LLVM 22.0.0git
SafeStack.cpp
Go to the documentation of this file.
1//===- SafeStack.cpp - Safe Stack Insertion -------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This pass splits the stack into the safe stack (kept as-is for LLVM backend)
10// and the unsafe stack (explicitly allocated and managed through the runtime
11// support library).
12//
13// http://clang.llvm.org/docs/SafeStack.html
14//
15//===----------------------------------------------------------------------===//
16
17#include "llvm/CodeGen/SafeStack.h"
18#include "SafeStackLayout.h"
19#include "llvm/ADT/APInt.h"
20#include "llvm/ADT/ArrayRef.h"
21#include "llvm/ADT/SmallPtrSet.h"
22#include "llvm/ADT/SmallVector.h"
23#include "llvm/ADT/Statistic.h"
24#include "llvm/Analysis/AssumptionCache.h"
25#include "llvm/Analysis/BranchProbabilityInfo.h"
26#include "llvm/Analysis/DomTreeUpdater.h"
27#include "llvm/Analysis/InlineCost.h"
28#include "llvm/Analysis/LoopInfo.h"
29#include "llvm/Analysis/ScalarEvolution.h"
30#include "llvm/Analysis/ScalarEvolutionExpressions.h"
31#include "llvm/Analysis/StackLifetime.h"
32#include "llvm/Analysis/TargetLibraryInfo.h"
33#include "llvm/CodeGen/TargetLowering.h"
34#include "llvm/CodeGen/TargetPassConfig.h"
35#include "llvm/CodeGen/TargetSubtargetInfo.h"
36#include "llvm/IR/Argument.h"
37#include "llvm/IR/Attributes.h"
38#include "llvm/IR/ConstantRange.h"
39#include "llvm/IR/Constants.h"
40#include "llvm/IR/DIBuilder.h"
41#include "llvm/IR/DataLayout.h"
42#include "llvm/IR/DerivedTypes.h"
43#include "llvm/IR/Dominators.h"
44#include "llvm/IR/Function.h"
45#include "llvm/IR/IRBuilder.h"
46#include "llvm/IR/InstIterator.h"
47#include "llvm/IR/Instruction.h"
48#include "llvm/IR/Instructions.h"
49#include "llvm/IR/IntrinsicInst.h"
50#include "llvm/IR/Intrinsics.h"
51#include "llvm/IR/MDBuilder.h"
52#include "llvm/IR/Metadata.h"
53#include "llvm/IR/Module.h"
54#include "llvm/IR/Type.h"
55#include "llvm/IR/Use.h"
56#include "llvm/IR/Value.h"
57#include "llvm/InitializePasses.h"
58#include "llvm/Pass.h"
59#include "llvm/Support/Casting.h"
60#include "llvm/Support/Debug.h"
61#include "llvm/Support/ErrorHandling.h"
62#include "llvm/Support/raw_ostream.h"
63#include "llvm/Target/TargetMachine.h"
64#include "llvm/Transforms/Utils/BasicBlockUtils.h"
65#include "llvm/Transforms/Utils/Cloning.h"
66#include "llvm/Transforms/Utils/Local.h"
67#include <algorithm>
68#include <cassert>
69#include <cstdint>
70#include <optional>
71#include <string>
72#include <utility>
73
74using namespace llvm;
75using namespace llvm::safestack;
76
77#define DEBUG_TYPE "safe-stack"
78
79STATISTIC(NumFunctions, "Total number of functions");
80STATISTIC(NumUnsafeStackFunctions, "Number of functions with unsafe stack");
81STATISTIC(NumUnsafeStackRestorePointsFunctions,
82 "Number of functions that use setjmp or exceptions");
83
84STATISTIC(NumAllocas, "Total number of allocas");
85STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas");
86STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas");
87STATISTIC(NumUnsafeByValArguments, "Number of unsafe byval arguments");
88STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads");
89
90/// Use __safestack_pointer_address even if the platform has a faster way of
91/// access safe stack pointer.
92static cl::opt<bool>
93 SafeStackUsePointerAddress("safestack-use-pointer-address",
94 cl::init(false), cl::Hidden);
95
96static cl::opt<bool> ClColoring("safe-stack-coloring",
97 cl::desc("enable safe stack coloring"),
98 cl::Hidden, cl::init(true));
99
100namespace {
101
102/// The SafeStack pass splits the stack of each function into the safe
103/// stack, which is only accessed through memory safe dereferences (as
104/// determined statically), and the unsafe stack, which contains all
105/// local variables that are accessed in ways that we can't prove to
106/// be safe.
