LLVM 22.0.0git
SafeStack.cpp
Go to the documentation of this file.
1//===- SafeStack.cpp - Safe Stack Insertion -------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This pass splits the stack into the safe stack (kept as-is for LLVM backend)
10// and the unsafe stack (explicitly allocated and managed through the runtime
11// support library).
12//
13// http://clang.llvm.org/docs/SafeStack.html
14//
15//===----------------------------------------------------------------------===//
16
17#include "llvm/CodeGen/SafeStack.h"
18#include "SafeStackLayout.h"
19#include "llvm/ADT/APInt.h"
20#include "llvm/ADT/ArrayRef.h"
21#include "llvm/ADT/SmallPtrSet.h"
22#include "llvm/ADT/SmallVector.h"
23#include "llvm/ADT/Statistic.h"
24#include "llvm/Analysis/AssumptionCache.h"
25#include "llvm/Analysis/BranchProbabilityInfo.h"
26#include "llvm/Analysis/DomTreeUpdater.h"
27#include "llvm/Analysis/InlineCost.h"
28#include "llvm/Analysis/LoopInfo.h"
29#include "llvm/Analysis/ScalarEvolution.h"
30#include "llvm/Analysis/ScalarEvolutionExpressions.h"
31#include "llvm/Analysis/StackLifetime.h"
32#include "llvm/Analysis/TargetLibraryInfo.h"
33#include "llvm/CodeGen/TargetLowering.h"
34#include "llvm/CodeGen/TargetPassConfig.h"
35#include "llvm/CodeGen/TargetSubtargetInfo.h"
36#include "llvm/IR/Argument.h"
37#include "llvm/IR/Attributes.h"
38#include "llvm/IR/ConstantRange.h"
39#include "llvm/IR/Constants.h"
40#include "llvm/IR/DIBuilder.h"
41#include "llvm/IR/DataLayout.h"
42#include "llvm/IR/DerivedTypes.h"
43#include "llvm/IR/Dominators.h"
44#include "llvm/IR/Function.h"
45#include "llvm/IR/IRBuilder.h"
46#include "llvm/IR/InstIterator.h"
47#include "llvm/IR/Instruction.h"
48#include "llvm/IR/Instructions.h"
49#include "llvm/IR/IntrinsicInst.h"
50#include "llvm/IR/Intrinsics.h"
51#include "llvm/IR/MDBuilder.h"
52#include "llvm/IR/Metadata.h"
53#include "llvm/IR/Module.h"
54#include "llvm/IR/Type.h"
55#include "llvm/IR/Use.h"
56#include "llvm/IR/Value.h"
57#include "llvm/InitializePasses.h"
58#include "llvm/Pass.h"
59#include "llvm/Support/Casting.h"
60#include "llvm/Support/Debug.h"
61#include "llvm/Support/ErrorHandling.h"
62#include "llvm/Support/raw_ostream.h"
63#include "llvm/Target/TargetMachine.h"
64#include "llvm/Transforms/Utils/BasicBlockUtils.h"
65#include "llvm/Transforms/Utils/Cloning.h"
66#include "llvm/Transforms/Utils/Local.h"
67#include <algorithm>
68#include <cassert>
69#include <cstdint>
70#include <optional>
71#include <string>
72
73using namespace llvm;
74using namespace llvm::safestack;
75
76#define DEBUG_TYPE "safe-stack"
77
78STATISTIC(NumFunctions, "Total number of functions");
79STATISTIC(NumUnsafeStackFunctions, "Number of functions with unsafe stack");
80STATISTIC(NumUnsafeStackRestorePointsFunctions,
81 "Number of functions that use setjmp or exceptions");
82
83STATISTIC(NumAllocas, "Total number of allocas");
84STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas");
85STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas");
86STATISTIC(NumUnsafeByValArguments, "Number of unsafe byval arguments");
87STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads");
88
89/// Use __safestack_pointer_address even if the platform has a faster way of
90/// access safe stack pointer.
91static cl::opt<bool>
92 SafeStackUsePointerAddress("safestack-use-pointer-address",
93 cl::init(false), cl::Hidden);
94
95static cl::opt<bool> ClColoring("safe-stack-coloring",
96 cl::desc("enable safe stack coloring"),
97 cl::Hidden, cl::init(true));
98
99namespace {
100
101/// The SafeStack pass splits the stack of each function into the safe
102/// stack, which is only accessed through memory safe dereferences (as
103/// determined statically), and the unsafe stack, which contains all
104/// local variables that are accessed in ways that we can't prove to
105/// be safe.
106class SafeStack {
107 Function &F;
108 const TargetLoweringBase &TL;
109 const DataLayout &DL;
110 DomTreeUpdater *DTU;
111 ScalarEvolution &SE;
112
113 Type *StackPtrTy;
114 Type *IntPtrTy;
115 Type *Int32Ty;
116
117 Value *UnsafeStackPtr = nullptr;
118
119 /// Unsafe stack alignment. Each stack frame must ensure that the stack is
120 /// aligned to this value. We need to re-align the unsafe stack if the
121 /// alignment of any object on the stack exceeds this value.
122 ///
123 /// 16 seems like a reasonable upper bound on the alignment of objects that we
124 /// might expect to appear on the stack on most common targets.
125 static constexpr Align StackAlignment = Align::Constant<16>();
126
127 /// Return the value of the stack canary.
128 Value *getStackGuard(IRBuilder<> &IRB, Function &F);
129
130 /// Load stack guard from the frame and check if it has changed.
131 void checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,
132 AllocaInst *StackGuardSlot, Value *StackGuard);
133
134 /// Find all static allocas, dynamic allocas, return instructions and
135 /// stack restore points (exception unwind blocks and setjmp calls) in the
136 /// given function and append them to the respective vectors.
137 void findInsts(Function &F, SmallVectorImpl<AllocaInst *> &StaticAllocas,
138 SmallVectorImpl<AllocaInst *> &DynamicAllocas,
139 SmallVectorImpl<Argument *> &ByValArguments,
140 SmallVectorImpl<Instruction *> &Returns,
141 SmallVectorImpl<Instruction *> &StackRestorePoints);
142
143 /// Calculate the allocation size of a given alloca. Returns 0 if the
144 /// size can not be statically determined.
145 uint64_t getStaticAllocaAllocationSize(const AllocaInst* AI);
146
147 /// Allocate space for all static allocas in \p StaticAllocas,
148 /// replace allocas with pointers into the unsafe stack.
149 ///
150 /// \returns A pointer to the top of the unsafe stack after all unsafe static
151 /// allocas are allocated.
152 Value *moveStaticAllocasToUnsafeStack(IRBuilder<> &IRB, Function &F,
153 ArrayRef<AllocaInst *> StaticAllocas,
154 ArrayRef<Argument *> ByValArguments,
155 Instruction *BasePointer,
156 AllocaInst *StackGuardSlot);
157
158 /// Generate code to restore the stack after all stack restore points
159 /// in \p StackRestorePoints.
160 ///
161 /// \returns A local variable in which to maintain the dynamic top of the
162 /// unsafe stack if needed.
163 AllocaInst *
164 createStackRestorePoints(IRBuilder<> &IRB, Function &F,
165 ArrayRef<Instruction *> StackRestorePoints,
166 Value *StaticTop, bool NeedDynamicTop);
167
168 /// Replace all allocas in \p DynamicAllocas with code to allocate
169 /// space dynamically on the unsafe stack and store the dynamic unsafe stack
170 /// top to \p DynamicTop if non-null.
171 void moveDynamicAllocasToUnsafeStack(Function &F, Value *UnsafeStackPtr,
172 AllocaInst *DynamicTop,
173 ArrayRef<AllocaInst *> DynamicAllocas);
174
175 bool IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize);
176
177 bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
178 const Value *AllocaPtr, uint64_t AllocaSize);
179 bool IsAccessSafe(Value *Addr, uint64_t Size, const Value *AllocaPtr,
180 uint64_t AllocaSize);
181
182 bool ShouldInlinePointerAddress(CallInst &CI);
183 void TryInlinePointerAddress();
184
185public:
186 SafeStack(Function &F, const TargetLoweringBase &TL, const DataLayout &DL,
187 DomTreeUpdater *DTU, ScalarEvolution &SE)
188 : F(F), TL(TL), DL(DL), DTU(DTU), SE(SE),
189 StackPtrTy(DL.getAllocaPtrType(F.getContext())),
190 IntPtrTy(DL.getIntPtrType(F.getContext())),
191 Int32Ty(Type::getInt32Ty(F.getContext())) {}
192
193 // Run the transformation on the associated function.
