============
ShadowCallStack is an instrumentation pass, currently only implemented for
-aarch64 and x86_64, that protects programs against return address overwrites
+aarch64, that protects programs against return address overwrites
(e.g. stack buffer overflows.) It works by saving a function's return address
to a separately allocated 'shadow call stack' in the function prolog in
non-leaf functions and loading the return address from the shadow call stack
The aarch64 implementation is considered production ready, and
an `implementation of the runtime`_ has been added to Android's libc
-(bionic). The x86_64 implementation was evaluated using Chromium and was
-found to have critical performance and security deficiencies, and may be
-removed in a future release of the compiler. This document only describes
-the aarch64 implementation; details on the x86_64 implementation are found
-in the `Clang 7.0.1 documentation`_.
+(bionic). An x86_64 implementation was evaluated using Chromium and was found
+to have critical performance and security deficiencies--it was removed in
+LLVM 9.0. Details on the x86_64 implementation can be found in the
+`Clang 7.0.1 documentation`_.
.. _`implementation of the runtime`: https://android.googlesource.com/platform/bionic/+/808d176e7e0dd727c7f929622ec017f6e065c582/libc/bionic/pthread_create.cpp#128
.. _`Clang 7.0.1 documentation`: https://releases.llvm.org/7.0.1/tools/clang/docs/ShadowCallStack.html
memory accesses.
`Return Flow Guard`_ is a pure software implementation of shadow call stacks
-on x86_64. It is similar to the ShadowCallStack x86_64 implementation but
-trades off higher memory usage for a shorter prologue and epilogue. Like
-x86_64 ShadowCallStack, it is inherently racy due to the architecture's use
-of the stack for calls and returns.
+on x86_64. Like the previous implementation of ShadowCallStack on x86_64, it is
+inherently racy due to the architecture's use of the stack for calls and
+returns.
Intel `Control-flow Enforcement Technology`_ (CET) is a proposed hardware
extension that would add native support to use a shadow stack to store/check
else()
set(ALL_XRAY_SUPPORTED_ARCH ${X86_64} ${ARM32} ${ARM64} ${MIPS32} ${MIPS64} powerpc64le)
endif()
-set(ALL_SHADOWCALLSTACK_SUPPORTED_ARCH ${X86_64} ${ARM64})
+set(ALL_SHADOWCALLSTACK_SUPPORTED_ARCH ${ARM64})
if(APPLE)
include(CompilerRTDarwinUtils)
}
#else
-
-__attribute__((noinline)) void scs_fputs_stdout(const char *p) {
- fputs(p, stdout);
-}
-
+#error Unsupported platform
#endif
scs_arch_cflags += ' -ffixed-x18 '
config.substitutions.append( ("%clang_scs ", config.clang + ' -O0 -fsanitize=shadow-call-stack ' + scs_arch_cflags + ' ') )
-if config.host_os not in ['Linux'] or config.target_arch not in ['x86_64', 'aarch64']:
+if config.host_os not in ['Linux'] or config.target_arch not in ['aarch64']:
config.unsupported = True
#pragma once
-#ifdef __x86_64__
-#include <asm/prctl.h>
-int arch_prctl(int code, void *addr);
-#endif
#include <stdlib.h>
#include <sys/mman.h>
#include <sys/prctl.h>
if (stack == MAP_FAILED)
abort();
-#if defined(__x86_64__)
- if (arch_prctl(ARCH_SET_GS, stack))
- abort();
-#elif defined(__aarch64__)
+#if defined(__aarch64__)
__asm__ __volatile__("mov x18, %0" ::"r"(stack));
#else
#error Unsupported platform
+++ /dev/null
-// See overflow.c for a description.
-
-// REQUIRES: aarch64-target-arch
-// RUN: %clang_scs %S/overflow.c -o %t -DITERATIONS=12
-// RUN: %run %t | FileCheck %S/overflow.c
+++ /dev/null
-// See overflow.c for a description.