107class SafeStack {
108 Function &F;
109 const TargetLoweringBase &TL;
110 const DataLayout &DL;
111 DomTreeUpdater *DTU;
112 ScalarEvolution &SE;
113
114 Type *StackPtrTy;
115 Type *IntPtrTy;
116 Type *Int32Ty;
117
118 Value *UnsafeStackPtr = nullptr;
119
120 /// Unsafe stack alignment. Each stack frame must ensure that the stack is
121 /// aligned to this value. We need to re-align the unsafe stack if the
122 /// alignment of any object on the stack exceeds this value.
123 ///
124 /// 16 seems like a reasonable upper bound on the alignment of objects that we
125 /// might expect to appear on the stack on most common targets.
126 static constexpr Align StackAlignment = Align::Constant<16>();
127
128 /// Return the value of the stack canary.
129 Value *getStackGuard(IRBuilder<> &IRB, Function &F);
130
131 /// Load stack guard from the frame and check if it has changed.
132 void checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,
133 AllocaInst *StackGuardSlot, Value *StackGuard);
134
135 /// Find all static allocas, dynamic allocas, return instructions and
136 /// stack restore points (exception unwind blocks and setjmp calls) in the
137 /// given function and append them to the respective vectors.
138 void findInsts(Function &F, SmallVectorImpl<AllocaInst *> &StaticAllocas,
139 SmallVectorImpl<AllocaInst *> &DynamicAllocas,
140 SmallVectorImpl<Argument *> &ByValArguments,
141 SmallVectorImpl<Instruction *> &Returns,
142 SmallVectorImpl<Instruction *> &StackRestorePoints);
143
144 /// Calculate the allocation size of a given alloca. Returns 0 if the
145 /// size can not be statically determined.
146 uint64_t getStaticAllocaAllocationSize(const AllocaInst* AI);
147
148 /// Allocate space for all static allocas in \p StaticAllocas,
149 /// replace allocas with pointers into the unsafe stack.
150 ///
151 /// \returns A pointer to the top of the unsafe stack after all unsafe static
152 /// allocas are allocated.
153 Value *moveStaticAllocasToUnsafeStack(IRBuilder<> &IRB, Function &F,
154 ArrayRef<AllocaInst *> StaticAllocas,
155 ArrayRef<Argument *> ByValArguments,
156 Instruction *BasePointer,
157 AllocaInst *StackGuardSlot);
158
159 /// Generate code to restore the stack after all stack restore points
160 /// in \p StackRestorePoints.
161 ///
162 /// \returns A local variable in which to maintain the dynamic top of the
163 /// unsafe stack if needed.
164 AllocaInst *
165 createStackRestorePoints(IRBuilder<> &IRB, Function &F,
166 ArrayRef<Instruction *> StackRestorePoints,
167 Value *StaticTop, bool NeedDynamicTop);
168
169 /// Replace all allocas in \p DynamicAllocas with code to allocate
170 /// space dynamically on the unsafe stack and store the dynamic unsafe stack
171 /// top to \p DynamicTop if non-null.
172 void moveDynamicAllocasToUnsafeStack(Function &F, Value *UnsafeStackPtr,
173 AllocaInst *DynamicTop,
174 ArrayRef<AllocaInst *> DynamicAllocas);
175
176 bool IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize);
177
178 bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
179 const Value *AllocaPtr, uint64_t AllocaSize);
180 bool IsAccessSafe(Value *Addr, uint64_t Size, const Value *AllocaPtr,
181 uint64_t AllocaSize);
182
183 bool ShouldInlinePointerAddress(CallInst &CI);
184 void TryInlinePointerAddress();
185
186public:
187 SafeStack(Function &F, const TargetLoweringBase &TL, const DataLayout &DL,
188 DomTreeUpdater *DTU, ScalarEvolution &SE)
189 : F(F), TL(TL), DL(DL), DTU(DTU), SE(SE),
190 StackPtrTy(DL.getAllocaPtrType(F.getContext())),
191 IntPtrTy(DL.getIntPtrType(F.getContext())),
192 Int32Ty(Type::getInt32Ty(F.getContext())) {}
193
194 // Run the transformation on the associated function.