194 // Returns whether the function was changed.
195 bool run();
196};
197
198uint64_t SafeStack::getStaticAllocaAllocationSize(const AllocaInst* AI) {
199 uint64_t Size = DL.getTypeAllocSize(AI->getAllocatedType());
200 if (AI->isArrayAllocation()) {
201 auto C = dyn_cast<ConstantInt>(AI->getArraySize());
202 if (!C)
203 return 0;
204 Size *= C->getZExtValue();
205 }
206 return Size;
207}
208
209bool SafeStack::IsAccessSafe(Value *Addr, uint64_t AccessSize,
210 const Value *AllocaPtr, uint64_t AllocaSize) {
211 const SCEV *AddrExpr = SE.getSCEV(Addr);
212 const auto *Base = dyn_cast<SCEVUnknown>(SE.getPointerBase(AddrExpr));
213 if (!Base || Base->getValue() != AllocaPtr) {
214 LLVM_DEBUG(
215 dbgs() << "[SafeStack] "
216 << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")
217 << *AllocaPtr << "\n"
218 << "SCEV " << *AddrExpr << " not directly based on alloca\n");
219 return false;
220 }
221
222 const SCEV *Expr = SE.removePointerBase(AddrExpr);
223 uint64_t BitWidth = SE.getTypeSizeInBits(Expr->getType());
224 ConstantRange AccessStartRange = SE.getUnsignedRange(Expr);
225 ConstantRange SizeRange =
226 ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AccessSize));
227 ConstantRange AccessRange = AccessStartRange.add(SizeRange);
228 ConstantRange AllocaRange =
229 ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AllocaSize));
230 bool Safe = AllocaRange.contains(AccessRange);
231
232 LLVM_DEBUG(
233 dbgs() << "[SafeStack] "
234 << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")
235 << *AllocaPtr << "\n"
236 << " Access " << *Addr << "\n"
237 << " SCEV " << *Expr
238 << " U: " << SE.getUnsignedRange(Expr)
239 << ", S: " << SE.getSignedRange(Expr) << "\n"
240 << " Range " << AccessRange << "\n"
241 << " AllocaRange " << AllocaRange << "\n"
242 << " " << (Safe ? "safe" : "unsafe") << "\n");
243
244 return Safe;
245}
246
247bool SafeStack::IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
248 const Value *AllocaPtr,
249 uint64_t AllocaSize) {
250 if (auto MTI = dyn_cast<MemTransferInst>(MI)) {
251 if (MTI->getRawSource() != U && MTI->getRawDest() != U)
252 return true;
253 } else {
254 if (MI->getRawDest() != U)
255 return true;
256 }
257
258 auto Len = MI->getLengthInBytes();
259 // Non-constant size => unsafe. FIXME: try SCEV getRange.
260 if (!Len) return false;
261 return IsAccessSafe(U, Len->getZExtValue(), AllocaPtr, AllocaSize);
262}
263
264/// Check whether a given allocation must be put on the safe
265/// stack or not. The function analyzes all uses of AI and checks whether it is
266/// only accessed in a memory safe way (as decided statically).
267bool SafeStack::IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize) {
268 // Go through all uses of this alloca and check whether all accesses to the
269 // allocated object are statically known to be memory safe and, hence, the
270 // object can be placed on the safe stack.
271 SmallPtrSet<const Value *, 16> Visited;
272 SmallVector<const Value *, 8> WorkList;
273 WorkList.push_back(AllocaPtr);
274
275 // A DFS search through all uses of the alloca in bitcasts/PHI/GEPs/etc.
276 while (!WorkList.empty()) {
277 const Value *V = WorkList.pop_back_val();
278 for (const Use &UI : V->uses()) {
279 auto I = cast<const Instruction>(UI.getUser());
280 assert(V == UI.get());
281
282 switch (I->getOpcode()) {
283 case Instruction::Load:
284 if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getType()), AllocaPtr,
285 AllocaSize))
286 return false;
287 break;
288
289 case Instruction::VAArg:
290 // "va-arg" from a pointer is safe.
291 break;
292 case Instruction::Store:
293 if (V == I->getOperand(0)) {
294 // Stored the pointer - conservatively assume it may be unsafe.
295 LLVM_DEBUG(dbgs()
296 << "[SafeStack] Unsafe alloca: " << *AllocaPtr
297 << "\n store of address: " << *I << "\n");
298 return false;
299 }
300
301 if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getOperand(0)->getType()),
302 AllocaPtr, AllocaSize))
303 return false;
304 break;
305
306 case Instruction::Ret:
307 // Information leak.
308 return false;
309
310 case Instruction::Call:
311 case Instruction::Invoke: {
312 const CallBase &CS = *cast<CallBase>(I);
313
314 if (I->isLifetimeStartOrEnd())
315 continue;
316
317 if (const MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {
318 if (!IsMemIntrinsicSafe(MI, UI, AllocaPtr, AllocaSize)) {
319 LLVM_DEBUG(dbgs()
320 << "[SafeStack] Unsafe alloca: " << *AllocaPtr
321 << "\n unsafe memintrinsic: " << *I << "\n");
322 return false;
323 }
324 continue;
325 }
326
327 // LLVM 'nocapture' attribute is only set for arguments whose address
328 // is not stored, passed around, or used in any other non-trivial way.
329 // We assume that passing a pointer to an object as a 'nocapture
330 // readnone' argument is safe.
331 // FIXME: a more precise solution would require an interprocedural
332 // analysis here, which would look at all uses of an argument inside
333 // the function being called.
334 auto B = CS.arg_begin(), E = CS.arg_end();
335 for (const auto *A = B; A != E; ++A)
336 if (A->get() == V)
337 if (!(CS.doesNotCapture(A - B) && (CS.doesNotAccessMemory(A - B) ||
338 CS.doesNotAccessMemory()))) {
339 LLVM_DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AllocaPtr
340 << "\n unsafe call: " << *I << "\n");
341 return false;
342 }
343 continue;
344 }
345
346 default:
347 if (Visited.insert(I).second)
348 WorkList.push_back(cast<const Instruction>(I));
349 }
350 }
351 }
352
353 // All uses of the alloca are safe, we can place it on the safe stack.
354 return true;
355}
356
357Value *SafeStack::getStackGuard(IRBuilder<> &IRB, Function &F) {
358 Value *StackGuardVar = TL.getIRStackGuard(IRB);
359 Module *M = F.getParent();
360
361 if (!StackGuardVar) {
362 TL.insertSSPDeclarations(*M);
363 return IRB.CreateIntrinsic(Intrinsic::stackguard, {});
364 }
365
366 return IRB.CreateLoad(StackPtrTy, StackGuardVar, "StackGuard");
367}
368
369void SafeStack::findInsts(Function &F,
370 SmallVectorImpl<AllocaInst *> &StaticAllocas,
371 SmallVectorImpl<AllocaInst *> &DynamicAllocas,
372 SmallVectorImpl<Argument *> &ByValArguments,
373 SmallVectorImpl<Instruction *> &Returns,
374 SmallVectorImpl<Instruction *> &StackRestorePoints) {
375 for (Instruction &I : instructions(&F)) {
376 if (auto AI = dyn_cast<AllocaInst>(&I)) {
377 ++NumAllocas;
378
379 uint64_t Size = getStaticAllocaAllocationSize(AI);
380 if (IsSafeStackAlloca(AI, Size))
381 continue;
382
383 if (AI->isStaticAlloca()) {
384 ++NumUnsafeStaticAllocas;
385 StaticAllocas.push_back(AI);
386 } else {
387 ++NumUnsafeDynamicAllocas;
388 DynamicAllocas.push_back(AI);
389 }
390 } else if (auto RI = dyn_cast<ReturnInst>(&I)) {
391 if (CallInst *CI = I.getParent()->getTerminatingMustTailCall())
392 Returns.push_back(CI);
393 else
394 Returns.push_back(RI);
395 } else if (auto CI = dyn_cast<CallInst>(&I)) {
396 // setjmps require stack restore.
