This is an archive of the discontinued LLVM Phabricator instance.

Differential D17736

[SSP] Remove llvm.stackprotectorcheck.
ClosedPublic

Authored by timshen on Feb 29 2016, 1:52 PM.

Details

Reviewers
gottesmm
eugenis
echristo
iteratee
Summary

This is a cleanup patch for SSP support in LLVM. There is no functional change.
llvm.stackprotectorcheck is not needed, because SelectionDAG isn't
actually lowering it in SelectBasicBlock; rather, it adds check code in
FinishBasicBlock, ignoring the position where the intrinsic is inserted
(See FindSplitPointForStackProtector()).

Diff Detail

Event Timeline

timshen updated this revision to Diff 49418.Feb 29 2016, 1:52 PM
timshen retitled this revision from to [SSP, 1/2] Refactor to support customizable stack guard load from IR level..
timshen updated this object.
timshen added a reviewer: echristo.
timshen updated this object.
timshen added subscribers: iteratee, kbarton, joerg and 2 others.
timshen updated this object.Feb 29 2016, 1:55 PM
timshen added a child revision: D17740: [PPC, SSP] Support PowerPC Linux stack protection using LOAD_STACK_GUARD.Feb 29 2016, 1:58 PM
echristo edited edge metadata.Mar 3 2016, 4:47 PM

I don't really understand why we need new intrinsics here. Can you explain the design a bit more? Can you also comment the intrinsics with what they do and how they're different from the existing ones?

Thanks!

-eric

timshen updated this revision to Diff 49788.Mar 3 2016, 5:35 PM
timshen edited edge metadata.

tl;dr: because we have a million code paths. :)

The customization point in backends is the opcode LOAD_STACK_GUARD. It already exists for other reasons, but suitable for our purpose.

Previously we have two code paths to handle SSP, SelectionDAG path and IR path.

To customize stack guard loading in IR SSP, we need llvm.stackguardvalue. It lowers to LOAD_STACK_GUARD directly.

To customize stack guard loading in SelectionDAG, llvm.stackprotectorcheck has to take a value, so it doesn't have to be an address (e.g. could be a llvm.stackguardvalue call). To not break existing user code (it's documented) and tests, I created llvm.stackprotectorcheckvalue instead. llvm.stackprotectorcheck is not generated by LLVM anymore. See http://lists.llvm.org/pipermail/llvm-dev/2016-February/095760.html. We may want to delete llvm.stackprotectorcheck?

I haven't push all generic stack guard loading (typically loading the global variable __stack_chk_guard) to the backends. Once we push them all down, we can remove target-independent code path that deals with global variables. But we still need these two intrinsics for supporting both SelectionDAG and IR approach.

I added some comments for these two intrinsics.

echristo added a comment.Mar 21 2016, 4:39 PM

Overall I think we're going to want a path that takes us through AutoUpgrade so that going forward we have a single path for all targets.

<insert about 30-45 minutes of discussion>

We're looking at a major design overhaul here, I think, so getting some notes down:

TLI->

lowerStackGuardStore
lowerStackGuardLoad
lowerStackCanaryLoad

We already have a guard node, do we need a separate SDag node for each of these?

Do we need this, effectively, duplicated 3x with SDag, FastIsel, Post-RA handling?

How do we keep the analysis information in the analysis pass and the rest of it in the IR? This would be the other side information like how to sort, strong, etc.

Need to continue to handle:

Coloring reuse
Sibcall optimizations
Avoid stack spill of canary values
Architecture neutral base case

and of course all of this with auto upgrade because I like my ponies to have unicorn horns.

timshen updated this revision to Diff 51512.Mar 23 2016, 9:58 PM

I looked at LLVM manual and fortunately both llvm.stackprotector and
llvm.stackprotectorcheck is required to be passed in @__stack_chk_guard.
This limited flexibility allows us to directly change stackprotectorcheck's
signature and make an auto-upgrade for it.

In long term, I'd like to keep a diamond code path:

  1. An IR pass that generates IR that calls llvm.stackprotector, llvm.stackprotectorcheck and llvm.experimental_stackguardvalue.
  2. Either FastISel, or SelectionDAG handles the generated IR. Their shouldn't be an "IR approach" when FastISel isn't turned on (see the comment on TLI::supportsSelectionDAGSP).
  3. Optional backend lowering is supported by overriding TLI::forceLoadStackGuardNode and TLI::getStackGuardAddr.

Notice that forceLoadStackGuardNode and getStackGuardAddr serves following
different purposes:

  • Some backends want to lower the global variable manually, in such case forceLoadStackGuardNode should return true and getStackGuardAddr returns the global variable (search LOAD_STACK_GUARD in lib/Target).
  • Other platforms, e.g. PowerPC 64 bit wants to lower the stack guard loading completely manually, getStackGuardAddr should returns nullptr.
  • For the rest forceLoadStackGuardNode returns false and getStackGuardAddr returns the global variable.
timshen updated this object.Mar 23 2016, 10:01 PM
timshen added a reviewer: iteratee.
timshen removed a subscriber: iteratee.
echristo added a comment.Mar 24 2016, 2:42 PM

Starting to look better, needs autoupgrade support and tests. I'm uncertain about putting one aspect of the set of intrinsics into experimental since the other two aren't already, but it's a simple change once we get the rest of it.

Can you add to the patch description a lot of the comments in the review? Also talk about the change of useLoadStackGuardNode to forceLoadStackGuardNode, etc.

Thanks!

-eric

timshen updated this revision to Diff 51614.Mar 24 2016, 3:56 PM

As discussed, added documentation for StackProtector module. Also added a test case for auto-upgrade.

echristo added inline comments.Mar 24 2016, 4:00 PM
test/CodeGen/Generic/upgrade-stackprotectorcheck.ll
1 ↗(On Diff #51614)

Should probably be in test/Assembler/auto_upgrade_intrinsics.ll or some such?

And you should check that the correct IR is generated at autoupgrade time.

timshen updated this revision to Diff 51616.Mar 24 2016, 4:15 PM

Done. test/Bitcode seems to be a suitable place as well.

echristo added a comment.Mar 24 2016, 4:18 PM

But there's already a large test that covers all sorts of intrinsics where I mentioned?

timshen updated this revision to Diff 51617.Mar 24 2016, 4:36 PM

The last function created/touched in test/Assembler/auto_upgrade_intrinsics.ll is at 2013-10-07. This file has only three tests - seems not popular :).

What's the benefit of putting all test cases in one file?

echristo added a comment.Mar 24 2016, 4:38 PM

For all of these? Because we're just parsing and disassembling, nothing complicated that'd be helped by multiple files and multiple process overhead.

timshen updated this revision to Diff 51619.Mar 24 2016, 5:04 PM

Ah never mind, I guess test/Assembler/auto_upgrade_intrinsics.ll is a good place to hold target-independent intrinsic upgrades - there are actually not that many.

echristo added a subscriber: echristo.Mar 24 2016, 6:04 PM

Cool. This is OK with me then.

Thanks for all of the hard work here.

iteratee edited edge metadata.Mar 25 2016, 1:41 PM

Some comments, mostly about comments and documentation.

include/llvm/IR/Intrinsics.td
329

I agree with eric that this shouldn't be experimental.

lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
5357

I'm not sure I understand this comment.

lib/CodeGen/SelectionDAG/SelectionDAGBuilder.h
544–545

Is this still accurate? Are we keeping support for loading an address?

lib/CodeGen/StackProtector.cpp
331

I think this comment should read %1 = <load or intrinsic to read stack guard>

lib/Target/AArch64/AArch64ISelLowering.cpp
10104 ↗(On Diff #51619)

Can you add a comment about why this needs to be overridden for this platform?

timshen updated this revision to Diff 51688.Mar 25 2016, 2:39 PM
timshen marked 3 inline comments as done.
timshen edited edge metadata.
This comment was removed by timshen.
timshen added inline comments.Mar 25 2016, 2:41 PM
lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
5357

Updated - simply forward the Value* to visitSPDescriptorParent, and inspect if it's a CallInst or a Load there.

lib/CodeGen/SelectionDAG/SelectionDAGBuilder.h
544–545

According to the documentation, we never support loading an arbitrary address. We only support loading @__stack_chk_guard. I would say in visitSPDescriptorParent, it doesn't have to check if the LoadInst is actually loading @__stack_chk_guard, because we are already doing more than that (loads @__guard_local on OpenBSD).

timshen added inline comments.Mar 25 2016, 2:43 PM
include/llvm/IR/Intrinsics.td
329

Why do you think removing experimental is safer? Isn't keeping it in any situation a safer move?

timshen added inline comments.Mar 25 2016, 2:56 PM
include/llvm/IR/Intrinsics.td
329

First safer -> better

timshen updated this revision to Diff 51834.Mar 28 2016, 1:50 PM

Hi,

I realized that we don't really need llvm.stackguardcheck, so I try to come up with this patch as the first step of cleanup.

timshen updated this revision to Diff 51835.Mar 28 2016, 1:51 PM

Also deleted documentation.

timshen retitled this revision from [SSP, 1/2] Refactor to support customizable stack guard load from IR level. to [SSP] Remove llvm.stackprotectorcheck..Mar 28 2016, 1:52 PM
timshen updated this object.
iteratee added a comment.Mar 28 2016, 2:29 PM

Mostly looks good.

lib/CodeGen/StackProtector.cpp
346

Comment seems to belong to the instruction below. A comment about HasIRCheck would be nice too.

lib/Target/X86/X86ISelLowering.cpp
2179

The address space will go away in a later patch, correct?

timshen updated this revision to Diff 51844.Mar 28 2016, 2:42 PM
timshen marked 2 inline comments as done.

