RPCS3/llvm-mirror
1
0
Fork 0
mirror of https://github.com/RPCS3/llvm-mirror.git synced 2025-01-31 12:41:49 +01:00
Code Issues Projects Releases Wiki Activity

Convert files added in d157a9bc8ba1 to unix line endings.

Browse Source 
Ran:
    git show  --diff-filter=A --stat d157a9bc8ba1 | grep '|' | \
    awk '{ print $1 }' | xargs dos2unix
This commit is contained in:
Nico Weber 2019-10-28 14:39:45 -04:00
parent 3ac69e43e9
commit d4711b7f30
11 changed files with 1121 additions and 1121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

238
lib/CodeGen/CFGuardLongjmp.cpp
View File

@ -1,119 +1,119 @@
//===-- CFGuardLongjmp.cpp - Longjmp symbols for CFGuard --------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
///
/// \file
/// This file contains a machine function pass to insert a symbol after each
/// call to _setjmp and store this in the MachineFunction's LongjmpTargets
/// vector. This will be used to emit the table of valid longjmp targets used
/// by Control Flow Guard.
///
//===----------------------------------------------------------------------===//
#include "llvm/ADT/Statistic.h"
#include "llvm/CodeGen/MachineBasicBlock.h"
#include "llvm/CodeGen/MachineFunctionPass.h"
#include "llvm/CodeGen/MachineInstr.h"
#include "llvm/CodeGen/MachineModuleInfo.h"
#include "llvm/CodeGen/MachineOperand.h"
#include "llvm/CodeGen/Passes.h"
using namespace llvm;
#define DEBUG_TYPE "cfguard-longjmp"
STATISTIC(CFGuardLongjmpTargets,
"Number of Control Flow Guard longjmp targets");
namespace {
/// MachineFunction pass to insert a symbol after each call to _setjmp and store
/// this in the MachineFunction's LongjmpTargets vector.
class CFGuardLongjmp : public MachineFunctionPass {
public:
static char ID;
CFGuardLongjmp() : MachineFunctionPass(ID) {
initializeCFGuardLongjmpPass(*PassRegistry::getPassRegistry());
}
StringRef getPassName() const override {
return "Control Flow Guard longjmp targets";
}
bool runOnMachineFunction(MachineFunction &MF) override;
};
} // end anonymous namespace
char CFGuardLongjmp::ID = 0;
INITIALIZE_PASS(CFGuardLongjmp, "CFGuardLongjmp",
"Insert symbols at valid longjmp targets for /guard:cf", false,
false)
FunctionPass *llvm::createCFGuardLongjmpPass() { return new CFGuardLongjmp(); }
bool CFGuardLongjmp::runOnMachineFunction(MachineFunction &MF) {
// Skip modules for which the cfguard flag is not set.
if (!MF.getMMI().getModule()->getModuleFlag("cfguard"))
return false;
// Skip functions that do not have calls to _setjmp.
if (!MF.getFunction().callsFunctionThatReturnsTwice())
return false;
SmallVector<MachineInstr *, 8> SetjmpCalls;
// Iterate over all instructions in the function and add calls to functions
// that return twice to the list of targets.
for (MachineBasicBlock &MBB : MF) {
for (MachineInstr &MI : MBB) {
// Skip instructions that are not calls.
if (!MI.isCall() || MI.getNumOperands() < 1)
continue;
// Iterate over operands to find calls to global functions.
for (MachineOperand &MO : MI.operands()) {
if (!MO.isGlobal())
continue;
auto *F = dyn_cast<Function>(MO.getGlobal());
if (!F)
continue;
// If the instruction calls a function that returns twice, add
// it to the list of targets.
if (F->hasFnAttribute(Attribute::ReturnsTwice)) {
SetjmpCalls.push_back(&MI);
break;
}
}
}
}
if (SetjmpCalls.empty())
return false;
unsigned SetjmpNum = 0;
// For each possible target, create a new symbol and insert it immediately
// after the call to setjmp. Add this symbol to the MachineFunction's list
// of longjmp targets.
for (MachineInstr *Setjmp : SetjmpCalls) {
SmallString<128> SymbolName;
raw_svector_ostream(SymbolName) << "$cfgsj_" << MF.getName() << SetjmpNum++;
MCSymbol *SjSymbol = MF.getContext().getOrCreateSymbol(SymbolName);
Setjmp->setPostInstrSymbol(MF, SjSymbol);
MF.addLongjmpTarget(SjSymbol);
CFGuardLongjmpTargets++;
}
return true;
}
//===-- CFGuardLongjmp.cpp - Longjmp symbols for CFGuard --------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
///
/// \file
/// This file contains a machine function pass to insert a symbol after each
/// call to _setjmp and store this in the MachineFunction's LongjmpTargets
/// vector. This will be used to emit the table of valid longjmp targets used
/// by Control Flow Guard.
///
//===----------------------------------------------------------------------===//
#include "llvm/ADT/Statistic.h"
#include "llvm/CodeGen/MachineBasicBlock.h"
#include "llvm/CodeGen/MachineFunctionPass.h"
#include "llvm/CodeGen/MachineInstr.h"
#include "llvm/CodeGen/MachineModuleInfo.h"
#include "llvm/CodeGen/MachineOperand.h"
#include "llvm/CodeGen/Passes.h"
using namespace llvm;
#define DEBUG_TYPE "cfguard-longjmp"
STATISTIC(CFGuardLongjmpTargets,
"Number of Control Flow Guard longjmp targets");
namespace {
/// MachineFunction pass to insert a symbol after each call to _setjmp and store
/// this in the MachineFunction's LongjmpTargets vector.
class CFGuardLongjmp : public MachineFunctionPass {
public:
static char ID;
CFGuardLongjmp() : MachineFunctionPass(ID) {
initializeCFGuardLongjmpPass(*PassRegistry::getPassRegistry());
}
StringRef getPassName() const override {
return "Control Flow Guard longjmp targets";
}
bool runOnMachineFunction(MachineFunction &MF) override;
};
} // end anonymous namespace
char CFGuardLongjmp::ID = 0;
INITIALIZE_PASS(CFGuardLongjmp, "CFGuardLongjmp",
"Insert symbols at valid longjmp targets for /guard:cf", false,
false)
FunctionPass *llvm::createCFGuardLongjmpPass() { return new CFGuardLongjmp(); }
bool CFGuardLongjmp::runOnMachineFunction(MachineFunction &MF) {
// Skip modules for which the cfguard flag is not set.
if (!MF.getMMI().getModule()->getModuleFlag("cfguard"))
return false;
// Skip functions that do not have calls to _setjmp.
if (!MF.getFunction().callsFunctionThatReturnsTwice())
return false;
SmallVector<MachineInstr *, 8> SetjmpCalls;
// Iterate over all instructions in the function and add calls to functions
// that return twice to the list of targets.
for (MachineBasicBlock &MBB : MF) {
for (MachineInstr &MI : MBB) {
// Skip instructions that are not calls.
if (!MI.isCall() || MI.getNumOperands() < 1)
continue;
// Iterate over operands to find calls to global functions.
for (MachineOperand &MO : MI.operands()) {
if (!MO.isGlobal())
continue;
auto *F = dyn_cast<Function>(MO.getGlobal());
if (!F)
continue;
// If the instruction calls a function that returns twice, add
// it to the list of targets.
if (F->hasFnAttribute(Attribute::ReturnsTwice)) {
SetjmpCalls.push_back(&MI);
break;
}
}
}
}
if (SetjmpCalls.empty())
return false;
unsigned SetjmpNum = 0;
// For each possible target, create a new symbol and insert it immediately
// after the call to setjmp. Add this symbol to the MachineFunction's list
// of longjmp targets.
for (MachineInstr *Setjmp : SetjmpCalls) {
SmallString<128> SymbolName;
raw_svector_ostream(SymbolName) << "$cfgsj_" << MF.getName() << SetjmpNum++;
MCSymbol *SjSymbol = MF.getContext().getOrCreateSymbol(SymbolName);
Setjmp->setPostInstrSymbol(MF, SjSymbol);
MF.addLongjmpTarget(SjSymbol);
CFGuardLongjmpTargets++;
}
return true;
}