397 if (CI->getCalledFunction() && CI->canReturnTwice())
398 StackRestorePoints.push_back(CI);
399 } else if (auto LP = dyn_cast<LandingPadInst>(&I)) {
400 // Exception landing pads require stack restore.
401 StackRestorePoints.push_back(LP);
402 } else if (auto II = dyn_cast<IntrinsicInst>(&I)) {
403 if (II->getIntrinsicID() == Intrinsic::gcroot)
404 report_fatal_error(
405 "gcroot intrinsic not compatible with safestack attribute");
406 }
407 }
408 for (Argument &Arg : F.args()) {
409 if (!Arg.hasByValAttr())
410 continue;
411 uint64_t Size = DL.getTypeStoreSize(Arg.getParamByValType());
412 if (IsSafeStackAlloca(&Arg, Size))
413 continue;
414
415 ++NumUnsafeByValArguments;
416 ByValArguments.push_back(&Arg);
417 }
418}
419
420AllocaInst *
421SafeStack::createStackRestorePoints(IRBuilder<> &IRB, Function &F,
422 ArrayRef<Instruction *> StackRestorePoints,
423 Value *StaticTop, bool NeedDynamicTop) {
424 assert(StaticTop && "The stack top isn't set.");
425
426 if (StackRestorePoints.empty())
427 return nullptr;
428
429 // We need the current value of the shadow stack pointer to restore
430 // after longjmp or exception catching.
431
432 // FIXME: On some platforms this could be handled by the longjmp/exception
433 // runtime itself.
434
435 AllocaInst *DynamicTop = nullptr;
436 if (NeedDynamicTop) {
437 // If we also have dynamic alloca's, the stack pointer value changes
438 // throughout the function. For now we store it in an alloca.
439 DynamicTop = IRB.CreateAlloca(StackPtrTy, /*ArraySize=*/nullptr,
440 "unsafe_stack_dynamic_ptr");
441 IRB.CreateStore(StaticTop, DynamicTop);
442 }
443
444 // Restore current stack pointer after longjmp/exception catch.
445 for (Instruction *I : StackRestorePoints) {
446 ++NumUnsafeStackRestorePoints;
447
448 IRB.SetInsertPoint(I->getNextNode());
449 Value *CurrentTop =
450 DynamicTop ? IRB.CreateLoad(StackPtrTy, DynamicTop) : StaticTop;
451 IRB.CreateStore(CurrentTop, UnsafeStackPtr);
452 }
453
454 return DynamicTop;
455}
456
457void SafeStack::checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,
458 AllocaInst *StackGuardSlot, Value *StackGuard) {
459 Value *V = IRB.CreateLoad(StackPtrTy, StackGuardSlot);
460 Value *Cmp = IRB.CreateICmpNE(StackGuard, V);
461
462 auto SuccessProb = BranchProbabilityInfo::getBranchProbStackProtector(true);
463 auto FailureProb = BranchProbabilityInfo::getBranchProbStackProtector(false);
464 MDNode *Weights = MDBuilder(F.getContext())
465 .createBranchWeights(SuccessProb.getNumerator(),
466 FailureProb.getNumerator());
467 Instruction *CheckTerm =
468 SplitBlockAndInsertIfThen(Cmp, &RI, /* Unreachable */ true, Weights, DTU);
469 IRBuilder<> IRBFail(CheckTerm);
470 // FIXME: respect -fsanitize-trap / -ftrap-function here?
471 const char *StackChkFailName =
472 TL.getLibcallName(RTLIB::STACKPROTECTOR_CHECK_FAIL);
473 if (!StackChkFailName) {
474 F.getContext().emitError(
475 "no libcall available for stackprotector check fail");
476 return;
477 }
478
479 FunctionCallee StackChkFail =
480 F.getParent()->getOrInsertFunction(StackChkFailName, IRB.getVoidTy());
481 IRBFail.CreateCall(StackChkFail, {});
482}
483
484/// We explicitly compute and set the unsafe stack layout for all unsafe
485/// static alloca instructions. We save the unsafe "base pointer" in the
486/// prologue into a local variable and restore it in the epilogue.
487Value *SafeStack::moveStaticAllocasToUnsafeStack(
488 IRBuilder<> &IRB, Function &F, ArrayRef<AllocaInst *> StaticAllocas,
489 ArrayRef<Argument *> ByValArguments, Instruction *BasePointer,
490 AllocaInst *StackGuardSlot) {
491 if (StaticAllocas.empty() && ByValArguments.empty())
492 return BasePointer;
493
494 DIBuilder DIB(*F.getParent());
495
496 StackLifetime SSC(F, StaticAllocas, StackLifetime::LivenessType::May);
497 static const StackLifetime::LiveRange NoColoringRange(1, true);
498 if (ClColoring)
499 SSC.run();
500
501 for (const auto *I : SSC.getMarkers()) {
502 auto *Op = dyn_cast<Instruction>(I->getOperand(1));
503 const_cast<IntrinsicInst *>(I)->eraseFromParent();
504 // Remove the operand bitcast, too, if it has no more uses left.
505 if (Op && Op->use_empty())
506 Op->eraseFromParent();
507 }
508
509 // Unsafe stack always grows down.
510 StackLayout SSL(StackAlignment);
511 if (StackGuardSlot) {
512 Type *Ty = StackGuardSlot->getAllocatedType();
513 Align Align = std::max(DL.getPrefTypeAlign(Ty), StackGuardSlot->getAlign());
514 SSL.addObject(StackGuardSlot, getStaticAllocaAllocationSize(StackGuardSlot),
515 Align, SSC.getFullLiveRange());
516 }
517
518 for (Argument *Arg : ByValArguments) {
519 Type *Ty = Arg->getParamByValType();
520 uint64_t Size = DL.getTypeStoreSize(Ty);
521 if (Size == 0)
522 Size = 1; // Don't create zero-sized stack objects.
523
524 // Ensure the object is properly aligned.
525 Align Align = DL.getPrefTypeAlign(Ty);
526 if (auto A = Arg->getParamAlign())
527 Align = std::max(Align, *A);
528 SSL.addObject(Arg, Size, Align, SSC.getFullLiveRange());
529 }
530
531 for (AllocaInst *AI : StaticAllocas) {
532 Type *Ty = AI->getAllocatedType();
533 uint64_t Size = getStaticAllocaAllocationSize(AI);
534 if (Size == 0)
535 Size = 1; // Don't create zero-sized stack objects.
536
537 // Ensure the object is properly aligned.
538 Align Align = std::max(DL.getPrefTypeAlign(Ty), AI->getAlign());
539
540 SSL.addObject(AI, Size, Align,
541 ClColoring ? SSC.getLiveRange(AI) : NoColoringRange);
542 }
543
544 SSL.computeLayout();
545 Align FrameAlignment = SSL.getFrameAlignment();
546
547 // FIXME: tell SSL that we start at a less-then-MaxAlignment aligned location
548 // (AlignmentSkew).
549 if (FrameAlignment > StackAlignment) {
550 // Re-align the base pointer according to the max requested alignment.
551 IRB.SetInsertPoint(BasePointer->getNextNode());
552 BasePointer = cast<Instruction>(IRB.CreateIntToPtr(
553 IRB.CreateAnd(
554 IRB.CreatePtrToInt(BasePointer, IntPtrTy),
555 ConstantInt::get(IntPtrTy, ~(FrameAlignment.value() - 1))),
556 StackPtrTy));
557 }
558
559 IRB.SetInsertPoint(BasePointer->getNextNode());
560
561 if (StackGuardSlot) {
562 unsigned Offset = SSL.getObjectOffset(StackGuardSlot);
563 Value *Off =
564 IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));
565 Value *NewAI =
566 IRB.CreateBitCast(Off, StackGuardSlot->getType(), "StackGuardSlot");
567
568 // Replace alloc with the new location.
