerPATCHABLE_FUNCTION_EXIT(const MachineInstr &MI); void LowerPATCHABLE_FUNCTION_EXIT(const MachineInstr &MI);
void LowerPATCHABLE_TAIL_CALL(const MachineInstr &MI); void LowerPATCHABLE_TAIL_CALL(const MachineInstr &MI);
typedef std::tuple<unsigned, bool, uint32_t> HwasanMemaccessTuple; typedef std::tuple<unsigned, bool, uint32_t> HwasanMemaccessTuple;
std::map<HwasanMemaccessTuple, MCSymbol *> HwasanMemaccessSymbols; std::map<HwasanMemaccessTuple, MCSymbol *> HwasanMemaccessSymbols;
void LowerKCFI_CHECK(const MachineInstr &MI);
void LowerHWASAN_CHECK_MEMACCESS(const MachineInstr &MI); void LowerHWASAN_CHECK_MEMACCESS(const MachineInstr &MI);
void emitHwasanMemaccessSymbols(Module &M); void emitHwasanMemaccessSymbols(Module &M);
void emitSled(const MachineInstr &MI, SledKind Kind); void emitSled(const MachineInstr &MI, SledKind Kind);
/// tblgen'erated driver function for lowering simple MI->MC /// tblgen'erated driver function for lowering simple MI->MC
/// pseudo instructions. /// pseudo instructions.
bool emitPseudoExpansionLowering(MCStreamer &OutStreamer, bool emitPseudoExpansionLowering(MCStreamer &OutStreamer,
▲ Show 20 LinesShow All 190 Lines▼ Show 20 Linesvoid AArch64AsmPrinter::emitSled(const MachineInstr &MI, SledKind Kind) {
for (int8_t I = 0; I < NoopsInSledCount; I++) for (int8_t I = 0; I < NoopsInSledCount; I++)
EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::HINT).addImm(0)); EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::HINT).addImm(0));
OutStreamer->emitLabel(Target); OutStreamer->emitLabel(Target);
recordSled(CurSled, MI, Kind, 2); recordSled(CurSled, MI, Kind, 2);
} }
void AArch64AsmPrinter::LowerKCFI_CHECK(const MachineInstr &MI) {
Register AddrReg = MI.getOperand(0).getReg();
assert(std::next(MI.getIterator())->isCall() &&
"KCFI_CHECK not followed by a call instruction");
assert(std::next(MI.getIterator())->getOperand(0).getReg() == AddrReg &&
"KCFI_CHECK call target doesn't match call operand");
// Default to using the intra-procedure-call temporary registers for
// comparing the hashes.
unsigned ScratchRegs[] = {AArch64::W16, AArch64::W17};
MaskRayUnsubmitted
Done
ReplyInline Actions

const?

MaskRay: const?
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

This can't be const because we assign to this array below in the for (auto &Reg : ScratchRegs) loop.

samitolvanen: This can't be `const` because we assign to this array below in the `for (auto &Reg…
if (AddrReg == AArch64::XZR) {
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
// Checking XZR makes no sense. Instead of emitting a load, zero
MaskRayUnsubmitted
Done
ReplyInline Actions

Add const. Delete blank line after the declaration.

MaskRay: Add const. Delete blank line after the declaration.
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Deleted the blank line, but this can't be const because it's assigned to in the if statement below.

samitolvanen: Deleted the blank line, but this can't be `const` because it's assigned to in the `if`…
// ScratchRegs[0] and use it for the ESR AddrIndex below.
AddrReg = getXRegFromWReg(ScratchRegs[0]);
EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::ORRXrs)
.addReg(AddrReg)
.addReg(AArch64::XZR)
.addReg(AArch64::XZR)
.addImm(0));
} else {
// If one of the scratch registers is used for the call target (e.g.
// with AArch64::TCRETURNriBTI), we can clobber another caller-saved
// temporary register instead (in this case, AArch64::W9) as the check
// is immediately followed by the call instruction.
for (auto &Reg : ScratchRegs) {
if (Reg == getWRegFromXReg(AddrReg)) {
Reg = AArch64::W9;
break;
}
}
MaskRayUnsubmitted
Done
ReplyInline Actions

Add const

MaskRay: Add const
assert(ScratchRegs[0] != AddrReg && ScratchRegs[1] != AddrReg &&
"Invalid scratch registers for KCFI_CHECK");
// Adjust the offset for patchable-function-prefix. This assumes that
// patchable-function-prefix is the same for all functions.
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

Is this constant something the kernel will recognize?

nickdesaulniers: Is this constant something the kernel will recognize?
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Yes, the kernel will recognize the constant and use it to distinguish KCFI traps.

samitolvanen: Yes, the kernel will recognize the constant and use it to distinguish KCFI traps.
int64_t PrefixNops = 0;
(void)MI.getMF()
->getFunction()
.getFnAttribute("patchable-function-prefix")
.getValueAsString()
.getAsInteger(10, PrefixNops);
// Load the target function type hash.
EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::LDURWi)
.addReg(ScratchRegs[0])
.addReg(AddrReg)
.addImm(-(PrefixNops * 4 + 4)));
}
// Load the expected type hash.
const int64_t Type = MI.getOperand(1).getImm();
EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::MOVKWi)
.addReg(ScratchRegs[1])
.addReg(ScratchRegs[1])
.addImm(Type & 0xFFFF)
.addImm(0));
EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::MOVKWi)
.addReg(ScratchRegs[1])
.addReg(ScratchRegs[1])
.addImm((Type >> 16) & 0xFFFF)
.addImm(16));
// Compare the hashes and trap if there's a mismatch.
EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::SUBSWrs)
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
.addReg(AArch64::WZR)
.addReg(ScratchRegs[0])
.addReg(ScratchRegs[1])
.addImm(0));
MCSymbol *Pass = OutContext.createTempSymbol();
EmitToStreamer(*OutStreamer,
MCInstBuilder(AArch64::Bcc)
.addImm(AArch64CC::EQ)
.addExpr(MCSymbolRefExpr::create(Pass, OutContext)));
// The base ESR is 0x8000 and the register information is encoded in bits
// 0-9 as follows:
// - 0-4: n, where the register Xn contains the target address
// - 5-9: m, where the register Wm contains the expected type hash
// Where n, m are in [0, 30].
unsigned TypeIndex = ScratchRegs[1] - AArch64::W0;
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
unsigned AddrIndex;
switch (AddrReg) {
default:
AddrIndex = AddrReg - AArch64::X0;
break;
case AArch64::FP:
AddrIndex = 29;
break;
case AArch64::LR:
AddrIndex = 30;
break;
}
assert(AddrIndex < 31 && TypeIndex < 31);
unsigned ESR = 0x8000 | ((TypeIndex & 31) << 5) | (AddrIndex & 31);
EmitToStreamer(*OutStreamer, MCInstBuilder(AArch64::BRK).addImm(ESR));
OutStreamer->emitLabel(Pass);
}
void AArch64AsmPrinter::LowerHWASAN_CHECK_MEMACCESS(const MachineInstr &MI) { void AArch64AsmPrinter::LowerHWASAN_CHECK_MEMACCESS(const MachineInstr &MI) {
Register Reg = MI.getOperand(0).getReg(); Register Reg = MI.getOperand(0).getReg();
bool IsShort = bool IsShort =
MI.getOpcode() == AArch64::HWASAN_CHECK_MEMACCESS_SHORTGRANULES; MI.getOpcode() == AArch64::HWASAN_CHECK_MEMACCESS_SHORTGRANULES;
uint32_t AccessInfo = MI.getOperand(1).getImm(); uint32_t AccessInfo = MI.getOperand(1).getImm();
MCSymbol *&Sym = MCSymbol *&Sym =
HwasanMemaccessSymbols[HwasanMemaccessTuple(Reg, IsShort, AccessInfo)]; HwasanMemaccessSymbols[HwasanMemaccessTuple(Reg, IsShort, AccessInfo)];
if (!Sym) { if (!Sym) {
▲ Show 20 LinesShow All 1,112 Lines▼ Show 20 Linesvoid AArch64AsmPrinter::emitInstruction(const MachineInstr *MI) {
case TargetOpcode::PATCHABLE_FUNCTION_EXIT: case TargetOpcode::PATCHABLE_FUNCTION_EXIT:
LowerPATCHABLE_FUNCTION_EXIT(*MI); LowerPATCHABLE_FUNCTION_EXIT(*MI);
return; return;
case TargetOpcode::PATCHABLE_TAIL_CALL: case TargetOpcode::PATCHABLE_TAIL_CALL:
LowerPATCHABLE_TAIL_CALL(*MI); LowerPATCHABLE_TAIL_CALL(*MI);
return; return;
case AArch64::KCFI_CHECK:
LowerKCFI_CHECK(*MI);
return;
case AArch64::HWASAN_CHECK_MEMACCESS: case AArch64::HWASAN_CHECK_MEMACCESS:
case AArch64::HWASAN_CHECK_MEMACCESS_SHORTGRANULES: case AArch64::HWASAN_CHECK_MEMACCESS_SHORTGRANULES:
LowerHWASAN_CHECK_MEMACCESS(*MI); LowerHWASAN_CHECK_MEMACCESS(*MI);
return; return;
case AArch64::SEH_StackAlloc: case AArch64::SEH_StackAlloc:
TS->emitARM64WinCFIAllocStack(MI->getOperand(0).getImm()); TS->emitARM64WinCFIAllocStack(MI->getOperand(0).getImm());
return; return;
▲ Show 20 LinesShow All 114 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64ExpandPseudoInsts.cpp

Show First 20 LinesShow All 770 Lines▼ Show 20 Linesbool AArch64ExpandPseudo::expandCALL_BTI(MachineBasicBlock &MBB,
MachineInstr &MI = *MBBI; MachineInstr &MI = *MBBI;
MachineOperand &CallTarget = MI.getOperand(0); MachineOperand &CallTarget = MI.getOperand(0);
assert((CallTarget.isGlobal() || CallTarget.isReg()) && assert((CallTarget.isGlobal() || CallTarget.isReg()) &&
"invalid operand for regular call"); "invalid operand for regular call");
unsigned Opc = CallTarget.isGlobal() ? AArch64::BL : AArch64::BLR; unsigned Opc = CallTarget.isGlobal() ? AArch64::BL : AArch64::BLR;
MachineInstr *Call = MachineInstr *Call =
BuildMI(MBB, MBBI, MI.getDebugLoc(), TII->get(Opc)).getInstr(); BuildMI(MBB, MBBI, MI.getDebugLoc(), TII->get(Opc)).getInstr();
Call->addOperand(CallTarget); Call->addOperand(CallTarget);
Call->setCFIType(*MBB.getParent(), MI.getCFIType());
MachineInstr *BTI = MachineInstr *BTI =
BuildMI(MBB, MBBI, MI.getDebugLoc(), TII->get(AArch64::HINT)) BuildMI(MBB, MBBI, MI.getDebugLoc(), TII->get(AArch64::HINT))
// BTI J so that setjmp can to BR to this. // BTI J so that setjmp can to BR to this.
.addImm(36) .addImm(36)
.getInstr(); .getInstr();
if (MI.shouldUpdateCallSiteInfo()) if (MI.shouldUpdateCallSiteInfo())
▲ Show 20 LinesShow All 522 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64FastISel.cpp

Show First 20 LinesShow All 3,128 Lines▼ Show 20 Linesbool AArch64FastISel::fastLowerCall(CallLoweringInfo &CLI) {
// Allow SelectionDAG isel to handle calls to functions like setjmp that need // Allow SelectionDAG isel to handle calls to functions like setjmp that need
// a bti instruction following the call. // a bti instruction following the call.
if (CLI.CB && CLI.CB->hasFnAttr(Attribute::ReturnsTwice) && if (CLI.CB && CLI.CB->hasFnAttr(Attribute::ReturnsTwice) &&
!Subtarget->noBTIAtReturnTwice() && !Subtarget->noBTIAtReturnTwice() &&
MF->getInfo<AArch64FunctionInfo>()->branchTargetEnforcement()) MF->getInfo<AArch64FunctionInfo>()->branchTargetEnforcement())
return false; return false;
// Allow SelectionDAG isel to handle indirect calls with KCFI checks.
if (CLI.CB && CLI.CB->isIndirectCall() &&
CLI.CB->getOperandBundle(LLVMContext::OB_kcfi))
return false;
// Allow SelectionDAG isel to handle tail calls. // Allow SelectionDAG isel to handle tail calls.
if (IsTailCall) if (IsTailCall)
return false; return false;
// FIXME: we could and should support this, but for now correctness at -O0 is // FIXME: we could and should support this, but for now correctness at -O0 is
// more important. // more important.
if (Subtarget->isTargetILP32()) if (Subtarget->isTargetILP32())
return false; return false;
▲ Show 20 LinesShow All 1,969 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64ISelLowering.h

Show First 20 LinesShow All 808 Lines▼ Show 20 Linespublic:
void insertCopiesSplitCSR( void insertCopiesSplitCSR(
MachineBasicBlock *Entry, MachineBasicBlock *Entry,
const SmallVectorImpl<MachineBasicBlock *> &Exits) const override; const SmallVectorImpl<MachineBasicBlock *> &Exits) const override;
bool supportSwiftError() const override { bool supportSwiftError() const override {
return true; return true;
} }
bool supportKCFIBundles() const override { return true; }
/// Enable aggressive FMA fusion on targets that want it. /// Enable aggressive FMA fusion on targets that want it.
bool enableAggressiveFMAFusion(EVT VT) const override; bool enableAggressiveFMAFusion(EVT VT) const override;
/// Returns the size of the platform's va_list object. /// Returns the size of the platform's va_list object.
unsigned getVaListSizeInBits(const DataLayout &DL) const override; unsigned getVaListSizeInBits(const DataLayout &DL) const override;
/// Returns true if \p VecTy is a legal interleaved access type. This /// Returns true if \p VecTy is a legal interleaved access type. This
/// function checks the vector element type and the overall width of the /// function checks the vector element type and the overall width of the
▲ Show 20 LinesShow All 346 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,537 Lines▼ Show 20 Lines case TargetOpcode::STATEPOINT:
// has implicit def. This def is early-clobber as it will be set at // has implicit def. This def is early-clobber as it will be set at
// the moment of the call and earlier than any use is read. // the moment of the call and earlier than any use is read.
// Add this implicit dead def here as a workaround. // Add this implicit dead def here as a workaround.
MI.addOperand(*MI.getMF(), MI.addOperand(*MI.getMF(),
MachineOperand::CreateReg( MachineOperand::CreateReg(
AArch64::LR, /*isDef*/ true, AArch64::LR, /*isDef*/ true,
/*isImp*/ true, /*isKill*/ false, /*isDead*/ true, /*isImp*/ true, /*isKill*/ false, /*isDead*/ true,
/*isUndef*/ false, /*isEarlyClobber*/ true)); /*isUndef*/ false, /*isEarlyClobber*/ true));
[[fallthrough]]; [[fallthrough]];
pccUnsubmitted
Done
ReplyInline Actions

For PAuth ABI the motivation for avoiding the gap between check and call was around avoiding spilling the verified pointer, is this not possible with KCFI?

pcc: For PAuth ABI the motivation for avoiding the gap between check and call was around avoiding…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

I don't believe that's a concern here. We might emit instructions for setting up call arguments between the check and the call, but nothing should spill the pointer or change the target register anymore. The main reason to avoid bundling the check and the call is to avoid further complications with expanding the remaining pseudo instructions.

