This is an archive of the discontinued LLVM Phabricator instance.

Faster stack-protector for Android/AArch64.
ClosedPublic

Authored by eugenis on Mar 30 2016, 4:32 PM.

Download Raw Diff

Details

Reviewers

danalbert
zatrazz
gottesmm
echristo
timshen

Summary

Bionic has a defined thread-local location for the stack protector
cookie. Emit a direct load instead of going through __stack_chk_guard.

The current signature of getStackCookieLocation (returning addressspace + offset) is very x86 specific; let the function generate arbitrary IR for the cookie access instead. This is the same way getSafeStackPointerLocation works.

Diff Detail

Repository: rL LLVM

Event Timeline

eugenis updated this revision to Diff 52149.Mar 30 2016, 4:32 PM

eugenis retitled this revision from to Faster stack-protector for Android/AArch64..

eugenis updated this object.

eugenis added reviewers: echristo, danalbert.

eugenis set the repository for this revision to rL LLVM.

eugenis added subscribers: llvm-commits, pcc.

Herald added subscribers: srhines, danalbert, tberghammer and 2 others. · View Herald TranscriptMar 30 2016, 4:32 PM

Adding Tim since he's in here as well.

rengolin added a reviewer: zatrazz.Mar 30 2016, 4:56 PM

LGTM, glad that AArch64 has Intrinsic::aarch64_thread_pointer to make your job easier. :)

I'm not the owner of SSP, but I'm recently working on it. Let's wait for others comments for a while, then I'm happy to stamp the patch.

For a bit background: I'm currently working on a cleanup on SSP (D17736), which also involves a similar change to yours. No worries, I will rebase to include your change.

Cool. Would it be better to avoid the use of IRBuilder, and switch the targetlowering hooks to the same signature as in D17736?
Value *..(Module &);

I slightly prefer taking a Module&, since by taking a Module&, getStackCookieLocation doesn't have a chance to insert a concrete instruction to a potentially specified place. That's taking Module& makes the interface narrower. But I don't have strong opinion on this.

Good point. AArch64 implementation actually needs to insert instructions for the intrinsic call. I guess we keep IRBuilder then, or replace it with Instruction *InsertBefore argument.

Friendly ping.

timshen accepted this revision.Apr 5 2016, 3:04 PM

timshen edited edge metadata.

This revision is now accepted and ready to land.Apr 5 2016, 3:04 PM

Thanks for the review.
r265481

timshen mentioned this in D17736: [SSP] Remove llvm.stackprotectorcheck..Apr 8 2016, 1:19 PM

rprichard mentioned this in D53906: [ARM][AArch64] Increase TLS alignment to reserve space for Android's TCB.Oct 31 2018, 7:19 PM

Revision Contents

Path

Size

include/

llvm/

Target/

TargetLowering.h

10 lines

lib/

CodeGen/

StackProtector.cpp

28 lines

Target/

AArch64/

AArch64ISelLowering.h

4 lines

AArch64ISelLowering.cpp

16 lines

X86/

X86ISelLowering.h

8 lines

X86ISelLowering.cpp

13 lines

test/

CodeGen/

AArch64/

stack-protector-target.ll

19 lines

X86/

stack-protector-target.ll

25 lines

Diff 52737

include/llvm/Target/TargetLowering.h

Show First 20 Lines • Show All 1,005 Lines • ▼ Show 20 Lines	unsigned getPrefFunctionAlignment() const {
return PrefFunctionAlignment;		return PrefFunctionAlignment;
}		}

/// Return the preferred loop alignment.		/// Return the preferred loop alignment.
virtual unsigned getPrefLoopAlignment(MachineLoop *ML = nullptr) const {		virtual unsigned getPrefLoopAlignment(MachineLoop *ML = nullptr) const {
return PrefLoopAlignment;		return PrefLoopAlignment;
}		}

/// Return true if the target stores stack protector cookies at a fixed offset		/// If the target has a standard location for the stack protector cookie,
/// in some non-standard address space, and populates the address space and		/// returns the address of that location. Otherwise, returns nullptr.
/// offset as appropriate.		virtual Value *getStackCookieLocation(IRBuilder<> &IRB) const {
virtual bool getStackCookieLocation(unsigned &/AddressSpace/,		return nullptr;
unsigned &/Offset/) const {
return false;
}		}

/// If the target has a standard location for the unsafe stack pointer,		/// If the target has a standard location for the unsafe stack pointer,
/// returns the address of that location. Otherwise, returns nullptr.		/// returns the address of that location. Otherwise, returns nullptr.
virtual Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const;		virtual Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const;