569 StackGuardSlot->replaceAllUsesWith(NewAI);
570 StackGuardSlot->eraseFromParent();
571 }
572
573 for (Argument *Arg : ByValArguments) {
574 unsigned Offset = SSL.getObjectOffset(Arg);
575 MaybeAlign Align(SSL.getObjectAlignment(Arg));
576 Type *Ty = Arg->getParamByValType();
577
578 uint64_t Size = DL.getTypeStoreSize(Ty);
579 if (Size == 0)
580 Size = 1; // Don't create zero-sized stack objects.
581
582 Value *Off =
583 IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));
584 Value *NewArg = IRB.CreateBitCast(Off, Arg->getType(),
585 Arg->getName() + ".unsafe-byval");
586
587 // Replace alloc with the new location.
588 replaceDbgDeclare(Arg, BasePointer, DIB, DIExpression::ApplyOffset,
589 -Offset);
590 Arg->replaceAllUsesWith(NewArg);
591 IRB.SetInsertPoint(cast<Instruction>(NewArg)->getNextNode());
592 IRB.CreateMemCpy(Off, Align, Arg, Arg->getParamAlign(), Size);
593 }
594
595 // Allocate space for every unsafe static AllocaInst on the unsafe stack.
596 for (AllocaInst *AI : StaticAllocas) {
597 IRB.SetInsertPoint(AI);
598 unsigned Offset = SSL.getObjectOffset(AI);
599
600 replaceDbgDeclare(AI, BasePointer, DIB, DIExpression::ApplyOffset, -Offset);
601 replaceDbgValueForAlloca(AI, BasePointer, DIB, -Offset);
602
603 // Replace uses of the alloca with the new location.
604 // Insert address calculation close to each use to work around PR27844.
605 std::string Name = std::string(AI->getName()) + ".unsafe";
606 while (!AI->use_empty()) {
607 Use &U = *AI->use_begin();
608 Instruction *User = cast<Instruction>(U.getUser());
609
610 // Drop lifetime markers now that this is no longer an alloca.
611 // SafeStack has already performed its own stack coloring.
612 if (User->isLifetimeStartOrEnd()) {
613 User->eraseFromParent();
614 continue;
615 }
616
617 Instruction *InsertBefore;
618 if (auto *PHI = dyn_cast<PHINode>(User))
619 InsertBefore = PHI->getIncomingBlock(U)->getTerminator();
620 else
621 InsertBefore = User;
622
623 IRBuilder<> IRBUser(InsertBefore);
624 Value *Off =
625 IRBUser.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));
626 Value *Replacement =
627 IRBUser.CreateAddrSpaceCast(Off, AI->getType(), Name);
628
629 if (auto *PHI = dyn_cast<PHINode>(User))
630 // PHI nodes may have multiple incoming edges from the same BB (why??),
631 // all must be updated at once with the same incoming value.
632 PHI->setIncomingValueForBlock(PHI->getIncomingBlock(U), Replacement);
633 else
634 U.set(Replacement);
635 }
636
637 AI->eraseFromParent();
638 }
639
640 // Re-align BasePointer so that our callees would see it aligned as
641 // expected.
642 // FIXME: no need to update BasePointer in leaf functions.
643 unsigned FrameSize = alignTo(SSL.getFrameSize(), StackAlignment);
644
645 MDBuilder MDB(F.getContext());
646 SmallVector<Metadata *, 2> Data;
647 Data.push_back(MDB.createString("unsafe-stack-size"));
648 Data.push_back(MDB.createConstant(ConstantInt::get(Int32Ty, FrameSize)));
649 MDNode *MD = MDTuple::get(F.getContext(), Data);
650 F.setMetadata(LLVMContext::MD_annotation, MD);
651
652 // Update shadow stack pointer in the function epilogue.
653 IRB.SetInsertPoint(BasePointer->getNextNode());
654
655 Value *StaticTop =
656 IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -FrameSize),
657 "unsafe_stack_static_top");
658 IRB.CreateStore(StaticTop, UnsafeStackPtr);
659 return StaticTop;
660}
661
662void SafeStack::moveDynamicAllocasToUnsafeStack(
663 Function &F, Value *UnsafeStackPtr, AllocaInst *DynamicTop,
664 ArrayRef<AllocaInst *> DynamicAllocas) {
665 DIBuilder DIB(*F.getParent());
666
667 for (AllocaInst *AI : DynamicAllocas) {
668 IRBuilder<> IRB(AI);
669
670 // Compute the new SP value (after AI).
671 Value *ArraySize = AI->getArraySize();
672 if (ArraySize->getType() != IntPtrTy)
673 ArraySize = IRB.CreateIntCast(ArraySize, IntPtrTy, false);
674
675 Type *Ty = AI->getAllocatedType();
676 uint64_t TySize = DL.getTypeAllocSize(Ty);
677 Value *Size = IRB.CreateMul(ArraySize, ConstantInt::get(IntPtrTy, TySize));
678
679 Value *SP = IRB.CreatePtrToInt(IRB.CreateLoad(StackPtrTy, UnsafeStackPtr),
680 IntPtrTy);
681 SP = IRB.CreateSub(SP, Size);
682
683 // Align the SP value to satisfy the AllocaInst, type and stack alignments.
684 auto Align = std::max(std::max(DL.getPrefTypeAlign(Ty), AI->getAlign()),
685 StackAlignment);
686
687 Value *NewTop = IRB.CreateIntToPtr(
688 IRB.CreateAnd(SP,
689 ConstantInt::get(IntPtrTy, ~uint64_t(Align.value() - 1))),
690 StackPtrTy);
691
692 // Save the stack pointer.
693 IRB.CreateStore(NewTop, UnsafeStackPtr);
694 if (DynamicTop)
695 IRB.CreateStore(NewTop, DynamicTop);
696
697 Value *NewAI = IRB.CreatePointerCast(NewTop, AI->getType());
698 if (AI->hasName() && isa<Instruction>(NewAI))
699 NewAI->takeName(AI);
700
701 replaceDbgDeclare(AI, NewAI, DIB, DIExpression::ApplyOffset, 0);
702 AI->replaceAllUsesWith(NewAI);
703 AI->eraseFromParent();
704 }
705
706 if (!DynamicAllocas.empty()) {
707 // Now go through the instructions again, replacing stacksave/stackrestore.
708 for (Instruction &I : llvm::make_early_inc_range(instructions(&F))) {
709 auto *II = dyn_cast<IntrinsicInst>(&I);
710 if (!II)
711 continue;
712
713 if (II->getIntrinsicID() == Intrinsic::stacksave) {
714 IRBuilder<> IRB(II);
715 Instruction *LI = IRB.CreateLoad(StackPtrTy, UnsafeStackPtr);
716 LI->takeName(II);
717 II->replaceAllUsesWith(LI);
718 II->eraseFromParent();
719 } else if (II->getIntrinsicID() == Intrinsic::stackrestore) {
720 IRBuilder<> IRB(II);
721 Instruction *SI = IRB.CreateStore(II->getArgOperand(0), UnsafeStackPtr);
722 SI->takeName(II);
723 assert(II->use_empty());
724 II->eraseFromParent();
725 }
726 }
727 }
728}
729
730bool SafeStack::ShouldInlinePointerAddress(CallInst &CI) {
731 Function *Callee = CI.getCalledFunction();
732 if (CI.hasFnAttr(Attribute::AlwaysInline) &&
733 isInlineViable(*Callee).isSuccess())
734 return true;
735 if (Callee->isInterposable() || Callee->hasFnAttribute(Attribute::NoInline) ||
736 CI.isNoInline())
737 return false;
738 return true;
739}
740
741void SafeStack::TryInlinePointerAddress() {
742 auto *CI = dyn_cast<CallInst>(UnsafeStackPtr);
743 if (!CI)
744 return;
745
746 if(F.hasOptNone())
747 return;
748
749 Function *Callee = CI->getCalledFunction();
750 if (!Callee || Callee->isDeclaration())
751 return;
752
753 if (!ShouldInlinePointerAddress(*CI))
754 return;
755
756 InlineFunctionInfo IFI;
757 InlineFunction(*CI, IFI);
758}
759
760bool SafeStack::run() {
761 assert(F.hasFnAttribute(Attribute::SafeStack) &&
762 "Can't run SafeStack on a function without the attribute");
763 assert(!F.isDeclaration() && "Can't run SafeStack on a function declaration");
764
765 ++NumFunctions;
766
767 SmallVector<AllocaInst *, 16> StaticAllocas;
768 SmallVector<AllocaInst *, 4> DynamicAllocas;
769 SmallVector<Argument *, 4> ByValArguments;
770 SmallVector<Instruction *, 4> Returns;
771
772 // Collect all points where stack gets unwound and needs to be restored
773 // This is only necessary because the runtime (setjmp and unwind code) is
774 // not aware of the unsafe stack and won't unwind/restore it properly.
