From 70caa1fc30c392974df3bccd9959765dae1779f6 Mon Sep 17 00:00:00 2001 From: David Tellenbach Date: Wed, 30 Oct 2019 14:11:51 +0000 Subject: [PATCH] [AArch64][MachineOutliner] Return address signing for outlined functions Summary: During AArch64 frame lowering instructions to enable return address signing are inserted into function if needed. Functions generated during machine outlining don't run through target frame lowering and hence are missing such instructions. This patch introduces the following changes: 1. If not all functions that potentially participate in function outlining agree on their return address signing scope and their return address signing key, outlining is disabled for these functions. 2. If not all functions that potentially participate in function outlining agree on their support for v8.3A features, outlining is disabled for these functions. 2. If all candidate functions agree on the signing scope, signing key and and their support for v8.3 features, the outlined function behaves as if it had the same scope and key attributes and as if it would provide the same v8.3A support as the original functions. Reviewers: olista01, paquette, t.p.northover, ostannard Reviewed By: ostannard Subscribers: ostannard, kristof.beyls, hiraditya, llvm-commits Tags: #llvm Differential Revision: https://reviews.llvm.org/D69097 --- llvm/lib/Target/AArch64/AArch64InstrInfo.cpp | 248 ++++++++++++++++++++- ...ne-outliner-retaddr-sign-diff-scope-same-key.ll | 68 ++++++ .../machine-outliner-retaddr-sign-non-leaf.ll | 72 ++++++ .../machine-outliner-retaddr-sign-regsave.mir | 127 +++++++++++ ...ne-outliner-retaddr-sign-same-scope-diff-key.ll | 69 ++++++ ...-outliner-retaddr-sign-same-scope-same-key-a.ll | 71 ++++++ ...-outliner-retaddr-sign-same-scope-same-key-b.ll | 75 +++++++ .../machine-outliner-retaddr-sign-subtarget.ll | 87 ++++++++ .../AArch64/machine-outliner-retaddr-sign-thunk.ll | 67 ++++++ .../AArch64/machine-outliner-retaddr-sign-v8-3.ll | 89 ++++++++ 10 files changed, 966 insertions(+), 7 deletions(-) create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-diff-scope-same-key.ll create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-non-leaf.ll create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-regsave.mir create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-diff-key.ll create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-a.ll create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-b.ll create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-subtarget.ll create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-thunk.ll create mode 100644 llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-v8-3.ll diff --git a/llvm/lib/Target/AArch64/AArch64InstrInfo.cpp b/llvm/lib/Target/AArch64/AArch64InstrInfo.cpp index 96a58ce..d6578e3f 100644 --- a/llvm/lib/Target/AArch64/AArch64InstrInfo.cpp +++ b/llvm/lib/Target/AArch64/AArch64InstrInfo.cpp @@ -5037,8 +5037,99 @@ AArch64InstrInfo::findRegisterToSaveLRTo(const outliner::Candidate &C) const { return 0u; } -outliner::OutlinedFunction -AArch64InstrInfo::getOutliningCandidateInfo( +static bool +outliningCandidatesSigningScopeConsensus(const outliner::Candidate &a, + const outliner::Candidate &b) { + const Function &Fa = a.getMF()->getFunction(); + const Function &Fb = b.getMF()->getFunction(); + + // If none of the functions have the "sign-return-address" attribute their + // signing behaviour is equal + if (!Fa.hasFnAttribute("sign-return-address") && + !Fb.hasFnAttribute("sign-return-address")) { + return true; + } + + // If both functions have the "sign-return-address" attribute their signing + // behaviour