Updated HasIRCheck comment.

lib/Target/X86/X86ISelLowering.cpp
2179

Yes, finally X86 should use LOAD_STACK_GUARD as well, but before that I'd like to introduce llvm.stackguard() intrinsic. After that point getStackGuardAddr isn't even needed.

iteratee added a comment.Mar 28 2016, 3:59 PM

I have no more problems, and generally like your approach. It would be nice to get someone who has worked on this code before to sign off.

timshen added a reviewer: gottesmm.Mar 28 2016, 4:06 PM

Hi Michael, since you wrote the SSP code (including stackprotectorcheck, according to git history), can you take a look at this cleanup?

Thanks!

timshen mentioned this in D18632: Faster stack-protector for Android/AArch64..Mar 30 2016, 5:44 PM
timshen added a comment.Apr 6 2016, 4:21 PM

Friendly ping. :)

echristo added a comment.Apr 7 2016, 4:14 PM

Few inline comments and requests for more comments. Otherwise it's looking pretty nice.

Thanks!

lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
1939

Typical llvm style is: assert((cond) && "Some explanatory text")

(This happens in other places in your patch, I'll just include the first one)

lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp
1361

Comment.

lib/CodeGen/StackProtector.cpp
202

Standard style for this would be no braces for any of the conditionals or block.

lib/CodeGen/TargetLoweringBase.cpp
1752

Block comments on all of these if there aren't any in the .h file please? (I prefer more detailed comments on the implementation, but still).

test/Assembler/auto_upgrade_intrinsics.ll
57

Hmm?

echristo accepted this revision.Apr 7 2016, 4:16 PM
echristo edited edge metadata.

Oh, and long as you add the inline comments, fix the style stuff, etc, I think we're good to go.

-eric

test/Assembler/auto_upgrade_intrinsics.ll
57

Nevermind, I see it now. That's frustrating, can you add a comment that the declare is for the objectsize upgrade and why?

This revision is now accepted and ready to land.Apr 7 2016, 4:16 PM
timshen updated this revision to Diff 53077.Apr 8 2016, 1:19 PM
timshen marked 6 inline comments as done.
timshen edited edge metadata.

Updated patch.

timshen added a comment.Apr 8 2016, 1:19 PM

Thanks for the style check! It's a big patch and I clearly missed those.

Also rebased to include D18632's change.

lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp
1361

As suggested by gottesmm, moved this condition into StackProtector::shouldEmitSDCheck(), and documented.

timshen updated this revision to Diff 53079.Apr 8 2016, 1:26 PM

Updated patch for fixing a typo.

timshen added a reviewer: eugenis.Apr 8 2016, 1:29 PM

Hi eugenis, I changed the function name getStackCookieLocation to getIRStackGuard, since there are two SSP code paths and such a name seems to cause less confusion. Do you think it's a fine name?

eugenis edited edge metadata.Apr 8 2016, 1:43 PM
In D17736#395796, @timshen wrote:

Hi eugenis, I changed the function name getStackCookieLocation to getIRStackGuard, since there are two SSP code paths and such a name seems to cause less confusion. Do you think it's a fine name?

Absolutely.

include/llvm/Target/TargetLowering.h
1006–1015

This comment makes it sound like this function makes the decision to use SDAG vs IR stack protector.

timshen updated this revision to Diff 53084.Apr 8 2016, 1:50 PM
timshen marked an inline comment as done.
timshen edited edge metadata.

Updated comment for getIRStackGuard.

include/llvm/Target/TargetLowering.h
1006–1015

Moved the comment to StackProtector::CreatePrologue. At that point I was not aware that other code will use this function.

eugenis added a comment.Apr 8 2016, 2:05 PM

looks good

timshen closed this revision.Apr 8 2016, 2:32 PM

Revision Contents

PathSize
include/
llvm/
CodeGen/
10 lines
IR/
2 lines
Target/
17 lines
lib/
CodeGen/
SelectionDAG/
20 lines
16 lines
12 lines
137 lines
25 lines
IR/
11 lines
Target/
X86/
10 lines
24 lines
test/
Assembler/
13 lines

Diff 51834

include/llvm/CodeGen/StackProtector.h

Show First 20 LinesShow All 69 Lines▼ Show 20 Linesprivate:
unsigned SSPBufferSize; unsigned SSPBufferSize;
/// VisitedPHIs - The set of PHI nodes visited when determining /// VisitedPHIs - The set of PHI nodes visited when determining
/// if a variable's reference has been taken. This set /// if a variable's reference has been taken. This set
/// is maintained to ensure we don't visit the same PHI node multiple /// is maintained to ensure we don't visit the same PHI node multiple
/// times. /// times.
SmallPtrSet<const PHINode *, 16> VisitedPHIs; SmallPtrSet<const PHINode *, 16> VisitedPHIs;
// A prologue is generated.
bool HasPrologue = false;
// IR checking code is generated.
bool HasIRCheck = false;
/// InsertStackProtectors - Insert code into the prologue and epilogue of /// InsertStackProtectors - Insert code into the prologue and epilogue of
/// the function. /// the function.
/// ///
/// - The prologue code loads and stores the stack guard onto the stack. /// - The prologue code loads and stores the stack guard onto the stack.
/// - The epilogue checks the value stored in the prologue against the /// - The epilogue checks the value stored in the prologue against the
/// original value. It calls __stack_chk_fail if they differ. /// original value. It calls __stack_chk_fail if they differ.
bool InsertStackProtectors(); bool InsertStackProtectors();
Show All 32 Linespublic:
void getAnalysisUsage(AnalysisUsage &AU) const override { void getAnalysisUsage(AnalysisUsage &AU) const override {
AU.addPreserved<DominatorTreeWrapperPass>(); AU.addPreserved<DominatorTreeWrapperPass>();
} }
SSPLayoutKind getSSPLayout(const AllocaInst *AI) const; SSPLayoutKind getSSPLayout(const AllocaInst *AI) const;
void adjustForColoring(const AllocaInst *From, const AllocaInst *To); void adjustForColoring(const AllocaInst *From, const AllocaInst *To);
bool runOnFunction(Function &Fn) override; bool runOnFunction(Function &Fn) override;
bool hasPrologue() const { return HasPrologue; }
bool hasIRCheck() const { return HasIRCheck; }
}; };
} // end namespace llvm } // end namespace llvm
#endif // LLVM_CODEGEN_STACKPROTECTOR_H #endif // LLVM_CODEGEN_STACKPROTECTOR_H

include/llvm/IR/Intrinsics.td

Show First 20 LinesShow All 318 Lines▼ Show 20 Lines
// The assume intrinsic is marked as arbitrarily writing so that proper // The assume intrinsic is marked as arbitrarily writing so that proper
// control dependencies will be maintained. // control dependencies will be maintained.
def int_assume : Intrinsic<[], [llvm_i1_ty], []>; def int_assume : Intrinsic<[], [llvm_i1_ty], []>;
// Stack Protector Intrinsic - The stackprotector intrinsic writes the stack // Stack Protector Intrinsic - The stackprotector intrinsic writes the stack
// guard to the correct place on the stack frame. // guard to the correct place on the stack frame.
def int_stackprotector : Intrinsic<[], [llvm_ptr_ty, llvm_ptrptr_ty], []>; def int_stackprotector : Intrinsic<[], [llvm_ptr_ty, llvm_ptrptr_ty], []>;
def int_stackprotectorcheck : Intrinsic<[], [llvm_ptrptr_ty],
[IntrReadWriteArgMem]>;
// A counter increment for instrumentation based profiling. // A counter increment for instrumentation based profiling.
def int_instrprof_increment : Intrinsic<[], def int_instrprof_increment : Intrinsic<[],
iterateeUnsubmitted
Not Done
ReplyInline Actions

