This is an archive of the discontinued LLVM Phabricator instance.

Differential D27499

CFI-icall on Thumb
ClosedPublic

Authored by eugenis on Dec 6 2016, 6:37 PM.

Details

Reviewers
pcc
Commits
rG0c8957c19834: CFI-icall on Thumb
rL289008: CFI-icall on Thumb
Summary

Replace @progbits in the section directive with %progbits, because "@" starts a comment on arm/thumb.
Use b.w branch instruction.
Use .thumb_function and .thumb_set for proper arm/thumb interwork. This way jumptable entry addresses on thumb have bit 0 set (correctly). This does not affect CFI check math, because the address of the jumptable start also has that bit set.

This does not work on thumbv5, because it does not support b.w, and the linker would not insert a veneer (trampoline?) to extend the range of b.n. We may need to do full-range plt-style jumptables on thumbv54, which are 12 bytes per entry. Another option is "push lr; bl; pop pc" (4 bytes) but that needs unwinding instructions, etc.

Diff Detail

Repository
rL LLVM

Event Timeline

eugenis updated this revision to Diff 80528.Dec 6 2016, 6:37 PM
eugenis retitled this revision from to CFI-icall on Thumb.
eugenis updated this object.
eugenis added a reviewer: pcc.
eugenis set the repository for this revision to rL LLVM.
eugenis added a subscriber: llvm-commits.
Herald added subscribers: rengolin, aemerson. · View Herald TranscriptDec 6 2016, 6:37 PM
rengolin added inline comments.Dec 7 2016, 3:03 AM
test/Transforms/LowerTypeTests/function.ll
2 ↗(On Diff #80528)

Native?

eugenis added inline comments.Dec 7 2016, 12:58 PM
test/Transforms/LowerTypeTests/function.ll
2 ↗(On Diff #80528)

as opposed to WASM, which is kind of bitcode.
We use the same terminology in LowerTypeTests.cpp.
Naming is hard. :)

rengolin added inline comments.Dec 7 2016, 1:39 PM
test/Transforms/LowerTypeTests/function.ll
2 ↗(On Diff #80528)

Right! :)

pcc added inline comments.Dec 7 2016, 2:08 PM
lib/Transforms/IPO/LowerTypeTests.cpp
654 ↗(On Diff #80528)

I suspect that we will want to land here for thumbv5, at least until/unless we have an implementation of jump tables for that architecture.

test/Transforms/LowerTypeTests/function.ll
86 ↗(On Diff #80528)

ARM: here?

eugenis added inline comments.Dec 7 2016, 3:41 PM
lib/Transforms/IPO/LowerTypeTests.cpp
654 ↗(On Diff #80528)

How do I detect thumb2 (that's what this code actually depends on)?
I don't see a way to access TargetMachine from here, and the triple alone is not enough (e.g. -mcpu=cortex-a8 enables thumb2).

eugenis updated this revision to Diff 80679.Dec 7 2016, 3:50 PM
eugenis marked an inline comment as done.
pcc accepted this revision.Dec 7 2016, 4:25 PM
pcc edited edge metadata.

LGTM

lib/Transforms/IPO/LowerTypeTests.cpp
654 ↗(On Diff #80528)

It does appear to be complicated.

Basically it looks like we will want to look up the "target-cpu" function attribute on each function in the jump table, and make sure that each target-cpu inherits the "thumb2" target feature. The backend implements some of that, but it isn't being exposed to the midend.

For the moment I think we will have to rely on the assembler rejecting the "b.w" instruction on thumb1 targets.

This revision is now accepted and ready to land.Dec 7 2016, 4:25 PM
Closed by commit rL289008: CFI-icall on Thumb (authored by eugenis). · Explain WhyDec 7 2016, 4:42 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
Transforms/
IPO/
18 lines
test/
Transforms/
LowerTypeTests/
44 lines