612
lib/Transforms/CFGuard/CFGuard.cpp
View File

@ -1,307 +1,307 @@
//===-- CFGuard.cpp - Control Flow Guard checks -----------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
///
/// \file
/// This file contains the IR transform to add Microsoft's Control Flow Guard
/// checks on Windows targets.
///
//===----------------------------------------------------------------------===//
#include "llvm/Transforms/CFGuard.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/Statistic.h"
#include "llvm/ADT/Triple.h"
#include "llvm/IR/CallingConv.h"
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/Instruction.h"
#include "llvm/InitializePasses.h"
#include "llvm/Pass.h"
using namespace llvm;
using OperandBundleDef = OperandBundleDefT<Value *>;
#define DEBUG_TYPE "cfguard"
STATISTIC(CFGuardCounter, "Number of Control Flow Guard checks added");
namespace {
/// Adds Control Flow Guard (CFG) checks on indirect function calls/invokes.
/// These checks ensure that the target address corresponds to the start of an
/// address-taken function. X86_64 targets use the CF_Dispatch mechanism. X86,
/// ARM, and AArch64 targets use the CF_Check machanism.
class CFGuard : public FunctionPass {
public:
static char ID;
enum Mechanism { CF_Check, CF_Dispatch };
// Default constructor required for the INITIALIZE_PASS macro.
CFGuard() : FunctionPass(ID) {
initializeCFGuardPass(*PassRegistry::getPassRegistry());
// By default, use the guard check mechanism.
GuardMechanism = CF_Check;
}
// Recommended constructor used to specify the type of guard mechanism.
CFGuard(Mechanism Var) : FunctionPass(ID) {
initializeCFGuardPass(*PassRegistry::getPassRegistry());
GuardMechanism = Var;
}
/// Inserts a Control Flow Guard (CFG) check on an indirect call using the CFG
/// check mechanism. When the image is loaded, the loader puts the appropriate
/// guard check function pointer in the __guard_check_icall_fptr global
/// symbol. This checks that the target address is a valid address-taken
/// function. The address of the target function is passed to the guard check
/// function in an architecture-specific register (e.g. ECX on 32-bit X86,
/// X15 on Aarch64, and R0 on ARM). The guard check function has no return
/// value (if the target is invalid, the guard check funtion will raise an
/// error).
///
/// For example, the following LLVM IR:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = call i32 %0()
/// \endcode
///
/// is transformed to:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = load void (i8*)*, void (i8*)** @__guard_check_icall_fptr
/// %2 = bitcast i32 ()* %0 to i8*
/// call cfguard_checkcc void %1(i8* %2)
/// %3 = call i32 %0()
/// \endcode
///
/// For example, the following X86 assembly code:
/// \code
/// movl $_target_func, %eax
/// calll *%eax
/// \endcode
///
/// is transformed to:
/// \code
/// movl $_target_func, %ecx
/// calll *___guard_check_icall_fptr
/// calll *%ecx
/// \endcode
///
/// \param CB indirect call to instrument.
void insertCFGuardCheck(CallBase *CB);
/// Inserts a Control Flow Guard (CFG) check on an indirect call using the CFG
/// dispatch mechanism. When the image is loaded, the loader puts the
/// appropriate guard check function pointer in the
/// __guard_dispatch_icall_fptr global symbol. This checks that the target
/// address is a valid address-taken function and, if so, tail calls the
/// target. The target address is passed in an architecture-specific register
/// (e.g. RAX on X86_64), with all other arguments for the target function
/// passed as usual.
///
/// For example, the following LLVM IR:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = call i32 %0()
/// \endcode
///
/// is transformed to:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = load i32 ()*, i32 ()** @__guard_dispatch_icall_fptr
/// %2 = call i32 %1() [ "cfguardtarget"(i32 ()* %0) ]
/// \endcode
///
/// For example, the following X86_64 assembly code:
/// \code
/// leaq target_func(%rip), %rax
/// callq *%rax
/// \endcode
///
/// is transformed to:
/// \code
/// leaq target_func(%rip), %rax
/// callq *__guard_dispatch_icall_fptr(%rip)
/// \endcode
///
/// \param CB indirect call to instrument.
void insertCFGuardDispatch(CallBase *CB);
bool doInitialization(Module &M) override;
bool runOnFunction(Function &F) override;
private:
// Only add checks if the module has the cfguard=2 flag.
int cfguard_module_flag = 0;
Mechanism GuardMechanism = CF_Check;
FunctionType *GuardFnType = nullptr;
PointerType *GuardFnPtrType = nullptr;
Constant *GuardFnGlobal = nullptr;
};
} // end anonymous namespace
void CFGuard::insertCFGuardCheck(CallBase *CB) {
assert(Triple(CB->getModule()->getTargetTriple()).isOSWindows() &&
"Only applicable for Windows targets");
assert(CB->isIndirectCall() &&
"Control Flow Guard checks can only be added to indirect calls");
IRBuilder<> B(CB);
Value *CalledOperand = CB->getCalledOperand();
// Load the global symbol as a pointer to the check function.
LoadInst *GuardCheckLoad = B.CreateLoad(GuardFnPtrType, GuardFnGlobal);
// Create new call instruction. The CFGuard check should always be a call,
// even if the original CallBase is an Invoke or CallBr instruction.
CallInst *GuardCheck =
B.CreateCall(GuardFnType, GuardCheckLoad,
{B.CreateBitCast(CalledOperand, B.getInt8PtrTy())});
// Ensure that the first argument is passed in the correct register
// (e.g. ECX on 32-bit X86 targets).
GuardCheck->setCallingConv(CallingConv::CFGuard_Check);
}
void CFGuard::insertCFGuardDispatch(CallBase *CB) {
assert(Triple(CB->getModule()->getTargetTriple()).isOSWindows() &&
"Only applicable for Windows targets");
assert(CB->isIndirectCall() &&
"Control Flow Guard checks can only be added to indirect calls");
IRBuilder<> B(CB);
Value *CalledOperand = CB->getCalledOperand();
Type *CalledOperandType = CalledOperand->getType();
// Cast the guard dispatch global to the type of the called operand.
PointerType *PTy = PointerType::get(CalledOperandType, 0);
if (GuardFnGlobal->getType() != PTy)
GuardFnGlobal = ConstantExpr::getBitCast(GuardFnGlobal, PTy);
// Load the global as a pointer to a function of the same type.
LoadInst *GuardDispatchLoad = B.CreateLoad(CalledOperandType, GuardFnGlobal);
// Add the original call target as a cfguardtarget operand bundle.
SmallVector<llvm::OperandBundleDef, 1> Bundles;
CB->getOperandBundlesAsDefs(Bundles);
Bundles.emplace_back("cfguardtarget", CalledOperand);
// Create a copy of the call/invoke instruction and add the new bundle.
CallBase *NewCB;
if (CallInst *CI = dyn_cast<CallInst>(CB)) {
NewCB = CallInst::Create(CI, Bundles, CB);
} else {
assert(isa<InvokeInst>(CB) && "Unknown indirect call type");
InvokeInst *II = cast<InvokeInst>(CB);
NewCB = llvm::InvokeInst::Create(II, Bundles, CB);
}
// Change the target of the call to be the guard dispatch function.
NewCB->setCalledOperand(GuardDispatchLoad);
// Replace the original call/invoke with the new instruction.
CB->replaceAllUsesWith(NewCB);
// Delete the original call/invoke.
CB->eraseFromParent();
}
bool CFGuard::doInitialization(Module &M) {
// Check if this module has the cfguard flag and read its value.
if (auto *MD =
mdconst::extract_or_null<ConstantInt>(M.getModuleFlag("cfguard")))
cfguard_module_flag = MD->getZExtValue();
// Skip modules for which CFGuard checks have been disabled.
if (cfguard_module_flag != 2)
return false;
// Set up prototypes for the guard check and dispatch functions.
GuardFnType = FunctionType::get(Type::getVoidTy(M.getContext()),
{Type::getInt8PtrTy(M.getContext())}, false);
GuardFnPtrType = PointerType::get(GuardFnType, 0);
// Get or insert the guard check or dispatch global symbols.
if (GuardMechanism == CF_Check) {
GuardFnGlobal =
M.getOrInsertGlobal("__guard_check_icall_fptr", GuardFnPtrType);
} else {
assert(GuardMechanism == CF_Dispatch && "Invalid CFGuard mechanism");
GuardFnGlobal =
M.getOrInsertGlobal("__guard_dispatch_icall_fptr", GuardFnPtrType);
}
return true;
}
bool CFGuard::runOnFunction(Function &F) {
// Skip modules and functions for which CFGuard checks have been disabled.
if (cfguard_module_flag != 2 || F.hasFnAttribute(Attribute::NoCfCheck))
return false;
SmallVector<CallBase *, 8> IndirectCalls;
// Iterate over the instructions to find all indirect call/invoke/callbr
// instructions. Make a separate list of pointers to indirect
// call/invoke/callbr instructions because the original instructions will be
// deleted as the checks are added.
for (BasicBlock &BB : F.getBasicBlockList()) {
for (Instruction &I : BB.getInstList()) {
auto *CB = dyn_cast<CallBase>(&I);
if (CB && CB->isIndirectCall()) {
IndirectCalls.push_back(CB);
CFGuardCounter++;
}
}
}
// If no checks are needed, return early and add this attribute to indicate
// that subsequent CFGuard passes can skip this function.
if (IndirectCalls.empty()) {
F.addFnAttr(Attribute::NoCfCheck);
return false;
}
// For each indirect call/invoke, add the appropriate dispatch or check.
if (GuardMechanism == CF_Dispatch) {
for (CallBase *CB : IndirectCalls) {
insertCFGuardDispatch(CB);
}
} else {
for (CallBase *CB : IndirectCalls) {
insertCFGuardCheck(CB);
}
}
return true;
}
char CFGuard::ID = 0;
INITIALIZE_PASS(CFGuard, "CFGuard", "CFGuard", false, false)
FunctionPass *llvm::createCFGuardCheckPass() {
return new CFGuard(CFGuard::CF_Check);
}
FunctionPass *llvm::createCFGuardDispatchPass() {
return new CFGuard(CFGuard::CF_Dispatch);
