This is an archive of the discontinued LLVM Phabricator instance.

lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
4466–4471 ↗	(On Diff #41096)	Can you please split this out into a separate change with its own test case?
lib/Transforms/Instrumentation/SafeStack.cpp
60	*Arguments
243–248	Seems simpler to have the caller pass in the size (or just the type) instead of computing it here.
504	Is it necessary to cast the result of `getNextNode` (here and elsewhere)? Looks like it already returns an instruction (see e.g. line 516).
test/Transforms/SafeStack/debug-loc.ll
17–21	This should all live next to the code so that it is clear what corresponds to what.
27	Should this be checking for specific constants? (same below)

eugenis updated this revision to Diff 41204.Nov 25 2015, 5:34 PM

eugenis marked 5 inline comments as done.

eugenis added inline comments.

lib/Transforms/Instrumentation/SafeStack.cpp
504	Right, it works without a cast. Fixed in multiple places.

Lgtm once sdag change lands.

Do you also need to handle inalloca?

There's not much we can do about inallocah because it represents an ABI break if we move them to the unsafe stack. This only affects windows right?

Peter

Would it be possible to handle inalloca by copying it onto the unsafe stack and then back before the return from the function? We would need to handle exceptional control flow as well, which could be quite complicated.

That would break things, unfortunately. Consider this code:

A *ptr;

struct A {
  A() {
    ptr = this;
  }
};

void f(A a) {
 assert(ptr == &a);
}

void g() {
  f(A());
}

If we make a copy of a in f, the assertion would fail.

rebase

lgtm'd by pcc earlier

This revision is now accepted and ready to land.Nov 30 2015, 4:42 PM

r254353
Thanks for the review.

Revision Contents

Path

Size

include/

llvm/

Transforms/

Utils/

Local.h

18 lines

lib/

Transforms/

Instrumentation/

SafeStack.cpp

149 lines

Utils/

Local.cpp

16 lines

test/

Transforms/

SafeStack/

byval.ll

51 lines

debug-loc.ll

118 lines

Diff 41454

include/llvm/Transforms/Utils/Local.h

	Show First 20 Lines • Show All 265 Lines • ▼ Show 20 Lines
	/// LowerDbgDeclare - Lowers llvm.dbg.declare intrinsics into appropriate set			/// LowerDbgDeclare - Lowers llvm.dbg.declare intrinsics into appropriate set
	/// of llvm.dbg.value intrinsics.			/// of llvm.dbg.value intrinsics.
	bool LowerDbgDeclare(Function &F);			bool LowerDbgDeclare(Function &F);

	/// FindAllocaDbgDeclare - Finds the llvm.dbg.declare intrinsic corresponding to			/// FindAllocaDbgDeclare - Finds the llvm.dbg.declare intrinsic corresponding to
	/// an alloca, if any.			/// an alloca, if any.
	DbgDeclareInst FindAllocaDbgDeclare(Value V);			DbgDeclareInst FindAllocaDbgDeclare(Value V);

	/// \brief Replaces llvm.dbg.declare instruction when an alloca is replaced with			/// \brief Replaces llvm.dbg.declare instruction when the address it describes
	/// a new value. If Deref is true, an additional DW_OP_deref is prepended to the			/// is replaced with a new value. If Deref is true, an additional DW_OP_deref is
	/// expression. If Offset is non-zero, a constant displacement is added to the			/// prepended to the expression. If Offset is non-zero, a constant displacement
	/// expression (after the optional Deref). Offset can be negative.			/// is added to the expression (after the optional Deref). Offset can be
				/// negative.
				bool replaceDbgDeclare(Value Address, Value NewAddress,
				Instruction *InsertBefore, DIBuilder &Builder,
				bool Deref, int Offset);

				/// \brief Replaces llvm.dbg.declare instruction when the alloca it describes
				/// is replaced with a new value. If Deref is true, an additional DW_OP_deref is
				/// prepended to the expression. If Offset is non-zero, a constant displacement
				/// is added to the expression (after the optional Deref). Offset can be
				/// negative. New llvm.dbg.declare is inserted immediately before AI.
	bool replaceDbgDeclareForAlloca(AllocaInst AI, Value NewAllocaAddress,			bool replaceDbgDeclareForAlloca(AllocaInst AI, Value NewAllocaAddress,
	DIBuilder &Builder, bool Deref, int Offset = 0);			DIBuilder &Builder, bool Deref, int Offset = 0);

	/// Replace 'BB's terminator with one that does not have an unwind successor			/// Replace 'BB's terminator with one that does not have an unwind successor
	/// block. Rewrites `invoke` to `call`, `catchendpad unwind label %foo` to			/// block. Rewrites `invoke` to `call`, `catchendpad unwind label %foo` to
	/// `catchendpad unwind to caller`, etc. Updates any PHIs in unwind successor.			/// `catchendpad unwind to caller`, etc. Updates any PHIs in unwind successor.
	///			///
	/// \param BB Block whose terminator will be replaced. Its terminator must			/// \param BB Block whose terminator will be replaced. Its terminator must
	Show All 36 Lines

lib/Transforms/Instrumentation/SafeStack.cpp

Show First 20 Lines • Show All 51 Lines • ▼ Show 20 Lines
STATISTIC(NumFunctions, "Total number of functions");		STATISTIC(NumFunctions, "Total number of functions");
STATISTIC(NumUnsafeStackFunctions, "Number of functions with unsafe stack");		STATISTIC(NumUnsafeStackFunctions, "Number of functions with unsafe stack");
STATISTIC(NumUnsafeStackRestorePointsFunctions,		STATISTIC(NumUnsafeStackRestorePointsFunctions,
"Number of functions that use setjmp or exceptions");		"Number of functions that use setjmp or exceptions");

STATISTIC(NumAllocas, "Total number of allocas");		STATISTIC(NumAllocas, "Total number of allocas");
STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas");		STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas");
STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas");		STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas");
		STATISTIC(NumUnsafeByValArguments, "Number of unsafe byval arguments");
		pccUnsubmitted Done Reply Inline Actions Arguments pcc:* *Arguments
STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads");		STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads");

} // namespace llvm		} // namespace llvm

namespace {		namespace {

/// Rewrite an SCEV expression for a memory access address to an expression that		/// Rewrite an SCEV expression for a memory access address to an expression that
/// represents offset from the given alloca.		/// represents offset from the given alloca.
///		///
/// The implementation simply replaces all mentions of the alloca with zero.		/// The implementation simply replaces all mentions of the alloca with zero.
class AllocaOffsetRewriter : public SCEVRewriteVisitor<AllocaOffsetRewriter> {		class AllocaOffsetRewriter : public SCEVRewriteVisitor<AllocaOffsetRewriter> {
const AllocaInst *AI;		const Value *AllocaPtr;

public:		public:
AllocaOffsetRewriter(ScalarEvolution &SE, const AllocaInst *AI)		AllocaOffsetRewriter(ScalarEvolution &SE, const Value *AllocaPtr)
: SCEVRewriteVisitor(SE), AI(AI) {}		: SCEVRewriteVisitor(SE), AllocaPtr(AllocaPtr) {}

const SCEV visitUnknown(const SCEVUnknown Expr) {		const SCEV visitUnknown(const SCEVUnknown Expr) {
if (Expr->getValue() == AI)		if (Expr->getValue() == AllocaPtr)
return SE.getZero(Expr->getType());		return SE.getZero(Expr->getType());
return Expr;		return Expr;
}		}
};		};

