This is an archive of the discontinued LLVM Phabricator instance.

Differential D45239

AArch64: Implement support for the shadowcallstack attribute.
ClosedPublic

Authored by pcc on Apr 3 2018, 6:03 PM.

Details

Reviewers
vlad.tsyrklevich
eugenis
kcc
t.p.northover
olista01
Commits
rGf11eb3ebe777: AArch64: Implement support for the shadowcallstack attribute.
rC329236: AArch64: Implement support for the shadowcallstack attribute.
rL329236: AArch64: Implement support for the shadowcallstack attribute.
Summary

The implementation of shadow call stack on aarch64 is quite different to
the implementation on x86_64. Instead of reserving a segment register for
the shadow call stack, we reserve the platform register, x18. Any function
that spills lr to sp also spills it to the shadow call stack, a pointer to
which is stored in x18.

Diff Detail

Event Timeline

pcc created this revision.Apr 3 2018, 6:03 PM
Herald added subscribers: hiraditya, kristof.beyls, javed.absar, rengolin. · View Herald TranscriptApr 3 2018, 6:03 PM
Harbormaster completed remote builds in B16699: Diff 140890.Apr 3 2018, 6:04 PM
vlad.tsyrklevich accepted this revision.Apr 4 2018, 2:28 PM
vlad.tsyrklevich added inline comments.
clang/docs/ShadowCallStack.rst
11–12

Should also mention aarch64 here.

llvm/lib/Target/AArch64/AArch64RegisterInfo.cpp
78

It's sort of a stretch to construct a scenario where this is likely to happen, but is it possible that a runtime function marked with __attribute__((no_sanitize("shadowcallstack"))) would spill x18 across a function call because of this mask if it's referenced before and after? If that was a concern, we could make this test hasAttr(SCS) || hasFlag(fFixedx18)

This revision is now accepted and ready to land.Apr 4 2018, 2:28 PM
eugenis added inline comments.Apr 4 2018, 2:30 PM
clang/docs/ShadowCallStack.rst
11–12

needs update

llvm/lib/Target/AArch64/AArch64FrameLowering.cpp
1153

That's way too cryptic, please call it NeedShadowCallStackProlog or something similar.

pcc updated this revision to Diff 141063.Apr 4 2018, 2:44 PM
pcc marked 3 inline comments as done.
  • Addres review comments
Harbormaster completed remote builds in B16737: Diff 141063.Apr 4 2018, 2:45 PM
eugenis accepted this revision.Apr 4 2018, 2:49 PM
Closed by commit rL329236: AArch64: Implement support for the shadowcallstack attribute. (authored by pcc). · Explain WhyApr 4 2018, 2:59 PM
This revision was automatically updated to reflect the committed changes.
pcc added a child revision: D45303: shadowcallstack: Make runtime tests compatible with aarch64..Apr 4 2018, 5:05 PM

Revision Contents

PathSize
clang/
docs/
85 lines
lib/
Driver/
10 lines
3 lines
test/
Driver/
13 lines
llvm/
include/
llvm/
Support/
2 lines
lib/
Support/
4 lines
Target/
AArch64/
15 lines
76 lines
16 lines
5 lines
test/
CodeGen/
AArch64/
47 lines

Diff 141063

clang/docs/ShadowCallStack.rst

=============== ===============
ShadowCallStack ShadowCallStack
=============== ===============
.. contents:: .. contents::
:local: :local:
Introduction Introduction
============ ============
ShadowCallStack is an **experimental** instrumentation pass, currently only ShadowCallStack is an **experimental** instrumentation pass, currently only
implemented for x86_64, that protects programs against return address implemented for x86_64 and aarch64, that protects programs against return
vlad.tsyrklevichUnsubmitted
Done
ReplyInline Actions

Should also mention aarch64 here.

vlad.tsyrklevich: Should also mention aarch64 here.
eugenisUnsubmitted
Done
ReplyInline Actions