samitolvanen: I don't believe that's a concern here. We might emit instructions for setting up call arguments…
case TargetOpcode::STACKMAP: case TargetOpcode::STACKMAP:
case TargetOpcode::PATCHPOINT: case TargetOpcode::PATCHPOINT:
return emitPatchPoint(MI, BB); return emitPatchPoint(MI, BB);
case AArch64::CATCHRET: case AArch64::CATCHRET:
return EmitLoweredCatchRet(MI, BB); return EmitLoweredCatchRet(MI, BB);
case AArch64::LD1_MXIPXX_H_PSEUDO_B: case AArch64::LD1_MXIPXX_H_PSEUDO_B:
return EmitTileLoad(AArch64::LD1_MXIPXX_H_B, AArch64::ZAB0, MI, BB); return EmitTileLoad(AArch64::LD1_MXIPXX_H_B, AArch64::ZAB0, MI, BB);
▲ Show 20 LinesShow All 4,026 Lines▼ Show 20 LinesAArch64TargetLowering::LowerCall(CallLoweringInfo &CLI,
bool IsVarArg = CLI.IsVarArg; bool IsVarArg = CLI.IsVarArg;
MachineFunction &MF = DAG.getMachineFunction(); MachineFunction &MF = DAG.getMachineFunction();
MachineFunction::CallSiteInfo CSInfo; MachineFunction::CallSiteInfo CSInfo;
bool IsThisReturn = false; bool IsThisReturn = false;
AArch64FunctionInfo *FuncInfo = MF.getInfo<AArch64FunctionInfo>(); AArch64FunctionInfo *FuncInfo = MF.getInfo<AArch64FunctionInfo>();
bool TailCallOpt = MF.getTarget().Options.GuaranteedTailCallOpt; bool TailCallOpt = MF.getTarget().Options.GuaranteedTailCallOpt;
bool IsCFICall = CLI.CB && CLI.CB->isIndirectCall() && CLI.CFIType;
bool IsSibCall = false; bool IsSibCall = false;
bool GuardWithBTI = false; bool GuardWithBTI = false;
if (CLI.CB && CLI.CB->getAttributes().hasFnAttr(Attribute::ReturnsTwice) && if (CLI.CB && CLI.CB->getAttributes().hasFnAttr(Attribute::ReturnsTwice) &&
!Subtarget->noBTIAtReturnTwice()) { !Subtarget->noBTIAtReturnTwice()) {
GuardWithBTI = FuncInfo->branchTargetEnforcement(); GuardWithBTI = FuncInfo->branchTargetEnforcement();
} }
▲ Show 20 LinesShow All 407 Lines▼ Show 20 LinesAArch64TargetLowering::LowerCall(CallLoweringInfo &CLI,
SDVTList NodeTys = DAG.getVTList(MVT::Other, MVT::Glue); SDVTList NodeTys = DAG.getVTList(MVT::Other, MVT::Glue);
// If we're doing a tall call, use a TC_RETURN here rather than an // If we're doing a tall call, use a TC_RETURN here rather than an
// actual call instruction. // actual call instruction.
if (IsTailCall) { if (IsTailCall) {
MF.getFrameInfo().setHasTailCall(); MF.getFrameInfo().setHasTailCall();
SDValue Ret = DAG.getNode(AArch64ISD::TC_RETURN, DL, NodeTys, Ops); SDValue Ret = DAG.getNode(AArch64ISD::TC_RETURN, DL, NodeTys, Ops);
if (IsCFICall)
Ret.getNode()->setCFIType(CLI.CFIType->getZExtValue());
DAG.addCallSiteInfo(Ret.getNode(), std::move(CSInfo)); DAG.addCallSiteInfo(Ret.getNode(), std::move(CSInfo));
return Ret; return Ret;
} }
unsigned CallOpc = AArch64ISD::CALL; unsigned CallOpc = AArch64ISD::CALL;
// Calls with operand bundle "clang.arc.attachedcall" are special. They should // Calls with operand bundle "clang.arc.attachedcall" are special. They should
// be expanded to the call, directly followed by a special marker sequence and // be expanded to the call, directly followed by a special marker sequence and
// a call to an ObjC library function. Use CALL_RVMARKER to do that. // a call to an ObjC library function. Use CALL_RVMARKER to do that.
if (CLI.CB && objcarc::hasAttachedCallOpBundle(CLI.CB)) { if (CLI.CB && objcarc::hasAttachedCallOpBundle(CLI.CB)) {
assert(!IsTailCall && assert(!IsTailCall &&
"tail calls cannot be marked with clang.arc.attachedcall"); "tail calls cannot be marked with clang.arc.attachedcall");
CallOpc = AArch64ISD::CALL_RVMARKER; CallOpc = AArch64ISD::CALL_RVMARKER;
// Add a target global address for the retainRV/claimRV runtime function // Add a target global address for the retainRV/claimRV runtime function
// just before the call target. // just before the call target.
Function *ARCFn = *objcarc::getAttachedARCFunction(CLI.CB); Function *ARCFn = *objcarc::getAttachedARCFunction(CLI.CB);
auto GA = DAG.getTargetGlobalAddress(ARCFn, DL, PtrVT); auto GA = DAG.getTargetGlobalAddress(ARCFn, DL, PtrVT);
Ops.insert(Ops.begin() + 1, GA); Ops.insert(Ops.begin() + 1, GA);
} else if (GuardWithBTI) } else if (GuardWithBTI)
CallOpc = AArch64ISD::CALL_BTI; CallOpc = AArch64ISD::CALL_BTI;
// Returns a chain and a flag for retval copy to use. // Returns a chain and a flag for retval copy to use.
Chain = DAG.getNode(CallOpc, DL, NodeTys, Ops); Chain = DAG.getNode(CallOpc, DL, NodeTys, Ops);
if (IsCFICall)
Chain.getNode()->setCFIType(CLI.CFIType->getZExtValue());
DAG.addNoMergeSiteInfo(Chain.getNode(), CLI.NoMerge); DAG.addNoMergeSiteInfo(Chain.getNode(), CLI.NoMerge);
InFlag = Chain.getValue(1); InFlag = Chain.getValue(1);
DAG.addCallSiteInfo(Chain.getNode(), std::move(CSInfo)); DAG.addCallSiteInfo(Chain.getNode(), std::move(CSInfo));
uint64_t CalleePopBytes = uint64_t CalleePopBytes =
DoesCalleeRestoreStack(CallConv, TailCallOpt) ? alignTo(NumBytes, 16) : 0; DoesCalleeRestoreStack(CallConv, TailCallOpt) ? alignTo(NumBytes, 16) : 0;
Chain = DAG.getCALLSEQ_END(Chain, DAG.getIntPtrConstant(NumBytes, DL, true), Chain = DAG.getCALLSEQ_END(Chain, DAG.getIntPtrConstant(NumBytes, DL, true),
▲ Show 20 LinesShow All 15,173 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64InstrInfo.td

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,444 Lines▼ Show 20 Lines
def : Pat<(AArch64mrs imm:$id), def : Pat<(AArch64mrs imm:$id),
(MRS imm:$id)>; (MRS imm:$id)>;
// The thread pointer (on Linux, at least, where this has been implemented) is // The thread pointer (on Linux, at least, where this has been implemented) is
// TPIDR_EL0. // TPIDR_EL0.
def MOVbaseTLS : Pseudo<(outs GPR64:$dst), (ins), def MOVbaseTLS : Pseudo<(outs GPR64:$dst), (ins),
[(set GPR64:$dst, AArch64threadpointer)]>, Sched<[WriteSys]>; [(set GPR64:$dst, AArch64threadpointer)]>, Sched<[WriteSys]>;
let Defs = [ X9, X16, X17, NZCV ] in {
def KCFI_CHECK : Pseudo<
(outs), (ins GPR64:$ptr, i32imm:$type), []>, Sched<[]>;
}
let Uses = [ X9 ], Defs = [ X16, X17, LR, NZCV ] in { let Uses = [ X9 ], Defs = [ X16, X17, LR, NZCV ] in {
def HWASAN_CHECK_MEMACCESS : Pseudo< def HWASAN_CHECK_MEMACCESS : Pseudo<
(outs), (ins GPR64noip:$ptr, i32imm:$accessinfo), (outs), (ins GPR64noip:$ptr, i32imm:$accessinfo),
[(int_hwasan_check_memaccess X9, GPR64noip:$ptr, (i32 timm:$accessinfo))]>, [(int_hwasan_check_memaccess X9, GPR64noip:$ptr, (i32 timm:$accessinfo))]>,
Sched<[]>; Sched<[]>;
} }
let Uses = [ X20 ], Defs = [ X16, X17, LR, NZCV ] in { let Uses = [ X20 ], Defs = [ X16, X17, LR, NZCV ] in {
▲ Show 20 LinesShow All 6,950 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64KCFI.cpp

  • This file was added.
//===---- AArch64KCFI.cpp - Implements KCFI -------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file implements KCFI indirect call checking.
//
//===----------------------------------------------------------------------===//
#include "AArch64.h"
#include "AArch64InstrInfo.h"
#include "AArch64Subtarget.h"
#include "AArch64TargetMachine.h"
#include "llvm/ADT/Statistic.h"
#include "llvm/CodeGen/MachineFunctionPass.h"
#include "llvm/CodeGen/MachineInstrBuilder.h"
#include "llvm/CodeGen/MachineInstrBundle.h"
#include "llvm/CodeGen/MachineModuleInfo.h"
using namespace llvm;
#define DEBUG_TYPE "aarch64-kcfi"
#define AARCH64_KCFI_PASS_NAME "Insert KCFI indirect call checks"
STATISTIC(NumKCFIChecksAdded, "Number of indirect call checks added");
namespace {
class AArch64KCFI : public MachineFunctionPass {
public:
static char ID;
AArch64KCFI() : MachineFunctionPass(ID) {}
StringRef getPassName() const override { return AARCH64_KCFI_PASS_NAME; }
bool runOnMachineFunction(MachineFunction &MF) override;
private:
/// Machine instruction info used throughout the class.
const AArch64InstrInfo *TII = nullptr;
/// Emits a KCFI check before an indirect call.
/// \returns true if the check was added and false otherwise.
bool emitCheck(MachineBasicBlock &MBB,
MachineBasicBlock::instr_iterator I) const;
};
char AArch64KCFI::ID = 0;
} // end anonymous namespace
INITIALIZE_PASS(AArch64KCFI, DEBUG_TYPE, AARCH64_KCFI_PASS_NAME, false, false)
FunctionPass *llvm::createAArch64KCFIPass() { return new AArch64KCFI(); }
bool AArch64KCFI::emitCheck(MachineBasicBlock &MBB,
MachineBasicBlock::instr_iterator MBBI) const {
assert(TII && "Target instruction info was not initialized");
// If the call instruction is bundled, we can only emit a check safely if
// it's the first instruction in the bundle.
if (MBBI->isBundled() && !std::prev(MBBI)->isBundle())
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
report_fatal_error("Cannot emit a KCFI check for a bundled call");
switch (MBBI->getOpcode()) {
case AArch64::BLR:
case AArch64::BLRNoIP:
case AArch64::TCRETURNri:
case AArch64::TCRETURNriBTI:
break;
default:
llvm_unreachable("Unexpected CFI call opcode");
}
MachineOperand &Target = MBBI->getOperand(0);
assert(Target.isReg() && "Invalid target operand for an indirect call");
Target.setIsRenamable(false);
MachineInstr *Check =
BuildMI(MBB, MBBI, MBBI->getDebugLoc(), TII->get(AArch64::KCFI_CHECK))
.addReg(Target.getReg())
.addImm(MBBI->getCFIType())
.getInstr();
MBBI->setCFIType(*MBB.getParent(), 0);
// If not already bundled, bundle the check and the call to prevent
// further changes.
if (!MBBI->isBundled())
finalizeBundle(MBB, Check->getIterator(), std::next(MBBI->getIterator()));
++NumKCFIChecksAdded;
return true;
}
bool AArch64KCFI::runOnMachineFunction(MachineFunction &MF) {
const Module *M = MF.getMMI().getModule();
if (!M->getModuleFlag("kcfi"))
return false;
const auto &SubTarget = MF.getSubtarget<AArch64Subtarget>();
TII = SubTarget.getInstrInfo();
bool Changed = false;
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

llvm-project doesn't typically add a blank line after a variable declaration. please fix other places in this patch.

MaskRay: delete blank line llvm-project doesn't typically add a blank line after a variable declaration.
for (MachineBasicBlock &MBB : MF) {
for (MachineBasicBlock::instr_iterator MII = MBB.instr_begin(),
MIE = MBB.instr_end();
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

const auto &SubTarget = ...

nickdesaulniers: `const auto &SubTarget = ...`
MII != MIE; ++MII) {
if (MII->isCall() && MII->getCFIType())
Changed |= emitCheck(MBB, MII);
}
}
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
return Changed;
}
MaskRayUnsubmitted
Done
ReplyInline Actions

don't use early return if the then part is simple.

MaskRay: don't use early return if the `then` part is simple.

llvm/lib/Target/AArch64/AArch64TargetMachine.cpp

Show First 20 LinesShow All 203 Lines▼ Show 20 Linesextern "C" LLVM_EXTERNAL_VISIBILITY void LLVMInitializeAArch64Target() {
initializeAArch64AdvSIMDScalarPass(*PR); initializeAArch64AdvSIMDScalarPass(*PR);
initializeAArch64BranchTargetsPass(*PR); initializeAArch64BranchTargetsPass(*PR);
initializeAArch64CollectLOHPass(*PR); initializeAArch64CollectLOHPass(*PR);
initializeAArch64CompressJumpTablesPass(*PR); initializeAArch64CompressJumpTablesPass(*PR);
initializeAArch64ConditionalComparesPass(*PR); initializeAArch64ConditionalComparesPass(*PR);
initializeAArch64ConditionOptimizerPass(*PR); initializeAArch64ConditionOptimizerPass(*PR);
initializeAArch64DeadRegisterDefinitionsPass(*PR); initializeAArch64DeadRegisterDefinitionsPass(*PR);
initializeAArch64ExpandPseudoPass(*PR); initializeAArch64ExpandPseudoPass(*PR);
initializeAArch64KCFIPass(*PR);
initializeAArch64LoadStoreOptPass(*PR); initializeAArch64LoadStoreOptPass(*PR);
initializeAArch64MIPeepholeOptPass(*PR); initializeAArch64MIPeepholeOptPass(*PR);
initializeAArch64SIMDInstrOptPass(*PR); initializeAArch64SIMDInstrOptPass(*PR);
initializeAArch64O0PreLegalizerCombinerPass(*PR); initializeAArch64O0PreLegalizerCombinerPass(*PR);
initializeAArch64PreLegalizerCombinerPass(*PR); initializeAArch64PreLegalizerCombinerPass(*PR);
initializeAArch64PostLegalizerCombinerPass(*PR); initializeAArch64PostLegalizerCombinerPass(*PR);
initializeAArch64PostLegalizerLoweringPass(*PR); initializeAArch64PostLegalizerLoweringPass(*PR);
initializeAArch64PostSelectOptimizePass(*PR); initializeAArch64PostSelectOptimizePass(*PR);
▲ Show 20 LinesShow All 529 Lines▼ Show 20 Lines if (EnableHomogeneousPrologEpilog)
addPass(createAArch64LowerHomogeneousPrologEpilogPass()); addPass(createAArch64LowerHomogeneousPrologEpilogPass());
// Expand some pseudo instructions to allow proper scheduling. // Expand some pseudo instructions to allow proper scheduling.
addPass(createAArch64ExpandPseudoPass()); addPass(createAArch64ExpandPseudoPass());
// Use load/store pair instructions when possible. // Use load/store pair instructions when possible.
if (TM->getOptLevel() != CodeGenOpt::None) { if (TM->getOptLevel() != CodeGenOpt::None) {
if (EnableLoadStoreOpt) if (EnableLoadStoreOpt)
addPass(createAArch64LoadStoreOptimizationPass()); addPass(createAArch64LoadStoreOptimizationPass());
} }
// Emit KCFI checks for indirect calls.
addPass(createAArch64KCFIPass());
// The AArch64SpeculationHardeningPass destroys dominator tree and natural // The AArch64SpeculationHardeningPass destroys dominator tree and natural
// loop info, which is needed for the FalkorHWPFFixPass and also later on. // loop info, which is needed for the FalkorHWPFFixPass and also later on.
// Therefore, run the AArch64SpeculationHardeningPass before the // Therefore, run the AArch64SpeculationHardeningPass before the
// FalkorHWPFFixPass to avoid recomputing dominator tree and natural loop // FalkorHWPFFixPass to avoid recomputing dominator tree and natural loop
// info. // info.
addPass(createAArch64SpeculationHardeningPass()); addPass(createAArch64SpeculationHardeningPass());
▲ Show 20 LinesShow All 70 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/CMakeLists.txt

Show First 20 LinesShow All 56 Lines▼ Show 20 Linesadd_llvm_target(AArch64CodeGen
AArch64A53Fix835769.cpp AArch64A53Fix835769.cpp
AArch64FrameLowering.cpp AArch64FrameLowering.cpp
AArch64CompressJumpTables.cpp AArch64CompressJumpTables.cpp
AArch64ConditionOptimizer.cpp AArch64ConditionOptimizer.cpp
AArch64RedundantCopyElimination.cpp AArch64RedundantCopyElimination.cpp
AArch64ISelDAGToDAG.cpp AArch64ISelDAGToDAG.cpp
AArch64ISelLowering.cpp AArch64ISelLowering.cpp
AArch64InstrInfo.cpp AArch64InstrInfo.cpp
AArch64KCFI.cpp
AArch64LoadStoreOptimizer.cpp AArch64LoadStoreOptimizer.cpp
AArch64LowerHomogeneousPrologEpilog.cpp AArch64LowerHomogeneousPrologEpilog.cpp
AArch64MachineFunctionInfo.cpp AArch64MachineFunctionInfo.cpp
AArch64MachineScheduler.cpp AArch64MachineScheduler.cpp
AArch64MacroFusion.cpp AArch64MacroFusion.cpp
AArch64MIPeepholeOpt.cpp AArch64MIPeepholeOpt.cpp
AArch64MCInstLower.cpp AArch64MCInstLower.cpp
AArch64PromoteConstant.cpp AArch64PromoteConstant.cpp
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp

Show First 20 LinesShow All 973 Lines▼ Show 20 Linesbool AArch64CallLowering::lowerTailCall(
// Tell the call which registers are clobbered. // Tell the call which registers are clobbered.
const AArch64Subtarget &Subtarget = MF.getSubtarget<AArch64Subtarget>(); const AArch64Subtarget &Subtarget = MF.getSubtarget<AArch64Subtarget>();
auto TRI = Subtarget.getRegisterInfo(); auto TRI = Subtarget.getRegisterInfo();
const uint32_t *Mask = TRI->getCallPreservedMask(MF, CalleeCC); const uint32_t *Mask = TRI->getCallPreservedMask(MF, CalleeCC);
if (Subtarget.hasCustomCallingConv()) if (Subtarget.hasCustomCallingConv())
TRI->UpdateCustomCallPreservedMask(MF, &Mask); TRI->UpdateCustomCallPreservedMask(MF, &Mask);
MIB.addRegMask(Mask); MIB.addRegMask(Mask);
if (Info.CFIType)
MIB->setCFIType(MF, Info.CFIType->getZExtValue());
if (TRI->isAnyArgRegReserved(MF)) if (TRI->isAnyArgRegReserved(MF))
TRI->emitReservedArgRegCallError(MF); TRI->emitReservedArgRegCallError(MF);
// FPDiff is the byte offset of the call's argument area from the callee's. // FPDiff is the byte offset of the call's argument area from the callee's.
// Stores to callee stack arguments will be placed in FixedStackSlots offset // Stores to callee stack arguments will be placed in FixedStackSlots offset
// by this amount for a tail call. In a sibling call it must be 0 because the // by this amount for a tail call. In a sibling call it must be 0 because the
// caller will deallocate the entire stack and the callee still expects its // caller will deallocate the entire stack and the callee still expects its
// arguments to begin at SP+0. // arguments to begin at SP+0.
▲ Show 20 LinesShow All 181 Lines▼ Show 20 Linesbool AArch64CallLowering::lowerCall(MachineIRBuilder &MIRBuilder,
unsigned CalleeOpNo = 0; unsigned CalleeOpNo = 0;
if (Opc == AArch64::BLR_RVMARKER) { if (Opc == AArch64::BLR_RVMARKER) {
// Add a target global address for the retainRV/claimRV runtime function // Add a target global address for the retainRV/claimRV runtime function
// just before the call target. // just before the call target.
Function *ARCFn = *objcarc::getAttachedARCFunction(Info.CB); Function *ARCFn = *objcarc::getAttachedARCFunction(Info.CB);
MIB.addGlobalAddress(ARCFn); MIB.addGlobalAddress(ARCFn);
++CalleeOpNo; ++CalleeOpNo;
} else if (Info.CFIType) {
MIB->setCFIType(MF, Info.CFIType->getZExtValue());
} }
MaskRayUnsubmitted
Done
ReplyInline Actions
} else if (Info.CFIType) {
  ...
}
MaskRay: ``` } else if (Info.CFIType) { ... } ```
MIB.add(Info.Callee); MIB.add(Info.Callee);
// Tell the call which registers are clobbered. // Tell the call which registers are clobbered.
const uint32_t *Mask; const uint32_t *Mask;
const auto *TRI = Subtarget.getRegisterInfo(); const auto *TRI = Subtarget.getRegisterInfo();
AArch64OutgoingValueAssigner Assigner(AssignFnFixed, AssignFnVarArg, AArch64OutgoingValueAssigner Assigner(AssignFnFixed, AssignFnVarArg,
Subtarget, /*IsReturn*/ false); Subtarget, /*IsReturn*/ false);
▲ Show 20 LinesShow All 71 LinesShow Last 20 Lines

llvm/lib/Target/X86/CMakeLists.txt

Show First 20 LinesShow All 58 Lines▼ Show 20 Linesset(sources
X86IndirectThunks.cpp X86IndirectThunks.cpp
X86InterleavedAccess.cpp X86InterleavedAccess.cpp
X86InsertPrefetch.cpp X86InsertPrefetch.cpp
X86InstCombineIntrinsic.cpp X86InstCombineIntrinsic.cpp
X86InstrFMA3Info.cpp X86InstrFMA3Info.cpp
X86InstrFoldTables.cpp X86InstrFoldTables.cpp
X86InstrInfo.cpp X86InstrInfo.cpp
X86EvexToVex.cpp X86EvexToVex.cpp
X86KCFI.cpp
X86LegalizerInfo.cpp X86LegalizerInfo.cpp
X86LoadValueInjectionLoadHardening.cpp X86LoadValueInjectionLoadHardening.cpp
X86LoadValueInjectionRetHardening.cpp X86LoadValueInjectionRetHardening.cpp
X86MCInstLower.cpp X86MCInstLower.cpp
X86MachineFunctionInfo.cpp X86MachineFunctionInfo.cpp
X86MacroFusion.cpp X86MacroFusion.cpp
X86OptimizeLEAs.cpp X86OptimizeLEAs.cpp
X86PadShortFunction.cpp X86PadShortFunction.cpp
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86.h

Show First 20 LinesShow All 45 Lines▼ Show 20 Lines
/// This pass inserts AVX vzeroupper instructions before each call to avoid /// This pass inserts AVX vzeroupper instructions before each call to avoid
/// transition penalty between functions encoded with AVX and SSE. /// transition penalty between functions encoded with AVX and SSE.
FunctionPass *createX86IssueVZeroUpperPass(); FunctionPass *createX86IssueVZeroUpperPass();
/// This pass inserts ENDBR instructions before indirect jump/call /// This pass inserts ENDBR instructions before indirect jump/call
/// destinations as part of CET IBT mechanism. /// destinations as part of CET IBT mechanism.
FunctionPass *createX86IndirectBranchTrackingPass(); FunctionPass *createX86IndirectBranchTrackingPass();
/// This pass inserts KCFI checks before indirect calls.
FunctionPass *createX86KCFIPass();
/// Return a pass that pads short functions with NOOPs. /// Return a pass that pads short functions with NOOPs.
/// This will prevent a stall when returning on the Atom. /// This will prevent a stall when returning on the Atom.
FunctionPass *createX86PadShortFunctions(); FunctionPass *createX86PadShortFunctions();
/// Return a pass that selectively replaces certain instructions (like add, /// Return a pass that selectively replaces certain instructions (like add,
/// sub, inc, dec, some shifts, and some multiplies) by equivalent LEA /// sub, inc, dec, some shifts, and some multiplies) by equivalent LEA
/// instructions, in order to eliminate execution delays in some processors. /// instructions, in order to eliminate execution delays in some processors.
FunctionPass *createX86FixupLEAs(); FunctionPass *createX86FixupLEAs();
▲ Show 20 LinesShow All 107 Lines▼ Show 20 Lines
void initializeX86AvoidTrailingCallPassPass(PassRegistry &); void initializeX86AvoidTrailingCallPassPass(PassRegistry &);
void initializeX86CallFrameOptimizationPass(PassRegistry &); void initializeX86CallFrameOptimizationPass(PassRegistry &);
void initializeX86CmovConverterPassPass(PassRegistry &); void initializeX86CmovConverterPassPass(PassRegistry &);
void initializeX86DomainReassignmentPass(PassRegistry &); void initializeX86DomainReassignmentPass(PassRegistry &);
void initializeX86ExecutionDomainFixPass(PassRegistry &); void initializeX86ExecutionDomainFixPass(PassRegistry &);
void initializeX86ExpandPseudoPass(PassRegistry &); void initializeX86ExpandPseudoPass(PassRegistry &);
void initializeX86FixupSetCCPassPass(PassRegistry &); void initializeX86FixupSetCCPassPass(PassRegistry &);
void initializeX86FlagsCopyLoweringPassPass(PassRegistry &); void initializeX86FlagsCopyLoweringPassPass(PassRegistry &);
void initializeX86KCFIPass(PassRegistry &);
void initializeX86LoadValueInjectionLoadHardeningPassPass(PassRegistry &); void initializeX86LoadValueInjectionLoadHardeningPassPass(PassRegistry &);
void initializeX86LoadValueInjectionRetHardeningPassPass(PassRegistry &); void initializeX86LoadValueInjectionRetHardeningPassPass(PassRegistry &);
void initializeX86OptimizeLEAPassPass(PassRegistry &); void initializeX86OptimizeLEAPassPass(PassRegistry &);
void initializeX86PartialReductionPass(PassRegistry &); void initializeX86PartialReductionPass(PassRegistry &);
void initializeX86SpeculativeLoadHardeningPassPass(PassRegistry &); void initializeX86SpeculativeLoadHardeningPassPass(PassRegistry &);
void initializeX86SpeculativeExecutionSideEffectSuppressionPass(PassRegistry &); void initializeX86SpeculativeExecutionSideEffectSuppressionPass(PassRegistry &);
void initializeX86PreTileConfigPass(PassRegistry &); void initializeX86PreTileConfigPass(PassRegistry &);
void initializeX86FastPreTileConfigPass(PassRegistry &); void initializeX86FastPreTileConfigPass(PassRegistry &);
Show All 22 Lines

llvm/lib/Target/X86/X86AsmPrinter.h

Show First 20 LinesShow All 93 Lines▼ Show 20 Linesclass LLVM_LIBRARY_VISIBILITY X86AsmPrinter : public AsmPrinter {
void LowerPATCHABLE_RET(const MachineInstr &MI, X86MCInstLower &MCIL); void LowerPATCHABLE_RET(const MachineInstr &MI, X86MCInstLower &MCIL);
void LowerPATCHABLE_TAIL_CALL(const MachineInstr &MI, X86MCInstLower &MCIL); void LowerPATCHABLE_TAIL_CALL(const MachineInstr &MI, X86MCInstLower &MCIL);
void LowerPATCHABLE_EVENT_CALL(const MachineInstr &MI, X86MCInstLower &MCIL); void LowerPATCHABLE_EVENT_CALL(const MachineInstr &MI, X86MCInstLower &MCIL);
void LowerPATCHABLE_TYPED_EVENT_CALL(const MachineInstr &MI, void LowerPATCHABLE_TYPED_EVENT_CALL(const MachineInstr &MI,
X86MCInstLower &MCIL); X86MCInstLower &MCIL);
void LowerFENTRY_CALL(const MachineInstr &MI, X86MCInstLower &MCIL); void LowerFENTRY_CALL(const MachineInstr &MI, X86MCInstLower &MCIL);
// KCFI specific lowering for X86.
uint32_t MaskKCFIType(uint32_t Value);
void EmitKCFITypePadding(const MachineFunction &MF, bool HasType = true);
void LowerKCFI_CHECK(const MachineInstr &MI);
// Address sanitizer specific lowering for X86. // Address sanitizer specific lowering for X86.
void LowerASAN_CHECK_MEMACCESS(const MachineInstr &MI); void LowerASAN_CHECK_MEMACCESS(const MachineInstr &MI);
// Choose between emitting .seh_ directives and .cv_fpo_ directives. // Choose between emitting .seh_ directives and .cv_fpo_ directives.
void EmitSEHInstruction(const MachineInstr *MI); void EmitSEHInstruction(const MachineInstr *MI);
void PrintSymbolOperand(const MachineOperand &MO, raw_ostream &O) override; void PrintSymbolOperand(const MachineOperand &MO, raw_ostream &O) override;
void PrintOperand(const MachineInstr *MI, unsigned OpNo, raw_ostream &O); void PrintOperand(const MachineInstr *MI, unsigned OpNo, raw_ostream &O);
Show All 34 Lines bool doInitialization(Module &M) override {
SM.reset(); SM.reset();
FM.reset(); FM.reset();
return AsmPrinter::doInitialization(M); return AsmPrinter::doInitialization(M);
} }
bool runOnMachineFunction(MachineFunction &MF) override; bool runOnMachineFunction(MachineFunction &MF) override;
void emitFunctionBodyStart() override; void emitFunctionBodyStart() override;
void emitFunctionBodyEnd() override; void emitFunctionBodyEnd() override;
void emitKCFITypeId(const MachineFunction &MF) override;
bool shouldEmitWeakSwiftAsyncExtendedFramePointerFlags() const override { bool shouldEmitWeakSwiftAsyncExtendedFramePointerFlags() const override {
return ShouldEmitWeakSwiftAsyncExtendedFramePointerFlags; return ShouldEmitWeakSwiftAsyncExtendedFramePointerFlags;
} }
}; };
} // end namespace llvm } // end namespace llvm
#endif #endif

llvm/lib/Target/X86/X86AsmPrinter.cpp

Show All 27 Lines
#include "llvm/IR/InlineAsm.h" #include "llvm/IR/InlineAsm.h"
#include "llvm/IR/Mangler.h" #include "llvm/IR/Mangler.h"
#include "llvm/IR/Module.h" #include "llvm/IR/Module.h"
#include "llvm/IR/Type.h" #include "llvm/IR/Type.h"
#include "llvm/MC/MCAsmInfo.h" #include "llvm/MC/MCAsmInfo.h"
#include "llvm/MC/MCCodeEmitter.h" #include "llvm/MC/MCCodeEmitter.h"
#include "llvm/MC/MCContext.h" #include "llvm/MC/MCContext.h"
#include "llvm/MC/MCExpr.h" #include "llvm/MC/MCExpr.h"
#include "llvm/MC/MCInstBuilder.h"
#include "llvm/MC/MCSectionCOFF.h" #include "llvm/MC/MCSectionCOFF.h"
#include "llvm/MC/MCSectionELF.h" #include "llvm/MC/MCSectionELF.h"
#include "llvm/MC/MCSectionMachO.h" #include "llvm/MC/MCSectionMachO.h"
#include "llvm/MC/MCStreamer.h" #include "llvm/MC/MCStreamer.h"
#include "llvm/MC/MCSymbol.h" #include "llvm/MC/MCSymbol.h"
#include "llvm/MC/TargetRegistry.h" #include "llvm/MC/TargetRegistry.h"
#include "llvm/Support/Debug.h" #include "llvm/Support/Debug.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
▲ Show 20 LinesShow All 64 Lines▼ Show 20 Lines
void X86AsmPrinter::emitFunctionBodyEnd() { void X86AsmPrinter::emitFunctionBodyEnd() {
if (EmitFPOData) { if (EmitFPOData) {
if (auto *XTS = if (auto *XTS =
static_cast<X86TargetStreamer *>(OutStreamer->getTargetStreamer())) static_cast<X86TargetStreamer *>(OutStreamer->getTargetStreamer()))
XTS->emitFPOEndProc(); XTS->emitFPOEndProc();
} }
} }
uint32_t X86AsmPrinter::MaskKCFIType(uint32_t Value) {
// If the type hash matches an invalid pattern, mask the value.
const uint32_t InvalidValues[] = {
0xFA1E0FF3, /* ENDBR64 */
joaomoreiraUnsubmitted
Done
ReplyInline Actions

I have seen speculative mitigations using instructions that stop the control-flow (like int3 or hlt) as space fillers just as a redundant/security-in-depth scheme to hold any speculative flow that may have been launched from somewhere else. I think these zeros here can be replaced by 0xcc without harm, right?

joaomoreira: I have seen speculative mitigations using instructions that stop the control-flow (like int3 or…
0xFB1E0FF3, /* ENDBR32 */
};
for (uint32_t N : InvalidValues) {
// LowerKCFI_CHECK emits -Value for indirect call checks, so we must also
pccUnsubmitted
Done
ReplyInline Actions

If this is just about satisfying objtool do these symbols need to be exported or can they just be STB_LOCAL?

pcc: If this is just about satisfying objtool do these symbols need to be exported or can they just…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

They don't have to be exported, but we ran into some objtool confusion when the parent function was weak, so it's easier to just use the same linkage for the preamble symbol.

samitolvanen: They don't have to be exported, but we ran into some objtool confusion when the parent function…
// mask that. Note that -(Value + 1) == ~Value.
if (N == Value || -N == Value)
joaomoreiraUnsubmitted
Done
ReplyInline Actions

Can we use another constant blinding scheme, such as a Value++ or anything else? This way, we would prevent endbrs from being emitted in the indirect branch guards too.

Since we are using Value (prologue) and ~Value (caller/guard) for doing the checks, we also need to check if ~ENDBR was picked as a KCFIType, otherwise ENDBR will be emitted in the ibranch guards.

joaomoreira: Can we use another constant blinding scheme, such as a Value++ or anything else? This way, we…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Can we use another constant blinding scheme, such as a Value++ or anything else? This way, we would prevent endbrs from being emitted in the indirect branch guards too.

Since we are using Value (prologue) and ~Value (caller/guard) for doing the checks, we also need to check if ~ENDBR was picked as a KCFIType, otherwise ENDBR will be emitted in the ibranch guards.

I don't mind changing this to Value + 1, but that actually doesn't change anything because we emit -Value in indirect call checks, not ~Value. Therefore, using ~Value works equally well here.

Specifically, this code currently emits ~Valuein the preamble and -(~Value) == Value + 1 in the indirect call check. Switching to Value + 1 simply reverses the order; we'll emit Value + 1 in the preamble and -(Value + 1) == ~Value in the indirect call check.

However, you are right that we also need to avoid -ENDBR in this function. I'll fix that and clarify the comment.

samitolvanen: > Can we use another constant blinding scheme, such as a Value++ or anything else? This way, we…
joaomoreiraUnsubmitted
Done
ReplyInline Actions

Oops, got confused with the operands, tks for clearing it up. Otherwise, changes LGTM.

joaomoreira: Oops, got confused with the operands, tks for clearing it up. Otherwise, changes LGTM.
return Value + 1;
}
return Value;
}
MaskRayUnsubmitted
Done
ReplyInline Actions

A previous comment isn't done. This doesn't explain that the double-int3 before and after the identifier is an objtool requirement (or similar).

