This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
llvm/
-
include/llvm/IR/
-
llvm/
-
IR/
-
IntrinsicsPowerPC.td
-
lib/Target/PowerPC/
-
Target/
-
PowerPC/
1
PPCInstr64Bit.td
-
test/CodeGen/PowerPC/
-
CodeGen/
-
PowerPC/
2/4
builtins-ppc-p9-darn.ll

Differential D122783

[PowerPC] Mark side effects of Power9 darn instruction
ClosedPublic

Authored by qiucf on Mar 30 2022, 11:54 PM.

Download Raw Diff

Details

Reviewers

nemanjai
jsji
shchenz
lkail

Group Reviewers

Restricted Project

Commits

rG1e23175df680: [PowerPC] Mark side effects of Power9 darn instruction

Summary

This fixes CVE-2019-15847 ( https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91481 ).

For following case:

#include <stdio.h>
#include <stdint.h>

int main()
{
  uint64_t darn[32];
  for(size_t i = 0; i != 32; ++i)
    darn[i] = __builtin_darn();
  for(size_t i = 0; i != 32; ++i)
    printf("%016lX\n", darn[i]);
  return 0;
}

32 outputs are the same, however they should be different.

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

qiucf created this revision.Mar 30 2022, 11:54 PM

Herald added a project: Restricted Project. · View Herald TranscriptMar 30 2022, 11:54 PM

Herald added subscribers: shchenz, kbarton, hiraditya, nemanjai. · View Herald Transcript

qiucf requested review of this revision.Mar 30 2022, 11:54 PM

Herald added a project: Restricted Project. · View Herald TranscriptMar 30 2022, 11:54 PM

Herald added a subscriber: llvm-commits. · View Herald Transcript

qiucf added reviewers: nemanjai, jsji, shchenz, Restricted Project.Mar 30 2022, 11:56 PM

Could you also add test of opt -passes='default<O3>' to ensure we don't optimize it out for the motivation case?

Harbormaster completed remote builds in B157104: Diff 419336.Mar 31 2022, 8:04 AM

Add OPT test

lkail added inline comments.Apr 1 2022, 3:49 AM

llvm/test/CodeGen/PowerPC/builtins-ppc-p9-darn.ll
52	The test should include the loop in the motivation case, since we might LICM'ed the intrinsic, so we observe the same value of every element in the array.

Harbormaster completed remote builds in B157370: Diff 419692.Apr 1 2022, 4:22 AM

qiucf updated this revision to Diff 421401.Apr 7 2022, 8:42 PM

qiucf marked an inline comment as done.

LGTM with nit.

llvm/test/CodeGen/PowerPC/builtins-ppc-p9-darn.ll
55	I'm not sure this directive is generated via `utils/update_llc_test_checks.py`. If not, this might diverge from what `; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py` suggests.

This revision is now accepted and ready to land.Apr 7 2022, 9:03 PM

Harbormaster completed remote builds in B158616: Diff 421401.Apr 7 2022, 9:31 PM

This revision was landed with ongoing or failed builds.Apr 17 2022, 10:23 PM

Closed by commit rG1e23175df680: [PowerPC] Mark side effects of Power9 darn instruction (authored by qiucf). · Explain Why

This revision was automatically updated to reflect the committed changes.

qiucf added a commit: rG1e23175df680: [PowerPC] Mark side effects of Power9 darn instruction.

qiucf added inline comments.Apr 17 2022, 10:23 PM

llvm/test/CodeGen/PowerPC/builtins-ppc-p9-darn.ll
55	`update_llc_test_checks.py` will ignore the run lines.

nemanjai added inline comments.Apr 28 2022, 6:21 PM

llvm/lib/Target/PowerPC/PPCInstr64Bit.td
1041	Could you please commit a follow-up patch with a comment explaining why this flag is set. The instruction doesn't really have side effects in that it modifies some machine state, the flag is presumably needed so the instruction doesn't get optimized out.
llvm/test/CodeGen/PowerPC/builtins-ppc-p9-darn.ll
37	As general guidance, it is preferred if you pre-commit a test case like this with the original code generation so that the review (and subsequent commit) shows how the code generation changes as a result of the patch.