//===-- CFGuard.cpp - Control Flow Guard checks -----------------*- C++ -*-===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//
///
/// \file
/// This file contains the IR transform to add Microsoft's Control Flow Guard
/// checks on Windows targets.
///
//===----------------------------------------------------------------------===//
#include "llvm/Transforms/CFGuard.h"
#include "llvm/ADT/SmallVector.h"
#include "llvm/ADT/Statistic.h"
#include "llvm/ADT/Triple.h"
#include "llvm/IR/CallingConv.h"
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/Instruction.h"
#include "llvm/InitializePasses.h"
#include "llvm/Pass.h"
using namespace llvm;
using OperandBundleDef = OperandBundleDefT<Value *>;
#define DEBUG_TYPE "cfguard"
STATISTIC(CFGuardCounter, "Number of Control Flow Guard checks added");
namespace {
/// Adds Control Flow Guard (CFG) checks on indirect function calls/invokes.
/// These checks ensure that the target address corresponds to the start of an
/// address-taken function. X86_64 targets use the CF_Dispatch mechanism. X86,
/// ARM, and AArch64 targets use the CF_Check machanism.
class CFGuard : public FunctionPass {
public:
static char ID;
enum Mechanism { CF_Check, CF_Dispatch };
// Default constructor required for the INITIALIZE_PASS macro.
CFGuard() : FunctionPass(ID) {
initializeCFGuardPass(*PassRegistry::getPassRegistry());
// By default, use the guard check mechanism.
GuardMechanism = CF_Check;
}
// Recommended constructor used to specify the type of guard mechanism.
CFGuard(Mechanism Var) : FunctionPass(ID) {
initializeCFGuardPass(*PassRegistry::getPassRegistry());
GuardMechanism = Var;
}
/// Inserts a Control Flow Guard (CFG) check on an indirect call using the CFG
/// check mechanism. When the image is loaded, the loader puts the appropriate
/// guard check function pointer in the __guard_check_icall_fptr global
/// symbol. This checks that the target address is a valid address-taken
/// function. The address of the target function is passed to the guard check
/// function in an architecture-specific register (e.g. ECX on 32-bit X86,
/// X15 on Aarch64, and R0 on ARM). The guard check function has no return
/// value (if the target is invalid, the guard check funtion will raise an
/// error).
///
/// For example, the following LLVM IR:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = call i32 %0()
/// \endcode
///
/// is transformed to:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = load void (i8*)*, void (i8*)** @__guard_check_icall_fptr
/// %2 = bitcast i32 ()* %0 to i8*
/// call cfguard_checkcc void %1(i8* %2)
/// %3 = call i32 %0()
/// \endcode
///
/// For example, the following X86 assembly code:
/// \code
/// movl $_target_func, %eax
/// calll *%eax
/// \endcode
///
/// is transformed to:
/// \code
/// movl $_target_func, %ecx
/// calll *___guard_check_icall_fptr
/// calll *%ecx
/// \endcode
///
/// \param CB indirect call to instrument.
void insertCFGuardCheck(CallBase *CB);
/// Inserts a Control Flow Guard (CFG) check on an indirect call using the CFG
/// dispatch mechanism. When the image is loaded, the loader puts the
/// appropriate guard check function pointer in the
/// __guard_dispatch_icall_fptr global symbol. This checks that the target
/// address is a valid address-taken function and, if so, tail calls the
/// target. The target address is passed in an architecture-specific register
/// (e.g. RAX on X86_64), with all other arguments for the target function
/// passed as usual.
///
/// For example, the following LLVM IR:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = call i32 %0()
/// \endcode
///
/// is transformed to:
/// \code
/// %func_ptr = alloca i32 ()*, align 8
/// store i32 ()* @target_func, i32 ()** %func_ptr, align 8
/// %0 = load i32 ()*, i32 ()** %func_ptr, align 8
/// %1 = load i32 ()*, i32 ()** @__guard_dispatch_icall_fptr
/// %2 = call i32 %1() [ "cfguardtarget"(i32 ()* %0) ]
/// \endcode
///
/// For example, the following X86_64 assembly code:
/// \code
/// leaq target_func(%rip), %rax
/// callq *%rax
/// \endcode
///
/// is transformed to:
/// \code
/// leaq target_func(%rip), %rax
/// callq *__guard_dispatch_icall_fptr(%rip)
/// \endcode
///
/// \param CB indirect call to instrument.
void insertCFGuardDispatch(CallBase *CB);
bool doInitialization(Module &M) override;
bool runOnFunction(Function &F) override;
private:
// Only add checks if the module has the cfguard=2 flag.
int cfguard_module_flag = 0;
Mechanism GuardMechanism = CF_Check;
FunctionType *GuardFnType = nullptr;
PointerType *GuardFnPtrType = nullptr;
Constant *GuardFnGlobal = nullptr;
};
} // end anonymous namespace
void CFGuard::insertCFGuardCheck(CallBase *CB) {
assert(Triple(CB->getModule()->getTargetTriple()).isOSWindows() &&
"Only applicable for Windows targets");
assert(CB->isIndirectCall() &&
"Control Flow Guard checks can only be added to indirect calls");
IRBuilder<> B(CB);
Value *CalledOperand = CB->getCalledOperand();
// Load the global symbol as a pointer to the check function.
LoadInst *GuardCheckLoad = B.CreateLoad(GuardFnPtrType, GuardFnGlobal);
// Create new call instruction. The CFGuard check should always be a call,
// even if the original CallBase is an Invoke or CallBr instruction.
CallInst *GuardCheck =
B.CreateCall(GuardFnType, GuardCheckLoad,
{B.CreateBitCast(CalledOperand, B.getInt8PtrTy())});
// Ensure that the first argument is passed in the correct register
// (e.g. ECX on 32-bit X86 targets).
GuardCheck->setCallingConv(CallingConv::CFGuard_Check);
}
void CFGuard::insertCFGuardDispatch(CallBase *CB) {
assert(Triple(CB->getModule()->getTargetTriple()).isOSWindows() &&
"Only applicable for Windows targets");
assert(CB->isIndirectCall() &&
"Control Flow Guard checks can only be added to indirect calls");
IRBuilder<> B(CB);
Value *CalledOperand = CB->getCalledOperand();
Type *CalledOperandType = CalledOperand->getType();
// Cast the guard dispatch global to the type of the called operand.
PointerType *PTy = PointerType::get(CalledOperandType, 0);
if (GuardFnGlobal->getType() != PTy)
GuardFnGlobal = ConstantExpr::getBitCast(GuardFnGlobal, PTy);
// Load the global as a pointer to a function of the same type.
LoadInst *GuardDispatchLoad = B.CreateLoad(CalledOperandType, GuardFnGlobal);
// Add the original call target as a cfguardtarget operand bundle.
SmallVector<llvm::OperandBundleDef, 1> Bundles;
CB->getOperandBundlesAsDefs(Bundles);
Bundles.emplace_back("cfguardtarget", CalledOperand);
// Create a copy of the call/invoke instruction and add the new bundle.
CallBase *NewCB;
if (CallInst *CI = dyn_cast<CallInst>(CB)) {
NewCB = CallInst::Create(CI, Bundles, CB);
} else {
assert(isa<InvokeInst>(CB) && "Unknown indirect call type");
InvokeInst *II = cast<InvokeInst>(CB);
NewCB = llvm::InvokeInst::Create(II, Bundles, CB);
}
// Change the target of the call to be the guard dispatch function.
NewCB->setCalledOperand(GuardDispatchLoad);
// Replace the original call/invoke with the new instruction.
CB->replaceAllUsesWith(NewCB);
// Delete the original call/invoke.
CB->eraseFromParent();
}
bool CFGuard::doInitialization(Module &M) {
// Check if this module has the cfguard flag and read its value.
if (auto *MD =
mdconst::extract_or_null<ConstantInt>(M.getModuleFlag("cfguard")))
cfguard_module_flag = MD->getZExtValue();
// Skip modules for which CFGuard checks have been disabled.
if (cfguard_module_flag != 2)
return false;
// Set up prototypes for the guard check and dispatch functions.
GuardFnType = FunctionType::get(Type::getVoidTy(M.getContext()),
{Type::getInt8PtrTy(M.getContext())}, false);
GuardFnPtrType = PointerType::get(GuardFnType, 0);
// Get or insert the guard check or dispatch global symbols.
if (GuardMechanism == CF_Check) {
GuardFnGlobal =
M.getOrInsertGlobal("__guard_check_icall_fptr", GuardFnPtrType);
} else {
assert(GuardMechanism == CF_Dispatch && "Invalid CFGuard mechanism");
GuardFnGlobal =
M.getOrInsertGlobal("__guard_dispatch_icall_fptr", GuardFnPtrType);
}
return true;
}
bool CFGuard::runOnFunction(Function &F) {
// Skip modules and functions for which CFGuard checks have been disabled.
if (cfguard_module_flag != 2 || F.hasFnAttribute(Attribute::NoCfCheck))
return false;
SmallVector<CallBase *, 8> IndirectCalls;
// Iterate over the instructions to find all indirect call/invoke/callbr
// instructions. Make a separate list of pointers to indirect
// call/invoke/callbr instructions because the original instructions will be
// deleted as the checks are added.
for (BasicBlock &BB : F.getBasicBlockList()) {
for (Instruction &I : BB.getInstList()) {
auto *CB = dyn_cast<CallBase>(&I);
if (CB && CB->isIndirectCall()) {
IndirectCalls.push_back(CB);
CFGuardCounter++;
}
}
}
// If no checks are needed, return early and add this attribute to indicate
// that subsequent CFGuard passes can skip this function.
if (IndirectCalls.empty()) {
F.addFnAttr(Attribute::NoCfCheck);
return false;
}
// For each indirect call/invoke, add the appropriate dispatch or check.
if (GuardMechanism == CF_Dispatch) {
for (CallBase *CB : IndirectCalls) {
insertCFGuardDispatch(CB);
}
} else {
for (CallBase *CB : IndirectCalls) {
insertCFGuardCheck(CB);
}
}
return true;
}
char CFGuard::ID = 0;
INITIALIZE_PASS(CFGuard, "CFGuard", "CFGuard", false, false)
FunctionPass *llvm::createCFGuardCheckPass() {
return new CFGuard(CFGuard::CF_Check);
}
FunctionPass *llvm::createCFGuardDispatchPass() {
return new CFGuard(CFGuard::CF_Dispatch);
}