/// Returns true if a cast between SrcAS and DestAS is a noop.		/// Returns true if a cast between SrcAS and DestAS is a noop.
virtual bool isNoopAddrSpaceCast(unsigned SrcAS, unsigned DestAS) const {		virtual bool isNoopAddrSpaceCast(unsigned SrcAS, unsigned DestAS) const {
▲ Show 20 Lines • Show All 1,897 Lines • Show Last 20 Lines

lib/CodeGen/StackProtector.cpp

	Show First 20 Lines • Show All 327 Lines • ▼ Show 20 Lines
	///			///
	/// Returns true if the platform/triple supports the stackprotectorcreate pseudo			/// Returns true if the platform/triple supports the stackprotectorcreate pseudo
	/// node.			/// node.
	static bool CreatePrologue(Function F, Module M, ReturnInst *RI,			static bool CreatePrologue(Function F, Module M, ReturnInst *RI,
	const TargetLoweringBase *TLI, const Triple &TT,			const TargetLoweringBase *TLI, const Triple &TT,
	AllocaInst &AI, Value &StackGuardVar) {			AllocaInst &AI, Value &StackGuardVar) {
	bool SupportsSelectionDAGSP = false;			bool SupportsSelectionDAGSP = false;
	PointerType *PtrTy = Type::getInt8PtrTy(RI->getContext());			PointerType *PtrTy = Type::getInt8PtrTy(RI->getContext());
	unsigned AddressSpace, Offset;			IRBuilder<> B(&F->getEntryBlock().front());
	if (TLI->getStackCookieLocation(AddressSpace, Offset)) {
	Constant *OffsetVal =			StackGuardVar = TLI->getStackCookieLocation(B);
	ConstantInt::get(Type::getInt32Ty(RI->getContext()), Offset);			if (!StackGuardVar) {
				if (TT.isOSOpenBSD()) {
	StackGuardVar =
	ConstantExpr::getIntToPtr(OffsetVal, PointerType::get(PtrTy,
	AddressSpace));
	} else if (TT.isOSOpenBSD()) {
	StackGuardVar = M->getOrInsertGlobal("__guard_local", PtrTy);			StackGuardVar = M->getOrInsertGlobal("__guard_local", PtrTy);
	cast<GlobalValue>(StackGuardVar)			cast<GlobalValue>(StackGuardVar)
	->setVisibility(GlobalValue::HiddenVisibility);			->setVisibility(GlobalValue::HiddenVisibility);
	} else {			} else {
	SupportsSelectionDAGSP = true;			SupportsSelectionDAGSP = true;
	StackGuardVar = M->getOrInsertGlobal("__stack_chk_guard", PtrTy);			StackGuardVar = M->getOrInsertGlobal("__stack_chk_guard", PtrTy);
	}			}
				}

	IRBuilder<> B(&F->getEntryBlock().front());
	AI = B.CreateAlloca(PtrTy, nullptr, "StackGuardSlot");			AI = B.CreateAlloca(PtrTy, nullptr, "StackGuardSlot");
	LoadInst *LI = B.CreateLoad(StackGuardVar, "StackGuard");			LoadInst *LI = B.CreateLoad(StackGuardVar, "StackGuard");
	B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackprotector),			B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackprotector),
	{LI, AI});			{LI, AI});

	return SupportsSelectionDAGSP;			return SupportsSelectionDAGSP;
	}			}

	▲ Show 20 Lines • Show All 132 Lines • Show Last 20 Lines

lib/Target/AArch64/AArch64ISelLowering.h

Show First 20 Lines • Show All 352 Lines • ▼ Show 20 Lines	public:
shouldExpandAtomicRMWInIR(AtomicRMWInst *AI) const override;		shouldExpandAtomicRMWInIR(AtomicRMWInst *AI) const override;

bool shouldExpandAtomicCmpXchgInIR(AtomicCmpXchgInst *AI) const override;		bool shouldExpandAtomicCmpXchgInIR(AtomicCmpXchgInst *AI) const override;

bool useLoadStackGuardNode() const override;		bool useLoadStackGuardNode() const override;
TargetLoweringBase::LegalizeTypeAction		TargetLoweringBase::LegalizeTypeAction
getPreferredVectorAction(EVT VT) const override;		getPreferredVectorAction(EVT VT) const override;

		/// If the target has a standard location for the stack protector cookie,
		/// returns the address of that location. Otherwise, returns nullptr.
		Value *getStackCookieLocation(IRBuilder<> &IRB) const override;

/// If the target has a standard location for the unsafe stack pointer,		/// If the target has a standard location for the unsafe stack pointer,
/// returns the address of that location. Otherwise, returns nullptr.		/// returns the address of that location. Otherwise, returns nullptr.
Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const override;		Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const override;

/// If a physical register, this returns the register that receives the		/// If a physical register, this returns the register that receives the
/// exception address on entry to an EH pad.		/// exception address on entry to an EH pad.
unsigned		unsigned
getExceptionPointerRegister(const Constant *PersonalityFn) const override {		getExceptionPointerRegister(const Constant *PersonalityFn) const override {
▲ Show 20 Lines • Show All 195 Lines • Show Last 20 Lines

lib/Target/AArch64/AArch64ISelLowering.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