needs update

eugenis: needs update
overwrites (e.g. stack buffer overflows.) It works by saving a function's return address overwrites (e.g. stack buffer overflows.) It works by saving a
address to a separately allocated 'shadow call stack' in the function prolog and function's return address to a separately allocated 'shadow call stack'
checking the return address on the stack against the shadow call stack in the in the function prolog and checking the return address on the stack against
function epilog. the shadow call stack in the function epilog.
Comparison Comparison
---------- ----------
To optimize for memory consumption and cache locality, the shadow call stack To optimize for memory consumption and cache locality, the shadow call stack
stores an index followed by an array of return addresses. This is in contrast stores an index followed by an array of return addresses. This is in contrast
to other schemes, like :doc:`SafeStack`, that mirror the entire stack and to other schemes, like :doc:`SafeStack`, that mirror the entire stack and
trade-off consuming more memory for shorter function prologs and epilogs with trade-off consuming more memory for shorter function prologs and epilogs with
fewer memory accesses. Similarly, `Return Flow Guard`_ consumes more memory with fewer memory accesses. Similarly, `Return Flow Guard`_ consumes more memory with
shorter function prologs and epilogs than ShadowCallStack but suffers from the shorter function prologs and epilogs than ShadowCallStack but suffers from the
same race conditions (see `Security`_). Intel `Control-flow Enforcement Technology`_ same race conditions (see `Security`_). Intel `Control-flow Enforcement Technology`_
(CET) is a proposed hardware extension that would add native support to (CET) is a proposed hardware extension that would add native support to
use a shadow stack to store/check return addresses at call/return time. It use a shadow stack to store/check return addresses at call/return time. It
would not suffer from race conditions at calls and returns and not incur the would not suffer from race conditions at calls and returns and not incur the
overhead of function instrumentation, but it does require operating system overhead of function instrumentation, but it does require operating system
support. support.
.. _`Return Flow Guard`: https://xlab.tencent.com/en/2016/11/02/return-flow-guard/ .. _`Return Flow Guard`: https://xlab.tencent.com/en/2016/11/02/return-flow-guard/
.. _`Control-flow Enforcement Technology`: https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf .. _`Control-flow Enforcement Technology`: https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
Compatibility Compatibility
------------- -------------
ShadowCallStack currently only supports x86_64. A runtime is not currently ShadowCallStack currently only supports x86_64 and aarch64. A runtime is not
provided in compiler-rt so one must be provided by the compiled application. currently provided in compiler-rt so one must be provided by the compiled
application.
On aarch64, the instrumentation makes use of the platform register ``x18``.
On some platforms, ``x18`` is reserved, and on others, it is designated as
a scratch register. This generally means that any code that may run on the
same thread as code compiled with ShadowCallStack must either target one
of the platforms whose ABI reserves ``x18`` (currently Darwin, Fuchsia and
Windows) or be compiled with the flag ``-ffixed-x18``.
Security Security
======== ========
ShadowCallStack is intended to be a stronger alternative to ShadowCallStack is intended to be a stronger alternative to
``-fstack-protector``. It protects from non-linear overflows and arbitrary ``-fstack-protector``. It protects from non-linear overflows and arbitrary
memory writes to the return address slot; however, similarly to memory writes to the return address slot; however, similarly to
``-fstack-protector`` this protection suffers from race conditions because of ``-fstack-protector`` this protection suffers from race conditions because of
the call-return semantics on x86_64. There is a short race between the call the call-return semantics on x86_64. There is a short race between the call
instruction and the first instruction in the function that reads the return instruction and the first instruction in the function that reads the return
address where an attacker could overwrite the return address and bypass address where an attacker could overwrite the return address and bypass
ShadowCallStack. Similarly, there is a time-of-check-to-time-of-use race in the ShadowCallStack. Similarly, there is a time-of-check-to-time-of-use race in the
function epilog where an attacker could overwrite the return address after it function epilog where an attacker could overwrite the return address after it
has been checked and before it has been returned to. Modifying the call-return has been checked and before it has been returned to. Modifying the call-return
semantics to fix this on x86_64 would incur an unacceptable performance overhead semantics to fix this on x86_64 would incur an unacceptable performance overhead
due to return branch prediction. due to return branch prediction.
The instrumentation makes use of the ``gs`` segment register to reference the The instrumentation makes use of the ``gs`` segment register on x86_64,
shadow call stack meaning that references to the shadow call stack do not have or the ``x18`` register on aarch64, to reference the shadow call stack
to be stored in memory. This makes it possible to implement a runtime that meaning that references to the shadow call stack do not have to be stored in
avoids exposing the address of the shadow call stack to attackers that can read memory. This makes it possible to implement a runtime that avoids exposing
arbitrary memory. However, attackers could still try to exploit side channels the address of the shadow call stack to attackers that can read arbitrary
exposed by the operating system `[1]`_ `[2]`_ or processor `[3]`_ to discover memory. However, attackers could still try to exploit side channels exposed
the address of the shadow call stack. by the operating system `[1]`_ `[2]`_ or processor `[3]`_ to discover the
address of the shadow call stack.
.. _`[1]`: https://eyalitkin.wordpress.com/2017/09/01/cartography-lighting-up-the-shadows/ .. _`[1]`: https://eyalitkin.wordpress.com/2017/09/01/cartography-lighting-up-the-shadows/
.. _`[2]`: https://www.blackhat.com/docs/eu-16/materials/eu-16-Goktas-Bypassing-Clangs-SafeStack.pdf .. _`[2]`: https://www.blackhat.com/docs/eu-16/materials/eu-16-Goktas-Bypassing-Clangs-SafeStack.pdf
.. _`[3]`: https://www.vusec.net/projects/anc/ .. _`[3]`: https://www.vusec.net/projects/anc/
Leaf functions are optimized to store the return address in a free register On x86_64, leaf functions are optimized to store the return address in a
and avoid writing to the shadow call stack if a register is available. Very free register and avoid writing to the shadow call stack if a register is
short leaf functions are uninstrumented if their execution is judged to be available. Very short leaf functions are uninstrumented if their execution
shorter than the race condition window intrinsic to the instrumentation. is judged to be shorter than the race condition window intrinsic to the
instrumentation.
On aarch64, the architecture's call and return instructions (``bl`` and
``ret``) operate on a register rather than the stack, which means that
leaf functions are generally protected from return address overwrites even
without ShadowCallStack. It also means that ShadowCallStack on aarch64 is not
vulnerable to the same types of time-of-check-to-time-of-use races as x86_64.
Usage Usage
===== =====
To enable ShadowCallStack, just pass the ``-fsanitize=shadow-call-stack`` flag To enable ShadowCallStack, just pass the ``-fsanitize=shadow-call-stack``
to both compile and link command lines. flag to both compile and link command lines. On aarch64, you also need to pass
``-ffixed-x18`` unless your target already reserves ``x18``.
Low-level API Low-level API
------------- -------------
``__has_feature(shadow_call_stack)`` ``__has_feature(shadow_call_stack)``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In some cases one may need to execute different code depending on whether In some cases one may need to execute different code depending on whether
Show All 31 Lines
.. code-block:: gas .. code-block:: gas
push %rax push %rax
callq foo callq foo
add $0x1,%eax add $0x1,%eax
pop %rcx pop %rcx
retq retq
Adding ``-fsanitize=shadow-call-stack`` would output the following: or the following aarch64 assembly:
.. code-block:: none
stp x29, x30, [sp, #-16]!
mov x29, sp
bl bar
add w0, w0, #1
ldp x29, x30, [sp], #16
ret
Adding ``-fsanitize=shadow-call-stack`` would output the following x86_64
assembly:
.. code-block:: gas .. code-block:: gas
mov (%rsp),%r10 mov (%rsp),%r10
xor %r11,%r11 xor %r11,%r11
addq $0x8,%gs:(%r11) addq $0x8,%gs:(%r11)
mov %gs:(%r11),%r11 mov %gs:(%r11),%r11
mov %r10,%gs:(%r11) mov %r10,%gs:(%r11)
push %rax push %rax
callq foo callq foo
add $0x1,%eax add $0x1,%eax
pop %rcx pop %rcx
xor %r11,%r11 xor %r11,%r11
mov %gs:(%r11),%r10 mov %gs:(%r11),%r10
mov %gs:(%r10),%r10 mov %gs:(%r10),%r10
subq $0x8,%gs:(%r11) subq $0x8,%gs:(%r11)
cmp %r10,(%rsp) cmp %r10,(%rsp)
jne trap jne trap
retq retq
trap: trap:
ud2 ud2
or the following aarch64 assembly:
.. code-block:: none
str x30, [x18], #8
stp x29, x30, [sp, #-16]!
mov x29, sp
bl bar
add w0, w0, #1
ldp x29, x30, [sp], #16
ldr x30, [x18, #-8]!
ret

