Diff 294934

llvm/lib/Transforms/IPO/LowerTypeTests.cpp

Show First 20 Lines • Show All 1,199 Lines • ▼ Show 20 Lines	if (!OffsetConstMD)
report_fatal_error("Type offset must be a constant");		report_fatal_error("Type offset must be a constant");
auto OffsetInt = dyn_cast<ConstantInt>(OffsetConstMD->getValue());		auto OffsetInt = dyn_cast<ConstantInt>(OffsetConstMD->getValue());
if (!OffsetInt)		if (!OffsetInt)
report_fatal_error("Type offset must be an integer constant");		report_fatal_error("Type offset must be an integer constant");
}		}

static const unsigned kX86JumpTableEntrySize = 8;		static const unsigned kX86JumpTableEntrySize = 8;
static const unsigned kARMJumpTableEntrySize = 4;		static const unsigned kARMJumpTableEntrySize = 4;
		static const unsigned kARMBTIJumpTableEntrySize = 8;

unsigned LowerTypeTestsModule::getJumpTableEntrySize() {		unsigned LowerTypeTestsModule::getJumpTableEntrySize() {
switch (Arch) {		switch (Arch) {
case Triple::x86:		case Triple::x86:
case Triple::x86_64:		case Triple::x86_64:
return kX86JumpTableEntrySize;		return kX86JumpTableEntrySize;
case Triple::arm:		case Triple::arm:
case Triple::thumb:		case Triple::thumb:
		return kARMJumpTableEntrySize;
case Triple::aarch64:		case Triple::aarch64:
		if (const auto *BTE = mdconst::extract_or_null<ConstantInt>(
		M.getModuleFlag("branch-target-enforcement")))
		eugenisUnsubmitted Done Reply Inline Actions I'd rather this was a named constant. eugenis: I'd rather this was a named constant.
		danielkissAuthorUnsubmitted Done Reply Inline Actions I'll update it. danielkiss: I'll update it.
		if (BTE->getZExtValue())
		return kARMBTIJumpTableEntrySize;
return kARMJumpTableEntrySize;		return kARMJumpTableEntrySize;
default:		default:
report_fatal_error("Unsupported architecture for jump tables");		report_fatal_error("Unsupported architecture for jump tables");
}		}
}		}

// Create a jump table entry for the target. This consists of an instruction		// Create a jump table entry for the target. This consists of an instruction
// sequence containing a relative branch to Dest. Appends inline asm text,		// sequence containing a relative branch to Dest. Appends inline asm text,
// constraints and arguments to AsmOS, ConstraintOS and AsmArgs.		// constraints and arguments to AsmOS, ConstraintOS and AsmArgs.
void LowerTypeTestsModule::createJumpTableEntry(		void LowerTypeTestsModule::createJumpTableEntry(
raw_ostream &AsmOS, raw_ostream &ConstraintOS,		raw_ostream &AsmOS, raw_ostream &ConstraintOS,
Triple::ArchType JumpTableArch, SmallVectorImpl<Value *> &AsmArgs,		Triple::ArchType JumpTableArch, SmallVectorImpl<Value *> &AsmArgs,
Function *Dest) {		Function *Dest) {
unsigned ArgIndex = AsmArgs.size();		unsigned ArgIndex = AsmArgs.size();

if (JumpTableArch == Triple::x86 \|\| JumpTableArch == Triple::x86_64) {		if (JumpTableArch == Triple::x86 \|\| JumpTableArch == Triple::x86_64) {
AsmOS << "jmp ${" << ArgIndex << ":c}@plt\n";		AsmOS << "jmp ${" << ArgIndex << ":c}@plt\n";
AsmOS << "int3\nint3\nint3\n";		AsmOS << "int3\nint3\nint3\n";
} else if (JumpTableArch == Triple::arm \|\| JumpTableArch == Triple::aarch64) {		} else if (JumpTableArch == Triple::arm) {
		AsmOS << "b $" << ArgIndex << "\n";
		} else if (JumpTableArch == Triple::aarch64) {
		if (const auto *BTE = mdconst::extract_or_null<ConstantInt>(
		eugenisUnsubmitted Done Reply Inline Actions Do we need to check the function attribute here as well? What happens if a function opts out of BTI? eugenis: Do we need to check the function attribute here as well? What happens if a function opts out of…
		danielkissAuthorUnsubmitted Done Reply Inline Actions No, direct jump does not need a landing pad. So this jump will be fine even that target function opted out. danielkiss: No, direct jump does not need a landing pad. So this jump will be fine even that target…
		eugenisUnsubmitted Not Done Reply Inline Actions What I meant is, if a function has ignore-branch-target-enforcement, do not we want to skip the BTI hint in that function's CFI stub? Or, rather, replace it with NOP to preserve the stub size. Thinking about it some more - no, probably not. The attribute can be used on a "naked" function that already has BTI in the assembly; in that case we'd need BTI in the jump table as well. eugenis: What I meant is, if a function has ignore-branch-target-enforcement, do not we want to skip the…
		Dest->getParent()->getModuleFlag("branch-target-enforcement")))
		danielkissAuthorUnsubmitted Done Reply Inline Actions since D81257 we can use `bti c` in assembly. danielkiss: since D81257 we can use `bti c` in assembly.
		if (BTE->getZExtValue())
		AsmOS << "bti c\n";
AsmOS << "b $" << ArgIndex << "\n";		AsmOS << "b $" << ArgIndex << "\n";
} else if (JumpTableArch == Triple::thumb) {		} else if (JumpTableArch == Triple::thumb) {
AsmOS << "b.w $" << ArgIndex << "\n";		AsmOS << "b.w $" << ArgIndex << "\n";
} else {		} else {
report_fatal_error("Unsupported architecture for jump tables");		report_fatal_error("Unsupported architecture for jump tables");
}		}