/// The SafeStack pass splits the stack of each function into the safe		/// The SafeStack pass splits the stack of each function into the safe
/// stack, which is only accessed through memory safe dereferences (as		/// stack, which is only accessed through memory safe dereferences (as
/// determined statically), and the unsafe stack, which contains all		/// determined statically), and the unsafe stack, which contains all
Show All 23 Lines	class SafeStack : public FunctionPass {
/// \brief Build a value representing a pointer to the unsafe stack pointer.		/// \brief Build a value representing a pointer to the unsafe stack pointer.
Value *getOrCreateUnsafeStackPtr(IRBuilder<> &IRB, Function &F);		Value *getOrCreateUnsafeStackPtr(IRBuilder<> &IRB, Function &F);

/// \brief Find all static allocas, dynamic allocas, return instructions and		/// \brief Find all static allocas, dynamic allocas, return instructions and
/// stack restore points (exception unwind blocks and setjmp calls) in the		/// stack restore points (exception unwind blocks and setjmp calls) in the
/// given function and append them to the respective vectors.		/// given function and append them to the respective vectors.
void findInsts(Function &F, SmallVectorImpl<AllocaInst *> &StaticAllocas,		void findInsts(Function &F, SmallVectorImpl<AllocaInst *> &StaticAllocas,
SmallVectorImpl<AllocaInst *> &DynamicAllocas,		SmallVectorImpl<AllocaInst *> &DynamicAllocas,
		SmallVectorImpl<Argument *> &ByValArguments,
SmallVectorImpl<ReturnInst *> &Returns,		SmallVectorImpl<ReturnInst *> &Returns,
SmallVectorImpl<Instruction *> &StackRestorePoints);		SmallVectorImpl<Instruction *> &StackRestorePoints);

/// \brief Calculate the allocation size of a given alloca. Returns 0 if the		/// \brief Calculate the allocation size of a given alloca. Returns 0 if the
/// size can not be statically determined.		/// size can not be statically determined.
uint64_t getStaticAllocaAllocationSize(const AllocaInst* AI);		uint64_t getStaticAllocaAllocationSize(const AllocaInst* AI);

/// \brief Allocate space for all static allocas in \p StaticAllocas,		/// \brief Allocate space for all static allocas in \p StaticAllocas,
/// replace allocas with pointers into the unsafe stack and generate code to		/// replace allocas with pointers into the unsafe stack and generate code to
/// restore the stack pointer before all return instructions in \p Returns.		/// restore the stack pointer before all return instructions in \p Returns.
///		///
/// \returns A pointer to the top of the unsafe stack after all unsafe static		/// \returns A pointer to the top of the unsafe stack after all unsafe static
/// allocas are allocated.		/// allocas are allocated.
Value *moveStaticAllocasToUnsafeStack(IRBuilder<> &IRB, Function &F,		Value *moveStaticAllocasToUnsafeStack(IRBuilder<> &IRB, Function &F,
ArrayRef<AllocaInst *> StaticAllocas,		ArrayRef<AllocaInst *> StaticAllocas,
		ArrayRef<Argument *> ByValArguments,
ArrayRef<ReturnInst *> Returns);		ArrayRef<ReturnInst *> Returns);

/// \brief Generate code to restore the stack after all stack restore points		/// \brief Generate code to restore the stack after all stack restore points
/// in \p StackRestorePoints.		/// in \p StackRestorePoints.
///		///
/// \returns A local variable in which to maintain the dynamic top of the		/// \returns A local variable in which to maintain the dynamic top of the
/// unsafe stack if needed.		/// unsafe stack if needed.
AllocaInst *		AllocaInst *
createStackRestorePoints(IRBuilder<> &IRB, Function &F,		createStackRestorePoints(IRBuilder<> &IRB, Function &F,
ArrayRef<Instruction *> StackRestorePoints,		ArrayRef<Instruction *> StackRestorePoints,
Value *StaticTop, bool NeedDynamicTop);		Value *StaticTop, bool NeedDynamicTop);

/// \brief Replace all allocas in \p DynamicAllocas with code to allocate		/// \brief Replace all allocas in \p DynamicAllocas with code to allocate
/// space dynamically on the unsafe stack and store the dynamic unsafe stack		/// space dynamically on the unsafe stack and store the dynamic unsafe stack
/// top to \p DynamicTop if non-null.		/// top to \p DynamicTop if non-null.
void moveDynamicAllocasToUnsafeStack(Function &F, Value *UnsafeStackPtr,		void moveDynamicAllocasToUnsafeStack(Function &F, Value *UnsafeStackPtr,
AllocaInst *DynamicTop,		AllocaInst *DynamicTop,
ArrayRef<AllocaInst *> DynamicAllocas);		ArrayRef<AllocaInst *> DynamicAllocas);

bool IsSafeStackAlloca(const AllocaInst *AI);		bool IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize);

bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,		bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
const AllocaInst *AI);		const Value *AllocaPtr, uint64_t AllocaSize);
bool IsAccessSafe(Value Addr, uint64_t Size, const AllocaInst AI);		bool IsAccessSafe(Value Addr, uint64_t Size, const Value AllocaPtr,
		uint64_t AllocaSize);

public:		public:
static char ID; // Pass identification, replacement for typeid.		static char ID; // Pass identification, replacement for typeid.
SafeStack(const TargetMachine *TM)		SafeStack(const TargetMachine *TM)
: FunctionPass(ID), TM(TM), TL(nullptr), DL(nullptr) {		: FunctionPass(ID), TM(TM), TL(nullptr), DL(nullptr) {
initializeSafeStackPass(*PassRegistry::getPassRegistry());		initializeSafeStackPass(*PassRegistry::getPassRegistry());
}		}
SafeStack() : SafeStack(nullptr) {}		SafeStack() : SafeStack(nullptr) {}
Show All 22 Lines	if (AI->isArrayAllocation()) {
auto C = dyn_cast<ConstantInt>(AI->getArraySize());		auto C = dyn_cast<ConstantInt>(AI->getArraySize());
if (!C)		if (!C)
return 0;		return 0;
Size *= C->getZExtValue();		Size *= C->getZExtValue();
}		}
return Size;		return Size;
}		}

bool SafeStack::IsAccessSafe(Value Addr, uint64_t Size, const AllocaInst AI) {		bool SafeStack::IsAccessSafe(Value *Addr, uint64_t AccessSize,
AllocaOffsetRewriter Rewriter(*SE, AI);		const Value *AllocaPtr, uint64_t AllocaSize) {
		AllocaOffsetRewriter Rewriter(*SE, AllocaPtr);
const SCEV *Expr = Rewriter.visit(SE->getSCEV(Addr));		const SCEV *Expr = Rewriter.visit(SE->getSCEV(Addr));

uint64_t BitWidth = SE->getTypeSizeInBits(Expr->getType());		uint64_t BitWidth = SE->getTypeSizeInBits(Expr->getType());
ConstantRange AccessStartRange = SE->getUnsignedRange(Expr);		ConstantRange AccessStartRange = SE->getUnsignedRange(Expr);
ConstantRange SizeRange =		ConstantRange SizeRange =
ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, Size));		ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AccessSize));
ConstantRange AccessRange = AccessStartRange.add(SizeRange);		ConstantRange AccessRange = AccessStartRange.add(SizeRange);
ConstantRange AllocaRange = ConstantRange(		ConstantRange AllocaRange =
APInt(BitWidth, 0), APInt(BitWidth, getStaticAllocaAllocationSize(AI)));		ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AllocaSize));
bool Safe = AllocaRange.contains(AccessRange);		bool Safe = AllocaRange.contains(AccessRange);