MaskRay: A previous comment isn't done. This doesn't explain that the double-int3 before and after the…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

A previous comment isn't done. This doesn't explain that the double-int3 before and after the identifier is an objtool requirement (or similar).

These are not objtool requirements, and I believe the comments do explain why the int3 padding is added. The first two are to reserve some space for runtime patching this code, and the latter two is to avoid call target gadgets in the checks. I'm obviously happy to improve the comments, is there something specific you'd like me to add?

samitolvanen: > A previous comment isn't done. This doesn't explain that the double-int3 before and after the…
void X86AsmPrinter::EmitKCFITypePadding(const MachineFunction &MF,
bool HasType) {
// Keep the function entry aligned, taking patchable-function-prefix into
// account if set.
int64_t PrefixBytes = 0;
(void)MF.getFunction()
.getFnAttribute("patchable-function-prefix")
.getValueAsString()
.getAsInteger(10, PrefixBytes);
MaskRayUnsubmitted
Done
ReplyInline Actions

For a temporary symbol (STB_LOCAL), no need to add __ prefix.

MaskRay: For a temporary symbol (STB_LOCAL), no need to add `__` prefix.
// Also take the type identifier into account if we're emitting
// one. Otherwise, just pad with nops. The X86::MOV32ri instruction emitted
// in X86AsmPrinter::emitKCFITypeId is 5 bytes long.
if (HasType)
PrefixBytes += 5;
emitNops(offsetToAlignment(PrefixBytes, MF.getAlignment()));
}
/// emitKCFITypeId - Emit the KCFI type information in architecture specific
/// format.
void X86AsmPrinter::emitKCFITypeId(const MachineFunction &MF) {
const Function &F = MF.getFunction();
if (!F.getParent()->getModuleFlag("kcfi"))
return;
ConstantInt *Type = nullptr;
if (const MDNode *MD = F.getMetadata(LLVMContext::MD_kcfi_type))
Type = mdconst::extract<ConstantInt>(MD->getOperand(0));
// If we don't have a type to emit, just emit padding if needed to maintain
// the same alignment for all functions.
if (!Type) {
EmitKCFITypePadding(MF, /*HasType=*/false);
return;
}
// Emit a function symbol for the type data to avoid unreachable instruction
// warnings from binary validation tools, and use the same linkage as the
// parent function. Note that using local linkage would result in duplicate
// symbols for weak parent functions.
MCSymbol *FnSym = OutContext.getOrCreateSymbol("__cfi_" + MF.getName());
emitLinkage(&MF.getFunction(), FnSym);
if (MAI->hasDotTypeDotSizeDirective())
OutStreamer->emitSymbolAttribute(FnSym, MCSA_ELF_TypeFunction);
OutStreamer->emitLabel(FnSym);
// Embed the type hash in the X86::MOV32ri instruction to avoid special
// casing object file parsers.
EmitKCFITypePadding(MF);
EmitAndCountInstruction(MCInstBuilder(X86::MOV32ri)
.addReg(X86::EAX)
.addImm(MaskKCFIType(Type->getZExtValue())));
if (MAI->hasDotTypeDotSizeDirective()) {
MCSymbol *EndSym = OutContext.createTempSymbol("cfi_func_end");
OutStreamer->emitLabel(EndSym);
const MCExpr *SizeExp = MCBinaryExpr::createSub(
MCSymbolRefExpr::create(EndSym, OutContext),
MCSymbolRefExpr::create(FnSym, OutContext), OutContext);
OutStreamer->emitELFSize(FnSym, SizeExp);
}
}
/// PrintSymbolOperand - Print a raw symbol reference operand. This handles /// PrintSymbolOperand - Print a raw symbol reference operand. This handles
/// jump tables, constant pools, global address and external symbols, all of /// jump tables, constant pools, global address and external symbols, all of
/// which print to a label with various suffixes for relocation types etc. /// which print to a label with various suffixes for relocation types etc.
void X86AsmPrinter::PrintSymbolOperand(const MachineOperand &MO, void X86AsmPrinter::PrintSymbolOperand(const MachineOperand &MO,
raw_ostream &O) { raw_ostream &O) {
switch (MO.getType()) { switch (MO.getType()) {
default: llvm_unreachable("unknown symbol type!"); default: llvm_unreachable("unknown symbol type!");
case MachineOperand::MO_ConstantPoolIndex: case MachineOperand::MO_ConstantPoolIndex:
▲ Show 20 LinesShow All 746 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86ExpandPseudo.cpp

Show First 20 LinesShow All 350 Lines▼ Show 20 Lines case X86::TCRETURNmi64: {
} else { } else {
JumpTarget.setIsKill(); JumpTarget.setIsKill();
BuildMI(MBB, MBBI, DL, TII->get(X86::TAILJMPr)) BuildMI(MBB, MBBI, DL, TII->get(X86::TAILJMPr))
.add(JumpTarget); .add(JumpTarget);
} }
MachineInstr &NewMI = *std::prev(MBBI); MachineInstr &NewMI = *std::prev(MBBI);
NewMI.copyImplicitOps(*MBBI->getParent()->getParent(), *MBBI); NewMI.copyImplicitOps(*MBBI->getParent()->getParent(), *MBBI);
NewMI.setCFIType(*MBB.getParent(), MI.getCFIType());
// Update the call site info. // Update the call site info.
if (MBBI->isCandidateForCallSiteEntry()) if (MBBI->isCandidateForCallSiteEntry())
MBB.getParent()->moveCallSiteInfo(&*MBBI, &NewMI); MBB.getParent()->moveCallSiteInfo(&*MBBI, &NewMI);
// Delete the pseudo instruction TCRETURN. // Delete the pseudo instruction TCRETURN.
MBB.erase(MBBI); MBB.erase(MBBI);
▲ Show 20 LinesShow All 383 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86FastISel.cpp

Show First 20 LinesShow All 3,176 Lines▼ Show 20 Linesbool X86FastISel::fastLowerCall(CallLoweringInfo &CLI) {
// Functions with no_caller_saved_registers that need special handling. // Functions with no_caller_saved_registers that need special handling.
if ((CB && isa<CallInst>(CB) && CB->hasFnAttr("no_caller_saved_registers"))) if ((CB && isa<CallInst>(CB) && CB->hasFnAttr("no_caller_saved_registers")))
return false; return false;
// Functions with no_callee_saved_registers that need special handling. // Functions with no_callee_saved_registers that need special handling.
if ((CB && CB->hasFnAttr("no_callee_saved_registers"))) if ((CB && CB->hasFnAttr("no_callee_saved_registers")))
return false; return false;
// Indirect calls with CFI checks need special handling.
if (CB && CB->isIndirectCall() && CB->getOperandBundle(LLVMContext::OB_kcfi))
return false;
// Functions using thunks for indirect calls need to use SDISel. // Functions using thunks for indirect calls need to use SDISel.
if (Subtarget->useIndirectThunkCalls()) if (Subtarget->useIndirectThunkCalls())
return false; return false;
// Handle only C, fastcc, and webkit_js calling conventions for now. // Handle only C, fastcc, and webkit_js calling conventions for now.
switch (CC) { switch (CC) {
default: return false; default: return false;
case CallingConv::C: case CallingConv::C:
▲ Show 20 LinesShow All 820 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86ISelLowering.h

Show First 20 LinesShow All 74 Lines▼ Show 20 Lines enum NodeType : unsigned {
CALL, CALL,
/// Same as call except it adds the NoTrack prefix. /// Same as call except it adds the NoTrack prefix.
NT_CALL, NT_CALL,
// Pseudo for a OBJC call that gets emitted together with a special // Pseudo for a OBJC call that gets emitted together with a special
// marker instruction. // marker instruction.
CALL_RVMARKER, CALL_RVMARKER,
joaomoreiraUnsubmitted
Done
ReplyInline Actions

I did not revise the entire patch yet. With this said, IMHO, this looks like an overcomplication of a simple problem. Is there a reason why you really need specific KCFI_ nodes instead of only embedding the hash information into an attribute at the Machine Instruction? Then, if hash == 0, it just means it is a call that doesn't need instrumentation.

This latter approach will require less code and should be easier to maintain compatible with other CFI approaches. If the reason is because you don't want to have a useless attribute for non-call instructions, then you could possibly have a map where you bind the call instruction with a respective hash.

Unless there is a strong reason for these, I would much better prefer the slim approach suggested. Either way, if there is a reason for this, I would also suggest that you at least don't name these as "KCFI_something", as in the future others might want to reuse the same structure for other CFI approaches.

joaomoreira: I did not revise the entire patch yet. With this said, IMHO, this looks like an…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Is there a reason why you really need specific KCFI_ nodes instead of only embedding the hash information into an attribute at the Machine Instruction?

This implementation is similar to CALL_RVMARKER, CALL_BTI and basically all other pseudo call instructions in LLVM. Is adding an attribute to MachineInstr the preferred approach instead?

I would also suggest that you at least don't name these as "KCFI_something", as in the future others might want to reuse the same structure for other CFI approaches.

Always happy to hear suggestions for alternative naming. Did you have something in mind?

samitolvanen: > Is there a reason why you really need specific KCFI_ nodes instead of only embedding the hash…
joaomoreiraUnsubmitted
Done
ReplyInline Actions

This implementation is similar to CALL_RVMARKER, CALL_BTI and basically all other pseudo call instructions in LLVM. Is adding an attribute to MachineInstr the preferred approach instead?

My understanding is that if, every time a new mitigation or optimization comes in, you create a new opcode for it, it will eventually bloat to non-feasibility.

Imagine you have some mitigation like kguard being implemented. Now you can have calls which are KCFI checked but not KGUARD checked; then KCFI not-checked but KGUARD checked; then KCFI and KGUARD checked.; then none-checked. And then you need all these variations for tail calls (which imho is a first, minor, instance of the problem)...

So, in general, my understanding is that this approach works, yeah, but that in the long term it could become a hassle... so ideally we should use attributes to define these sub-specific instructions instead of opcodes.

I would also suggest that you at least don't name these as "KCFI_something", as in the future others might want to reuse the same structure for other CFI approaches.

Always happy to hear suggestions for alternative naming. Did you have something in mind?

I think switching from KCFI into CFI would already be good enough, as in the end these are all implementing the control-flow integrity concept.

joaomoreira: > This implementation is similar to `CALL_RVMARKER`, `CALL_BTI` and basically all other pseudo…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

My understanding is that if, every time a new mitigation or optimization comes in, you create a new opcode for it, it will eventually bloat to non-feasibility.

I do agree, if there are enough call variants that can be combined, this will quickly get messy. So far this probably just hasn't been an issue. I'm not particularly happy about the multiple pseudo instructions here either.

@pcc, any thoughts about the best way to make this cleaner? Should we switch to a MachineInstr attribute, or perhaps pass another operand with the specific call type, or something else?

so ideally we should use attributes to define these sub-specific instructions instead of opcodes.

One concern I have with using an attribute is that we have to ensure that no pass accidentally drops it while transforming the call instruction or replacing it with something else. That's not an issue if we have a separate pseudo instruction with the type as an operand. Did you run into any issues with this?

Also, how do you serialize the type attribute in MIR? Something similar to debug-instr-number?

I think switching from KCFI into CFI would already be good enough

Sure, sounds good to me. I'll change the naming once we have a consensus on the correct approach here.

samitolvanen: > My understanding is that if, every time a new mitigation or optimization comes in, you create…
pccUnsubmitted
Done
ReplyInline Actions

Would it make sense to add a field to MachineInstr::ExtraInfo to hold the additional information here? That way you can avoid increasing the size of MachineInstr.

pcc: Would it make sense to add a field to `MachineInstr::ExtraInfo` to hold the additional…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

I'll look into it. Per offline discussion, we might need a similar construction for SDNode to avoid increasing memory usage too much should we go with type hash attributes instead.

samitolvanen: I'll look into it. Per offline discussion, we might need a similar construction for `SDNode` to…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

In my testing, adding a uint32_t attribute to SDNode increased max RSS by ~0.15% during a kernel build. As there's no ExtraInfo type construction in SDNode currently, adding one would increase memory usage more. Perhaps we can look into that if more attributes are needed?

samitolvanen: In my testing, adding a `uint32_t` attribute to `SDNode` increased max RSS by ~0.15% during a…
/// X86 compare and logical compare instructions. /// X86 compare and logical compare instructions.
CMP, CMP,
FCMP, FCMP,
COMI, COMI,
UCOMI, UCOMI,
/// X86 bit-test instructions. /// X86 bit-test instructions.
BT, BT,
▲ Show 20 LinesShow All 1,354 Lines▼ Show 20 Lines public:
unsigned getVectorTypeBreakdownForCallingConv( unsigned getVectorTypeBreakdownForCallingConv(
LLVMContext &Context, CallingConv::ID CC, EVT VT, EVT &IntermediateVT, LLVMContext &Context, CallingConv::ID CC, EVT VT, EVT &IntermediateVT,
unsigned &NumIntermediates, MVT &RegisterVT) const override; unsigned &NumIntermediates, MVT &RegisterVT) const override;
bool isIntDivCheap(EVT VT, AttributeList Attr) const override; bool isIntDivCheap(EVT VT, AttributeList Attr) const override;
bool supportSwiftError() const override; bool supportSwiftError() const override;
bool supportKCFIBundles() const override { return true; }
bool hasStackProbeSymbol(MachineFunction &MF) const override; bool hasStackProbeSymbol(MachineFunction &MF) const override;
bool hasInlineStackProbe(MachineFunction &MF) const override; bool hasInlineStackProbe(MachineFunction &MF) const override;
StringRef getStackProbeSymbolName(MachineFunction &MF) const override; StringRef getStackProbeSymbolName(MachineFunction &MF) const override;
unsigned getStackProbeSize(MachineFunction &MF) const; unsigned getStackProbeSize(MachineFunction &MF) const;
bool hasVectorBlend() const override { return true; } bool hasVectorBlend() const override { return true; }
▲ Show 20 LinesShow All 328 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 4,341 Lines▼ Show 20 LinesX86TargetLowering::LowerCall(TargetLowering::CallLoweringInfo &CLI,
bool IsGuaranteeTCO = MF.getTarget().Options.GuaranteedTailCallOpt || bool IsGuaranteeTCO = MF.getTarget().Options.GuaranteedTailCallOpt ||
CallConv == CallingConv::Tail || CallConv == CallingConv::SwiftTail; CallConv == CallingConv::Tail || CallConv == CallingConv::SwiftTail;
bool IsCalleePopSRet = !IsGuaranteeTCO && hasCalleePopSRet(Outs, Subtarget); bool IsCalleePopSRet = !IsGuaranteeTCO && hasCalleePopSRet(Outs, Subtarget);
X86MachineFunctionInfo *X86Info = MF.getInfo<X86MachineFunctionInfo>(); X86MachineFunctionInfo *X86Info = MF.getInfo<X86MachineFunctionInfo>();
bool HasNCSR = (CB && isa<CallInst>(CB) && bool HasNCSR = (CB && isa<CallInst>(CB) &&
CB->hasFnAttr("no_caller_saved_registers")); CB->hasFnAttr("no_caller_saved_registers"));
bool HasNoCfCheck = (CB && CB->doesNoCfCheck()); bool HasNoCfCheck = (CB && CB->doesNoCfCheck());
bool IsIndirectCall = (CB && isa<CallInst>(CB) && CB->isIndirectCall()); bool IsIndirectCall = (CB && isa<CallInst>(CB) && CB->isIndirectCall());
bool IsCFICall = IsIndirectCall && CLI.CFIType;
const Module *M = MF.getMMI().getModule(); const Module *M = MF.getMMI().getModule();
Metadata *IsCFProtectionSupported = M->getModuleFlag("cf-protection-branch"); Metadata *IsCFProtectionSupported = M->getModuleFlag("cf-protection-branch");
MachineFunction::CallSiteInfo CSInfo; MachineFunction::CallSiteInfo CSInfo;
if (CallConv == CallingConv::X86_INTR) if (CallConv == CallingConv::X86_INTR)
report_fatal_error("X86 interrupts may not be called directly"); report_fatal_error("X86 interrupts may not be called directly");
bool IsMustTail = CLI.CB && CLI.CB->isMustTailCall(); bool IsMustTail = CLI.CB && CLI.CB->isMustTailCall();
▲ Show 20 LinesShow All 475 Lines▼ Show 20 Lines if (isTailCall) {
// We used to do: // We used to do:
//// If this is the first return lowered for this function, add the regs //// If this is the first return lowered for this function, add the regs
//// to the liveout set for the function. //// to the liveout set for the function.
// This isn't right, although it's probably harmless on x86; liveouts // This isn't right, although it's probably harmless on x86; liveouts
// should be computed from returns not tail calls. Consider a void // should be computed from returns not tail calls. Consider a void
// function making a tail call to a function returning int. // function making a tail call to a function returning int.
MF.getFrameInfo().setHasTailCall(); MF.getFrameInfo().setHasTailCall();
SDValue Ret = DAG.getNode(X86ISD::TC_RETURN, dl, NodeTys, Ops); SDValue Ret = DAG.getNode(X86ISD::TC_RETURN, dl, NodeTys, Ops);
if (IsCFICall)
Ret.getNode()->setCFIType(CLI.CFIType->getZExtValue());
DAG.addCallSiteInfo(Ret.getNode(), std::move(CSInfo)); DAG.addCallSiteInfo(Ret.getNode(), std::move(CSInfo));
return Ret; return Ret;
} }
if (HasNoCfCheck && IsCFProtectionSupported && IsIndirectCall) { if (HasNoCfCheck && IsCFProtectionSupported && IsIndirectCall) {
Chain = DAG.getNode(X86ISD::NT_CALL, dl, NodeTys, Ops); Chain = DAG.getNode(X86ISD::NT_CALL, dl, NodeTys, Ops);
} else if (CLI.CB && objcarc::hasAttachedCallOpBundle(CLI.CB)) { } else if (CLI.CB && objcarc::hasAttachedCallOpBundle(CLI.CB)) {
// Calls with a "clang.arc.attachedcall" bundle are special. They should be // Calls with a "clang.arc.attachedcall" bundle are special. They should be
Show All 9 Lines if (HasNoCfCheck && IsCFProtectionSupported && IsIndirectCall) {
auto PtrVT = getPointerTy(DAG.getDataLayout()); auto PtrVT = getPointerTy(DAG.getDataLayout());
auto GA = DAG.getTargetGlobalAddress(ARCFn, dl, PtrVT); auto GA = DAG.getTargetGlobalAddress(ARCFn, dl, PtrVT);
Ops.insert(Ops.begin() + 1, GA); Ops.insert(Ops.begin() + 1, GA);
Chain = DAG.getNode(X86ISD::CALL_RVMARKER, dl, NodeTys, Ops); Chain = DAG.getNode(X86ISD::CALL_RVMARKER, dl, NodeTys, Ops);
} else { } else {
Chain = DAG.getNode(X86ISD::CALL, dl, NodeTys, Ops); Chain = DAG.getNode(X86ISD::CALL, dl, NodeTys, Ops);
} }
if (IsCFICall)
Chain.getNode()->setCFIType(CLI.CFIType->getZExtValue());
InFlag = Chain.getValue(1); InFlag = Chain.getValue(1);
DAG.addNoMergeSiteInfo(Chain.getNode(), CLI.NoMerge); DAG.addNoMergeSiteInfo(Chain.getNode(), CLI.NoMerge);
DAG.addCallSiteInfo(Chain.getNode(), std::move(CSInfo)); DAG.addCallSiteInfo(Chain.getNode(), std::move(CSInfo));
// Save heapallocsite metadata. // Save heapallocsite metadata.
if (CLI.CB) if (CLI.CB)
if (MDNode *HeapAlloc = CLI.CB->getMetadata("heapallocsite")) if (MDNode *HeapAlloc = CLI.CB->getMetadata("heapallocsite"))
DAG.addHeapAllocSite(Chain.getNode(), HeapAlloc); DAG.addHeapAllocSite(Chain.getNode(), HeapAlloc);
▲ Show 20 LinesShow All 51,751 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86InstrCompiler.td

