From e3446017ed82fe7f3158c892d65eb4ded24bafe8 Mon Sep 17 00:00:00 2001 From: Vlad Tsyrklevich Date: Wed, 4 Apr 2018 01:21:16 +0000 Subject: [PATCH] Add the ShadowCallStack pass Summary: The ShadowCallStack pass instruments functions marked with the shadowcallstack attribute. The instrumented prolog saves the return address to [gs:offset] where offset is stored and updated in [gs:0]. The instrumented epilog loads/updates the return address from [gs:0] and checks that it matches the return address on the stack before returning. Reviewers: pcc, vitalybuka Reviewed By: pcc Subscribers: cryptoad, eugenis, craig.topper, mgorny, llvm-commits, kcc Differential Revision: https://reviews.llvm.org/D44802 llvm-svn: 329139 --- llvm/lib/Target/X86/CMakeLists.txt | 1 + llvm/lib/Target/X86/ShadowCallStack.cpp | 325 ++++++++++++++++++++++++++++ llvm/lib/Target/X86/X86.h | 5 + llvm/lib/Target/X86/X86TargetMachine.cpp | 3 + llvm/test/CodeGen/X86/O0-pipeline.ll | 1 + llvm/test/CodeGen/X86/O3-pipeline.ll | 1 + llvm/test/CodeGen/X86/shadow-call-stack.mir | 204 +++++++++++++++++ 7 files changed, 540 insertions(+) create mode 100644 llvm/lib/Target/X86/ShadowCallStack.cpp create mode 100644 llvm/test/CodeGen/X86/shadow-call-stack.mir diff --git a/llvm/lib/Target/X86/CMakeLists.txt b/llvm/lib/Target/X86/CMakeLists.txt index bbf1f88..eb91a4c 100644 --- a/llvm/lib/Target/X86/CMakeLists.txt +++ b/llvm/lib/Target/X86/CMakeLists.txt @@ -21,6 +21,7 @@ endif() add_public_tablegen_target(X86CommonTableGen) set(sources + ShadowCallStack.cpp X86AsmPrinter.cpp X86CallFrameOptimization.cpp X86CallingConv.cpp diff --git a/llvm/lib/Target/X86/ShadowCallStack.cpp b/llvm/lib/Target/X86/ShadowCallStack.cpp new file mode 100644 index 0000000..a95e407 --- /dev/null +++ b/llvm/lib/Target/X86/ShadowCallStack.cpp @@ -0,0 +1,325 @@ +//===------- ShadowCallStack.cpp - Shadow Call Stack pass -----------------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// The ShadowCallStack pass instruments function prologs/epilogs to check that +// the return address has not been corrupted during the execution of the +// function. The return address is stored in a 'shadow call stack' addressed +// using the %gs segment register. +// +//===----------------------------------------------------------------------===// + +#include "X86.h" +#include "X86InstrBuilder.h" +#include "X86InstrInfo.h" +#include "X86Subtarget.h" + +#include "llvm/CodeGen/MachineFunction.h" +#include "llvm/CodeGen/MachineFunctionPass.h" +#include "llvm/CodeGen/MachineInstrBuilder.h" +#include "llvm/CodeGen/MachineModuleInfo.h" +#include "llvm/CodeGen/MachineRegisterInfo.h" +#include "llvm/CodeGen/Passes.h" +#include "llvm/Pass.h" +#include "llvm/Support/raw_ostream.h" +#include "llvm/Target/TargetInstrInfo.h" + +using namespace llvm; + +namespace llvm { +void initializeShadowCallStackPass(PassRegistry &); +} + +namespace { + +class ShadowCallStack : public MachineFunctionPass { +public: + static char