clang/lib/Driver/SanitizerArgs.cpp

Show All 12 Lines
#include "clang/Driver/DriverDiagnostic.h" #include "clang/Driver/DriverDiagnostic.h"
#include "clang/Driver/Options.h" #include "clang/Driver/Options.h"
#include "clang/Driver/ToolChain.h" #include "clang/Driver/ToolChain.h"
#include "llvm/ADT/StringExtras.h" #include "llvm/ADT/StringExtras.h"
#include "llvm/ADT/StringSwitch.h" #include "llvm/ADT/StringSwitch.h"
#include "llvm/Support/FileSystem.h" #include "llvm/Support/FileSystem.h"
#include "llvm/Support/Path.h" #include "llvm/Support/Path.h"
#include "llvm/Support/SpecialCaseList.h" #include "llvm/Support/SpecialCaseList.h"
#include "llvm/Support/TargetParser.h"
#include <memory> #include <memory>
using namespace clang; using namespace clang;
using namespace clang::SanitizerKind; using namespace clang::SanitizerKind;
using namespace clang::driver; using namespace clang::driver;
using namespace llvm::opt; using namespace llvm::opt;
enum : SanitizerMask { enum : SanitizerMask {
▲ Show 20 LinesShow All 341 Lines▼ Show 20 LinesSanitizerArgs::SanitizerArgs(const ToolChain &TC,
} }
// Check that LTO is enabled if we need it. // Check that LTO is enabled if we need it.
if ((Kinds & NeedsLTO) && !D.isUsingLTO()) { if ((Kinds & NeedsLTO) && !D.isUsingLTO()) {
D.Diag(diag::err_drv_argument_only_allowed_with) D.Diag(diag::err_drv_argument_only_allowed_with)
<< lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto"; << lastArgumentForMask(D, Args, Kinds & NeedsLTO) << "-flto";
} }
if ((Kinds & ShadowCallStack) &&
TC.getTriple().getArch() == llvm::Triple::aarch64 &&
!llvm::AArch64::isX18ReservedByDefault(TC.getTriple()) &&
!Args.hasArg(options::OPT_ffixed_x18)) {
D.Diag(diag::err_drv_argument_only_allowed_with)
<< lastArgumentForMask(D, Args, Kinds & ShadowCallStack)
<< "-ffixed-x18";
}
// Report error if there are non-trapping sanitizers that require // Report error if there are non-trapping sanitizers that require
// c++abi-specific parts of UBSan runtime, and they are not provided by the // c++abi-specific parts of UBSan runtime, and they are not provided by the
// toolchain. We don't have a good way to check the latter, so we just // toolchain. We don't have a good way to check the latter, so we just
// check if the toolchan supports vptr. // check if the toolchan supports vptr.
if (~Supported & Vptr) { if (~Supported & Vptr) {
SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt; SanitizerMask KindsToDiagnose = Kinds & ~TrappingKinds & NeedsUbsanCxxRt;
// The runtime library supports the Microsoft C++ ABI, but only well enough // The runtime library supports the Microsoft C++ ABI, but only well enough
// for CFI. FIXME: Remove this once we support vptr on Windows. // for CFI. FIXME: Remove this once we support vptr on Windows.
▲ Show 20 LinesShow All 584 LinesShow Last 20 Lines

clang/lib/Driver/ToolChain.cpp

Show First 20 LinesShow All 808 Lines▼ Show 20 Lines SanitizerMask Res = (Undefined & ~Vptr & ~Function) | (CFI & ~CFIICall) |
LocalBounds; LocalBounds;
if (getTriple().getArch() == llvm::Triple::x86 || if (getTriple().getArch() == llvm::Triple::x86 ||
getTriple().getArch() == llvm::Triple::x86_64 || getTriple().getArch() == llvm::Triple::x86_64 ||
getTriple().getArch() == llvm::Triple::arm || getTriple().getArch() == llvm::Triple::arm ||
getTriple().getArch() == llvm::Triple::aarch64 || getTriple().getArch() == llvm::Triple::aarch64 ||
getTriple().getArch() == llvm::Triple::wasm32 || getTriple().getArch() == llvm::Triple::wasm32 ||
getTriple().getArch() == llvm::Triple::wasm64) getTriple().getArch() == llvm::Triple::wasm64)
Res |= CFIICall; Res |= CFIICall;
if (getTriple().getArch() == llvm::Triple::x86_64) if (getTriple().getArch() == llvm::Triple::x86_64 ||
getTriple().getArch() == llvm::Triple::aarch64)
Res |= ShadowCallStack; Res |= ShadowCallStack;
return Res; return Res;
} }
void ToolChain::AddCudaIncludeArgs(const ArgList &DriverArgs, void ToolChain::AddCudaIncludeArgs(const ArgList &DriverArgs,
ArgStringList &CC1Args) const {} ArgStringList &CC1Args) const {}
void ToolChain::AddIAMCUIncludeArgs(const ArgList &DriverArgs, void ToolChain::AddIAMCUIncludeArgs(const ArgList &DriverArgs,
▲ Show 20 LinesShow All 122 LinesShow Last 20 Lines