775 // To work around this problem without changing the runtime, we insert
776 // instrumentation to restore the unsafe stack pointer when necessary.
777 SmallVector<Instruction *, 4> StackRestorePoints;
778
779 // Find all static and dynamic alloca instructions that must be moved to the
780 // unsafe stack, all return instructions and stack restore points.
781 findInsts(F, StaticAllocas, DynamicAllocas, ByValArguments, Returns,
782 StackRestorePoints);
783
784 if (StaticAllocas.empty() && DynamicAllocas.empty() &&
785 ByValArguments.empty() && StackRestorePoints.empty())
786 return false; // Nothing to do in this function.
787
788 if (!StaticAllocas.empty() || !DynamicAllocas.empty() ||
789 !ByValArguments.empty())
790 ++NumUnsafeStackFunctions; // This function has the unsafe stack.
791
792 if (!StackRestorePoints.empty())
793 ++NumUnsafeStackRestorePointsFunctions;
794
795 IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt());
796 // Calls must always have a debug location, or else inlining breaks. So
797 // we explicitly set a artificial debug location here.
798 if (DISubprogram *SP = F.getSubprogram())
799 IRB.SetCurrentDebugLocation(
800 DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP));
801 if (SafeStackUsePointerAddress) {
802 const char *SafestackPointerAddressName =
803 TL.getLibcallName(RTLIB::SAFESTACK_POINTER_ADDRESS);
804 if (!SafestackPointerAddressName) {
805 F.getContext().emitError(
806 "no libcall available for safestack pointer address");
807 return false;
808 }
809
810 FunctionCallee Fn = F.getParent()->getOrInsertFunction(
811 SafestackPointerAddressName, IRB.getPtrTy(0));
812 UnsafeStackPtr = IRB.CreateCall(Fn);
813 } else {
814 UnsafeStackPtr = TL.getSafeStackPointerLocation(IRB);
815 }
816
817 // Load the current stack pointer (we'll also use it as a base pointer).
818 // FIXME: use a dedicated register for it ?
819 Instruction *BasePointer =
820 IRB.CreateLoad(StackPtrTy, UnsafeStackPtr, false, "unsafe_stack_ptr");
821 assert(BasePointer->getType() == StackPtrTy);
822
823 AllocaInst *StackGuardSlot = nullptr;
824 // FIXME: implement weaker forms of stack protector.
825 if (F.hasFnAttribute(Attribute::StackProtect) ||
826 F.hasFnAttribute(Attribute::StackProtectStrong) ||
827 F.hasFnAttribute(Attribute::StackProtectReq)) {
828 Value *StackGuard = getStackGuard(IRB, F);
829 StackGuardSlot = IRB.CreateAlloca(StackPtrTy, nullptr);
830 IRB.CreateStore(StackGuard, StackGuardSlot);
831
832 for (Instruction *RI : Returns) {
833 IRBuilder<> IRBRet(RI);
834 checkStackGuard(IRBRet, F, *RI, StackGuardSlot, StackGuard);
835 }
836 }
837
838 // The top of the unsafe stack after all unsafe static allocas are
839 // allocated.
840 Value *StaticTop = moveStaticAllocasToUnsafeStack(
841 IRB, F, StaticAllocas, ByValArguments, BasePointer, StackGuardSlot);
842
843 // Safe stack object that stores the current unsafe stack top. It is updated
844 // as unsafe dynamic (non-constant-sized) allocas are allocated and freed.
845 // This is only needed if we need to restore stack pointer after longjmp
846 // or exceptions, and we have dynamic allocations.
847 // FIXME: a better alternative might be to store the unsafe stack pointer
848 // before setjmp / invoke instructions.
849 AllocaInst *DynamicTop = createStackRestorePoints(
850 IRB, F, StackRestorePoints, StaticTop, !DynamicAllocas.empty());
851
852 // Handle dynamic allocas.
853 moveDynamicAllocasToUnsafeStack(F, UnsafeStackPtr, DynamicTop,
854 DynamicAllocas);
855
856 // Restore the unsafe stack pointer before each return.
857 for (Instruction *RI : Returns) {
858 IRB.SetInsertPoint(RI);
859 IRB.CreateStore(BasePointer, UnsafeStackPtr);
860 }
861
862 TryInlinePointerAddress();
863
864 LLVM_DEBUG(dbgs() << "[SafeStack] safestack applied\n");
865 return true;
866}
867
868class SafeStackLegacyPass : public FunctionPass {
869 const TargetMachine *TM = nullptr;
870
871public:
872 static char ID; // Pass identification, replacement for typeid..
873
874 SafeStackLegacyPass() : FunctionPass(ID) {
875 initializeSafeStackLegacyPassPass(*PassRegistry::getPassRegistry());
876 }
877
878 void getAnalysisUsage(AnalysisUsage &AU) const override {
879 AU.addRequired<TargetPassConfig>();
880 AU.addRequired<TargetLibraryInfoWrapperPass>();
881 AU.addRequired<AssumptionCacheTracker>();
882 AU.addPreserved<DominatorTreeWrapperPass>();
883 }
884
885 bool runOnFunction(Function &F) override {
886 LLVM_DEBUG(dbgs() << "[SafeStack] Function: " << F.getName() << "\n");
887
888 if (!F.hasFnAttribute(Attribute::SafeStack)) {
889 LLVM_DEBUG(dbgs() << "[SafeStack] safestack is not requested"
890 " for this function\n");
891 return false;
892 }
893
894 if (F.isDeclaration()) {
895 LLVM_DEBUG(dbgs() << "[SafeStack] function definition"
896 " is not available\n");
897 return false;
898 }
899
900 TM = &getAnalysis<TargetPassConfig>().getTM<TargetMachine>();
901 auto *TL = TM->getSubtargetImpl(F)->getTargetLowering();
902 if (!TL)
903 report_fatal_error("TargetLowering instance is required");
904
905 auto *DL = &F.getDataLayout();
906 auto &TLI = getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);
907 auto &ACT = getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
908
909 // Compute DT and LI only for functions that have the attribute.
910 // This is only useful because the legacy pass manager doesn't let us
911 // compute analyzes lazily.
912
913 DominatorTree *DT;
914 bool ShouldPreserveDominatorTree;
915 std::optional<DominatorTree> LazilyComputedDomTree;
916
917 // Do we already have a DominatorTree available from the previous pass?
918 // Note that we should *NOT* require it, to avoid the case where we end up
919 // not needing it, but the legacy PM would have computed it for us anyways.
920 if (auto *DTWP = getAnalysisIfAvailable<DominatorTreeWrapperPass>()) {
921 DT = &DTWP->getDomTree();
922 ShouldPreserveDominatorTree = true;
923 } else {
924 // Otherwise, we need to compute it.
925 LazilyComputedDomTree.emplace(F);
926 DT = &*LazilyComputedDomTree;
927 ShouldPreserveDominatorTree = false;
928 }
929
930 // Likewise, lazily compute loop info.