DEBUG(dbgs() << "[SafeStack] Alloca " << *AI << "\n"		DEBUG(dbgs() << "[SafeStack] "
		<< (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")
		<< *AllocaPtr << "\n"
<< " Access " << *Addr << "\n"		<< " Access " << *Addr << "\n"
<< " SCEV " << *Expr		<< " SCEV " << *Expr
<< " U: " << SE->getUnsignedRange(Expr)		<< " U: " << SE->getUnsignedRange(Expr)
<< ", S: " << SE->getSignedRange(Expr) << "\n"		<< ", S: " << SE->getSignedRange(Expr) << "\n"
<< " Range " << AccessRange << "\n"		<< " Range " << AccessRange << "\n"
<< " AllocaRange " << AllocaRange << "\n"		<< " AllocaRange " << AllocaRange << "\n"
<< " " << (Safe ? "safe" : "unsafe") << "\n");		<< " " << (Safe ? "safe" : "unsafe") << "\n");

return Safe;		return Safe;
}		}

bool SafeStack::IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,		bool SafeStack::IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
const AllocaInst *AI) {		const Value *AllocaPtr,
		uint64_t AllocaSize) {
// All MemIntrinsics have destination address in Arg0 and size in Arg2.		// All MemIntrinsics have destination address in Arg0 and size in Arg2.
if (MI->getRawDest() != U) return true;		if (MI->getRawDest() != U) return true;
const auto *Len = dyn_cast<ConstantInt>(MI->getLength());		const auto *Len = dyn_cast<ConstantInt>(MI->getLength());
// Non-constant size => unsafe. FIXME: try SCEV getRange.		// Non-constant size => unsafe. FIXME: try SCEV getRange.
if (!Len) return false;		if (!Len) return false;
return IsAccessSafe(U, Len->getZExtValue(), AI);		return IsAccessSafe(U, Len->getZExtValue(), AllocaPtr, AllocaSize);
}		}

/// Check whether a given alloca instruction (AI) should be put on the safe		/// Check whether a given allocation must be put on the safe
/// stack or not. The function analyzes all uses of AI and checks whether it is		/// stack or not. The function analyzes all uses of AI and checks whether it is
/// only accessed in a memory safe way (as decided statically).		/// only accessed in a memory safe way (as decided statically).
bool SafeStack::IsSafeStackAlloca(const AllocaInst *AI) {		bool SafeStack::IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize) {
// Go through all uses of this alloca and check whether all accesses to the		// Go through all uses of this alloca and check whether all accesses to the
// allocated object are statically known to be memory safe and, hence, the		// allocated object are statically known to be memory safe and, hence, the
// object can be placed on the safe stack.		// object can be placed on the safe stack.
SmallPtrSet<const Value *, 16> Visited;		SmallPtrSet<const Value *, 16> Visited;
SmallVector<const Instruction *, 8> WorkList;		SmallVector<const Value *, 8> WorkList;
WorkList.push_back(AI);		WorkList.push_back(AllocaPtr);

		pccUnsubmitted Done Reply Inline Actions Seems simpler to have the caller pass in the size (or just the type) instead of computing it here. pcc: Seems simpler to have the caller pass in the size (or just the type) instead of computing it…
// A DFS search through all uses of the alloca in bitcasts/PHI/GEPs/etc.		// A DFS search through all uses of the alloca in bitcasts/PHI/GEPs/etc.
while (!WorkList.empty()) {		while (!WorkList.empty()) {
const Instruction *V = WorkList.pop_back_val();		const Value *V = WorkList.pop_back_val();
for (const Use &UI : V->uses()) {		for (const Use &UI : V->uses()) {
auto I = cast<const Instruction>(UI.getUser());		auto I = cast<const Instruction>(UI.getUser());
assert(V == UI.get());		assert(V == UI.get());

switch (I->getOpcode()) {		switch (I->getOpcode()) {
case Instruction::Load: {		case Instruction::Load: {
if (!IsAccessSafe(UI, DL->getTypeStoreSize(I->getType()), AI))		if (!IsAccessSafe(UI, DL->getTypeStoreSize(I->getType()), AllocaPtr,
		AllocaSize))
return false;		return false;
break;		break;
}		}
case Instruction::VAArg:		case Instruction::VAArg:
// "va-arg" from a pointer is safe.		// "va-arg" from a pointer is safe.
break;		break;
case Instruction::Store: {		case Instruction::Store: {
if (V == I->getOperand(0)) {		if (V == I->getOperand(0)) {
// Stored the pointer - conservatively assume it may be unsafe.		// Stored the pointer - conservatively assume it may be unsafe.
DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AI		DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AllocaPtr
<< "\n store of address: " << *I << "\n");		<< "\n store of address: " << *I << "\n");
return false;		return false;
}		}

if (!IsAccessSafe(		if (!IsAccessSafe(UI, DL->getTypeStoreSize(I->getOperand(0)->getType()),
UI, DL->getTypeStoreSize(I->getOperand(0)->getType()), AI))		AllocaPtr, AllocaSize))
return false;		return false;
break;		break;
}		}
case Instruction::Ret: {		case Instruction::Ret: {
// Information leak.		// Information leak.
return false;		return false;
}		}

case Instruction::Call:		case Instruction::Call:
case Instruction::Invoke: {		case Instruction::Invoke: {
ImmutableCallSite CS(I);		ImmutableCallSite CS(I);

if (const IntrinsicInst *II = dyn_cast<IntrinsicInst>(I)) {		if (const IntrinsicInst *II = dyn_cast<IntrinsicInst>(I)) {
if (II->getIntrinsicID() == Intrinsic::lifetime_start \|\|		if (II->getIntrinsicID() == Intrinsic::lifetime_start \|\|
II->getIntrinsicID() == Intrinsic::lifetime_end)		II->getIntrinsicID() == Intrinsic::lifetime_end)
continue;		continue;
}		}

if (const MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {		if (const MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {
if (!IsMemIntrinsicSafe(MI, UI, AI)) {		if (!IsMemIntrinsicSafe(MI, UI, AllocaPtr, AllocaSize)) {
DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AI		DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AllocaPtr
<< "\n unsafe memintrinsic: " << *I		<< "\n unsafe memintrinsic: " << *I
<< "\n");		<< "\n");
return false;		return false;
}		}
continue;		continue;
}		}