clang/test/Driver/sanitizer-ld.c

Show First 20 LinesShow All 557 Lines▼ Show 20 Lines
// CHECK-SAFESTACK-LINUX: "-ldl" // CHECK-SAFESTACK-LINUX: "-ldl"
// RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \ // RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \
// RUN: -target x86_64-unknown-linux -fuse-ld=ld \ // RUN: -target x86_64-unknown-linux -fuse-ld=ld \
// RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-LINUX-X86-64 %s // RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-LINUX-X86-64 %s
// CHECK-SHADOWCALLSTACK-LINUX-X86-64-NOT: error: // CHECK-SHADOWCALLSTACK-LINUX-X86-64-NOT: error:
// RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \ // RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \
// RUN: -target aarch64-unknown-linux -fuse-ld=ld \
// RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-LINUX-AARCH64 %s
// CHECK-SHADOWCALLSTACK-LINUX-AARCH64: '-fsanitize=shadow-call-stack' only allowed with '-ffixed-x18'
// RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \
// RUN: -target aarch64-unknown-linux -fuse-ld=ld -ffixed-x18 \
// RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-LINUX-AARCH64-X18 %s
// RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \
// RUN: -target arm64-unknown-ios -fuse-ld=ld \
// RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-LINUX-AARCH64-X18 %s
// CHECK-SHADOWCALLSTACK-LINUX-AARCH64-X18-NOT: error:
// RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \
// RUN: -target x86-unknown-linux -fuse-ld=ld \ // RUN: -target x86-unknown-linux -fuse-ld=ld \
// RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-LINUX-X86 %s // RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-LINUX-X86 %s
// CHECK-SHADOWCALLSTACK-LINUX-X86: error: unsupported option '-fsanitize=shadow-call-stack' for target 'x86-unknown-linux' // CHECK-SHADOWCALLSTACK-LINUX-X86: error: unsupported option '-fsanitize=shadow-call-stack' for target 'x86-unknown-linux'
// RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \ // RUN: %clang -fsanitize=shadow-call-stack %s -### -o %t.o 2>&1 \
// RUN: -fsanitize=safe-stack -target x86_64-unknown-linux -fuse-ld=ld \ // RUN: -fsanitize=safe-stack -target x86_64-unknown-linux -fuse-ld=ld \
// RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-SAFESTACK %s // RUN: | FileCheck --check-prefix=CHECK-SHADOWCALLSTACK-SAFESTACK %s
// CHECK-SHADOWCALLSTACK-SAFESTACK: error: invalid argument '-fsanitize=shadow-call-stack' not allowed with '-fsanitize=safe-stack' // CHECK-SHADOWCALLSTACK-SAFESTACK: error: invalid argument '-fsanitize=shadow-call-stack' not allowed with '-fsanitize=safe-stack'
▲ Show 20 LinesShow All 237 LinesShow Last 20 Lines

llvm/include/llvm/Support/TargetParser.h

Show First 20 LinesShow All 206 Lines▼ Show 20 Lines
ArchExtKind parseArchExt(StringRef ArchExt); ArchExtKind parseArchExt(StringRef ArchExt);
ArchKind parseCPUArch(StringRef CPU); ArchKind parseCPUArch(StringRef CPU);
void fillValidCPUArchList(SmallVectorImpl<StringRef> &Values); void fillValidCPUArchList(SmallVectorImpl<StringRef> &Values);
ARM::ISAKind parseArchISA(StringRef Arch); ARM::ISAKind parseArchISA(StringRef Arch);
ARM::EndianKind parseArchEndian(StringRef Arch); ARM::EndianKind parseArchEndian(StringRef Arch);
ARM::ProfileKind parseArchProfile(StringRef Arch); ARM::ProfileKind parseArchProfile(StringRef Arch);
unsigned parseArchVersion(StringRef Arch); unsigned parseArchVersion(StringRef Arch);
bool isX18ReservedByDefault(const Triple &TT);
} // namespace AArch64 } // namespace AArch64
namespace X86 { namespace X86 {
// This should be kept in sync with libcc/compiler-rt as its included by clang // This should be kept in sync with libcc/compiler-rt as its included by clang
// as a proxy for what's in libgcc/compiler-rt. // as a proxy for what's in libgcc/compiler-rt.
enum ProcessorVendors : unsigned { enum ProcessorVendors : unsigned {
VENDOR_DUMMY, VENDOR_DUMMY,
Show All 40 Lines

llvm/lib/Support/TargetParser.cpp

Show First 20 LinesShow All 911 Lines▼ Show 20 Lines
ARM::ProfileKind AArch64::parseArchProfile(StringRef Arch) { ARM::ProfileKind AArch64::parseArchProfile(StringRef Arch) {
return ARM::parseArchProfile(Arch); return ARM::parseArchProfile(Arch);
} }
// Version number (ex. v8 = 8). // Version number (ex. v8 = 8).
unsigned llvm::AArch64::parseArchVersion(StringRef Arch) { unsigned llvm::AArch64::parseArchVersion(StringRef Arch) {
return ARM::parseArchVersion(Arch); return ARM::parseArchVersion(Arch);
} }
bool llvm::AArch64::isX18ReservedByDefault(const Triple &TT) {
return TT.isOSDarwin() || TT.isOSFuchsia() || TT.isOSWindows();
}

llvm/lib/Target/AArch64/AArch64CallingConvention.td

Show First 20 LinesShow All 343 Lines▼ Show 20 Lines
def CSR_AArch64_RT_MostRegs : CalleeSavedRegs<(add CSR_AArch64_AAPCS, def CSR_AArch64_RT_MostRegs : CalleeSavedRegs<(add CSR_AArch64_AAPCS,
(sequence "X%u", 9, 15))>; (sequence "X%u", 9, 15))>;
def CSR_AArch64_StackProbe_Windows def CSR_AArch64_StackProbe_Windows
: CalleeSavedRegs<(add (sequence "X%u", 0, 15), : CalleeSavedRegs<(add (sequence "X%u", 0, 15),
(sequence "X%u", 18, 28), FP, SP, (sequence "X%u", 18, 28), FP, SP,
(sequence "Q%u", 0, 31))>; (sequence "Q%u", 0, 31))>;
// Variants of the standard calling conventions for shadow call stack.
// These all preserve x18 in addition to any other registers.
def CSR_AArch64_NoRegs_SCS
: CalleeSavedRegs<(add CSR_AArch64_NoRegs, X18)>;
def CSR_AArch64_AllRegs_SCS
: CalleeSavedRegs<(add CSR_AArch64_AllRegs, X18)>;
def CSR_AArch64_CXX_TLS_Darwin_SCS
: CalleeSavedRegs<(add CSR_AArch64_CXX_TLS_Darwin, X18)>;
def CSR_AArch64_AAPCS_SwiftError_SCS
: CalleeSavedRegs<(add CSR_AArch64_AAPCS_SwiftError, X18)>;
def CSR_AArch64_RT_MostRegs_SCS
: CalleeSavedRegs<(add CSR_AArch64_RT_MostRegs, X18)>;
def CSR_AArch64_AAPCS_SCS
: CalleeSavedRegs<(add CSR_AArch64_AAPCS, X18)>;

