This is an archive of the discontinued LLVM Phabricator instance.

Differential D76811

[X86] Refactor X86IndirectThunks.cpp to Accommodate Mitigations other than Retpoline [2/3]
ClosedPublic

Authored by sconstab on Mar 25 2020, 4:34 PM.

Details

Reviewers
craig.topper
andrew.w.kaylor
zbrid
chandlerc
Commits
rGa09ebfdafb9d: [X86] Refactor X86IndirectThunks.cpp to Accommodate Mitigations other than…
rGb1d581019f5d: [X86] Refactor X86IndirectThunks.cpp to Accommodate Mitigations other than…
Summary

Introduce a ThunkInserter CRTP base class from which new thunk types can inherit, e.g., thunks to mitigate https://software.intel.com/security-software-guidance/software-guidance/load-value-injection.

Diff Detail

Event Timeline

sconstab created this revision.Mar 25 2020, 4:34 PM
Herald added a subscriber: hiraditya. · View Herald TranscriptMar 25 2020, 4:34 PM
sconstab added a parent revision: D76810: [X86][NFC] Generalize the naming of "Retpoline Thunks" and related code to "Indirect Thunks" [1/3].Mar 25 2020, 4:40 PM
sconstab added a child revision: D76812: [X86] Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [3/3].
sconstab added a comment.Mar 31 2020, 7:38 AM

By the way, I had initially implemented this patch with a pure virtual base class and a retpoline thunk (and later LVI thunk) class that implements the interface. However, I could not for the life of me structure the classes in a manner that would allow the compiler to devirtualize. Using CRTP admittedly sacrifices some readability, but it does not prevent the compiler from inlining RetpolineThunkInserter's methods.

zbrid added a comment.Mar 31 2020, 1:29 PM
In D76811#1952580, @sconstab wrote:

By the way, I had initially implemented this patch with a pure virtual base class and a retpoline thunk (and later LVI thunk) class that implements the interface. However, I could not for the life of me structure the classes in a manner that would allow the compiler to devirtualize. Using CRTP admittedly sacrifices some readability, but it does not prevent the compiler from inlining RetpolineThunkInserter's methods.

Asking to learn here. I've not heard of CRTP and don't quite understand your explanation.

  • What do you mean by allowing the compiler to devirtualize?
  • Why is it preferable to allow the compiler to devirtualize?
  • Why is it desirable to allow the compiler to inline RetpolineThunkInserter's methods?
  • Why is that preferable to readability in this case? Is the implication that there is a large perf impact to not use CRTP?

More comments later.

llvm/lib/Target/X86/X86IndirectThunks.cpp
77

Why not define this and the above function inline like you do for the LVI version in the 3/3 patch in this series?

sconstab added a comment.Mar 31 2020, 3:17 PM
In D76811#1953287, @zbrid wrote:
In D76811#1952580, @sconstab wrote:

By the way, I had initially implemented this patch with a pure virtual base class and a retpoline thunk (and later LVI thunk) class that implements the interface. However, I could not for the life of me structure the classes in a manner that would allow the compiler to devirtualize. Using CRTP admittedly sacrifices some readability, but it does not prevent the compiler from inlining RetpolineThunkInserter's methods.

Asking to learn here. I've not heard of CRTP and don't quite understand your explanation.

Recommend the article here: https://en.wikipedia.org/wiki/Curiously_recurring_template_pattern

  • What do you mean by allowing the compiler to devirtualize?

Suppose you have

struct Base { virtual void foo() = 0; };
struct D1 : Base { void foo() { … }; };
struct D2 final : Base { void foo() { … }; };

void barB(B *bptr) { bptr->foo(); } // cannot devirtualize
void barD1(D1 *d1ptr) { d1ptr->foo(); } // cannot devirtualize
void barD2(D2 *d2ptr) { d2ptr->foo(); } // can devirtualize

Devirtualizing a call means that you don't need to look up the method in the object's vtable. In short, a compiler can devirtualize a call if the target callee is unambiguous. In BarB(), the call to foo() cannot be devirtualized, because the pointee may be of type D1, D2, or something else that derives from D1. In BarD1(), the call also cannot be devirtualized because the compiler has no way of knowing that something else, perhaps in some other translation unit, may derive from D1 and have its own foo() implementation. The call to foo() in barD2() CAN be devirtualized because D2 is final and thus nothing can derive from it.