195 // Returns whether the function was changed.
196 bool run();
197};
198
199uint64_t SafeStack::getStaticAllocaAllocationSize(const AllocaInst* AI) {
200 uint64_t Size = DL.getTypeAllocSize(AI->getAllocatedType());
201 if (AI->isArrayAllocation()) {
202 auto C = dyn_cast<ConstantInt>(AI->getArraySize());
203 if (!C)
204 return 0;
205 Size *= C->getZExtValue();
206 }
207 return Size;
208}
209
210bool SafeStack::IsAccessSafe(Value *Addr, uint64_t AccessSize,
211 const Value *AllocaPtr, uint64_t AllocaSize) {
212 const SCEV *AddrExpr = SE.getSCEV(Addr);
213 const auto *Base = dyn_cast<SCEVUnknown>(SE.getPointerBase(AddrExpr));
214 if (!Base || Base->getValue() != AllocaPtr) {
215 LLVM_DEBUG(
216 dbgs() << "[SafeStack] "
217 << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")
218 << *AllocaPtr << "\n"
219 << "SCEV " << *AddrExpr << " not directly based on alloca\n");
220 return false;
221 }
222
223 const SCEV *Expr = SE.removePointerBase(AddrExpr);
224 uint64_t BitWidth = SE.getTypeSizeInBits(Expr->getType());
225 ConstantRange AccessStartRange = SE.getUnsignedRange(Expr);
226 ConstantRange SizeRange =
227 ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AccessSize));
228 ConstantRange AccessRange = AccessStartRange.add(SizeRange);
229 ConstantRange AllocaRange =
230 ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AllocaSize));
231 bool Safe = AllocaRange.contains(AccessRange);
232
233 LLVM_DEBUG(
234 dbgs() << "[SafeStack] "
235 << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")
236 << *AllocaPtr << "\n"
237 << " Access " << *Addr << "\n"
238 << " SCEV " << *Expr
239 << " U: " << SE.getUnsignedRange(Expr)
240 << ", S: " << SE.getSignedRange(Expr) << "\n"
241 << " Range " << AccessRange << "\n"
242 << " AllocaRange " << AllocaRange << "\n"
243 << " " << (Safe ? "safe" : "unsafe") << "\n");
244
245 return Safe;
246}
247
248bool SafeStack::IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,
249 const Value *AllocaPtr,
250 uint64_t AllocaSize) {
251 if (auto MTI = dyn_cast<MemTransferInst>(MI)) {
252 if (MTI->getRawSource() != U && MTI->getRawDest() != U)
253 return true;
254 } else {
255 if (MI->getRawDest() != U)
256 return true;
257 }
258
259 auto Len = MI->getLengthInBytes();
260 // Non-constant size => unsafe. FIXME: try SCEV getRange.
261 if (!Len) return false;
262 return IsAccessSafe(U, Len->getZExtValue(), AllocaPtr, AllocaSize);
263}
264
265/// Check whether a given allocation must be put on the safe
266/// stack or not. The function analyzes all uses of AI and checks whether it is
267/// only accessed in a memory safe way (as decided statically).
268bool SafeStack::IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize) {
269 // Go through all uses of this alloca and check whether all accesses to the
270 // allocated object are statically known to be memory safe and, hence, the
271 // object can be placed on the safe stack.
272 SmallPtrSet<const Value *, 16> Visited;
273 SmallVector<const Value *, 8> WorkList;
274 WorkList.push_back(AllocaPtr);
275
276 // A DFS search through all uses of the alloca in bitcasts/PHI/GEPs/etc.
277 while (!WorkList.empty()) {
278 const Value *V = WorkList.pop_back_val();
279 for (const Use &UI : V->uses()) {
280 auto I = cast<const Instruction>(UI.getUser());
281 assert(V == UI.get());
282
283 switch (I->getOpcode()) {
284 case Instruction::Load:
285 if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getType()), AllocaPtr,
286 AllocaSize))
287 return false;
288 break;
289
290 case Instruction::VAArg:
291 // "va-arg" from a pointer is safe.
292 break;
293 case Instruction::Store:
294 if (V == I->getOperand(0)) {
295 // Stored the pointer - conservatively assume it may be unsafe.