Show First 20 LinesShow All 251 Lines▼ Show 20 Lines def SEH_PushFrame : I<0, Pseudo, (outs), (ins i1imm:$mode),
"#SEH_PushFrame $mode", []>; "#SEH_PushFrame $mode", []>;
def SEH_EndPrologue : I<0, Pseudo, (outs), (ins), def SEH_EndPrologue : I<0, Pseudo, (outs), (ins),
"#SEH_EndPrologue", []>; "#SEH_EndPrologue", []>;
def SEH_Epilogue : I<0, Pseudo, (outs), (ins), def SEH_Epilogue : I<0, Pseudo, (outs), (ins),
"#SEH_Epilogue", []>; "#SEH_Epilogue", []>;
} }
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// Pseudo instructions used by KCFI.
//===----------------------------------------------------------------------===//
let
Defs = [R10, EFLAGS] in {
def KCFI_CHECK : PseudoI<
(outs), (ins GR64:$ptr, i32imm:$type), []>, Sched<[]>;
}
//===----------------------------------------------------------------------===//
// Pseudo instructions used by address sanitizer. // Pseudo instructions used by address sanitizer.
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
let let
Defs = [R10, R11, EFLAGS] in { Defs = [R10, R11, EFLAGS] in {
def ASAN_CHECK_MEMACCESS : PseudoI< def ASAN_CHECK_MEMACCESS : PseudoI<
(outs), (ins GR64PLTSafe:$addr, i32imm:$accessinfo), (outs), (ins GR64PLTSafe:$addr, i32imm:$accessinfo),
[(int_asan_check_memaccess GR64PLTSafe:$addr, (i32 timm:$accessinfo))]>, [(int_asan_check_memaccess GR64PLTSafe:$addr, (i32 timm:$accessinfo))]>,
Sched<[]>; Sched<[]>;
▲ Show 20 LinesShow All 1,964 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86KCFI.cpp

  • This file was added.
//===---- X86KCFI.cpp - Implements KCFI -----------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
//
// This file implements KCFI indirect call checking.
//
//===----------------------------------------------------------------------===//
#include "X86.h"
#include "X86InstrInfo.h"
#include "X86Subtarget.h"
#include "X86TargetMachine.h"
#include "llvm/ADT/Statistic.h"
#include "llvm/CodeGen/MachineFunctionPass.h"
#include "llvm/CodeGen/MachineInstrBuilder.h"
#include "llvm/CodeGen/MachineInstrBundle.h"
#include "llvm/CodeGen/MachineModuleInfo.h"
using namespace llvm;
#define DEBUG_TYPE "x86-kcfi"
#define X86_KCFI_PASS_NAME "Insert KCFI indirect call checks"
STATISTIC(NumKCFIChecksAdded, "Number of indirect call checks added");
namespace {
class X86KCFI : public MachineFunctionPass {
public:
static char ID;
X86KCFI() : MachineFunctionPass(ID) {}
StringRef getPassName() const override { return X86_KCFI_PASS_NAME; }
bool runOnMachineFunction(MachineFunction &MF) override;
private:
/// Machine instruction info used throughout the class.
const X86InstrInfo *TII = nullptr;
/// Emits a KCFI check before an indirect call.
/// \returns true if the check was added and false otherwise.
bool emitCheck(MachineBasicBlock &MBB,
MachineBasicBlock::instr_iterator I) const;
};
char X86KCFI::ID = 0;
} // end anonymous namespace
INITIALIZE_PASS(X86KCFI, DEBUG_TYPE, X86_KCFI_PASS_NAME, false, false)
FunctionPass *llvm::createX86KCFIPass() { return new X86KCFI(); }
bool X86KCFI::emitCheck(MachineBasicBlock &MBB,
MachineBasicBlock::instr_iterator MBBI) const {
assert(TII && "Target instruction info was not initialized");
// If the call instruction is bundled, we can only emit a check safely if
// it's the first instruction in the bundle.
if (MBBI->isBundled() && !std::prev(MBBI)->isBundle())
report_fatal_error("Cannot emit a KCFI check for a bundled call");
MachineInstr *Check =
BuildMI(MBB, MBBI, MBBI->getDebugLoc(), TII->get(X86::KCFI_CHECK))
.getInstr();
MachineOperand &Target = MBBI->getOperand(0);
switch (MBBI->getOpcode()) {
case X86::CALL64r:
case X86::CALL64r_NT:
case X86::TAILJMPr64:
case X86::TAILJMPr64_REX:
assert(Target.isReg() && "Unexpected target operand for an indirect call");
// KCFI_CHECK uses r10 as a temporary register.
assert(Target.getReg() != X86::R10 &&
"Unsupported target register for a KCFI call");
Check->addOperand(MachineOperand::CreateReg(Target.getReg(), false));
Target.setIsRenamable(false);
break;
case X86::CALL64pcrel32:
case X86::TAILJMPd64:
assert(Target.isSymbol() && "Unexpected target operand for a direct call");
// X86TargetLowering::EmitLoweredIndirectThunk always uses r11 for
// 64-bit indirect thunk calls.
assert(StringRef(Target.getSymbolName()).endswith("_r11") &&
"Unexpected register for an indirect thunk call");
Check->addOperand(MachineOperand::CreateReg(X86::R11, false));
break;
default:
llvm_unreachable("Unexpected CFI call opcode");
}
Check->addOperand(MachineOperand::CreateImm(MBBI->getCFIType()));
MBBI->setCFIType(*MBB.getParent(), 0);
// If not already bundled, bundle the check and the call to prevent
// further changes.
if (!MBBI->isBundled())
finalizeBundle(MBB, Check->getIterator(), std::next(MBBI->getIterator()));
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
++NumKCFIChecksAdded;
return true;
}
bool X86KCFI::runOnMachineFunction(MachineFunction &MF) {
const Module *M = MF.getMMI().getModule();
MaskRayUnsubmitted
Done
ReplyInline Actions

MaskRayUnsubmittedDone
delete blank line

MaskRay: MaskRayUnsubmittedDone delete blank line
if (!M->getModuleFlag("kcfi"))
return false;
nickdesaulniersUnsubmitted
Done
ReplyInline Actions

const auto &SubTarget = ...

nickdesaulniers: `const auto &SubTarget = ...`
const auto &SubTarget = MF.getSubtarget<X86Subtarget>();
TII = SubTarget.getInstrInfo();
bool Changed = false;
for (MachineBasicBlock &MBB : MF) {
MaskRayUnsubmitted
Done
ReplyInline Actions

delete blank line

MaskRay: delete blank line
for (MachineBasicBlock::instr_iterator MII = MBB.instr_begin(),
MIE = MBB.instr_end();
MII != MIE; ++MII) {
if (MII->isCall() && MII->getCFIType())
Changed |= emitCheck(MBB, MII);
}
MaskRayUnsubmitted
Done
ReplyInline Actions

Fix this in a way similar to AArch64.

MaskRay: Fix this in a way similar to AArch64.
}
return Changed;
}

llvm/lib/Target/X86/X86MCInstLower.cpp

Show First 20 LinesShow All 1,338 Lines▼ Show 20 Linesvoid X86AsmPrinter::LowerFENTRY_CALL(const MachineInstr &MI,
const MCSymbolRefExpr *Op = const MCSymbolRefExpr *Op =
MCSymbolRefExpr::create(fentry, MCSymbolRefExpr::VK_None, Ctx); MCSymbolRefExpr::create(fentry, MCSymbolRefExpr::VK_None, Ctx);
EmitAndCountInstruction( EmitAndCountInstruction(
MCInstBuilder(Is64Bits ? X86::CALL64pcrel32 : X86::CALLpcrel32) MCInstBuilder(Is64Bits ? X86::CALL64pcrel32 : X86::CALLpcrel32)
.addExpr(Op)); .addExpr(Op));
} }
void X86AsmPrinter::LowerKCFI_CHECK(const MachineInstr &MI) {
assert(std::next(MI.getIterator())->isCall() &&
"KCFI_CHECK not followed by a call instruction");
// Adjust the offset for patchable-function-prefix. X86InstrInfo::getNop()
// returns a 1-byte X86::NOOP, which means the offset is the same in
// bytes. This assumes that patchable-function-prefix is the same for all
// functions.
const MachineFunction &MF = *MI.getMF();
int64_t PrefixNops = 0;
(void)MF.getFunction()
.getFnAttribute("patchable-function-prefix")
.getValueAsString()
.getAsInteger(10, PrefixNops);
// KCFI allows indirect calls to any location that's preceded by a valid
// type identifier. To avoid encoding the full constant into an instruction,
// and thus emitting potential call target gadgets at each indirect call
// site, load a negated constant to a register and compare that to the
// expected value at the call target.
const uint32_t Type = MI.getOperand(1).getImm();
EmitAndCountInstruction(MCInstBuilder(X86::MOV32ri)
.addReg(X86::R10D)
.addImm(-MaskKCFIType(Type)));
EmitAndCountInstruction(MCInstBuilder(X86::ADD32rm)
.addReg(X86::NoRegister)
.addReg(X86::R10D)
.addReg(MI.getOperand(0).getReg())
.addImm(1)
.addReg(X86::NoRegister)
.addImm(-(PrefixNops + 4))
.addReg(X86::NoRegister));
MCSymbol *Pass = OutContext.createTempSymbol();
EmitAndCountInstruction(
MCInstBuilder(X86::JCC_1)
.addExpr(MCSymbolRefExpr::create(Pass, OutContext))
.addImm(X86::COND_E));
MCSymbol *Trap = OutContext.createTempSymbol();
OutStreamer->emitLabel(Trap);
EmitAndCountInstruction(MCInstBuilder(X86::TRAP));
emitKCFITrapEntry(MF, Trap);
OutStreamer->emitLabel(Pass);
}
void X86AsmPrinter::LowerASAN_CHECK_MEMACCESS(const MachineInstr &MI) { void X86AsmPrinter::LowerASAN_CHECK_MEMACCESS(const MachineInstr &MI) {
// FIXME: Make this work on non-ELF. // FIXME: Make this work on non-ELF.
if (!TM.getTargetTriple().isOSBinFormatELF()) { if (!TM.getTargetTriple().isOSBinFormatELF()) {
report_fatal_error("llvm.asan.check.memaccess only supported on ELF"); report_fatal_error("llvm.asan.check.memaccess only supported on ELF");
return; return;
} }
const auto &Reg = MI.getOperand(0).getReg(); const auto &Reg = MI.getOperand(0).getReg();
▲ Show 20 LinesShow All 1,273 Lines▼ Show 20 Linesvoid X86AsmPrinter::emitInstruction(const MachineInstr *MI) {
case TargetOpcode::PATCHABLE_TYPED_EVENT_CALL: case TargetOpcode::PATCHABLE_TYPED_EVENT_CALL:
return LowerPATCHABLE_TYPED_EVENT_CALL(*MI, MCInstLowering); return LowerPATCHABLE_TYPED_EVENT_CALL(*MI, MCInstLowering);
case X86::MORESTACK_RET: case X86::MORESTACK_RET:
EmitAndCountInstruction(MCInstBuilder(getRetOpcode(*Subtarget))); EmitAndCountInstruction(MCInstBuilder(getRetOpcode(*Subtarget)));
return; return;
case X86::KCFI_CHECK:
return LowerKCFI_CHECK(*MI);
case X86::ASAN_CHECK_MEMACCESS: case X86::ASAN_CHECK_MEMACCESS:
return LowerASAN_CHECK_MEMACCESS(*MI); return LowerASAN_CHECK_MEMACCESS(*MI);
case X86::MORESTACK_RET_RESTORE_R10: case X86::MORESTACK_RET_RESTORE_R10:
// Return, then restore R10. // Return, then restore R10.
EmitAndCountInstruction(MCInstBuilder(getRetOpcode(*Subtarget))); EmitAndCountInstruction(MCInstBuilder(getRetOpcode(*Subtarget)));
EmitAndCountInstruction( EmitAndCountInstruction(
MCInstBuilder(X86::MOV64rr).addReg(X86::R10).addReg(X86::RAX)); MCInstBuilder(X86::MOV64rr).addReg(X86::R10).addReg(X86::RAX));
▲ Show 20 LinesShow All 65 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86TargetMachine.cpp