I agree with eric that this shouldn't be experimental.

iteratee: I agree with eric that this shouldn't be experimental.
timshenAuthorUnsubmitted
Not Done
ReplyInline Actions

Why do you think removing experimental is safer? Isn't keeping it in any situation a safer move?

timshen: Why do you think removing experimental is safer? Isn't keeping it in any situation a safer move?
timshenAuthorUnsubmitted
Not Done
ReplyInline Actions

First safer -> better

timshen: First safer -> better
[llvm_ptr_ty, llvm_i64_ty, [llvm_ptr_ty, llvm_i64_ty,
llvm_i32_ty, llvm_i32_ty], llvm_i32_ty, llvm_i32_ty],
[]>; []>;
// A call to profile runtime for value profiling of target expressions // A call to profile runtime for value profiling of target expressions
// through instrumentation based profiling. // through instrumentation based profiling.
def int_instrprof_value_profile : Intrinsic<[], def int_instrprof_value_profile : Intrinsic<[],
[llvm_ptr_ty, llvm_i64_ty, [llvm_ptr_ty, llvm_i64_ty,
▲ Show 20 LinesShow All 341 LinesShow Last 20 Lines

include/llvm/Target/TargetLowering.h

Show First 20 LinesShow All 997 Lines▼ Show 20 Lines unsigned getPrefFunctionAlignment() const {
return PrefFunctionAlignment; return PrefFunctionAlignment;
} }
/// Return the preferred loop alignment. /// Return the preferred loop alignment.
virtual unsigned getPrefLoopAlignment(MachineLoop *ML = nullptr) const { virtual unsigned getPrefLoopAlignment(MachineLoop *ML = nullptr) const {
return PrefLoopAlignment; return PrefLoopAlignment;
} }
/// Return true if the target stores stack protector cookies at a fixed offset // Return whether target supports SelectionDAG stack protection.
/// in some non-standard address space, and populates the address space and // TODO: Remove this. SSP should always be supported in SelectionDAG.
/// offset as appropriate. virtual bool supportsSelectionDAGSP() const;
virtual bool getStackCookieLocation(unsigned &/*AddressSpace*/,
unsigned &/*Offset*/) const { /// Inserts necessary declarations for SSP purpose.
return false; virtual void insertSSPDeclarations(Module &M) const;
}
/// Return the variable that's previously inserted by insertSSPDeclarations,
/// if any, otherwise return nullptr.
virtual Value *getStackGuardAddr(const Module &M) const;
eugenisUnsubmitted
Done
ReplyInline Actions

This comment makes it sound like this function makes the decision to use SDAG vs IR stack protector.

eugenis: This comment makes it sound like this function makes the decision to use SDAG vs IR stack…
timshenAuthorUnsubmitted
Not Done
ReplyInline Actions

Moved the comment to StackProtector::CreatePrologue. At that point I was not aware that other code will use this function.

timshen: Moved the comment to StackProtector::CreatePrologue. At that point I was not aware that other…
/// If the target has a standard location for the unsafe stack pointer, /// If the target has a standard location for the unsafe stack pointer,
/// returns the address of that location. Otherwise, returns nullptr. /// returns the address of that location. Otherwise, returns nullptr.
virtual Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const; virtual Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const;
/// Returns true if a cast between SrcAS and DestAS is a noop. /// Returns true if a cast between SrcAS and DestAS is a noop.
virtual bool isNoopAddrSpaceCast(unsigned SrcAS, unsigned DestAS) const { virtual bool isNoopAddrSpaceCast(unsigned SrcAS, unsigned DestAS) const {
return false; return false;
▲ Show 20 LinesShow All 1,876 LinesShow Last 20 Lines

lib/CodeGen/SelectionDAG/SelectionDAGBuilder.h

Show First 20 LinesShow All 461 Lines▼ Show 20 Linesprivate:
/// block into the success basic block. Then we code-gen a new tail for /// block into the success basic block. Then we code-gen a new tail for
/// the parent basic block consisting of the two loads, the comparison, /// the parent basic block consisting of the two loads, the comparison,
/// and finally two branches to the success/failure basic blocks. We /// and finally two branches to the success/failure basic blocks. We
/// conclude by code-gening the failure basic block if we have not /// conclude by code-gening the failure basic block if we have not
/// code-gened it already (all stack protector checks we generate in /// code-gened it already (all stack protector checks we generate in
/// the same function, use the same failure basic block). /// the same function, use the same failure basic block).
class StackProtectorDescriptor { class StackProtectorDescriptor {
public: public:
StackProtectorDescriptor() : ParentMBB(nullptr), SuccessMBB(nullptr), StackProtectorDescriptor()
FailureMBB(nullptr), Guard(nullptr), : ParentMBB(nullptr), SuccessMBB(nullptr), FailureMBB(nullptr),
GuardReg(0) { } GuardReg(0) {}
/// Returns true if all fields of the stack protector descriptor are /// Returns true if all fields of the stack protector descriptor are
/// initialized implying that we should/are ready to emit a stack protector. /// initialized implying that we should/are ready to emit a stack protector.
bool shouldEmitStackProtector() const { bool shouldEmitStackProtector() const {
return ParentMBB && SuccessMBB && FailureMBB && Guard; return ParentMBB && SuccessMBB && FailureMBB;
} }
/// Initialize the stack protector descriptor structure for a new basic /// Initialize the stack protector descriptor structure for a new basic
/// block. /// block.
void initialize(const BasicBlock *BB, void initialize(const BasicBlock *BB, MachineBasicBlock *MBB) {
MachineBasicBlock *MBB,
const CallInst &StackProtCheckCall) {
// Make sure we are not initialized yet. // Make sure we are not initialized yet.
assert(!shouldEmitStackProtector() && "Stack Protector Descriptor is " assert(!shouldEmitStackProtector() && "Stack Protector Descriptor is "
"already initialized!"); "already initialized!");
ParentMBB = MBB; ParentMBB = MBB;
SuccessMBB = AddSuccessorMBB(BB, MBB, /* IsLikely */ true); SuccessMBB = AddSuccessorMBB(BB, MBB, /* IsLikely */ true);
FailureMBB = AddSuccessorMBB(BB, MBB, /* IsLikely */ false, FailureMBB); FailureMBB = AddSuccessorMBB(BB, MBB, /* IsLikely */ false, FailureMBB);
if (!Guard)
Guard = StackProtCheckCall.getArgOperand(0);
} }
/// Reset state that changes when we handle different basic blocks. /// Reset state that changes when we handle different basic blocks.
/// ///
/// This currently includes: /// This currently includes:
/// ///
/// 1. The specific basic block we are generating a /// 1. The specific basic block we are generating a
/// stack protector for (ParentMBB). /// stack protector for (ParentMBB).
Show All 12 Lines public:
/// ///
/// 1. FailureMBB since we reuse the failure code path for all stack /// 1. FailureMBB since we reuse the failure code path for all stack
/// protector checks created in an individual function. /// protector checks created in an individual function.
/// ///
/// 2.The guard variable since the guard variable we are checking against is /// 2.The guard variable since the guard variable we are checking against is
/// always the same. /// always the same.
void resetPerFunctionState() { void resetPerFunctionState() {
FailureMBB = nullptr; FailureMBB = nullptr;
Guard = nullptr;
GuardReg = 0; GuardReg = 0;
} }
MachineBasicBlock *getParentMBB() { return ParentMBB; } MachineBasicBlock *getParentMBB() { return ParentMBB; }
MachineBasicBlock *getSuccessMBB() { return SuccessMBB; } MachineBasicBlock *getSuccessMBB() { return SuccessMBB; }
MachineBasicBlock *getFailureMBB() { return FailureMBB; } MachineBasicBlock *getFailureMBB() { return FailureMBB; }
const Value *getGuard() { return Guard; }
unsigned getGuardReg() const { return GuardReg; } unsigned getGuardReg() const { return GuardReg; }
void setGuardReg(unsigned R) { GuardReg = R; } void setGuardReg(unsigned R) { GuardReg = R; }
private: private:
/// The basic block for which we are generating the stack protector. /// The basic block for which we are generating the stack protector.
/// ///
/// As a result of stack protector generation, we will splice the /// As a result of stack protector generation, we will splice the
/// terminators of this basic block into the successor mbb SuccessMBB and /// terminators of this basic block into the successor mbb SuccessMBB and
/// replace it with a compare/branch to the successor mbbs /// replace it with a compare/branch to the successor mbbs
/// SuccessMBB/FailureMBB depending on whether or not the stack protector /// SuccessMBB/FailureMBB depending on whether or not the stack protector
/// was violated. /// was violated.
MachineBasicBlock *ParentMBB; MachineBasicBlock *ParentMBB;
/// A basic block visited on stack protector check success that contains the /// A basic block visited on stack protector check success that contains the
/// terminators of ParentMBB. /// terminators of ParentMBB.
MachineBasicBlock *SuccessMBB; MachineBasicBlock *SuccessMBB;
/// This basic block visited on stack protector check failure that will /// This basic block visited on stack protector check failure that will
/// contain a call to __stack_chk_fail(). /// contain a call to __stack_chk_fail().
MachineBasicBlock *FailureMBB; MachineBasicBlock *FailureMBB;
/// The guard variable which we will compare against the stored value in the
/// stack protector stack slot.
const Value *Guard;
/// The virtual register holding the stack guard value. /// The virtual register holding the stack guard value.
iterateeUnsubmitted
Not Done
ReplyInline Actions