296 LLVM_DEBUG(dbgs()
297 << "[SafeStack] Unsafe alloca: " << *AllocaPtr
298 << "\n store of address: " << *I << "\n");
299 return false;
300 }
301
302 if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getOperand(0)->getType()),
303 AllocaPtr, AllocaSize))
304 return false;
305 break;
306
307 case Instruction::Ret:
308 // Information leak.
309 return false;
310
311 case Instruction::Call:
312 case Instruction::Invoke: {
313 const CallBase &CS = *cast<CallBase>(I);
314
315 if (I->isLifetimeStartOrEnd())
316 continue;
317
318 if (const MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {
319 if (!IsMemIntrinsicSafe(MI, UI, AllocaPtr, AllocaSize)) {
320 LLVM_DEBUG(dbgs()
321 << "[SafeStack] Unsafe alloca: " << *AllocaPtr
322 << "\n unsafe memintrinsic: " << *I << "\n");
323 return false;
324 }
325 continue;
326 }
327
328 // LLVM 'nocapture' attribute is only set for arguments whose address
329 // is not stored, passed around, or used in any other non-trivial way.
330 // We assume that passing a pointer to an object as a 'nocapture
331 // readnone' argument is safe.
332 // FIXME: a more precise solution would require an interprocedural
333 // analysis here, which would look at all uses of an argument inside
334 // the function being called.
335 auto B = CS.arg_begin(), E = CS.arg_end();
336 for (const auto *A = B; A != E; ++A)
337 if (A->get() == V)
338 if (!(CS.doesNotCapture(A - B) && (CS.doesNotAccessMemory(A - B) ||
339 CS.doesNotAccessMemory()))) {
340 LLVM_DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AllocaPtr
341 << "\n unsafe call: " << *I << "\n");
342 return false;
343 }
344 continue;
345 }
346
347 default:
348 if (Visited.insert(I).second)
349 WorkList.push_back(cast<const Instruction>(I));
350 }
351 }
352 }
353
354 // All uses of the alloca are safe, we can place it on the safe stack.
355 return true;
356}
357
358Value *SafeStack::getStackGuard(IRBuilder<> &IRB, Function &F) {
359 Value *StackGuardVar = TL.getIRStackGuard(IRB);
360 Module *M = F.getParent();
361
362 if (!StackGuardVar) {
363 TL.insertSSPDeclarations(*M);
364 return IRB.CreateIntrinsic(Intrinsic::stackguard, {});
365 }
366
367 return IRB.CreateLoad(StackPtrTy, StackGuardVar, "StackGuard");
368}
369
370void SafeStack::findInsts(Function &F,
371 SmallVectorImpl<AllocaInst *> &StaticAllocas,
372 SmallVectorImpl<AllocaInst *> &DynamicAllocas,
373 SmallVectorImpl<Argument *> &ByValArguments,
374 SmallVectorImpl<Instruction *> &Returns,
375 SmallVectorImpl<Instruction *> &StackRestorePoints) {
376 for (Instruction &I : instructions(&F)) {
377 if (auto AI = dyn_cast<AllocaInst>(&I)) {
378 ++NumAllocas;
379
380 uint64_t Size = getStaticAllocaAllocationSize(AI);
381 if (IsSafeStackAlloca(AI, Size))
382 continue;
383
384 if (AI->isStaticAlloca()) {
385 ++NumUnsafeStaticAllocas;
386 StaticAllocas.push_back(AI);
387 } else {
388 ++NumUnsafeDynamicAllocas;
389 DynamicAllocas.push_back(AI);
390 }
391 } else if (auto RI = dyn_cast<ReturnInst>(&I)) {
392 if (CallInst *CI = I.getParent()->getTerminatingMustTailCall())
393 Returns.push_back(CI);
394 else
395 Returns.push_back(RI);
396 } else if (auto CI = dyn_cast<CallInst>(&I)) {
397 // setjmps require stack restore.
398 if (CI->getCalledFunction() && CI->canReturnTwice())
399 StackRestorePoints.push_back(CI);
400 } else if (auto LP = dyn_cast<LandingPadInst>(&I)) {
401 // Exception landing pads require stack restore.