Revision Contents

Path

Size

llvm/

include/

llvm/

IR/

IntrinsicsPowerPC.td

9 lines

lib/

Target/

PowerPC/

PPCInstr64Bit.td

7 lines

test/

CodeGen/

PowerPC/

builtins-ppc-p9-darn.ll

47 lines

Diff 423335

llvm/include/llvm/IR/IntrinsicsPowerPC.td

Show First 20 Lines • Show All 57 Lines • ▼ Show 20 Lines	def int_ppc_unpack_longdouble : GCCBuiltin<"__builtin_unpack_longdouble">,
[IntrNoMem]>;		[IntrNoMem]>;
def int_ppc_pack_longdouble : GCCBuiltin<"__builtin_pack_longdouble">,		def int_ppc_pack_longdouble : GCCBuiltin<"__builtin_pack_longdouble">,
Intrinsic<[llvm_ppcf128_ty],		Intrinsic<[llvm_ppcf128_ty],
[llvm_double_ty, llvm_double_ty],		[llvm_double_ty, llvm_double_ty],
[IntrNoMem]>;		[IntrNoMem]>;

// Generate a random number		// Generate a random number
def int_ppc_darn : GCCBuiltin<"__builtin_darn">,		def int_ppc_darn : GCCBuiltin<"__builtin_darn">,
Intrinsic<[llvm_i64_ty], [], [IntrNoMem]>;		Intrinsic<[llvm_i64_ty], [],
		[IntrNoMerge, IntrHasSideEffects]>;
def int_ppc_darnraw : GCCBuiltin<"__builtin_darn_raw">,		def int_ppc_darnraw : GCCBuiltin<"__builtin_darn_raw">,
Intrinsic<[llvm_i64_ty], [], [IntrNoMem]>;		Intrinsic<[llvm_i64_ty], [],
		[IntrNoMerge, IntrHasSideEffects]>;
def int_ppc_darn32 : GCCBuiltin<"__builtin_darn_32">,		def int_ppc_darn32 : GCCBuiltin<"__builtin_darn_32">,
Intrinsic<[llvm_i32_ty], [], [IntrNoMem]>;		Intrinsic<[llvm_i32_ty], [],
		[IntrNoMerge, IntrHasSideEffects]>;

// Bit permute doubleword		// Bit permute doubleword
def int_ppc_bpermd : GCCBuiltin<"__builtin_bpermd">,		def int_ppc_bpermd : GCCBuiltin<"__builtin_bpermd">,
Intrinsic<[llvm_i64_ty], [llvm_i64_ty, llvm_i64_ty],		Intrinsic<[llvm_i64_ty], [llvm_i64_ty, llvm_i64_ty],
[IntrNoMem]>;		[IntrNoMem]>;

// Parallel Bits Deposit/Extract Doubleword Builtins.		// Parallel Bits Deposit/Extract Doubleword Builtins.
def int_ppc_pdepd		def int_ppc_pdepd
▲ Show 20 Lines • Show All 1,756 Lines • Show Last 20 Lines

llvm/lib/Target/PowerPC/PPCInstr64Bit.td

Show First 20 Lines • Show All 1,008 Lines • ▼ Show 20 Lines	let Interpretation64Bit = 1, isCodeGenOnly = 1 in {
def MADDLD8 : VAForm_1a<51,		def MADDLD8 : VAForm_1a<51,
(outs g8rc :$RT), (ins g8rc:$RA, g8rc:$RB, g8rc:$RC),		(outs g8rc :$RT), (ins g8rc:$RA, g8rc:$RB, g8rc:$RC),
"maddld $RT, $RA, $RB, $RC", IIC_IntMulHD,		"maddld $RT, $RA, $RB, $RC", IIC_IntMulHD,
[(set i64:$RT, (add_without_simm16 (mul_without_simm16 i64:$RA, i64:$RB), i64:$RC))]>,		[(set i64:$RT, (add_without_simm16 (mul_without_simm16 i64:$RA, i64:$RB), i64:$RC))]>,
isPPC64;		isPPC64;
def SETB8 : XForm_44<31, 128, (outs g8rc:$RT), (ins crrc:$BFA),		def SETB8 : XForm_44<31, 128, (outs g8rc:$RT), (ins crrc:$BFA),
"setb $RT, $BFA", IIC_IntGeneral>, isPPC64;		"setb $RT, $BFA", IIC_IntGeneral>, isPPC64;
}		}
def DARN : XForm_45<31, 755, (outs g8rc:$RT), (ins u2imm:$L),
"darn $RT, $L", IIC_LdStLD>, isPPC64;
def ADDPCIS : DXForm<19, 2, (outs g8rc:$RT), (ins i32imm:$D),		def ADDPCIS : DXForm<19, 2, (outs g8rc:$RT), (ins i32imm:$D),
"addpcis $RT, $D", IIC_BrB, []>, isPPC64;		"addpcis $RT, $D", IIC_BrB, []>, isPPC64;
def MODSD : XForm_8<31, 777, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),		def MODSD : XForm_8<31, 777, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),
"modsd $rT, $rA, $rB", IIC_IntDivW,		"modsd $rT, $rA, $rB", IIC_IntDivW,
[(set i64:$rT, (srem i64:$rA, i64:$rB))]>;		[(set i64:$rT, (srem i64:$rA, i64:$rB))]>;
def MODUD : XForm_8<31, 265, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),		def MODUD : XForm_8<31, 265, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),
"modud $rT, $rA, $rB", IIC_IntDivW,		"modud $rT, $rA, $rB", IIC_IntDivW,
[(set i64:$rT, (urem i64:$rA, i64:$rB))]>;		[(set i64:$rT, (urem i64:$rA, i64:$rB))]>;
}		}