llvm/lib/Target/AArch64/AArch64FrameLowering.cpp

Show First 20 LinesShow All 408 Lines▼ Show 20 Lines
} }
// Convert callee-save register save/restore instruction to do stack pointer // Convert callee-save register save/restore instruction to do stack pointer
// decrement/increment to allocate/deallocate the callee-save stack area by // decrement/increment to allocate/deallocate the callee-save stack area by
// converting store/load to use pre/post increment version. // converting store/load to use pre/post increment version.
static MachineBasicBlock::iterator convertCalleeSaveRestoreToSPPrePostIncDec( static MachineBasicBlock::iterator convertCalleeSaveRestoreToSPPrePostIncDec(
MachineBasicBlock &MBB, MachineBasicBlock::iterator MBBI, MachineBasicBlock &MBB, MachineBasicBlock::iterator MBBI,
const DebugLoc &DL, const TargetInstrInfo *TII, int CSStackSizeInc) { const DebugLoc &DL, const TargetInstrInfo *TII, int CSStackSizeInc) {
// Ignore instructions that do not operate on SP, i.e. shadow call stack
// instructions.
while (MBBI->getOpcode() == AArch64::STRXpost ||
MBBI->getOpcode() == AArch64::LDRXpre) {
assert(MBBI->getOperand(0).getReg() != AArch64::SP);
++MBBI;
}
unsigned NewOpc; unsigned NewOpc;
bool NewIsUnscaled = false; bool NewIsUnscaled = false;
switch (MBBI->getOpcode()) { switch (MBBI->getOpcode()) {
default: default:
llvm_unreachable("Unexpected callee-save save/restore opcode!"); llvm_unreachable("Unexpected callee-save save/restore opcode!");
case AArch64::STPXi: case AArch64::STPXi:
NewOpc = AArch64::STPXpre; NewOpc = AArch64::STPXpre;
break; break;
▲ Show 20 LinesShow All 51 Lines▼ Show 20 Linesstatic MachineBasicBlock::iterator convertCalleeSaveRestoreToSPPrePostIncDec(
return std::prev(MBB.erase(MBBI)); return std::prev(MBB.erase(MBBI));
} }
// Fixup callee-save register save/restore instructions to take into account // Fixup callee-save register save/restore instructions to take into account
// combined SP bump by adding the local stack size to the stack offsets. // combined SP bump by adding the local stack size to the stack offsets.
static void fixupCalleeSaveRestoreStackOffset(MachineInstr &MI, static void fixupCalleeSaveRestoreStackOffset(MachineInstr &MI,
unsigned LocalStackSize) { unsigned LocalStackSize) {
unsigned Opc = MI.getOpcode(); unsigned Opc = MI.getOpcode();
// Ignore instructions that do not operate on SP, i.e. shadow call stack
// instructions.
if (Opc == AArch64::STRXpost || Opc == AArch64::LDRXpre) {
assert(MI.getOperand(0).getReg() != AArch64::SP);
return;
}
(void)Opc; (void)Opc;
assert((Opc == AArch64::STPXi || Opc == AArch64::STPDi || assert((Opc == AArch64::STPXi || Opc == AArch64::STPDi ||
Opc == AArch64::STRXui || Opc == AArch64::STRDui || Opc == AArch64::STRXui || Opc == AArch64::STRDui ||
Opc == AArch64::LDPXi || Opc == AArch64::LDPDi || Opc == AArch64::LDPXi || Opc == AArch64::LDPDi ||
Opc == AArch64::LDRXui || Opc == AArch64::LDRDui) && Opc == AArch64::LDRXui || Opc == AArch64::LDRDui) &&
"Unexpected callee-save save/restore opcode!"); "Unexpected callee-save save/restore opcode!");
unsigned OffsetIdx = MI.getNumExplicitOperands() - 1; unsigned OffsetIdx = MI.getNumExplicitOperands() - 1;
▲ Show 20 LinesShow All 438 Lines▼ Show 20 Linesvoid AArch64FrameLowering::emitEpilogue(MachineFunction &MF,
else if (NumBytes) else if (NumBytes)
emitFrameOffset(MBB, LastPopI, DL, AArch64::SP, AArch64::SP, NumBytes, TII, emitFrameOffset(MBB, LastPopI, DL, AArch64::SP, AArch64::SP, NumBytes, TII,
MachineInstr::FrameDestroy); MachineInstr::FrameDestroy);
// This must be placed after the callee-save restore code because that code // This must be placed after the callee-save restore code because that code
// assumes the SP is at the same location as it was after the callee-save save // assumes the SP is at the same location as it was after the callee-save save
// code in the prologue. // code in the prologue.
if (AfterCSRPopSize) { if (AfterCSRPopSize) {
// Find an insertion point for the first ldp so that it goes before the
// shadow call stack epilog instruction. This ensures that the restore of
// lr from x18 is placed after the restore from sp.
auto FirstSPPopI = MBB.getFirstTerminator();
while (FirstSPPopI != Begin) {
auto Prev = std::prev(FirstSPPopI);
if (Prev->getOpcode() != AArch64::LDRXpre ||
Prev->getOperand(0).getReg() == AArch64::SP)
break;
FirstSPPopI = Prev;
}
// Sometimes (when we restore in the same order as we save), we can end up // Sometimes (when we restore in the same order as we save), we can end up