402 StackRestorePoints.push_back(LP);
403 } else if (auto II = dyn_cast<IntrinsicInst>(&I)) {
404 if (II->getIntrinsicID() == Intrinsic::gcroot)
405 report_fatal_error(
406 "gcroot intrinsic not compatible with safestack attribute");
407 }
408 }
409 for (Argument &Arg : F.args()) {
410 if (!Arg.hasByValAttr())
411 continue;
412 uint64_t Size = DL.getTypeStoreSize(Arg.getParamByValType());
413 if (IsSafeStackAlloca(&Arg, Size))
414 continue;
415
416 ++NumUnsafeByValArguments;
417 ByValArguments.push_back(&Arg);
418 }
419}
420
421AllocaInst *
422SafeStack::createStackRestorePoints(IRBuilder<> &IRB, Function &F,
423 ArrayRef<Instruction *> StackRestorePoints,
424 Value *StaticTop, bool NeedDynamicTop) {
425 assert(StaticTop && "The stack top isn't set.");
426
427 if (StackRestorePoints.empty())
428 return nullptr;
429
430 // We need the current value of the shadow stack pointer to restore
431 // after longjmp or exception catching.
432
433 // FIXME: On some platforms this could be handled by the longjmp/exception
434 // runtime itself.
435
436 AllocaInst *DynamicTop = nullptr;
437 if (NeedDynamicTop) {
438 // If we also have dynamic alloca's, the stack pointer value changes
439 // throughout the function. For now we store it in an alloca.
440 DynamicTop = IRB.CreateAlloca(StackPtrTy, /*ArraySize=*/nullptr,
441 "unsafe_stack_dynamic_ptr");
442 IRB.CreateStore(StaticTop, DynamicTop);
443 }
444
445 // Restore current stack pointer after longjmp/exception catch.
446 for (Instruction *I : StackRestorePoints) {
447 ++NumUnsafeStackRestorePoints;
448
449 IRB.SetInsertPoint(I->getNextNode());
450 Value *CurrentTop =
451 DynamicTop ? IRB.CreateLoad(StackPtrTy, DynamicTop) : StaticTop;
452 IRB.CreateStore(CurrentTop, UnsafeStackPtr);
453 }
454
455 return DynamicTop;
456}
457
458void SafeStack::checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,
459 AllocaInst *StackGuardSlot, Value *StackGuard) {
460 Value *V = IRB.CreateLoad(StackPtrTy, StackGuardSlot);
461 Value *Cmp = IRB.CreateICmpNE(StackGuard, V);
462
463 auto SuccessProb = BranchProbabilityInfo::getBranchProbStackProtector(true);
464 auto FailureProb = BranchProbabilityInfo::getBranchProbStackProtector(false);
465 MDNode *Weights = MDBuilder(F.getContext())
466 .createBranchWeights(SuccessProb.getNumerator(),
467 FailureProb.getNumerator());
468 Instruction *CheckTerm =
469 SplitBlockAndInsertIfThen(Cmp, &RI, /* Unreachable */ true, Weights, DTU);
470 IRBuilder<> IRBFail(CheckTerm);
471 // FIXME: respect -fsanitize-trap / -ftrap-function here?
472 const char *StackChkFailName =
473 TL.getLibcallName(RTLIB::STACKPROTECTOR_CHECK_FAIL);
474 if (!StackChkFailName) {
475 F.getContext().emitError(
476 "no libcall available for stackprotector check fail");
477 return;
478 }
479
480 FunctionCallee StackChkFail =
481 F.getParent()->getOrInsertFunction(StackChkFailName, IRB.getVoidTy());
482 IRBFail.CreateCall(StackChkFail, {});
483}
484
485/// We explicitly compute and set the unsafe stack layout for all unsafe
486/// static alloca instructions. We save the unsafe "base pointer" in the
487/// prologue into a local variable and restore it in the epilogue.
488Value *SafeStack::moveStaticAllocasToUnsafeStack(
489 IRBuilder<> &IRB, Function &F, ArrayRef<AllocaInst *> StaticAllocas,
490 ArrayRef<Argument *> ByValArguments, Instruction *BasePointer,
491 AllocaInst *StackGuardSlot) {
492 if (StaticAllocas.empty() && ByValArguments.empty())
493 return BasePointer;
494
495 DIBuilder DIB(*F.getParent());
496
497 StackLifetime SSC(F, StaticAllocas, StackLifetime::LivenessType::May);
498 static const StackLifetime::LiveRange NoColoringRange(1, true);
499 if (ClColoring)
500 SSC.run();
501
502 for (const auto *I : SSC.getMarkers()) {
503 auto *Op = dyn_cast<Instruction>(I->getOperand(1));
504 const_cast<IntrinsicInst *>(I)->eraseFromParent();
505 // Remove the operand bitcast, too, if it has no more uses left.