ID; + + ShadowCallStack() : MachineFunctionPass(ID) { + initializeShadowCallStackPass(*PassRegistry::getPassRegistry()); + } + + void getAnalysisUsage(AnalysisUsage &AU) const override { + MachineFunctionPass::getAnalysisUsage(AU); + } + + bool runOnMachineFunction(MachineFunction &Fn) override; + +private: + // Do not instrument leaf functions with this many or fewer instructions. The + // shadow call stack instrumented prolog/epilog are slightly race-y reading + // and checking the saved return address, so it is better to not instrument + // functions that have fewer instructions than the instrumented prolog/epilog + // race. + static const size_t SkipLeafInstructions = 3; +}; + +char ShadowCallStack::ID = 0; +} // end anonymous namespace. + +static void addProlog(MachineFunction &Fn, const TargetInstrInfo *TII, + MachineBasicBlock &MBB, const DebugLoc &DL); +static void addPrologLeaf(MachineFunction &Fn, const TargetInstrInfo *TII, + MachineBasicBlock &MBB, const DebugLoc &DL, + MCPhysReg FreeRegister); + +static void addEpilog(const TargetInstrInfo *TII, MachineBasicBlock &MBB, + MachineInstr &MI, MachineBasicBlock &TrapBB); +static void addEpilogLeaf(const TargetInstrInfo *TII, MachineBasicBlock &MBB, + MachineInstr &MI, MachineBasicBlock &TrapBB, + MCPhysReg FreeRegister); +// Generate a longer epilog that only uses r10 when a tailcall branches to r11. +static void addEpilogOnlyR10(const TargetInstrInfo *TII, MachineBasicBlock &MBB, + MachineInstr &MI, MachineBasicBlock &TrapBB); + +// Helper function to add ModR/M references for [Seg: Reg + Offset] memory +// accesses +static inline const MachineInstrBuilder & +addSegmentedMem(const MachineInstrBuilder &MIB, MCPhysReg Seg, MCPhysReg Reg, + int Offset = 0) { + return MIB.addReg(Reg).addImm(1).addReg(0).addImm(Offset).addReg(Seg); +} + +static void addProlog(MachineFunction &Fn, const TargetInstrInfo *TII, + MachineBasicBlock &MBB, const DebugLoc &DL) { + const MCPhysReg ReturnReg = X86::R10; + const MCPhysReg OffsetReg = X86::R11; + + auto MBBI = MBB.begin(); + // mov r10, [rsp] + addDirectMem(BuildMI(MBB, MBBI, DL, TII->get(X86::MOV64rm)).addDef(ReturnReg), + X86::RSP); + // xor r11, r11 + BuildMI(MBB, MBBI, DL, TII->get(X86::XOR64rr)) + .addDef(OffsetReg) + .addReg(OffsetReg, RegState::Undef) + .addReg(OffsetReg, RegState::Undef); + // add QWORD [gs:r11], 8 + addSegmentedMem(BuildMI(MBB, MBBI, DL, TII->get(X86::ADD64mi8)), X86::GS, + OffsetReg) + .addImm(8); + // mov r11, [gs:r11] + addSegmentedMem( + BuildMI(MBB, MBBI, DL, TII->get(X86::MOV64rm)).addDef(OffsetReg), X86::GS, + OffsetReg); + // mov [gs:r11], r10 + addSegmentedMem(BuildMI(MBB, MBBI, DL, TII->get(X86::MOV64mr)), X86::GS, + OffsetReg) + .addReg(ReturnReg); +} + +static void addPrologLeaf(MachineFunction &Fn, const TargetInstrInfo *TII, + MachineBasicBlock &MBB, const DebugLoc &DL, + MCPhysReg FreeRegister) { + // mov REG, [rsp] + addDirectMem(BuildMI(MBB, MBB.begin(), DL, TII->get(X86::MOV64rm)) + .addDef(FreeRegister), + X86::RSP); +} + +static void addEpilog(const TargetInstrInfo *TII, MachineBasicBlock &MBB, + MachineInstr &MI, MachineBasicBlock &TrapBB) { + const DebugLoc &DL = MI.getDebugLoc(); + + // xor r11, r11 + BuildMI(MBB, MI, DL, TII->get(X86::XOR64rr)) + .addDef(X86::R11) + .addReg(X86::R11, RegState::Undef) + .addReg(X86::R11, RegState::Undef); + // mov r10, [gs:r11] + addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10), + X86::GS, X86::R11); + // mov r10, [gs:r10] + addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10), + X86::GS, X86::R10); + // sub QWORD [gs:r11], 8 + // This instruction should not be moved up to avoid a signal race. + addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::SUB64mi8)), + X86::GS, X86::R11) + .addImm(8); + // cmp [rsp], r10 + addDirectMem(BuildMI(MBB, MI, DL, TII->get(X86::CMP64mr)), X86::RSP) + .addReg(X86::R10); + // jne trap + BuildMI(MBB, MI, DL, TII->get(X86::JNE_1)).addMBB(&TrapBB); + MBB.addSuccessor(&TrapBB); +} + +static void addEpilogLeaf(const TargetInstrInfo *TII, MachineBasicBlock &MBB, + MachineInstr &MI, MachineBasicBlock &TrapBB, + MCPhysReg FreeRegister) { + const DebugLoc &DL = MI.getDebugLoc(); + + // cmp [rsp], REG + addDirectMem(BuildMI(MBB, MI, DL, TII->get(X86::CMP64mr)), X86::RSP) + .addReg(FreeRegister); + // jne trap + BuildMI(MBB, MI, DL, TII->get(X86::JNE_1)).addMBB(&TrapBB); + MBB.addSuccessor(&TrapBB); +} + +static void addEpilogOnlyR10(const TargetInstrInfo *TII, MachineBasicBlock &MBB, + MachineInstr &MI, MachineBasicBlock &TrapBB) { + const DebugLoc &DL = MI.getDebugLoc(); + + // xor r10, r10 + BuildMI(MBB, MI, DL, TII->get(X86::XOR64rr)) + .addDef(X86::R10) + .addReg(X86::R10, RegState::Undef) + .addReg(X86::R10, RegState::Undef); + // mov r10, [gs:r10] + addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10), + X86::GS, X86::R10); + // mov r10, [gs:r10] + addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::MOV64rm)).addDef(X86::R10), + X86::GS, X86::R10); + // sub QWORD [gs:0], 8 + // This instruction should not be moved up to avoid a signal race. + addSegmentedMem(BuildMI(MBB, MI, DL, TII->get(X86::SUB64mi8)), X86::GS, 0) + .addImm(8); + // cmp [rsp], r10 + addDirectMem(BuildMI(MBB, MI, DL, TII->get(X86::CMP64mr)), X86::RSP) + .addReg(X86::R10); + // jne trap + BuildMI(MBB, MI, DL, TII->get(X86::JNE_1)).addMBB(&TrapBB); + MBB.addSuccessor(&TrapBB); +} + +bool ShadowCallStack::runOnMachineFunction(MachineFunction &Fn) { + if (!Fn.getFunction().hasFnAttribute(Attribute::ShadowCallStack) || + Fn.getFunction().hasFnAttribute(Attribute::Naked)) + return false; + + if (Fn.empty() || !Fn.getRegInfo().tracksLiveness()) + return false; + + // FIXME: Skip functions that have r10 or r11 live on entry (r10 can be live + // on entry for parameters with the nest attribute.) + if (Fn.front().isLiveIn(X86::R10) || Fn.front().isLiveIn(X86::R11)) + return false; + + // FIXME: Skip functions with conditional and r10 tail calls for now. + bool HasReturn = false; + for (auto &MBB : Fn) { + if (MBB.empty()) + continue; + + const MachineInstr &MI = MBB.instr_back(); + if (MI.isReturn()) + HasReturn = true; + + if (MI.isReturn() && MI.isCall()) { + if (MI.findRegisterUseOperand(X86::EFLAGS)) + return false; + // This should only be possible on Windows 64 (see GR64_TC versus + // GR64_TCW64.) + if (MI.findRegisterUseOperand(X86::R10) || + MI.hasRegisterImplicitUseOperand(X86::R10)) + return false; + } + } + + if (!HasReturn) + return false; + + // For leaf functions: + // 1. Do not instrument very short functions where it would not improve that + // function's security. + // 2. Detect if there is an unused caller-saved register we can reserve to + // hold the return address instead of writing/reading it from the shadow + // call stack. + MCPhysReg LeafFuncRegister = X86::NoRegister; + if (!Fn.getFrameInfo().adjustsStack()) { + size_t InstructionCount = 0; + std::bitset UsedRegs; + for (auto &MBB : Fn) { + for (auto &LiveIn : MBB.liveins()) + UsedRegs.set(LiveIn.PhysReg); + for (auto &MI : MBB) { + InstructionCount++; + for (auto &Op : MI.operands()) + if (Op.isReg() && Op.isDef()) + UsedRegs.set(Op.getReg()); + } + } + + if (InstructionCount <= SkipLeafInstructions) + return false; + + std::bitset CalleeSavedRegs; + const MCPhysReg *CSRegs = Fn.getRegInfo().getCalleeSavedRegs(); + for (size_t i = 0; CSRegs[i]; i++) + CalleeSavedRegs.set(CSRegs[i]); + + const TargetRegisterInfo *TRI = Fn.getSubtarget().getRegisterInfo(); + for (auto &Reg : X86::GR64_NOSPRegClass.getRegisters()) { + // FIXME: Optimization opportunity: spill/restore a callee-saved register + // if a caller-saved register is unavailable. + if (CalleeSavedRegs.test(Reg)) + continue; + + bool Used = false; + for (MCSubRegIterator SR(Reg, TRI, true); SR.isValid(); ++SR) + if ((Used = UsedRegs.test(*SR))) + break; + + if (!Used) { + LeafFuncRegister = Reg; + break; + } + } + } + + const bool LeafFuncOptimization = LeafFuncRegister != X86::NoRegister; + if (LeafFuncOptimization) + // Mark the leaf function register live-in for all MBBs except the entry MBB + for (auto I = ++Fn.begin(), E = Fn.end(); I != E; ++I) + I->addLiveIn(LeafFuncRegister); + + MachineBasicBlock &MBB = Fn.front(); + const MachineBasicBlock *NonEmpty = MBB.empty() ? MBB.getFallThrough() : &MBB; + const DebugLoc &DL = NonEmpty->front().getDebugLoc(); + + const TargetInstrInfo *TII = Fn.getSubtarget().getInstrInfo(); + if (LeafFuncOptimization) + addPrologLeaf(Fn, TII, MBB, DL, LeafFuncRegister); + else + addProlog(Fn, TII, MBB, DL); + + MachineBasicBlock *Trap = nullptr; + for (auto &MBB : Fn) { + if (MBB.empty()) + continue; + + MachineInstr &MI = MBB.instr_back(); + if (MI.isReturn()) { + if (!Trap) { + Trap = Fn.CreateMachineBasicBlock(); + BuildMI(Trap, MI.getDebugLoc(), TII->get(X86::TRAP)); + Fn.push_back(Trap); + } + + if (LeafFuncOptimization) + addEpilogLeaf(TII, MBB, MI, *Trap, LeafFuncRegister); + else if (MI.findRegisterUseOperand(X86::R11)) + addEpilogOnlyR10(TII, MBB, MI, *Trap); + else + addEpilog(TII, MBB, MI, *Trap); + } + } + + return