is equal, if the values of the attributes are equal + if (Fa.hasFnAttribute("sign-return-address") && + Fb.hasFnAttribute("sign-return-address")) { + StringRef ScopeA = + Fa.getFnAttribute("sign-return-address").getValueAsString(); + StringRef ScopeB = + Fb.getFnAttribute("sign-return-address").getValueAsString(); + return ScopeA.equals(ScopeB); + } + + // If function B doesn't have the "sign-return-address" attribute but A does, + // the functions' signing behaviour is equal if A's value for + // "sign-return-address" is "none" and vice versa. + if (Fa.hasFnAttribute("sign-return-address")) { + StringRef ScopeA = + Fa.getFnAttribute("sign-return-address").getValueAsString(); + return ScopeA.equals("none"); + } + + if (Fb.hasFnAttribute("sign-return-address")) { + StringRef ScopeB = + Fb.getFnAttribute("sign-return-address").getValueAsString(); + return ScopeB.equals("none"); + } + + llvm_unreachable("Unkown combination of sign-return-address attributes"); +} + +static bool +outliningCandidatesSigningKeyConsensus(const outliner::Candidate &a, + const outliner::Candidate &b) { + const Function &Fa = a.getMF()->getFunction(); + const Function &Fb = b.getMF()->getFunction(); + + // If none of the functions have the "sign-return-address-key" attribute + // their keys are equal + if (!Fa.hasFnAttribute("sign-return-address-key") && + !Fb.hasFnAttribute("sign-return-address-key")) { + return true; + } + + // If both functions have the "sign-return-address-key" attribute their + // keys are equal if the values of "sign-return-address-key" are equal + if (Fa.hasFnAttribute("sign-return-address-key") && + Fb.hasFnAttribute("sign-return-address-key")) { + StringRef KeyA = + Fa.getFnAttribute("sign-return-address-key").getValueAsString(); + StringRef KeyB = + Fb.getFnAttribute("sign-return-address-key").getValueAsString(); + return KeyA.equals(KeyB); + } + + // If B doesn't have the "sign-return-address-key" attribute, both keys are + // equal, if function a has the default key (a_key) + if (Fa.hasFnAttribute("sign-return-address-key")) { + StringRef KeyA = + Fa.getFnAttribute("sign-return-address-key").getValueAsString(); + return KeyA.equals_lower("a_key"); + } + + if (Fb.hasFnAttribute("sign-return-address-key")) { + StringRef KeyB = + Fb.getFnAttribute("sign-return-address-key").getValueAsString(); + return KeyB.equals_lower("a_key"); + } + + llvm_unreachable("Unkown combination of sign-return-address-key attributes"); +} + +static bool outliningCandidatesV8_3OpsConsensus(const outliner::Candidate &a, + const outliner::Candidate &b) { + const AArch64Subtarget &SubtargetA = + a.getMF()->getSubtarget(); + const AArch64Subtarget &SubtargetB = + b.getMF()->getSubtarget(); + return SubtargetA.hasV8_3aOps() == SubtargetB.hasV8_3aOps(); +} + +outliner::OutlinedFunction AArch64InstrInfo::getOutliningCandidateInfo( std::vector &RepeatedSequenceLocs) const { outliner::Candidate &FirstCand = RepeatedSequenceLocs[0]; unsigned SequenceSize = @@ -5046,6 +5137,47 @@ AArch64InstrInfo::getOutliningCandidateInfo( [this](unsigned Sum, const MachineInstr &MI) { return Sum + getInstSizeInBytes(MI); }); + unsigned NumBytesToCreateFrame = 0; + + // We only allow outlining for functions having exactly matching return + // address signing attributes, i.e., all share the same value for the + // attribute "sign-return-address" and all share the same type of key they + // are signed with. + // Additionally we require all functions to simultaniously either support + // v8.3a features or not. Otherwise an outlined function could get signed + // using dedicated v8.3 instructions and a call from a function that doesn't + // support v8.3 instructions would therefore be invalid. + if (std::adjacent_find( + RepeatedSequenceLocs.begin(), RepeatedSequenceLocs.end(), + + [](const outliner::Candidate &a, const outliner::Candidate &b) { + // Return true if a and b are non-equal w.r.t. return address + // signing or support of v8.3a features + if (outliningCandidatesSigningScopeConsensus(a, b) && + outliningCandidatesSigningKeyConsensus(a, b) && + outliningCandidatesV8_3OpsConsensus(a, b)) { + return false; + } + return true; + }) != RepeatedSequenceLocs.end()) { + return outliner::OutlinedFunction(); + } + + // Since at this point all candidates agree on their return address signing + // picking just one is fine. If the candidate functions potentially sign their + // return addresses, the outlined function should do the same. Note that in + // the case of "sign-return-address"="non-leaf" this is an assumption: It is + // not certainly true that the outlined function will have to sign its return + // address but this decision is made later, when the decision to outline + // has already been made. + // The same holds for the number of additional instructions we need: On + // v8.3a RET can be replaced by RETAA/RETAB and no AUT instruction is + // necessary. However, at this point we don't know if the outlined function + // will have a RET instruction so we assume the worst. + const Function &FCF = FirstCand.getMF()->getFunction(); + if (FCF.hasFnAttribute("sign-return-address")) + // One PAC and one AUT instructions + NumBytesToCreateFrame += 8; // Properties about candidate MBBs that hold for all of them. unsigned FlagsSetInAll = 0xF; @@ -5107,7 +5239,7 @@ AArch64InstrInfo::getOutliningCandidateInfo( }; unsigned FrameID = MachineOutlinerDefault; - unsigned NumBytesToCreateFrame = 4; + NumBytesToCreateFrame += 4; bool HasBTI = any_of(RepeatedSequenceLocs, [](outliner::Candidate &C) { return C.getMF()->getFunction().hasFnAttribute("branch-target-enforcement"); @@ -5376,6 +5508,19 @@ AArch64InstrInfo::getOutliningType(MachineBasicBlock::iterator &MIT, MachineFunction *MF = MBB->getParent(); AArch64FunctionInfo *FuncInfo = MF->getInfo(); + // Don't outline anything used for return address signing. The outlined + // function will get signed later if needed + switch (MI.getOpcode()) { + case AArch64::PACIASP: + case AArch64::PACIBSP: + case AArch64::AUTIASP: + case AArch64::AUTIBSP: + case AArch64::RETAA: + case AArch64::RETAB: + case AArch64::EMITBKEY: + return outliner::InstrType::Illegal; + } + // Don't outline LOHs. if (FuncInfo->getLOHRelated().count(&MI)) return outliner::InstrType::Illegal; @@ -5528,6 +5673,59 @@ void AArch64InstrInfo::fixupPostOutline(MachineBasicBlock &MBB) const { } } +static void signOutlinedFunction(MachineFunction &MF, MachineBasicBlock &MBB, + bool ShouldSignReturnAddr, + bool ShouldSignReturnAddrWithAKey) { + if (ShouldSignReturnAddr) { + MachineBasicBlock::iterator MBBPAC = MBB.begin(); + MachineBasicBlock::iterator MBBAUT = MBB.getFirstTerminator(); + const AArch64Subtarget &Subtarget = MF.getSubtarget(); + const TargetInstrInfo *TII = Subtarget.getInstrInfo(); + DebugLoc DL; + + if (MBBAUT != MBB.end()) + DL = MBBAUT->getDebugLoc(); + + // At the very beginning of the basic block we insert the following + // depending on the key type + // + // a_key: b_key: + // PACIASP EMITBKEY + // CFI_INSTRUCTION PACIBSP + // CFI_INSTRUCTION + if (ShouldSignReturnAddrWithAKey) { + BuildMI(MBB, MBBPAC, DebugLoc(), TII->get(AArch64::PACIASP)) + .setMIFlag(MachineInstr::FrameSetup); + } else { + BuildMI(MBB, MBBPAC, DebugLoc(), TII->get(AArch64::EMITBKEY)) + .setMIFlag(MachineInstr::FrameSetup); + BuildMI(MBB, MBBPAC, DebugLoc(), TII->get(AArch64::PACIBSP)) + .setMIFlag(MachineInstr::FrameSetup); + } + unsigned