931 LoopInfo LI(*DT);
932
933 DomTreeUpdater DTU(DT, DomTreeUpdater::UpdateStrategy::Lazy);
934
935 ScalarEvolution SE(F, TLI, ACT, *DT, LI);
936
937 return SafeStack(F, *TL, *DL, ShouldPreserveDominatorTree ? &DTU : nullptr,
938 SE)
939 .run();
940 }
941};
942
943} // end anonymous namespace
944
945PreservedAnalyses SafeStackPass::run(Function &F,
946 FunctionAnalysisManager &FAM) {
947 LLVM_DEBUG(dbgs() << "[SafeStack] Function: " << F.getName() << "\n");
948
949 if (!F.hasFnAttribute(Attribute::SafeStack)) {
950 LLVM_DEBUG(dbgs() << "[SafeStack] safestack is not requested"
951 " for this function\n");
952 return PreservedAnalyses::all();
953 }
954
955 if (F.isDeclaration()) {
956 LLVM_DEBUG(dbgs() << "[SafeStack] function definition"
957 " is not available\n");
958 return PreservedAnalyses::all();
959 }
960
961 auto *TL = TM->getSubtargetImpl(F)->getTargetLowering();
962 if (!TL)
963 report_fatal_error("TargetLowering instance is required");
964
965 auto &DL = F.getDataLayout();
966
967 // preserve DominatorTree
968 auto &DT = FAM.getResult<DominatorTreeAnalysis>(F);
969 auto &SE = FAM.getResult<ScalarEvolutionAnalysis>(F);
970 DomTreeUpdater DTU(DT, DomTreeUpdater::UpdateStrategy::Lazy);
971
972 bool Changed = SafeStack(F, *TL, DL, &DTU, SE).run();
973
974 if (!Changed)
975 return PreservedAnalyses::all();
976 PreservedAnalyses PA;
977 PA.preserve<DominatorTreeAnalysis>();
978 return PA;
979}
980
981char SafeStackLegacyPass::ID = 0;
982
983INITIALIZE_PASS_BEGIN(SafeStackLegacyPass, DEBUG_TYPE,
984 "Safe Stack instrumentation pass", false, false)
985INITIALIZE_PASS_DEPENDENCY(TargetPassConfig)
986INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
987INITIALIZE_PASS_END(SafeStackLegacyPass, DEBUG_TYPE,
988 "Safe Stack instrumentation pass", false, false)
989
990FunctionPass *llvm::createSafeStackPass() { return new SafeStackLegacyPass(); }
assert
assert(UImm &&(UImm !=~static_cast< T >(0)) &&"Invalid immediate!")
PHI
Rewrite undef for PHI
Definition AMDGPURewriteUndefForPHI.cpp:98
APInt.h
This file implements a class to represent arbitrary precision integral constant values and operations...
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition ARMSLSHardening.cpp:73
getNextNode
VarLocInsertPt getNextNode(const DbgRecord *DVR)
Definition AssignmentTrackingAnalysis.cpp:1463
instructions
Expand Atomic instructions
Definition AtomicExpandPass.cpp:184
Attributes.h
This file contains the simple types necessary to represent the attributes associated with functions a...
A
static GCRegistry::Add< ErlangGC > A("erlang", "erlang-compatible garbage collector")
E
static GCRegistry::Add< CoreCLRGC > E("coreclr", "CoreCLR-compatible GC")
B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")
Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...
runOnFunction
static bool runOnFunction(Function &F, bool PostInlining)
Definition EntryExitInstrumenter.cpp:103
DEBUG_TYPE
#define DEBUG_TYPE
Definition GenericCycleImpl.h:31
MI
IRTranslator LLVM IR MI
Definition IRTranslator.cpp:110
Module.h
Module.h This file contains the declarations for the Module class.
Use.h
This defines the Use class.
F
#define F(x, y, z)
Definition MD5.cpp:54
I
#define I(x, y, z)
Definition MD5.cpp:57
Module
Machine Check Debug Module
Definition MachineCheckDebugify.cpp:124
Metadata.h
This file contains the declarations for metadata subclasses.
II
uint64_t IntrinsicInst * II
Definition NVVMIntrRange.cpp:46
FAM
FunctionAnalysisManager FAM
Definition PassBuilderBindings.cpp:61
INITIALIZE_PASS_DEPENDENCY
#define INITIALIZE_PASS_DEPENDENCY(depName)
Definition PassSupport.h:42
INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition PassSupport.h:44
INITIALIZE_PASS_BEGIN
#define INITIALIZE_PASS_BEGIN(passName, arg, name, cfg, analysis)
Definition PassSupport.h:39
SafeStackUsePointerAddress
static cl::opt< bool > SafeStackUsePointerAddress("safestack-use-pointer-address", cl::init(false), cl::Hidden)
Use __safestack_pointer_address even if the platform has a faster way of access safe stack pointer.
ClColoring
static cl::opt< bool > ClColoring("safe-stack-coloring", cl::desc("enable safe stack coloring"), cl::Hidden, cl::init(true))
SmallPtrSet.h
This file defines the SmallPtrSet class.
SmallVector.h
This file defines the SmallVector class.
getStackGuard
static Value * getStackGuard(const TargetLoweringBase *TLI, Module *M, IRBuilder<> &B, bool *SupportsSelectionDAGSP=nullptr)
Create a stack guard loading and populate whether SelectionDAG SSP is supported.
Definition StackProtector.cpp:522
Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...
STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition Statistic.h:171
LLVM_DEBUG
#define LLVM_DEBUG(...)
Definition Debug.h:114
TargetLowering.h
This file describes how to lower LLVM code to machine code.
TargetPassConfig.h
Target-Independent Code Generator Pass Configuration Options pass.
llvm::AllocaInst
an instruction to allocate memory on the stack
Definition Instructions.h:65
llvm::AllocaInst::isStaticAlloca
LLVM_ABI bool isStaticAlloca() const
Return true if this alloca is in the entry block of the function and is a constant size.
Definition Instructions.cpp:1303
llvm::AllocaInst::getAlign
Align getAlign() const
Return the alignment of the memory that is being allocated by the instruction.
Definition Instructions.h:129
llvm::AllocaInst::getType
PointerType * getType() const
Overload to return most specific pointer type.
Definition Instructions.h:102
llvm::AllocaInst::getAllocatedType
Type * getAllocatedType() const
Return the type that is being allocated by the instruction.
Definition Instructions.h:122
llvm::AllocaInst::isArrayAllocation
LLVM_ABI bool isArrayAllocation() const
Return true if there is an allocation size parameter to the allocation instruction that is not 1.
Definition Instructions.cpp:1294
llvm::AllocaInst::getArraySize
const Value * getArraySize() const
Get the number of elements allocated.
Definition Instructions.h:98
llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition PassAnalysisSupport.h:76
llvm::AnalysisUsage::addPreserved
AnalysisUsage & addPreserved()
Add the specified Pass class to the set of analyses preserved by this pass.
Definition PassAnalysisSupport.h:99
llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition ArrayRef.h:40
llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition ArrayRef.h:137
llvm::BranchProbabilityInfo::getBranchProbStackProtector
static BranchProbability getBranchProbStackProtector(bool IsLikely)
Definition BranchProbabilityInfo.h:204
llvm::CallBase::doesNotCapture
bool doesNotCapture(unsigned OpNo) const
Determine whether this data operand is not captured.
Definition InstrTypes.h:1697
llvm::CallBase::getCalledFunction
Function * getCalledFunction() const
Returns the function called, or null if this is an indirect function invocation or the function signa...
Definition InstrTypes.h:1346
llvm::CallBase::doesNotAccessMemory
bool doesNotAccessMemory(unsigned OpNo) const
Definition InstrTypes.h:1743
llvm::CallBase::hasFnAttr
bool hasFnAttr(Attribute::AttrKind Kind) const
Determine whether this call has the given attribute.
Definition InstrTypes.h:1456
llvm::CallBase::arg_begin
User::op_iterator arg_begin()
Return the iterator pointing to the beginning of the argument list.
Definition InstrTypes.h:1265
llvm::CallBase::isNoInline
bool isNoInline() const
Return true if the call should not be inlined.
Definition InstrTypes.h:1912
llvm::CallBase::arg_end
User::op_iterator arg_end()
Return the iterator pointing to the end of the argument list.