true; +} + +INITIALIZE_PASS(ShadowCallStack, "shadow-call-stack", "Shadow Call Stack", + false, false) + +FunctionPass *llvm::createShadowCallStackPass() { + return new ShadowCallStack(); +} diff --git a/llvm/lib/Target/X86/X86.h b/llvm/lib/Target/X86/X86.h index 8f49cd5..90eac73 100644 --- a/llvm/lib/Target/X86/X86.h +++ b/llvm/lib/Target/X86/X86.h @@ -50,6 +50,11 @@ FunctionPass *createX86FloatingPointStackifierPass(); /// transition penalty between functions encoded with AVX and SSE. FunctionPass *createX86IssueVZeroUpperPass(); +/// This pass instruments the function prolog to save the return address to a +/// 'shadow call stack' and the function epilog to check that the return address +/// did not change during function execution. +FunctionPass *createShadowCallStackPass(); + /// This pass inserts ENDBR instructions before indirect jump/call /// destinations as part of CET IBT mechanism. FunctionPass *createX86IndirectBranchTrackingPass(); diff --git a/llvm/lib/Target/X86/X86TargetMachine.cpp b/llvm/lib/Target/X86/X86TargetMachine.cpp index c932075..fe901fc 100644 --- a/llvm/lib/Target/X86/X86TargetMachine.cpp +++ b/llvm/lib/Target/X86/X86TargetMachine.cpp @@ -58,6 +58,7 @@ namespace llvm { void initializeWinEHStatePassPass(PassRegistry &); void initializeFixupLEAPassPass(PassRegistry &); +void initializeShadowCallStackPass(PassRegistry &); void initializeX86CallFrameOptimizationPass(PassRegistry &); void initializeX86CmovConverterPassPass(PassRegistry &); void initializeX86ExecutionDomainFixPass(PassRegistry &); @@ -77,6 +78,7 @@ extern "C" void LLVMInitializeX86Target() { initializeFixupBWInstPassPass(PR); initializeEvexToVexInstPassPass(PR); initializeFixupLEAPassPass(PR); + initializeShadowCallStackPass(PR); initializeX86CallFrameOptimizationPass(PR); initializeX86CmovConverterPassPass(PR); initializeX86ExecutionDomainFixPass(PR); @@ -473,6 +475,7 @@ void X86PassConfig::addPreEmitPass() { addPass(createBreakFalseDeps()); } + addPass(createShadowCallStackPass()); addPass(createX86IndirectBranchTrackingPass()); if (UseVZeroUpper) diff --git a/llvm/test/CodeGen/X86/O0-pipeline.ll b/llvm/test/CodeGen/X86/O0-pipeline.ll index 2628ca3..3c0a626 100644 --- a/llvm/test/CodeGen/X86/O0-pipeline.ll +++ b/llvm/test/CodeGen/X86/O0-pipeline.ll @@ -49,6 +49,7 @@ ; CHECK-NEXT: Post-RA pseudo instruction expansion pass ; CHECK-NEXT: X86 pseudo instruction expansion pass ; CHECK-NEXT: Analyze Machine Code For Garbage Collection +; CHECK-NEXT: Shadow Call Stack ; CHECK-NEXT: X86 Indirect Branch Tracking ; CHECK-NEXT: X86 vzeroupper inserter ; CHECK-NEXT: Contiguously Lay Out Funclets diff --git a/llvm/test/CodeGen/X86/O3-pipeline.ll b/llvm/test/CodeGen/X86/O3-pipeline.ll index 8ad2c6a..42e5f39 100644 --- a/llvm/test/CodeGen/X86/O3-pipeline.ll +++ b/llvm/test/CodeGen/X86/O3-pipeline.ll @@ -142,6 +142,7 @@ ; CHECK-NEXT: ReachingDefAnalysis ; CHECK-NEXT: X86 Execution Dependency Fix ; CHECK-NEXT: BreakFalseDeps +; CHECK-NEXT: Shadow Call Stack ; CHECK-NEXT: X86 Indirect Branch Tracking ; CHECK-NEXT: X86 