Show First 20 Lines • Show All 10,206 Lines • ▼ Show 20 Lines	bool AArch64TargetLowering::functionArgumentNeedsConsecutiveRegisters(
return Ty->isArrayTy();		return Ty->isArrayTy();
}		}

bool AArch64TargetLowering::shouldNormalizeToSelectSequence(LLVMContext &,		bool AArch64TargetLowering::shouldNormalizeToSelectSequence(LLVMContext &,
EVT) const {		EVT) const {
return false;		return false;
}		}

		Value *AArch64TargetLowering::getStackCookieLocation(IRBuilder<> &IRB) const {
		if (!Subtarget->isTargetAndroid())
		return TargetLowering::getStackCookieLocation(IRB);

		// Android provides a fixed TLS slot for the stack cookie. See the definition
		// of TLS_SLOT_STACK_GUARD in
		// https://android.googlesource.com/platform/bionic/+/master/libc/private/bionic_tls.h
		const unsigned TlsOffset = 0x28;
		Module *M = IRB.GetInsertBlock()->getParent()->getParent();
		Function *ThreadPointerFunc =
		Intrinsic::getDeclaration(M, Intrinsic::aarch64_thread_pointer);
		return IRB.CreatePointerCast(
		IRB.CreateConstGEP1_32(IRB.CreateCall(ThreadPointerFunc), TlsOffset),
		Type::getInt8PtrTy(IRB.getContext())->getPointerTo(0));
		}

Value *AArch64TargetLowering::getSafeStackPointerLocation(IRBuilder<> &IRB) const {		Value *AArch64TargetLowering::getSafeStackPointerLocation(IRBuilder<> &IRB) const {
if (!Subtarget->isTargetAndroid())		if (!Subtarget->isTargetAndroid())
return TargetLowering::getSafeStackPointerLocation(IRB);		return TargetLowering::getSafeStackPointerLocation(IRB);

// Android provides a fixed TLS slot for the SafeStack pointer. See the		// Android provides a fixed TLS slot for the SafeStack pointer. See the
// definition of TLS_SLOT_SAFESTACK in		// definition of TLS_SLOT_SAFESTACK in
// https://android.googlesource.com/platform/bionic/+/master/libc/private/bionic_tls.h		// https://android.googlesource.com/platform/bionic/+/master/libc/private/bionic_tls.h
const unsigned TlsOffset = 0x48;		const unsigned TlsOffset = 0x48;
▲ Show 20 Lines • Show All 67 Lines • Show Last 20 Lines

lib/Target/X86/X86ISelLowering.h

Show First 20 Lines • Show All 954 Lines • ▼ Show 20 Lines	public:

virtual bool needsFixedCatchObjects() const override;		virtual bool needsFixedCatchObjects() const override;

/// This method returns a target specific FastISel object,		/// This method returns a target specific FastISel object,
/// or null if the target does not support "fast" ISel.		/// or null if the target does not support "fast" ISel.
FastISel *createFastISel(FunctionLoweringInfo &funcInfo,		FastISel *createFastISel(FunctionLoweringInfo &funcInfo,
const TargetLibraryInfo *libInfo) const override;		const TargetLibraryInfo *libInfo) const override;

/// Return true if the target stores stack protector cookies at a fixed		/// If the target has a standard location for the stack protector cookie,
/// offset in some non-standard address space, and populates the address		/// returns the address of that location. Otherwise, returns nullptr.
/// space and offset as appropriate.		Value *getStackCookieLocation(IRBuilder<> &IRB) const override;
bool getStackCookieLocation(unsigned &AddressSpace,
unsigned &Offset) const override;

/// Return true if the target stores SafeStack pointer at a fixed offset in		/// Return true if the target stores SafeStack pointer at a fixed offset in
/// some non-standard address space, and populates the address space and		/// some non-standard address space, and populates the address space and
/// offset as appropriate.		/// offset as appropriate.
Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const override;		Value *getSafeStackPointerLocation(IRBuilder<> &IRB) const override;

SDValue BuildFILD(SDValue Op, EVT SrcVT, SDValue Chain, SDValue StackSlot,		SDValue BuildFILD(SDValue Op, EVT SrcVT, SDValue Chain, SDValue StackSlot,
SelectionDAG &DAG) const;		SelectionDAG &DAG) const;
▲ Show 20 Lines • Show All 247 Lines • Show Last 20 Lines

lib/Target/X86/X86ISelLowering.cpp

This file is larger than 256 KB, so syntax highlighting is disabled by default.

