This is an archive of the discontinued LLVM Phabricator instance.

Differential D37405

[safestack] Experimental mode where stack pointer is accessed with a function call.
ClosedPublic

Authored by eugenis on Sep 1 2017, 4:26 PM.

Details

Reviewers
pcc
Commits
rGd5a6fdbe9594: [safestack] Inline safestack pointer access when possible.
rL323259: [safestack] Inline safestack pointer access when possible.
Summary

This adds an -mllvm flag that forces the use of a runtime function call to
get the unsafe stack pointer, the same that is currently used on non-x86, non-aarch64 android.

Diff Detail

Repository
rL LLVM

Event Timeline

eugenis created this revision.Sep 1 2017, 4:26 PM
Herald added subscribers: hiraditya, kristof.beyls, aemerson. · View Herald TranscriptSep 1 2017, 4:26 PM
Harbormaster completed remote builds in B9856: Diff 113623.Sep 1 2017, 4:27 PM
eugenis added a comment.Sep 1 2017, 4:29 PM

The function should really have coldcc or preserve_allcc but those are either not implemented (i.e. crash the compiler) or just not do anything useful on arm and aarch64.
As is, generated code is atrocious.

eugenis updated this revision to Diff 125397.Dec 4 2017, 12:01 PM

Attempt to use a custom calling convention for the safestack pointer accessor function.

Not ready for review.

Herald added a subscriber: mgorny. · View Herald TranscriptDec 4 2017, 12:01 PM
eugenis updated this revision to Diff 130036.Jan 16 2018, 2:44 PM

An attempt to inline the safestack accessor function.

To use, add -mllvm -safestack-pointer-address-inline=1.
Function must be called safestack_pointer_address_inline.
"attribute__((used)) static" is recommended so the function is not discarded early.

Harbormaster completed remote builds in B13881: Diff 130036.Jan 16 2018, 2:44 PM
eugenis updated this revision to Diff 130980.Jan 22 2018, 3:51 PM

Remove -customcc code. Added inlining logic.

Please review.

Herald added a subscriber: eraman. · View Herald TranscriptJan 22 2018, 3:51 PM
eugenis updated this revision to Diff 130982.Jan 22 2018, 4:12 PM

removed one flag, fixed a condition, improved the test

Harbormaster completed remote builds in B14113: Diff 130982.Jan 22 2018, 4:14 PM
eugenis updated this revision to Diff 131135.Jan 23 2018, 1:10 PM

fix one test

Harbormaster completed remote builds in B14157: Diff 131135.Jan 23 2018, 1:11 PM
pcc accepted this revision.Jan 23 2018, 1:21 PM

LGTM

This revision is now accepted and ready to land.Jan 23 2018, 1:21 PM
Closed by commit rL323259: [safestack] Inline safestack pointer access when possible. (authored by eugenis). · Explain WhyJan 23 2018, 1:28 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
llvm/
trunk/
lib/
CodeGen/
51 lines
test/
CodeGen/
X86/
8 lines
30 lines