Is this still accurate? Are we keeping support for loading an address?

iteratee: Is this still accurate? Are we keeping support for loading an address?
timshenAuthorUnsubmitted
Not Done
ReplyInline Actions

According to the documentation, we never support loading an arbitrary address. We only support loading @__stack_chk_guard. I would say in visitSPDescriptorParent, it doesn't have to check if the LoadInst is actually loading @__stack_chk_guard, because we are already doing more than that (loads @__guard_local on OpenBSD).

timshen: According to the documentation, we never support loading an arbitrary address. We only support…
unsigned GuardReg; unsigned GuardReg;
/// Add a successor machine basic block to ParentMBB. If the successor mbb /// Add a successor machine basic block to ParentMBB. If the successor mbb
/// has not been created yet (i.e. if SuccMBB = 0), then the machine basic /// has not been created yet (i.e. if SuccMBB = 0), then the machine basic
/// block will be created. Assign a large weight if IsLikely is true. /// block will be created. Assign a large weight if IsLikely is true.
MachineBasicBlock *AddSuccessorMBB(const BasicBlock *BB, MachineBasicBlock *AddSuccessorMBB(const BasicBlock *BB,
MachineBasicBlock *ParentMBB, MachineBasicBlock *ParentMBB,
bool IsLikely, bool IsLikely,
▲ Show 20 LinesShow All 459 LinesShow Last 20 Lines

lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 1,928 Lines▼ Show 20 Linesvoid SelectionDAGBuilder::visitSPDescriptorParent(StackProtectorDescriptor &SPD,
// First create the loads to the guard/stack slot for the comparison. // First create the loads to the guard/stack slot for the comparison.
const TargetLowering &TLI = DAG.getTargetLoweringInfo(); const TargetLowering &TLI = DAG.getTargetLoweringInfo();
EVT PtrTy = TLI.getPointerTy(DAG.getDataLayout()); EVT PtrTy = TLI.getPointerTy(DAG.getDataLayout());
MachineFrameInfo *MFI = ParentBB->getParent()->getFrameInfo(); MachineFrameInfo *MFI = ParentBB->getParent()->getFrameInfo();
int FI = MFI->getStackProtectorIndex(); int FI = MFI->getStackProtectorIndex();
const Value *IRGuard = SPD.getGuard(); const Module &M = *ParentBB->getParent()->getFunction()->getParent();
const Value *IRGuard = TLI.getStackGuardAddr(M);
assert(IRGuard);
echristoUnsubmitted
Done
ReplyInline Actions

Typical llvm style is: assert((cond) && "Some explanatory text")

(This happens in other places in your patch, I'll just include the first one)

echristo: Typical llvm style is: assert((cond) && "Some explanatory text") (This happens in other places…
SDValue GuardPtr = getValue(IRGuard); SDValue GuardPtr = getValue(IRGuard);
SDValue StackSlotPtr = DAG.getFrameIndex(FI, PtrTy); SDValue StackSlotPtr = DAG.getFrameIndex(FI, PtrTy);
unsigned Align = DL->getPrefTypeAlignment(IRGuard->getType()); unsigned Align = DL->getPrefTypeAlignment(IRGuard->getType());
SDValue Guard; SDValue Guard;
SDLoc dl = getCurSDLoc(); SDLoc dl = getCurSDLoc();
▲ Show 20 LinesShow All 3,399 Lines▼ Show 20 LinesSelectionDAGBuilder::visitIntrinsicCall(const CallInst &I, unsigned Intrinsic) {
} }
case Intrinsic::invariant_start: case Intrinsic::invariant_start:
// Discard region information. // Discard region information.
setValue(&I, DAG.getUNDEF(TLI.getPointerTy(DAG.getDataLayout()))); setValue(&I, DAG.getUNDEF(TLI.getPointerTy(DAG.getDataLayout())));
return nullptr; return nullptr;
case Intrinsic::invariant_end: case Intrinsic::invariant_end:
// Discard region information. // Discard region information.
return nullptr; return nullptr;
case Intrinsic::stackprotectorcheck: {
// Do not actually emit anything for this basic block. Instead we initialize
// the stack protector descriptor and export the guard variable so we can
// access it in FinishBasicBlock.
const BasicBlock *BB = I.getParent();
SPDescriptor.initialize(BB, FuncInfo.MBBMap[BB], I);
ExportFromCurrentBlock(SPDescriptor.getGuard());
// Flush our exports since we are going to process a terminator.
(void)getControlRoot();
return nullptr;
}
case Intrinsic::clear_cache: case Intrinsic::clear_cache:
return TLI.getClearCacheBuiltinName(); return TLI.getClearCacheBuiltinName();
case Intrinsic::donothing: case Intrinsic::donothing:
iterateeUnsubmitted
Done
ReplyInline Actions

I'm not sure I understand this comment.

iteratee: I'm not sure I understand this comment.
timshenAuthorUnsubmitted
Not Done
ReplyInline Actions

Updated - simply forward the Value* to visitSPDescriptorParent, and inspect if it's a CallInst or a Load there.

timshen: Updated - simply forward the Value* to visitSPDescriptorParent, and inspect if it's a CallInst…
// ignore // ignore
return nullptr; return nullptr;
case Intrinsic::experimental_stackmap: { case Intrinsic::experimental_stackmap: {
visitStackmap(I); visitStackmap(I);
return nullptr; return nullptr;
} }
case Intrinsic::experimental_patchpoint_void: case Intrinsic::experimental_patchpoint_void:
case Intrinsic::experimental_patchpoint_i64: { case Intrinsic::experimental_patchpoint_i64: {
▲ Show 20 LinesShow All 3,453 LinesShow Last 20 Lines

