This is an archive of the discontinued LLVM Phabricator instance.

Differential D81403

[IndirectThunks] Make generated MF structure as expected by all instruction selectors.
ClosedPublic

Authored by kristof.beyls on Jun 8 2020, 8:15 AM.

Details

Reviewers
ostannard
chandlerc
zbrid
Commits
rG832cfc767246: [IndirectThunks] Make generated MF structure as expected by all instruction…
Summary

This also enables running the AArch64 SLSHardening pass with GlobalISel,
so add a test for that.

Diff Detail

Event Timeline

kristof.beyls created this revision.Jun 8 2020, 8:15 AM
Herald added a project: Restricted Project. · View Herald TranscriptJun 8 2020, 8:15 AM
Herald added subscribers: llvm-commits, hiraditya, rovka. · View Herald Transcript
kristof.beyls added a child revision: D81404: [AArch64] Add clang command line support for -mharden-sls=.Jun 8 2020, 8:45 AM
kristof.beyls added a parent revision: D81402: [AArch64] Extend AArch64SLSHardeningPass to harden BLR instructions..
arsenm added a subscriber: arsenm.Jun 8 2020, 9:34 AM
arsenm added inline comments.
llvm/lib/CodeGen/GlobalISel/IRTranslator.cpp
2496 ↗(On Diff #269244)

Why was this violated? Seems like it should be straightforward to fix? Can you add a pure IR test that just runs the IRTranslator?

Harbormaster failed remote builds in B59491: Diff 269244!Jun 8 2020, 10:30 AM
kristof.beyls updated this revision to Diff 269839.Jun 10 2020, 7:19 AM
kristof.beyls marked an inline comment as done.
kristof.beyls added inline comments.
llvm/lib/CodeGen/GlobalISel/IRTranslator.cpp
2496 ↗(On Diff #269244)

The violation comes from thunks produced by the ThunkInserter. They are naked functions, not sure if that could trigger this issue.
I'll look into if it's possible to have a pure IR test trigger this.

kristof.beyls updated this revision to Diff 270195.Jun 11 2020, 11:54 AM
kristof.beyls retitled this revision from Work around GlobalISel limitation on Indirect Thunks. to [IndirectThunks] Make generated MF structure as expected by all instruction selectors..
kristof.beyls edited the summary of this revision. (Show Details)
kristof.beyls added a reviewer: chandlerc.

This new revision fixes the root cause of GlobalISel asserting on an IndirectThunk: the IndirectThunk creation code was producing a MachineFunction with a slightly different structure than what gets produced from a naked function implemented in C code and processed by clang.
This fixes this by letting the IndirectThunk generator produce a MachineFunction structure that is the same as what gets produced by clang for an empty naked function written in C.

kristof.beyls mentioned this in D81402: [AArch64] Extend AArch64SLSHardeningPass to harden BLR instructions..Jun 11 2020, 11:41 PM
zbrid added a subscriber: zbrid.Jun 16 2020, 4:59 PM

LGTM

Could you explain how not adding the MBB entry block is different from removing extra MBB later? Curious on the details about the differences here since the change makes sense functionally and I don't see any issues, but I can't understand why adding the extra MBB entry block at the point we create the machine function and then deleting extra blocks results in something different than the automatically created entry block. Is it some attributes or configuration in the basic block or something?

Also slightly unrelated question: Thanks for moving the IndirectThunk code to be of use to more Targets earlier in the commit stack! Along those lines, I was wondering if you had additional thoughts recently on adding retpolines for AArch64 since you are working near the x86 retpoline code and there was an llvm-dev thread from a team member of mine a week or two ago?

llvm/include/llvm/CodeGen/IndirectThunks.h
68

nit: update this comment to only mention MachineFunctions since MBBs don't need to be created.

zbrid added a comment.Jun 16 2020, 5:01 PM
This comment was removed by zbrid.
zbrid accepted this revision.Jun 16 2020, 5:05 PM
zbrid added a reviewer: zbrid.
This revision is now accepted and ready to land.Jun 16 2020, 5:05 PM
kristof.beyls added a comment.Jun 17 2020, 7:11 AM
In D81403#2097148, @zbrid wrote:

LGTM

Could you explain how not adding the MBB entry block is different from removing extra MBB later? Curious on the details about the differences here since the change makes sense functionally and I don't see any issues, but I can't understand why adding the extra MBB entry block at the point we create the machine function and then deleting extra blocks results in something different than the automatically created entry block. Is it some attributes or configuration in the basic block or something?