CFIIndex = + MF.addFrameInst(MCCFIInstruction::createNegateRAState(nullptr)); + BuildMI(MBB, MBBPAC, DebugLoc(), TII->get(AArch64::CFI_INSTRUCTION)) + .addCFIIndex(CFIIndex) + .setMIFlags(MachineInstr::FrameSetup); + + // If v8.3a features are available we can replace a RET instruction by + // RETAA or RETAB and omit the AUT instructions + if (Subtarget.hasV8_3aOps() && MBBAUT != MBB.end() && + MBBAUT->getOpcode() == AArch64::RET) { + BuildMI(MBB, MBBAUT, DL, + TII->get(ShouldSignReturnAddrWithAKey ? AArch64::RETAA + : AArch64::RETAB)) + .copyImplicitOps(*MBBAUT); + MBB.erase(MBBAUT); + } else { + BuildMI(MBB, MBBAUT, DL, + TII->get(ShouldSignReturnAddrWithAKey ? AArch64::AUTIASP + : AArch64::AUTIBSP)) + .setMIFlag(MachineInstr::FrameDestroy); + } + } +} + void AArch64InstrInfo::buildOutlinedFrame( MachineBasicBlock &MBB, MachineFunction &MF, const outliner::OutlinedFunction &OF) const { @@ -5543,16 +5741,19 @@ void AArch64InstrInfo::buildOutlinedFrame( TailOpcode = AArch64::TCRETURNriALL; } MachineInstr *TC = BuildMI(MF, DebugLoc(), get(TailOpcode)) - .add(Call->getOperand(0)) - .addImm(0); + .add(Call->getOperand(0)) + .addImm(0); MBB.insert(MBB.end(), TC); Call->eraseFromParent(); } + bool IsLeafFunction = true; + // Is there a call in the outlined range? - auto IsNonTailCall = [](MachineInstr &MI) { + auto IsNonTailCall = [](const MachineInstr &MI) { return MI.isCall() && !MI.isReturn(); }; + if (std::any_of(MBB.instr_begin(), MBB.instr_end(), IsNonTailCall)) { // Fix up the instructions in the range, since we're going to modify the // stack. @@ -5560,6 +5761,8 @@ void AArch64InstrInfo::buildOutlinedFrame( "Can only fix up stack references once"); fixupPostOutline(MBB); + IsLeafFunction = false; + // LR has to be a live in so that we can save it. MBB.addLiveIn(AArch64::LR); @@ -5606,16 +5809,47 @@ void AArch64InstrInfo::buildOutlinedFrame( Et = MBB.insert(Et, LDRXpost); } + // If a bunch of candidates reach this point they must agree on their return + // address signing. It is therefore enough to just consider the signing + // behaviour of one of them + const Function &CF = OF.Candidates.front().getMF()->getFunction(); + bool ShouldSignReturnAddr = false; + if (CF.hasFnAttribute("sign-return-address")) { + StringRef Scope = + CF.getFnAttribute("sign-return-address").getValueAsString(); + if (Scope.equals("all")) + ShouldSignReturnAddr = true; + else if (Scope.equals("non-leaf") && !IsLeafFunction) + ShouldSignReturnAddr = true; + } + + // a_key is the default + bool ShouldSignReturnAddrWithAKey = true; + if (CF.hasFnAttribute("sign-return-address-key")) { + const StringRef Key = + CF.getFnAttribute("sign-return-address-key").getValueAsString(); + // Key can either be a_key or b_key + assert((Key.equals_lower("a_key") || Key.equals_lower("b_key")) && + "Return address signing key must be either a_key or b_key"); + ShouldSignReturnAddrWithAKey = Key.equals_lower("a_key"); + } + // If this is a tail call outlined function, then there's already a return. if (OF.FrameConstructionID == MachineOutlinerTailCall || - OF.FrameConstructionID == MachineOutlinerThunk) + OF.FrameConstructionID == MachineOutlinerThunk) { + signOutlinedFunction(MF, MBB, ShouldSignReturnAddr, + ShouldSignReturnAddrWithAKey); return; + } // It's not a tail call, so we have to insert the return ourselves. MachineInstr *ret = BuildMI(MF, DebugLoc(), get(AArch64::RET)) .addReg(AArch64::LR, RegState::Undef); MBB.insert(MBB.end(), ret); + signOutlinedFunction(MF, MBB, ShouldSignReturnAddr, + ShouldSignReturnAddrWithAKey); + // Did we have to modify the stack by saving the link register? if (OF.FrameConstructionID != MachineOutlinerDefault) return; diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-diff-scope-same-key.