  • Why is it preferable to allow the compiler to devirtualize?
  1. You save yourself two loads: loading the object's vtable, and loading the address of the target method.
  2. You allow the compiler to inline the callee.
  • Why is it desirable to allow the compiler to inline RetpolineThunkInserter's methods?

This is my opinion and someone else may disagree. I suspect that most code compiled for X86 will not actually use any of these special thunks. But this pass is always run anyways, and the thunk inserter(s) need to look at every function and determine whether it is a thunk, or a function that needs a thunk. If these checks are being made as virtual calls, then IMO those cycles are being wasted. Virtual calls are most useful for big, scalable software that may change frequently. I see the thunk inserter as something fairly static that may only need to add a new thunk, say, every two years or so.

  • Why is that preferable to readability in this case? Is the implication that there is a large perf impact to not use CRTP?

I don't know whether there will be a large performance impact, but there will be an impact. If the impact only applied to code that was using thunks, I think this would be ok. But some of the logic is being applied to all code, and therefore IMO should be as fast as possible.

zbrid added a comment.EditedMar 31 2020, 4:16 PM

I think I got all the answers to my questions from elsewhere. Lmk if these don't follow your rationale.

  • What do you mean by allowing the compiler to devirtualize?
  • Why is it preferable to allow the compiler to devirtualize?

devirtualize -> Avoid virtual dispatch. Virtual dispatch has overhead we prefer to avoid. LLVM has a preference to avoid virtual dispatch where possible and there is precedent within the codebase for using CRTP.

  • Why is it desirable to allow the compiler to inline RetpolineThunkInserter's methods?

Performance

  • Why is that preferable to readability in this case?

Following LLVM precedent.

  • Is the implication that there is a large perf impact to not use CRTP?

Yes.

More comments later once I go through the whole thing. Sorry about not code reviewing all at once. I know it's not a desirable pattern.

sconstab added a comment.Mar 31 2020, 5:03 PM

4x agree.

craig.topper retitled this revision from [X86] Refactor X86IndirectThunks.cpp to Accomodate Mitigations other than Retpoline [2/3] to [X86] Refactor X86IndirectThunks.cpp to Accommodate Mitigations other than Retpoline [2/3].Apr 1 2020, 11:11 AM
craig.topper accepted this revision.Apr 1 2020, 11:19 AM

LGTM

This revision is now accepted and ready to land.Apr 1 2020, 11:19 AM
zbrid added a comment.Apr 2 2020, 5:21 PM

LGTM

Closed by commit rGb1d581019f5d: [X86] Refactor X86IndirectThunks.cpp to Accommodate Mitigations other than… (authored by sconstab, committed by craig.topper). · Explain WhyApr 2 2020, 10:13 PM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptApr 2 2020, 10:13 PM
sconstab mentioned this in D76458: Add Indirect Thunk Support to X86 to mitigate Load Value Injection (LVI) [by modifying X86RetpolineThunks.cpp].Apr 23 2020, 2:57 PM