Show First 20 LinesShow All 80 Lines▼ Show 20 Linesextern "C" LLVM_EXTERNAL_VISIBILITY void LLVMInitializeX86Target() {
initializeFixupLEAPassPass(PR); initializeFixupLEAPassPass(PR);
initializeFPSPass(PR); initializeFPSPass(PR);
initializeX86FixupSetCCPassPass(PR); initializeX86FixupSetCCPassPass(PR);
initializeX86CallFrameOptimizationPass(PR); initializeX86CallFrameOptimizationPass(PR);
initializeX86CmovConverterPassPass(PR); initializeX86CmovConverterPassPass(PR);
initializeX86TileConfigPass(PR); initializeX86TileConfigPass(PR);
initializeX86FastPreTileConfigPass(PR); initializeX86FastPreTileConfigPass(PR);
initializeX86FastTileConfigPass(PR); initializeX86FastTileConfigPass(PR);
initializeX86KCFIPass(PR);
initializeX86LowerTileCopyPass(PR); initializeX86LowerTileCopyPass(PR);
initializeX86ExpandPseudoPass(PR); initializeX86ExpandPseudoPass(PR);
initializeX86ExecutionDomainFixPass(PR); initializeX86ExecutionDomainFixPass(PR);
initializeX86DomainReassignmentPass(PR); initializeX86DomainReassignmentPass(PR);
initializeX86AvoidSFBPassPass(PR); initializeX86AvoidSFBPassPass(PR);
initializeX86AvoidTrailingCallPassPass(PR); initializeX86AvoidTrailingCallPassPass(PR);
initializeX86SpeculativeLoadHardeningPassPass(PR); initializeX86SpeculativeLoadHardeningPassPass(PR);
initializeX86SpeculativeExecutionSideEffectSuppressionPass(PR); initializeX86SpeculativeExecutionSideEffectSuppressionPass(PR);
▲ Show 20 LinesShow All 440 Lines▼ Show 20 Linesvoid X86PassConfig::addPostRegAlloc() {
// When -O0 is enabled, the Load Value Injection Hardening pass will fall back // When -O0 is enabled, the Load Value Injection Hardening pass will fall back
// to using the Speculative Execution Side Effect Suppression pass for // to using the Speculative Execution Side Effect Suppression pass for
// mitigation. This is to prevent slow downs due to // mitigation. This is to prevent slow downs due to
// analyses needed by the LVIHardening pass when compiling at -O0. // analyses needed by the LVIHardening pass when compiling at -O0.
if (getOptLevel() != CodeGenOpt::None) if (getOptLevel() != CodeGenOpt::None)
addPass(createX86LoadValueInjectionLoadHardeningPass()); addPass(createX86LoadValueInjectionLoadHardeningPass());
} }
void X86PassConfig::addPreSched2() { addPass(createX86ExpandPseudoPass()); } void X86PassConfig::addPreSched2() {
addPass(createX86ExpandPseudoPass());
addPass(createX86KCFIPass());
}
void X86PassConfig::addPreEmitPass() { void X86PassConfig::addPreEmitPass() {
if (getOptLevel() != CodeGenOpt::None) { if (getOptLevel() != CodeGenOpt::None) {
addPass(new X86ExecutionDomainFix()); addPass(new X86ExecutionDomainFix());
addPass(createBreakFalseDeps()); addPass(createBreakFalseDeps());
} }
addPass(createX86IndirectBranchTrackingPass()); addPass(createX86IndirectBranchTrackingPass());
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Lines if (TT.isOSWindows()) {
// Identify valid eh continuation targets for Windows EHCont Guard. // Identify valid eh continuation targets for Windows EHCont Guard.
addPass(createEHContGuardCatchretPass()); addPass(createEHContGuardCatchretPass());
} }
addPass(createX86LoadValueInjectionRetHardeningPass()); addPass(createX86LoadValueInjectionRetHardeningPass());
// Insert pseudo probe annotation for callsite profiling // Insert pseudo probe annotation for callsite profiling
addPass(createPseudoProbeInserter()); addPass(createPseudoProbeInserter());
// On Darwin platforms, BLR_RVMARKER pseudo instructions are lowered to // KCFI indirect call checks are lowered to a bundle, and on Darwin platforms,
// bundles. // also CALL_RVMARKER.
if (TT.isOSDarwin()) addPass(createUnpackMachineBundles([&TT](const MachineFunction &MF) {
addPass(createUnpackMachineBundles([](const MachineFunction &MF) { // Only run bundle expansion if the module uses kcfi, or there are relevant
// Only run bundle expansion if there are relevant ObjC runtime functions // ObjC runtime functions present in the module.
// present in the module.
const Function &F = MF.getFunction(); const Function &F = MF.getFunction();
const Module *M = F.getParent(); const Module *M = F.getParent();
return M->getFunction("objc_retainAutoreleasedReturnValue") || return M->getModuleFlag("kcfi") ||
M->getFunction("objc_unsafeClaimAutoreleasedReturnValue"); (TT.isOSDarwin() &&
(M->getFunction("objc_retainAutoreleasedReturnValue") ||
M->getFunction("objc_unsafeClaimAutoreleasedReturnValue")));
})); }));
} }
bool X86PassConfig::addPostFastRegAllocRewrite() { bool X86PassConfig::addPostFastRegAllocRewrite() {
addPass(createX86FastTileConfigPass()); addPass(createX86FastTileConfigPass());
return true; return true;
} }
std::unique_ptr<CSEConfigBase> X86PassConfig::getCSEConfig() const { std::unique_ptr<CSEConfigBase> X86PassConfig::getCSEConfig() const {
Show All 17 Lines

llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp

Show First 20 LinesShow All 3,096 Lines▼ Show 20 Lines if (!Call.use_empty() && !Call.isMustTailCall())
if (Value *ReturnedArg = Call.getReturnedArgOperand()) { if (Value *ReturnedArg = Call.getReturnedArgOperand()) {
Type *CallTy = Call.getType(); Type *CallTy = Call.getType();
Type *RetArgTy = ReturnedArg->getType(); Type *RetArgTy = ReturnedArg->getType();
if (RetArgTy->canLosslesslyBitCastTo(CallTy)) if (RetArgTy->canLosslesslyBitCastTo(CallTy))
return replaceInstUsesWith( return replaceInstUsesWith(
Call, Builder.CreateBitOrPointerCast(ReturnedArg, CallTy)); Call, Builder.CreateBitOrPointerCast(ReturnedArg, CallTy));
} }
// Drop unnecessary kcfi operand bundles from calls that were converted
// into direct calls.
auto Bundle = Call.getOperandBundle(LLVMContext::OB_kcfi);
if (Bundle && !Call.isIndirectCall()) {
DEBUG_WITH_TYPE(DEBUG_TYPE "-kcfi", {
if (CalleeF) {
ConstantInt *FunctionType = nullptr;
ConstantInt *ExpectedType = cast<ConstantInt>(Bundle->Inputs[0]);
if (MDNode *MD = CalleeF->getMetadata(LLVMContext::MD_kcfi_type))
FunctionType = mdconst::extract<ConstantInt>(MD->getOperand(0));
if (FunctionType &&
FunctionType->getZExtValue() != ExpectedType->getZExtValue())
dbgs() << Call.getModule()->getName() << ":"
pccUnsubmitted
Done
ReplyInline Actions

With CFI, if this situation occurs we unconditionally crash, the rationale being that if we end up in this situation it is a situation unexpected by the developer and may even be intended to be unreachable at runtime, so it's best to crash if it does occur. The same approach is used for things like UBSan integer overflow checks if the optimizer figures out that the overflow will always happen. If I'm understanding the code correctly KCFI will just let the call occur in this case and I'm not sure if that's a good idea.

pcc: With CFI, if this situation occurs we unconditionally crash, the rationale being that if we end…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

The difference here is that unlike with CFI, we never emit KCFI checks for direct calls in the back-end. While this code drops unnecessary kcfi operand bundles from the IR, it doesn't actually change the machine code we generate.

Also, I would argue that KCFI should focus only on runtime protection of actual indirect calls, and otherwise shouldn't trap on potential undefined behavior that already exists. Causing a runtime failure for something we can detect at compile-time and don't aim to protect against doesn't sound ideal, especially in the kernel where we prefer to avoid crashing unnecessarily. I did consider changing this to a warning though, so the developers are notified of potential issues, but opted for debug logging for now. Thoughts?

samitolvanen: The difference here is that unlike with CFI, we never emit KCFI checks for direct calls in the…
<< Call.getDebugLoc().getLine()
<< ": warning: kcfi: " << Call.getCaller()->getName()
<< ": call to " << CalleeF->getName()
<< " using a mismatching function pointer type\n";
}
});
return CallBase::removeOperandBundle(&Call, LLVMContext::OB_kcfi);
}
if (isRemovableAlloc(&Call, &TLI)) if (isRemovableAlloc(&Call, &TLI))
return visitAllocSite(Call); return visitAllocSite(Call);
// Handle intrinsics which can be used in both call and invoke context. // Handle intrinsics which can be used in both call and invoke context.
switch (Call.getIntrinsicID()) { switch (Call.getIntrinsicID()) {
case Intrinsic::experimental_gc_statepoint: { case Intrinsic::experimental_gc_statepoint: {
GCStatepointInst &GCSP = *cast<GCStatepointInst>(&Call); GCStatepointInst &GCSP = *cast<GCStatepointInst>(&Call);
SmallPtrSet<Value *, 32> LiveGcValues; SmallPtrSet<Value *, 32> LiveGcValues;
▲ Show 20 LinesShow All 544 LinesShow Last 20 Lines

llvm/lib/Transforms/Scalar/TailRecursionElimination.cpp

Show First 20 LinesShow All 237 Lines▼ Show 20 Lines for (auto &I : *BB) {
CallInst *CI = dyn_cast<CallInst>(&I); CallInst *CI = dyn_cast<CallInst>(&I);
// A PseudoProbeInst has the IntrInaccessibleMemOnly tag hence it is // A PseudoProbeInst has the IntrInaccessibleMemOnly tag hence it is
// considered accessing memory and will be marked as a tail call if we // considered accessing memory and will be marked as a tail call if we
// don't bail out here. // don't bail out here.
if (!CI || CI->isTailCall() || isa<DbgInfoIntrinsic>(&I) || if (!CI || CI->isTailCall() || isa<DbgInfoIntrinsic>(&I) ||
isa<PseudoProbeInst>(&I)) isa<PseudoProbeInst>(&I))
continue; continue;
// Special-case operand bundles "clang.arc.attachedcall" and "ptrauth". // Special-case operand bundles "clang.arc.attachedcall", "ptrauth", and
bool IsNoTail = // "kcfi".
CI->isNoTailCall() || CI->hasOperandBundlesOtherThan( bool IsNoTail = CI->isNoTailCall() ||
{LLVMContext::OB_clang_arc_attachedcall, LLVMContext::OB_ptrauth}); CI->hasOperandBundlesOtherThan(
{LLVMContext::OB_clang_arc_attachedcall,
LLVMContext::OB_ptrauth, LLVMContext::OB_kcfi});
if (!IsNoTail && CI->doesNotAccessMemory()) { if (!IsNoTail && CI->doesNotAccessMemory()) {
// A call to a readnone function whose arguments are all things computed // A call to a readnone function whose arguments are all things computed
// outside this function can be marked tail. Even if you stored the // outside this function can be marked tail. Even if you stored the
// alloca address into a global, a readnone function can't load the // alloca address into a global, a readnone function can't load the
// global anyhow. // global anyhow.
// //
// Note that this runs whether we know an alloca has escaped or not. If // Note that this runs whether we know an alloca has escaped or not. If
▲ Show 20 LinesShow All 682 LinesShow Last 20 Lines

llvm/lib/Transforms/Utils/InlineFunction.cpp

Show First 20 LinesShow All 1,808 Lines▼ Show 20 Lines for (int i = 0, e = CB.getNumOperandBundles(); i != e; ++i) {
// ... but it knows how to inline through "deopt" operand bundles ... // ... but it knows how to inline through "deopt" operand bundles ...
if (Tag == LLVMContext::OB_deopt) if (Tag == LLVMContext::OB_deopt)
continue; continue;
// ... and "funclet" operand bundles. // ... and "funclet" operand bundles.
if (Tag == LLVMContext::OB_funclet) if (Tag == LLVMContext::OB_funclet)
continue; continue;
if (Tag == LLVMContext::OB_clang_arc_attachedcall) if (Tag == LLVMContext::OB_clang_arc_attachedcall)
continue; continue;
if (Tag == LLVMContext::OB_kcfi)
continue;
return InlineResult::failure("unsupported operand bundle"); return InlineResult::failure("unsupported operand bundle");
} }
} }
// If the call to the callee cannot throw, set the 'nounwind' flag on any // If the call to the callee cannot throw, set the 'nounwind' flag on any
// calls that we inline. // calls that we inline.
bool MarkNoUnwind = CB.doesNotThrow(); bool MarkNoUnwind = CB.doesNotThrow();
▲ Show 20 LinesShow All 850 LinesShow Last 20 Lines

llvm/test/Bitcode/operand-bundles-bc-analyzer.ll

; RUN: llvm-as < %s | llvm-bcanalyzer -dump -disable-histogram | FileCheck %s ; RUN: llvm-as < %s | llvm-bcanalyzer -dump -disable-histogram | FileCheck %s
; CHECK: <OPERAND_BUNDLE_TAGS_BLOCK ; CHECK: <OPERAND_BUNDLE_TAGS_BLOCK
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG ; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: <OPERAND_BUNDLE_TAG
; CHECK-NEXT: </OPERAND_BUNDLE_TAGS_BLOCK ; CHECK-NEXT: </OPERAND_BUNDLE_TAGS_BLOCK
; CHECK: <FUNCTION_BLOCK ; CHECK: <FUNCTION_BLOCK
; CHECK: <OPERAND_BUNDLE ; CHECK: <OPERAND_BUNDLE
; CHECK: <OPERAND_BUNDLE ; CHECK: <OPERAND_BUNDLE
; CHECK-NOT: <OPERAND_BUNDLE ; CHECK-NOT: <OPERAND_BUNDLE
; CHECK: </FUNCTION_BLOCK ; CHECK: </FUNCTION_BLOCK
Show All 11 Lines

llvm/test/CodeGen/AArch64/O0-pipeline.ll

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
; CHECK-NEXT: Fast Register Allocator ; CHECK-NEXT: Fast Register Allocator
; CHECK-NEXT: Remove Redundant DEBUG_VALUE analysis ; CHECK-NEXT: Remove Redundant DEBUG_VALUE analysis
; CHECK-NEXT: Fixup Statepoint Caller Saved ; CHECK-NEXT: Fixup Statepoint Caller Saved
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Machine Optimization Remark Emitter
; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization ; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization
; CHECK-NEXT: Post-RA pseudo instruction expansion pass ; CHECK-NEXT: Post-RA pseudo instruction expansion pass
; CHECK-NEXT: AArch64 pseudo instruction expansion pass ; CHECK-NEXT: AArch64 pseudo instruction expansion pass
; CHECK-NEXT: Insert KCFI indirect call checks
; CHECK-NEXT: AArch64 speculation hardening pass ; CHECK-NEXT: AArch64 speculation hardening pass
; CHECK-NEXT: AArch64 Indirect Thunks ; CHECK-NEXT: AArch64 Indirect Thunks
; CHECK-NEXT: AArch64 sls hardening pass ; CHECK-NEXT: AArch64 sls hardening pass
; CHECK-NEXT: Analyze Machine Code For Garbage Collection ; CHECK-NEXT: Analyze Machine Code For Garbage Collection
; CHECK-NEXT: Insert fentry calls ; CHECK-NEXT: Insert fentry calls
; CHECK-NEXT: Insert XRay ops ; CHECK-NEXT: Insert XRay ops
; CHECK-NEXT: Implement the 'patchable-function' attribute ; CHECK-NEXT: Implement the 'patchable-function' attribute
; CHECK-NEXT: Workaround A53 erratum 835769 pass ; CHECK-NEXT: Workaround A53 erratum 835769 pass
Show All 15 Lines

llvm/test/CodeGen/AArch64/O3-pipeline.ll

Show First 20 LinesShow All 190 Lines▼ Show 20 Lines
; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization ; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization
; CHECK-NEXT: Control Flow Optimizer ; CHECK-NEXT: Control Flow Optimizer
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Tail Duplication ; CHECK-NEXT: Tail Duplication
; CHECK-NEXT: Machine Copy Propagation Pass ; CHECK-NEXT: Machine Copy Propagation Pass
; CHECK-NEXT: Post-RA pseudo instruction expansion pass ; CHECK-NEXT: Post-RA pseudo instruction expansion pass
; CHECK-NEXT: AArch64 pseudo instruction expansion pass ; CHECK-NEXT: AArch64 pseudo instruction expansion pass
; CHECK-NEXT: AArch64 load / store optimization pass ; CHECK-NEXT: AArch64 load / store optimization pass
; CHECK-NEXT: Insert KCFI indirect call checks
; CHECK-NEXT: AArch64 speculation hardening pass ; CHECK-NEXT: AArch64 speculation hardening pass
; CHECK-NEXT: AArch64 Indirect Thunks ; CHECK-NEXT: AArch64 Indirect Thunks
; CHECK-NEXT: AArch64 sls hardening pass ; CHECK-NEXT: AArch64 sls hardening pass
; CHECK-NEXT: MachineDominator Tree Construction ; CHECK-NEXT: MachineDominator Tree Construction
; CHECK-NEXT: Machine Natural Loop Construction ; CHECK-NEXT: Machine Natural Loop Construction
; CHECK-NEXT: Falkor HW Prefetch Fix Late Phase ; CHECK-NEXT: Falkor HW Prefetch Fix Late Phase
; CHECK-NEXT: PostRA Machine Instruction Scheduler ; CHECK-NEXT: PostRA Machine Instruction Scheduler
; CHECK-NEXT: Analyze Machine Code For Garbage Collection ; CHECK-NEXT: Analyze Machine Code For Garbage Collection
▲ Show 20 LinesShow All 41 LinesShow Last 20 Lines

llvm/test/CodeGen/AArch64/kcfi-bti.ll

  • This file was added.
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs < %s | FileCheck %s --check-prefix=ASM
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -stop-after=finalize-isel < %s | FileCheck %s --check-prefixes=MIR,ISEL
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -stop-after=aarch64-kcfi < %s | FileCheck %s --check-prefixes=MIR,KCFI
; ASM: .word 12345678
MaskRayUnsubmitted
Done
ReplyInline Actions

Add a test with "patchable-function-entry"="2"

MaskRay: Add a test with `"patchable-function-entry"="2"`
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Added the "patchable-function-entry"="2" test to AArch64/kcfi.ll.