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-diff-scope-same-key.ll new file mode 100644 index 0000000..d8acaa9 --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-diff-scope-same-key.ll @@ -0,0 +1,68 @@ +; RUN: llc -verify-machineinstrs -enable-machine-outliner -mtriple \ +; RUN: aarch64-arm-none-eabi %s -o - | FileCheck %s + +define void @a() "sign-return-address"="all" { +; CHECK-LABEL: a: // @a +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autiasp + ret void +; CHECK: .cfi_endproc +} + +define void @b() "sign-return-address"="non-leaf" { +; CHECK-LABEL: b: // @b +; CHECK-NOT: paciasp +; CHECK-NOT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK-NOT: autiasp + ret void +; CHECK: .cfi_endproc +} + +define void @c() "sign-return-address"="all" { +; CHECK-LABEL: c: // @c +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autiasp + ret void +; CHECK: .cfi_endproc +} + +; CHECK-NOT: OUTLINED_FUNCTION_{{[0-9]+}}: +; CHECK-NOT: // -- Begin function diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-non-leaf.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-non-leaf.ll new file mode 100644 index 0000000..c7cea17 --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-non-leaf.ll @@ -0,0 +1,72 @@ +; RUN: llc -verify-machineinstrs -enable-machine-outliner -mtriple \ +; RUN: aarch64-arm-none-eabi %s -o - | FileCheck %s + +define i64 @a(i64 %x) "sign-return-address"="non-leaf" "sign-return-address-key"="b_key" { +; CHECK-LABEL: a: // @a +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 + call void asm sideeffect "mov x30, $0", "r,~{lr}"(i64 %x) #1 + ret i64 %x +} + +define i64 @b(i64 %x) "sign-return-address"="non-leaf" "sign-return-address-key"="b_key" { +; CHECK-LABEL: b: // @b +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 + call void asm sideeffect "mov x30, $0", "r,~{lr}"(i64 %x) #1 + ret i64 %x +} + +define i64 @c(i64 %x) "sign-return-address"="non-leaf" "sign-return-address-key"="b_key" { +; CHECK-LABEL: c: // @c +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 + call void asm sideeffect "mov x30, $0", "r,~{lr}"(i64 %x) #1 + ret i64 %x +} + +; Outlined function is leaf-function => don't sign it +; CHECK-LABEL: OUTLINED_FUNCTION_0: +; CHECK-NOT: .cfi_b_key_frame +; CHECK-NOT: paci{{[a,b]}}sp +; CHECK-NOT: .cfi_negate_ra_state +; CHECK-NOT: auti{{[a,b]}}sp diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-regsave.mir b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-regsave.mir new file mode 100644 index 0000000..e65adce --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-regsave.mir @@ -0,0 +1,127 @@ +# RUN: llc -mtriple=aarch64-arm-none-eabi -run-pass=prologepilog \ +# RUN: -run-pass=machine-outliner -verify-machineinstrs %s -o - | FileCheck %s + +# Check that we save LR to a callee-saved register when possible. +# foo() should use a callee-saved register. However, bar() should not. +--- | + + define void @foo() #0 { + ret void + } + + define void @bar() #0 { + ret void + } + + attributes #0 = { nounwind "sign-return-address"="non-leaf" "sign-return-address-key"="b_key" minsize noinline noredzone "no-frame-pointer-elim"="true" } +... +--- +# CHECK-LABEL: name: foo +# CHECK: bb.0: +# CHECK: frame-setup EMITBKEY +# CHECK-NEXT: frame-setup PACIBSP +# CHECK-NEXT: frame-setup CFI_INSTRUCTION negate_ra_sign_state +# CHECK: bb.1: +# CHECK: BL @[[OUTLINED_FUNCTION:OUTLINED_FUNCTION_[0-9]+]] +# CHECK: bb.2: +# CHECK: BL @[[OUTLINED_FUNCTION]] +# CHECK: bb.3: +# CHECK: BL @[[OUTLINED_FUNCTION]] +# CHECK: bb.4: +# CHECK: BL @[[OUTLINED_FUNCTION]] +# CHECK: bb.5: +# CHECK: frame-destroy AUTIBSP +# CHECK-NEXT: RET +name: foo +tracksRegLiveness: true +fixedStack: +body: | + bb.0: + $x25 = ORRXri $xzr, 1 + $lr = ORRXri $xzr, 1 + bb.1: + liveins: $lr, $w9 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 2 + bb.2: + liveins: $lr, $w9 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 2 + bb.3: + liveins: $lr, $w9 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 2 + bb.4: + liveins: $lr, $w9 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 1 + $w9 = ORRWri $wzr, 2 + bb.5: + liveins: $w9 + RET undef $lr + +... +--- +# CHECK: name: bar +# CHECK: bb.0: +# CHECK-NOT: OUTLINED_FUNCTION_ +# CHECK: bb.1: +# CHECK-NOT: OUTLINED_FUNCTION_ +# CHECK: bb.2: +# CHECK-NOT: OUTLINED_FUNCTION_ +# CHECK: bb.3: +# CHECK-NOT: OUTLINED_FUNCTION_ +# CHECK: RET +name: bar +tracksRegLiveness: true +body: | + bb.0: + liveins: $lr, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15, $x19, $x20, $x21, $x22, $x23, $x20, $x21, $x22, $x23, $x24, $x25, $x26, $x27, $x28 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w12 = ORRWri $wzr, 2 + bb.1: + liveins: $lr, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15, $x19, $x20, $x21, $x22, $x23, $x20, $x21, $x22, $x23, $x24, $x25, $x26, $x27, $x28 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w12 = ORRWri $wzr, 2 + bb.2: + liveins: $lr, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15, $x19, $x20, $x21, $x22, $x23, $x20, $x21, $x22, $x23, $x24, $x25, $x26, $x27, $x28 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w10 = ORRWri $wzr, 1 + $w12 = ORRWri $wzr, 2 + bb.3: + liveins: $lr, $x0, $x1, $x2, $x3, $x4, $x5, $x6, $x7, $x8, $x9, $x10, $x11, $x12, $x13, $x14, $x15, $x19, $x20, $x21, $x22, $x23, $x20, $x21, $x22, $x23, $x24, $x25, $x26, $x27, $x28 + RET undef $lr + +# CHECK: name: [[OUTLINED_FUNCTION]] +# CHECK: body: +# CHECK-NEXT: bb.0: +# CHECK-NOT: frame-setup EMITBKEY +# CHECK-NOT: frame-setup PACI{{[A,B]]}}SP +# CHECK-NOT: frame-setup CFI_INSTRUCTION negate_ra_sign_state +# CHECK-NOT: frame-destroy AUTI{{[A,B]]}}SP diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-diff-key.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-diff-key.ll new file mode 100644 index 0000000..4348d73 --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-diff-key.ll @@ -0,0 +1,69 @@ +; RUN: llc -verify-machineinstrs -enable-machine-outliner -mtriple \ +; RUN: aarch64-arm-none-eabi %s -o - | FileCheck %s + +define void @a() "sign-return-address"="all" { +; CHECK-LABEL: a: // @a +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autiasp + ret void +; CHECK: .cfi_endproc +} + +define void @b() "sign-return-address"="all" "sign-return-address-key"="b_key" { +; CHECK-LABEL: b: // @b +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK-NOT: autiasp + ret void +; CHECK: .cfi_endproc +} + +define void @c() "sign-return-address"="all" { +; CHECK-LABEL: c: // @c +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autiasp + ret void +; CHECK: .cfi_endproc +} + +; CHECK-NOT: OUTLINED_FUNCTION_0: +; CHECK-NOT: // -- Begin function diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-a.