vzeroupper inserter ; CHECK-NEXT: MachineDominator Tree Construction diff --git a/llvm/test/CodeGen/X86/shadow-call-stack.mir b/llvm/test/CodeGen/X86/shadow-call-stack.mir new file mode 100644 index 0000000..485b970 --- /dev/null +++ b/llvm/test/CodeGen/X86/shadow-call-stack.mir @@ -0,0 +1,204 @@ +# RUN: llc -mtriple=x86_64-unknown-linux-gnu -run-pass shadow-call-stack -verify-machineinstrs -o - %s | FileCheck %s +--- | + + define void @no_return() #0 { ret void } + define void @normal_return() #0 { ret void } + define void @normal_return_leaf_func() #0 { ret void } + define void @short_leaf_func() #0 { ret void } + define void @normal_tail_call() #0 { ret void } + define void @r11_tail_call() #0 { ret void } + define void @conditional_tail_call() #0 { ret void } + define void @r10_live_in() #0 { ret void } + + attributes #0 = { shadowcallstack } + +... +--- +# CHECK-LABEL: name: no_return +name: no_return +tracksRegLiveness: true +frameInfo: + adjustsStack: true # not a leaf function +body: | + ; CHECK: bb.0: + bb.0: + ; CHECK-NEXT: $eax = MOV32ri 13 + $eax = MOV32ri 13 +... +--- +# CHECK-LABEL: name: normal_return +name: normal_return +tracksRegLiveness: true +frameInfo: + adjustsStack: true # not a leaf function +body: | + ; CHECK: bb.0: + bb.0: + ; CHECK: $r10 = MOV64rm $rsp, 1, $noreg, 0, $noreg + ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags + ; CHECK-NEXT: ADD64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags + ; CHECK-NEXT: $r11 = MOV64rm $r11, 1, $noreg, 0, $gs + ; CHECK-NEXT: MOV64mr $r11, 1, $noreg, 0, $gs, $r10 + ; CHECK-NEXT: $eax = MOV32ri 13 + $eax = MOV32ri 13 + + ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags + ; CHECK-NEXT: $r10 = MOV64rm $r11, 1, $noreg, 0, $gs + ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs + ; CHECK-NEXT: SUB64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags + ; CHECK-NEXT: CMP64mr $rsp, 1, $noreg, 0, $noreg, $r10, implicit-def $eflags + ; CHECK-NEXT: JNE_1 %bb.1, implicit $eflags + ; CHECK-NEXT: RETQ $eax + RETQ $eax + + ; CHECK: bb.1: + ; CHECK-NEXT; TRAP +... +--- +# CHECK-LABEL: name: normal_return_leaf_func +name: normal_return_leaf_func +tracksRegLiveness: true +frameInfo: + adjustsStack: false # leaf function +body: | + ; CHECK: bb.0: + ; CHECK: liveins: $rcx + bb.0: + liveins: $rcx + + ; CHECK: $rdx = MOV64rm $rsp, 1, $noreg, 0, $noreg + ; CHECK-NEXT: $eax = MOV32ri 0 + $eax = MOV32ri 0 + ; CHECK-NEXT: CMP64ri8 $rcx, 5, implicit-def $eflags + CMP64ri8 $rcx, 5, implicit-def $eflags + ; CHECK-NEXT: JA_1 %bb.1, implicit $eflags + JA_1 %bb.1, implicit $eflags + ; CHECK-NEXT: JMP_1 %bb.2 + JMP_1 %bb.2 + + ; CHECK: bb.1 + ; CHECK: liveins: $eax, $rdx + bb.1: + liveins: $eax + + ; CHECKT: $eax = MOV32ri 1 + $eax = MOV32ri 1 + + ; CHECK: bb.2 + ; CHECK: liveins: $eax, $rdx + bb.2: + liveins: $eax + + ; CHECK: CMP64mr $rsp, 1, $noreg, 0, $noreg, $rdx, implicit-def $eflags + ; CHECK-NEXT: JNE_1 %bb.3, implicit $eflags + ; CHECK-NEXT: RETQ $eax + RETQ $eax + + ; CHECK: bb.3: + ; CHECK-NEXT; TRAP +... +--- +# CHECK-LABEL: name: short_leaf_func +name: short_leaf_func +tracksRegLiveness: true +frameInfo: + adjustsStack: false # leaf function +body: | + ; CHECK: bb.0: + bb.0: + ; CHECK: $eax = MOV32ri 13 + $eax = MOV32ri 13 + + ; CHECK-NEXT: RETQ $eax + RETQ $eax +... +--- +# CHECK-LABEL: name: normal_tail_call +name: normal_tail_call +tracksRegLiveness: true +frameInfo: + adjustsStack: true # not a leaf function +body: | + ; CHECK: bb.0: + bb.0: + ; CHECK: $r10 = MOV64rm $rsp, 1, $noreg, 0, $noreg + ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags + ; CHECK-NEXT: ADD64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags + ; CHECK-NEXT: $r11 = MOV64rm $r11, 1, $noreg, 0, $gs + ; CHECK-NEXT: MOV64mr $r11, 1, $noreg, 0, $gs, $r10 + ; CHECK-NEXT: $eax = MOV32ri 13 + $eax = MOV32ri 13 + + ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags + ; CHECK-NEXT: $r10 = MOV64rm $r11, 1, $noreg, 0, $gs + ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs + ; CHECK-NEXT: SUB64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags + ; CHECK-NEXT: CMP64mr $rsp, 1, $noreg, 0, $noreg, $r10, implicit-def $eflags + ; CHECK-NEXT: JNE_1 %bb.1, implicit $eflags + ; CHECK-NEXT: TAILJMPr64 $rax + TAILJMPr64 $rax + + ; CHECK: bb.1: + ; CHECK-NEXT; TRAP +... +--- +# CHECK-LABEL: name: r11_tail_call +name: r11_tail_call +tracksRegLiveness: true +frameInfo: + adjustsStack: true # not a leaf function +body: | + ; CHECK: bb.0: + bb.0: + ; CHECK: $r10 = MOV64rm $rsp, 1, $noreg, 0, $noreg + ; CHECK-NEXT: $r11 = XOR64rr undef $r11, undef $r11, implicit-def $eflags + ; CHECK-NEXT: ADD64mi8 $r11, 1, $noreg, 0, $gs, 8, implicit-def $eflags + ; CHECK-NEXT: $r11 = MOV64rm $r11, 1, $noreg, 0, $gs + ; CHECK-NEXT: MOV64mr $r11, 1, $noreg, 0, $gs, $r10 + ; CHECK-NEXT: $eax = MOV32ri 13 + $eax = MOV32ri 13 + + ; CHECK-NEXT: $r10 = XOR64rr undef $r10, undef $r10, implicit-def $eflags + ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs + ; CHECK-NEXT: $r10 = MOV64rm $r10, 1, $noreg, 0, $gs + ; CHECK-NEXT: SUB64mi8 $noreg, 1, $noreg, 0, $gs, 8, implicit-def $eflags + ; CHECK-NEXT: CMP64mr $rsp, 1, $noreg, 0, $noreg, $r10, implicit-def $eflags + ; CHECK-NEXT: JNE_1 %bb.1, implicit $eflags + ; CHECK-NEXT: TAILJMPr64 undef $r11 + TAILJMPr64 undef $r11 + + ; CHECK: bb.1: + ; CHECK-NEXT; TRAP +... +--- +# CHECK-LABEL: name: conditional_tail_call +name: conditional_tail_call +tracksRegLiveness: true +frameInfo: + adjustsStack: true # not a leaf function +body: | + ; CHECK: bb.0: + bb.0: + ; CHECK: $eax = MOV32ri 13 + $eax = MOV32ri 13 + + ; CHECK-NEXT: TAILJMPd64_CC @conditional_tail_call, undef $eflags + TAILJMPd64_CC @conditional_tail_call, undef $eflags +... +--- +# CHECK-LABEL: name: r10_live_in +name: r10_live_in +tracksRegLiveness: true +frameInfo: + adjustsStack: true # not a leaf function +body: | + ; CHECK: bb.0: + ; CHECK: liveins: $r10 + bb.0: + liveins: $r10 + + ; CHECK: $eax = MOV32ri 13 + $eax = MOV32ri 13 + ; CHECK-NEXT: RETQ $eax + RETQ $eax +... -- 2.7.4