Revision Contents

PathSize
llvm/
lib/
Target/
X86/
282 lines

Diff 252697

llvm/lib/Target/X86/X86IndirectThunks.cpp

Show First 20 LinesShow All 42 Lines▼ Show 20 Lines
static const char RetpolineNamePrefix[] = "__llvm_retpoline_"; static const char RetpolineNamePrefix[] = "__llvm_retpoline_";
static const char R11RetpolineName[] = "__llvm_retpoline_r11"; static const char R11RetpolineName[] = "__llvm_retpoline_r11";
static const char EAXRetpolineName[] = "__llvm_retpoline_eax"; static const char EAXRetpolineName[] = "__llvm_retpoline_eax";
static const char ECXRetpolineName[] = "__llvm_retpoline_ecx"; static const char ECXRetpolineName[] = "__llvm_retpoline_ecx";
static const char EDXRetpolineName[] = "__llvm_retpoline_edx"; static const char EDXRetpolineName[] = "__llvm_retpoline_edx";
static const char EDIRetpolineName[] = "__llvm_retpoline_edi"; static const char EDIRetpolineName[] = "__llvm_retpoline_edi";
namespace { namespace {
template <typename Derived> class ThunkInserter {
Derived &getDerived() { return *static_cast<Derived *>(this); }
protected:
bool InsertedThunks;
void doInitialization(Module &M) {}
void createThunkFunction(MachineModuleInfo &MMI, StringRef Name);
public:
void init(Module &M) {
InsertedThunks = false;
getDerived().doInitialization(M);
}
// return `true` if `MMI` or `MF` was modified
bool run(MachineModuleInfo &MMI, MachineFunction &MF);
};
struct RetpolineThunkInserter : ThunkInserter<RetpolineThunkInserter> {
const char *getThunkPrefix() { return RetpolineNamePrefix; }
bool mayUseThunk(const MachineFunction &MF) {
const auto &STI = MF.getSubtarget<X86Subtarget>();
return (STI.useRetpolineIndirectCalls() ||
STI.useRetpolineIndirectBranches()) &&
!STI.useRetpolineExternalThunk();
}
void insertThunks(MachineModuleInfo &MMI);
void populateThunk(MachineFunction &MF);
zbridUnsubmitted
Not Done
ReplyInline Actions

Why not define this and the above function inline like you do for the LVI version in the 3/3 patch in this series?