Diff 131139

llvm/trunk/lib/CodeGen/SafeStack.cpp

Show All 18 Lines
#include "SafeStackLayout.h" #include "SafeStackLayout.h"
#include "llvm/ADT/APInt.h" #include "llvm/ADT/APInt.h"
#include "llvm/ADT/ArrayRef.h" #include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallPtrSet.h" #include "llvm/ADT/SmallPtrSet.h"
#include "llvm/ADT/SmallVector.h" #include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/Statistic.h" #include "llvm/ADT/Statistic.h"
#include "llvm/Analysis/AssumptionCache.h" #include "llvm/Analysis/AssumptionCache.h"
#include "llvm/Analysis/BranchProbabilityInfo.h" #include "llvm/Analysis/BranchProbabilityInfo.h"
#include "llvm/Analysis/InlineCost.h"
#include "llvm/Analysis/LoopInfo.h" #include "llvm/Analysis/LoopInfo.h"
#include "llvm/Analysis/ScalarEvolution.h" #include "llvm/Analysis/ScalarEvolution.h"
#include "llvm/Analysis/ScalarEvolutionExpressions.h" #include "llvm/Analysis/ScalarEvolutionExpressions.h"
#include "llvm/Analysis/TargetLibraryInfo.h" #include "llvm/Analysis/TargetLibraryInfo.h"
#include "llvm/CodeGen/TargetLowering.h" #include "llvm/CodeGen/TargetLowering.h"
#include "llvm/CodeGen/TargetPassConfig.h" #include "llvm/CodeGen/TargetPassConfig.h"
#include "llvm/CodeGen/TargetSubtargetInfo.h" #include "llvm/CodeGen/TargetSubtargetInfo.h"
#include "llvm/IR/Argument.h" #include "llvm/IR/Argument.h"
Show All 21 Lines
#include "llvm/Pass.h" #include "llvm/Pass.h"
#include "llvm/Support/Casting.h" #include "llvm/Support/Casting.h"
#include "llvm/Support/Debug.h" #include "llvm/Support/Debug.h"
#include "llvm/Support/ErrorHandling.h" #include "llvm/Support/ErrorHandling.h"
#include "llvm/Support/MathExtras.h" #include "llvm/Support/MathExtras.h"
#include "llvm/Support/raw_ostream.h" #include "llvm/Support/raw_ostream.h"
#include "llvm/Target/TargetMachine.h" #include "llvm/Target/TargetMachine.h"
#include "llvm/Transforms/Utils/BasicBlockUtils.h" #include "llvm/Transforms/Utils/BasicBlockUtils.h"
#include "llvm/Transforms/Utils/Cloning.h"
#include "llvm/Transforms/Utils/Local.h" #include "llvm/Transforms/Utils/Local.h"
#include <algorithm> #include <algorithm>
#include <cassert> #include <cassert>
#include <cstdint> #include <cstdint>
#include <string> #include <string>
#include <utility> #include <utility>
using namespace llvm; using namespace llvm;
Show All 11 Lines
STATISTIC(NumAllocas, "Total number of allocas"); STATISTIC(NumAllocas, "Total number of allocas");
STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas"); STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas");
STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas"); STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas");
STATISTIC(NumUnsafeByValArguments, "Number of unsafe byval arguments"); STATISTIC(NumUnsafeByValArguments, "Number of unsafe byval arguments");
STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads"); STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads");
} // namespace llvm } // namespace llvm
/// Use __safestack_pointer_address even if the platform has a faster way of
/// access safe stack pointer.
static cl::opt<bool>
SafeStackUsePointerAddress("safestack-use-pointer-address",
cl::init(false), cl::Hidden);
namespace { namespace {
/// Rewrite an SCEV expression for a memory access address to an expression that /// Rewrite an SCEV expression for a memory access address to an expression that
/// represents offset from the given alloca. /// represents offset from the given alloca.
/// ///
/// The implementation simply replaces all mentions of the alloca with zero. /// The implementation simply replaces all mentions of the alloca with zero.
class AllocaOffsetRewriter : public SCEVRewriteVisitor<AllocaOffsetRewriter> { class AllocaOffsetRewriter : public SCEVRewriteVisitor<AllocaOffsetRewriter> {
const Value *AllocaPtr; const Value *AllocaPtr;
▲ Show 20 LinesShow All 87 Lines▼ Show 20 Linesclass SafeStack {
bool IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize); bool IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize);
bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U, bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
const Value *AllocaPtr, uint64_t AllocaSize); const Value *AllocaPtr, uint64_t AllocaSize);
bool IsAccessSafe(Value *Addr, uint64_t Size, const Value *AllocaPtr, bool IsAccessSafe(Value *Addr, uint64_t Size, const Value *AllocaPtr,
uint64_t AllocaSize); uint64_t AllocaSize);
bool ShouldInlinePointerAddress(CallSite &CS);