Diff 80689

llvm/trunk/lib/Transforms/IPO/LowerTypeTests.cpp

Show First 20 LinesShow All 677 Lines▼ Show 20 Lines
static const unsigned kARMJumpTableEntrySize = 4; static const unsigned kARMJumpTableEntrySize = 4;
unsigned LowerTypeTestsModule::getJumpTableEntrySize() { unsigned LowerTypeTestsModule::getJumpTableEntrySize() {
switch (Arch) { switch (Arch) {
case Triple::x86: case Triple::x86:
case Triple::x86_64: case Triple::x86_64:
return kX86JumpTableEntrySize; return kX86JumpTableEntrySize;
case Triple::arm: case Triple::arm:
case Triple::thumb:
case Triple::aarch64: case Triple::aarch64:
return kARMJumpTableEntrySize; return kARMJumpTableEntrySize;
default: default:
report_fatal_error("Unsupported architecture for jump tables"); report_fatal_error("Unsupported architecture for jump tables");
} }
} }
static bool isValidAsmUnquotedName(StringRef Name) { static bool isValidAsmUnquotedName(StringRef Name) {
Show All 31 Lines report_fatal_error(
"CFI-ICall does not allow special characters in a function name."); "CFI-ICall does not allow special characters in a function name.");
} }
if (Arch == Triple::x86 || Arch == Triple::x86_64) { if (Arch == Triple::x86 || Arch == Triple::x86_64) {
OS << "jmp " << Name << "@plt\n"; OS << "jmp " << Name << "@plt\n";
OS << "int3\nint3\nint3\n"; OS << "int3\nint3\nint3\n";
} else if (Arch == Triple::arm || Arch == Triple::aarch64) { } else if (Arch == Triple::arm || Arch == Triple::aarch64) {
OS << "b " << Name << "\n"; OS << "b " << Name << "\n";
} else if (Arch == Triple::thumb) {
OS << "b.w " << Name << "\n";
} else { } else {
report_fatal_error("Unsupported architecture for jump tables"); report_fatal_error("Unsupported architecture for jump tables");
} }
} }
void LowerTypeTestsModule::createJumpTableAlias(raw_ostream &OS, Function *Dest, void LowerTypeTestsModule::createJumpTableAlias(raw_ostream &OS, Function *Dest,
GlobalVariable *JumpTable, GlobalVariable *JumpTable,
unsigned Distance) { unsigned Distance) {
assert(Dest->hasName() && "jumptable targets can not be anonymous"); assert(Dest->hasName() && "jumptable targets can not be anonymous");
SmallString<16> Name; SmallString<16> Name;
Mang.getNameWithPrefix(Name, Dest, /* CannotUsePrivateLabel */ false); Mang.getNameWithPrefix(Name, Dest, /* CannotUsePrivateLabel */ false);
if (!isValidAsmUnquotedName(Name)) { if (!isValidAsmUnquotedName(Name)) {
// We are going to emit a function alias as textual asm. Escaped strings // We are going to emit a function alias as textual asm. Escaped strings
// in such expressions are not well supported. // in such expressions are not well supported.
report_fatal_error( report_fatal_error(
"CFI-ICall does not allow special characters in a function name."); "CFI-ICall does not allow special characters in a function name.");
} }
if (Dest->isWeakForLinker()) if (Dest->isWeakForLinker())
OS << ".weak " << Name << "\n"; OS << ".weak " << Name << "\n";
else if (!Dest->hasLocalLinkage()) else if (!Dest->hasLocalLinkage())
OS << ".globl " << Name << "\n"; OS << ".globl " << Name << "\n";
OS << ".type " << Name << ", function\n"; OS << ".type " << Name << ", function\n";
if (Arch == Triple::thumb) {
OS << ".thumb_set " << Name << ", " << JumpTable->getName() << " + "
<< (getJumpTableEntrySize() * Distance) << "\n";
} else {
OS << Name << " = " << JumpTable->getName() << " + " OS << Name << " = " << JumpTable->getName() << " + "