lib/CodeGen/SelectionDAG/SelectionDAGISel.cpp

//===-- SelectionDAGISel.cpp - Implement the SelectionDAGISel class -------===// //===-- SelectionDAGISel.cpp - Implement the SelectionDAGISel class -------===//
// //
// The LLVM Compiler Infrastructure // The LLVM Compiler Infrastructure
// //
// This file is distributed under the University of Illinois Open Source // This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details. // License. See LICENSE.TXT for details.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
// //
// This implements the SelectionDAGISel class. // This implements the SelectionDAGISel class.
// //
//===----------------------------------------------------------------------===// //===----------------------------------------------------------------------===//
#include "llvm/CodeGen/GCStrategy.h" #include "llvm/CodeGen/SelectionDAG.h"
#include "ScheduleDAGSDNodes.h" #include "ScheduleDAGSDNodes.h"
#include "SelectionDAGBuilder.h" #include "SelectionDAGBuilder.h"
#include "llvm/ADT/PostOrderIterator.h" #include "llvm/ADT/PostOrderIterator.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/Analysis/AliasAnalysis.h" #include "llvm/Analysis/AliasAnalysis.h"
#include "llvm/Analysis/BranchProbabilityInfo.h" #include "llvm/Analysis/BranchProbabilityInfo.h"
#include "llvm/Analysis/CFG.h" #include "llvm/Analysis/CFG.h"
#include "llvm/Analysis/EHPersonalities.h" #include "llvm/Analysis/EHPersonalities.h"
#include "llvm/Analysis/TargetLibraryInfo.h" #include "llvm/Analysis/TargetLibraryInfo.h"
#include "llvm/CodeGen/Analysis.h" #include "llvm/CodeGen/Analysis.h"
#include "llvm/CodeGen/FastISel.h" #include "llvm/CodeGen/FastISel.h"
#include "llvm/CodeGen/FunctionLoweringInfo.h" #include "llvm/CodeGen/FunctionLoweringInfo.h"
#include "llvm/CodeGen/GCMetadata.h" #include "llvm/CodeGen/GCMetadata.h"
#include "llvm/CodeGen/GCStrategy.h"
#include "llvm/CodeGen/MachineFrameInfo.h" #include "llvm/CodeGen/MachineFrameInfo.h"
#include "llvm/CodeGen/MachineFunction.h" #include "llvm/CodeGen/MachineFunction.h"
#include "llvm/CodeGen/MachineInstrBuilder.h" #include "llvm/CodeGen/MachineInstrBuilder.h"
#include "llvm/CodeGen/MachineModuleInfo.h" #include "llvm/CodeGen/MachineModuleInfo.h"
#include "llvm/CodeGen/MachineRegisterInfo.h" #include "llvm/CodeGen/MachineRegisterInfo.h"
#include "llvm/CodeGen/ScheduleHazardRecognizer.h" #include "llvm/CodeGen/ScheduleHazardRecognizer.h"
#include "llvm/CodeGen/SchedulerRegistry.h" #include "llvm/CodeGen/SchedulerRegistry.h"
#include "llvm/CodeGen/SelectionDAG.h"
#include "llvm/CodeGen/SelectionDAGISel.h" #include "llvm/CodeGen/SelectionDAGISel.h"
#include "llvm/CodeGen/StackProtector.h"
#include "llvm/CodeGen/WinEHFuncInfo.h" #include "llvm/CodeGen/WinEHFuncInfo.h"
#include "llvm/IR/Constants.h" #include "llvm/IR/Constants.h"
#include "llvm/IR/DebugInfo.h" #include "llvm/IR/DebugInfo.h"
#include "llvm/IR/Function.h" #include "llvm/IR/Function.h"
#include "llvm/IR/InlineAsm.h" #include "llvm/IR/InlineAsm.h"
#include "llvm/IR/Instructions.h" #include "llvm/IR/Instructions.h"
#include "llvm/IR/IntrinsicInst.h" #include "llvm/IR/IntrinsicInst.h"
#include "llvm/IR/Intrinsics.h" #include "llvm/IR/Intrinsics.h"
▲ Show 20 LinesShow All 327 Lines▼ Show 20 LinesSelectionDAGISel::~SelectionDAGISel() {
delete SDB; delete SDB;
delete CurDAG; delete CurDAG;
delete FuncInfo; delete FuncInfo;
} }
void SelectionDAGISel::getAnalysisUsage(AnalysisUsage &AU) const { void SelectionDAGISel::getAnalysisUsage(AnalysisUsage &AU) const {
AU.addRequired<AAResultsWrapperPass>(); AU.addRequired<AAResultsWrapperPass>();
AU.addRequired<GCModuleInfo>(); AU.addRequired<GCModuleInfo>();
AU.addRequired<StackProtector>();
AU.addPreserved<StackProtector>();
AU.addPreserved<GCModuleInfo>(); AU.addPreserved<GCModuleInfo>();
AU.addRequired<TargetLibraryInfoWrapperPass>(); AU.addRequired<TargetLibraryInfoWrapperPass>();
if (UseMBPI && OptLevel != CodeGenOpt::None) if (UseMBPI && OptLevel != CodeGenOpt::None)
AU.addRequired<BranchProbabilityInfoWrapperPass>(); AU.addRequired<BranchProbabilityInfoWrapperPass>();
MachineFunctionPass::getAnalysisUsage(AU); MachineFunctionPass::getAnalysisUsage(AU);
} }
/// SplitCriticalSideEffectEdges - Look for critical edges with a PHI value that /// SplitCriticalSideEffectEdges - Look for critical edges with a PHI value that
▲ Show 20 LinesShow All 962 Lines▼ Show 20 Lines#endif
FastIS->recomputeInsertPt(); FastIS->recomputeInsertPt();
} else { } else {
// Lower any arguments needed in this block if this is the entry block. // Lower any arguments needed in this block if this is the entry block.
if (LLVMBB == &Fn.getEntryBlock()) { if (LLVMBB == &Fn.getEntryBlock()) {
++NumEntryBlocks; ++NumEntryBlocks;
LowerArguments(Fn); LowerArguments(Fn);
} }
} }
auto &SP = getAnalysis<StackProtector>();
echristoUnsubmitted
Done
ReplyInline Actions

Comment.

echristo: Comment.
timshenAuthorUnsubmitted
Not Done
ReplyInline Actions

As suggested by gottesmm, moved this condition into StackProtector::shouldEmitSDCheck(), and documented.

timshen: As suggested by gottesmm, moved this condition into StackProtector::shouldEmitSDCheck(), and…
if (dyn_cast<ReturnInst>(LLVMBB->getTerminator()) && SP.hasPrologue() &&
!SP.hasIRCheck()) {
SDB->SPDescriptor.initialize(LLVMBB, FuncInfo->MBBMap[LLVMBB]);
}
if (Begin != BI) if (Begin != BI)
++NumDAGBlocks; ++NumDAGBlocks;
else else
++NumFastIselBlocks; ++NumFastIselBlocks;
if (Begin != BI) { if (Begin != BI) {
// Run SelectionDAG instruction selection on the remainder of the block // Run SelectionDAG instruction selection on the remainder of the block
▲ Show 20 LinesShow All 2,091 LinesShow Last 20 Lines

lib/CodeGen/StackProtector.cpp

Show All 39 Lines
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "stack-protector" #define DEBUG_TYPE "stack-protector"
STATISTIC(NumFunProtected, "Number of functions protected"); STATISTIC(NumFunProtected, "Number of functions protected");
STATISTIC(NumAddrTaken, "Number of local variables that have their address" STATISTIC(NumAddrTaken, "Number of local variables that have their address"
" taken."); " taken.");
static cl::opt<bool> EnableSelectionDAGSP("enable-selectiondag-sp",
cl::init(true), cl::Hidden);
char StackProtector::ID = 0; char StackProtector::ID = 0;
INITIALIZE_PASS(StackProtector, "stack-protector", "Insert stack protectors", INITIALIZE_PASS(StackProtector, "stack-protector", "Insert stack protectors",
false, true) false, true)
FunctionPass *llvm::createStackProtectorPass(const TargetMachine *TM) { FunctionPass *llvm::createStackProtectorPass(const TargetMachine *TM) {
return new StackProtector(TM); return new StackProtector(TM);
} }
Show All 25 Lines
bool StackProtector::runOnFunction(Function &Fn) { bool StackProtector::runOnFunction(Function &Fn) {
F = &Fn; F = &Fn;
M = F->getParent(); M = F->getParent();
DominatorTreeWrapperPass *DTWP = DominatorTreeWrapperPass *DTWP =
getAnalysisIfAvailable<DominatorTreeWrapperPass>(); getAnalysisIfAvailable<DominatorTreeWrapperPass>();
DT = DTWP ? &DTWP->getDomTree() : nullptr; DT = DTWP ? &DTWP->getDomTree() : nullptr;
TLI = TM->getSubtargetImpl(Fn)->getTargetLowering(); TLI = TM->getSubtargetImpl(Fn)->getTargetLowering();
HasPrologue = false;
HasIRCheck = false;
Attribute Attr = Fn.getFnAttribute("stack-protector-buffer-size"); Attribute Attr = Fn.getFnAttribute("stack-protector-buffer-size");
if (Attr.isStringAttribute() && if (Attr.isStringAttribute() &&
Attr.getValueAsString().getAsInteger(10, SSPBufferSize)) Attr.getValueAsString().getAsInteger(10, SSPBufferSize))
return false; // Invalid integer string return false; // Invalid integer string
if (!RequiresStackProtector()) if (!RequiresStackProtector())
return false; return false;
▲ Show 20 LinesShow All 95 Lines▼ Show 20 Lines
/// strong heuristic will add a guard variables to functions that call alloca /// strong heuristic will add a guard variables to functions that call alloca
/// regardless of size, functions with any buffer regardless of type and size, /// regardless of size, functions with any buffer regardless of type and size,
/// functions with aggregates that contain any buffer regardless of type and /// functions with aggregates that contain any buffer regardless of type and
/// size, and functions that contain stack-based variables that have had their /// size, and functions that contain stack-based variables that have had their
/// address taken. /// address taken.
bool StackProtector::RequiresStackProtector() { bool StackProtector::RequiresStackProtector() {
bool Strong = false; bool Strong = false;
bool NeedsProtector = false; bool NeedsProtector = false;
for (const BasicBlock &BB : *F) {
echristoUnsubmitted
Done
ReplyInline Actions

Standard style for this would be no braces for any of the conditionals or block.