-
-// REQUIRES: x86_64-target-arch
-// RUN: %clang_scs %S/overflow.c -o %t -DITERATIONS=12
-// RUN: not --crash %run %t
// RUN: %clang_scs %s -o %t -DITERATIONS=3
// RUN: %run %t | FileCheck %s
-// The behavioral check for SCS + overflow lives in the tests overflow-x86_64.c
-// and overflow-aarch64.c. This is because the expected behavior is different
-// between the two platforms. On x86_64 we crash because the comparison between
-// the shadow call stack and the regular stack fails. On aarch64 there is no
-// comparison, we just load the return address from the shadow call stack. So we
-// just expect not to see the output from print_and_exit.
+// On aarch64 we just load the return address from the shadow call stack so we
+// do not expect to see the output from print_and_exit.
+// RUN: %clang_scs %s -o %t -DITERATIONS=12
+// RUN: %run %t | FileCheck %S/overflow.c
#include <stdio.h>
#include <stdlib.h>
add_public_tablegen_target(X86CommonTableGen)
set(sources
- ShadowCallStack.cpp
X86AsmPrinter.cpp
X86CallFrameOptimization.cpp
X86CallingConv.cpp
+++ /dev/null
-//===------- ShadowCallStack.cpp - Shadow Call Stack pass -----------------===//
-//
-// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
-// See https://llvm.org/LICENSE.txt for license information.
-// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
-//
-//===----------------------------------------------------------------------===//
-//
-// The ShadowCallStack pass instruments function prologs/epilogs to check that
-// the return address has not been corrupted during the execution of the
-// function. The return address is stored in a 'shadow call stack' addressed
-// using the %gs segment register.
-//
-//===----------------------------------------------------------------------===//
-
-#include "X86.h"
-#include "X86InstrBuilder.h"
-#include "X86InstrInfo.h"
-#include "X86Subtarget.h"
-
-#include "llvm/CodeGen/MachineFunction.h"
-#include "llvm/CodeGen/MachineFunctionPass.h"
-#include "llvm/CodeGen/MachineInstrBuilder.h"
-#include "llvm/CodeGen/MachineModuleInfo.h"
-#include "llvm/CodeGen/MachineRegisterInfo.h"
-#include "llvm/CodeGen/Passes.h"
-#include "llvm/CodeGen/TargetInstrInfo.h"
-#include "llvm/Pass.h"
-#include "llvm/Support/raw_ostream.h"
-
-using namespace llvm;
-
-namespace {
-
-class ShadowCallStack : public MachineFunctionPass {
-public:
- static char ID;
-
- ShadowCallStack() : MachineFunctionPass(ID) {
- initializeShadowCallStackPass(*PassRegistry::getPassRegistry());
- }
-
- void getAnalysisUsage(AnalysisUsage &AU) const override {
- MachineFunctionPass::getAnalysisUsage(AU);
- }
-
- bool runOnMachineFunction(MachineFunction &Fn) override;
-
-private:
- // Do not instrument leaf functions with this many or fewer instructions. The
- // shadow call stack instrumented prolog/epilog are slightly race-y reading
- // and checking the saved return address, so it is better to not instrument
- // functions that have fewer instructions than the instrumented prolog/epilog
- // race.
- static const size_t SkipLeafInstructions = 3;
-};
-
-char ShadowCallStack::ID = 0;
-} // end anonymous namespace.
-
-static void addProlog(MachineFunction &Fn, const TargetInstrInfo *TII,
- MachineBasicBlock &MBB, const DebugLoc &DL);
-static void addPrologLeaf(MachineFunction &Fn, const TargetInstrInfo *TII,
- MachineBasicBlock &MBB, const DebugLoc &DL,
- MCPhysReg FreeRegister);
-
-static void addEpilog(const TargetInstrInfo *TII, MachineBasicBlock &MBB,
- MachineInstr &MI, MachineBasicBlock &TrapBB);
-static void addEpilogLeaf(const TargetInstrInfo *TII, MachineBasicBlock &MBB,
- MachineInstr &MI, MachineBasicBlock &TrapBB,
- MCPhysReg FreeRegister);
-// Generate a longer epilog that only uses r10 when a tailcall branches to r11.
