This is an archive of the discontinued LLVM Phabricator instance.

Differential D145205

[codegen][riscv] Emit CFI directives when using shadow call stack
ClosedPublic

Authored by paulkirth on Mar 2 2023, 4:29 PM.

Details

Reviewers
mcgrathr
jrtc27
asb
Commits
rGade336d6e141: [codegen][riscv] Emit CFI directives when using shadow call stack
Summary

Currently we don't emit any CFI instructions for the SCS register when
enabling SCS on RISCV. This causes problems when unwinding, since the
SCS register isn't being handled properly.

Diff Detail

Event Timeline

paulkirth created this revision.Mar 2 2023, 4:29 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 2 2023, 4:29 PM
Herald added subscribers: luke, VincentWu, vkmr and 28 others. · View Herald Transcript
paulkirth requested review of this revision.Mar 2 2023, 4:29 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 2 2023, 4:29 PM
Herald added subscribers: llvm-commits, pcwang-thead, eopXD, MaskRay. · View Herald Transcript
paulkirth edited the summary of this revision. (Show Details)Mar 2 2023, 4:39 PM
paulkirth added reviewers: jrtc27, asb.
Harbormaster completed remote builds in B217090: Diff 502024.Mar 2 2023, 5:51 PM
mcgrathr accepted this revision.Mar 6 2023, 11:32 AM
mcgrathr added inline comments.
llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
84

This is only safe to do with a one-byte buffer since you know the value fits.
It should at the very least have an assertion that encodeSLEB128 returned 1.
But just using -SlotSize & 0x7f would be more clearly safe.

This revision is now accepted and ready to land.Mar 6 2023, 11:32 AM
paulkirth updated this revision to Diff 502756.Mar 6 2023, 12:24 PM
paulkirth marked an inline comment as done.
paulkirth edited the summary of this revision. (Show Details)

Directly compute the SLEB128 value.

Harbormaster completed remote builds in B217667: Diff 502756.Mar 6 2023, 4:40 PM
paulkirth added a comment.Mar 8 2023, 1:52 PM

@jrtc27 @asb Any feedback on this? I'd like to land it, but wanted RISC-V maintainers to take a look. If there are no objections, I'll land this tomorrow.

jrtc27 added inline comments.Mar 8 2023, 2:30 PM
llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
87

getDwarfRegNum with SCSPReg

88

Similarly don't hard-code (up to you whether you unconditionally use bregx or branch on whether reg num is < 32)

90

AArch64 does the cast before the mask, should be consistent

154

Also don't hard-code

mcgrathr added inline comments.Mar 8 2023, 6:21 PM
llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
88

Definitely don't use bregx. That takes another byte and CFI size is precious. Just use DW_OP_breg0 + n after an assertion that n < 32 because it actually is (it's 18 and will only ever be 18).

paulkirth updated this revision to Diff 503817.Mar 9 2023, 9:56 AM
paulkirth marked 4 inline comments as done.

Address comments

llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
88

I don't see a good way to not directly encode the length of the following expression without making this much more complex.

Harbormaster completed remote builds in B218424: Diff 503817.Mar 9 2023, 11:20 AM
Closed by commit rGade336d6e141: [codegen][riscv] Emit CFI directives when using shadow call stack (authored by paulkirth). · Explain WhyMar 15 2023, 10:10 AM
This revision was automatically updated to reflect the committed changes.
paulkirth added a commit: rGade336d6e141: [codegen][riscv] Emit CFI directives when using shadow call stack.
Herald added a subscriber: jobnoorman. · View Herald TranscriptMar 15 2023, 10:10 AM