zbrid: Why not define this and the above function inline like you do for the LVI version in the 3/3…
};
class X86IndirectThunks : public MachineFunctionPass { class X86IndirectThunks : public MachineFunctionPass {
public: public:
static char ID; static char ID;
X86IndirectThunks() : MachineFunctionPass(ID) {} X86IndirectThunks() : MachineFunctionPass(ID) {}
StringRef getPassName() const override { return "X86 Indirect Thunks"; } StringRef getPassName() const override { return "X86 Indirect Thunks"; }
bool doInitialization(Module &M) override; bool doInitialization(Module &M) override;
bool runOnMachineFunction(MachineFunction &F) override; bool runOnMachineFunction(MachineFunction &MF) override;
void getAnalysisUsage(AnalysisUsage &AU) const override { void getAnalysisUsage(AnalysisUsage &AU) const override {
MachineFunctionPass::getAnalysisUsage(AU); MachineFunctionPass::getAnalysisUsage(AU);
AU.addRequired<MachineModuleInfoWrapperPass>(); AU.addRequired<MachineModuleInfoWrapperPass>();
AU.addPreserved<MachineModuleInfoWrapperPass>(); AU.addPreserved<MachineModuleInfoWrapperPass>();
} }
private: private:
MachineModuleInfo *MMI = nullptr; std::tuple<RetpolineThunkInserter> TIs;
const TargetMachine *TM = nullptr;
bool Is64Bit = false;
const X86Subtarget *STI = nullptr;
const X86InstrInfo *TII = nullptr;
bool InsertedThunks = false;
void createThunkFunction(Module &M, StringRef Name);
void insertRegReturnAddrClobber(MachineBasicBlock &MBB, Register Reg);
void populateThunk(MachineFunction &MF, Register Reg);
};
} // end anonymous namespace
FunctionPass *llvm::createX86IndirectThunksPass() { // FIXME: When LLVM moves to C++17, these can become folds
return new X86IndirectThunks(); template <typename... ThunkInserterT>
static void initTIs(Module &M,
std::tuple<ThunkInserterT...> &ThunkInserters) {
(void)std::initializer_list<int>{
(std::get<ThunkInserterT>(ThunkInserters).init(M), 0)...};
} }
template <typename... ThunkInserterT>
char X86IndirectThunks::ID = 0; static bool runTIs(MachineModuleInfo &MMI, MachineFunction &MF,
std::tuple<ThunkInserterT...> &ThunkInserters) {
bool X86IndirectThunks::doInitialization(Module &M) { bool Modified = false;
InsertedThunks = false; (void)std::initializer_list<int>{
return false; Modified |= std::get<ThunkInserterT>(ThunkInserters).run(MMI, MF)...};
return Modified;
} }
};
bool X86IndirectThunks::runOnMachineFunction(MachineFunction &MF) { } // end anonymous namespace
LLVM_DEBUG(dbgs() << getPassName() << '\n');
TM = &MF.getTarget();;
STI = &MF.getSubtarget<X86Subtarget>();
TII = STI->getInstrInfo();
Is64Bit = TM->getTargetTriple().getArch() == Triple::x86_64;
MMI = &getAnalysis<MachineModuleInfoWrapperPass>().getMMI();
Module &M = const_cast<Module &>(*MMI->getModule());
// If this function is not a thunk, check to see if we need to insert
// a thunk.
if (!MF.getName().startswith(RetpolineNamePrefix)) {
// If we've already inserted a thunk, nothing else to do.
if (InsertedThunks)
return false;
// Only add a thunk if one of the functions has the retpoline feature
// enabled in its subtarget, and doesn't enable external thunks.
// FIXME: Conditionalize on indirect calls so we don't emit a thunk when
// nothing will end up calling it.
// FIXME: It's a little silly to look at every function just to enumerate
// the subtargets, but eventually we'll want to look at them for indirect
// calls, so maybe this is OK.
if ((!STI->useRetpolineIndirectCalls() &&
!STI->useRetpolineIndirectBranches()) ||
STI->useRetpolineExternalThunk())
return false;
// Otherwise, we need to insert the thunk. void RetpolineThunkInserter::insertThunks(MachineModuleInfo &MMI) {
// WARNING: This is not really a well behaving thing to do in a function if (MMI.getTarget().getTargetTriple().getArch() == Triple::x86_64)
// pass. We extract the module and insert a new function (and machine createThunkFunction(MMI, R11RetpolineName);
// function) directly into the module.