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-a.ll new file mode 100644 index 0000000..2a6a7b7 --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-a.ll @@ -0,0 +1,71 @@ +; RUN: llc -verify-machineinstrs -enable-machine-outliner -mtriple \ +; RUN: aarch64-arm-none-eabi %s -o - | FileCheck %s + +define void @a() "sign-return-address"="all" "sign-return-address-key"="a_key" { +; CHECK-LABEL: a: // @a +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autiasp + ret void +; CHECK: .cfi_endproc +} + +define void @b() "sign-return-address"="all" { +; CHECK-LABEL: b: // @b +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autiasp + ret void +; CHECK: .cfi_endproc +} + +define void @c() "sign-return-address"="all" { +; CHECK-LABEL: c: // @c +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autiasp + ret void +; CHECK: .cfi_endproc +} + +; CHECK-LABEL: OUTLINED_FUNCTION_0: +; CHECK: paciasp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: autiasp +; CHECK-NEXT: ret diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-b.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-b.ll new file mode 100644 index 0000000..a990a63 --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-same-scope-same-key-b.ll @@ -0,0 +1,75 @@ +; RUN: llc -verify-machineinstrs -enable-machine-outliner -mtriple \ +; RUN: aarch64-arm-none-eabi %s -o - | FileCheck %s + +define void @a() "sign-return-address"="all" "sign-return-address-key"="b_key" { +; CHECK-LABEL: a: // @a +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autibsp + ret void +; CHECK: .cfi_endproc +} + +define void @b() "sign-return-address"="all" "sign-return-address-key"="b_key" { +; CHECK-LABEL: b: // @b +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autibsp + ret void +; CHECK: .cfi_endproc +} + +define void @c() "sign-return-address"="all" "sign-return-address-key"="b_key" { +; CHECK-LABEL: c: // @c +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autibsp + ret void +; CHECK: .cfi_endproc +} + +; CHECK-LABEL: OUTLINED_FUNCTION_0: +; CHECK: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: autibsp +; CHECK-NEXT: ret diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-subtarget.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-subtarget.ll new file mode 100644 index 0000000..c2bb291 --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-subtarget.ll @@ -0,0 +1,87 @@ +; RUN: llc -verify-machineinstrs -enable-machine-outliner -mtriple \ +; RUN: aarch64-arm-linux-gnu %s -o - | FileCheck %s + +; Check that functions that should sign their return addresses don't get +; outlined if not all of the function either support v8.3a features or all of +; the functions don't!! + +define void @a() #0 { +; CHECK-LABEL: a: // @a +; CHECK: // %bb.0: +; CHECK-NEXT: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK-NOT: OUTLINED_FUNCTION_ + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: retab +; CHECK-NOT: auti[a,b]sp + ret void +} + +define void @b() #0 { +; CHECK-LABEL: b: // @b +; CHECK: // %bb.0: +; CHECK-NEXT: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK-NOT: OUTLINED_FUNCTION_ + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: retab +; CHECK-NOT: auti[a,b]sp + ret void +} + +define void @c() #1 { +; CHECK-LABEL: c: // @c +; CHECK: // %bb.0: +; CHECK-NEXT: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK-NOT: OUTLINED_FUNCTION_ + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: autibsp +; CHECK-NOT: ret{{[a,b]}} + ret void +} + +attributes #0 = { "sign-return-address"="all" + "sign-return-address-key"="b_key" + "target-features"="+v8.3a" } + +attributes #1 = { "sign-return-address"="all" + "sign-return-address-key"="b_key" } + +; CHECK-NOT: OUTLINED_FUNCTION_ diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-thunk.