samitolvanen: Added the `"patchable-function-entry"="2"` test to `AArch64/kcfi.ll`.
define void @f1(ptr noundef %x) !kcfi_type !2 {
; ASM-LABEL: f1:
; ASM: // %bb.0:
; ASM: ldur w16, [x0, #-4]
; ASM-NEXT: movk w17, #24910
; ASM-NEXT: movk w17, #188, lsl #16
; ASM-NEXT: cmp w16, w17
; ASM-NEXT: b.eq .Ltmp0
; ASM-NEXT: brk #0x8220
; ASM-NEXT: .Ltmp0:
; ASM-NEXT: blr x0
; MIR-LABEL: name: f1
; MIR: body:
; ISEL: BLR %0, csr_aarch64_aapcs, implicit-def dead $lr, implicit $sp, implicit-def $sp, cfi-type 12345678
; KCFI: BUNDLE{{.*}} {
; KCFI-NEXT: KCFI_CHECK $x0, 12345678, implicit-def $x9, implicit-def $x16, implicit-def $x17, implicit-def $nzcv
; KCFI-NEXT: BLR killed $x0, csr_aarch64_aapcs, implicit-def dead $lr, implicit $sp, implicit-def $sp
; KCFI-NEXT: }
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; ASM: .word 12345678
define void @f2(ptr noundef %x) !kcfi_type !2 {
; ASM-LABEL: f2:
; ASM: // %bb.0:
; ASM: ldur w16, [x0, #-4]
; ASM-NEXT: movk w17, #24910
; ASM-NEXT: movk w17, #188, lsl #16
; ASM-NEXT: cmp w16, w17
; ASM-NEXT: b.eq .Ltmp1
; ASM-NEXT: brk #0x8220
; ASM-NEXT: .Ltmp1:
; ASM-NEXT: blr x0
; MIR-LABEL: name: f2
; MIR: body:
; ISEL: BLR_BTI %0, csr_aarch64_aapcs, implicit-def dead $lr, implicit $sp, implicit-def $sp, cfi-type 12345678
; KCFI: BUNDLE{{.*}} {
; KCFI-NEXT: KCFI_CHECK $x0, 12345678, implicit-def $x9, implicit-def $x16, implicit-def $x17, implicit-def $nzcv
; KCFI-NEXT: BLR killed $x0, implicit-def $lr, implicit $sp
; KCFI-NEXT: HINT 36
; KCFI-NEXT: }
call void %x() #0 [ "kcfi"(i32 12345678) ]
ret void
}
; ASM-NOT: .word:
define void @f3(ptr noundef %x) {
; ASM-LABEL: f3:
; ASM: // %bb.0:
; ASM: ldur w9, [x16, #-4]
; ASM-NEXT: movk w17, #24910
; ASM-NEXT: movk w17, #188, lsl #16
; ASM-NEXT: cmp w9, w17
; ASM-NEXT: b.eq .Ltmp2
; ASM-NEXT: brk #0x8230
; ASM-NEXT: .Ltmp2:
; ASM-NEXT: br x16
; MIR-LABEL: name: f3
; MIR: body:
; ISEL: TCRETURNriBTI %1, 0, csr_aarch64_aapcs, implicit $sp, cfi-type 12345678
; KCFI: BUNDLE{{.*}} {
; KCFI-NEXT: KCFI_CHECK $x16, 12345678, implicit-def $x9, implicit-def $x16, implicit-def $x17, implicit-def $nzcv
; KCFI-NEXT: TCRETURNriBTI internal killed $x16, 0, csr_aarch64_aapcs, implicit $sp
; KCFI-NEXT: }
tail call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
attributes #0 = { returns_twice }
!llvm.module.flags = !{!0, !1}
!0 = !{i32 8, !"branch-target-enforcement", i32 1}
!1 = !{i32 4, !"kcfi", i32 1}
!2 = !{i32 12345678}

llvm/test/CodeGen/AArch64/kcfi-patchable-function-prefix.ll

  • This file was added.
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs < %s | FileCheck %s
; CHECK: .p2align 2
; CHECK-NOT: nop
; CHECK: .word 12345678
; CHECK-LABEL: f1:
define void @f1(ptr noundef %x) !kcfi_type !1 {
; CHECK: ldur w16, [x0, #-4]
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; CHECK: .p2align 2
; CHECK-NOT .word
; CHECK-NOT: nop
; CHECK-LABEL: f2:
define void @f2(ptr noundef %x) {
; CHECK: ldur w16, [x0, #-4]
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; CHECK: .p2align 2
; CHECK: .word 12345678
; CHECK-COUNT-11: nop
; CHECK-LABEL: f3:
define void @f3(ptr noundef %x) #0 !kcfi_type !1 {
; CHECK: ldur w16, [x0, #-48]
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; CHECK: .p2align 2
; CHECK-NOT: .word
; CHECK-COUNT-11: nop
; CHECK-LABEL: f4:
define void @f4(ptr noundef %x) #0 {
; CHECK: ldur w16, [x0, #-48]
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
attributes #0 = { "patchable-function-prefix"="11" }
!llvm.module.flags = !{!0}
!0 = !{i32 4, !"kcfi", i32 1}
!1 = !{i32 12345678}

llvm/test/CodeGen/AArch64/kcfi.ll

  • This file was added.
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs < %s | FileCheck %s --check-prefix=ASM
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -global-isel < %s | FileCheck %s --check-prefix=ASM
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -stop-after=finalize-isel < %s | FileCheck %s --check-prefixes=MIR,ISEL
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -stop-after=finalize-isel -global-isel < %s | FileCheck %s --check-prefixes=MIR,ISEL
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -mattr=harden-sls-blr -stop-after=finalize-isel < %s | FileCheck %s --check-prefixes=MIR,ISEL-SLS
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -mattr=harden-sls-blr -stop-after=finalize-isel -global-isel < %s | FileCheck %s --check-prefixes=MIR,ISEL-SLS
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -stop-after=aarch64-kcfi < %s | FileCheck %s --check-prefixes=MIR,KCFI
; RUN: llc -mtriple=aarch64-- -verify-machineinstrs -mattr=harden-sls-blr -stop-after=aarch64-kcfi < %s | FileCheck %s --check-prefixes=MIR,KCFI-SLS
; ASM: .word 12345678
define void @f1(ptr noundef %x) !kcfi_type !1 {
; ASM-LABEL: f1:
; ASM: // %bb.0:
; ASM: ldur w16, [x0, #-4]
; ASM-NEXT: movk w17, #24910
; ASM-NEXT: movk w17, #188, lsl #16
; ASM-NEXT: cmp w16, w17
; ASM-NEXT: b.eq .Ltmp0
; ASM-NEXT: brk #0x8220
; ASM-NEXT: .Ltmp0:
; ASM-NEXT: blr x0
; MIR-LABEL: name: f1
; MIR: body:
; ISEL: BLR %0, csr_aarch64_aapcs,{{.*}} cfi-type 12345678
; ISEL-SLS: BLRNoIP %0, csr_aarch64_aapcs,{{.*}} cfi-type 12345678
; KCFI: BUNDLE{{.*}} {
; KCFI-NEXT: KCFI_CHECK $x0, 12345678, implicit-def $x9, implicit-def $x16, implicit-def $x17, implicit-def $nzcv
; KCFI-NEXT: BLR killed $x0, csr_aarch64_aapcs,{{.*}}
; KCFI-NEXT: }
; KCFI-SLS: BUNDLE{{.*}} {
; KCFI-SLS-NEXT: KCFI_CHECK $x0, 12345678, implicit-def $x9, implicit-def $x16, implicit-def $x17, implicit-def $nzcv
; KCFI-SLS-NEXT: BLRNoIP killed $x0, csr_aarch64_aapcs,{{.*}}
; KCFI-SLS-NEXT: }
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; ASM-NOT: .word:
define void @f2(ptr noundef %x) #0 {
; ASM-LABEL: f2:
; ASM: // %bb.0:
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM: ldur w16, [x0, #-4]
; ASM-NEXT: movk w17, #24910
; ASM-NEXT: movk w17, #188, lsl #16
; ASM-NEXT: cmp w16, w17
; ASM-NEXT: b.eq .Ltmp1
; ASM-NEXT: brk #0x8220
; ASM-NEXT: .Ltmp1:
; ASM-NEXT: br x0
; MIR-LABEL: name: f2
; MIR: body:
; ISEL: TCRETURNri %0, 0, csr_aarch64_aapcs, implicit $sp, cfi-type 12345678
; KCFI: BUNDLE{{.*}} {
; KCFI-NEXT: KCFI_CHECK $x0, 12345678, implicit-def $x9, implicit-def $x16, implicit-def $x17, implicit-def $nzcv
; KCFI-NEXT: TCRETURNri killed $x0, 0, csr_aarch64_aapcs, implicit $sp
; KCFI-NEXT: }
tail call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
attributes #0 = { "patchable-function-entry"="2" }
!llvm.module.flags = !{!0}
!0 = !{i32 4, !"kcfi", i32 1}
!1 = !{i32 12345678}

llvm/test/CodeGen/MIR/X86/instr-cfi-type.mir

  • This file was added.
# RUN: llc -march=x86-64 -run-pass none -o - %s | FileCheck %s
# This test ensures that the MIR parser parses cfi-type correctly.
--- |
define void @test(ptr noundef %x) {
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
!llvm.module.flags = !{!0}
!0 = !{i32 4, !"kcfi", i32 1}
...
---
name: test
# CHECK-LABEL: name: test
alignment: 16
tracksRegLiveness: true
tracksDebugUserValues: true
liveins:
- { reg: '$rdi' }
frameInfo:
stackSize: 8
offsetAdjustment: -8
maxAlignment: 1
adjustsStack: true
hasCalls: true
maxCallFrameSize: 0
machineFunctionInfo: {}
body: |
bb.0 (%ir-block.0):
liveins: $rdi
frame-setup PUSH64r undef $rax, implicit-def $rsp, implicit $rsp
frame-setup CFI_INSTRUCTION def_cfa_offset 16
CALL64r killed renamable $rdi, csr_64, implicit $rsp, implicit $ssp, implicit-def $rsp, implicit-def $ssp, cfi-type 12345678
$rax = frame-destroy POP64r implicit-def $rsp, implicit $rsp
frame-destroy CFI_INSTRUCTION def_cfa_offset 8
RET64
...

llvm/test/CodeGen/X86/O0-pipeline.ll

Show First 20 LinesShow All 50 Lines▼ Show 20 Lines
; CHECK-NEXT: X86 FP Stackifier ; CHECK-NEXT: X86 FP Stackifier
; CHECK-NEXT: Remove Redundant DEBUG_VALUE analysis ; CHECK-NEXT: Remove Redundant DEBUG_VALUE analysis
; CHECK-NEXT: Fixup Statepoint Caller Saved ; CHECK-NEXT: Fixup Statepoint Caller Saved
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Machine Optimization Remark Emitter
; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization ; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization
; CHECK-NEXT: Post-RA pseudo instruction expansion pass ; CHECK-NEXT: Post-RA pseudo instruction expansion pass
; CHECK-NEXT: X86 pseudo instruction expansion pass ; CHECK-NEXT: X86 pseudo instruction expansion pass
; CHECK-NEXT: Insert KCFI indirect call checks
; CHECK-NEXT: Analyze Machine Code For Garbage Collection ; CHECK-NEXT: Analyze Machine Code For Garbage Collection
; CHECK-NEXT: Insert fentry calls ; CHECK-NEXT: Insert fentry calls
; CHECK-NEXT: Insert XRay ops ; CHECK-NEXT: Insert XRay ops
; CHECK-NEXT: Implement the 'patchable-function' attribute ; CHECK-NEXT: Implement the 'patchable-function' attribute
; CHECK-NEXT: X86 Indirect Branch Tracking ; CHECK-NEXT: X86 Indirect Branch Tracking
; CHECK-NEXT: X86 vzeroupper inserter ; CHECK-NEXT: X86 vzeroupper inserter
; CHECK-NEXT: Compressing EVEX instrs to VEX encoding when possibl ; CHECK-NEXT: Compressing EVEX instrs to VEX encoding when possibl
; CHECK-NEXT: X86 Discriminate Memory Operands ; CHECK-NEXT: X86 Discriminate Memory Operands
; CHECK-NEXT: X86 Insert Cache Prefetches ; CHECK-NEXT: X86 Insert Cache Prefetches
; CHECK-NEXT: X86 insert wait instruction ; CHECK-NEXT: X86 insert wait instruction
; CHECK-NEXT: Contiguously Lay Out Funclets ; CHECK-NEXT: Contiguously Lay Out Funclets
; CHECK-NEXT: StackMap Liveness Analysis ; CHECK-NEXT: StackMap Liveness Analysis
; CHECK-NEXT: Live DEBUG_VALUE analysis ; CHECK-NEXT: Live DEBUG_VALUE analysis
; CHECK-NEXT: X86 Speculative Execution Side Effect Suppression ; CHECK-NEXT: X86 Speculative Execution Side Effect Suppression
; CHECK-NEXT: X86 Indirect Thunks ; CHECK-NEXT: X86 Indirect Thunks
; CHECK-NEXT: X86 Return Thunks ; CHECK-NEXT: X86 Return Thunks
; CHECK-NEXT: Check CFA info and insert CFI instructions if needed ; CHECK-NEXT: Check CFA info and insert CFI instructions if needed
; CHECK-NEXT: X86 Load Value Injection (LVI) Ret-Hardening ; CHECK-NEXT: X86 Load Value Injection (LVI) Ret-Hardening
; CHECK-NEXT: Pseudo Probe Inserter ; CHECK-NEXT: Pseudo Probe Inserter
; CHECK-NEXT: Unpack machine instruction bundles
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Machine Optimization Remark Emitter
; CHECK-NEXT: X86 Assembly Printer ; CHECK-NEXT: X86 Assembly Printer
; CHECK-NEXT: Free MachineFunction ; CHECK-NEXT: Free MachineFunction
define void @f() { define void @f() {
ret void ret void
} }

llvm/test/CodeGen/X86/kcfi-patchable-function-prefix.ll

  • This file was added.
; RUN: llc -mtriple=x86_64-unknown-linux-gnu -verify-machineinstrs < %s | FileCheck %s
; CHECK: .p2align 4, 0x90
; CHECK-LABEL: __cfi_f1:
; CHECK-COUNT-11: nop
; CHECK-NEXT: movl $12345678, %eax
; CHECK-LABEL: .Lcfi_func_end0:
; CHECK-NEXT: .size __cfi_f1, .Lcfi_func_end0-__cfi_f1
; CHECK-LABEL: f1:
define void @f1(ptr noundef %x) !kcfi_type !1 {
; CHECK: addl -4(%r{{..}}), %r10d
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; CHECK: .p2align 4, 0x90
; CHECK-NOT: __cfi_f2:
; CHECK-NOT: nop
; CHECK-LABEL: f2:
define void @f2(ptr noundef %x) {
; CHECK: addl -4(%r{{..}}), %r10d
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; CHECK: .p2align 4, 0x90
; CHECK-LABEL: __cfi_f3:
; CHECK-NOT: nop
; CHECK-NEXT: movl $12345678, %eax
; CHECK-COUNT-11: nop
; CHECK-LABEL: f3:
define void @f3(ptr noundef %x) #0 !kcfi_type !1 {
; CHECK: addl -15(%r{{..}}), %r10d
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; CHECK: .p2align 4, 0x90
; CHECK-NOT: __cfi_f4:
; CHECK-COUNT-16: nop
; CHECK-LABEL: f4:
define void @f4(ptr noundef %x) #0 {
; CHECK: addl -15(%r{{..}}), %r10d
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
attributes #0 = { "patchable-function-prefix"="11" }
!llvm.module.flags = !{!0}
!0 = !{i32 4, !"kcfi", i32 1}
!1 = !{i32 12345678}