18
lib/Transforms/CFGuard/CMakeLists.txt
View File

@ -1,9 +1,9 @@
add_llvm_library(LLVMCFGuard
CFGuard.cpp
ADDITIONAL_HEADER_DIRS
${LLVM_MAIN_INCLUDE_DIR}/llvm/Transforms
DEPENDS
intrinsics_gen
)
add_llvm_library(LLVMCFGuard
CFGuard.cpp
ADDITIONAL_HEADER_DIRS
${LLVM_MAIN_INCLUDE_DIR}/llvm/Transforms
DEPENDS
intrinsics_gen
)

294
test/CodeGen/AArch64/cfguard-checks.ll
View File

@ -1,147 +1,147 @@
; RUN: llc < %s -mtriple=aarch64-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added when required.
declare i32 @target_func()
; Test that Control Flow Guard checks are not added to functions with nocf_checks attribute.
define i32 @func_nocf_checks() #0 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; CHECK-LABEL: func_nocf_checks
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK-NOT: __guard_check_icall_fptr
; CHECK: blr x8
}
attributes #0 = { nocf_check }
; Test that Control Flow Guard checks are added even at -O0.
define i32 @func_optnone_cf() #1 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_optnone_cf
; CHECK: adrp x8, __guard_check_icall_fptr
; CHECK: add x9, x8, __guard_check_icall_fptr
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK: ldr x9, [x9]
; CHECK: mov x15, x8
; CHECK: blr x9
; CHECK-NEXT: blr x8
}
attributes #1 = { noinline optnone }
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf
; CHECK: adrp x8, __guard_check_icall_fptr
; CHECK: ldr x9, [x8, __guard_check_icall_fptr]
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK: mov x15, x8
; CHECK: blr x9
; CHECK-NEXT: blr x8
}
; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() personality i8* bitcast (void ()* @h to i8*) {
entry:
%0 = alloca i32, align 4
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%1 = load i32 ()*, i32 ()** %func_ptr, align 8
%2 = invoke i32 %1()
to label %invoke.cont unwind label %lpad
invoke.cont: ; preds = %entry
ret i32 %2
lpad: ; preds = %entry
%tmp = landingpad { i8*, i32 }
catch i8* null
ret i32 -1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf_invoke
; CHECK: adrp x8, __guard_check_icall_fptr
; CHECK: ldr x9, [x8, __guard_check_icall_fptr]
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK: mov x15, x8
; CHECK: blr x9
; CHECK-NEXT: .Ltmp0:
; CHECK-NEXT: blr x8
; CHECK: ; %invoke.cont
; CHECK: ; %lpad
}
declare void @h()
; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
define i32 @func_cf_setjmp() {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 -1, i32* %2, align 4
%3 = call i8* @llvm.frameaddress(i32 0)
%4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #2
; CHECK-LABEL: func_cf_setjmp
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp0:
%5 = call i8* @llvm.frameaddress(i32 0)
%6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #3
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp1:
store i32 1, i32* %2, align 4
%7 = load i32, i32* %2, align 4
ret i32 %7
; CHECK: .section .gljmp$y,"dr"
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp0
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp1
}
declare i8* @llvm.frameaddress(i32)
; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(i8*, i8*) #2
attributes #2 = { returns_twice }
attributes #3 = { returns_twice }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}
; RUN: llc < %s -mtriple=aarch64-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added when required.
declare i32 @target_func()
; Test that Control Flow Guard checks are not added to functions with nocf_checks attribute.
define i32 @func_nocf_checks() #0 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; CHECK-LABEL: func_nocf_checks
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK-NOT: __guard_check_icall_fptr
; CHECK: blr x8
}
attributes #0 = { nocf_check }
; Test that Control Flow Guard checks are added even at -O0.
define i32 @func_optnone_cf() #1 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_optnone_cf
; CHECK: adrp x8, __guard_check_icall_fptr
; CHECK: add x9, x8, __guard_check_icall_fptr
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK: ldr x9, [x9]
; CHECK: mov x15, x8
; CHECK: blr x9
; CHECK-NEXT: blr x8
}
attributes #1 = { noinline optnone }
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf
; CHECK: adrp x8, __guard_check_icall_fptr
; CHECK: ldr x9, [x8, __guard_check_icall_fptr]
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK: mov x15, x8
; CHECK: blr x9
; CHECK-NEXT: blr x8
}
; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() personality i8* bitcast (void ()* @h to i8*) {
entry:
%0 = alloca i32, align 4
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%1 = load i32 ()*, i32 ()** %func_ptr, align 8
%2 = invoke i32 %1()
to label %invoke.cont unwind label %lpad
invoke.cont: ; preds = %entry
ret i32 %2
lpad: ; preds = %entry
%tmp = landingpad { i8*, i32 }
catch i8* null
ret i32 -1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf_invoke
; CHECK: adrp x8, __guard_check_icall_fptr
; CHECK: ldr x9, [x8, __guard_check_icall_fptr]
; CHECK: adrp x8, target_func
; CHECK: add x8, x8, target_func
; CHECK: mov x15, x8
; CHECK: blr x9
; CHECK-NEXT: .Ltmp0:
; CHECK-NEXT: blr x8
; CHECK: ; %invoke.cont
; CHECK: ; %lpad
}
declare void @h()
; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
define i32 @func_cf_setjmp() {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 -1, i32* %2, align 4
%3 = call i8* @llvm.frameaddress(i32 0)
%4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #2
; CHECK-LABEL: func_cf_setjmp
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp0:
%5 = call i8* @llvm.frameaddress(i32 0)
%6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #3
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp1:
store i32 1, i32* %2, align 4
%7 = load i32, i32* %2, align 4
ret i32 %7
; CHECK: .section .gljmp$y,"dr"
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp0
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp1
}
declare i8* @llvm.frameaddress(i32)
; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(i8*, i8*) #2
attributes #2 = { returns_twice }
attributes #3 = { returns_twice }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}