Definition InstrTypes.h:1271
llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition Instructions.h:1511
llvm::ConstantRange::add
LLVM_ABI ConstantRange add(const ConstantRange &Other) const
Return a new range representing the possible values resulting from an addition of a value in this ran...
Definition ConstantRange.cpp:1097
llvm::ConstantRange::contains
LLVM_ABI bool contains(const APInt &Val) const
Return true if the specified value is in the set.
Definition ConstantRange.cpp:517
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition DataLayout.h:63
llvm::DominatorTreeAnalysis
Analysis pass which computes a DominatorTree.
Definition Dominators.h:283
llvm::DominatorTreeWrapperPass
Legacy analysis pass which computes a DominatorTree.
Definition Dominators.h:321
llvm::FunctionPass
FunctionPass class - This class is used to implement most global optimizations.
Definition Pass.h:314
llvm::IRBuilderBase::CreateAlloca
AllocaInst * CreateAlloca(Type *Ty, unsigned AddrSpace, Value *ArraySize=nullptr, const Twine &Name="")
Definition IRBuilder.h:1833
llvm::IRBuilderBase::CreateMemCpy
CallInst * CreateMemCpy(Value *Dst, MaybeAlign DstAlign, Value *Src, MaybeAlign SrcAlign, uint64_t Size, bool isVolatile=false, const AAMDNodes &AAInfo=AAMDNodes())
Create and insert a memcpy between the specified pointers.
Definition IRBuilder.h:687
llvm::IRBuilderBase::CreatePointerCast
Value * CreatePointerCast(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2254
llvm::IRBuilderBase::CreateIntToPtr
Value * CreateIntToPtr(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2202
llvm::IRBuilderBase::CreatePtrAdd
Value * CreatePtrAdd(Value *Ptr, Value *Offset, const Twine &Name="", GEPNoWrapFlags NW=GEPNoWrapFlags::none())
Definition IRBuilder.h:2039
llvm::IRBuilderBase::SetCurrentDebugLocation
void SetCurrentDebugLocation(DebugLoc L)
Set location information used by debugging information.
Definition IRBuilder.h:247
llvm::IRBuilderBase::CreateICmpNE
Value * CreateICmpNE(Value *LHS, Value *RHS, const Twine &Name="")
Definition IRBuilder.h:2336
llvm::IRBuilderBase::CreateIntrinsic
LLVM_ABI CallInst * CreateIntrinsic(Intrinsic::ID ID, ArrayRef< Type * > Types, ArrayRef< Value * > Args, FMFSource FMFSource={}, const Twine &Name="")
Create a call to intrinsic ID with Args, mangled using Types.
Definition IRBuilder.cpp:845
llvm::IRBuilderBase::CreateSub
Value * CreateSub(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition IRBuilder.h:1420
llvm::IRBuilderBase::CreateBitCast
Value * CreateBitCast(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2207
llvm::IRBuilderBase::CreateLoad
LoadInst * CreateLoad(Type *Ty, Value *Ptr, const char *Name)
Provided to resolve 'CreateLoad(Ty, Ptr, "...")' correctly, instead of converting the string to 'bool...
Definition IRBuilder.h:1850
llvm::IRBuilderBase::CreateAnd
Value * CreateAnd(Value *LHS, Value *RHS, const Twine &Name="")
Definition IRBuilder.h:1551
llvm::IRBuilderBase::CreateStore
StoreInst * CreateStore(Value *Val, Value *Ptr, bool isVolatile=false)
Definition IRBuilder.h:1863
llvm::IRBuilderBase::CreatePtrToInt
Value * CreatePtrToInt(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2197
llvm::IRBuilderBase::CreateCall
CallInst * CreateCall(FunctionType *FTy, Value *Callee, ArrayRef< Value * > Args={}, const Twine &Name="", MDNode *FPMathTag=nullptr)
Definition IRBuilder.h:2511
llvm::IRBuilderBase::getPtrTy
PointerType * getPtrTy(unsigned AddrSpace=0)
Fetch the type representing a pointer.
Definition IRBuilder.h:605
llvm::IRBuilderBase::CreateIntCast
Value * CreateIntCast(Value *V, Type *DestTy, bool isSigned, const Twine &Name="")
Definition IRBuilder.h:2280
llvm::IRBuilderBase::SetInsertPoint
void SetInsertPoint(BasicBlock *TheBB)
This specifies that created instructions should be appended to the end of the specified block.
Definition IRBuilder.h:207
llvm::IRBuilderBase::getVoidTy
Type * getVoidTy()
Fetch the type representing void.
Definition IRBuilder.h:600
llvm::IRBuilderBase::CreateMul
Value * CreateMul(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition IRBuilder.h:1437
llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition IRBuilder.h:2788
llvm::InlineResult::isSuccess
bool isSuccess() const
Definition InlineCost.h:190
llvm::Instruction::eraseFromParent
LLVM_ABI InstListType::iterator eraseFromParent()
This method unlinks 'this' from the containing basic block and deletes it.
Definition Instruction.cpp:108
llvm::MDTuple::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition Metadata.h:1526
llvm::MemIntrinsic
This is the common base class for memset/memcpy/memmove.
Definition IntrinsicInst.h:1128
llvm::PassRegistry::getPassRegistry
static LLVM_ABI PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition PassRegistry.cpp:23
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition Analysis.h:112
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition Analysis.h:118
llvm::PreservedAnalyses::preserve
PreservedAnalyses & preserve()
Mark an analysis as preserved.
Definition Analysis.h:132
llvm::SCEV::getType
LLVM_ABI Type * getType() const
Return the LLVM type of this SCEV expression.
Definition ScalarEvolution.cpp:383
llvm::SafeStackPass::run
PreservedAnalyses run(Function &F, FunctionAnalysisManager &FAM)
Definition SafeStack.cpp:945
llvm::ScalarEvolutionAnalysis
Analysis pass that exposes the ScalarEvolution for a function.
Definition ScalarEvolution.h:2367
llvm::ScalarEvolution
The main scalar evolution driver.
Definition ScalarEvolution.h:448
llvm::ScalarEvolution::removePointerBase
LLVM_ABI const SCEV * removePointerBase(const SCEV *S)
Compute an expression equivalent to S - getPointerBase(S).
Definition ScalarEvolution.cpp:4659
llvm::ScalarEvolution::getTypeSizeInBits
LLVM_ABI uint64_t getTypeSizeInBits(Type *Ty) const
Return the size in bits of the specified type, for which isSCEVable must return true.
Definition ScalarEvolution.cpp:4488
llvm::ScalarEvolution::getSCEV
LLVM_ABI const SCEV * getSCEV(Value *V)
Return a SCEV expression for the full generality of the specified expression.
Definition ScalarEvolution.cpp:4587
llvm::ScalarEvolution::getSignedRange
ConstantRange getSignedRange(const SCEV *S)
Determine the signed range for a particular SCEV.
Definition ScalarEvolution.h:1039
llvm::ScalarEvolution::getUnsignedRange
ConstantRange getUnsignedRange(const SCEV *S)
Determine the unsigned range for a particular SCEV.
Definition ScalarEvolution.h:1023
llvm::ScalarEvolution::getPointerBase
LLVM_ABI const SCEV * getPointerBase(const SCEV *V)
Transitively follow the chain of pointer-type operands until reaching a SCEV that does not have a sin...
Definition ScalarEvolution.cpp:4857
llvm::SmallPtrSetImpl::insert
std::pair< iterator, bool > insert(PtrType Ptr)
Inserts Ptr if and only if there is no element in the container equal to Ptr.
Definition SmallPtrSet.h:389
llvm::SmallVectorImpl
This class consists of common code factored out of the SmallVector class to reduce code duplication b...
Definition SmallVector.h:574
llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition SmallVector.h:417
llvm::TargetLoweringBase
This base class for TargetLowering contains the SelectionDAG-independent parts that can be used from ...
Definition TargetLowering.h:198
llvm::TargetLoweringBase::getSafeStackPointerLocation
virtual Value * getSafeStackPointerLocation(IRBuilderBase &IRB) const
Returns the target-specific address of the unsafe stack pointer.