llvm/test/CodeGen/X86/kcfi.ll

  • This file was added.
; RUN: llc -mtriple=x86_64-unknown-linux-gnu -verify-machineinstrs < %s | FileCheck %s --check-prefix=ASM
; RUN: llc -mtriple=x86_64-unknown-linux-gnu -verify-machineinstrs -stop-after=finalize-isel < %s | FileCheck %s --check-prefixes=MIR,ISEL
; RUN: llc -mtriple=x86_64-unknown-linux-gnu -verify-machineinstrs -stop-after=x86-kcfi < %s | FileCheck %s --check-prefixes=MIR,KCFI
; ASM: .p2align 4, 0x90
; ASM: .type __cfi_f1,@function
; ASM-LABEL: __cfi_f1:
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: nop
; ASM-NEXT: movl $12345678, %eax
; ASM-LABEL: .Lcfi_func_end0:
; ASM-NEXT: .size __cfi_f1, .Lcfi_func_end0-__cfi_f1
define void @f1(ptr noundef %x) !kcfi_type !1 {
; ASM-LABEL: f1:
; ASM: # %bb.0:
; ASM: movl $4282621618, %r10d # imm = 0xFF439EB2
; ASM-NEXT: addl -4(%rdi), %r10d
; ASM-NEXT: je .Ltmp0
; ASM-NEXT: .Ltmp1:
; ASM-NEXT: ud2
; ASM-NEXT: .section .kcfi_traps,"ao",@progbits,.text
; ASM-NEXT: .Ltmp2:
; ASM-NEXT: .long .Ltmp1-.Ltmp2
; ASM-NEXT: .text
; ASM-NEXT: .Ltmp0:
; ASM-NEXT: callq *%rdi
; MIR-LABEL: name: f1
; MIR: body:
; ISEL: CALL64r %0, csr_64, implicit $rsp, implicit $ssp, implicit-def $rsp, implicit-def $ssp, cfi-type 12345678
; KCFI: BUNDLE implicit-def $r10, implicit-def $r10d, implicit-def $r10w, implicit-def $r10b, implicit-def $r10bh, implicit-def $r10wh, implicit-def $eflags, implicit-def $rsp, implicit-def $esp, implicit-def $sp, implicit-def $spl, implicit-def $sph, implicit-def $hsp, implicit-def $ssp, implicit killed $rdi, implicit $rsp, implicit $ssp {
; KCFI-NEXT: KCFI_CHECK $rdi, 12345678, implicit-def $r10, implicit-def $eflags
; KCFI-NEXT: CALL64r killed $rdi, csr_64, implicit $rsp, implicit $ssp, implicit-def $rsp, implicit-def $ssp
; KCFI-NEXT: }
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; ASM-NOT: __cfi_f2:
define void @f2(ptr noundef %x) {
; ASM-LABEL: f2:
; MIR-LABEL: name: f2
; MIR: body:
; ISEL: TCRETURNri64 %0, 0, csr_64, implicit $rsp, implicit $ssp, cfi-type 12345678
; KCFI: BUNDLE implicit-def $r10, implicit-def $r10d, implicit-def $r10w, implicit-def $r10b, implicit-def $r10bh, implicit-def $r10wh, implicit-def $eflags, implicit killed $rdi, implicit $rsp, implicit $ssp {
; KCFI-NEXT: KCFI_CHECK $rdi, 12345678, implicit-def $r10, implicit-def $eflags
; KCFI-NEXT: TAILJMPr64 killed $rdi, csr_64, implicit $rsp, implicit $ssp, implicit $rsp, implicit $ssp
; KCFI-NEXT: }
tail call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; ASM-NOT: __cfi_f3:
define void @f3(ptr noundef %x) #0 {
; ASM-LABEL: f3:
; MIR-LABEL: name: f3
; MIR: body:
; ISEL: CALL64pcrel32 &__llvm_retpoline_r11, csr_64, implicit $rsp, implicit $ssp, implicit-def $rsp, implicit-def $ssp, implicit killed $r11, cfi-type 12345678
; KCFI: BUNDLE implicit-def $r10, implicit-def $r10d, implicit-def $r10w, implicit-def $r10b, implicit-def $r10bh, implicit-def $r10wh, implicit-def $eflags, implicit-def $rsp, implicit-def $esp, implicit-def $sp, implicit-def $spl, implicit-def $sph, implicit-def $hsp, implicit-def $ssp, implicit killed $r11, implicit $rsp, implicit $ssp {
; KCFI-NEXT: KCFI_CHECK $r11, 12345678, implicit-def $r10, implicit-def $eflags
; KCFI-NEXT: CALL64pcrel32 &__llvm_retpoline_r11, csr_64, implicit $rsp, implicit $ssp, implicit-def $rsp, implicit-def $ssp, implicit killed $r11
; KCFI-NEXT: }
call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
; ASM-NOT: __cfi_f4:
define void @f4(ptr noundef %x) #0 {
; ASM-LABEL: f4:
; MIR-LABEL: name: f4
; MIR: body:
; ISEL: TCRETURNdi64 &__llvm_retpoline_r11, 0, csr_64, implicit $rsp, implicit $ssp, implicit killed $r11, cfi-type 12345678
; KCFI: BUNDLE implicit-def $r10, implicit-def $r10d, implicit-def $r10w, implicit-def $r10b, implicit-def $r10bh, implicit-def $r10wh, implicit-def $eflags, implicit killed $r11, implicit $rsp, implicit $ssp {
; KCFI-NEXT: KCFI_CHECK $r11, 12345678, implicit-def $r10, implicit-def $eflags
; KCFI-NEXT: TAILJMPd64 &__llvm_retpoline_r11, csr_64, implicit $rsp, implicit $ssp, implicit $rsp, implicit $ssp, implicit killed $r11
; KCFI-NEXT: }
tail call void %x() [ "kcfi"(i32 12345678) ]
ret void
}
;; Ensure we emit Value + 1 for unwanted values (e.g. endbr64 == 4196274163).
; ASM-LABEL: __cfi_f5:
joaomoreiraUnsubmitted
Done
ReplyInline Actions

We need to also ensure/test that these are not emitted in the caller/indirect branch guards.

I assume that in the current scheme (blinding with ~Value) would be unfeasible to do this, so maybe we need a different approach for masking (as suggested above).

joaomoreira: We need to also ensure/test that these are not emitted in the caller/indirect branch guards. I…
samitolvanenAuthorUnsubmitted
Done
ReplyInline Actions

Added a test for -ENDBR too.

samitolvanen: Added a test for `-ENDBR` too.
; ASM: movl $4196274164, %eax # imm = 0xFA1E0FF4
define void @f5(ptr noundef %x) !kcfi_type !2 {
; ASM-LABEL: f5:
; ASM: movl $98693132, %r10d # imm = 0x5E1F00C
tail call void %x() [ "kcfi"(i32 4196274163) ]
ret void
}
;; Ensure we emit Value + 1 for unwanted values (e.g. -endbr64 == 98693133).
; ASM-LABEL: __cfi_f6:
; ASM: movl $98693134, %eax # imm = 0x5E1F00E
define void @f6(ptr noundef %x) !kcfi_type !3 {
; ASM-LABEL: f6:
; ASM: movl $4196274162, %r10d # imm = 0xFA1E0FF2
tail call void %x() [ "kcfi"(i32 98693133) ]
ret void
}
attributes #0 = { "target-features"="+retpoline-indirect-branches,+retpoline-indirect-calls" }
!llvm.module.flags = !{!0}
!0 = !{i32 4, !"kcfi", i32 1}
!1 = !{i32 12345678}
!2 = !{i32 4196274163}
!3 = !{i32 98693133}

llvm/test/CodeGen/X86/opt-pipeline.ll

Show First 20 LinesShow All 167 Lines▼ Show 20 Lines
; CHECK-NEXT: Shrink Wrapping analysis ; CHECK-NEXT: Shrink Wrapping analysis
; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization ; CHECK-NEXT: Prologue/Epilogue Insertion & Frame Finalization
; CHECK-NEXT: Control Flow Optimizer ; CHECK-NEXT: Control Flow Optimizer
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Tail Duplication ; CHECK-NEXT: Tail Duplication
; CHECK-NEXT: Machine Copy Propagation Pass ; CHECK-NEXT: Machine Copy Propagation Pass
; CHECK-NEXT: Post-RA pseudo instruction expansion pass ; CHECK-NEXT: Post-RA pseudo instruction expansion pass
; CHECK-NEXT: X86 pseudo instruction expansion pass ; CHECK-NEXT: X86 pseudo instruction expansion pass
; CHECK-NEXT: Insert KCFI indirect call checks
; CHECK-NEXT: MachineDominator Tree Construction ; CHECK-NEXT: MachineDominator Tree Construction
; CHECK-NEXT: Machine Natural Loop Construction ; CHECK-NEXT: Machine Natural Loop Construction
; CHECK-NEXT: Post RA top-down list latency scheduler ; CHECK-NEXT: Post RA top-down list latency scheduler
; CHECK-NEXT: Analyze Machine Code For Garbage Collection ; CHECK-NEXT: Analyze Machine Code For Garbage Collection
; CHECK-NEXT: Machine Block Frequency Analysis ; CHECK-NEXT: Machine Block Frequency Analysis
; CHECK-NEXT: MachinePostDominator Tree Construction ; CHECK-NEXT: MachinePostDominator Tree Construction
; CHECK-NEXT: Branch Probability Basic Block Placement ; CHECK-NEXT: Branch Probability Basic Block Placement
; CHECK-NEXT: Insert fentry calls ; CHECK-NEXT: Insert fentry calls
Show All 19 Lines
; CHECK-NEXT: StackMap Liveness Analysis ; CHECK-NEXT: StackMap Liveness Analysis
; CHECK-NEXT: Live DEBUG_VALUE analysis ; CHECK-NEXT: Live DEBUG_VALUE analysis
; CHECK-NEXT: X86 Speculative Execution Side Effect Suppression ; CHECK-NEXT: X86 Speculative Execution Side Effect Suppression
; CHECK-NEXT: X86 Indirect Thunks ; CHECK-NEXT: X86 Indirect Thunks
; CHECK-NEXT: X86 Return Thunks ; CHECK-NEXT: X86 Return Thunks
; CHECK-NEXT: Check CFA info and insert CFI instructions if needed ; CHECK-NEXT: Check CFA info and insert CFI instructions if needed
; CHECK-NEXT: X86 Load Value Injection (LVI) Ret-Hardening ; CHECK-NEXT: X86 Load Value Injection (LVI) Ret-Hardening
; CHECK-NEXT: Pseudo Probe Inserter ; CHECK-NEXT: Pseudo Probe Inserter
; CHECK-NEXT: Unpack machine instruction bundles
; CHECK-NEXT: Lazy Machine Block Frequency Analysis ; CHECK-NEXT: Lazy Machine Block Frequency Analysis
; CHECK-NEXT: Machine Optimization Remark Emitter ; CHECK-NEXT: Machine Optimization Remark Emitter
; CHECK-NEXT: X86 Assembly Printer ; CHECK-NEXT: X86 Assembly Printer
; CHECK-NEXT: Free MachineFunction ; CHECK-NEXT: Free MachineFunction
; We should only have one function pass manager. ; We should only have one function pass manager.
; In the past, module passes have accidentally been added into the middle of ; In the past, module passes have accidentally been added into the middle of
; the codegen pipeline, implicitly creating new function pass managers. ; the codegen pipeline, implicitly creating new function pass managers.
; FPM: FunctionPass Manager ; FPM: FunctionPass Manager
; FPM-NOT: FunctionPass Manager ; FPM-NOT: FunctionPass Manager
define void @f() { define void @f() {
ret void ret void
} }

llvm/test/Transforms/InstCombine/kcfi-operand-bundles.ll

  • This file was added.
; RUN: opt < %s -passes=instcombine -S | FileCheck %s
define void @f1() #0 prefix i32 10 {
ret void
}
declare void @f2() #0 prefix i32 11
; CHECK-LABEL: define void @g(ptr noundef %x) #0
define void @g(ptr noundef %x) #0 {
; CHECK: call void %x() [ "kcfi"(i32 10) ]
call void %x() [ "kcfi"(i32 10) ]
; COM: Must drop the kcfi operand bundle from direct calls.
; CHECK: call void @f1()
; CHECK-NOT: [ "kcfi"(i32 10) ]
call void @f1() [ "kcfi"(i32 10) ]
; CHECK: call void @f2()
; CHECK-NOT: [ "kcfi"(i32 10) ]
call void @f2() [ "kcfi"(i32 10) ]
ret void
}
attributes #0 = { "kcfi-target" }

llvm/test/Transforms/TailCallElim/kcfi-bundle.ll

  • This file was added.
; RUN: opt < %s -tailcallelim -verify-dom-info -S | FileCheck %s
; Check that the "kcfi" operand bundle doesn't prevent tail calls.
define i64 @f_1(i64 %x, i64(i64)* %f_0) {
; CHECK-LABEL: @f_1(
entry:
; CHECK: tail call i64 %f_0(i64 %x) [ "kcfi"(i32 42) ]
%tmp = call i64 %f_0(i64 %x) [ "kcfi"(i32 42) ]
ret i64 0
}

llvm/test/Verifier/kcfi-operand-bundles.ll

  • This file was added.
; RUN: not opt -verify < %s 2>&1 | FileCheck %s
define void @test_kcfi_bundle(i64 %arg0, i32 %arg1, void()* %arg2) {
; CHECK: Multiple kcfi operand bundles
; CHECK-NEXT: call void %arg2() [ "kcfi"(i32 42), "kcfi"(i32 42) ]
call void %arg2() [ "kcfi"(i32 42), "kcfi"(i32 42) ]
; CHECK: Kcfi bundle operand must be an i32 constant
; CHECK-NEXT: call void %arg2() [ "kcfi"(i64 42) ]
call void %arg2() [ "kcfi"(i64 42) ]
; CHECK-NOT: call
call void %arg2() [ "kcfi"(i32 42) ] ; OK
call void %arg2() [ "kcfi"(i32 42) ] ; OK
ret void
}

llvm/test/Verifier/metadata-function-kcfi-type.ll

  • This file was added.
; RUN: not llvm-as %s -disable-output 2>&1 | FileCheck %s
define void @a() {
unreachable
}
define void @b() !kcfi_type !0 {
unreachable
}
; CHECK: function must have a single !kcfi_type attachment
define void @f0() !kcfi_type !0 !kcfi_type !0 {
unreachable
}
!0 = !{i32 10}
; CHECK: !kcfi_type must have exactly one operand
define void @f1() !kcfi_type !1 {
unreachable
}
!1 = !{!"string", i32 0}
; CHECK: expected a constant operand for !kcfi_type
define void @f2() !kcfi_type !2 {
unreachable
}
!2 = !{!"string"}
; CHECK: expected a constant integer operand for !kcfi_type
define void @f3() !kcfi_type !3 {
unreachable
}
!3 = !{ptr @f3}
; CHECK: expected a 32-bit integer constant operand for !kcfi_type
define void @f4() !kcfi_type !4 {
unreachable
}
!4 = !{i64 10}

llvm/utils/gn/secondary/llvm/lib/Target/AArch64/BUILD.gn

Show First 20 LinesShow All 120 Lines▼ Show 20 Lines sources = [
"AArch64ExpandImm.cpp", "AArch64ExpandImm.cpp",
"AArch64ExpandPseudoInsts.cpp", "AArch64ExpandPseudoInsts.cpp",
"AArch64FalkorHWPFFix.cpp", "AArch64FalkorHWPFFix.cpp",
"AArch64FastISel.cpp", "AArch64FastISel.cpp",
"AArch64FrameLowering.cpp", "AArch64FrameLowering.cpp",
"AArch64ISelDAGToDAG.cpp", "AArch64ISelDAGToDAG.cpp",
"AArch64ISelLowering.cpp", "AArch64ISelLowering.cpp",
"AArch64InstrInfo.cpp", "AArch64InstrInfo.cpp",
"AArch64KCFI.cpp",
"AArch64LoadStoreOptimizer.cpp", "AArch64LoadStoreOptimizer.cpp",
"AArch64LowerHomogeneousPrologEpilog.cpp", "AArch64LowerHomogeneousPrologEpilog.cpp",
"AArch64MCInstLower.cpp", "AArch64MCInstLower.cpp",
"AArch64MIPeepholeOpt.cpp", "AArch64MIPeepholeOpt.cpp",
"AArch64MachineFunctionInfo.cpp", "AArch64MachineFunctionInfo.cpp",
"AArch64MachineScheduler.cpp", "AArch64MachineScheduler.cpp",
"AArch64MacroFusion.cpp", "AArch64MacroFusion.cpp",
"AArch64PBQPRegAlloc.cpp", "AArch64PBQPRegAlloc.cpp",
▲ Show 20 LinesShow All 44 LinesShow Last 20 Lines

llvm/utils/gn/secondary/llvm/lib/Target/X86/BUILD.gn

Show First 20 LinesShow All 103 Lines▼ Show 20 Lines sources = [
"X86InsertPrefetch.cpp", "X86InsertPrefetch.cpp",
"X86InsertWait.cpp", "X86InsertWait.cpp",
"X86InstCombineIntrinsic.cpp", "X86InstCombineIntrinsic.cpp",
"X86InstrFMA3Info.cpp", "X86InstrFMA3Info.cpp",
"X86InstrFoldTables.cpp", "X86InstrFoldTables.cpp",
"X86InstrInfo.cpp", "X86InstrInfo.cpp",
"X86InstructionSelector.cpp", "X86InstructionSelector.cpp",
"X86InterleavedAccess.cpp", "X86InterleavedAccess.cpp",
"X86KCFI.cpp",
"X86LegalizerInfo.cpp", "X86LegalizerInfo.cpp",
"X86LoadValueInjectionLoadHardening.cpp", "X86LoadValueInjectionLoadHardening.cpp",
"X86LoadValueInjectionRetHardening.cpp", "X86LoadValueInjectionRetHardening.cpp",
"X86LowerAMXIntrinsics.cpp", "X86LowerAMXIntrinsics.cpp",
"X86LowerAMXType.cpp", "X86LowerAMXType.cpp",
"X86LowerTileCopy.cpp", "X86LowerTileCopy.cpp",
"X86MCInstLower.cpp", "X86MCInstLower.cpp",
"X86MachineFunctionInfo.cpp", "X86MachineFunctionInfo.cpp",
Show All 39 Lines