// LLVM 'nocapture' attribute is only set for arguments whose address		// LLVM 'nocapture' attribute is only set for arguments whose address
// is not stored, passed around, or used in any other non-trivial way.		// is not stored, passed around, or used in any other non-trivial way.
// We assume that passing a pointer to an object as a 'nocapture		// We assume that passing a pointer to an object as a 'nocapture
// readnone' argument is safe.		// readnone' argument is safe.
// FIXME: a more precise solution would require an interprocedural		// FIXME: a more precise solution would require an interprocedural
// analysis here, which would look at all uses of an argument inside		// analysis here, which would look at all uses of an argument inside
// the function being called.		// the function being called.
ImmutableCallSite::arg_iterator B = CS.arg_begin(), E = CS.arg_end();		ImmutableCallSite::arg_iterator B = CS.arg_begin(), E = CS.arg_end();
for (ImmutableCallSite::arg_iterator A = B; A != E; ++A)		for (ImmutableCallSite::arg_iterator A = B; A != E; ++A)
if (A->get() == V)		if (A->get() == V)
if (!(CS.doesNotCapture(A - B) &&		if (!(CS.doesNotCapture(A - B) && (CS.doesNotAccessMemory(A - B) \|\|
(CS.doesNotAccessMemory(A - B) \|\| CS.doesNotAccessMemory()))) {		CS.doesNotAccessMemory()))) {
DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AI		DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AllocaPtr
<< "\n unsafe call: " << *I << "\n");		<< "\n unsafe call: " << *I << "\n");
return false;		return false;
}		}
continue;		continue;
}		}

default:		default:
if (Visited.insert(I).second)		if (Visited.insert(I).second)
Show All 34 Lines	if (!UnsafeStackPtr->isThreadLocal())
report_fatal_error(Twine(UnsafeStackPtrVar) + " must be thread-local");		report_fatal_error(Twine(UnsafeStackPtrVar) + " must be thread-local");
}		}
return UnsafeStackPtr;		return UnsafeStackPtr;
}		}

void SafeStack::findInsts(Function &F,		void SafeStack::findInsts(Function &F,
SmallVectorImpl<AllocaInst *> &StaticAllocas,		SmallVectorImpl<AllocaInst *> &StaticAllocas,
SmallVectorImpl<AllocaInst *> &DynamicAllocas,		SmallVectorImpl<AllocaInst *> &DynamicAllocas,
		SmallVectorImpl<Argument *> &ByValArguments,
SmallVectorImpl<ReturnInst *> &Returns,		SmallVectorImpl<ReturnInst *> &Returns,
SmallVectorImpl<Instruction *> &StackRestorePoints) {		SmallVectorImpl<Instruction *> &StackRestorePoints) {
for (Instruction &I : instructions(&F)) {		for (Instruction &I : instructions(&F)) {
if (auto AI = dyn_cast<AllocaInst>(&I)) {		if (auto AI = dyn_cast<AllocaInst>(&I)) {
++NumAllocas;		++NumAllocas;

if (IsSafeStackAlloca(AI))		uint64_t Size = getStaticAllocaAllocationSize(AI);
		if (IsSafeStackAlloca(AI, Size))
continue;		continue;

if (AI->isStaticAlloca()) {		if (AI->isStaticAlloca()) {
++NumUnsafeStaticAllocas;		++NumUnsafeStaticAllocas;
StaticAllocas.push_back(AI);		StaticAllocas.push_back(AI);
} else {		} else {
++NumUnsafeDynamicAllocas;		++NumUnsafeDynamicAllocas;
DynamicAllocas.push_back(AI);		DynamicAllocas.push_back(AI);
}		}
} else if (auto RI = dyn_cast<ReturnInst>(&I)) {		} else if (auto RI = dyn_cast<ReturnInst>(&I)) {
Returns.push_back(RI);		Returns.push_back(RI);
} else if (auto CI = dyn_cast<CallInst>(&I)) {		} else if (auto CI = dyn_cast<CallInst>(&I)) {
// setjmps require stack restore.		// setjmps require stack restore.
if (CI->getCalledFunction() && CI->canReturnTwice())		if (CI->getCalledFunction() && CI->canReturnTwice())
StackRestorePoints.push_back(CI);		StackRestorePoints.push_back(CI);
} else if (auto LP = dyn_cast<LandingPadInst>(&I)) {		} else if (auto LP = dyn_cast<LandingPadInst>(&I)) {
// Exception landing pads require stack restore.		// Exception landing pads require stack restore.
StackRestorePoints.push_back(LP);		StackRestorePoints.push_back(LP);
} else if (auto II = dyn_cast<IntrinsicInst>(&I)) {		} else if (auto II = dyn_cast<IntrinsicInst>(&I)) {
if (II->getIntrinsicID() == Intrinsic::gcroot)		if (II->getIntrinsicID() == Intrinsic::gcroot)
llvm::report_fatal_error(		llvm::report_fatal_error(
"gcroot intrinsic not compatible with safestack attribute");		"gcroot intrinsic not compatible with safestack attribute");
}		}
}		}
		for (Argument &Arg : F.args()) {
		if (!Arg.hasByValAttr())
		continue;
		uint64_t Size =
		DL->getTypeStoreSize(Arg.getType()->getPointerElementType());
		if (IsSafeStackAlloca(&Arg, Size))
		continue;

		++NumUnsafeByValArguments;
		ByValArguments.push_back(&Arg);
		}
}		}

AllocaInst *		AllocaInst *
SafeStack::createStackRestorePoints(IRBuilder<> &IRB, Function &F,		SafeStack::createStackRestorePoints(IRBuilder<> &IRB, Function &F,
ArrayRef<Instruction *> StackRestorePoints,		ArrayRef<Instruction *> StackRestorePoints,
Value *StaticTop, bool NeedDynamicTop) {		Value *StaticTop, bool NeedDynamicTop) {
if (StackRestorePoints.empty())		if (StackRestorePoints.empty())
return nullptr;		return nullptr;
Show All 18 Lines	SafeStack::createStackRestorePoints(IRBuilder<> &IRB, Function &F,

if (NeedDynamicTop)		if (NeedDynamicTop)
IRB.CreateStore(StaticTop, DynamicTop);		IRB.CreateStore(StaticTop, DynamicTop);

// Restore current stack pointer after longjmp/exception catch.		// Restore current stack pointer after longjmp/exception catch.
for (Instruction *I : StackRestorePoints) {		for (Instruction *I : StackRestorePoints) {
++NumUnsafeStackRestorePoints;		++NumUnsafeStackRestorePoints;

IRB.SetInsertPoint(cast<Instruction>(I->getNextNode()));		IRB.SetInsertPoint(I->getNextNode());
Value *CurrentTop = DynamicTop ? IRB.CreateLoad(DynamicTop) : StaticTop;		Value *CurrentTop = DynamicTop ? IRB.CreateLoad(DynamicTop) : StaticTop;
IRB.CreateStore(CurrentTop, UnsafeStackPtr);		IRB.CreateStore(CurrentTop, UnsafeStackPtr);
}		}

return DynamicTop;		return DynamicTop;
}		}

Value *		Value *SafeStack::moveStaticAllocasToUnsafeStack(
SafeStack::moveStaticAllocasToUnsafeStack(IRBuilder<> &IRB, Function &F,		IRBuilder<> &IRB, Function &F, ArrayRef<AllocaInst *> StaticAllocas,
ArrayRef<AllocaInst *> StaticAllocas,		ArrayRef<Argument > ByValArguments, ArrayRef<ReturnInst > Returns) {
ArrayRef<ReturnInst *> Returns) {		if (StaticAllocas.empty() && ByValArguments.empty())
if (StaticAllocas.empty())
return nullptr;		return nullptr;

DIBuilder DIB(*F.getParent());		DIBuilder DIB(*F.getParent());

// We explicitly compute and set the unsafe stack layout for all unsafe		// We explicitly compute and set the unsafe stack layout for all unsafe
// static alloca instructions. We save the unsafe "base pointer" in the		// static alloca instructions. We save the unsafe "base pointer" in the
// prologue into a local variable and restore it in the epilogue.		// prologue into a local variable and restore it in the epilogue.