<< (getJumpTableEntrySize() * Distance) << "\n"; << (getJumpTableEntrySize() * Distance) << "\n";
}
OS << ".size " << Name << ", " << getJumpTableEntrySize() << "\n"; OS << ".size " << Name << ", " << getJumpTableEntrySize() << "\n";
} }
Type *LowerTypeTestsModule::getJumpTableEntryType() { Type *LowerTypeTestsModule::getJumpTableEntryType() {
return ArrayType::get(Int8Ty, getJumpTableEntrySize()); return ArrayType::get(Int8Ty, getJumpTableEntrySize());
} }
/// Given a disjoint set of type identifiers and functions, build the bit sets /// Given a disjoint set of type identifiers and functions, build the bit sets
/// and lower the llvm.type.test calls, architecture dependently. /// and lower the llvm.type.test calls, architecture dependently.
void LowerTypeTestsModule::buildBitSetsFromFunctions( void LowerTypeTestsModule::buildBitSetsFromFunctions(
ArrayRef<Metadata *> TypeIds, ArrayRef<GlobalTypeMember *> Functions) { ArrayRef<Metadata *> TypeIds, ArrayRef<GlobalTypeMember *> Functions) {
if (Arch == Triple::x86 || Arch == Triple::x86_64 || Arch == Triple::arm || if (Arch == Triple::x86 || Arch == Triple::x86_64 || Arch == Triple::arm ||
Arch == Triple::aarch64) Arch == Triple::thumb || Arch == Triple::aarch64)
buildBitSetsFromFunctionsNative(TypeIds, Functions); buildBitSetsFromFunctionsNative(TypeIds, Functions);
else if (Arch == Triple::wasm32 || Arch == Triple::wasm64) else if (Arch == Triple::wasm32 || Arch == Triple::wasm64)
buildBitSetsFromFunctionsWASM(TypeIds, Functions); buildBitSetsFromFunctionsWASM(TypeIds, Functions);
else else
report_fatal_error("Unsupported architecture for jump tables"); report_fatal_error("Unsupported architecture for jump tables");
} }
void LowerTypeTestsModule::moveInitializerToModuleConstructor( void LowerTypeTestsModule::moveInitializerToModuleConstructor(
▲ Show 20 LinesShow All 205 Lines▼ Show 20 Lines if (!F->isDeclarationForLinker())
F->setLinkage(GlobalValue::InternalLinkage); F->setLinkage(GlobalValue::InternalLinkage);
} }
// Try to emit the jump table at the end of the text segment. // Try to emit the jump table at the end of the text segment.
// Jump table must come after __cfi_check in the cross-dso mode. // Jump table must come after __cfi_check in the cross-dso mode.
// FIXME: this magic section name seems to do the trick. // FIXME: this magic section name seems to do the trick.
AsmOS << ".section " << (ObjectFormat == Triple::MachO AsmOS << ".section " << (ObjectFormat == Triple::MachO
? "__TEXT,__text,regular,pure_instructions" ? "__TEXT,__text,regular,pure_instructions"
: ".text.cfi, \"ax\", @progbits") : ".text.cfi, \"ax\", %progbits")
<< "\n"; << "\n";
// Align the whole table by entry size. // Align the whole table by entry size.
AsmOS << ".balign " << EntrySize << "\n"; AsmOS << ".balign " << EntrySize << "\n";
if (Arch == Triple::thumb)
AsmOS << ".thumb_func\n";
AsmOS << JumpTable->getName() << ":\n"; AsmOS << JumpTable->getName() << ":\n";
for (unsigned I = 0; I != Functions.size(); ++I) for (unsigned I = 0; I != Functions.size(); ++I)
createJumpTableEntry(AsmOS, cast<Function>(Functions[I]->getGlobal()), I); createJumpTableEntry(AsmOS, cast<Function>(Functions[I]->getGlobal()), I);
M.appendModuleInlineAsm(AsmOS.str()); M.appendModuleInlineAsm(AsmOS.str());
SmallVector<GlobalValue *, 16> Used; SmallVector<GlobalValue *, 16> Used;
Used.reserve(Functions.size()); Used.reserve(Functions.size());
▲ Show 20 LinesShow All 252 LinesShow Last 20 Lines