// with code like this: // with code like this:
// //
// ldp x26, x25, [sp] // ldp x26, x25, [sp]
// ldp x24, x23, [sp, #16] // ldp x24, x23, [sp, #16]
// ldp x22, x21, [sp, #32] // ldp x22, x21, [sp, #32]
// ldp x20, x19, [sp, #48] // ldp x20, x19, [sp, #48]
// add sp, sp, #64 // add sp, sp, #64
// //
// In this case, it is always better to put the first ldp at the end, so // In this case, it is always better to put the first ldp at the end, so
// that the load-store optimizer can run and merge the ldp and the add into // that the load-store optimizer can run and merge the ldp and the add into
// a post-index ldp. // a post-index ldp.
// If we managed to grab the first pop instruction, move it to the end. // If we managed to grab the first pop instruction, move it to the end.
if (LastPopI != Begin) if (LastPopI != Begin)
MBB.splice(MBB.getFirstTerminator(), &MBB, LastPopI); MBB.splice(FirstSPPopI, &MBB, LastPopI);
// We should end up with something like this now: // We should end up with something like this now:
// //
// ldp x24, x23, [sp, #16] // ldp x24, x23, [sp, #16]
// ldp x22, x21, [sp, #32] // ldp x22, x21, [sp, #32]
// ldp x20, x19, [sp, #48] // ldp x20, x19, [sp, #48]
// ldp x26, x25, [sp] // ldp x26, x25, [sp]
// add sp, sp, #64 // add sp, sp, #64
// //
// and the load-store optimizer can merge the last two instructions into: // and the load-store optimizer can merge the last two instructions into:
// //
// ldp x26, x25, [sp], #64 // ldp x26, x25, [sp], #64
// //
emitFrameOffset(MBB, MBB.getFirstTerminator(), DL, AArch64::SP, AArch64::SP, emitFrameOffset(MBB, FirstSPPopI, DL, AArch64::SP, AArch64::SP,
AfterCSRPopSize, TII, MachineInstr::FrameDestroy); AfterCSRPopSize, TII, MachineInstr::FrameDestroy);
} }
} }
/// getFrameIndexReference - Provide a base+offset reference to an FI slot for /// getFrameIndexReference - Provide a base+offset reference to an FI slot for
/// debug info. It's the same as what we use for resolving the code-gen /// debug info. It's the same as what we use for resolving the code-gen
/// references for now. FIXME: This can go wrong when references are /// references for now. FIXME: This can go wrong when references are
/// SP-relative and simple call frames aren't used. /// SP-relative and simple call frames aren't used.
▲ Show 20 LinesShow All 102 Lines▼ Show 20 Linesstruct RegPairInfo {
bool isPaired() const { return Reg2 != AArch64::NoRegister; } bool isPaired() const { return Reg2 != AArch64::NoRegister; }
}; };
} // end anonymous namespace } // end anonymous namespace
static void computeCalleeSaveRegisterPairs( static void computeCalleeSaveRegisterPairs(
MachineFunction &MF, const std::vector<CalleeSavedInfo> &CSI, MachineFunction &MF, const std::vector<CalleeSavedInfo> &CSI,
const TargetRegisterInfo *TRI, SmallVectorImpl<RegPairInfo> &RegPairs) { const TargetRegisterInfo *TRI, SmallVectorImpl<RegPairInfo> &RegPairs,
bool &NeedShadowCallStackProlog) {
if (CSI.empty()) if (CSI.empty())
return; return;
AArch64FunctionInfo *AFI = MF.getInfo<AArch64FunctionInfo>(); AArch64FunctionInfo *AFI = MF.getInfo<AArch64FunctionInfo>();
MachineFrameInfo &MFI = MF.getFrameInfo(); MachineFrameInfo &MFI = MF.getFrameInfo();
CallingConv::ID CC = MF.getFunction().getCallingConv(); CallingConv::ID CC = MF.getFunction().getCallingConv();
unsigned Count = CSI.size(); unsigned Count = CSI.size();
Show All 17 Lines for (unsigned i = 0; i < Count; ++i) {
// Add the next reg to the pair if it is in the same register class. // Add the next reg to the pair if it is in the same register class.
if (i + 1 < Count) { if (i + 1 < Count) {
unsigned NextReg = CSI[i + 1].getReg(); unsigned NextReg = CSI[i + 1].getReg();
if ((RPI.IsGPR && AArch64::GPR64RegClass.contains(NextReg)) || if ((RPI.IsGPR && AArch64::GPR64RegClass.contains(NextReg)) ||
(!RPI.IsGPR && AArch64::FPR64RegClass.contains(NextReg))) (!RPI.IsGPR && AArch64::FPR64RegClass.contains(NextReg)))
RPI.Reg2 = NextReg; RPI.Reg2 = NextReg;
} }
// If either of the registers to be saved is the lr register, it means that
// we also need to save lr in the shadow call stack.
if ((RPI.Reg1 == AArch64::LR || RPI.Reg2 == AArch64::LR) &&
MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack)) {
if (!MF.getSubtarget<AArch64Subtarget>().isX18Reserved())
report_fatal_error("Must reserve x18 to use shadow call stack");
NeedShadowCallStackProlog = true;
eugenisUnsubmitted
Done
ReplyInline Actions