defm DIVDEU : XOForm_1rcr<31, 393, 0, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),		defm DIVDEU : XOForm_1rcr<31, 393, 0, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),
"divdeu", "$rT, $rA, $rB", IIC_IntDivD,		"divdeu", "$rT, $rA, $rB", IIC_IntDivD,
[(set i64:$rT, (int_ppc_divdeu g8rc:$rA, g8rc:$rB))]>,		[(set i64:$rT, (int_ppc_divdeu g8rc:$rA, g8rc:$rB))]>,
isPPC64, Requires<[HasExtDiv]>;		isPPC64, Requires<[HasExtDiv]>;
let isCommutable = 1 in		let isCommutable = 1 in
defm MULLD : XOForm_1rx<31, 233, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),		defm MULLD : XOForm_1rx<31, 233, (outs g8rc:$rT), (ins g8rc:$rA, g8rc:$rB),
"mulld", "$rT, $rA, $rB", IIC_IntMulHD,		"mulld", "$rT, $rA, $rB", IIC_IntMulHD,
[(set i64:$rT, (mul i64:$rA, i64:$rB))]>, isPPC64;		[(set i64:$rT, (mul i64:$rA, i64:$rB))]>, isPPC64;
let Interpretation64Bit = 1, isCodeGenOnly = 1 in		let Interpretation64Bit = 1, isCodeGenOnly = 1 in
def MULLI8 : DForm_2<7, (outs g8rc:$rD), (ins g8rc:$rA, s16imm64:$imm),		def MULLI8 : DForm_2<7, (outs g8rc:$rD), (ins g8rc:$rA, s16imm64:$imm),
"mulli $rD, $rA, $imm", IIC_IntMulLI,		"mulli $rD, $rA, $imm", IIC_IntMulLI,
[(set i64:$rD, (mul i64:$rA, imm64SExt16:$imm))]>;		[(set i64:$rD, (mul i64:$rA, imm64SExt16:$imm))]>;
}		}

		let hasSideEffects = 1 in {
		nemanjaiUnsubmitted Not Done Reply Inline Actions Could you please commit a follow-up patch with a comment explaining why this flag is set. The instruction doesn't really have side effects in that it modifies some machine state, the flag is presumably needed so the instruction doesn't get optimized out. nemanjai: Could you please commit a follow-up patch with a comment explaining why this flag is set. The…
		def DARN : XForm_45<31, 755, (outs g8rc:$RT), (ins u2imm:$L),
		"darn $RT, $L", IIC_LdStLD>, isPPC64;
		}

let hasSideEffects = 0 in {		let hasSideEffects = 0 in {
defm RLDIMI : MDForm_1r<30, 3, (outs g8rc:$rA),		defm RLDIMI : MDForm_1r<30, 3, (outs g8rc:$rA),
(ins g8rc:$rSi, g8rc:$rS, u6imm:$SH, u6imm:$MBE),		(ins g8rc:$rSi, g8rc:$rS, u6imm:$SH, u6imm:$MBE),
"rldimi", "$rA, $rS, $SH, $MBE", IIC_IntRotateDI,		"rldimi", "$rA, $rS, $SH, $MBE", IIC_IntRotateDI,
[]>, isPPC64, RegConstraint<"$rSi = $rA">,		[]>, isPPC64, RegConstraint<"$rSi = $rA">,
NoEncode<"$rSi">;		NoEncode<"$rSi">;

