This is an archive of the discontinued LLVM Phabricator instance.

Differential D144082

[llvm][AArch64] Fix BTI after returns_twice when call has no attributes
ClosedPublic

Authored by DavidSpickett on Feb 15 2023, 1:35 AM.

Details

Reviewers
nikic
Commits
rG93164dba086d: [llvm][AArch64] Fix BTI after returns_twice when call has no attributes
Summary

Previously we were looking for the returns twice attribute by manually
getting the function attributes from the call. This meant that we only
found attributes on the call itself, not what it was calling.

So if you had:
%call1 = call i32 @setjmp(ptr noundef null)

We would not BTI protect that even though setjmp clearly needs it.

Clang happens to produce:
%call = call i32 @setjmp(ptr noundef null) #0 ; returns_twice

So all valid calls were protected. This is not guaranteed,
the frontend may choose not to put attributes on the call.

It is undefined behaviour to call setjmp indirectly
(https://pubs.opengroup.org/onlinepubs/9699919799/functions/setjmp.html)
but as I misused the APIs here I think it's worth fixing up regardless.

Added comments to the test file where the IR differs from what
clang would output.

Diff Detail

Event Timeline

DavidSpickett created this revision.Feb 15 2023, 1:35 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 15 2023, 1:35 AM
Herald added subscribers: hiraditya, kristof.beyls. · View Herald Transcript
DavidSpickett requested review of this revision.Feb 15 2023, 1:35 AM
Herald added a project: Restricted Project. · View Herald TranscriptFeb 15 2023, 1:35 AM
Herald added a subscriber: llvm-commits. · View Herald Transcript
DavidSpickett added a reviewer: nikic.Feb 15 2023, 1:37 AM

As suggested on https://github.com/llvm/llvm-project/issues/60732.

With this fix if clang converts an indirect call into a direct call, we will correctly protect that with a bti instruction. This matches the expected behaviour and what gcc produces.

Herald added a subscriber: StephenFan. · View Herald TranscriptFeb 15 2023, 1:37 AM
Harbormaster completed remote builds in B213836: Diff 497592.Feb 15 2023, 2:12 AM
nikic accepted this revision.Feb 15 2023, 6:24 AM

LG

This revision is now accepted and ready to land.Feb 15 2023, 6:24 AM
This revision was landed with ongoing or failed builds.Feb 15 2023, 7:30 AM
Closed by commit rG93164dba086d: [llvm][AArch64] Fix BTI after returns_twice when call has no attributes (authored by DavidSpickett). · Explain Why
This revision was automatically updated to reflect the committed changes.
DavidSpickett added a commit: rG93164dba086d: [llvm][AArch64] Fix BTI after returns_twice when call has no attributes.

Revision Contents

PathSize
llvm/
lib/
Target/
AArch64/
2 lines
GISel/
3 lines
test/
CodeGen/
AArch64/
15 lines

Diff 497671

llvm/lib/Target/AArch64/AArch64ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 7,167 Lines▼ Show 20 LinesAArch64TargetLowering::LowerCall(CallLoweringInfo &CLI,
bool IsThisReturn = false; bool IsThisReturn = false;
AArch64FunctionInfo *FuncInfo = MF.getInfo<AArch64FunctionInfo>(); AArch64FunctionInfo *FuncInfo = MF.getInfo<AArch64FunctionInfo>();
bool TailCallOpt = MF.getTarget().Options.GuaranteedTailCallOpt; bool TailCallOpt = MF.getTarget().Options.GuaranteedTailCallOpt;
bool IsCFICall = CLI.CB && CLI.CB->isIndirectCall() && CLI.CFIType; bool IsCFICall = CLI.CB && CLI.CB->isIndirectCall() && CLI.CFIType;
bool IsSibCall = false; bool IsSibCall = false;
bool GuardWithBTI = false; bool GuardWithBTI = false;
if (CLI.CB && CLI.CB->getAttributes().hasFnAttr(Attribute::ReturnsTwice) && if (CLI.CB && CLI.CB->hasFnAttr(Attribute::ReturnsTwice) &&
!Subtarget->noBTIAtReturnTwice()) { !Subtarget->noBTIAtReturnTwice()) {
GuardWithBTI = FuncInfo->branchTargetEnforcement(); GuardWithBTI = FuncInfo->branchTargetEnforcement();
} }
// Analyze operands of the call, assigning locations to each operand. // Analyze operands of the call, assigning locations to each operand.
SmallVector<CCValAssign, 16> ArgLocs; SmallVector<CCValAssign, 16> ArgLocs;
CCState CCInfo(CallConv, IsVarArg, MF, ArgLocs, *DAG.getContext()); CCState CCInfo(CallConv, IsVarArg, MF, ArgLocs, *DAG.getContext());
▲ Show 20 LinesShow All 17,231 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/GISel/AArch64CallLowering.cpp