That's way too cryptic, please call it NeedShadowCallStackProlog or something similar.

eugenis: That's way too cryptic, please call it NeedShadowCallStackProlog or something similar.
}
// GPRs and FPRs are saved in pairs of 64-bit regs. We expect the CSI // GPRs and FPRs are saved in pairs of 64-bit regs. We expect the CSI
// list to come in sorted by frame index so that we can issue the store // list to come in sorted by frame index so that we can issue the store
// pair instructions directly. Assert if we see anything otherwise. // pair instructions directly. Assert if we see anything otherwise.
// //
// The order of the registers in the list is controlled by // The order of the registers in the list is controlled by
// getCalleeSavedRegs(), so they will always be in-order, as well. // getCalleeSavedRegs(), so they will always be in-order, as well.
assert((!RPI.isPaired() || assert((!RPI.isPaired() ||
(CSI[i].getFrameIdx() + 1 == CSI[i + 1].getFrameIdx())) && (CSI[i].getFrameIdx() + 1 == CSI[i + 1].getFrameIdx())) &&
Show All 34 Linesbool AArch64FrameLowering::spillCalleeSavedRegisters(
MachineBasicBlock &MBB, MachineBasicBlock::iterator MI, MachineBasicBlock &MBB, MachineBasicBlock::iterator MI,
const std::vector<CalleeSavedInfo> &CSI, const std::vector<CalleeSavedInfo> &CSI,
const TargetRegisterInfo *TRI) const { const TargetRegisterInfo *TRI) const {
MachineFunction &MF = *MBB.getParent(); MachineFunction &MF = *MBB.getParent();
const TargetInstrInfo &TII = *MF.getSubtarget().getInstrInfo(); const TargetInstrInfo &TII = *MF.getSubtarget().getInstrInfo();
DebugLoc DL; DebugLoc DL;
SmallVector<RegPairInfo, 8> RegPairs; SmallVector<RegPairInfo, 8> RegPairs;
computeCalleeSaveRegisterPairs(MF, CSI, TRI, RegPairs); bool NeedShadowCallStackProlog = false;
computeCalleeSaveRegisterPairs(MF, CSI, TRI, RegPairs,
NeedShadowCallStackProlog);
const MachineRegisterInfo &MRI = MF.getRegInfo(); const MachineRegisterInfo &MRI = MF.getRegInfo();
if (NeedShadowCallStackProlog) {
// Shadow call stack prolog: str x30, [x18], #8
BuildMI(MBB, MI, DL, TII.get(AArch64::STRXpost))
.addReg(AArch64::X18, RegState::Define)
.addReg(AArch64::LR)
.addReg(AArch64::X18)
.addImm(8)
.setMIFlag(MachineInstr::FrameSetup);
// This instruction also makes x18 live-in to the entry block.
MBB.addLiveIn(AArch64::X18);
}
for (auto RPII = RegPairs.rbegin(), RPIE = RegPairs.rend(); RPII != RPIE; for (auto RPII = RegPairs.rbegin(), RPIE = RegPairs.rend(); RPII != RPIE;
++RPII) { ++RPII) {
RegPairInfo RPI = *RPII; RegPairInfo RPI = *RPII;
unsigned Reg1 = RPI.Reg1; unsigned Reg1 = RPI.Reg1;
unsigned Reg2 = RPI.Reg2; unsigned Reg2 = RPI.Reg2;
unsigned StrOpc; unsigned StrOpc;
// Issue sequence of spills for cs regs. The first spill may be converted // Issue sequence of spills for cs regs. The first spill may be converted
▲ Show 20 LinesShow All 47 Lines▼ Show 20 Linesbool AArch64FrameLowering::restoreCalleeSavedRegisters(
MachineFunction &MF = *MBB.getParent(); MachineFunction &MF = *MBB.getParent();
const TargetInstrInfo &TII = *MF.getSubtarget().getInstrInfo(); const TargetInstrInfo &TII = *MF.getSubtarget().getInstrInfo();
DebugLoc DL; DebugLoc DL;
SmallVector<RegPairInfo, 8> RegPairs; SmallVector<RegPairInfo, 8> RegPairs;
if (MI != MBB.end()) if (MI != MBB.end())
DL = MI->getDebugLoc(); DL = MI->getDebugLoc();
computeCalleeSaveRegisterPairs(MF, CSI, TRI, RegPairs); bool NeedShadowCallStackProlog = false;
computeCalleeSaveRegisterPairs(MF, CSI, TRI, RegPairs,
NeedShadowCallStackProlog);
auto EmitMI = [&](const RegPairInfo &RPI) { auto EmitMI = [&](const RegPairInfo &RPI) {
unsigned Reg1 = RPI.Reg1; unsigned Reg1 = RPI.Reg1;
unsigned Reg2 = RPI.Reg2; unsigned Reg2 = RPI.Reg2;
// Issue sequence of restores for cs regs. The last restore may be converted // Issue sequence of restores for cs regs. The last restore may be converted
// to a post-increment load later by emitEpilogue if the callee-save stack // to a post-increment load later by emitEpilogue if the callee-save stack
// area allocation can't be combined with the local stack area allocation. // area allocation can't be combined with the local stack area allocation.
Show All 32 Linesbool AArch64FrameLowering::restoreCalleeSavedRegisters(
}; };
if (ReverseCSRRestoreSeq) if (ReverseCSRRestoreSeq)
for (const RegPairInfo &RPI : reverse(RegPairs)) for (const RegPairInfo &RPI : reverse(RegPairs))
EmitMI(RPI); EmitMI(RPI);
else else
for (const RegPairInfo &RPI : RegPairs) for (const RegPairInfo &RPI : RegPairs)
EmitMI(RPI); EmitMI(RPI);
if (NeedShadowCallStackProlog) {
// Shadow call stack epilog: ldr x30, [x18, #-8]!
BuildMI(MBB, MI, DL, TII.get(AArch64::LDRXpre))
.addReg(AArch64::X18, RegState::Define)
.addReg(AArch64::LR, RegState::Define)
.addReg(AArch64::X18)
.addImm(-8)
.setMIFlag(MachineInstr::FrameDestroy);
}
return true; return true;
} }
void AArch64FrameLowering::determineCalleeSaves(MachineFunction &MF, void AArch64FrameLowering::determineCalleeSaves(MachineFunction &MF,
BitVector &SavedRegs, BitVector &SavedRegs,
RegScavenger *RS) const { RegScavenger *RS) const {
// All calls are tail calls in GHC calling conv, and functions have no // All calls are tail calls in GHC calling conv, and functions have no
// prologue/epilogue. // prologue/epilogue.
▲ Show 20 LinesShow All 128 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64RegisterInfo.cpp

Show First 20 LinesShow All 69 Lines▼ Show 20 Lines if (MF->getFunction().getCallingConv() == CallingConv::CXX_FAST_TLS &&
MF->getInfo<AArch64FunctionInfo>()->isSplitCSR()) MF->getInfo<AArch64FunctionInfo>()->isSplitCSR())
return CSR_AArch64_CXX_TLS_Darwin_ViaCopy_SaveList; return CSR_AArch64_CXX_TLS_Darwin_ViaCopy_SaveList;
return nullptr; return nullptr;
} }
const uint32_t * const uint32_t *
AArch64RegisterInfo::getCallPreservedMask(const MachineFunction &MF, AArch64RegisterInfo::getCallPreservedMask(const MachineFunction &MF,
CallingConv::ID CC) const { CallingConv::ID CC) const {
bool SCS = MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack);
vlad.tsyrklevichUnsubmitted
Not Done
ReplyInline Actions

It's sort of a stretch to construct a scenario where this is likely to happen, but is it possible that a runtime function marked with __attribute__((no_sanitize("shadowcallstack"))) would spill x18 across a function call because of this mask if it's referenced before and after? If that was a concern, we could make this test hasAttr(SCS) || hasFlag(fFixedx18)