Revision Contents

PathSize
llvm/
lib/
Target/
RISCV/
29 lines
test/
CodeGen/
RISCV/
8 lines

Diff 505547

llvm/lib/Target/RISCV/RISCVFrameLowering.cpp

Show All 30 Lines
// User should explicitly set -ffixed-x18 and not use x18 in their asm. // User should explicitly set -ffixed-x18 and not use x18 in their asm.
static void emitSCSPrologue(MachineFunction &MF, MachineBasicBlock &MBB, static void emitSCSPrologue(MachineFunction &MF, MachineBasicBlock &MBB,
MachineBasicBlock::iterator MI, MachineBasicBlock::iterator MI,
const DebugLoc &DL) { const DebugLoc &DL) {
if (!MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack)) if (!MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack))
return; return;
const auto &STI = MF.getSubtarget<RISCVSubtarget>(); const auto &STI = MF.getSubtarget<RISCVSubtarget>();
Register RAReg = STI.getRegisterInfo()->getRARegister(); const llvm::RISCVRegisterInfo *TRI = STI.getRegisterInfo();
Register RAReg = TRI->getRARegister();
// Do not save RA to the SCS if it's not saved to the regular stack, // Do not save RA to the SCS if it's not saved to the regular stack,
// i.e. RA is not at risk of being overwritten. // i.e. RA is not at risk of being overwritten.
std::vector<CalleeSavedInfo> &CSI = MF.getFrameInfo().getCalleeSavedInfo(); std::vector<CalleeSavedInfo> &CSI = MF.getFrameInfo().getCalleeSavedInfo();
if (llvm::none_of( if (llvm::none_of(
CSI, [&](CalleeSavedInfo &CSR) { return CSR.getReg() == RAReg; })) CSI, [&](CalleeSavedInfo &CSR) { return CSR.getReg() == RAReg; }))
return; return;
Show All 25 Lines BuildMI(MBB, MI, DL, TII->get(IsRV64 ? RISCV::SD : RISCV::SW))
.addReg(SCSPReg) .addReg(SCSPReg)
.addImm(0) .addImm(0)
.setMIFlag(MachineInstr::FrameSetup); .setMIFlag(MachineInstr::FrameSetup);
BuildMI(MBB, MI, DL, TII->get(RISCV::ADDI)) BuildMI(MBB, MI, DL, TII->get(RISCV::ADDI))
.addReg(SCSPReg, RegState::Define) .addReg(SCSPReg, RegState::Define)
.addReg(SCSPReg) .addReg(SCSPReg)
.addImm(SlotSize) .addImm(SlotSize)
.setMIFlag(MachineInstr::FrameSetup); .setMIFlag(MachineInstr::FrameSetup);
// Emit a CFI instruction that causes SlotSize to be subtracted from the value
// of the shadow stack pointer when unwinding past this frame.
mcgrathrUnsubmitted
Done
ReplyInline Actions

This is only safe to do with a one-byte buffer since you know the value fits.
It should at the very least have an assertion that encodeSLEB128 returned 1.
But just using -SlotSize & 0x7f would be more clearly safe.

mcgrathr: This is only safe to do with a one-byte buffer since you know the value fits. It should at the…
char DwarfSCSReg = TRI->getDwarfRegNum(SCSPReg, /*IsEH*/ true);
assert(DwarfSCSReg < 32 && "SCS Register should be < 32 (X18).");
jrtc27Unsubmitted
Done
ReplyInline Actions

getDwarfRegNum with SCSPReg

jrtc27: getDwarfRegNum with SCSPReg
char Offset = static_cast<char>(-SlotSize) & 0x7f;
jrtc27Unsubmitted
Not Done
ReplyInline Actions

Similarly don't hard-code (up to you whether you unconditionally use bregx or branch on whether reg num is < 32)

jrtc27: Similarly don't hard-code (up to you whether you unconditionally use bregx or branch on whether…
mcgrathrUnsubmitted
Done
ReplyInline Actions

Definitely don't use bregx. That takes another byte and CFI size is precious. Just use DW_OP_breg0 + n after an assertion that n < 32 because it actually is (it's 18 and will only ever be 18).

mcgrathr: Definitely don't use bregx. That takes another byte and CFI size is precious. Just use…
paulkirthAuthorUnsubmitted
Done
ReplyInline Actions

I don't see a good way to not directly encode the length of the following expression without making this much more complex.

paulkirth: I don't see a good way to not directly encode the length of the following expression without…
const char CFIInst[] = {
dwarf::DW_CFA_val_expression,
jrtc27Unsubmitted
Done
ReplyInline Actions