	Show First 20 Lines • Show All 2,187 Lines • ▼ Show 20 Lines
	}			}

	unsigned X86TargetLowering::getAddressSpace() const {			unsigned X86TargetLowering::getAddressSpace() const {
	if (Subtarget.is64Bit())			if (Subtarget.is64Bit())
	return (getTargetMachine().getCodeModel() == CodeModel::Kernel) ? 256 : 257;			return (getTargetMachine().getCodeModel() == CodeModel::Kernel) ? 256 : 257;
	return 256;			return 256;
	}			}

	bool X86TargetLowering::getStackCookieLocation(unsigned &AddressSpace,			Value *X86TargetLowering::getStackCookieLocation(IRBuilder<> &IRB) const {
	unsigned &Offset) const {
	if (!Subtarget.isTargetLinux())			if (!Subtarget.isTargetLinux())
	return false;			return TargetLowering::getStackCookieLocation(IRB);

	// %fs:0x28, unless we're using a Kernel code model, in which case it's %gs:			// %fs:0x28, unless we're using a Kernel code model, in which case it's %gs:
	// %gs:0x14 on i386			// %gs:0x14 on i386
	Offset = (Subtarget.is64Bit()) ? 0x28 : 0x14;			unsigned Offset = (Subtarget.is64Bit()) ? 0x28 : 0x14;
	AddressSpace = getAddressSpace();			unsigned AddressSpace = getAddressSpace();
	return true;			return ConstantExpr::getIntToPtr(
				ConstantInt::get(Type::getInt32Ty(IRB.getContext()), Offset),
				Type::getInt8PtrTy(IRB.getContext())->getPointerTo(AddressSpace));
	}			}

	Value *X86TargetLowering::getSafeStackPointerLocation(IRBuilder<> &IRB) const {			Value *X86TargetLowering::getSafeStackPointerLocation(IRBuilder<> &IRB) const {
	if (!Subtarget.isTargetAndroid())			if (!Subtarget.isTargetAndroid())
	return TargetLowering::getSafeStackPointerLocation(IRB);			return TargetLowering::getSafeStackPointerLocation(IRB);

	// Android provides a fixed TLS slot for the SafeStack pointer. See the			// Android provides a fixed TLS slot for the SafeStack pointer. See the
	// definition of TLS_SLOT_SAFESTACK in			// definition of TLS_SLOT_SAFESTACK in
	▲ Show 20 Lines • Show All 28,342 Lines • Show Last 20 Lines

test/CodeGen/AArch64/stack-protector-target.ll

This file was added.

				; Test target-specific stack cookie location.
				; RUN: llc -mtriple=aarch64-linux-android < %s -o - \| FileCheck --check-prefix=ANDROID-AARCH64 %s

				define void @_Z1fv() sspreq {
				entry:
				%x = alloca i32, align 4
				%0 = bitcast i32* %x to i8*
				call void @_Z7CapturePi(i32* nonnull %x)
				ret void
				}

				declare void @_Z7CapturePi(i32*)

				; ANDROID-AARCH64: mrs [[A:.*]], TPIDR_EL0
				; ANDROID-AARCH64: ldr [[B:.*]], {{\[}}[[A]], #40]
				; ANDROID-AARCH64: str [[B]], [sp,
				; ANDROID-AARCH64: ldr [[C:.*]], {{\[}}[[A]], #40]
				; ANDROID-AARCH64: ldr [[D:.*]], [sp,
				; ANDROID-AARCH64: cmp [[C]], [[D]]

test/CodeGen/X86/stack-protector-target.ll

This file was added.

				; Test target-specific stack cookie location.
				; RUN: llc -mtriple=i386-linux < %s -o - \| FileCheck --check-prefix=LINUX-I386 %s
				; RUN: llc -mtriple=x86_64-linux < %s -o - \| FileCheck --check-prefix=LINUX-X64 %s
				; RUN: llc -mtriple=i386-linux-android < %s -o - \| FileCheck --check-prefix=LINUX-I386 %s
				; RUN: llc -mtriple=x86_64-linux-android < %s -o - \| FileCheck --check-prefix=LINUX-X64 %s

				define void @_Z1fv() sspreq {
				entry:
				%x = alloca i32, align 4
				%0 = bitcast i32* %x to i8*
				call void @_Z7CapturePi(i32* nonnull %x)
				ret void
				}

				declare void @_Z7CapturePi(i32*)

				; LINUX-X64: movq %fs:40, %[[B:.*]]
				; LINUX-X64: movq %[[B]], 16(%rsp)
				; LINUX-X64: movq %fs:40, %[[C:.*]]
				; LINUX-X64: cmpq 16(%rsp), %[[C]]

				; LINUX-I386: movl %gs:20, %[[B:.*]]
				; LINUX-I386: movl %[[B]], 8(%esp)
				; LINUX-I386: movl %gs:20, %[[C:.*]]
				; LINUX-I386: cmpl 8(%esp), %[[C]]