if (Is64Bit)
createThunkFunction(M, R11RetpolineName);
else else
for (StringRef Name : for (StringRef Name : {EAXRetpolineName, ECXRetpolineName, EDXRetpolineName,
{EAXRetpolineName, ECXRetpolineName, EDXRetpolineName,
EDIRetpolineName}) EDIRetpolineName})
createThunkFunction(M, Name); createThunkFunction(MMI, Name);
InsertedThunks = true;
return true;
} }
// If this *is* a thunk function, we need to populate it with the correct MI. void RetpolineThunkInserter::populateThunk(MachineFunction &MF) {
bool Is64Bit = MF.getTarget().getTargetTriple().getArch() == Triple::x86_64;
Register ThunkReg;
if (Is64Bit) { if (Is64Bit) {
assert(MF.getName() == "__llvm_retpoline_r11" && assert(MF.getName() == "__llvm_retpoline_r11" &&
"Should only have an r11 thunk on 64-bit targets"); "Should only have an r11 thunk on 64-bit targets");
// __llvm_retpoline_r11: // __llvm_retpoline_r11:
// callq .Lr11_call_target // callq .Lr11_call_target
// .Lr11_capture_spec: // .Lr11_capture_spec:
// pause // pause
// lfence // lfence
// jmp .Lr11_capture_spec // jmp .Lr11_capture_spec
// .align 16 // .align 16
// .Lr11_call_target: // .Lr11_call_target:
// movq %r11, (%rsp) // movq %r11, (%rsp)
// retq // retq
populateThunk(MF, X86::R11); ThunkReg = X86::R11;
} else { } else {
// For 32-bit targets we need to emit a collection of thunks for various // For 32-bit targets we need to emit a collection of thunks for various
// possible scratch registers as well as a fallback that uses EDI, which is // possible scratch registers as well as a fallback that uses EDI, which is
// normally callee saved. // normally callee saved.
// __llvm_retpoline_eax: // __llvm_retpoline_eax:
// calll .Leax_call_target // calll .Leax_call_target
// .Leax_capture_spec: // .Leax_capture_spec:
// pause // pause
Show All 13 Lines if (Is64Bit) {
// movl %edx, (%esp) // movl %edx, (%esp)
// retl // retl
// //
// __llvm_retpoline_edi: // __llvm_retpoline_edi:
// ... # Same setup // ... # Same setup
// movl %edi, (%esp) // movl %edi, (%esp)
// retl // retl
if (MF.getName() == EAXRetpolineName) if (MF.getName() == EAXRetpolineName)
populateThunk(MF, X86::EAX); ThunkReg = X86::EAX;
else if (MF.getName() == ECXRetpolineName) else if (MF.getName() == ECXRetpolineName)
populateThunk(MF, X86::ECX); ThunkReg = X86::ECX;
else if (MF.getName() == EDXRetpolineName) else if (MF.getName() == EDXRetpolineName)
populateThunk(MF, X86::EDX); ThunkReg = X86::EDX;
else if (MF.getName() == EDIRetpolineName) else if (MF.getName() == EDIRetpolineName)
populateThunk(MF, X86::EDI); ThunkReg = X86::EDI;
else else
llvm_unreachable("Invalid thunk name on x86-32!"); llvm_unreachable("Invalid thunk name on x86-32!");
} }
return true; const TargetInstrInfo *TII = MF.getSubtarget<X86Subtarget>().getInstrInfo();
}
void X86IndirectThunks::createThunkFunction(Module &M, StringRef Name) {
assert(Name.startswith(RetpolineNamePrefix) &&
"Created a thunk with an unexpected prefix!");
LLVMContext &Ctx = M.getContext();
auto Type = FunctionType::get(Type::getVoidTy(Ctx), false);
Function *F =
Function::Create(Type, GlobalValue::LinkOnceODRLinkage, Name, &M);
F->setVisibility(GlobalValue::HiddenVisibility);
F->setComdat(M.getOrInsertComdat(Name));
// Add Attributes so that we don't create a frame, unwind information, or
// inline.
AttrBuilder B;
B.addAttribute(llvm::Attribute::NoUnwind);
B.addAttribute(llvm::Attribute::Naked);
F->addAttributes(llvm::AttributeList::FunctionIndex, B);
// Populate our function a bit so that we can verify.
BasicBlock *Entry = BasicBlock::Create(Ctx, "entry", F);
IRBuilder<> Builder(Entry);
Builder.CreateRetVoid();
// MachineFunctions/MachineBasicBlocks aren't created automatically for the
// IR-level constructs we already made. Create them and insert them into the
// module.
MachineFunction &MF = MMI->getOrCreateMachineFunction(*F);
MachineBasicBlock *EntryMBB = MF.CreateMachineBasicBlock(Entry);