AArch64 does the cast before the mask, should be consistent

jrtc27: AArch64 does the cast before the mask, should be consistent
DwarfSCSReg, // register
2, // length
static_cast<char>(unsigned(dwarf::DW_OP_breg0 + DwarfSCSReg)),
Offset, // addend (sleb128)
};
unsigned CFIIndex = MF.addFrameInst(MCCFIInstruction::createEscape(
nullptr, StringRef(CFIInst, sizeof(CFIInst))));
BuildMI(MBB, MI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
.addCFIIndex(CFIIndex)
.setMIFlag(MachineInstr::FrameSetup);
} }
static void emitSCSEpilogue(MachineFunction &MF, MachineBasicBlock &MBB, static void emitSCSEpilogue(MachineFunction &MF, MachineBasicBlock &MBB,
MachineBasicBlock::iterator MI, MachineBasicBlock::iterator MI,
const DebugLoc &DL) { const DebugLoc &DL) {
if (!MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack)) if (!MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack))
return; return;
Show All 34 Lines BuildMI(MBB, MI, DL, TII->get(IsRV64 ? RISCV::LD : RISCV::LW))
.addReg(SCSPReg) .addReg(SCSPReg)
.addImm(-SlotSize) .addImm(-SlotSize)
.setMIFlag(MachineInstr::FrameDestroy); .setMIFlag(MachineInstr::FrameDestroy);
BuildMI(MBB, MI, DL, TII->get(RISCV::ADDI)) BuildMI(MBB, MI, DL, TII->get(RISCV::ADDI))
.addReg(SCSPReg, RegState::Define) .addReg(SCSPReg, RegState::Define)
.addReg(SCSPReg) .addReg(SCSPReg)
.addImm(-SlotSize) .addImm(-SlotSize)
.setMIFlag(MachineInstr::FrameDestroy); .setMIFlag(MachineInstr::FrameDestroy);
// Restore the SCS pointer
unsigned CFIIndex = MF.addFrameInst(MCCFIInstruction::createRestore(
nullptr, STI.getRegisterInfo()->getDwarfRegNum(SCSPReg, /*IsEH*/ true)));
jrtc27Unsubmitted
Done
ReplyInline Actions

Also don't hard-code

jrtc27: Also don't hard-code
BuildMI(MBB, MI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
.addCFIIndex(CFIIndex)
.setMIFlags(MachineInstr::FrameDestroy);
} }
// Get the ID of the libcall used for spilling and restoring callee saved // Get the ID of the libcall used for spilling and restoring callee saved
// registers. The ID is representative of the number of registers saved or // registers. The ID is representative of the number of registers saved or
// restored by the libcall, except it is zero-indexed - ID 0 corresponds to a // restored by the libcall, except it is zero-indexed - ID 0 corresponds to a
// single register. // single register.
static int getLibCallID(const MachineFunction &MF, static int getLibCallID(const MachineFunction &MF,
const std::vector<CalleeSavedInfo> &CSI) { const std::vector<CalleeSavedInfo> &CSI) {
▲ Show 20 LinesShow All 1,231 LinesShow Last 20 Lines