50
test/CodeGen/AArch64/cfguard-module-flag.ll
View File

@ -1,25 +1,25 @@
; RUN: llc < %s -mtriple=aarch64-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are not added in modules with the
; cfguard=1 flag (emit tables but no checks).
declare void @target_func()
define void @func_in_module_without_cfguard() #0 {
entry:
%func_ptr = alloca void ()*, align 8
store void ()* @target_func, void ()** %func_ptr, align 8
%0 = load void ()*, void ()** %func_ptr, align 8
call void %0()
ret void
; CHECK-NOT: __guard_check_icall_fptr
; CHECK-NOT: __guard_dispatch_icall_fptr
}
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 1}
; RUN: llc < %s -mtriple=aarch64-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are not added in modules with the
; cfguard=1 flag (emit tables but no checks).
declare void @target_func()
define void @func_in_module_without_cfguard() #0 {
entry:
%func_ptr = alloca void ()*, align 8
store void ()* @target_func, void ()** %func_ptr, align 8
%0 = load void ()*, void ()** %func_ptr, align 8
call void %0()
ret void
; CHECK-NOT: __guard_check_icall_fptr
; CHECK-NOT: __guard_dispatch_icall_fptr
}
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 1}

302
test/CodeGen/ARM/cfguard-checks.ll
View File

@ -1,151 +1,151 @@
; RUN: llc < %s -mtriple=arm-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added when required.
declare i32 @target_func()
; Test that Control Flow Guard checks are not added to functions with nocf_checks attribute.
define i32 @func_nocf_checks() #0 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call arm_aapcs_vfpcc i32 %0()
ret i32 %1
; CHECK-LABEL: func_nocf_checks
; CHECK: movw r0, :lower16:target_func
; CHECK: movt r0, :upper16:target_func
; CHECK-NOT: __guard_check_icall_fptr
; CHECK: blx r0
}
attributes #0 = { nocf_check "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
; Test that Control Flow Guard checks are added even at -O0.
define i32 @func_optnone_cf() #1 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_optnone_cf
; CHECK: movw r0, :lower16:target_func
; CHECK: movt r0, :upper16:target_func
; CHECK: str r0, [sp]
; CHECK: ldr r4, [sp]
; CHECK: movw r0, :lower16:__guard_check_icall_fptr
; CHECK: movt r0, :upper16:__guard_check_icall_fptr
; CHECK: ldr r1, [r0]
; CHECK: mov r0, r4
; CHECK: blx r1
; CHECK-NEXT: blx r4
}
attributes #1 = { noinline optnone "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() #2 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf
; CHECK: movw r0, :lower16:__guard_check_icall_fptr
; CHECK: movt r0, :upper16:__guard_check_icall_fptr
; CHECK: ldr r1, [r0]
; CHECK: movw r4, :lower16:target_func
; CHECK: movt r4, :upper16:target_func
; CHECK: mov r0, r4
; CHECK: blx r1
; CHECK-NEXT: blx r4
}
attributes #2 = { "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() #2 personality i8* bitcast (void ()* @h to i8*) {
entry:
%0 = alloca i32, align 4
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%1 = load i32 ()*, i32 ()** %func_ptr, align 8
%2 = invoke i32 %1()
to label %invoke.cont unwind label %lpad
invoke.cont: ; preds = %entry
ret i32 %2
lpad: ; preds = %entry
%tmp = landingpad { i8*, i32 }
catch i8* null
ret i32 -1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf_invoke
; CHECK: movw r0, :lower16:__guard_check_icall_fptr
; CHECK: movt r0, :upper16:__guard_check_icall_fptr
; CHECK: ldr r1, [r0]
; CHECK: movw r4, :lower16:target_func
; CHECK: movt r4, :upper16:target_func
; CHECK: mov r0, r4
; CHECK: blx r1
; CHECK-NEXT: $Mtmp0:
; CHECK-NEXT: blx r4
; CHECK: ; %invoke.cont
; CHECK: ; %lpad
}
declare void @h()
; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
define i32 @func_cf_setjmp() #2 {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 -1, i32* %2, align 4
%3 = call i8* @llvm.frameaddress(i32 0)
%4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #3
; CHECK-LABEL: func_cf_setjmp
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp0:
%5 = call i8* @llvm.frameaddress(i32 0)
%6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #3
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp1:
store i32 1, i32* %2, align 4
%7 = load i32, i32* %2, align 4
ret i32 %7
; CHECK: .section .gljmp$y,"dr"
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp0
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp1
}
declare i8* @llvm.frameaddress(i32)
; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(i8*, i8*) #3
attributes #3 = { returns_twice }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}
; RUN: llc < %s -mtriple=arm-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added when required.
declare i32 @target_func()
; Test that Control Flow Guard checks are not added to functions with nocf_checks attribute.
define i32 @func_nocf_checks() #0 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call arm_aapcs_vfpcc i32 %0()
ret i32 %1
; CHECK-LABEL: func_nocf_checks
; CHECK: movw r0, :lower16:target_func
; CHECK: movt r0, :upper16:target_func
; CHECK-NOT: __guard_check_icall_fptr
; CHECK: blx r0
}
attributes #0 = { nocf_check "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
; Test that Control Flow Guard checks are added even at -O0.
define i32 @func_optnone_cf() #1 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_optnone_cf
; CHECK: movw r0, :lower16:target_func
; CHECK: movt r0, :upper16:target_func
; CHECK: str r0, [sp]
; CHECK: ldr r4, [sp]
; CHECK: movw r0, :lower16:__guard_check_icall_fptr
; CHECK: movt r0, :upper16:__guard_check_icall_fptr
; CHECK: ldr r1, [r0]
; CHECK: mov r0, r4
; CHECK: blx r1
; CHECK-NEXT: blx r4
}
attributes #1 = { noinline optnone "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() #2 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf
; CHECK: movw r0, :lower16:__guard_check_icall_fptr
; CHECK: movt r0, :upper16:__guard_check_icall_fptr
; CHECK: ldr r1, [r0]
; CHECK: movw r4, :lower16:target_func
; CHECK: movt r4, :upper16:target_func
; CHECK: mov r0, r4
; CHECK: blx r1
; CHECK-NEXT: blx r4
}
attributes #2 = { "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3"}
; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() #2 personality i8* bitcast (void ()* @h to i8*) {
entry:
%0 = alloca i32, align 4
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%1 = load i32 ()*, i32 ()** %func_ptr, align 8
%2 = invoke i32 %1()
to label %invoke.cont unwind label %lpad
invoke.cont: ; preds = %entry
ret i32 %2
lpad: ; preds = %entry
%tmp = landingpad { i8*, i32 }
catch i8* null
ret i32 -1
; The call to __guard_check_icall_fptr should come immediately before the call to the target function.
; CHECK-LABEL: func_cf_invoke
; CHECK: movw r0, :lower16:__guard_check_icall_fptr
; CHECK: movt r0, :upper16:__guard_check_icall_fptr
; CHECK: ldr r1, [r0]
; CHECK: movw r4, :lower16:target_func
; CHECK: movt r4, :upper16:target_func
; CHECK: mov r0, r4
; CHECK: blx r1
; CHECK-NEXT: $Mtmp0:
; CHECK-NEXT: blx r4
; CHECK: ; %invoke.cont
; CHECK: ; %lpad
}
declare void @h()
; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
define i32 @func_cf_setjmp() #2 {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 -1, i32* %2, align 4
%3 = call i8* @llvm.frameaddress(i32 0)
%4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #3
; CHECK-LABEL: func_cf_setjmp
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp0:
%5 = call i8* @llvm.frameaddress(i32 0)
%6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #3
; CHECK: bl _setjmp
; CHECK-NEXT: $cfgsj_func_cf_setjmp1:
store i32 1, i32* %2, align 4
%7 = load i32, i32* %2, align 4
ret i32 %7
; CHECK: .section .gljmp$y,"dr"
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp0
; CHECK-NEXT: .symidx $cfgsj_func_cf_setjmp1
}
declare i8* @llvm.frameaddress(i32)
; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(i8*, i8*) #3
attributes #3 = { returns_twice }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}