// Rotate instructions.		// Rotate instructions.
▲ Show 20 Lines • Show All 909 Lines • Show Last 20 Lines

llvm/test/CodeGen/PowerPC/builtins-ppc-p9-darn.ll

	; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py			; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py
	; RUN: llc < %s -verify-machineinstrs -mtriple powerpc64le -mcpu=pwr9 \| FileCheck %s			; RUN: llc < %s -verify-machineinstrs -mtriple powerpc64le -mcpu=pwr9 \| FileCheck %s
	; RUN: llc < %s -verify-machineinstrs -mtriple powerpc64-ibm-aix-xcoff -vec-extabi -mcpu=pwr9 \| FileCheck %s			; RUN: llc < %s -verify-machineinstrs -mtriple powerpc64-ibm-aix-xcoff -vec-extabi -mcpu=pwr9 \| FileCheck %s
				; RUN: opt < %s -passes="default<O3>" -S -mtriple powerpc64le -mcpu=pwr9 \| FileCheck %s --check-prefix=OPT

	define i64 @raw() {			define i64 @raw() {
	; CHECK-LABEL: raw:			; CHECK-LABEL: raw:
	; CHECK: # %bb.0: # %entry			; CHECK: # %bb.0: # %entry
	; CHECK-NEXT: darn 3, 2			; CHECK-NEXT: darn 3, 2
	; CHECK-NEXT: blr			; CHECK-NEXT: blr
	entry:			entry:
	%0 = call i64 @llvm.ppc.darnraw()			%0 = call i64 @llvm.ppc.darnraw()
	Show All 16 Lines
	; CHECK-NEXT: darn 3, 0			; CHECK-NEXT: darn 3, 0
	; CHECK-NEXT: extsw 3, 3			; CHECK-NEXT: extsw 3, 3
	; CHECK-NEXT: blr			; CHECK-NEXT: blr
	entry:			entry:
	%0 = call i32 @llvm.ppc.darn32()			%0 = call i32 @llvm.ppc.darn32()
	ret i32 %0			ret i32 %0
	}			}

				define i64 @darn_side_effect() {
				nemanjaiUnsubmitted Not Done Reply Inline Actions As general guidance, it is preferred if you pre-commit a test case like this with the original code generation so that the review (and subsequent commit) shows how the code generation changes as a result of the patch. nemanjai: As general guidance, it is preferred if you pre-commit a test case like this with the original…
				; CHECK-LABEL: darn_side_effect:
				; CHECK: # %bb.0: # %entry
				; CHECK-NEXT: darn 3, 2
				; CHECK-NEXT: darn 3, 1
				; CHECK-NEXT: blr

				; OPT-LABEL: @darn_side_effect
				; OPT: call i64 @llvm.ppc.darnraw()
				; OPT-NEXT: call i64 @llvm.ppc.darn()
				entry:
				%0 = call i64 @llvm.ppc.darnraw()
				%1 = call i64 @llvm.ppc.darn()
				ret i64 %1
				}

				lkailUnsubmitted Done Reply Inline Actions The test should include the loop in the motivation case, since we might LICM'ed the intrinsic, so we observe the same value of every element in the array. lkail: The test should include the loop in the motivation case, since we might LICM'ed the intrinsic…
				define void @darn_loop(i64* noundef %darn) {
				; OPT-LABEL: @darn_loop
				; OPT-COUNT-32: tail call i64 @llvm.ppc.darn()
				lkailUnsubmitted Not Done Reply Inline Actions I'm not sure this directive is generated via `utils/update_llc_test_checks.py`. If not, this might diverge from what `; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py` suggests. lkail: I'm not sure this directive is generated via `utils/update_llc_test_checks.py`. If not, this…
				qiucfAuthorUnsubmitted Done Reply Inline Actions `update_llc_test_checks.py` will ignore the run lines. qiucf: `update_llc_test_checks.py` will ignore the run lines.
				entry:
				%inc = alloca i32, align 4
				store i32 0, i32* %inc, align 4
				br label %cond

				cond:
				%0 = load i32, i32* %inc, align 4
				%cmp = icmp ne i32 %0, 32
				br i1 %cmp, label %body, label %end_loop

				body:
				%1 = call i64 @llvm.ppc.darn()
				%2 = load i32, i32* %inc, align 4
				%idx = getelementptr inbounds i64, i64* %darn, i32 %2
				store i64 %1, i64* %idx, align 8
				br label %incr

				incr:
				%3 = load i32, i32* %inc, align 4
				%ninc = add nsw i32 %3, 1
				store i32 %ninc, i32* %inc, align 4
				br label %cond

				end_loop:
				ret void
				}

	declare i64 @llvm.ppc.darn()			declare i64 @llvm.ppc.darn()
	declare i64 @llvm.ppc.darnraw()			declare i64 @llvm.ppc.darnraw()
	declare i32 @llvm.ppc.darn32()			declare i32 @llvm.ppc.darn32()