This was triggering the following assert in GlobalISel:
https://github.com/llvm/llvm-project/blob/master/llvm/lib/CodeGen/GlobalISel/IRTranslator.cpp#L2495

The X86 target does not use globalisel by default, but the AArch64 target does use it by default at -O0. So now that IndirectThunks is used by AArch64 also, that has become a blocker.
Globalisel runs between the place where the MBB entry block was added and the block was removed later.
Apart from this assert blocking the compilation flow, I wouldn't expect code generation to be different.

zbrid added a comment.Jun 17 2020, 10:02 AM

Thanks for the explanation!

Closed by commit rG832cfc767246: [IndirectThunks] Make generated MF structure as expected by all instruction… (authored by kristof.beyls). · Explain WhyJun 17 2020, 11:11 PM
This revision was automatically updated to reflect the committed changes.
kristof.beyls marked 2 inline comments as done.Jun 18 2020, 12:00 AM
kristof.beyls added inline comments.
llvm/include/llvm/CodeGen/IndirectThunks.h
68

Thanks, I fixed that in a follow-up commit.

Revision Contents

PathSize
llvm/
include/
llvm/
CodeGen/
7 lines
lib/
Target/
AArch64/
5 lines
X86/
10 lines
test/
CodeGen/
AArch64/
3 lines

Diff 271582

llvm/include/llvm/CodeGen/IndirectThunks.h

Show First 20 LinesShow All 59 Lines▼ Show 20 Linesvoid ThunkInserter<Derived>::createThunkFunction(MachineModuleInfo &MMI,
F->addAttributes(llvm::AttributeList::FunctionIndex, B); F->addAttributes(llvm::AttributeList::FunctionIndex, B);
// Populate our function a bit so that we can verify. // Populate our function a bit so that we can verify.
BasicBlock *Entry = BasicBlock::Create(Ctx, "entry", F); BasicBlock *Entry = BasicBlock::Create(Ctx, "entry", F);
IRBuilder<> Builder(Entry); IRBuilder<> Builder(Entry);
Builder.CreateRetVoid(); Builder.CreateRetVoid();
// MachineFunctions/MachineBasicBlocks aren't created automatically for the // MachineFunctions/MachineBasicBlocks aren't created automatically for the
zbridUnsubmitted
Not Done
ReplyInline Actions

nit: update this comment to only mention MachineFunctions since MBBs don't need to be created.

zbrid: nit: update this comment to only mention MachineFunctions since MBBs don't need to be created.
kristof.beylsAuthorUnsubmitted
Done
ReplyInline Actions

Thanks, I fixed that in a follow-up commit.

kristof.beyls: Thanks, I fixed that in a follow-up commit.
// IR-level constructs we already made. Create them and insert them into the // IR-level constructs we already made. Create them and insert them into the
// module. // module.
MachineFunction &MF = MMI.getOrCreateMachineFunction(*F); MachineFunction &MF = MMI.getOrCreateMachineFunction(*F);
MachineBasicBlock *EntryMBB = MF.CreateMachineBasicBlock(Entry); // A MachineBasicBlock must not be created for the Entry block; code
// generation from an empty naked function in C source code also does not
// generate one. At least GlobalISel asserts if this invariant isn't
// respected.
// Insert EntryMBB into MF. It's not in the module until we do this.
MF.insert(MF.end(), EntryMBB);
// Set MF properties. We never use vregs... // Set MF properties. We never use vregs...
MF.getProperties().set(MachineFunctionProperties::Property::NoVRegs); MF.getProperties().set(MachineFunctionProperties::Property::NoVRegs);
} }
template <typename Derived> template <typename Derived>
bool ThunkInserter<Derived>::run(MachineModuleInfo &MMI, MachineFunction &MF) { bool ThunkInserter<Derived>::run(MachineModuleInfo &MMI, MachineFunction &MF) {
// If MF is not a thunk, check to see if we need to insert a thunk. // If MF is not a thunk, check to see if we need to insert a thunk.
if (!MF.getName().startswith(getDerived().getThunkPrefix())) { if (!MF.getName().startswith(getDerived().getThunkPrefix())) {
Show All 27 Lines