52
test/CodeGen/ARM/cfguard-module-flag.ll
View File

@ -1,26 +1,26 @@
; RUN: llc < %s -mtriple=arm-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are not added in modules with the
; cfguard=1 flag (emit tables but no checks).
declare void @target_func()
define void @func_in_module_without_cfguard() #0 {
entry:
%func_ptr = alloca void ()*, align 8
store void ()* @target_func, void ()** %func_ptr, align 8
%0 = load void ()*, void ()** %func_ptr, align 8
call void %0()
ret void
; CHECK-NOT: __guard_check_icall_fptr
; CHECK-NOT: __guard_dispatch_icall_fptr
}
attributes #0 = { "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3" "unsafe-fp-math"="false" "use-soft-float"="false"}
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 1}
; RUN: llc < %s -mtriple=arm-pc-windows-msvc | FileCheck %s
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are not added in modules with the
; cfguard=1 flag (emit tables but no checks).
declare void @target_func()
define void @func_in_module_without_cfguard() #0 {
entry:
%func_ptr = alloca void ()*, align 8
store void ()* @target_func, void ()** %func_ptr, align 8
%0 = load void ()*, void ()** %func_ptr, align 8
call void %0()
ret void
; CHECK-NOT: __guard_check_icall_fptr
; CHECK-NOT: __guard_dispatch_icall_fptr
}
attributes #0 = { "correctly-rounded-divide-sqrt-fp-math"="false" "disable-tail-calls"="false" "less-precise-fpmad"="false" "no-frame-pointer-elim"="true" "no-frame-pointer-elim-non-leaf" "no-infs-fp-math"="false" "no-nans-fp-math"="false" "no-signed-zeros-fp-math"="false" "no-trapping-math"="false" "stack-protector-buffer-size"="8" "target-cpu"="cortex-a9" "target-features"="+armv7-a,+dsp,+fp16,+neon,+strict-align,+thumb-mode,+vfp3" "unsafe-fp-math"="false" "use-soft-float"="false"}
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 1}