llvm/test/CodeGen/RISCV/shadowcallstack.ll

Show All 30 Lines
declare i32 @bar() declare i32 @bar()
define i32 @f3() shadowcallstack { define i32 @f3() shadowcallstack {
; RV32-LABEL: f3: ; RV32-LABEL: f3:
; RV32: # %bb.0: ; RV32: # %bb.0:
; RV32-NEXT: sw ra, 0(s2) ; RV32-NEXT: sw ra, 0(s2)
; RV32-NEXT: addi s2, s2, 4 ; RV32-NEXT: addi s2, s2, 4
; RV32-NEXT: .cfi_escape 0x16, 0x12, 0x02, 0x82, 0x7c #
; RV32-NEXT: addi sp, sp, -16 ; RV32-NEXT: addi sp, sp, -16
; RV32-NEXT: .cfi_def_cfa_offset 16 ; RV32-NEXT: .cfi_def_cfa_offset 16
; RV32-NEXT: sw ra, 12(sp) # 4-byte Folded Spill ; RV32-NEXT: sw ra, 12(sp) # 4-byte Folded Spill
; RV32-NEXT: .cfi_offset ra, -4 ; RV32-NEXT: .cfi_offset ra, -4
; RV32-NEXT: call bar@plt ; RV32-NEXT: call bar@plt
; RV32-NEXT: lw ra, 12(sp) # 4-byte Folded Reload ; RV32-NEXT: lw ra, 12(sp) # 4-byte Folded Reload
; RV32-NEXT: addi sp, sp, 16 ; RV32-NEXT: addi sp, sp, 16
; RV32-NEXT: lw ra, -4(s2) ; RV32-NEXT: lw ra, -4(s2)
; RV32-NEXT: addi s2, s2, -4 ; RV32-NEXT: addi s2, s2, -4
; RV32-NEXT: .cfi_restore s2
; RV32-NEXT: ret ; RV32-NEXT: ret
; ;
; RV64-LABEL: f3: ; RV64-LABEL: f3:
; RV64: # %bb.0: ; RV64: # %bb.0:
; RV64-NEXT: sd ra, 0(s2) ; RV64-NEXT: sd ra, 0(s2)
; RV64-NEXT: addi s2, s2, 8 ; RV64-NEXT: addi s2, s2, 8
; RV64-NEXT: .cfi_escape 0x16, 0x12, 0x02, 0x82, 0x78 #
; RV64-NEXT: addi sp, sp, -16 ; RV64-NEXT: addi sp, sp, -16
; RV64-NEXT: .cfi_def_cfa_offset 16 ; RV64-NEXT: .cfi_def_cfa_offset 16
; RV64-NEXT: sd ra, 8(sp) # 8-byte Folded Spill ; RV64-NEXT: sd ra, 8(sp) # 8-byte Folded Spill
; RV64-NEXT: .cfi_offset ra, -8 ; RV64-NEXT: .cfi_offset ra, -8
; RV64-NEXT: call bar@plt ; RV64-NEXT: call bar@plt
; RV64-NEXT: ld ra, 8(sp) # 8-byte Folded Reload ; RV64-NEXT: ld ra, 8(sp) # 8-byte Folded Reload
; RV64-NEXT: addi sp, sp, 16 ; RV64-NEXT: addi sp, sp, 16
; RV64-NEXT: ld ra, -8(s2) ; RV64-NEXT: ld ra, -8(s2)
; RV64-NEXT: addi s2, s2, -8 ; RV64-NEXT: addi s2, s2, -8
; RV64-NEXT: .cfi_restore s2
; RV64-NEXT: ret ; RV64-NEXT: ret
%res = call i32 @bar() %res = call i32 @bar()
%res1 = add i32 %res, 1 %res1 = add i32 %res, 1
ret i32 %res ret i32 %res
} }
define i32 @f4() shadowcallstack { define i32 @f4() shadowcallstack {
; RV32-LABEL: f4: ; RV32-LABEL: f4:
; RV32: # %bb.0: ; RV32: # %bb.0:
; RV32-NEXT: sw ra, 0(s2) ; RV32-NEXT: sw ra, 0(s2)
; RV32-NEXT: addi s2, s2, 4 ; RV32-NEXT: addi s2, s2, 4
; RV32-NEXT: .cfi_escape 0x16, 0x12, 0x02, 0x82, 0x7c #
; RV32-NEXT: addi sp, sp, -16 ; RV32-NEXT: addi sp, sp, -16
; RV32-NEXT: .cfi_def_cfa_offset 16 ; RV32-NEXT: .cfi_def_cfa_offset 16
; RV32-NEXT: sw ra, 12(sp) # 4-byte Folded Spill ; RV32-NEXT: sw ra, 12(sp) # 4-byte Folded Spill
; RV32-NEXT: sw s0, 8(sp) # 4-byte Folded Spill ; RV32-NEXT: sw s0, 8(sp) # 4-byte Folded Spill
; RV32-NEXT: sw s1, 4(sp) # 4-byte Folded Spill ; RV32-NEXT: sw s1, 4(sp) # 4-byte Folded Spill