llvm/lib/Target/AArch64/AArch64SLSHardening.cpp

Show First 20 LinesShow All 208 Lines▼ Show 20 Linesvoid SLSBLRThunkInserter::populateThunk(MachineFunction &MF) {
assert(MF.getName().startswith(getThunkPrefix())); assert(MF.getName().startswith(getThunkPrefix()));
auto ThunkIt = llvm::find_if( auto ThunkIt = llvm::find_if(
SLSBLRThunks, [&MF](auto T) { return T.Name == MF.getName(); }); SLSBLRThunks, [&MF](auto T) { return T.Name == MF.getName(); });
assert(ThunkIt != std::end(SLSBLRThunks)); assert(ThunkIt != std::end(SLSBLRThunks));
Register ThunkReg = ThunkIt->Reg; Register ThunkReg = ThunkIt->Reg;
const TargetInstrInfo *TII = const TargetInstrInfo *TII =
MF.getSubtarget<AArch64Subtarget>().getInstrInfo(); MF.getSubtarget<AArch64Subtarget>().getInstrInfo();
// Grab the entry MBB and erase any other blocks. O0 codegen appears to assert (MF.size() == 1);
// generate two bbs for the entry block.
MachineBasicBlock *Entry = &MF.front(); MachineBasicBlock *Entry = &MF.front();
Entry->clear(); Entry->clear();
while (MF.size() > 1)
MF.erase(std::next(MF.begin()));
// These thunks need to consist of the following instructions: // These thunks need to consist of the following instructions:
// __llvm_slsblr_thunk_xN: // __llvm_slsblr_thunk_xN:
// BR xN // BR xN
// barrierInsts // barrierInsts
Entry->addLiveIn(ThunkReg); Entry->addLiveIn(ThunkReg);
BuildMI(Entry, DebugLoc(), TII->get(AArch64::BR)).addReg(ThunkReg); BuildMI(Entry, DebugLoc(), TII->get(AArch64::BR)).addReg(ThunkReg);
// Make sure the thunks do not make use of the SB extension in case there is // Make sure the thunks do not make use of the SB extension in case there is
▲ Show 20 LinesShow All 217 LinesShow Last 20 Lines