// Load the current stack pointer (we'll also use it as a base pointer).		// Load the current stack pointer (we'll also use it as a base pointer).
// FIXME: use a dedicated register for it ?		// FIXME: use a dedicated register for it ?
Instruction *BasePointer =		Instruction *BasePointer =
IRB.CreateLoad(UnsafeStackPtr, false, "unsafe_stack_ptr");		IRB.CreateLoad(UnsafeStackPtr, false, "unsafe_stack_ptr");
assert(BasePointer->getType() == StackPtrTy);		assert(BasePointer->getType() == StackPtrTy);

for (ReturnInst *RI : Returns) {		for (ReturnInst *RI : Returns) {
IRB.SetInsertPoint(RI);		IRB.SetInsertPoint(RI);
IRB.CreateStore(BasePointer, UnsafeStackPtr);		IRB.CreateStore(BasePointer, UnsafeStackPtr);
}		}

// Compute maximum alignment among static objects on the unsafe stack.		// Compute maximum alignment among static objects on the unsafe stack.
unsigned MaxAlignment = 0;		unsigned MaxAlignment = 0;
		for (Argument *Arg : ByValArguments) {
		Type *Ty = Arg->getType()->getPointerElementType();
		unsigned Align = std::max((unsigned)DL->getPrefTypeAlignment(Ty),
		Arg->getParamAlignment());
		if (Align > MaxAlignment)
		MaxAlignment = Align;
		}
for (AllocaInst *AI : StaticAllocas) {		for (AllocaInst *AI : StaticAllocas) {
Type *Ty = AI->getAllocatedType();		Type *Ty = AI->getAllocatedType();
unsigned Align =		unsigned Align =
std::max((unsigned)DL->getPrefTypeAlignment(Ty), AI->getAlignment());		std::max((unsigned)DL->getPrefTypeAlignment(Ty), AI->getAlignment());
if (Align > MaxAlignment)		if (Align > MaxAlignment)
MaxAlignment = Align;		MaxAlignment = Align;
}		}

if (MaxAlignment > StackAlignment) {		if (MaxAlignment > StackAlignment) {
// Re-align the base pointer according to the max requested alignment.		// Re-align the base pointer according to the max requested alignment.
assert(isPowerOf2_32(MaxAlignment));		assert(isPowerOf2_32(MaxAlignment));
IRB.SetInsertPoint(cast<Instruction>(BasePointer->getNextNode()));		IRB.SetInsertPoint(BasePointer->getNextNode());
BasePointer = cast<Instruction>(IRB.CreateIntToPtr(		BasePointer = cast<Instruction>(IRB.CreateIntToPtr(
IRB.CreateAnd(IRB.CreatePtrToInt(BasePointer, IntPtrTy),		IRB.CreateAnd(IRB.CreatePtrToInt(BasePointer, IntPtrTy),
ConstantInt::get(IntPtrTy, ~uint64_t(MaxAlignment - 1))),		ConstantInt::get(IntPtrTy, ~uint64_t(MaxAlignment - 1))),
StackPtrTy));		StackPtrTy));
}		}

// Allocate space for every unsafe static AllocaInst on the unsafe stack.
int64_t StaticOffset = 0; // Current stack top.		int64_t StaticOffset = 0; // Current stack top.
		IRB.SetInsertPoint(BasePointer->getNextNode());
		pccUnsubmitted Not Done Reply Inline Actions Is it necessary to cast the result of `getNextNode` (here and elsewhere)? Looks like it already returns an instruction (see e.g. line 516). pcc: Is it necessary to cast the result of `getNextNode` (here and elsewhere)? Looks like it already…
		eugenisAuthorUnsubmitted Not Done Reply Inline Actions Right, it works without a cast. Fixed in multiple places. eugenis: Right, it works without a cast. Fixed in multiple places.

		for (Argument *Arg : ByValArguments) {
		Type *Ty = Arg->getType()->getPointerElementType();

		uint64_t Size = DL->getTypeStoreSize(Ty);
		if (Size == 0)
		Size = 1; // Don't create zero-sized stack objects.

		// Ensure the object is properly aligned.
		unsigned Align = std::max((unsigned)DL->getPrefTypeAlignment(Ty),
		Arg->getParamAlignment());

		// Add alignment.
		// NOTE: we ensure that BasePointer itself is aligned to >= Align.
		StaticOffset += Size;
		StaticOffset = RoundUpToAlignment(StaticOffset, Align);

		Value Off = IRB.CreateGEP(BasePointer, // BasePointer is i8
		ConstantInt::get(Int32Ty, -StaticOffset));
		Value *NewArg = IRB.CreateBitCast(Off, Arg->getType(),
		Arg->getName() + ".unsafe-byval");

		// Replace alloc with the new location.
		replaceDbgDeclare(Arg, BasePointer, BasePointer->getNextNode(), DIB,
		/Deref=/true, -StaticOffset);
		Arg->replaceAllUsesWith(NewArg);
		IRB.SetInsertPoint(cast<Instruction>(NewArg)->getNextNode());
		IRB.CreateMemCpy(Off, Arg, Size, Arg->getParamAlignment());
		}

		// Allocate space for every unsafe static AllocaInst on the unsafe stack.
for (AllocaInst *AI : StaticAllocas) {		for (AllocaInst *AI : StaticAllocas) {
IRB.SetInsertPoint(AI);		IRB.SetInsertPoint(AI);

Type *Ty = AI->getAllocatedType();		Type *Ty = AI->getAllocatedType();
uint64_t Size = getStaticAllocaAllocationSize(AI);		uint64_t Size = getStaticAllocaAllocationSize(AI);
if (Size == 0)		if (Size == 0)
Size = 1; // Don't create zero-sized stack objects.		Size = 1; // Don't create zero-sized stack objects.

Show All 19 Lines	Value *SafeStack::moveStaticAllocasToUnsafeStack(
}		}

// Re-align BasePointer so that our callees would see it aligned as		// Re-align BasePointer so that our callees would see it aligned as
// expected.		// expected.
// FIXME: no need to update BasePointer in leaf functions.		// FIXME: no need to update BasePointer in leaf functions.
StaticOffset = RoundUpToAlignment(StaticOffset, StackAlignment);		StaticOffset = RoundUpToAlignment(StaticOffset, StackAlignment);

// Update shadow stack pointer in the function epilogue.		// Update shadow stack pointer in the function epilogue.
IRB.SetInsertPoint(cast<Instruction>(BasePointer->getNextNode()));		IRB.SetInsertPoint(BasePointer->getNextNode());

Value *StaticTop =		Value *StaticTop =
IRB.CreateGEP(BasePointer, ConstantInt::get(Int32Ty, -StaticOffset),		IRB.CreateGEP(BasePointer, ConstantInt::get(Int32Ty, -StaticOffset),
"unsafe_stack_static_top");		"unsafe_stack_static_top");
IRB.CreateStore(StaticTop, UnsafeStackPtr);		IRB.CreateStore(StaticTop, UnsafeStackPtr);
return StaticTop;		return StaticTop;
}		}