Definition TargetLoweringBase.cpp:2044
llvm::TargetLoweringBase::getIRStackGuard
virtual Value * getIRStackGuard(IRBuilderBase &IRB) const
If the target has a standard location for the stack protector guard, returns the address of that loca...
Definition TargetLoweringBase.cpp:2119
llvm::TargetLoweringBase::getLibcallName
const char * getLibcallName(RTLIB::Libcall Call) const
Get the libcall routine name for the specified libcall.
Definition TargetLowering.h:3622
llvm::TargetLoweringBase::insertSSPDeclarations
virtual void insertSSPDeclarations(Module &M) const
Inserts necessary declarations for SSP (stack protection) purpose.
Definition TargetLoweringBase.cpp:2136
llvm::TargetMachine::getSubtargetImpl
virtual const TargetSubtargetInfo * getSubtargetImpl(const Function &) const
Virtual method implemented by subclasses that returns a reference to that target's TargetSubtargetInf...
Definition TargetMachine.h:139
llvm::TargetPassConfig
Target-Independent Code Generator Pass Configuration Options.
Definition TargetPassConfig.h:84
llvm::TargetSubtargetInfo::getTargetLowering
virtual const TargetLowering * getTargetLowering() const
Definition TargetSubtargetInfo.h:103
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition Type.h:45
llvm::Use
A Use represents the edge between a Value definition and its users.
Definition Use.h:35
llvm::Value
LLVM Value Representation.
Definition Value.h:75
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition Value.h:256
llvm::Value::replaceAllUsesWith
LLVM_ABI void replaceAllUsesWith(Value *V)
Change all uses of this to point to a new Value.
Definition Value.cpp:546
llvm::Value::use_begin
use_iterator use_begin()
Definition Value.h:364
llvm::Value::use_empty
bool use_empty() const
Definition Value.h:346
llvm::Value::hasName
bool hasName() const
Definition Value.h:262
llvm::Value::getName
LLVM_ABI StringRef getName() const
Return a constant reference to the value's name.
Definition Value.cpp:322
llvm::Value::takeName
LLVM_ABI void takeName(Value *V)
Transfer the name from V to this value.
Definition Value.cpp:396
llvm::ilist_node_with_parent::getNextNode
NodeTy * getNextNode()
Get the next node, or nullptr for the list tail.
Definition ilist_node.h:348
uint64_t
Changed
Changed
Definition ObjCARCOpts.cpp:2369
llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Align
constexpr char Align[]
Key for Kernel::Arg::Metadata::mAlign.
Definition AMDGPUMetadata.h:183
llvm::CallingConv::ID
unsigned ID
LLVM IR allows to use arbitrary numbers as calling convention identifiers.
Definition CallingConv.h:24
llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition CallingConv.h:34
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition CommandLine.h:445
llvm::dxil::PointerTypeAnalysis::run
PointerTypeMap run(const Module &M)
Compute the PointerTypeMap for the module M.
Definition PointerTypeAnalysis.cpp:205
llvm::objcarc::ARCInstKind::User
@ User
could "use" a pointer
Definition ObjCARCInstKind.h:52
llvm::rdf::Use
NodeAddr< UseNode * > Use
Definition RDFGraph.h:385
llvm::sandboxir::Instruction
friend class Instruction
Iterator for Instructions in a `BasicBlock.
Definition BasicBlock.h:73
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition AddressRanges.h:18
llvm::Offset
@ Offset
Definition DWP.cpp:532
llvm::Value
FunctionAddr VTableAddr Value
Definition InstrProf.h:137
llvm::InlineFunction
LLVM_ABI InlineResult InlineFunction(CallBase &CB, InlineFunctionInfo &IFI, bool MergeAttributes=false, AAResults *CalleeAAR=nullptr, bool InsertLifetime=true, Function *ForwardVarArgsTo=nullptr, OptimizationRemarkEmitter *ORE=nullptr)
This function inlines the called function into the basic block of the caller.
Definition InlineFunction.cpp:3413
llvm::createSafeStackPass
LLVM_ABI FunctionPass * createSafeStackPass()
This pass splits the stack into a safe stack and an unsafe stack to protect against stack-based overf...
Definition SafeStack.cpp:990
llvm::dyn_cast
decltype(auto) dyn_cast(const From &Val)
dyn_cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:643
llvm::Int32Ty
FunctionAddr VTableAddr uintptr_t uintptr_t Int32Ty
Definition InstrProf.h:296
llvm::make_early_inc_range
iterator_range< early_inc_iterator_impl< detail::IterOfRange< RangeT > > > make_early_inc_range(RangeT &&Range)
Make a range that does early increment to allow mutation of the underlying range without disrupting i...
Definition STLExtras.h:632
llvm::isInlineViable
LLVM_ABI InlineResult isInlineViable(Function &Callee)
Check if it is mechanically possible to inline the function Callee, based on the contents of the func...
Definition InlineCost.cpp:3316
llvm::initializeSafeStackLegacyPassPass
LLVM_ABI void initializeSafeStackLegacyPassPass(PassRegistry &)
llvm::dbgs
LLVM_ABI raw_ostream & dbgs()
dbgs() - This returns a reference to a raw_ostream for debugging messages.
Definition Debug.cpp:207
llvm::report_fatal_error
LLVM_ABI void report_fatal_error(Error Err, bool gen_crash_diag=true)
Definition Error.cpp:167
llvm::SmallVector
class LLVM_GSL_OWNER SmallVector
Forward declaration of SmallVector so that calculateSmallVectorDefaultInlinedElements can reference s...
Definition SmallVector.h:1129
llvm::isa
bool isa(const From &Val)
isa<X> - Return true if the parameter to the template is an instance of one of the template type argu...
Definition Casting.h:547
llvm::Data
FunctionAddr VTableAddr uintptr_t uintptr_t Data
Definition InstrProf.h:189
llvm::IRBuilder
IRBuilder(LLVMContext &, FolderTy, InserterTy, MDNode *, ArrayRef< OperandBundleDef >) -> IRBuilder< FolderTy, InserterTy >
llvm::alignTo
uint64_t alignTo(uint64_t Size, Align A)
Returns a multiple of A needed to store Size bytes.
Definition Alignment.h:144
llvm::Op
DWARFExpression::Operation Op
Definition DWARFExpressionPrinter.cpp:22
llvm::replaceDbgValueForAlloca
LLVM_ABI void replaceDbgValueForAlloca(AllocaInst *AI, Value *NewAllocaAddress, DIBuilder &Builder, int Offset=0)
Replaces multiple dbg.value records when the alloca it describes is replaced with a new value.
Definition Local.cpp:1982
llvm::ArrayRef
ArrayRef(const T &OneElt) -> ArrayRef< T >
llvm::BitWidth
constexpr unsigned BitWidth
Definition BitmaskEnum.h:219
llvm::cast
decltype(auto) cast(const From &Val)
cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:559
llvm::SplitBlockAndInsertIfThen
LLVM_ABI Instruction * SplitBlockAndInsertIfThen(Value *Cond, BasicBlock::iterator SplitBefore, bool Unreachable, MDNode *BranchWeights=nullptr, DomTreeUpdater *DTU=nullptr, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition BasicBlockUtils.cpp:1559
llvm::FunctionAnalysisManager
AnalysisManager< Function > FunctionAnalysisManager
Convenience typedef for the Function analysis manager.
Definition PassManager.h:563
llvm::replaceDbgDeclare
LLVM_ABI bool replaceDbgDeclare(Value *Address, Value *NewAddress, DIBuilder &Builder, uint8_t DIExprFlags, int Offset)
Replaces dbg.declare record when the address it describes is replaced with a new value.
Definition Local.cpp:1942
raw_ostream.h
llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition Alignment.h:39
llvm::Align::value
constexpr uint64_t value() const
This is a hole in the type system and should not be abused.
Definition Alignment.h:77
llvm::Align::Constant
static constexpr Align Constant()
Allow constructions of constexpr Align.
Definition Alignment.h:88
Generated on for LLVM by doxygen 1.14.0