void TryInlinePointerAddress();
public: public:
SafeStack(Function &F, const TargetLoweringBase &TL, const DataLayout &DL, SafeStack(Function &F, const TargetLoweringBase &TL, const DataLayout &DL,
ScalarEvolution &SE) ScalarEvolution &SE)
: F(F), TL(TL), DL(DL), SE(SE), : F(F), TL(TL), DL(DL), SE(SE),
StackPtrTy(Type::getInt8PtrTy(F.getContext())), StackPtrTy(Type::getInt8PtrTy(F.getContext())),
IntPtrTy(DL.getIntPtrType(F.getContext())), IntPtrTy(DL.getIntPtrType(F.getContext())),
Int32Ty(Type::getInt32Ty(F.getContext())), Int32Ty(Type::getInt32Ty(F.getContext())),
Int8Ty(Type::getInt8Ty(F.getContext())) {} Int8Ty(Type::getInt8Ty(F.getContext())) {}
▲ Show 20 LinesShow All 488 Lines▼ Show 20 Lines for (inst_iterator It = inst_begin(&F), Ie = inst_end(&F); It != Ie;) {
SI->takeName(II); SI->takeName(II);
assert(II->use_empty()); assert(II->use_empty());
II->eraseFromParent(); II->eraseFromParent();
} }
} }
} }
} }
bool SafeStack::ShouldInlinePointerAddress(CallSite &CS) {
Function *Callee = CS.getCalledFunction();
if (CS.hasFnAttr(Attribute::AlwaysInline) && isInlineViable(*Callee))
return true;
if (Callee->isInterposable() || Callee->hasFnAttribute(Attribute::NoInline) ||
CS.isNoInline())
return false;
return true;
}
void SafeStack::TryInlinePointerAddress() {
if (!isa<CallInst>(UnsafeStackPtr))
return;
if(F.hasFnAttribute(Attribute::OptimizeNone))
return;
CallSite CS(UnsafeStackPtr);
Function *Callee = CS.getCalledFunction();
if (!Callee || Callee->isDeclaration())
return;
if (!ShouldInlinePointerAddress(CS))
return;
InlineFunctionInfo IFI;
InlineFunction(CS, IFI);
}
bool SafeStack::run() { bool SafeStack::run() {
assert(F.hasFnAttribute(Attribute::SafeStack) && assert(F.hasFnAttribute(Attribute::SafeStack) &&
"Can't run SafeStack on a function without the attribute"); "Can't run SafeStack on a function without the attribute");
assert(!F.isDeclaration() && "Can't run SafeStack on a function declaration"); assert(!F.isDeclaration() && "Can't run SafeStack on a function declaration");
++NumFunctions; ++NumFunctions;
SmallVector<AllocaInst *, 16> StaticAllocas; SmallVector<AllocaInst *, 16> StaticAllocas;
Show All 20 Linesbool SafeStack::run() {
if (!StaticAllocas.empty() || !DynamicAllocas.empty() || if (!StaticAllocas.empty() || !DynamicAllocas.empty() ||
!ByValArguments.empty()) !ByValArguments.empty())
++NumUnsafeStackFunctions; // This function has the unsafe stack. ++NumUnsafeStackFunctions; // This function has the unsafe stack.
if (!StackRestorePoints.empty()) if (!StackRestorePoints.empty())
++NumUnsafeStackRestorePointsFunctions; ++NumUnsafeStackRestorePointsFunctions;
IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt()); IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt());
if (SafeStackUsePointerAddress) {
Value *Fn = F.getParent()->getOrInsertFunction(
"__safestack_pointer_address", StackPtrTy->getPointerTo(0));
UnsafeStackPtr = IRB.CreateCall(Fn);
} else {
UnsafeStackPtr = TL.getSafeStackPointerLocation(IRB); UnsafeStackPtr = TL.getSafeStackPointerLocation(IRB);
}
// Load the current stack pointer (we'll also use it as a base pointer). // Load the current stack pointer (we'll also use it as a base pointer).
// FIXME: use a dedicated register for it ? // FIXME: use a dedicated register for it ?
Instruction *BasePointer = Instruction *BasePointer =
IRB.CreateLoad(UnsafeStackPtr, false, "unsafe_stack_ptr"); IRB.CreateLoad(UnsafeStackPtr, false, "unsafe_stack_ptr");
assert(BasePointer->getType() == StackPtrTy); assert(BasePointer->getType() == StackPtrTy);
AllocaInst *StackGuardSlot = nullptr; AllocaInst *StackGuardSlot = nullptr;
Show All 31 Lines moveDynamicAllocasToUnsafeStack(F, UnsafeStackPtr, DynamicTop,
DynamicAllocas); DynamicAllocas);
// Restore the unsafe stack pointer before each return. // Restore the unsafe stack pointer before each return.
for (ReturnInst *RI : Returns) { for (ReturnInst *RI : Returns) {
IRB.SetInsertPoint(RI); IRB.SetInsertPoint(RI);
IRB.CreateStore(BasePointer, UnsafeStackPtr); IRB.CreateStore(BasePointer, UnsafeStackPtr);
} }
TryInlinePointerAddress();
DEBUG(dbgs() << "[SafeStack] safestack applied\n"); DEBUG(dbgs() << "[SafeStack] safestack applied\n");
return true; return true;
} }
class SafeStackLegacyPass : public FunctionPass { class SafeStackLegacyPass : public FunctionPass {
const TargetMachine *TM = nullptr; const TargetMachine *TM = nullptr;
public: public:
▲ Show 20 LinesShow All 62 LinesShow Last 20 Lines