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-thunk.ll new file mode 100644 index 0000000..7d1dceb --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-thunk.ll @@ -0,0 +1,67 @@ +; RUN: llc -mtriple aarch64-arm-linux-gnu --enable-machine-outliner \ +; RUN: -verify-machineinstrs %s -o - | FileCheck %s + +declare i32 @thunk_called_fn(i32, i32, i32, i32) + +define i32 @a() #0 { +; CHECK-LABEL: a: // @a +; CHECK: // %bb.0: // %entry +; CHECK-NEXT: paciasp +; CHECK: bl [[OUTLINED_1:OUTLINED_FUNCTION_[0-9]+]] +; CHECK: autiasp +; CHECK-NEXT: ret +entry: + %call = tail call i32 @thunk_called_fn(i32 1, i32 2, i32 3, i32 4) + %cx = add i32 %call, 8 + ret i32 %cx +} + +define i32 @b() #0 { +; CHECK-LABEL: b: // @b +; CHECK: // %bb.0: // %entry +; CHECK-NEXT: paciasp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: bl [[OUTLINED_1]] +; CHECK: autiasp +; CHECK-NEXT: ret +entry: + %call = tail call i32 @thunk_called_fn(i32 1, i32 2, i32 3, i32 4) + %cx = add i32 %call, 88 + ret i32 %cx +} + +define hidden i32 @c(i32 (i32, i32, i32, i32)* %fptr) #0 { +; CHECK-LABEL: c: // @c +; CHECK: // %bb.0: // %entry +; CHECK-NEXT: paciasp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: bl [[OUTLINED_2:OUTLINED_FUNCTION_[0-9]+]] +; CHECK: autiasp +; CHECK-NEXT: ret +entry: + %call = tail call i32 %fptr(i32 1, i32 2, i32 3, i32 4) + %add = add nsw i32 %call, 8 + ret i32 %add +} + +define hidden i32 @d(i32 (i32, i32, i32, i32)* %fptr) #0 { +; CHECK-LABEL: d: // @d +; CHECK: // %bb.0: // %entry +; CHECK-NEXT: paciasp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: bl [[OUTLINED_2]] +; CHECK: autiasp +; CHECK-NEXT: ret +entry: + %call = tail call i32 %fptr(i32 1, i32 2, i32 3, i32 4) + %add = add nsw i32 %call, 88 + ret i32 %add +} + +attributes #0 = { "sign-return-address"="non-leaf" } + +; CHECK: [[OUTLINED_1]] +; CHECK-NOT: .cfi_b_key_frame +; CHECK-NOT: paci{{[a,b]}}sp +; CHECK-NOT: .cfi_negate_ra_state +; CHECK-NOT: auti{{[a,b]}}sp diff --git a/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-v8-3.ll b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-v8-3.ll new file mode 100644 index 0000000..4961535 --- /dev/null +++ b/llvm/test/CodeGen/AArch64/machine-outliner-retaddr-sign-v8-3.ll @@ -0,0 +1,89 @@ +; RUN: llc -verify-machineinstrs -enable-machine-outliner -mtriple \ +; RUN: aarch64-arm-linux-gnu %s -o - | FileCheck %s + +; Check that outlined functions use the dedicated RETAA/RETAB instructions +; to sign their return address if available. + +define void @a() #0 { +; CHECK-LABEL: a: // @a +; CHECK: // %bb.0: +; CHECK-NEXT: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: bl [[OUTLINED_FUNC:OUTLINED_FUNCTION_[0-9]+]] + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: retab +; CHECK-NOT: auti[a,b]sp + ret void +} + +define void @b() #0 { +; CHECK-LABEL: b: // @b +; CHECK: // %bb.0: +; CHECK-NEXT: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: bl OUTLINED_FUNC + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: retab +; CHECK-NOT: auti[a,b]sp + ret void +} + +define void @c() #0 { +; CHECK-LABEL: c: // @c +; CHECK: // %bb.0: +; CHECK-NEXT: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: bl OUTLINED_FUNC + %1 = alloca i32, align 4 + %2 = alloca i32, align 4 + %3 = alloca i32, align 4 + %4 = alloca i32, align 4 + %5 = alloca i32, align 4 + %6 = alloca i32, align 4 + store i32 1, i32* %1, align 4 + store i32 2, i32* %2, align 4 + store i32 3, i32* %3, align 4 + store i32 4, i32* %4, align 4 + store i32 5, i32* %5, align 4 + store i32 6, i32* %6, align 4 +; CHECK: retab +; CHECK-NOT: auti[a,b]sp + ret void +} + +attributes #0 = { "sign-return-address"="all" + "sign-return-address-key"="b_key" + "target-features"="+v8.3a" } + +; CHECK: OUTLINED_FUNC +; CHECK: // %bb.0: +; CHECK-NEXT: .cfi_b_key_frame +; CHECK-NEXT: pacibsp +; CHECK-NEXT: .cfi_negate_ra_state +; CHECK: retab +; CHECK-NOT: auti[a,b]sp -- 2.7.4