echristo: Standard style for this would be no braces for any of the conditionals or block.
for (const Instruction &I : BB) {
if (const CallInst *CI = dyn_cast<CallInst>(&I)) {
if (CI->getCalledFunction() ==
Intrinsic::getDeclaration(F->getParent(),
Intrinsic::stackprotector)) {
HasPrologue = true;
}
}
}
}
if (F->hasFnAttribute(Attribute::StackProtectReq)) { if (F->hasFnAttribute(Attribute::StackProtectReq)) {
NeedsProtector = true; NeedsProtector = true;
Strong = true; // Use the same heuristic as strong to determine SSPLayout Strong = true; // Use the same heuristic as strong to determine SSPLayout
} else if (F->hasFnAttribute(Attribute::StackProtectStrong)) } else if (F->hasFnAttribute(Attribute::StackProtectStrong))
Strong = true; Strong = true;
else if (HasPrologue)
NeedsProtector = true;
else if (!F->hasFnAttribute(Attribute::StackProtect)) else if (!F->hasFnAttribute(Attribute::StackProtect))
return false; return false;
for (const BasicBlock &BB : *F) { for (const BasicBlock &BB : *F) {
for (const Instruction &I : BB) { for (const Instruction &I : BB) {
if (const AllocaInst *AI = dyn_cast<AllocaInst>(&I)) { if (const AllocaInst *AI = dyn_cast<AllocaInst>(&I)) {
if (AI->isArrayAllocation()) { if (AI->isArrayAllocation()) {
// SSP-Strong: Enable protectors for any call to alloca, regardless // SSP-Strong: Enable protectors for any call to alloca, regardless
Show All 35 Lines for (const Instruction &I : BB) {
} }
} }
} }
} }
return NeedsProtector; return NeedsProtector;
} }
static bool InstructionWillNotHaveChain(const Instruction *I) {
return !I->mayHaveSideEffects() && !I->mayReadFromMemory() &&
isSafeToSpeculativelyExecute(I);
}
/// Identify if RI has a previous instruction in the "Tail Position" and return
/// it. Otherwise return 0.
///
/// This is based off of the code in llvm::isInTailCallPosition. The difference
/// is that it inverts the first part of llvm::isInTailCallPosition since
/// isInTailCallPosition is checking if a call is in a tail call position, and
/// we are searching for an unknown tail call that might be in the tail call
/// position. Once we find the call though, the code uses the same refactored
/// code, returnTypeIsEligibleForTailCall.
static CallInst *FindPotentialTailCall(BasicBlock *BB, ReturnInst *RI,
const TargetLoweringBase *TLI) {
// Establish a reasonable upper bound on the maximum amount of instructions we
// will look through to find a tail call.
unsigned SearchCounter = 0;
const unsigned MaxSearch = 4;
bool NoInterposingChain = true;
for (BasicBlock::reverse_iterator I = std::next(BB->rbegin()), E = BB->rend();
I != E && SearchCounter < MaxSearch; ++I) {
Instruction *Inst = &*I;
// Skip over debug intrinsics and do not allow them to affect our MaxSearch
// counter.
if (isa<DbgInfoIntrinsic>(Inst))
continue;
// If we find a call and the following conditions are satisifed, then we
// have found a tail call that satisfies at least the target independent
// requirements of a tail call:
//
// 1. The call site has the tail marker.
//
// 2. The call site either will not cause the creation of a chain or if a
// chain is necessary there are no instructions in between the callsite and
// the call which would create an interposing chain.
//
// 3. The return type of the function does not impede tail call
// optimization.
if (CallInst *CI = dyn_cast<CallInst>(Inst)) {
if (CI->isTailCall() &&
(InstructionWillNotHaveChain(CI) || NoInterposingChain) &&
returnTypeIsEligibleForTailCall(BB->getParent(), CI, RI, *TLI))
return CI;
}
// If we did not find a call see if we have an instruction that may create
// an interposing chain.
NoInterposingChain =
NoInterposingChain && InstructionWillNotHaveChain(Inst);
// Increment max search.
SearchCounter++;
}
return nullptr;
}
/// Insert code into the entry block that stores the __stack_chk_guard /// Insert code into the entry block that stores the __stack_chk_guard
/// variable onto the stack: /// variable onto the stack:
/// ///
/// entry: /// entry:
/// StackGuardSlot = alloca i8* /// StackGuardSlot = alloca i8*
/// StackGuard = load __stack_chk_guard /// StackGuard = load __stack_chk_guard
/// call void @llvm.stackprotect.create(StackGuard, StackGuardSlot) /// call void @llvm.stackprotect.create(StackGuard, StackGuardSlot)
/// ///
/// Returns true if the platform/triple supports the stackprotectorcreate pseudo /// Returns true if the platform/triple supports the stackprotectorcreate pseudo
/// node. /// node.
static bool CreatePrologue(Function *F, Module *M, ReturnInst *RI, static void CreatePrologue(Function *F, Module *M, ReturnInst *RI,
const TargetLoweringBase *TLI, const Triple &TT, const TargetLoweringBase *TLI, AllocaInst *&AI,
AllocaInst *&AI, Value *&StackGuardVar) { Value *&StackGuardVar) {
bool SupportsSelectionDAGSP = false; TLI->insertSSPDeclarations(*M);
PointerType *PtrTy = Type::getInt8PtrTy(RI->getContext()); StackGuardVar = TLI->getStackGuardAddr(*M);
unsigned AddressSpace, Offset; assert(StackGuardVar);
if (TLI->getStackCookieLocation(AddressSpace, Offset)) {
Constant *OffsetVal =
ConstantInt::get(Type::getInt32Ty(RI->getContext()), Offset);
StackGuardVar =
ConstantExpr::getIntToPtr(OffsetVal, PointerType::get(PtrTy,
AddressSpace));
} else if (TT.isOSOpenBSD()) {
StackGuardVar = M->getOrInsertGlobal("__guard_local", PtrTy);
cast<GlobalValue>(StackGuardVar)
->setVisibility(GlobalValue::HiddenVisibility);
} else {
SupportsSelectionDAGSP = true;
StackGuardVar = M->getOrInsertGlobal("__stack_chk_guard", PtrTy);
}
PointerType *PtrTy = Type::getInt8PtrTy(RI->getContext());
IRBuilder<> B(&F->getEntryBlock().front()); IRBuilder<> B(&F->getEntryBlock().front());
AI = B.CreateAlloca(PtrTy, nullptr, "StackGuardSlot"); AI = B.CreateAlloca(PtrTy, nullptr, "StackGuardSlot");
LoadInst *LI = B.CreateLoad(StackGuardVar, "StackGuard"); LoadInst *LI = B.CreateLoad(StackGuardVar, "StackGuard");
B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackprotector), B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackprotector),
{LI, AI}); {LI, AI});
return SupportsSelectionDAGSP;
} }
/// InsertStackProtectors - Insert code into the prologue and epilogue of the /// InsertStackProtectors - Insert code into the prologue and epilogue of the
/// function. /// function.
/// ///
/// - The prologue code loads and stores the stack guard onto the stack. /// - The prologue code loads and stores the stack guard onto the stack.
/// - The epilogue checks the value stored in the prologue against the original /// - The epilogue checks the value stored in the prologue against the original
/// value. It calls __stack_chk_fail if they differ. /// value. It calls __stack_chk_fail if they differ.
bool StackProtector::InsertStackProtectors() { bool StackProtector::InsertStackProtectors() {
bool HasPrologue = false;
bool SupportsSelectionDAGSP =
EnableSelectionDAGSP && !TM->Options.EnableFastISel;
AllocaInst *AI = nullptr; // Place on stack that stores the stack guard. AllocaInst *AI = nullptr; // Place on stack that stores the stack guard.
Value *StackGuardVar = nullptr; // The stack guard variable. Value *StackGuardVar = nullptr; // The stack guard variable.
for (Function::iterator I = F->begin(), E = F->end(); I != E;) { for (Function::iterator I = F->begin(), E = F->end(); I != E;) {
BasicBlock *BB = &*I++; BasicBlock *BB = &*I++;
ReturnInst *RI = dyn_cast<ReturnInst>(BB->getTerminator()); ReturnInst *RI = dyn_cast<ReturnInst>(BB->getTerminator());
if (!RI) if (!RI)
continue; continue;
if (!HasPrologue) { if (!HasPrologue) {
HasPrologue = true; HasPrologue = true;
SupportsSelectionDAGSP &= CreatePrologue(F, M, RI, TLI, AI, StackGuardVar);
CreatePrologue(F, M, RI, TLI, Trip, AI, StackGuardVar);
}
if (SupportsSelectionDAGSP) {
// Since we have a potential tail call, insert the special stack check
// intrinsic.
Instruction *InsertionPt = nullptr;
if (CallInst *CI = FindPotentialTailCall(BB, RI, TLI)) {
InsertionPt = CI;
} else {
InsertionPt = RI;
// At this point we know that BB has a return statement so it *DOES*
// have a terminator.
assert(InsertionPt != nullptr &&
"BB must have a terminator instruction at this point.");
} }
Function *Intrinsic = if (!TLI->supportsSelectionDAGSP()) {
Intrinsic::getDeclaration(M, Intrinsic::stackprotectorcheck);
CallInst::Create(Intrinsic, StackGuardVar, "", InsertionPt);
} else {
// If we do not support SelectionDAG based tail calls, generate IR level // If we do not support SelectionDAG based tail calls, generate IR level
// tail calls. // tail calls.
// //
// For each block with a return instruction, convert this: // For each block with a return instruction, convert this:
// //
// return: // return:
// ... // ...
// ret ... // ret ...
// //
// into this: // into this:
// //
// return: // return:
// ... // ...
// %1 = load __stack_chk_guard // %1 = load __stack_chk_guard
iterateeUnsubmitted
Done
ReplyInline Actions