llvm/trunk/test/Transforms/LowerTypeTests/function.ll

; RUN: opt -S -lowertypetests -mtriple=i686-unknown-linux-gnu < %s | FileCheck --check-prefix=X86 %s ; RUN: opt -S -lowertypetests -mtriple=i686-unknown-linux-gnu < %s | FileCheck --check-prefixes=X86,NATIVE %s
; RUN: opt -S -lowertypetests -mtriple=x86_64-unknown-linux-gnu < %s | FileCheck --check-prefix=X86 %s ; RUN: opt -S -lowertypetests -mtriple=x86_64-unknown-linux-gnu < %s | FileCheck --check-prefixes=X86,NATIVE %s
; RUN: opt -S -lowertypetests -mtriple=arm-unknown-linux-gnu < %s | FileCheck --check-prefix=ARM %s ; RUN: opt -S -lowertypetests -mtriple=arm-unknown-linux-gnu < %s | FileCheck --check-prefixes=ARM,NATIVE %s
; RUN: opt -S -lowertypetests -mtriple=aarch64-unknown-linux-gnu < %s | FileCheck --check-prefix=ARM %s ; RUN: opt -S -lowertypetests -mtriple=thumb-unknown-linux-gnu < %s | FileCheck --check-prefixes=THUMB,NATIVE %s
; RUN: opt -S -lowertypetests -mtriple=aarch64-unknown-linux-gnu < %s | FileCheck --check-prefixes=ARM,NATIVE %s
; RUN: opt -S -lowertypetests -mtriple=wasm32-unknown-unknown < %s | FileCheck --check-prefix=WASM32 %s ; RUN: opt -S -lowertypetests -mtriple=wasm32-unknown-unknown < %s | FileCheck --check-prefix=WASM32 %s
; Tests that we correctly handle bitsets containing 2 or more functions. ; Tests that we correctly handle bitsets containing 2 or more functions.
target datalayout = "e-p:64:64" target datalayout = "e-p:64:64"
; X86: module asm ".globl f" ; X86: module asm ".globl f"
; X86-NEXT: module asm ".type f, function" ; X86-NEXT: module asm ".type f, function"
; X86-NEXT: module asm "f = .cfi.jumptable + 0" ; X86-NEXT: module asm "f = .cfi.jumptable + 0"
; X86-NEXT: module asm ".size f, 8" ; X86-NEXT: module asm ".size f, 8"
; X86-NEXT: module asm ".type g, function" ; X86-NEXT: module asm ".type g, function"
; X86-NEXT: module asm "g = .cfi.jumptable + 8" ; X86-NEXT: module asm "g = .cfi.jumptable + 8"
; X86-NEXT: module asm ".size g, 8" ; X86-NEXT: module asm ".size g, 8"
; X86-NEXT: module asm ".section .text.cfi, \22ax\22, @progbits" ; X86-NEXT: module asm ".section .text.cfi, \22ax\22, %progbits"
; X86-NEXT: module asm ".balign 8" ; X86-NEXT: module asm ".balign 8"
; X86-NEXT: module asm ".cfi.jumptable:" ; X86-NEXT: module asm ".cfi.jumptable:"
; X86-NEXT: module asm "jmp f.cfi@plt" ; X86-NEXT: module asm "jmp f.cfi@plt"
; X86-NEXT: module asm "int3" ; X86-NEXT: module asm "int3"
; X86-NEXT: module asm "int3" ; X86-NEXT: module asm "int3"
; X86-NEXT: module asm "int3" ; X86-NEXT: module asm "int3"
; X86-NEXT: module asm "jmp g.cfi@plt" ; X86-NEXT: module asm "jmp g.cfi@plt"
; X86-NEXT: module asm "int3" ; X86-NEXT: module asm "int3"
; X86-NEXT: module asm "int3" ; X86-NEXT: module asm "int3"
; X86-NEXT: module asm "int3" ; X86-NEXT: module asm "int3"
; ARM: module asm ".globl f" ; ARM: module asm ".globl f"
; ARM-NEXT: module asm ".type f, function" ; ARM-NEXT: module asm ".type f, function"
; ARM-NEXT: module asm "f = .cfi.jumptable + 0" ; ARM-NEXT: module asm "f = .cfi.jumptable + 0"
; ARM-NEXT: module asm ".size f, 4" ; ARM-NEXT: module asm ".size f, 4"
; ARM-NEXT: module asm ".type g, function" ; ARM-NEXT: module asm ".type g, function"
; ARM-NEXT: module asm "g = .cfi.jumptable + 4" ; ARM-NEXT: module asm "g = .cfi.jumptable + 4"
; ARM-NEXT: module asm ".size g, 4" ; ARM-NEXT: module asm ".size g, 4"
; ARM-NEXT: module asm ".section .text.cfi, \22ax\22, @progbits" ; ARM-NEXT: module asm ".section .text.cfi, \22ax\22, %progbits"
; ARM-NEXT: module asm ".balign 4" ; ARM-NEXT: module asm ".balign 4"
; ARM-NEXT: module asm ".cfi.jumptable:" ; ARM-NEXT: module asm ".cfi.jumptable:"
; ARM-NEXT: module asm "b f.cfi" ; ARM-NEXT: module asm "b f.cfi"
