Index: clang/include/clang/Driver/CLCompatOptions.td =================================================================== --- clang/include/clang/Driver/CLCompatOptions.td +++ clang/include/clang/Driver/CLCompatOptions.td @@ -232,6 +232,8 @@ def _SLASH_Fo : CLCompileJoined<"Fo">, HelpText<"Set output object file, or directory (ends in / or \\) (with /c)">, MetaVarName<"">; +def _SLASH_Guard : CLJoined<"guard:">, + HelpText<"Enable Control Flow Guard with /guard:cf">; def _SLASH_GX : CLFlag<"GX">, HelpText<"Enable exception handling">; def _SLASH_GX_ : CLFlag<"GX-">, @@ -361,7 +363,6 @@ def _SLASH_Gm : CLFlag<"Gm">; def _SLASH_Gm_ : CLFlag<"Gm-">; def _SLASH_GT : CLFlag<"GT">; -def _SLASH_Guard : CLJoined<"guard:">; def _SLASH_GZ : CLFlag<"GZ">; def _SLASH_H : CLFlag<"H">; def _SLASH_homeparams : CLFlag<"homeparams">; Index: clang/include/clang/Driver/Options.td =================================================================== --- clang/include/clang/Driver/Options.td +++ clang/include/clang/Driver/Options.td @@ -492,6 +492,8 @@ def bundle__loader : Separate<["-"], "bundle_loader">; def bundle : Flag<["-"], "bundle">; def b : JoinedOrSeparate<["-"], "b">, Flags<[Unsupported]>; +def cfguard : Flag<["-"], "cfguard">, Flags<[CC1Option]>, + HelpText<"Emit tables required for Windows Control Flow Guard.">; def cl_opt_disable : Flag<["-"], "cl-opt-disable">, Group, Flags<[CC1Option]>, HelpText<"OpenCL only. This option disables all optimizations. By default optimizations are enabled.">; def cl_strict_aliasing : Flag<["-"], "cl-strict-aliasing">, Group, Flags<[CC1Option]>, Index: clang/include/clang/Frontend/CodeGenOptions.def =================================================================== --- clang/include/clang/Frontend/CodeGenOptions.def +++ clang/include/clang/Frontend/CodeGenOptions.def @@ -38,6 +38,7 @@ CODEGENOPT(Autolink , 1, 1) ///< -fno-autolink CODEGENOPT(ObjCAutoRefCountExceptions , 1, 0) ///< Whether ARC should be EH-safe. CODEGENOPT(Backchain , 1, 0) ///< -mbackchain +CODEGENOPT(ControlFlowGuard , 1, 0) ///< -cfguard CODEGENOPT(CoverageExtraChecksum, 1, 0) ///< Whether we need a second checksum for functions in GCNO files. CODEGENOPT(CoverageNoFunctionNamesInData, 1, 0) ///< Do not include function names in GCDA files. CODEGENOPT(CoverageExitBlockBeforeBody, 1, 0) ///< Whether to emit the exit block before the body blocks in GCNO files. Index: clang/lib/CodeGen/CodeGenModule.cpp =================================================================== --- clang/lib/CodeGen/CodeGenModule.cpp +++ clang/lib/CodeGen/CodeGenModule.cpp @@ -452,6 +452,10 @@ // Indicate that we want CodeView in the metadata. getModule().addModuleFlag(llvm::Module::Warning, "CodeView", 1); } + if (CodeGenOpts.ControlFlowGuard) { + // We want function ID tables for Control Flow Guard. + getModule().addModuleFlag(llvm::Module::Warning, "cfguard", 1); + } if (CodeGenOpts.OptimizationLevel > 0 && CodeGenOpts.StrictVTablePointers) { // We don't support LTO with 2 with different StrictVTablePointers // FIXME: we could support it by stripping all the information introduced Index: clang/lib/Driver/ToolChains/Clang.cpp =================================================================== --- clang/lib/Driver/ToolChains/Clang.cpp +++ clang/lib/Driver/ToolChains/Clang.cpp @@ -5016,6 +5016,10 @@ else CmdArgs.push_back("msvc"); } + + if (Args.hasArg(options::OPT__SLASH_Guard) && + Args.getLastArgValue(options::OPT__SLASH_Guard).equals_lower("cf")) + CmdArgs.push_back("-cfguard"); } visualstudio::Compiler *Clang::getCLFallback() const { Index: clang/lib/Frontend/CompilerInvocation.cpp =================================================================== --- clang/lib/Frontend/CompilerInvocation.cpp +++ clang/lib/Frontend/CompilerInvocation.cpp @@ -716,6 +716,8 @@ Opts.MainFileName = Args.getLastArgValue(OPT_main_file_name); Opts.VerifyModule = !Args.hasArg(OPT_disable_llvm_verifier); + Opts.ControlFlowGuard = Args.hasArg(OPT_cfguard); + Opts.DisableGCov = Args.hasArg(OPT_test_coverage); Opts.EmitGcovArcs = Args.hasArg(OPT_femit_coverage_data); Opts.EmitGcovNotes = Args.hasArg(OPT_femit_coverage_notes); Index: clang/test/CodeGen/cfguard.c =================================================================== --- /dev/null +++ clang/test/CodeGen/cfguard.c @@ -0,0 +1,18 @@ +// RUN: %clang_cc1 %s -cfguard -triple x86_64-pc-win32 -fms-extensions -emit-llvm -o - | FileCheck -check-prefix=CFG %s +// RUN: %clang_cc1 %s -cfguard -triple i686-pc-win32 -fms-extensions -emit-llvm -o - | FileCheck -check-prefix=CFG %s +// RUN: %clang_cc1 %s -triple x86_64-pc-win32 -fms-extensions -emit-llvm -o - | FileCheck -check-prefix=NOCFG %s +// RUN: %clang_cc1 %s -triple i686-pc-win32 -fms-extensions -emit-llvm -o - | FileCheck -check-prefix=NOCFG %s + +void address_taken() {} + +typedef void (*F)(); + +F foo() { + return address_taken; +} + +// CFG: !llvm.module.flags = +// CFG: !{{.*}} = !{i32 2, !"cfguard", i32 1} + +// NOCFG: !llvm.module.flags = +// NOCFG-NOT: !{{.*}} = !{i32 2, !"cfguard", i32 1} Index: llvm/include/llvm/MC/MCObjectFileInfo.h =================================================================== --- llvm/include/llvm/MC/MCObjectFileInfo.h +++ llvm/include/llvm/MC/MCObjectFileInfo.h @@ -192,6 +192,7 @@ MCSection *PDataSection; MCSection *XDataSection; MCSection *SXDataSection; + MCSection *GFIDsSection; public: void InitMCObjectFileInfo(const Triple &TT, bool PIC, MCContext &ctx, @@ -341,6 +342,7 @@ MCSection *getPDataSection() const { return PDataSection; } MCSection *getXDataSection() const { return XDataSection; } MCSection *getSXDataSection() const { return SXDataSection; } + MCSection *getGFIDsSection() const { return GFIDsSection; } MCSection *getEHFrameSection() { return EHFrameSection; Index: llvm/include/llvm/MC/MCStreamer.h =================================================================== --- llvm/include/llvm/MC/MCStreamer.h +++ llvm/include/llvm/MC/MCStreamer.h @@ -481,6 +481,9 @@ virtual void EmitCOFFSafeSEH(MCSymbol const *Symbol); + /// \brief Emits the symbol table index of a Symbol into the .gfids$y section. + virtual void EmitCOFFCFGuard(MCSymbol const *Symbol); + /// \brief Emits a COFF section index. /// /// \param Symbol - Symbol the section number relocation should point to. Index: llvm/include/llvm/MC/MCWinCOFFStreamer.h =================================================================== --- llvm/include/llvm/MC/MCWinCOFFStreamer.h +++ llvm/include/llvm/MC/MCWinCOFFStreamer.h @@ -50,6 +50,7 @@ void EmitCOFFSymbolType(int Type) override; void EndCOFFSymbolDef() override; void EmitCOFFSafeSEH(MCSymbol const *Symbol) override; + void EmitCOFFCFGuard(MCSymbol const *Symbol) override; void EmitCOFFSectionIndex(MCSymbol const *Symbol) override; void EmitCOFFSecRel32(MCSymbol const *Symbol, uint64_t Offset) override; void EmitCommonSymbol(MCSymbol *Symbol, uint64_t Size, Index: llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp =================================================================== --- llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp +++ llvm/lib/CodeGen/AsmPrinter/AsmPrinter.cpp @@ -16,6 +16,7 @@ #include "CodeViewDebug.h" #include "DwarfDebug.h" #include "DwarfException.h" +#include "WinCFGuard.h" #include "WinException.h" #include "llvm/ADT/APFloat.h" #include "llvm/ADT/APInt.h" @@ -130,6 +131,8 @@ static const char *const DbgTimerDescription = "Debug Info Emission"; static const char *const EHTimerName = "write_exception"; static const char *const EHTimerDescription = "DWARF Exception Writer"; +static const char *const CFGuardName = "Control Flow Guard"; +static const char *const CFGuardDescription = "Control Flow Guard Tables"; static const char *const