ConstraintOS << (ArgIndex > 0 ? ",s" : "s");		ConstraintOS << (ArgIndex > 0 ? ",s" : "s");
▲ Show 20 Lines • Show All 145 Lines • ▼ Show 20 Lines	void LowerTypeTestsModule::createJumpTable(
if (JumpTableArch == Triple::arm)		if (JumpTableArch == Triple::arm)
F->addFnAttr("target-features", "-thumb-mode");		F->addFnAttr("target-features", "-thumb-mode");
if (JumpTableArch == Triple::thumb) {		if (JumpTableArch == Triple::thumb) {
F->addFnAttr("target-features", "+thumb-mode");		F->addFnAttr("target-features", "+thumb-mode");
// Thumb jump table assembly needs Thumb2. The following attribute is added		// Thumb jump table assembly needs Thumb2. The following attribute is added
// by Clang for -march=armv7.		// by Clang for -march=armv7.
F->addFnAttr("target-cpu", "cortex-a8");		F->addFnAttr("target-cpu", "cortex-a8");
}		}
		if (JumpTableArch == Triple::aarch64) {
		F->addFnAttr("branch-target-enforcement", "false");
		chillUnsubmitted Done Reply Inline Actions Why are we disabling BTI here? chill: Why are we disabling BTI here?
		danielkissAuthorUnsubmitted Done Reply Inline Actions This function is a jump table and each entry will have a landing pad ( see line 1235). If it is not disabled then the entry will get an additional landing pad that miss-aligns the table. Worst case we could add special condition for the first entry but IMHO that would be ugly. danielkiss: This function is a jump table and each entry will have a landing pad ( see line 1235). If it is…
		F->addFnAttr("sign-return-address", "none");
		chillUnsubmitted Done Reply Inline Actions Here we should use `sign-return-address=none`, and, if needed, I suggest (re-)introducing `branch-target-enforcement=true\|false` ? chill: Here we should use `sign-return-address=none`, and, if needed, I suggest (re-)introducing…
		danielkissAuthorUnsubmitted Done Reply Inline Actions Agree , I will update once the D85649 is updated as proposed there. danielkiss: Agree , I will update once the D85649 is updated as proposed there.
		}
// Make sure we don't emit .eh_frame for this function.		// Make sure we don't emit .eh_frame for this function.
F->addFnAttr(Attribute::NoUnwind);		F->addFnAttr(Attribute::NoUnwind);

BasicBlock *BB = BasicBlock::Create(M.getContext(), "entry", F);		BasicBlock *BB = BasicBlock::Create(M.getContext(), "entry", F);
IRBuilder<> IRB(BB);		IRBuilder<> IRB(BB);

SmallVector<Type *, 16> ArgTypes;		SmallVector<Type *, 16> ArgTypes;
ArgTypes.reserve(AsmArgs.size());		ArgTypes.reserve(AsmArgs.size());
▲ Show 20 Lines • Show All 848 Lines • Show Last 20 Lines

llvm/test/Transforms/LowerTypeTests/aarch64-jumptable.ll

This file was added.

				; RUN: opt -S -lowertypetests -mtriple=aarch64-unknown-linux-gnu < %s \| FileCheck --check-prefixes=AARCH64 %s

				; Test for the jump table generation with branch protection on AArch64

				target datalayout = "e-p:64:64"

				@0 = private unnamed_addr constant [2 x void (...)] [void (...) bitcast (void ()* @f to void (...)), void (...) bitcast (void ()* @g to void (...)*)], align 16

				; AARCH64: @f = alias void (), void ()* @[[JT:.*]]

				define void @f() !type !0 {
				ret void
				}

				define internal void @g() !type !0 {
				ret void
				}

				!0 = !{i32 0, !"typeid1"}

				declare i1 @llvm.type.test(i8* %ptr, metadata %bitset) nounwind readnone

				define i1 @foo(i8* %p) {
				%x = call i1 @llvm.type.test(i8* %p, metadata !"typeid1")
				ret i1 %x
				}

				!llvm.module.flags = !{!1}

				!1 = !{i32 4, !"branch-target-enforcement", i32 1}

				; AARCH64: define private void @[[JT]]() #[[ATTR:.*]] align 8 {

				; AARCH64: bti c
				; AARCH64-SAME: b $0
				; AARCH64-SAME: bti c
				; AARCH64-SAME: b $1

				; AARCH64: attributes #[[ATTR]] = { naked nounwind "branch-target-enforcement"="false" "sign-return-address"="none"

This is an archive of the discontinued LLVM Phabricator instance.

[AArch64] Add BTI to CFI jumptables.
ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 294934

llvm/lib/Transforms/IPO/LowerTypeTests.cpp

llvm/test/Transforms/LowerTypeTests/aarch64-jumptable.ll

This is an archive of the discontinued LLVM Phabricator instance.

[AArch64] Add BTI to CFI jumptables.ClosedPublic

Details

Diff Detail

Event Timeline

Revision Contents

Diff 294934

llvm/lib/Transforms/IPO/LowerTypeTests.cpp

llvm/test/Transforms/LowerTypeTests/aarch64-jumptable.ll

[AArch64] Add BTI to CFI jumptables.
ClosedPublic