I think this comment should read %1 = <load or intrinsic to read stack guard>

iteratee: I think this comment should read %1 = <load or intrinsic to read stack guard>
// %2 = load StackGuardSlot // %2 = load StackGuardSlot
// %3 = cmp i1 %1, %2 // %3 = cmp i1 %1, %2
// br i1 %3, label %SP_return, label %CallStackCheckFailBlk // br i1 %3, label %SP_return, label %CallStackCheckFailBlk
// //
// SP_return: // SP_return:
// ret ... // ret ...
// //
// CallStackCheckFailBlk: // CallStackCheckFailBlk:
// call void @__stack_chk_fail() // call void @__stack_chk_fail()
// unreachable // unreachable
// Create the FailBB. We duplicate the BB every time since the MI tail // Create the FailBB. We duplicate the BB every time since the MI tail
// merge pass will merge together all of the various BB into one including // merge pass will merge together all of the various BB into one including
// fail BB generated by the stack protector pseudo instruction. // fail BB generated by the stack protector pseudo instruction.
HasIRCheck = true;
iterateeUnsubmitted
Done
ReplyInline Actions

Comment seems to belong to the instruction below. A comment about HasIRCheck would be nice too.

iteratee: Comment seems to belong to the instruction below. A comment about HasIRCheck would be nice too.
BasicBlock *FailBB = CreateFailBB(); BasicBlock *FailBB = CreateFailBB();
// Split the basic block before the return instruction. // Split the basic block before the return instruction.
BasicBlock *NewBB = BB->splitBasicBlock(RI->getIterator(), "SP_return"); BasicBlock *NewBB = BB->splitBasicBlock(RI->getIterator(), "SP_return");
// Update the dominator tree if we need to. // Update the dominator tree if we need to.
if (DT && DT->isReachableFromEntry(BB)) { if (DT && DT->isReachableFromEntry(BB)) {
DT->addNewBlock(NewBB, BB); DT->addNewBlock(NewBB, BB);
▲ Show 20 LinesShow All 53 LinesShow Last 20 Lines

lib/CodeGen/TargetLoweringBase.cpp

Show All 37 Lines
#include <cctype> #include <cctype>
using namespace llvm; using namespace llvm;
static cl::opt<bool> JumpIsExpensiveOverride( static cl::opt<bool> JumpIsExpensiveOverride(
"jump-is-expensive", cl::init(false), "jump-is-expensive", cl::init(false),
cl::desc("Do not create extra branches to split comparison logic."), cl::desc("Do not create extra branches to split comparison logic."),
cl::Hidden); cl::Hidden);
static cl::opt<bool> EnableSelectionDAGSP("enable-selectiondag-sp",
cl::init(true), cl::Hidden);
/// InitLibcallNames - Set default libcall names. /// InitLibcallNames - Set default libcall names.
/// ///
static void InitLibcallNames(const char **Names, const Triple &TT) { static void InitLibcallNames(const char **Names, const Triple &TT) {
Names[RTLIB::SHL_I16] = "__ashlhi3"; Names[RTLIB::SHL_I16] = "__ashlhi3";
Names[RTLIB::SHL_I32] = "__ashlsi3"; Names[RTLIB::SHL_I32] = "__ashlsi3";
Names[RTLIB::SHL_I64] = "__ashldi3"; Names[RTLIB::SHL_I64] = "__ashldi3";
Names[RTLIB::SHL_I128] = "__ashlti3"; Names[RTLIB::SHL_I128] = "__ashlti3";
Names[RTLIB::SRL_I16] = "__lshrhi3"; Names[RTLIB::SRL_I16] = "__lshrhi3";
▲ Show 20 LinesShow All 1,686 Lines▼ Show 20 Lines case 2:
// Allow 2*r as r+r. // Allow 2*r as r+r.
break; break;
default: // Don't allow n * r default: // Don't allow n * r
return false; return false;
} }
return true; return true;
} }
bool TargetLoweringBase::supportsSelectionDAGSP() const {
echristoUnsubmitted
Done
ReplyInline Actions

Block comments on all of these if there aren't any in the .h file please? (I prefer more detailed comments on the implementation, but still).

echristo: Block comments on all of these if there aren't any in the .h file please? (I prefer more…
return EnableSelectionDAGSP && !getTargetMachine().Options.EnableFastISel &&
!getTargetMachine().getTargetTriple().isOSOpenBSD();
}
void TargetLoweringBase::insertSSPDeclarations(Module &M) const {
PointerType *PtrTy = Type::getInt8PtrTy(M.getContext());
if (getTargetMachine().getTargetTriple().isOSOpenBSD()) {
cast<GlobalValue>(M.getOrInsertGlobal("__guard_local", PtrTy))
->setVisibility(GlobalValue::HiddenVisibility);
} else {
M.getOrInsertGlobal("__stack_chk_guard", PtrTy);
}
}
Value *TargetLoweringBase::getStackGuardAddr(const Module &M) const {
if (getTargetMachine().getTargetTriple().isOSOpenBSD()) {
return M.getGlobalVariable("__guard_local");
}
return M.getGlobalVariable("__stack_chk_guard");
}

lib/IR/AutoUpgrade.cpp

Show First 20 LinesShow All 153 Lines▼ Show 20 Lines if (F->arg_size() == 2 && Name.startswith("objectsize.")) {
F->setName(Name + ".old"); F->setName(Name + ".old");
NewFn = Intrinsic::getDeclaration(F->getParent(), NewFn = Intrinsic::getDeclaration(F->getParent(),
Intrinsic::objectsize, Tys); Intrinsic::objectsize, Tys);
return true; return true;
} }
} }
break; break;
case 's':
if (Name == "stackprotectorcheck") {
NewFn = nullptr;
return true;
}
case 'x': { case 'x': {
if (Name.startswith("x86.sse2.pcmpeq.") || if (Name.startswith("x86.sse2.pcmpeq.") ||
Name.startswith("x86.sse2.pcmpgt.") || Name.startswith("x86.sse2.pcmpgt.") ||
Name.startswith("x86.avx2.pcmpeq.") || Name.startswith("x86.avx2.pcmpeq.") ||
Name.startswith("x86.avx2.pcmpgt.") || Name.startswith("x86.avx2.pcmpgt.") ||
Name.startswith("x86.avx2.vbroadcast") || Name.startswith("x86.avx2.vbroadcast") ||
Name.startswith("x86.avx2.pbroadcast") || Name.startswith("x86.avx2.pbroadcast") ||
Name.startswith("x86.avx.vpermil.") || Name.startswith("x86.avx.vpermil.") ||
▲ Show 20 LinesShow All 470 Lines▼ Show 20 Lines if (Name.startswith("llvm.x86.sse2.pcmpeq.") ||
SmallVector<Constant*, 4> Idxs(NumElts); SmallVector<Constant*, 4> Idxs(NumElts);
for (unsigned i = 0; i != NumElts; ++i) { for (unsigned i = 0; i != NumElts; ++i) {
unsigned Idx = Imm ? (i + NumElts) : i; unsigned Idx = Imm ? (i + NumElts) : i;
Idxs[i] = Builder.getInt32(Idx); Idxs[i] = Builder.getInt32(Idx);
} }
Value *UndefV = UndefValue::get(Op0->getType()); Value *UndefV = UndefValue::get(Op0->getType());
Rep = Builder.CreateShuffleVector(Op0, UndefV, ConstantVector::get(Idxs)); Rep = Builder.CreateShuffleVector(Op0, UndefV, ConstantVector::get(Idxs));
} else if (Name == "llvm.stackprotectorcheck") {
Rep = nullptr;
} else { } else {
bool PD128 = false, PD256 = false, PS128 = false, PS256 = false; bool PD128 = false, PD256 = false, PS128 = false, PS256 = false;
if (Name == "llvm.x86.avx.vpermil.pd.256") if (Name == "llvm.x86.avx.vpermil.pd.256")
PD256 = true; PD256 = true;
else if (Name == "llvm.x86.avx.vpermil.pd") else if (Name == "llvm.x86.avx.vpermil.pd")
PD128 = true; PD128 = true;
else if (Name == "llvm.x86.avx.vpermil.ps.256") else if (Name == "llvm.x86.avx.vpermil.ps.256")
PS256 = true; PS256 = true;
Show All 23 Lines if (Name.startswith("llvm.x86.sse2.pcmpeq.") ||
llvm_unreachable("Unexpected function"); llvm_unreachable("Unexpected function");
Rep = Builder.CreateShuffleVector(Op0, Op0, ConstantVector::get(Idxs)); Rep = Builder.CreateShuffleVector(Op0, Op0, ConstantVector::get(Idxs));
} else { } else {
llvm_unreachable("Unknown function for CallInst upgrade."); llvm_unreachable("Unknown function for CallInst upgrade.");
} }
} }
if (Rep)
CI->replaceAllUsesWith(Rep); CI->replaceAllUsesWith(Rep);
CI->eraseFromParent(); CI->eraseFromParent();
return; return;
} }
std::string Name = CI->getName(); std::string Name = CI->getName();
if (!Name.empty()) if (!Name.empty())
CI->setName(Name + ".old"); CI->setName(Name + ".old");
▲ Show 20 LinesShow All 262 LinesShow Last 20 Lines