CodeViewLineTablesGroupName = "linetables"; static const char *const CodeViewLineTablesGroupDescription = "CodeView Line Tables"; @@ -374,6 +377,13 @@ if (ES) Handlers.push_back(HandlerInfo(ES, EHTimerName, EHTimerDescription, DWARFGroupName, DWARFGroupDescription)); + + if (mdconst::extract_or_null( + MMI->getModule()->getModuleFlag("cfguard"))) + Handlers.push_back(HandlerInfo(new WinCFGuard(this), CFGuardName, + CFGuardDescription, DWARFGroupName, + DWARFGroupDescription)); + return false; } Index: llvm/lib/CodeGen/AsmPrinter/CMakeLists.txt =================================================================== --- llvm/lib/CodeGen/AsmPrinter/CMakeLists.txt +++ llvm/lib/CodeGen/AsmPrinter/CMakeLists.txt @@ -20,6 +20,7 @@ EHStreamer.cpp ErlangGCPrinter.cpp OcamlGCPrinter.cpp + WinCFGuard.cpp WinException.cpp CodeViewDebug.cpp Index: llvm/lib/CodeGen/AsmPrinter/WinCFGuard.h =================================================================== --- /dev/null +++ llvm/lib/CodeGen/AsmPrinter/WinCFGuard.h @@ -0,0 +1,54 @@ +//===-- WinCFGuard.h - Windows Control Flow Guard Handling ----*- C++ -*--===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// This file contains support for writing windows exception info into asm files. +// +//===----------------------------------------------------------------------===// + +#ifndef LLVM_LIB_CODEGEN_ASMPRINTER_WINCFGUARD_H +#define LLVM_LIB_CODEGEN_ASMPRINTER_WINCFGUARD_H + +#include "AsmPrinterHandler.h" +#include "llvm/Support/Compiler.h" + +namespace llvm { + +class LLVM_LIBRARY_VISIBILITY WinCFGuard : public AsmPrinterHandler { + /// Target of directive emission. + AsmPrinter *Asm; + +public: + WinCFGuard(AsmPrinter *A); + ~WinCFGuard() override; + + void setSymbolSize(const MCSymbol *Sym, uint64_t Size) override {} + + /// \brief Emit the Control Flow Guard function ID table + void endModule() override; + + /// \brief Gather pre-function debug information. + /// Every beginFunction(MF) call should be followed by an endFunction(MF) + /// call. + void beginFunction(const MachineFunction *MF) override {} + + /// \brief Gather post-function debug information. + /// Please note that some AsmPrinter implementations may not call + /// beginFunction at all. + void endFunction(const MachineFunction *MF) override {} + + /// \brief Process beginning of an instruction. + void beginInstruction(const MachineInstr *MI) override {} + + /// \brief Process end of an instruction. + void endInstruction() override {} +}; + +} // namespace llvm + +#endif Index: llvm/lib/CodeGen/AsmPrinter/WinCFGuard.cpp =================================================================== --- /dev/null +++ llvm/lib/CodeGen/AsmPrinter/WinCFGuard.cpp @@ -0,0 +1,47 @@ +//===-- CodeGen/AsmPrinter/WinCFGuard.cpp - Control Flow Guard Impl ------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// This file contains support for writing Win64 exception info into asm files. +// +//===----------------------------------------------------------------------===// + +#include "WinCFGuard.h" +#include "llvm/CodeGen/AsmPrinter.h" +#include "llvm/CodeGen/MachineFunction.h" +#include "llvm/CodeGen/MachineModuleInfo.h" +#include "llvm/CodeGen/MachineOperand.h" +#include "llvm/IR/Constants.h" +#include "llvm/IR/Metadata.h" +#include "llvm/MC/MCAsmInfo.h" +#include "llvm/MC/MCObjectFileInfo.h" +#include "llvm/MC/MCStreamer.h" + +#include + +using namespace llvm; + +WinCFGuard::WinCFGuard(AsmPrinter *A) : AsmPrinterHandler(), Asm(A) {} + +WinCFGuard::~WinCFGuard() {} + +void WinCFGuard::endModule() { + const Module *M = Asm->MMI->getModule(); + if (mdconst::extract_or_null(M->getModuleFlag("cfguard"))) { + std::vector Functions; + for (const Function &F : *M) + if (F.hasAddressTaken()) + Functions.push_back(&F); + if (Functions.empty()) + return; + auto &OS = *Asm->OutStreamer; + OS.SwitchSection(Asm->OutContext.getObjectFileInfo()->getGFIDsSection()); + for (const Function *F : Functions) + OS.EmitCOFFCFGuard(Asm->getSymbol(F)); + } +} Index: llvm/lib/MC/MCAsmStreamer.cpp =================================================================== --- llvm/lib/MC/MCAsmStreamer.cpp +++ llvm/lib/MC/MCAsmStreamer.cpp @@ -152,6 +152,7 @@ void EmitCOFFSymbolType(int Type) override; void EndCOFFSymbolDef() override; void EmitCOFFSafeSEH(MCSymbol const *Symbol) override; + void EmitCOFFCFGuard(MCSymbol const *Symbol) override; void EmitCOFFSectionIndex(MCSymbol const *Symbol) override; void EmitCOFFSecRel32(MCSymbol const *Symbol, uint64_t Offset) override; void emitELFSize(MCSymbol *Symbol, const MCExpr *Value) override; @@ -626,6 +627,12 @@ EmitEOL(); } +void MCAsmStreamer::EmitCOFFCFGuard(MCSymbol const *Symbol) { + OS << MAI->getData16bitsDirective(); + Symbol->print(OS, MAI); + EmitEOL(); +} + void MCAsmStreamer::EmitCOFFSectionIndex(MCSymbol const *Symbol) { OS << "\t.secidx\t"; Symbol->print(OS, MAI); Index: llvm/lib/MC/MCObjectFileInfo.cpp =================================================================== --- llvm/lib/MC/MCObjectFileInfo.cpp +++ llvm/lib/MC/MCObjectFileInfo.cpp @@ -811,6 +811,11 @@ SXDataSection = Ctx->getCOFFSection(".sxdata", COFF::IMAGE_SCN_LNK_INFO, SectionKind::getMetadata()); + GFIDsSection = Ctx->getCOFFSection(".gfids$y", + COFF::IMAGE_SCN_CNT_INITIALIZED_DATA | + COFF::IMAGE_SCN_MEM_READ, + SectionKind::getMetadata()); + TLSDataSection = Ctx->getCOFFSection( ".tls$", COFF::IMAGE_SCN_CNT_INITIALIZED_DATA | COFF::IMAGE_SCN_MEM_READ | COFF::IMAGE_SCN_MEM_WRITE, Index: llvm/lib/MC/MCStreamer.cpp =================================================================== --- llvm/lib/MC/MCStreamer.cpp +++ llvm/lib/MC/MCStreamer.cpp @@ -782,6 +782,8 @@ void MCStreamer::EmitCOFFSafeSEH(MCSymbol const *Symbol) { } +void MCStreamer::EmitCOFFCFGuard(MCSymbol const *Symbol) {} + void MCStreamer::EmitCOFFSectionIndex(MCSymbol const *Symbol) { } Index: llvm/lib/MC/MCWinCOFFStreamer.cpp =================================================================== --- llvm/lib/MC/MCWinCOFFStreamer.cpp +++ llvm/lib/MC/MCWinCOFFStreamer.cpp @@ -193,6 +193,17 @@ << COFF::SCT_COMPLEX_TYPE_SHIFT); } +void MCWinCOFFStreamer::EmitCOFFCFGuard(MCSymbol const *Symbol) { + MCSection *CFGData = getCurrentSectionOnly(); + getAssembler().registerSection(*CFGData); + if (CFGData->getAlignment() < 4) + CFGData->setAlignment(4); + + new MCSymbolIdFragment(Symbol, getCurrentSectionOnly()); + + getAssembler().registerSymbol(*Symbol); +} + void MCWinCOFFStreamer::EmitCOFFSectionIndex(const MCSymbol *Symbol) { visitUsedSymbol(*Symbol); MCDataFragment *DF = getOrCreateDataFragment(); Index: llvm/test/CodeGen/WinCFGuard/cfguard.ll =================================================================== --- /dev/null +++ llvm/test/CodeGen/WinCFGuard/cfguard.ll @@ -0,0 +1,28 @@ +; RUN: llc < %s | FileCheck %s +; ModuleID = 'cfguard.c' +source_filename = "cfguard.c" +target datalayout = "e-m:w-i64:64-f80:128-n8:16:32:64-S128" +target triple = "x86_64-pc-windows-msvc" + +; Function Attrs: noinline nounwind optnone +define void @address_taken() #0 { +entry: + ret void +} + +; Function Attrs: noinline nounwind optnone +define void (...)* @foo() #0 { +entry: + ret void (...)* bitcast (void ()* @address_taken to void (...)*) +} + +attributes #0 = { noinline nounwind optnone "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="false" "no-infs-fp-math"="false" "no-jump-tables"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-features"="+mmx,+sse,+sse2,+x87" "unsafe-fp-math"="false" "use-soft-float"="false" } + +!llvm.module.flags = !{!0, !1} +!llvm.ident = !{!2} + +!0 = !{i32 2, !"cfguard", i32 1} +!1 = !{i32 1, !"wchar_size", i32 2} +!2 = !{!"clang version 6.0.0 "} +; CHECK: .section .gfids$y +; CHECK: .short address_taken