506 if (Op && Op->use_empty())
507 Op->eraseFromParent();
508 }
509
510 // Unsafe stack always grows down.
511 StackLayout SSL(StackAlignment);
512 if (StackGuardSlot) {
513 Type *Ty = StackGuardSlot->getAllocatedType();
514 Align Align = std::max(DL.getPrefTypeAlign(Ty), StackGuardSlot->getAlign());
515 SSL.addObject(StackGuardSlot, getStaticAllocaAllocationSize(StackGuardSlot),
516 Align, SSC.getFullLiveRange());
517 }
518
519 for (Argument *Arg : ByValArguments) {
520 Type *Ty = Arg->getParamByValType();
521 uint64_t Size = DL.getTypeStoreSize(Ty);
522 if (Size == 0)
523 Size = 1; // Don't create zero-sized stack objects.
524
525 // Ensure the object is properly aligned.
526 Align Align = DL.getPrefTypeAlign(Ty);
527 if (auto A = Arg->getParamAlign())
528 Align = std::max(Align, *A);
529 SSL.addObject(Arg, Size, Align, SSC.getFullLiveRange());
530 }
531
532 for (AllocaInst *AI : StaticAllocas) {
533 Type *Ty = AI->getAllocatedType();
534 uint64_t Size = getStaticAllocaAllocationSize(AI);
535 if (Size == 0)
536 Size = 1; // Don't create zero-sized stack objects.
537
538 // Ensure the object is properly aligned.
539 Align Align = std::max(DL.getPrefTypeAlign(Ty), AI->getAlign());
540
541 SSL.addObject(AI, Size, Align,
542 ClColoring ? SSC.getLiveRange(AI) : NoColoringRange);
543 }
544
545 SSL.computeLayout();
546 Align FrameAlignment = SSL.getFrameAlignment();
547
548 // FIXME: tell SSL that we start at a less-then-MaxAlignment aligned location
549 // (AlignmentSkew).
550 if (FrameAlignment > StackAlignment) {
551 // Re-align the base pointer according to the max requested alignment.
552 IRB.SetInsertPoint(BasePointer->getNextNode());
553 BasePointer = cast<Instruction>(IRB.CreateIntToPtr(
554 IRB.CreateAnd(
555 IRB.CreatePtrToInt(BasePointer, IntPtrTy),
556 ConstantInt::get(IntPtrTy, ~(FrameAlignment.value() - 1))),
557 StackPtrTy));
558 }
559
560 IRB.SetInsertPoint(BasePointer->getNextNode());
561
562 if (StackGuardSlot) {
563 unsigned Offset = SSL.getObjectOffset(StackGuardSlot);
564 Value *Off =
565 IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));
566 Value *NewAI =
567 IRB.CreateBitCast(Off, StackGuardSlot->getType(), "StackGuardSlot");
568
569 // Replace alloc with the new location.
570 StackGuardSlot->replaceAllUsesWith(NewAI);
571 StackGuardSlot->eraseFromParent();
572 }
573
574 for (Argument *Arg : ByValArguments) {
575 unsigned Offset = SSL.getObjectOffset(Arg);
576 MaybeAlign Align(SSL.getObjectAlignment(Arg));
577 Type *Ty = Arg->getParamByValType();
578
579 uint64_t Size = DL.getTypeStoreSize(Ty);
580 if (Size == 0)
581 Size = 1; // Don't create zero-sized stack objects.
582
583 Value *Off =
584 IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));
585 Value *NewArg = IRB.CreateBitCast(Off, Arg->getType(),
586 Arg->getName() + ".unsafe-byval");
587
588 // Replace alloc with the new location.
589 replaceDbgDeclare(Arg, BasePointer, DIB, DIExpression::ApplyOffset,
590 -Offset);
591 Arg->replaceAllUsesWith(NewArg);
592 IRB.SetInsertPoint(cast<Instruction>(NewArg)->getNextNode());
593 IRB.CreateMemCpy(Off, Align, Arg, Arg->getParamAlign(), Size);
594 }
595
596 // Allocate space for every unsafe static AllocaInst on the unsafe stack.