llvm/lib/Target/X86/X86IndirectThunks.cpp

Show First 20 LinesShow All 73 Lines▼ Show 20 Linesstruct LVIThunkInserter : ThunkInserter<LVIThunkInserter> {
const char *getThunkPrefix() { return LVIThunkNamePrefix; } const char *getThunkPrefix() { return LVIThunkNamePrefix; }
bool mayUseThunk(const MachineFunction &MF) { bool mayUseThunk(const MachineFunction &MF) {
return MF.getSubtarget<X86Subtarget>().useLVIControlFlowIntegrity(); return MF.getSubtarget<X86Subtarget>().useLVIControlFlowIntegrity();
} }
void insertThunks(MachineModuleInfo &MMI) { void insertThunks(MachineModuleInfo &MMI) {
createThunkFunction(MMI, R11LVIThunkName); createThunkFunction(MMI, R11LVIThunkName);
} }
void populateThunk(MachineFunction &MF) { void populateThunk(MachineFunction &MF) {
// Grab the entry MBB and erase any other blocks. O0 codegen appears to assert (MF.size() == 1);
// generate two bbs for the entry block.
MachineBasicBlock *Entry = &MF.front(); MachineBasicBlock *Entry = &MF.front();
Entry->clear(); Entry->clear();
while (MF.size() > 1)
MF.erase(std::next(MF.begin()));
// This code mitigates LVI by replacing each indirect call/jump with a // This code mitigates LVI by replacing each indirect call/jump with a
// direct call/jump to a thunk that looks like: // direct call/jump to a thunk that looks like:
// ``` // ```
// lfence // lfence
// jmpq *%r11 // jmpq *%r11
// ``` // ```
// This ensures that if the value in register %r11 was loaded from memory, // This ensures that if the value in register %r11 was loaded from memory,
▲ Show 20 LinesShow All 108 Lines▼ Show 20 Lines else if (MF.getName() == EDXRetpolineName)
ThunkReg = X86::EDX; ThunkReg = X86::EDX;
else if (MF.getName() == EDIRetpolineName) else if (MF.getName() == EDIRetpolineName)
ThunkReg = X86::EDI; ThunkReg = X86::EDI;
else else
llvm_unreachable("Invalid thunk name on x86-32!"); llvm_unreachable("Invalid thunk name on x86-32!");
} }
const TargetInstrInfo *TII = MF.getSubtarget<X86Subtarget>().getInstrInfo(); const TargetInstrInfo *TII = MF.getSubtarget<X86Subtarget>().getInstrInfo();
// Grab the entry MBB and erase any other blocks. O0 codegen appears to assert (MF.size() == 1);
// generate two bbs for the entry block.
MachineBasicBlock *Entry = &MF.front(); MachineBasicBlock *Entry = &MF.front();
Entry->clear(); Entry->clear();
while (MF.size() > 1)
MF.erase(std::next(MF.begin()));
MachineBasicBlock *CaptureSpec = MachineBasicBlock *CaptureSpec =
MF.CreateMachineBasicBlock(Entry->getBasicBlock()); MF.CreateMachineBasicBlock(Entry->getBasicBlock());
MachineBasicBlock *CallTarget = MachineBasicBlock *CallTarget =
MF.CreateMachineBasicBlock(Entry->getBasicBlock()); MF.CreateMachineBasicBlock(Entry->getBasicBlock());
MCSymbol *TargetSym = MF.getContext().createTempSymbol(); MCSymbol *TargetSym = MF.getContext().createTempSymbol();
MF.push_back(CaptureSpec); MF.push_back(CaptureSpec);
MF.push_back(CallTarget); MF.push_back(CallTarget);
▲ Show 20 LinesShow All 57 LinesShow Last 20 Lines

llvm/test/CodeGen/AArch64/speculation-hardening-sls.ll

; RUN: llc -mattr=harden-sls-retbr,harden-sls-blr -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,HARDEN,ISBDSB,ISBDSBDAGISEL ; RUN: llc -mattr=harden-sls-retbr,harden-sls-blr -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,HARDEN,ISBDSB,ISBDSBDAGISEL
; RUN: llc -mattr=harden-sls-retbr,harden-sls-blr -mattr=+sb -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,HARDEN,SB,SBDAGISEL ; RUN: llc -mattr=harden-sls-retbr,harden-sls-blr -mattr=+sb -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,HARDEN,SB,SBDAGISEL
; RUN: llc -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,NOHARDEN ; RUN: llc -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,NOHARDEN
; RUN: llc -global-isel -global-isel-abort=0 -mattr=harden-sls-retbr,harden-sls-blr -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,HARDEN,ISBDSB
; RUN: llc -global-isel -global-isel-abort=0 -mattr=harden-sls-retbr,harden-sls-blr -mattr=+sb -verify-machineinstrs -mtriple=aarch64-none-linux-gnu < %s | FileCheck %s --check-prefixes=CHECK,HARDEN,SB
; Function Attrs: norecurse nounwind readnone ; Function Attrs: norecurse nounwind readnone
define dso_local i32 @double_return(i32 %a, i32 %b) local_unnamed_addr { define dso_local i32 @double_return(i32 %a, i32 %b) local_unnamed_addr {
entry: entry:
%cmp = icmp sgt i32 %a, 0 %cmp = icmp sgt i32 %a, 0
br i1 %cmp, label %if.then, label %if.else br i1 %cmp, label %if.then, label %if.else
if.then: ; preds = %entry if.then: ; preds = %entry
▲ Show 20 LinesShow All 205 LinesShow Last 20 Lines