// Insert EntryMBB into MF. It's not in the module until we do this.
MF.insert(MF.end(), EntryMBB);
}
void X86IndirectThunks::insertRegReturnAddrClobber(MachineBasicBlock &MBB,
Register Reg) {
const unsigned MovOpc = Is64Bit ? X86::MOV64mr : X86::MOV32mr;
const Register SPReg = Is64Bit ? X86::RSP : X86::ESP;
addRegOffset(BuildMI(&MBB, DebugLoc(), TII->get(MovOpc)), SPReg, false, 0)
.addReg(Reg);
}
void X86IndirectThunks::populateThunk(MachineFunction &MF,
Register Reg) {
// Set MF properties. We never use vregs...
MF.getProperties().set(MachineFunctionProperties::Property::NoVRegs);
// Grab the entry MBB and erase any other blocks. O0 codegen appears to // Grab the entry MBB and erase any other blocks. O0 codegen appears to
// generate two bbs for the entry block. // generate two bbs for the entry block.
MachineBasicBlock *Entry = &MF.front(); MachineBasicBlock *Entry = &MF.front();
Entry->clear(); Entry->clear();
while (MF.size() > 1) while (MF.size() > 1)
MF.erase(std::next(MF.begin())); MF.erase(std::next(MF.begin()));
MachineBasicBlock *CaptureSpec = MachineBasicBlock *CaptureSpec =
MF.CreateMachineBasicBlock(Entry->getBasicBlock()); MF.CreateMachineBasicBlock(Entry->getBasicBlock());
MachineBasicBlock *CallTarget = MachineBasicBlock *CallTarget =
MF.CreateMachineBasicBlock(Entry->getBasicBlock()); MF.CreateMachineBasicBlock(Entry->getBasicBlock());
MCSymbol *TargetSym = MF.getContext().createTempSymbol(); MCSymbol *TargetSym = MF.getContext().createTempSymbol();
MF.push_back(CaptureSpec); MF.push_back(CaptureSpec);
MF.push_back(CallTarget); MF.push_back(CallTarget);
const unsigned CallOpc = Is64Bit ? X86::CALL64pcrel32 : X86::CALLpcrel32; const unsigned CallOpc = Is64Bit ? X86::CALL64pcrel32 : X86::CALLpcrel32;
const unsigned RetOpc = Is64Bit ? X86::RETQ : X86::RETL; const unsigned RetOpc = Is64Bit ? X86::RETQ : X86::RETL;
Entry->addLiveIn(Reg); Entry->addLiveIn(ThunkReg);
BuildMI(Entry, DebugLoc(), TII->get(CallOpc)).addSym(TargetSym); BuildMI(Entry, DebugLoc(), TII->get(CallOpc)).addSym(TargetSym);
// The MIR verifier thinks that the CALL in the entry block will fall through // The MIR verifier thinks that the CALL in the entry block will fall through
// to CaptureSpec, so mark it as the successor. Technically, CaptureTarget is // to CaptureSpec, so mark it as the successor. Technically, CaptureTarget is
// the successor, but the MIR verifier doesn't know how to cope with that. // the successor, but the MIR verifier doesn't know how to cope with that.
Entry->addSuccessor(CaptureSpec); Entry->addSuccessor(CaptureSpec);
// In the capture loop for speculation, we want to stop the processor from // In the capture loop for speculation, we want to stop the processor from
// speculating as fast as possible. On Intel processors, the PAUSE instruction // speculating as fast as possible. On Intel processors, the PAUSE instruction
// will block speculation without consuming any execution resources. On AMD // will block speculation without consuming any execution resources. On AMD
// processors, the PAUSE instruction is (essentially) a nop, so we also use an // processors, the PAUSE instruction is (essentially) a nop, so we also use an
// LFENCE instruction which they have advised will stop speculation as well // LFENCE instruction which they have advised will stop speculation as well
// with minimal resource utilization. We still end the capture with a jump to // with minimal resource utilization. We still end the capture with a jump to
// form an infinite loop to fully guarantee that no matter what implementation // form an infinite loop to fully guarantee that no matter what implementation
// of the x86 ISA, speculating this code path never escapes. // of the x86 ISA, speculating this code path never escapes.
BuildMI(CaptureSpec, DebugLoc(), TII->get(X86::PAUSE)); BuildMI(CaptureSpec, DebugLoc(), TII->get(X86::PAUSE));
BuildMI(CaptureSpec, DebugLoc(), TII->get(X86::LFENCE)); BuildMI(CaptureSpec, DebugLoc(), TII->get(X86::LFENCE));