597 for (AllocaInst *AI : StaticAllocas) {
598 IRB.SetInsertPoint(AI);
599 unsigned Offset = SSL.getObjectOffset(AI);
600
601 replaceDbgDeclare(AI, BasePointer, DIB, DIExpression::ApplyOffset, -Offset);
602 replaceDbgValueForAlloca(AI, BasePointer, DIB, -Offset);
603
604 // Replace uses of the alloca with the new location.
605 // Insert address calculation close to each use to work around PR27844.
606 std::string Name = std::string(AI->getName()) + ".unsafe";
607 while (!AI->use_empty()) {
608 Use &U = *AI->use_begin();
609 Instruction *User = cast<Instruction>(U.getUser());
610
611 // Drop lifetime markers now that this is no longer an alloca.
612 // SafeStack has already performed its own stack coloring.
613 if (User->isLifetimeStartOrEnd()) {
614 User->eraseFromParent();
615 continue;
616 }
617
618 Instruction *InsertBefore;
619 if (auto *PHI = dyn_cast<PHINode>(User))
620 InsertBefore = PHI->getIncomingBlock(U)->getTerminator();
621 else
622 InsertBefore = User;
623
624 IRBuilder<> IRBUser(InsertBefore);
625 Value *Off =
626 IRBUser.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));
627 Value *Replacement =
628 IRBUser.CreateAddrSpaceCast(Off, AI->getType(), Name);
629
630 if (auto *PHI = dyn_cast<PHINode>(User))
631 // PHI nodes may have multiple incoming edges from the same BB (why??),
632 // all must be updated at once with the same incoming value.
633 PHI->setIncomingValueForBlock(PHI->getIncomingBlock(U), Replacement);
634 else
635 U.set(Replacement);
636 }
637
638 AI->eraseFromParent();
639 }
640
641 // Re-align BasePointer so that our callees would see it aligned as
642 // expected.
643 // FIXME: no need to update BasePointer in leaf functions.
644 unsigned FrameSize = alignTo(SSL.getFrameSize(), StackAlignment);
645
646 MDBuilder MDB(F.getContext());
647 SmallVector<Metadata *, 2> Data;
648 Data.push_back(MDB.createString("unsafe-stack-size"));
649 Data.push_back(MDB.createConstant(ConstantInt::get(Int32Ty, FrameSize)));
650 MDNode *MD = MDTuple::get(F.getContext(), Data);
651 F.setMetadata(LLVMContext::MD_annotation, MD);
652
653 // Update shadow stack pointer in the function epilogue.
654 IRB.SetInsertPoint(BasePointer->getNextNode());
655
656 Value *StaticTop =
657 IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -FrameSize),
658 "unsafe_stack_static_top");
659 IRB.CreateStore(StaticTop, UnsafeStackPtr);
660 return StaticTop;
661}
662
663void SafeStack::moveDynamicAllocasToUnsafeStack(
664 Function &F, Value *UnsafeStackPtr, AllocaInst *DynamicTop,
665 ArrayRef<AllocaInst *> DynamicAllocas) {
666 DIBuilder DIB(*F.getParent());
667
668 for (AllocaInst *AI : DynamicAllocas) {
669 IRBuilder<> IRB(AI);
670
671 // Compute the new SP value (after AI).
672 Value *ArraySize = AI->getArraySize();
673 if (ArraySize->getType() != IntPtrTy)
674 ArraySize = IRB.CreateIntCast(ArraySize, IntPtrTy, false);
675
676 Type *Ty = AI->getAllocatedType();
677 uint64_t TySize = DL.getTypeAllocSize(Ty);
678 Value *Size = IRB.CreateMul(ArraySize, ConstantInt::get(IntPtrTy, TySize));
679
680 Value *SP = IRB.CreatePtrToInt(IRB.CreateLoad(StackPtrTy, UnsafeStackPtr),
681 IntPtrTy);
682 SP = IRB.CreateSub(SP, Size);
683
684 // Align the SP value to satisfy the AllocaInst, type and stack alignments.
685 auto Align = std::max(std::max(DL.getPrefTypeAlign(Ty), AI->getAlign()),
686 StackAlignment);
687
688 Value *NewTop = IRB.CreateIntToPtr(
689 IRB.CreateAnd(SP,
690 ConstantInt::get(IntPtrTy, ~uint64_t(Align.value() - 1))),
691 StackPtrTy);
692
693 // Save the stack pointer.