; RV32-NEXT: sw s3, 0(sp) # 4-byte Folded Spill ; RV32-NEXT: sw s3, 0(sp) # 4-byte Folded Spill
; RV32-NEXT: .cfi_offset ra, -4 ; RV32-NEXT: .cfi_offset ra, -4
; RV32-NEXT: .cfi_offset s0, -8 ; RV32-NEXT: .cfi_offset s0, -8
Show All 11 Lines
; RV32-NEXT: add a0, s0, a0 ; RV32-NEXT: add a0, s0, a0
; RV32-NEXT: lw ra, 12(sp) # 4-byte Folded Reload ; RV32-NEXT: lw ra, 12(sp) # 4-byte Folded Reload
; RV32-NEXT: lw s0, 8(sp) # 4-byte Folded Reload ; RV32-NEXT: lw s0, 8(sp) # 4-byte Folded Reload
; RV32-NEXT: lw s1, 4(sp) # 4-byte Folded Reload ; RV32-NEXT: lw s1, 4(sp) # 4-byte Folded Reload
; RV32-NEXT: lw s3, 0(sp) # 4-byte Folded Reload ; RV32-NEXT: lw s3, 0(sp) # 4-byte Folded Reload
; RV32-NEXT: addi sp, sp, 16 ; RV32-NEXT: addi sp, sp, 16
; RV32-NEXT: lw ra, -4(s2) ; RV32-NEXT: lw ra, -4(s2)
; RV32-NEXT: addi s2, s2, -4 ; RV32-NEXT: addi s2, s2, -4
; RV32-NEXT: .cfi_restore s2
; RV32-NEXT: ret ; RV32-NEXT: ret
; ;
; RV64-LABEL: f4: ; RV64-LABEL: f4:
; RV64: # %bb.0: ; RV64: # %bb.0:
; RV64-NEXT: sd ra, 0(s2) ; RV64-NEXT: sd ra, 0(s2)
; RV64-NEXT: addi s2, s2, 8 ; RV64-NEXT: addi s2, s2, 8
; RV64-NEXT: .cfi_escape 0x16, 0x12, 0x02, 0x82, 0x78 #
; RV64-NEXT: addi sp, sp, -32 ; RV64-NEXT: addi sp, sp, -32
; RV64-NEXT: .cfi_def_cfa_offset 32 ; RV64-NEXT: .cfi_def_cfa_offset 32
; RV64-NEXT: sd ra, 24(sp) # 8-byte Folded Spill ; RV64-NEXT: sd ra, 24(sp) # 8-byte Folded Spill
; RV64-NEXT: sd s0, 16(sp) # 8-byte Folded Spill ; RV64-NEXT: sd s0, 16(sp) # 8-byte Folded Spill
; RV64-NEXT: sd s1, 8(sp) # 8-byte Folded Spill ; RV64-NEXT: sd s1, 8(sp) # 8-byte Folded Spill
; RV64-NEXT: sd s3, 0(sp) # 8-byte Folded Spill ; RV64-NEXT: sd s3, 0(sp) # 8-byte Folded Spill
; RV64-NEXT: .cfi_offset ra, -8 ; RV64-NEXT: .cfi_offset ra, -8
; RV64-NEXT: .cfi_offset s0, -16 ; RV64-NEXT: .cfi_offset s0, -16
Show All 11 Lines
; RV64-NEXT: addw a0, s0, a0 ; RV64-NEXT: addw a0, s0, a0
; RV64-NEXT: ld ra, 24(sp) # 8-byte Folded Reload ; RV64-NEXT: ld ra, 24(sp) # 8-byte Folded Reload
; RV64-NEXT: ld s0, 16(sp) # 8-byte Folded Reload ; RV64-NEXT: ld s0, 16(sp) # 8-byte Folded Reload
; RV64-NEXT: ld s1, 8(sp) # 8-byte Folded Reload ; RV64-NEXT: ld s1, 8(sp) # 8-byte Folded Reload
; RV64-NEXT: ld s3, 0(sp) # 8-byte Folded Reload ; RV64-NEXT: ld s3, 0(sp) # 8-byte Folded Reload
; RV64-NEXT: addi sp, sp, 32 ; RV64-NEXT: addi sp, sp, 32
; RV64-NEXT: ld ra, -8(s2) ; RV64-NEXT: ld ra, -8(s2)
; RV64-NEXT: addi s2, s2, -8 ; RV64-NEXT: addi s2, s2, -8
; RV64-NEXT: .cfi_restore s2
; RV64-NEXT: ret ; RV64-NEXT: ret
%res1 = call i32 @bar() %res1 = call i32 @bar()
%res2 = call i32 @bar() %res2 = call i32 @bar()
%res3 = call i32 @bar() %res3 = call i32 @bar()
%res4 = call i32 @bar() %res4 = call i32 @bar()
%res12 = add i32 %res1, %res2 %res12 = add i32 %res1, %res2
%res34 = add i32 %res3, %res4 %res34 = add i32 %res3, %res4
%res1234 = add i32 %res12, %res34 %res1234 = add i32 %res12, %res34
Show All 33 Lines