BuildMI(CaptureSpec, DebugLoc(), TII->get(X86::JMP_1)).addMBB(CaptureSpec); BuildMI(CaptureSpec, DebugLoc(), TII->get(X86::JMP_1)).addMBB(CaptureSpec);
CaptureSpec->setHasAddressTaken(); CaptureSpec->setHasAddressTaken();
CaptureSpec->addSuccessor(CaptureSpec); CaptureSpec->addSuccessor(CaptureSpec);
CallTarget->addLiveIn(Reg); CallTarget->addLiveIn(ThunkReg);
CallTarget->setHasAddressTaken(); CallTarget->setHasAddressTaken();
CallTarget->setAlignment(Align(16)); CallTarget->setAlignment(Align(16));
insertRegReturnAddrClobber(*CallTarget, Reg);
// Insert return address clobber
const unsigned MovOpc = Is64Bit ? X86::MOV64mr : X86::MOV32mr;
const Register SPReg = Is64Bit ? X86::RSP : X86::ESP;
addRegOffset(BuildMI(CallTarget, DebugLoc(), TII->get(MovOpc)), SPReg, false,
0)
.addReg(ThunkReg);
CallTarget->back().setPreInstrSymbol(MF, TargetSym); CallTarget->back().setPreInstrSymbol(MF, TargetSym);
BuildMI(CallTarget, DebugLoc(), TII->get(RetOpc)); BuildMI(CallTarget, DebugLoc(), TII->get(RetOpc));
} }
template <typename Derived>
void ThunkInserter<Derived>::createThunkFunction(MachineModuleInfo &MMI,
StringRef Name) {
assert(Name.startswith(getDerived().getThunkPrefix()) &&
"Created a thunk with an unexpected prefix!");
Module &M = const_cast<Module &>(*MMI.getModule());
LLVMContext &Ctx = M.getContext();
auto Type = FunctionType::get(Type::getVoidTy(Ctx), false);
Function *F =
Function::Create(Type, GlobalValue::LinkOnceODRLinkage, Name, &M);
F->setVisibility(GlobalValue::HiddenVisibility);
F->setComdat(M.getOrInsertComdat(Name));
// Add Attributes so that we don't create a frame, unwind information, or
// inline.
AttrBuilder B;
B.addAttribute(llvm::Attribute::NoUnwind);
B.addAttribute(llvm::Attribute::Naked);
F->addAttributes(llvm::AttributeList::FunctionIndex, B);
// Populate our function a bit so that we can verify.
BasicBlock *Entry = BasicBlock::Create(Ctx, "entry", F);
IRBuilder<> Builder(Entry);
Builder.CreateRetVoid();
// MachineFunctions/MachineBasicBlocks aren't created automatically for the
// IR-level constructs we already made. Create them and insert them into the
// module.
MachineFunction &MF = MMI.getOrCreateMachineFunction(*F);
MachineBasicBlock *EntryMBB = MF.CreateMachineBasicBlock(Entry);
// Insert EntryMBB into MF. It's not in the module until we do this.
MF.insert(MF.end(), EntryMBB);
// Set MF properties. We never use vregs...
MF.getProperties().set(MachineFunctionProperties::Property::NoVRegs);
}
template <typename Derived>
bool ThunkInserter<Derived>::run(MachineModuleInfo &MMI, MachineFunction &MF) {
// If MF is not a thunk, check to see if we need to insert a thunk.
if (!MF.getName().startswith(getDerived().getThunkPrefix())) {
// If we've already inserted a thunk, nothing else to do.
if (InsertedThunks)
return false;
// Only add a thunk if one of the functions has the corresponding feature
// enabled in its subtarget, and doesn't enable external thunks.
// FIXME: Conditionalize on indirect calls so we don't emit a thunk when
// nothing will end up calling it.
// FIXME: It's a little silly to look at every function just to enumerate
// the subtargets, but eventually we'll want to look at them for indirect
// calls, so maybe this is OK.
if (!getDerived().mayUseThunk(MF))
return false;
getDerived().insertThunks(MMI);
InsertedThunks = true;
return true;
}
// If this *is* a thunk function, we need to populate it with the correct MI.
getDerived().populateThunk(MF);
return true;
}
FunctionPass *llvm::createX86IndirectThunksPass() {
return new X86IndirectThunks();
}
char X86IndirectThunks::ID = 0;
bool X86IndirectThunks::doInitialization(Module &M) {
initTIs(M, TIs);
return false;
}
bool X86IndirectThunks::runOnMachineFunction(MachineFunction &MF) {
LLVM_DEBUG(dbgs() << getPassName() << '\n');
auto &MMI = getAnalysis<MachineModuleInfoWrapperPass>().getMMI();
return runTIs(MMI, MF, TIs);
}