-static void addEpilogOnlyR10(const TargetInstrInfo *TII, MachineBasicBlock &MBB,
- MachineInstr &MI, MachineBasicBlock &TrapBB);
-
-// Helper function to add ModR/M references for [Seg: Reg + Offset] memory
-// accesses
-static inline const MachineInstrBuilder &
-addSegmentedMem(const MachineInstrBuilder &MIB, MCPhysReg Seg, MCPhysReg Reg,
- int Offset = 0) {
- return MIB.addReg(Reg).addImm(1).addReg(0).addImm(Offset).addReg(Seg);
-}
-
-static void addProlog(MachineFunction &Fn, const TargetInstrInfo *TII,
- MachineBasicBlock &MBB, const DebugLoc &DL) {
- const MCPhysReg ReturnReg = X86::R10;
- const MCPhysReg OffsetReg = X86::R11;
-
- auto MBBI = MBB.begin();
- // mov r10, [rsp]
- addDirectMem(BuildMI(MBB, MBBI, DL, TII->get(X86::MOV64rm)).addDef(ReturnReg),
- X86::RSP);
- // xor r11, r11
- BuildMI(MBB, MBBI, DL, TII->get(X86::XOR64rr))
- .addDef(OffsetReg)
- .addReg(OffsetReg, RegState::Undef)
- .addReg(OffsetReg, RegState::Undef);
- // add QWORD [gs:r11], 8
- addSegmentedMem(BuildMI(MBB, MBBI, DL, TII->get(X86::ADD64mi8)), X86::GS,
- OffsetReg)
- .addImm(8);
- // mov r11, [gs:r11]
- addSegmentedMem(
- BuildMI(MBB, MBBI, DL, TII->get(X86::MOV64rm)).addDef(OffsetReg), X86::GS,
- OffsetReg);
- // mov [gs:r11], r10
- addSegmentedMem(BuildMI(MBB, MBBI, DL, TII->get(X86::MOV64mr)), X86::GS,
- OffsetReg)
- .addReg(ReturnReg);
-}
-
-static void addPrologLeaf(MachineFunction &Fn, const TargetInstrInfo *TII,
- MachineBasicBlock &MBB, const DebugLoc &DL,
- MCPhysReg FreeRegister) {
- // mov REG, [rsp]
- addDirectMem(BuildMI(MBB, MBB.begin(), DL, TII->get(X86::MOV64rm))
- .addDef(FreeRegister),
- X86::RSP);
-}
-
-static void addEpilog(const TargetInstrInfo *TII, MachineBasicBlock &MBB,
- MachineInstr &MI, MachineBasicBlock &TrapBB) {
- const DebugLoc &DL = MI.getDebugLoc();
-
- // xor r11, r11
- BuildMI(MBB, MI, DL, TII->get(X86::XOR64rr))
- .addDef(X86::R11)
- .addReg(X86::R11, RegState::Undef)
- .addReg(X86::R11, RegState::Undef);
- // mov r10, [gs:r11]
- addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10),
- X86::GS, X86::R11);
- // mov r10, [gs:r10]
- addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10),
- X86::GS, X86::R10);
- // sub QWORD [gs:r11], 8
- // This instruction should not be moved up to avoid a signal race.
- addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::SUB64mi8)),
- X86::GS, X86::R11)
- .addImm(8);
- // cmp [rsp], r10
- addDirectMem(BuildMI(MBB, MI, DL, TII->get(X86::CMP64mr)), X86::RSP)
- .addReg(X86::R10);
- // jne trap
- BuildMI(MBB, MI, DL, TII->get(X86::JNE_1)).addMBB(&TrapBB);
- MBB.addSuccessor(&TrapBB);
-}
-
-static void addEpilogLeaf(const TargetInstrInfo *TII, MachineBasicBlock &MBB,
- MachineInstr &MI, MachineBasicBlock &TrapBB,
- MCPhysReg FreeRegister) {
- const DebugLoc &DL = MI.getDebugLoc();
-
- // cmp [rsp], REG
- addDirectMem(BuildMI(MBB, MI, DL, TII->get(X86::CMP64mr)), X86::RSP)
- .addReg(FreeRegister);
- // jne trap
- BuildMI(MBB, MI, DL, TII->get(X86::JNE_1)).addMBB(&TrapBB);
- MBB.addSuccessor(&TrapBB);
-}
-
-static void addEpilogOnlyR10(const TargetInstrInfo *TII, MachineBasicBlock &MBB,
- MachineInstr &MI, MachineBasicBlock &TrapBB) {
- const DebugLoc &DL = MI.getDebugLoc();
-
- // xor r10, r10
- BuildMI(MBB, MI, DL, TII->get(X86::XOR64rr))
- .addDef(X86::R10)
- .addReg(X86::R10, RegState::Undef)
- .addReg(X86::R10, RegState::Undef);
- // mov r10, [gs:r10]
- addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10),
- X86::GS, X86::R10);
- // mov r10, [gs:r10]
- addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10),
- X86::GS, X86::R10);
- // sub QWORD [gs:0], 8
- // This instruction should not be moved up to avoid a signal race.
- addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::SUB64mi8)), X86::GS, 0)
- .addImm(8);
- // cmp [rsp], r10
- addDirectMem(BuildMI(MBB, MI, DL, TII->get(X86::CMP64mr)), X86::RSP)
- .addReg(X86::R10);
- // jne trap
- BuildMI(MBB, MI, DL, TII->get(X86::JNE_1)).addMBB(&TrapBB);
- MBB.addSuccessor(&TrapBB);
-}
-
-bool ShadowCallStack::runOnMachineFunction(MachineFunction &Fn) {
- if (!Fn.getFunction().hasFnAttribute(Attribute::ShadowCallStack) ||
- Fn.getFunction().hasFnAttribute(Attribute::Naked))
- return false;
-
- if (Fn.empty() || !Fn.getRegInfo().tracksLiveness())
- return false;
-
- // FIXME: Skip functions that have r10 or r11 live on entry (r10 can be live
- // on entry for parameters with the nest attribute.)
- if (Fn.front().isLiveIn(X86::R10) || Fn.front().isLiveIn(X86::R11))
- return false;
-
- // FIXME: Skip functions with conditional and r10 tail calls for now.
- bool HasReturn = false;
- for (auto &MBB : Fn) {
- if (MBB.empty())
- continue;
-
- const MachineInstr &MI = MBB.instr_back();
- if (MI.isReturn())
- HasReturn = true;
-
- if (MI.isReturn() && MI.isCall()) {
- if (MI.findRegisterUseOperand(X86::EFLAGS))
- return false;
- // This should only be possible on Windows 64 (see GR64_TC versus
- // GR64_TCW64.)
- if (MI.findRegisterUseOperand(X86::R10) ||
- MI.hasRegisterImplicitUseOperand(X86::R10))
- return false;
- }
- }
-
- if (!HasReturn)
- return false;
-
- // For leaf functions:
- // 1. Do not instrument very short functions where it would not improve that
- // function's security.
- // 2. Detect if there is an unused caller-saved register we can reserve to
- // hold the return address instead of writing/reading it from the shadow
- // call stack.
- MCPhysReg LeafFuncRegister = X86::NoRegister;
- if (!Fn.getFrameInfo().adjustsStack()) {
- size_t InstructionCount = 0;
- std::bitset<X86::NUM_TARGET_REGS> UsedRegs;
- for (auto &MBB : Fn) {
- for (auto &LiveIn : MBB.liveins())
- UsedRegs.set(LiveIn.PhysReg);
- for (auto &MI : MBB) {
- if (!MI.isDebugValue() && !MI.isCFIInstruction() && !MI.isLabel())
- InstructionCount++;
- for (auto &Op : MI.operands())
- if (Op.isReg() && Op.isDef())
- UsedRegs.set(Op.getReg());
- }
- }
-
- if (InstructionCount <= SkipLeafInstructions)
- return false;
-
- std::bitset<X86::NUM_TARGET_REGS> CalleeSavedRegs;
- const MCPhysReg *CSRegs = Fn.getRegInfo().getCalleeSavedRegs();
- for (size_t i = 0; CSRegs[i]; i++)
- CalleeSavedRegs.set(CSRegs[i]);
-
- const TargetRegisterInfo *TRI = Fn.getSubtarget().getRegisterInfo();
- for (auto &Reg : X86::GR64_NOSPRegClass.getRegisters()) {
- // FIXME: Optimization opportunity: spill/restore a callee-saved register
- // if a caller-saved register is unavailable.