▲ Show 20 Lines • Show All 95 Lines • ▼ Show 20 Lines	F.removeAttributes(
AttributeSet::FunctionIndex,		AttributeSet::FunctionIndex,
AttributeSet::get(F.getContext(), AttributeSet::FunctionIndex, B));		AttributeSet::get(F.getContext(), AttributeSet::FunctionIndex, B));
}		}

++NumFunctions;		++NumFunctions;

SmallVector<AllocaInst *, 16> StaticAllocas;		SmallVector<AllocaInst *, 16> StaticAllocas;
SmallVector<AllocaInst *, 4> DynamicAllocas;		SmallVector<AllocaInst *, 4> DynamicAllocas;
		SmallVector<Argument *, 4> ByValArguments;
SmallVector<ReturnInst *, 4> Returns;		SmallVector<ReturnInst *, 4> Returns;

// Collect all points where stack gets unwound and needs to be restored		// Collect all points where stack gets unwound and needs to be restored
// This is only necessary because the runtime (setjmp and unwind code) is		// This is only necessary because the runtime (setjmp and unwind code) is
// not aware of the unsafe stack and won't unwind/restore it prorerly.		// not aware of the unsafe stack and won't unwind/restore it prorerly.
// To work around this problem without changing the runtime, we insert		// To work around this problem without changing the runtime, we insert
// instrumentation to restore the unsafe stack pointer when necessary.		// instrumentation to restore the unsafe stack pointer when necessary.
SmallVector<Instruction *, 4> StackRestorePoints;		SmallVector<Instruction *, 4> StackRestorePoints;

// Find all static and dynamic alloca instructions that must be moved to the		// Find all static and dynamic alloca instructions that must be moved to the
// unsafe stack, all return instructions and stack restore points.		// unsafe stack, all return instructions and stack restore points.
findInsts(F, StaticAllocas, DynamicAllocas, Returns, StackRestorePoints);		findInsts(F, StaticAllocas, DynamicAllocas, ByValArguments, Returns,
		StackRestorePoints);

if (StaticAllocas.empty() && DynamicAllocas.empty() &&		if (StaticAllocas.empty() && DynamicAllocas.empty() &&
StackRestorePoints.empty())		ByValArguments.empty() && StackRestorePoints.empty())
return false; // Nothing to do in this function.		return false; // Nothing to do in this function.

if (!StaticAllocas.empty() \|\| !DynamicAllocas.empty())		if (!StaticAllocas.empty() \|\| !DynamicAllocas.empty() \|\|
		!ByValArguments.empty())
++NumUnsafeStackFunctions; // This function has the unsafe stack.		++NumUnsafeStackFunctions; // This function has the unsafe stack.

if (!StackRestorePoints.empty())		if (!StackRestorePoints.empty())
++NumUnsafeStackRestorePointsFunctions;		++NumUnsafeStackRestorePointsFunctions;

IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt());		IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt());
UnsafeStackPtr = getOrCreateUnsafeStackPtr(IRB, F);		UnsafeStackPtr = getOrCreateUnsafeStackPtr(IRB, F);

// The top of the unsafe stack after all unsafe static allocas are allocated.		// The top of the unsafe stack after all unsafe static allocas are allocated.
Value *StaticTop = moveStaticAllocasToUnsafeStack(IRB, F, StaticAllocas, Returns);		Value *StaticTop = moveStaticAllocasToUnsafeStack(IRB, F, StaticAllocas,
		ByValArguments, Returns);

// Safe stack object that stores the current unsafe stack top. It is updated		// Safe stack object that stores the current unsafe stack top. It is updated
// as unsafe dynamic (non-constant-sized) allocas are allocated and freed.		// as unsafe dynamic (non-constant-sized) allocas are allocated and freed.
// This is only needed if we need to restore stack pointer after longjmp		// This is only needed if we need to restore stack pointer after longjmp
// or exceptions, and we have dynamic allocations.		// or exceptions, and we have dynamic allocations.
// FIXME: a better alternative might be to store the unsafe stack pointer		// FIXME: a better alternative might be to store the unsafe stack pointer
// before setjmp / invoke instructions.		// before setjmp / invoke instructions.
AllocaInst *DynamicTop = createStackRestorePoints(		AllocaInst *DynamicTop = createStackRestorePoints(
Show All 21 Lines

lib/Transforms/Utils/Local.cpp

Show First 20 Lines • Show All 1,130 Lines • ▼ Show 20 Lines	if (auto *L = LocalAsMetadata::getIfExists(V))
if (auto *MDV = MetadataAsValue::getIfExists(V->getContext(), L))		if (auto *MDV = MetadataAsValue::getIfExists(V->getContext(), L))
for (User *U : MDV->users())		for (User *U : MDV->users())
if (DbgDeclareInst *DDI = dyn_cast<DbgDeclareInst>(U))		if (DbgDeclareInst *DDI = dyn_cast<DbgDeclareInst>(U))
return DDI;		return DDI;

return nullptr;		return nullptr;
}		}

bool llvm::replaceDbgDeclareForAlloca(AllocaInst AI, Value NewAllocaAddress,		bool llvm::replaceDbgDeclare(Value Address, Value NewAddress,
DIBuilder &Builder, bool Deref, int Offset) {		Instruction *InsertBefore, DIBuilder &Builder,
DbgDeclareInst *DDI = FindAllocaDbgDeclare(AI);		bool Deref, int Offset) {
		DbgDeclareInst *DDI = FindAllocaDbgDeclare(Address);
if (!DDI)		if (!DDI)
return false;		return false;
DebugLoc Loc = DDI->getDebugLoc();		DebugLoc Loc = DDI->getDebugLoc();
auto *DIVar = DDI->getVariable();		auto *DIVar = DDI->getVariable();
auto *DIExpr = DDI->getExpression();		auto *DIExpr = DDI->getExpression();
assert(DIVar && "Missing variable");		assert(DIVar && "Missing variable");

if (Deref \|\| Offset) {		if (Deref \|\| Offset) {
Show All 13 Lines	if (Deref \|\| Offset) {
}		}
if (DIExpr)		if (DIExpr)
NewDIExpr.append(DIExpr->elements_begin(), DIExpr->elements_end());		NewDIExpr.append(DIExpr->elements_begin(), DIExpr->elements_end());
DIExpr = Builder.createExpression(NewDIExpr);		DIExpr = Builder.createExpression(NewDIExpr);
}		}

// Insert llvm.dbg.declare immediately after the original alloca, and remove		// Insert llvm.dbg.declare immediately after the original alloca, and remove
// old llvm.dbg.declare.		// old llvm.dbg.declare.
Builder.insertDeclare(NewAllocaAddress, DIVar, DIExpr, Loc,		Builder.insertDeclare(NewAddress, DIVar, DIExpr, Loc, InsertBefore);
AI->getNextNode());
DDI->eraseFromParent();		DDI->eraseFromParent();
return true;		return true;
}		}

		bool llvm::replaceDbgDeclareForAlloca(AllocaInst AI, Value NewAllocaAddress,
		DIBuilder &Builder, bool Deref, int Offset) {
		return replaceDbgDeclare(AI, NewAllocaAddress, AI->getNextNode(), Builder,
		Deref, Offset);
		}

/// changeToUnreachable - Insert an unreachable instruction before the specified		/// changeToUnreachable - Insert an unreachable instruction before the specified
/// instruction, making it and the rest of the code in the block dead.		/// instruction, making it and the rest of the code in the block dead.
static void changeToUnreachable(Instruction *I, bool UseLLVMTrap) {		static void changeToUnreachable(Instruction *I, bool UseLLVMTrap) {
BasicBlock *BB = I->getParent();		BasicBlock *BB = I->getParent();
// Loop over all of the successors, removing BB's entry from any PHI		// Loop over all of the successors, removing BB's entry from any PHI
// nodes.		// nodes.
for (succ_iterator SI = succ_begin(BB), SE = succ_end(BB); SI != SE; ++SI)		for (succ_iterator SI = succ_begin(BB), SE = succ_end(BB); SI != SE; ++SI)
(*SI)->removePredecessor(BB);		(*SI)->removePredecessor(BB);
▲ Show 20 Lines • Show All 326 Lines • Show Last 20 Lines

test/Transforms/SafeStack/byval.ll

This file was added.