vlad.tsyrklevich: It's sort of a stretch to construct a scenario where this is likely to happen, but is it…
if (CC == CallingConv::GHC) if (CC == CallingConv::GHC)
// This is academic because all GHC calls are (supposed to be) tail calls // This is academic because all GHC calls are (supposed to be) tail calls
return CSR_AArch64_NoRegs_RegMask; return SCS ? CSR_AArch64_NoRegs_SCS_RegMask : CSR_AArch64_NoRegs_RegMask;
if (CC == CallingConv::AnyReg) if (CC == CallingConv::AnyReg)
return CSR_AArch64_AllRegs_RegMask; return SCS ? CSR_AArch64_AllRegs_SCS_RegMask : CSR_AArch64_AllRegs_RegMask;
if (CC == CallingConv::CXX_FAST_TLS) if (CC == CallingConv::CXX_FAST_TLS)
return CSR_AArch64_CXX_TLS_Darwin_RegMask; return SCS ? CSR_AArch64_CXX_TLS_Darwin_SCS_RegMask
: CSR_AArch64_CXX_TLS_Darwin_RegMask;
if (MF.getSubtarget<AArch64Subtarget>().getTargetLowering() if (MF.getSubtarget<AArch64Subtarget>().getTargetLowering()
->supportSwiftError() && ->supportSwiftError() &&
MF.getFunction().getAttributes().hasAttrSomewhere(Attribute::SwiftError)) MF.getFunction().getAttributes().hasAttrSomewhere(Attribute::SwiftError))
return CSR_AArch64_AAPCS_SwiftError_RegMask; return SCS ? CSR_AArch64_AAPCS_SwiftError_SCS_RegMask
: CSR_AArch64_AAPCS_SwiftError_RegMask;
if (CC == CallingConv::PreserveMost) if (CC == CallingConv::PreserveMost)
return CSR_AArch64_RT_MostRegs_RegMask; return SCS ? CSR_AArch64_RT_MostRegs_SCS_RegMask
: CSR_AArch64_RT_MostRegs_RegMask;
else else
return CSR_AArch64_AAPCS_RegMask; return SCS ? CSR_AArch64_AAPCS_SCS_RegMask : CSR_AArch64_AAPCS_RegMask;
} }
const uint32_t *AArch64RegisterInfo::getTLSCallPreservedMask() const { const uint32_t *AArch64RegisterInfo::getTLSCallPreservedMask() const {
if (TT.isOSDarwin()) if (TT.isOSDarwin())
return CSR_AArch64_TLS_Darwin_RegMask; return CSR_AArch64_TLS_Darwin_RegMask;
assert(TT.isOSBinFormatELF() && "Invalid target"); assert(TT.isOSBinFormatELF() && "Invalid target");
return CSR_AArch64_TLS_ELF_RegMask; return CSR_AArch64_TLS_ELF_RegMask;
▲ Show 20 LinesShow All 350 LinesShow Last 20 Lines

llvm/lib/Target/AArch64/AArch64Subtarget.cpp

Show All 18 Lines
#include "AArch64TargetMachine.h" #include "AArch64TargetMachine.h"
#include "AArch64CallLowering.h" #include "AArch64CallLowering.h"
#include "AArch64LegalizerInfo.h" #include "AArch64LegalizerInfo.h"
#include "AArch64RegisterBankInfo.h" #include "AArch64RegisterBankInfo.h"
#include "llvm/CodeGen/GlobalISel/InstructionSelect.h" #include "llvm/CodeGen/GlobalISel/InstructionSelect.h"
#include "llvm/CodeGen/MachineScheduler.h" #include "llvm/CodeGen/MachineScheduler.h"
#include "llvm/IR/GlobalValue.h" #include "llvm/IR/GlobalValue.h"
#include "llvm/Support/TargetParser.h"
using namespace llvm; using namespace llvm;
#define DEBUG_TYPE "aarch64-subtarget" #define DEBUG_TYPE "aarch64-subtarget"
#define GET_SUBTARGETINFO_CTOR #define GET_SUBTARGETINFO_CTOR
#define GET_SUBTARGETINFO_TARGET_DESC #define GET_SUBTARGETINFO_TARGET_DESC
#include "AArch64GenSubtargetInfo.inc" #include "AArch64GenSubtargetInfo.inc"
▲ Show 20 LinesShow All 111 Lines▼ Show 20 Linesvoid AArch64Subtarget::initializeProperties() {
case Others: break; case Others: break;
} }
} }
AArch64Subtarget::AArch64Subtarget(const Triple &TT, const std::string &CPU, AArch64Subtarget::AArch64Subtarget(const Triple &TT, const std::string &CPU,
const std::string &FS, const std::string &FS,
const TargetMachine &TM, bool LittleEndian) const TargetMachine &TM, bool LittleEndian)
: AArch64GenSubtargetInfo(TT, CPU, FS), : AArch64GenSubtargetInfo(TT, CPU, FS),
ReserveX18(TT.isOSDarwin() || TT.isOSFuchsia() || TT.isOSWindows()), ReserveX18(AArch64::isX18ReservedByDefault(TT)), IsLittle(LittleEndian),
IsLittle(LittleEndian), TargetTriple(TT), FrameLowering(), TargetTriple(TT), FrameLowering(),
InstrInfo(initializeSubtargetDependencies(FS, CPU)), TSInfo(), InstrInfo(initializeSubtargetDependencies(FS, CPU)), TSInfo(),
TLInfo(TM, *this) { TLInfo(TM, *this) {
CallLoweringInfo.reset(new AArch64CallLowering(*getTargetLowering())); CallLoweringInfo.reset(new AArch64CallLowering(*getTargetLowering()));
Legalizer.reset(new AArch64LegalizerInfo(*this)); Legalizer.reset(new AArch64LegalizerInfo(*this));
auto *RBI = new AArch64RegisterBankInfo(*getRegisterInfo()); auto *RBI = new AArch64RegisterBankInfo(*getRegisterInfo());
// FIXME: At this point, we can't rely on Subtarget having RBI. // FIXME: At this point, we can't rely on Subtarget having RBI.
▲ Show 20 LinesShow All 108 LinesShow Last 20 Lines

llvm/test/CodeGen/AArch64/shadow-call-stack.ll

  • This file was added.
; RUN: llc -verify-machineinstrs -o - %s -mtriple=aarch64-linux-gnu -mattr=+reserve-x18 | FileCheck %s
define void @f1() shadowcallstack {
; CHECK: f1:
; CHECK-NOT: x18
; CHECK: ret
ret void
}
declare void @foo()
define void @f2() shadowcallstack {
; CHECK: f2:
; CHECK-NOT: x18
; CHECK: b foo
tail call void @foo()
ret void
}
declare i32 @bar()
define i32 @f3() shadowcallstack {
; CHECK: f3:
; CHECK: str x30, [x18], #8
; CHECK: str x30, [sp, #-16]!
%res = call i32 @bar()
%res1 = add i32 %res, 1
; CHECK: ldr x30, [sp], #16
; CHECK: ldr x30, [x18, #-8]!
; CHECK: ret
ret i32 %res
}
define i32 @f4() shadowcallstack {
; CHECK: f4:
%res1 = call i32 @bar()
%res2 = call i32 @bar()
%res3 = call i32 @bar()
%res4 = call i32 @bar()
%res12 = add i32 %res1, %res2
%res34 = add i32 %res3, %res4
%res1234 = add i32 %res12, %res34
; CHECK: ldp {{.*}}x30, [sp
; CHECK: ldr x30, [x18, #-8]!
; CHECK: ret
ret i32 %res1234
}