lib/Target/X86/X86ISelLowering.h

Show First 20 LinesShow All 942 Lines▼ Show 20 Lines public:
virtual bool needsFixedCatchObjects() const override; virtual bool needsFixedCatchObjects() const override;
/// This method returns a target specific FastISel object, /// This method returns a target specific FastISel object,
/// or null if the target does not support "fast" ISel. /// or null if the target does not support "fast" ISel.
FastISel *createFastISel(FunctionLoweringInfo &funcInfo, FastISel *createFastISel(FunctionLoweringInfo &funcInfo,
const TargetLibraryInfo *libInfo) const override; const TargetLibraryInfo *libInfo) const override;
/// Return true if the target stores stack protector cookies at a fixed bool supportsSelectionDAGSP() const override;
/// offset in some non-standard address space, and populates the address
/// space and offset as appropriate. void insertSSPDeclarations(Module &M) const override;
bool getStackCookieLocation(unsigned &AddressSpace,
unsigned &Offset) const override; Value *getStackGuardAddr(const Module &M) const override;
/// Return true if the target stores SafeStack pointer at a fixed offset in /// Return true if the target stores SafeStack pointer at a fixed offset in
/// some non-standard address space, and populates the address space and /// some non-standard address space, and populates the address space and
/// offset as appropriate. /// offset as appropriate.
Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const override; Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const override;
SDValue BuildFILD(SDValue Op, EVT SrcVT, SDValue Chain, SDValue StackSlot, SDValue BuildFILD(SDValue Op, EVT SrcVT, SDValue Chain, SDValue StackSlot,
SelectionDAG &DAG) const; SelectionDAG &DAG) const;
▲ Show 20 LinesShow All 247 LinesShow Last 20 Lines

lib/Target/X86/X86ISelLowering.cpp

  • This file is larger than 256 KB, so syntax highlighting is disabled by default.
Show First 20 LinesShow All 2,154 Lines▼ Show 20 Lines
} }
unsigned X86TargetLowering::getAddressSpace() const { unsigned X86TargetLowering::getAddressSpace() const {
if (Subtarget.is64Bit()) if (Subtarget.is64Bit())
return (getTargetMachine().getCodeModel() == CodeModel::Kernel) ? 256 : 257; return (getTargetMachine().getCodeModel() == CodeModel::Kernel) ? 256 : 257;
return 256; return 256;
} }
bool X86TargetLowering::getStackCookieLocation(unsigned &AddressSpace, bool X86TargetLowering::supportsSelectionDAGSP() const {
unsigned &Offset) const { return !Subtarget.isTargetLinux() && TargetLowering::supportsSelectionDAGSP();
}
void X86TargetLowering::insertSSPDeclarations(Module &M) const {
if (!Subtarget.isTargetLinux()) if (!Subtarget.isTargetLinux())
return false; TargetLowering::insertSSPDeclarations(M);
}
Value *X86TargetLowering::getStackGuardAddr(const Module &M) const {
if (!Subtarget.isTargetLinux())
return TargetLowering::getStackGuardAddr(M);
// %fs:0x28, unless we're using a Kernel code model, in which case it's %gs: // %fs:0x28, unless we're using a Kernel code model, in which case it's %gs:
// %gs:0x14 on i386 // %gs:0x14 on i386
Offset = (Subtarget.is64Bit()) ? 0x28 : 0x14; unsigned Offset = (Subtarget.is64Bit()) ? 0x28 : 0x14;
AddressSpace = getAddressSpace(); unsigned AddressSpace = getAddressSpace();
iterateeUnsubmitted
Done
ReplyInline Actions

The address space will go away in a later patch, correct?

iteratee: The address space will go away in a later patch, correct?
timshenAuthorUnsubmitted
Not Done
ReplyInline Actions

Yes, finally X86 should use LOAD_STACK_GUARD as well, but before that I'd like to introduce llvm.stackguard() intrinsic. After that point getStackGuardAddr isn't even needed.

timshen: Yes, finally X86 should use LOAD_STACK_GUARD as well, but before that I'd like to introduce…
return true; PointerType *PtrTy = Type::getInt8PtrTy(M.getContext());
Constant *OffsetVal =
ConstantInt::get(Type::getInt32Ty(M.getContext()), Offset);
return ConstantExpr::getIntToPtr(OffsetVal,
PointerType::get(PtrTy, AddressSpace));
} }
Value *X86TargetLowering::getSafeStackPointerLocation(IRBuilder<> &IRB) const { Value *X86TargetLowering::getSafeStackPointerLocation(IRBuilder<> &IRB) const {
if (!Subtarget.isTargetAndroid()) if (!Subtarget.isTargetAndroid())
return TargetLowering::getSafeStackPointerLocation(IRB); return TargetLowering::getSafeStackPointerLocation(IRB);
// Android provides a fixed TLS slot for the SafeStack pointer. See the // Android provides a fixed TLS slot for the SafeStack pointer. See the
// definition of TLS_SLOT_SAFESTACK in // definition of TLS_SLOT_SAFESTACK in
▲ Show 20 LinesShow All 28,151 LinesShow Last 20 Lines

test/Assembler/auto_upgrade_intrinsics.ll

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
} }
@a = private global [60 x i8] zeroinitializer, align 1 @a = private global [60 x i8] zeroinitializer, align 1
define i32 @test.objectsize() { define i32 @test.objectsize() {
; CHECK-LABEL: @test.objectsize( ; CHECK-LABEL: @test.objectsize(
; CHECK: @llvm.objectsize.i32.p0i8 ; CHECK: @llvm.objectsize.i32.p0i8
; CHECK-DAG: declare i32 @llvm.objectsize.i32.p0i8
echristoUnsubmitted
Done
ReplyInline Actions

Hmm?

echristo: Hmm?
echristoUnsubmitted
Done
ReplyInline Actions

Nevermind, I see it now. That's frustrating, can you add a comment that the declare is for the objectsize upgrade and why?

echristo: Nevermind, I see it now. That's frustrating, can you add a comment that the declare is for the…
%s = call i32 @llvm.objectsize.i32(i8* getelementptr inbounds ([60 x i8], [60 x i8]* @a, i32 0, i32 0), i1 false) %s = call i32 @llvm.objectsize.i32(i8* getelementptr inbounds ([60 x i8], [60 x i8]* @a, i32 0, i32 0), i1 false)
ret i32 %s ret i32 %s
} }
@__stack_chk_guard = external global i8*
declare void @llvm.stackprotectorcheck(i8**)
define void @test.stackprotectorcheck() {
; CHECK-LABEL: @test.stackprotectorcheck(
; CHECK-NEXT: ret void
call void @llvm.stackprotectorcheck(i8** @__stack_chk_guard)
ret void
}
; CHECK: declare i32 @llvm.objectsize.i32.p0i8