				; RUN: opt -safe-stack -S -mtriple=i386-pc-linux-gnu < %s -o - \| FileCheck %s
				; RUN: opt -safe-stack -S -mtriple=x86_64-pc-linux-gnu < %s -o - \| FileCheck %s

				target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
				target triple = "x86_64-unknown-linux-gnu"

				%struct.S = type { [100 x i32] }

				; Safe access to a byval argument.
				define i32 @ByValSafe(%struct.S* byval nocapture readonly align 8 %zzz) norecurse nounwind readonly safestack uwtable {
				entry:
				; CHECK-LABEL: @ByValSafe
				; CHECK-NOT: __safestack_unsafe_stack_ptr
				; CHECK: ret i32
				%arrayidx = getelementptr inbounds %struct.S, %struct.S* %zzz, i64 0, i32 0, i64 3
				%0 = load i32, i32* %arrayidx, align 4
				ret i32 %0
				}

				; Unsafe access to a byval argument.
				; Argument is copied to the unsafe stack.
				define i32 @ByValUnsafe(%struct.S* byval nocapture readonly align 8 %zzz, i64 %idx) norecurse nounwind readonly safestack uwtable {
				entry:
				; CHECK-LABEL: @ByValUnsafe
				; CHECK: %[[A:.]] = load {{.}} @__safestack_unsafe_stack_ptr
				; CHECK: store {{.*}} @__safestack_unsafe_stack_ptr
				; CHECK: %[[B:.]] = getelementptr i8, i8 %[[A]], i32 -400
				; CHECK: %[[C:.]] = bitcast %struct.S %zzz to i8*
				; CHECK: call void @llvm.memcpy.p0i8.p0i8.i64(i8* %[[B]], i8* %[[C]], i64 400, i32 8, i1 false)
				; CHECK: ret i32
				%arrayidx = getelementptr inbounds %struct.S, %struct.S* %zzz, i64 0, i32 0, i64 %idx
				%0 = load i32, i32* %arrayidx, align 4
				ret i32 %0
				}

				; Highly aligned byval argument.
				define i32 @ByValUnsafeAligned(%struct.S* byval nocapture readonly align 64 %zzz, i64 %idx) norecurse nounwind readonly safestack uwtable {
				entry:
				; CHECK-LABEL: @ByValUnsafeAligned
				; CHECK: %[[A:.]] = load {{.}} @__safestack_unsafe_stack_ptr
				; CHECK: %[[B:.]] = ptrtoint i8 %[[A]] to i64
				; CHECK: and i64 %[[B]], -64
				; CHECK: ret i32
				%arrayidx = getelementptr inbounds %struct.S, %struct.S* %zzz, i64 0, i32 0, i64 0
				%0 = load i32, i32* %arrayidx, align 64
				%arrayidx2 = getelementptr inbounds %struct.S, %struct.S* %zzz, i64 0, i32 0, i64 %idx
				%1 = load i32, i32* %arrayidx2, align 4
				%add = add nsw i32 %1, %0
				ret i32 %add
				}

test/Transforms/SafeStack/debug-loc.ll

	; RUN: opt -safe-stack -S -mtriple=i386-pc-linux-gnu < %s -o - \| FileCheck %s			; RUN: opt -safe-stack -S -mtriple=i386-pc-linux-gnu < %s -o - \| FileCheck %s

	; Test debug location for the local variables moved onto the unsafe stack.			; Test debug location for the local variables moved onto the unsafe stack.
	; CHECK: define void @f
	; CHECK: %[[USP:.]] = load i8, i8** @__safestack_unsafe_stack_ptr

	; dbg.declare for %buf is gone; replaced with dbg.declare based off the unsafe stack pointer
	; CHECK-NOT: @llvm.dbg.declare.*%buf
	; CHECK: call void @llvm.dbg.declare(metadata i8* %[[USP]], metadata ![[VAR:.]], metadata ![[EXPR:.]])

	; dbg.declare appears before the first use of %buf
	; CHECK: getelementptr{{.*}}%buf
	; CHECK: call{{.*}}@Capture
	; CHECK: ret void

	; dbg.declare describes "buf"...
	; CHECK: ![[VAR]] = !DILocalVariable(name: "buf"

	; ... as an offset from the unsafe stack pointer
	; CHECK: ![[EXPR]] = !DIExpression(DW_OP_deref, DW_OP_minus, 400)


	target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"			target datalayout = "e-m:e-i64:64-f80:128-n8:16:32:64-S128"
	target triple = "x86_64-unknown-linux-gnu"			target triple = "x86_64-unknown-linux-gnu"

				%struct.S = type { [100 x i8] }

	; Function Attrs: safestack uwtable			; Function Attrs: safestack uwtable
	define void @f() #0 !dbg !4 {			define void @f(%struct.S* byval align 8 %zzz) #0 !dbg !12 {
				; CHECK: define void @f

	entry:			entry:
	%buf = alloca [100 x i32], align 16			; CHECK: %[[USP:.]] = load i8, i8** @__safestack_unsafe_stack_ptr
	%0 = bitcast [100 x i32]* %buf to i8*, !dbg !16
	call void @llvm.lifetime.start(i64 400, i8* %0) #4, !dbg !16
	tail call void @llvm.dbg.declare(metadata [100 x i32]* %buf, metadata !8, metadata !17), !dbg !18

				%xxx = alloca %struct.S, align 1
				call void @llvm.dbg.declare(metadata %struct.S* %zzz, metadata !18, metadata !19), !dbg !20
				call void @llvm.dbg.declare(metadata %struct.S* %xxx, metadata !21, metadata !19), !dbg !22

				; dbg.declare for %zzz and %xxx are gone; replaced with dbg.declare based off the unsafe stack pointer
				pccUnsubmitted Done Reply Inline Actions This should all live next to the code so that it is clear what corresponds to what. pcc: This should all live next to the code so that it is clear what corresponds to what.
				; CHECK-NOT: call void @llvm.dbg.declare
				; CHECK: call void @llvm.dbg.declare(metadata i8* %[[USP]], metadata ![[VAR_ARG:.]], metadata ![[EXPR_ARG:.]])
				; CHECK-NOT: call void @llvm.dbg.declare
				; CHECK: call void @llvm.dbg.declare(metadata i8* %[[USP]], metadata ![[VAR_LOCAL:.]], metadata ![[EXPR_LOCAL:.]])
				; CHECK-NOT: call void @llvm.dbg.declare

				pccUnsubmitted Done Reply Inline Actions Should this be checking for specific constants? (same below) pcc: Should this be checking for specific constants? (same below)
				call void @Capture(%struct.S* %zzz), !dbg !23
				call void @Capture(%struct.S* %xxx), !dbg !24