- if (CalleeSavedRegs.test(Reg))
- continue;
-
- bool Used = false;
- for (MCSubRegIterator SR(Reg, TRI, true); SR.isValid(); ++SR)
- if ((Used = UsedRegs.test(*SR)))
- break;
-
- if (!Used) {
- LeafFuncRegister = Reg;
- break;
- }
- }
- }
-
- const bool LeafFuncOptimization = LeafFuncRegister != X86::NoRegister;
- if (LeafFuncOptimization)
- // Mark the leaf function register live-in for all MBBs except the entry MBB
- for (auto I = ++Fn.begin(), E = Fn.end(); I != E; ++I)
- I->addLiveIn(LeafFuncRegister);
-
- MachineBasicBlock &MBB = Fn.front();
- const MachineBasicBlock *NonEmpty = MBB.empty() ? MBB.getFallThrough() : &MBB;
- const DebugLoc &DL = NonEmpty->front().getDebugLoc();
-
- const TargetInstrInfo *TII = Fn.getSubtarget().getInstrInfo();
- if (LeafFuncOptimization)
- addPrologLeaf(Fn, TII, MBB, DL, LeafFuncRegister);
- else
- addProlog(Fn, TII, MBB, DL);
-
- MachineBasicBlock *Trap = nullptr;
- for (auto &MBB : Fn) {
- if (MBB.empty())
- continue;
-
- MachineInstr &MI = MBB.instr_back();
- if (MI.isReturn()) {
- if (!Trap) {
- Trap = Fn.CreateMachineBasicBlock();
- BuildMI(Trap, MI.getDebugLoc(), TII->get(X86::TRAP));
- Fn.push_back(Trap);
- }
-
- if (LeafFuncOptimization)
- addEpilogLeaf(TII, MBB, MI, *Trap, LeafFuncRegister);
- else if (MI.findRegisterUseOperand(X86::R11))
- addEpilogOnlyR10(TII, MBB, MI, *Trap);
- else
- addEpilog(TII, MBB, MI, *Trap);
- }
- }
-
- return true;
-}
-
-INITIALIZE_PASS(ShadowCallStack, "shadow-call-stack", "Shadow Call Stack",
- false, false)
-
-FunctionPass *llvm::createShadowCallStackPass() {
- return new ShadowCallStack();
-}
/// transition penalty between functions encoded with AVX and SSE.
FunctionPass *createX86IssueVZeroUpperPass();
-/// This pass instruments the function prolog to save the return address to a
-/// 'shadow call stack' and the function epilog to check that the return address
-/// did not change during function execution.
-FunctionPass *createShadowCallStackPass();
-
/// This pass inserts ENDBR instructions before indirect jump/call
/// destinations as part of CET IBT mechanism.
FunctionPass *createX86IndirectBranchTrackingPass();
void initializeEvexToVexInstPassPass(PassRegistry &);
void initializeFixupBWInstPassPass(PassRegistry &);
void initializeFixupLEAPassPass(PassRegistry &);
-void initializeShadowCallStackPass(PassRegistry &);
void initializeWinEHStatePassPass(PassRegistry &);
void initializeX86AvoidSFBPassPass(PassRegistry &);
void initializeX86CallFrameOptimizationPass(PassRegistry &);
initializeFixupBWInstPassPass(PR);
initializeEvexToVexInstPassPass(PR);
initializeFixupLEAPassPass(PR);
- initializeShadowCallStackPass(PR);
initializeX86CallFrameOptimizationPass(PR);
initializeX86CmovConverterPassPass(PR);
initializeX86ExecutionDomainFixPass(PR);
addPass(createBreakFalseDeps());
}
- addPass(createShadowCallStackPass());
addPass(createX86IndirectBranchTrackingPass());
if (UseVZeroUpper)
; CHECK-NEXT: Post-RA pseudo instruction expansion pass
; CHECK-NEXT: X86 pseudo instruction expansion pass
; CHECK-NEXT: Analyze Machine Code For Garbage Collection
-; CHECK-NEXT: Shadow Call Stack
; CHECK-NEXT: X86 Indirect Branch Tracking
; CHECK-NEXT: X86 vzeroupper inserter
; CHECK-NEXT: X86 Discriminate Memory Operands
; CHECK-NEXT: ReachingDefAnalysis
; CHECK-NEXT: X86 Execution Dependency Fix
; CHECK-NEXT: BreakFalseDeps
-; CHECK-NEXT: Shadow Call Stack
; CHECK-NEXT: X86 Indirect Branch Tracking
; CHECK-NEXT: X86 vzeroupper inserter
; CHECK-NEXT: MachineDominator Tree Construction
+++ /dev/null
-# RUN: llc -mtriple=x86_64-unknown-linux-gnu -run-pass shadow-call-stack -verify-machineinstrs -o - %s | FileCheck %s
---- |
-
- define void @no_return() #0 { ret void }
- define void @normal_return() #0 { ret void }
- define void @normal_return_leaf_func() #0 { ret void }
- define void @short_leaf_func() #0 { ret void }
- define void @normal_tail_call() #0 { ret void }
- define void @r11_tail_call() #0 { ret void }
- define void @conditional_tail_call() #0 { ret void }
- define void @r10_live_in() #0 { ret void }
-
- attributes #0 = { shadowcallstack }
-
-...