Show First 20 LinesShow All 1,260 Lines▼ Show 20 Linesbool AArch64CallLowering::lowerCall(MachineIRBuilder &MIRBuilder,
unsigned Opc = 0; unsigned Opc = 0;
// Calls with operand bundle "clang.arc.attachedcall" are special. They should // Calls with operand bundle "clang.arc.attachedcall" are special. They should
// be expanded to the call, directly followed by a special marker sequence and // be expanded to the call, directly followed by a special marker sequence and
// a call to an ObjC library function. // a call to an ObjC library function.
if (Info.CB && objcarc::hasAttachedCallOpBundle(Info.CB)) if (Info.CB && objcarc::hasAttachedCallOpBundle(Info.CB))
Opc = AArch64::BLR_RVMARKER; Opc = AArch64::BLR_RVMARKER;
// A call to a returns twice function like setjmp must be followed by a bti // A call to a returns twice function like setjmp must be followed by a bti
// instruction. // instruction.
else if (Info.CB && else if (Info.CB && Info.CB->hasFnAttr(Attribute::ReturnsTwice) &&
Info.CB->getAttributes().hasFnAttr(Attribute::ReturnsTwice) &&
!Subtarget.noBTIAtReturnTwice() && !Subtarget.noBTIAtReturnTwice() &&
MF.getInfo<AArch64FunctionInfo>()->branchTargetEnforcement()) MF.getInfo<AArch64FunctionInfo>()->branchTargetEnforcement())
Opc = AArch64::BLR_BTI; Opc = AArch64::BLR_BTI;
else else
Opc = getCallOpcode(MF, Info.Callee.isReg(), false); Opc = getCallOpcode(MF, Info.Callee.isReg(), false);
auto MIB = MIRBuilder.buildInstrNoInsert(Opc); auto MIB = MIRBuilder.buildInstrNoInsert(Opc);
unsigned CalleeOpNo = 0; unsigned CalleeOpNo = 0;
▲ Show 20 LinesShow All 90 LinesShow Last 20 Lines

llvm/test/CodeGen/AArch64/setjmp-bti.ll

Show All 12 Lines
; C source ; C source
; -------- ; --------
; extern int setjmp(ptr); ; extern int setjmp(ptr);
; extern void notsetjmp(void); ; extern void notsetjmp(void);
; ;
; void bbb(void) { ; void bbb(void) {
; setjmp(0); ; setjmp(0);
; setjmp(0); // With the attributes removed.
; int (*fnptr)(ptr) = setjmp; ; int (*fnptr)(ptr) = setjmp;
; fnptr(0); ; fnptr(0); // With attributes added.
; notsetjmp(); ; notsetjmp();
; } ; }
define void @bbb() { define void @bbb() {
; BTI-LABEL: bbb: ; BTI-LABEL: bbb:
; BTI: bl setjmp ; BTI: bl setjmp
; BTI-NEXT: hint #36 ; BTI-NEXT: hint #36
; BTI: bl setjmp
; BTI-NEXT: hint #36
; BTI: blr x{{[0-9]+}} ; BTI: blr x{{[0-9]+}}
; BTI-NEXT: hint #36 ; BTI-NEXT: hint #36
; BTI: bl notsetjmp ; BTI: bl notsetjmp
; BTI-NOT: hint #36 ; BTI-NOT: hint #36
; BTISLS-LABEL: bbb: ; BTISLS-LABEL: bbb:
; BTISLS: bl setjmp ; BTISLS: bl setjmp
; BTISLS-NEXT: hint #36 ; BTISLS-NEXT: hint #36
; BTISLS: bl setjmp
; BTISLS-NEXT: hint #36
; BTISLS: bl __llvm_slsblr_thunk_x{{[0-9]+}} ; BTISLS: bl __llvm_slsblr_thunk_x{{[0-9]+}}
; BTISLS-NEXT: hint #36 ; BTISLS-NEXT: hint #36
; BTISLS: bl notsetjmp ; BTISLS: bl notsetjmp
; BTISLS-NOT: hint #36 ; BTISLS-NOT: hint #36
; NOBTI-LABEL: bbb: ; NOBTI-LABEL: bbb:
; NOBTI: bl setjmp ; NOBTI: bl setjmp
; NOBTI-NOT: hint #36 ; NOBTI-NOT: hint #36
; NOBTI: bl setjmp
; NOBTI-NOT: hint #36
; NOBTI: blr x{{[0-9]+}} ; NOBTI: blr x{{[0-9]+}}
; NOBTI-NOT: hint #36 ; NOBTI-NOT: hint #36
; NOBTI: bl notsetjmp ; NOBTI: bl notsetjmp
; NOBTI-NOT: hint #36 ; NOBTI-NOT: hint #36
entry: entry:
%fnptr = alloca ptr, align 8 %fnptr = alloca ptr, align 8
; The frontend may apply attributes to the call, but it doesn't have to. We
; should be looking at the call base, which looks past that to the called function.
%call = call i32 @setjmp(ptr noundef null) #0 %call = call i32 @setjmp(ptr noundef null) #0
%call1 = call i32 @setjmp(ptr noundef null)
store ptr @setjmp, ptr %fnptr, align 8 store ptr @setjmp, ptr %fnptr, align 8
%0 = load ptr, ptr %fnptr, align 8 %0 = load ptr, ptr %fnptr, align 8
%call1 = call i32 %0(ptr noundef null) #0 ; Clang does not attach the attribute here but if it did, it should work.
%call2 = call i32 %0(ptr noundef null) #0
call void @notsetjmp() call void @notsetjmp()
ret void ret void
} }
declare i32 @setjmp(ptr noundef) #0 declare i32 @setjmp(ptr noundef) #0
declare void @notsetjmp() declare void @notsetjmp()
attributes #0 = { returns_twice } attributes #0 = { returns_twice }
!llvm.module.flags = !{!0} !llvm.module.flags = !{!0}
!0 = !{i32 8, !"branch-target-enforcement", i32 1} !0 = !{i32 8, !"branch-target-enforcement", i32 1}