462
test/CodeGen/X86/cfguard-checks.ll
View File

@ -1,231 +1,231 @@
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefix=X64
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added when required.
declare i32 @target_func()
; Test that Control Flow Guard checks are not added to functions with nocf_checks attribute.
define i32 @func_nocf_checks() #0 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; X32-LABEL: func_nocf_checks
; X32: movl $_target_func, %eax
; X32-NOT: __guard_check_icall_fptr
; X32: calll *%eax
; X64-LABEL: func_nocf_checks
; X64: leaq target_func(%rip), %rax
; X64-NOT: __guard_dispatch_icall_fptr
; X64: callq *%rax
}
attributes #0 = { nocf_check }
; Test that Control Flow Guard checks are added even at -O0.
; FIXME Ideally these checks should be added as a single call instruction, as in the optimized case.
define i32 @func_optnone_cf() #1 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_optnone_cf
; X32: leal _target_func, %eax
; X32: movl %eax, (%esp)
; X32: movl (%esp), %ecx
; X32: movl ___guard_check_icall_fptr, %eax
; X32: calll *%eax
; X32-NEXT: calll *%ecx
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_optnone_cf
; X64: leaq target_func(%rip), %rax
; X64: movq __guard_dispatch_icall_fptr(%rip), %rcx
; X64: callq *%rcx
; X64-NOT: callq
}
attributes #1 = { noinline optnone }
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf
; X32: movl $_target_func, %esi
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32-NEXT: calll *%esi
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf
; X64: leaq target_func(%rip), %rax
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() personality i8* bitcast (void ()* @h to i8*) {
entry:
%0 = alloca i32, align 4
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%1 = load i32 ()*, i32 ()** %func_ptr, align 8
%2 = invoke i32 %1()
to label %invoke.cont unwind label %lpad
invoke.cont: ; preds = %entry
ret i32 %2
lpad: ; preds = %entry
%tmp = landingpad { i8*, i32 }
catch i8* null
ret i32 -1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_invoke
; X32: movl $_target_func, %esi
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32-NEXT: calll *%esi
; X32: # %invoke.cont
; X32: # %lpad
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf_invoke
; X64: leaq target_func(%rip), %rax
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
; X64: # %invoke.cont
; X64: # %lpad
}
declare void @h()
; Test that Control Flow Guard preserves floating point arguments.
declare double @target_func_doubles(double, double, double, double)
define double @func_cf_doubles() {
entry:
%func_ptr = alloca double (double, double, double, double)*, align 8
store double (double, double, double, double)* @target_func_doubles, double (double, double, double, double)** %func_ptr, align 8
%0 = load double (double, double, double, double)*, double (double, double, double, double)** %func_ptr, align 8
%1 = call double %0(double 1.000000e+00, double 2.000000e+00, double 3.000000e+00, double 4.000000e+00)
ret double %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_doubles
; X32: movl $_target_func_doubles, %esi
; X32: movl $_target_func_doubles, %ecx
; X32: calll *___guard_check_icall_fptr
; X32: calll *%esi
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf_doubles
; X64: leaq target_func_doubles(%rip), %rax
; X64: movsd __real@3ff0000000000000(%rip), %xmm0
; X64: movsd __real@4000000000000000(%rip), %xmm1
; X64: movsd __real@4008000000000000(%rip), %xmm2
; X64: movsd __real@4010000000000000(%rip), %xmm3
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
; Test that Control Flow Guard checks are correctly added for tail calls.
define i32 @func_cf_tail() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = musttail call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_tail
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32: movl $_target_func, %eax
; X32: jmpl *%eax # TAILCALL
; X32-NOT: calll
; X64-LABEL: func_cf_tail
; X64: leaq target_func(%rip), %rax
; X64: movq __guard_dispatch_icall_fptr(%rip), %rcx
; X64: rex64 jmpq *%rcx # TAILCALL
; X64-NOT: callq
}
; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
define i32 @func_cf_setjmp() {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 -1, i32* %2, align 4
%3 = call i8* @llvm.frameaddress(i32 0)
%4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #2
; X32-LABEL: func_cf_setjmp
; X32: calll __setjmp
; X32-NEXT: $cfgsj_func_cf_setjmp0:
; X64-LABEL: func_cf_setjmp
; X64: callq _setjmp
; X64-NEXT: $cfgsj_func_cf_setjmp0:
%5 = call i8* @llvm.frameaddress(i32 0)
%6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #2
; X32: calll __setjmp
; X32-NEXT: $cfgsj_func_cf_setjmp1:
; X64: callq _setjmp
; X64-NEXT: $cfgsj_func_cf_setjmp1:
store i32 1, i32* %2, align 4
%7 = load i32, i32* %2, align 4
ret i32 %7
; X32: .section .gljmp$y,"dr"
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp0
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp1
; X64: .section .gljmp$y,"dr"
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp0
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp1
}
declare i8* @llvm.frameaddress(i32)
; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(i8*, i8*) #2
attributes #2 = { returns_twice }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefix=X64
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added when required.
declare i32 @target_func()
; Test that Control Flow Guard checks are not added to functions with nocf_checks attribute.
define i32 @func_nocf_checks() #0 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; X32-LABEL: func_nocf_checks
; X32: movl $_target_func, %eax
; X32-NOT: __guard_check_icall_fptr
; X32: calll *%eax
; X64-LABEL: func_nocf_checks
; X64: leaq target_func(%rip), %rax
; X64-NOT: __guard_dispatch_icall_fptr
; X64: callq *%rax
}
attributes #0 = { nocf_check }
; Test that Control Flow Guard checks are added even at -O0.
; FIXME Ideally these checks should be added as a single call instruction, as in the optimized case.
define i32 @func_optnone_cf() #1 {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_optnone_cf
; X32: leal _target_func, %eax
; X32: movl %eax, (%esp)
; X32: movl (%esp), %ecx
; X32: movl ___guard_check_icall_fptr, %eax
; X32: calll *%eax
; X32-NEXT: calll *%ecx
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_optnone_cf
; X64: leaq target_func(%rip), %rax
; X64: movq __guard_dispatch_icall_fptr(%rip), %rcx
; X64: callq *%rcx
; X64-NOT: callq
}
attributes #1 = { noinline optnone }
; Test that Control Flow Guard checks are correctly added in optimized code (common case).
define i32 @func_cf() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf
; X32: movl $_target_func, %esi
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32-NEXT: calll *%esi
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf
; X64: leaq target_func(%rip), %rax
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
; Test that Control Flow Guard checks are correctly added on invoke instructions.
define i32 @func_cf_invoke() personality i8* bitcast (void ()* @h to i8*) {
entry:
%0 = alloca i32, align 4
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%1 = load i32 ()*, i32 ()** %func_ptr, align 8
%2 = invoke i32 %1()
to label %invoke.cont unwind label %lpad
invoke.cont: ; preds = %entry
ret i32 %2
lpad: ; preds = %entry
%tmp = landingpad { i8*, i32 }
catch i8* null
ret i32 -1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_invoke
; X32: movl $_target_func, %esi
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32-NEXT: calll *%esi
; X32: # %invoke.cont
; X32: # %lpad
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf_invoke
; X64: leaq target_func(%rip), %rax
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
; X64: # %invoke.cont
; X64: # %lpad
}
declare void @h()
; Test that Control Flow Guard preserves floating point arguments.
declare double @target_func_doubles(double, double, double, double)
define double @func_cf_doubles() {
entry:
%func_ptr = alloca double (double, double, double, double)*, align 8
store double (double, double, double, double)* @target_func_doubles, double (double, double, double, double)** %func_ptr, align 8
%0 = load double (double, double, double, double)*, double (double, double, double, double)** %func_ptr, align 8
%1 = call double %0(double 1.000000e+00, double 2.000000e+00, double 3.000000e+00, double 4.000000e+00)
ret double %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_doubles
; X32: movl $_target_func_doubles, %esi
; X32: movl $_target_func_doubles, %ecx
; X32: calll *___guard_check_icall_fptr
; X32: calll *%esi
; On x86_64, __guard_dispatch_icall_fptr tail calls the function, so there should be only one call instruction.
; X64-LABEL: func_cf_doubles
; X64: leaq target_func_doubles(%rip), %rax
; X64: movsd __real@3ff0000000000000(%rip), %xmm0
; X64: movsd __real@4000000000000000(%rip), %xmm1
; X64: movsd __real@4008000000000000(%rip), %xmm2
; X64: movsd __real@4010000000000000(%rip), %xmm3
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
; Test that Control Flow Guard checks are correctly added for tail calls.
define i32 @func_cf_tail() {
entry:
%func_ptr = alloca i32 ()*, align 8
store i32 ()* @target_func, i32 ()** %func_ptr, align 8
%0 = load i32 ()*, i32 ()** %func_ptr, align 8
%1 = musttail call i32 %0()
ret i32 %1
; On i686, the call to __guard_check_icall_fptr should come immediately before the call to the target function.
; X32-LABEL: func_cf_tail
; X32: movl $_target_func, %ecx
; X32: calll *___guard_check_icall_fptr
; X32: movl $_target_func, %eax
; X32: jmpl *%eax # TAILCALL
; X32-NOT: calll
; X64-LABEL: func_cf_tail
; X64: leaq target_func(%rip), %rax
; X64: movq __guard_dispatch_icall_fptr(%rip), %rcx
; X64: rex64 jmpq *%rcx # TAILCALL
; X64-NOT: callq
}
; Test that longjmp targets have public labels and are included in the .gljmp section.
%struct._SETJMP_FLOAT128 = type { [2 x i64] }
@buf1 = internal global [16 x %struct._SETJMP_FLOAT128] zeroinitializer, align 16
define i32 @func_cf_setjmp() {
%1 = alloca i32, align 4
%2 = alloca i32, align 4
store i32 0, i32* %1, align 4
store i32 -1, i32* %2, align 4
%3 = call i8* @llvm.frameaddress(i32 0)
%4 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %3) #2
; X32-LABEL: func_cf_setjmp
; X32: calll __setjmp
; X32-NEXT: $cfgsj_func_cf_setjmp0:
; X64-LABEL: func_cf_setjmp
; X64: callq _setjmp
; X64-NEXT: $cfgsj_func_cf_setjmp0:
%5 = call i8* @llvm.frameaddress(i32 0)
%6 = call i32 @_setjmp(i8* bitcast ([16 x %struct._SETJMP_FLOAT128]* @buf1 to i8*), i8* %5) #2
; X32: calll __setjmp
; X32-NEXT: $cfgsj_func_cf_setjmp1:
; X64: callq _setjmp
; X64-NEXT: $cfgsj_func_cf_setjmp1:
store i32 1, i32* %2, align 4
%7 = load i32, i32* %2, align 4
ret i32 %7
; X32: .section .gljmp$y,"dr"
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp0
; X32-NEXT: .symidx $cfgsj_func_cf_setjmp1
; X64: .section .gljmp$y,"dr"
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp0
; X64-NEXT: .symidx $cfgsj_func_cf_setjmp1
}
declare i8* @llvm.frameaddress(i32)
; Function Attrs: returns_twice
declare dso_local i32 @_setjmp(i8*, i8*) #2
attributes #2 = { returns_twice }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}

52
test/CodeGen/X86/cfguard-module-flag.ll
View File

@ -1,26 +1,26 @@
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefix=X64
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are not added in modules with the
; cfguard=1 flag (emit tables but no checks).
declare void @target_func()
define void @func_in_module_without_cfguard() #0 {
entry:
%func_ptr = alloca void ()*, align 8
store void ()* @target_func, void ()** %func_ptr, align 8
%0 = load void ()*, void ()** %func_ptr, align 8
call void %0()
ret void
; X32-NOT: __guard_check_icall_fptr
; X64-NOT: __guard_dispatch_icall_fptr
}
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 1}
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefix=X64
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are not added in modules with the
; cfguard=1 flag (emit tables but no checks).
declare void @target_func()
define void @func_in_module_without_cfguard() #0 {
entry:
%func_ptr = alloca void ()*, align 8
store void ()* @target_func, void ()** %func_ptr, align 8
%0 = load void ()*, void ()** %func_ptr, align 8
call void %0()
ret void
; X32-NOT: __guard_check_icall_fptr
; X64-NOT: __guard_dispatch_icall_fptr
}
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 1}