; ARM-NEXT: module asm "b g.cfi" ; ARM-NEXT: module asm "b g.cfi"
; THUMB: module asm ".globl f"
; THUMB-NEXT: module asm ".type f, function"
; THUMB-NEXT: module asm ".thumb_set f, .cfi.jumptable + 0"
; THUMB-NEXT: module asm ".size f, 4"
; THUMB-NEXT: module asm ".type g, function"
; THUMB-NEXT: module asm ".thumb_set g, .cfi.jumptable + 4"
; THUMB-NEXT: module asm ".size g, 4"
; THUMB-NEXT: module asm ".section .text.cfi, \22ax\22, %progbits"
; THUMB-NEXT: module asm ".balign 4"
; THUMB-NEXT: module asm ".thumb_func"
; THUMB-NEXT: module asm ".cfi.jumptable:"
; THUMB-NEXT: module asm "b.w f.cfi"
; THUMB-NEXT: module asm "b.w g.cfi"
; X86: @.cfi.jumptable = external hidden constant [2 x [8 x i8]] ; X86: @.cfi.jumptable = external hidden constant [2 x [8 x i8]]
; ARM: @.cfi.jumptable = external hidden constant [2 x [4 x i8]] ; ARM: @.cfi.jumptable = external hidden constant [2 x [4 x i8]]
; THUMB: @.cfi.jumptable = external hidden constant [2 x [4 x i8]]
; WASM32: private constant [0 x i8] zeroinitializer ; WASM32: private constant [0 x i8] zeroinitializer
@0 = private unnamed_addr constant [2 x void (...)*] [void (...)* bitcast (void ()* @f to void (...)*), void (...)* bitcast (void ()* @g to void (...)*)], align 16 @0 = private unnamed_addr constant [2 x void (...)*] [void (...)* bitcast (void ()* @f to void (...)*), void (...)* bitcast (void ()* @g to void (...)*)], align 16
; X86: @llvm.used = appending global [2 x i8*] [i8* bitcast (void ()* @f.cfi to i8*), i8* bitcast (void ()* @g.cfi to i8*)], section "llvm.metadata" ; NATIVE: @llvm.used = appending global [2 x i8*] [i8* bitcast (void ()* @f.cfi to i8*), i8* bitcast (void ()* @g.cfi to i8*)], section "llvm.metadata"
; ARM: @llvm.used = appending global [2 x i8*] [i8* bitcast (void ()* @f.cfi to i8*), i8* bitcast (void ()* @g.cfi to i8*)], section "llvm.metadata"
; X86: define internal void @f.cfi() ; NATIVE: define internal void @f.cfi()
; ARM: define internal void @f.cfi()
; WASM32: define void @f() !type !{{[0-9]+}} !wasm.index ![[I0:[0-9]+]] ; WASM32: define void @f() !type !{{[0-9]+}} !wasm.index ![[I0:[0-9]+]]
define void @f() !type !0 { define void @f() !type !0 {
ret void ret void
} }
; X86: define internal void @g.cfi() ; NATIVE: define internal void @g.cfi()
; ARM: define internal void @g.cfi()
; WASM32: define internal void @g() !type !{{[0-9]+}} !wasm.index ![[I1:[0-9]+]] ; WASM32: define internal void @g() !type !{{[0-9]+}} !wasm.index ![[I1:[0-9]+]]
define internal void @g() !type !0 { define internal void @g() !type !0 {
ret void ret void
} }
!0 = !{i32 0, !"typeid1"} !0 = !{i32 0, !"typeid1"}
declare i1 @llvm.type.test(i8* %ptr, metadata %bitset) nounwind readnone declare i1 @llvm.type.test(i8* %ptr, metadata %bitset) nounwind readnone
define i1 @foo(i8* %p) { define i1 @foo(i8* %p) {
; X86: sub i64 {{.*}}, ptrtoint ([2 x [8 x i8]]* @.cfi.jumptable to i64) ; X86: sub i64 {{.*}}, ptrtoint ([2 x [8 x i8]]* @.cfi.jumptable to i64)
; ARM: sub i64 {{.*}}, ptrtoint ([2 x [4 x i8]]* @.cfi.jumptable to i64) ; ARM: sub i64 {{.*}}, ptrtoint ([2 x [4 x i8]]* @.cfi.jumptable to i64)
; WASM32: sub i64 {{.*}}, 1 ; WASM32: sub i64 {{.*}}, 1
; WASM32: icmp ult i64 {{.*}}, 2 ; WASM32: icmp ult i64 {{.*}}, 2
%x = call i1 @llvm.type.test(i8* %p, metadata !"typeid1") %x = call i1 @llvm.type.test(i8* %p, metadata !"typeid1")
ret i1 %x ret i1 %x
} }
; X86: declare void @f() ; NATIVE: declare void @f()
; ARM: declare void @f() ; NATIVE: declare hidden void @g()
; X86: declare hidden void @g()
; ARM: declare hidden void @g()
; WASM32: ![[I0]] = !{i64 1} ; WASM32: ![[I0]] = !{i64 1}
; WASM32: ![[I1]] = !{i64 2} ; WASM32: ![[I1]] = !{i64 2}