Add a wrapper around llvm-objdump to look for indirect calls/jmps in x86 assembly.

Useful when looking for indirect calls/jmps the need mitigation
via retpoline or other mitigations for Spectre v2.

Feedback, extension, additional patches welcome.

llvm-svn: 329050

diff --git a/llvm/utils/indirect_calls.py b/llvm/utils/indirect_calls.py
new file mode 100755 (executable)
index 0000000..1fdbcc1
--- /dev/null
+++ b/llvm/utils/indirect_calls.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python
+
+"""A tool for looking for indirect jumps and calls in x86 binaries.
+
+   Helpful to verify whether or not retpoline mitigations are catching
+   all of the indirect branches in a binary and telling you which
+   functions the remaining ones are in (assembly, etc).
+
+   Depends on llvm-objdump being in your path and is tied to the
+   dump format.
+"""
+
+import os
+import sys
+import re
+import subprocess
+import optparse
+
+# Look for indirect calls/jmps in a binary. re: (call|jmp).*\* 
+def look_for_indirect(file):
+    args = ['llvm-objdump']
+    args.extend(["-d"])
+    args.extend([file])
+
+    p = subprocess.Popen(args=args, stdin=None, stderr=subprocess.PIPE, stdout=subprocess.PIPE)
+    (stdout,stderr) = p.communicate()
+
+    function = ""
+    for line in stdout.splitlines():
+        if line.startswith(' ') == False:
+            function = line
+        result = re.search('(call|jmp).*\*', line)
+        if result != None:
+            # TODO: Perhaps use cxxfilt to demangle functions?
+            print function
+            print line
+    return
+
+# Compare the debug info between two files.
+def main(args):
+    # No options currently other than the binary.
+    parser = optparse.OptionParser("%prog [options] <binary>")
+    (opts, args) = parser.parse_args(args)
+    if len(args) != 2:
+        parser.error("invalid number of arguments: %s" % len(args))
+    look_for_indirect(args[1])
+
+if __name__ == '__main__':
+    main(sys.argv)