76
test/CodeGen/X86/cfguard-x86-64-vectorcall.ll
View File

@ -1,38 +1,38 @@
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefix=X64
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added for x86_64 vector calls.
define void @func_cf_vector_x64(void (%struct.HVA)* %0, %struct.HVA* %1) #0 {
entry:
%2 = alloca %struct.HVA, align 8
%3 = bitcast %struct.HVA* %2 to i8*
%4 = bitcast %struct.HVA* %1 to i8*
call void @llvm.memcpy.p0i8.p0i8.i64(i8* align 8 %3, i8* align 8 %4, i64 32, i1 false)
%5 = load %struct.HVA, %struct.HVA* %2, align 8
call x86_vectorcallcc void %0(%struct.HVA inreg %5)
ret void
; X64-LABEL: func_cf_vector_x64
; X64: movq %rcx, %rax
; X64: movups (%rdx), %xmm0
; X64: movups 16(%rdx), %xmm1
; X64: movaps %xmm0, 32(%rsp)
; X64: movaps %xmm1, 48(%rsp)
; X64: movsd 32(%rsp), %xmm0 # xmm0 = mem[0],zero
; X64: movsd 40(%rsp), %xmm1 # xmm1 = mem[0],zero
; X64: movsd 48(%rsp), %xmm2 # xmm2 = mem[0],zero
; X64: movsd 56(%rsp), %xmm3 # xmm3 = mem[0],zero
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
attributes #0 = { "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" }
%struct.HVA = type { double, double, double, double }
declare void @llvm.memcpy.p0i8.p0i8.i64(i8* nocapture writeonly, i8* nocapture readonly, i64, i1 immarg) #1
attributes #1 = { argmemonly nounwind willreturn }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}
; RUN: llc < %s -mtriple=x86_64-pc-windows-msvc | FileCheck %s -check-prefix=X64
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added for x86_64 vector calls.
define void @func_cf_vector_x64(void (%struct.HVA)* %0, %struct.HVA* %1) #0 {
entry:
%2 = alloca %struct.HVA, align 8
%3 = bitcast %struct.HVA* %2 to i8*
%4 = bitcast %struct.HVA* %1 to i8*
call void @llvm.memcpy.p0i8.p0i8.i64(i8* align 8 %3, i8* align 8 %4, i64 32, i1 false)
%5 = load %struct.HVA, %struct.HVA* %2, align 8
call x86_vectorcallcc void %0(%struct.HVA inreg %5)
ret void
; X64-LABEL: func_cf_vector_x64
; X64: movq %rcx, %rax
; X64: movups (%rdx), %xmm0
; X64: movups 16(%rdx), %xmm1
; X64: movaps %xmm0, 32(%rsp)
; X64: movaps %xmm1, 48(%rsp)
; X64: movsd 32(%rsp), %xmm0 # xmm0 = mem[0],zero
; X64: movsd 40(%rsp), %xmm1 # xmm1 = mem[0],zero
; X64: movsd 48(%rsp), %xmm2 # xmm2 = mem[0],zero
; X64: movsd 56(%rsp), %xmm3 # xmm3 = mem[0],zero
; X64: callq *__guard_dispatch_icall_fptr(%rip)
; X64-NOT: callq
}
attributes #0 = { "target-cpu"="x86-64" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" }
%struct.HVA = type { double, double, double, double }
declare void @llvm.memcpy.p0i8.p0i8.i64(i8* nocapture writeonly, i8* nocapture readonly, i64, i1 immarg) #1
attributes #1 = { argmemonly nounwind willreturn }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}

86
test/CodeGen/X86/cfguard-x86-vectorcall.ll
View File

@ -1,43 +1,43 @@
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added for x86 vector calls.
define void @func_cf_vector_x86(void (%struct.HVA)* %0, %struct.HVA* %1) #0 {
entry:
%2 = alloca %struct.HVA, align 8
%3 = bitcast %struct.HVA* %2 to i8*
%4 = bitcast %struct.HVA* %1 to i8*
call void @llvm.memcpy.p0i8.p0i8.i32(i8* align 8 %3, i8* align 8 %4, i32 32, i1 false)
%5 = load %struct.HVA, %struct.HVA* %2, align 8
call x86_vectorcallcc void %0(%struct.HVA inreg %5)
ret void
; X32-LABEL: func_cf_vector_x86
; X32: movl 12(%ebp), %eax
; X32: movl 8(%ebp), %ecx
; X32: movsd 24(%eax), %xmm4 # xmm4 = mem[0],zero
; X32: movsd %xmm4, 24(%esp)
; X32: movsd 16(%eax), %xmm5 # xmm5 = mem[0],zero
; X32: movsd %xmm5, 16(%esp)
; X32: movsd (%eax), %xmm6 # xmm6 = mem[0],zero
; X32: movsd 8(%eax), %xmm7 # xmm7 = mem[0],zero
; X32: movsd %xmm7, 8(%esp)
; X32: movsd %xmm6, (%esp)
; X32: calll *___guard_check_icall_fptr
; X32: movaps %xmm6, %xmm0
; X32: movaps %xmm7, %xmm1
; X32: movaps %xmm5, %xmm2
; X32: movaps %xmm4, %xmm3
; X32: calll *%ecx
}
attributes #0 = { "target-cpu"="pentium4" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" }
%struct.HVA = type { double, double, double, double }
declare void @llvm.memcpy.p0i8.p0i8.i32(i8* nocapture writeonly, i8* nocapture readonly, i32, i1 immarg) #1
attributes #1 = { argmemonly nounwind willreturn }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}
; RUN: llc < %s -mtriple=i686-pc-windows-msvc | FileCheck %s -check-prefix=X32
; Control Flow Guard is currently only available on Windows
; Test that Control Flow Guard checks are correctly added for x86 vector calls.
define void @func_cf_vector_x86(void (%struct.HVA)* %0, %struct.HVA* %1) #0 {
entry:
%2 = alloca %struct.HVA, align 8
%3 = bitcast %struct.HVA* %2 to i8*
%4 = bitcast %struct.HVA* %1 to i8*
call void @llvm.memcpy.p0i8.p0i8.i32(i8* align 8 %3, i8* align 8 %4, i32 32, i1 false)
%5 = load %struct.HVA, %struct.HVA* %2, align 8
call x86_vectorcallcc void %0(%struct.HVA inreg %5)
ret void
; X32-LABEL: func_cf_vector_x86
; X32: movl 12(%ebp), %eax
; X32: movl 8(%ebp), %ecx
; X32: movsd 24(%eax), %xmm4 # xmm4 = mem[0],zero
; X32: movsd %xmm4, 24(%esp)
; X32: movsd 16(%eax), %xmm5 # xmm5 = mem[0],zero
; X32: movsd %xmm5, 16(%esp)
; X32: movsd (%eax), %xmm6 # xmm6 = mem[0],zero
; X32: movsd 8(%eax), %xmm7 # xmm7 = mem[0],zero
; X32: movsd %xmm7, 8(%esp)
; X32: movsd %xmm6, (%esp)
; X32: calll *___guard_check_icall_fptr
; X32: movaps %xmm6, %xmm0
; X32: movaps %xmm7, %xmm1
; X32: movaps %xmm5, %xmm2
; X32: movaps %xmm4, %xmm3
; X32: calll *%ecx
}
attributes #0 = { "target-cpu"="pentium4" "target-features"="+cx8,+fxsr,+mmx,+sse,+sse2,+x87" }
%struct.HVA = type { double, double, double, double }
declare void @llvm.memcpy.p0i8.p0i8.i32(i8* nocapture writeonly, i8* nocapture readonly, i32, i1 immarg) #1
attributes #1 = { argmemonly nounwind willreturn }
!llvm.module.flags = !{!0}
!0 = !{i32 2, !"cfguard", i32 2}