				; dbg.declare appears before the first use
				; CHECK: call void @Capture
				; CHECK: call void @Capture

	%arraydecay = getelementptr inbounds [100 x i32], [100 x i32]* %buf, i64 0, i64 0, !dbg !19			ret void, !dbg !25
	call void @Capture(i32* %arraydecay), !dbg !20
	call void @llvm.lifetime.end(i64 400, i8* %0) #4, !dbg !21
	ret void, !dbg !21
	}			}

	; Function Attrs: nounwind argmemonly			; CHECK-DAG: ![[VAR_ARG]] = !DILocalVariable(name: "zzz"
	declare void @llvm.lifetime.start(i64, i8* nocapture) #1			; 100 aligned up to 8
				; CHECK-DAG: ![[EXPR_ARG]] = !DIExpression(DW_OP_deref, DW_OP_minus, 104

	; Function Attrs: nounwind readnone			; CHECK-DAG: ![[VAR_LOCAL]] = !DILocalVariable(name: "xxx"
	declare void @llvm.dbg.declare(metadata, metadata, metadata) #2			; CHECK-DAG: ![[EXPR_LOCAL]] = !DIExpression(DW_OP_deref, DW_OP_minus, 208

	declare void @Capture(i32*) #3			; Function Attrs: nounwind readnone
				declare void @llvm.dbg.declare(metadata, metadata, metadata) #1

	; Function Attrs: nounwind argmemonly			declare void @Capture(%struct.S*) #2
	declare void @llvm.lifetime.end(i64, i8* nocapture) #1

	attributes #0 = { safestack uwtable "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+sse,+sse2" "unsafe-fp-math"="false" "use-soft-float"="false" }			attributes #0 = { safestack uwtable "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2" "unsafe-fp-math"="false" "use-soft-float"="false" }
	attributes #1 = { nounwind argmemonly }			attributes #1 = { nounwind readnone }
	attributes #2 = { nounwind readnone }			attributes #2 = { "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+fxsr,+mmx,+sse,+sse2" "unsafe-fp-math"="false" "use-soft-float"="false" }
	attributes #3 = { "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="x86-64" "target-features"="+sse,+sse2" "unsafe-fp-math"="false" "use-soft-float"="false" }
	attributes #4 = { nounwind }

	!llvm.dbg.cu = !{!0}			!llvm.dbg.cu = !{!0}
	!llvm.module.flags = !{!13, !14}			!llvm.module.flags = !{!15, !16}
	!llvm.ident = !{!15}			!llvm.ident = !{!17}

	!0 = distinct !DICompileUnit(language: DW_LANG_C_plus_plus, file: !1, producer: "clang version 3.8.0 (trunk 248518) (llvm/trunk 248512)", isOptimized: true, runtimeVersion: 0, emissionKind: 1, enums: !2, subprograms: !3)			!0 = distinct !DICompileUnit(language: DW_LANG_C_plus_plus, file: !1, producer: "clang version 3.8.0 (trunk 254019) (llvm/trunk 254036)", isOptimized: false, runtimeVersion: 0, emissionKind: 1, enums: !2, retainedTypes: !3, subprograms: !11)
	!1 = !DIFile(filename: "1.cc", directory: "/tmp")			!1 = !DIFile(filename: "../llvm/2.cc", directory: "/code/build-llvm")
	!2 = !{}			!2 = !{}
	!3 = !{!4}			!3 = !{!4}
	!4 = distinct !DISubprogram(name: "f", scope: !1, file: !1, line: 4, type: !5, isLocal: false, isDefinition: true, scopeLine: 4, flags: DIFlagPrototyped, isOptimized: true, variables: !7)			!4 = !DICompositeType(tag: DW_TAG_structure_type, name: "S", file: !1, line: 4, size: 800, align: 8, elements: !5, identifier: "_ZTS1S")
	!5 = !DISubroutineType(types: !6)			!5 = !{!6}
	!6 = !{null}			!6 = !DIDerivedType(tag: DW_TAG_member, name: "a", scope: !"_ZTS1S", file: !1, line: 5, baseType: !7, size: 800, align: 8)
	!7 = !{!8}			!7 = !DICompositeType(tag: DW_TAG_array_type, baseType: !8, size: 800, align: 8, elements: !9)
	!8 = !DILocalVariable(name: "buf", scope: !4, file: !1, line: 5, type: !9)			!8 = !DIBasicType(name: "char", size: 8, align: 8, encoding: DW_ATE_signed_char)
	!9 = !DICompositeType(tag: DW_TAG_array_type, baseType: !10, size: 3200, align: 32, elements: !11)			!9 = !{!10}
	!10 = !DIBasicType(name: "int", size: 32, align: 32, encoding: DW_ATE_signed)			!10 = !DISubrange(count: 100)
	!11 = !{!12}			!11 = !{!12}
	!12 = !DISubrange(count: 100)			!12 = distinct !DISubprogram(name: "f", linkageName: "_Z1f1S", scope: !1, file: !1, line: 10, type: !13, isLocal: false, isDefinition: true, scopeLine: 10, flags: DIFlagPrototyped, isOptimized: false, variables: !2)
	!13 = !{i32 2, !"Dwarf Version", i32 4}			!13 = !DISubroutineType(types: !14)
	!14 = !{i32 2, !"Debug Info Version", i32 3}			!14 = !{null, !"_ZTS1S"}
	!15 = !{!"clang version 3.8.0 (trunk 248518) (llvm/trunk 248512)"}			!15 = !{i32 2, !"Dwarf Version", i32 4}
	!16 = !DILocation(line: 5, column: 3, scope: !4)			!16 = !{i32 2, !"Debug Info Version", i32 3}
	!17 = !DIExpression()			!17 = !{!"clang version 3.8.0 (trunk 254019) (llvm/trunk 254036)"}
	!18 = !DILocation(line: 5, column: 7, scope: !4)			!18 = !DILocalVariable(name: "zzz", arg: 1, scope: !12, file: !1, line: 10, type: !"_ZTS1S")
	!19 = !DILocation(line: 6, column: 11, scope: !4)			!19 = !DIExpression()
	!20 = !DILocation(line: 6, column: 3, scope: !4)			!20 = !DILocation(line: 10, column: 10, scope: !12)
	!21 = !DILocation(line: 7, column: 1, scope: !4)			!21 = !DILocalVariable(name: "xxx", scope: !12, file: !1, line: 11, type: !"_ZTS1S")
				!22 = !DILocation(line: 11, column: 5, scope: !12)
				!23 = !DILocation(line: 12, column: 3, scope: !12)
				!24 = !DILocation(line: 13, column: 3, scope: !12)
				!25 = !DILocation(line: 14, column: 1, scope: !12)

This is an archive of the discontinued LLVM Phabricator instance.

[safestack] Protect byval function arguments.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 41454

include/llvm/Transforms/Utils/Local.h

lib/Transforms/Instrumentation/SafeStack.cpp

lib/Transforms/Utils/Local.cpp

test/Transforms/SafeStack/byval.ll

test/Transforms/SafeStack/debug-loc.ll

[safestack] Protect byval function arguments.
ClosedPublic