----
-# CHECK-LABEL: name: no_return
-name: no_return
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: true # not a leaf function
-body: |
- ; CHECK: bb.0:
- bb.0:
- ; CHECK-NEXT: $eax = MOV32ri 13
- $eax = MOV32ri 13
-...
----
-# CHECK-LABEL: name: normal_return
-name: normal_return
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: true # not a leaf function
-body: |
- ; CHECK: bb.0:
- bb.0:
- ; CHECK: $r10 = MOV64rm $rsp, 1, $noreg, 0, $noreg
- ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags
- ; CHECK-NEXT: ADD64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags
- ; CHECK-NEXT: $r11 = MOV64rm $r11, 1, $noreg, 0, $gs
- ; CHECK-NEXT: MOV64mr $r11, 1, $noreg, 0, $gs, $r10
- ; CHECK-NEXT: $eax = MOV32ri 13
- $eax = MOV32ri 13
-
- ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags
- ; CHECK-NEXT: $r10 = MOV64rm $r11, 1, $noreg, 0, $gs
- ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs
- ; CHECK-NEXT: SUB64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags
- ; CHECK-NEXT: CMP64mr $rsp, 1, $noreg, 0, $noreg, $r10, implicit-def $eflags
- ; CHECK-NEXT: JNE_1 %bb.1, implicit $eflags
- ; CHECK-NEXT: RETQ $eax
- RETQ $eax
-
- ; CHECK: bb.1:
- ; CHECK-NEXT; TRAP
-...
----
-# CHECK-LABEL: name: normal_return_leaf_func
-name: normal_return_leaf_func
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: false # leaf function
-body: |
- ; CHECK: bb.0:
- ; CHECK: liveins: $rcx
- bb.0:
- liveins: $rcx
-
- ; CHECK: $rdx = MOV64rm $rsp, 1, $noreg, 0, $noreg
- ; CHECK-NEXT: $eax = MOV32ri 0
- $eax = MOV32ri 0
- ; CHECK-NEXT: CMP64ri8 $rcx, 5, implicit-def $eflags
- CMP64ri8 $rcx, 5, implicit-def $eflags
- ; CHECK-NEXT: JA_1 %bb.1, implicit $eflags
- JA_1 %bb.1, implicit $eflags
- ; CHECK-NEXT: JMP_1 %bb.2
- JMP_1 %bb.2
-
- ; CHECK: bb.1
- ; CHECK: liveins: $eax, $rdx
- bb.1:
- liveins: $eax
-
- ; CHECKT: $eax = MOV32ri 1
- $eax = MOV32ri 1
-
- ; CHECK: bb.2
- ; CHECK: liveins: $eax, $rdx
- bb.2:
- liveins: $eax
-
- ; CHECK: CMP64mr $rsp, 1, $noreg, 0, $noreg, $rdx, implicit-def $eflags
- ; CHECK-NEXT: JNE_1 %bb.3, implicit $eflags
- ; CHECK-NEXT: RETQ $eax
- RETQ $eax
-
- ; CHECK: bb.3:
- ; CHECK-NEXT; TRAP
-...