llvm/trunk/test/CodeGen/X86/safestack.ll

; RUN: llc -mtriple=i386-linux < %s -o - | FileCheck --check-prefix=LINUX-I386 %s ; RUN: llc -mtriple=i386-linux < %s -o - | FileCheck --check-prefix=LINUX-I386 %s
; RUN: llc -mtriple=x86_64-linux < %s -o - | FileCheck --check-prefix=LINUX-X64 %s ; RUN: llc -mtriple=x86_64-linux < %s -o - | FileCheck --check-prefix=LINUX-X64 %s
; RUN: llc -mtriple=i386-linux-android < %s -o - | FileCheck --check-prefix=ANDROID-I386 %s ; RUN: llc -mtriple=i386-linux-android < %s -o - | FileCheck --check-prefix=ANDROID-I386 %s
; RUN: llc -mtriple=x86_64-linux-android < %s -o - | FileCheck --check-prefix=ANDROID-X64 %s ; RUN: llc -mtriple=x86_64-linux-android < %s -o - | FileCheck --check-prefix=ANDROID-X64 %s
; RUN: llc -mtriple=x86_64-fuchsia < %s -o - | FileCheck --check-prefix=FUCHSIA-X64 %s ; RUN: llc -mtriple=x86_64-fuchsia < %s -o - | FileCheck --check-prefix=FUCHSIA-X64 %s
; RUN: llc -mtriple=i386-linux -safestack-use-pointer-address < %s -o - | FileCheck --check-prefix=LINUX-I386-PA %s
define void @_Z1fv() safestack { define void @_Z1fv() safestack {
entry: entry:
%x = alloca i32, align 4 %x = alloca i32, align 4
%0 = bitcast i32* %x to i8* %0 = bitcast i32* %x to i8*
call void @_Z7CapturePi(i32* nonnull %x) call void @_Z7CapturePi(i32* nonnull %x)
ret void ret void
} }
Show All 15 Lines
; ANDROID-X64: movq %fs:72, %[[A:.*]] ; ANDROID-X64: movq %fs:72, %[[A:.*]]
; ANDROID-X64: leaq -16(%[[A]]), %[[B:.*]] ; ANDROID-X64: leaq -16(%[[A]]), %[[B:.*]]
; ANDROID-X64: movq %[[B]], %fs:72 ; ANDROID-X64: movq %[[B]], %fs:72
; FUCHSIA-X64: movq %fs:24, %[[A:.*]] ; FUCHSIA-X64: movq %fs:24, %[[A:.*]]
; FUCHSIA-X64: leaq -16(%[[A]]), %[[B:.*]] ; FUCHSIA-X64: leaq -16(%[[A]]), %[[B:.*]]
; FUCHSIA-X64: movq %[[B]], %fs:24 ; FUCHSIA-X64: movq %[[B]], %fs:24
; LINUX-I386-PA: calll __safestack_pointer_address
; LINUX-I386-PA: movl %eax, %[[A:.*]]
; LINUX-I386-PA: movl (%[[A]]), %[[B:.*]]
; LINUX-I386-PA: leal -16(%[[B]]), %[[C:.*]]
; LINUX-I386-PA: movl %[[C]], (%[[A]])

llvm/trunk/test/CodeGen/X86/safestack_inline.ll

; RUN: sed -e "s/ATTR//" %s | llc -mtriple=x86_64-linux -safestack-use-pointer-address | FileCheck --check-prefix=INLINE %s
; RUN: sed -e "s/ATTR/noinline/" %s | llc -mtriple=x86_64-linux -safestack-use-pointer-address | FileCheck --check-prefix=CALL %s
@p = external thread_local global i8*, align 8
define nonnull i8** @__safestack_pointer_address() local_unnamed_addr ATTR {
entry:
ret i8** @p
}
define void @_Z1fv() safestack {
entry:
%x = alloca i32, align 4
%0 = bitcast i32* %x to i8*
call void @_Z7CapturePi(i32* nonnull %x)
ret void
}
declare void @_Z7CapturePi(i32*)
; INLINE: movq p@GOTTPOFF(%rip), %[[A:.*]]
; INLINE: movq %fs:(%[[A]]), %[[B:.*]]
; INLINE: leaq -16(%[[B]]), %[[C:.*]]
; INLINE: movq %[[C]], %fs:(%[[A]])
; CALL: callq __safestack_pointer_address
; CALL: movq %rax, %[[A:.*]]
; CALL: movq (%[[A]]), %[[B:.*]]
; CALL: leaq -16(%[[B]]), %[[C:.*]]
; CALL: movq %[[C]], (%[[A]])