----
-# CHECK-LABEL: name: short_leaf_func
-name: short_leaf_func
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: false # leaf function
-body: |
- ; CHECK: bb.0:
- bb.0:
- ; Ensure these are not counted as machine instructions
- CFI_INSTRUCTION 0
- CFI_INSTRUCTION 0
- CFI_INSTRUCTION 0
- DBG_VALUE 0
- DBG_VALUE 0
- DBG_VALUE 0
-
- ; CHECK: $eax = MOV32ri 13
- $eax = MOV32ri 13
-
- ; CHECK-NEXT: RETQ $eax
- RETQ $eax
-...
----
-# CHECK-LABEL: name: normal_tail_call
-name: normal_tail_call
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: true # not a leaf function
-body: |
- ; CHECK: bb.0:
- bb.0:
- ; CHECK: $r10 = MOV64rm $rsp, 1, $noreg, 0, $noreg
- ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags
- ; CHECK-NEXT: ADD64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags
- ; CHECK-NEXT: $r11 = MOV64rm $r11, 1, $noreg, 0, $gs
- ; CHECK-NEXT: MOV64mr $r11, 1, $noreg, 0, $gs, $r10
- ; CHECK-NEXT: $eax = MOV32ri 13
- $eax = MOV32ri 13
-
- ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags
- ; CHECK-NEXT: $r10 = MOV64rm $r11, 1, $noreg, 0, $gs
- ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs
- ; CHECK-NEXT: SUB64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags
- ; CHECK-NEXT: CMP64mr $rsp, 1, $noreg, 0, $noreg, $r10, implicit-def $eflags
- ; CHECK-NEXT: JNE_1 %bb.1, implicit $eflags
- ; CHECK-NEXT: TAILJMPr64 $rax
- TAILJMPr64 $rax
-
- ; CHECK: bb.1:
- ; CHECK-NEXT; TRAP
-...
----
-# CHECK-LABEL: name: r11_tail_call
-name: r11_tail_call
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: true # not a leaf function
-body: |
- ; CHECK: bb.0:
- bb.0:
- ; CHECK: $r10 = MOV64rm $rsp, 1, $noreg, 0, $noreg
- ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags
- ; CHECK-NEXT: ADD64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags
- ; CHECK-NEXT: $r11 = MOV64rm $r11, 1, $noreg, 0, $gs
- ; CHECK-NEXT: MOV64mr $r11, 1, $noreg, 0, $gs, $r10
- ; CHECK-NEXT: $eax = MOV32ri 13
- $eax = MOV32ri 13
-
- ; CHECK-NEXT: $r10 = XOR64rr undef $r10, undef $r10, implicit-def $eflags
- ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs
- ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs
- ; CHECK-NEXT: SUB64mi8 $noreg, 1, $noreg, 0, $gs, 8, implicit-def $eflags
- ; CHECK-NEXT: CMP64mr $rsp, 1, $noreg, 0, $noreg, $r10, implicit-def $eflags
- ; CHECK-NEXT: JNE_1 %bb.1, implicit $eflags
- ; CHECK-NEXT: TAILJMPr64 undef $r11
- TAILJMPr64 undef $r11
-
- ; CHECK: bb.1:
- ; CHECK-NEXT; TRAP
-...
----
-# CHECK-LABEL: name: conditional_tail_call
-name: conditional_tail_call
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: true # not a leaf function
-body: |
- ; CHECK: bb.0:
- bb.0:
- ; CHECK: $eax = MOV32ri 13
- $eax = MOV32ri 13
-
- ; CHECK-NEXT: TAILJMPd64_CC @conditional_tail_call, undef $eflags
- TAILJMPd64_CC @conditional_tail_call, undef $eflags
-...
----
-# CHECK-LABEL: name: r10_live_in
-name: r10_live_in
-tracksRegLiveness: true
-frameInfo:
- adjustsStack: true # not a leaf function
-body: |
- ; CHECK: bb.0:
- ; CHECK: liveins: $r10
- bb.0:
- liveins: $r10
-
- ; CHECK: $eax = MOV32ri 13
- $eax = MOV32ri 13
- ; CHECK-NEXT: RETQ $eax
- RETQ $eax
-...
deps += [ ":X86GenFoldTables" ]
}
sources = [
- "ShadowCallStack.cpp",
"X86AsmPrinter.cpp",
"X86AvoidStoreForwardingBlocks.cpp",
"X86CallFrameOptimization.cpp",
projects / platform / upstream / llvm.git / commitdiff