694 IRB.CreateStore(NewTop, UnsafeStackPtr);
695 if (DynamicTop)
696 IRB.CreateStore(NewTop, DynamicTop);
697
698 Value *NewAI = IRB.CreatePointerCast(NewTop, AI->getType());
699 if (AI->hasName() && isa<Instruction>(NewAI))
700 NewAI->takeName(AI);
701
702 replaceDbgDeclare(AI, NewAI, DIB, DIExpression::ApplyOffset, 0);
703 AI->replaceAllUsesWith(NewAI);
704 AI->eraseFromParent();
705 }
706
707 if (!DynamicAllocas.empty()) {
708 // Now go through the instructions again, replacing stacksave/stackrestore.
709 for (Instruction &I : llvm::make_early_inc_range(instructions(&F))) {
710 auto *II = dyn_cast<IntrinsicInst>(&I);
711 if (!II)
712 continue;
713
714 if (II->getIntrinsicID() == Intrinsic::stacksave) {
715 IRBuilder<> IRB(II);
716 Instruction *LI = IRB.CreateLoad(StackPtrTy, UnsafeStackPtr);
717 LI->takeName(II);
718 II->replaceAllUsesWith(LI);
719 II->eraseFromParent();
720 } else if (II->getIntrinsicID() == Intrinsic::stackrestore) {
721 IRBuilder<> IRB(II);
722 Instruction *SI = IRB.CreateStore(II->getArgOperand(0), UnsafeStackPtr);
723 SI->takeName(II);
724 assert(II->use_empty());
725 II->eraseFromParent();
726 }
727 }
728 }
729}
730
731bool SafeStack::ShouldInlinePointerAddress(CallInst &CI) {
732 Function *Callee = CI.getCalledFunction();
733 if (CI.hasFnAttr(Attribute::AlwaysInline) &&
734 isInlineViable(*Callee).isSuccess())
735 return true;
736 if (Callee->isInterposable() || Callee->hasFnAttribute(Attribute::NoInline) ||
737 CI.isNoInline())
738 return false;
739 return true;
740}
741
742void SafeStack::TryInlinePointerAddress() {
743 auto *CI = dyn_cast<CallInst>(UnsafeStackPtr);
744 if (!CI)
745 return;
746
747 if(F.hasOptNone())
748 return;
749
750 Function *Callee = CI->getCalledFunction();
751 if (!Callee || Callee->isDeclaration())
752 return;
753
754 if (!ShouldInlinePointerAddress(*CI))
755 return;
756
757 InlineFunctionInfo IFI;
758 InlineFunction(*CI, IFI);
759}
760
761bool SafeStack::run() {
762 assert(F.hasFnAttribute(Attribute::SafeStack) &&
763 "Can't run SafeStack on a function without the attribute");
764 assert(!F.isDeclaration() && "Can't run SafeStack on a function declaration");
765
766 ++NumFunctions;
767
768 SmallVector<AllocaInst *, 16> StaticAllocas;
769 SmallVector<AllocaInst *, 4> DynamicAllocas;
770 SmallVector<Argument *, 4> ByValArguments;
771 SmallVector<Instruction *, 4> Returns;
772
773 // Collect all points where stack gets unwound and needs to be restored
774 // This is only necessary because the runtime (setjmp and unwind code) is
775 // not aware of the unsafe stack and won't unwind/restore it properly.
776 // To work around this problem without changing the runtime, we insert
777 // instrumentation to restore the unsafe stack pointer when necessary.
778 SmallVector<Instruction *, 4> StackRestorePoints;
779
780 // Find all static and dynamic alloca instructions that must be moved to the
781 // unsafe stack, all return instructions and stack restore points.
782 findInsts(F, StaticAllocas, DynamicAllocas, ByValArguments, Returns,
783 StackRestorePoints);
784
785 if (StaticAllocas.empty() && DynamicAllocas.empty() &&
786 ByValArguments.empty() && StackRestorePoints.empty())
787 return false; // Nothing to do in this function.
788
789 if (!StaticAllocas.empty() || !DynamicAllocas.empty() ||
790 !ByValArguments.empty())
791 ++NumUnsafeStackFunctions; // This function has the unsafe stack.
792
793 if (!StackRestorePoints.empty())
794 ++NumUnsafeStackRestorePointsFunctions;
795
796 IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt());
797 // Calls must always have a debug location, or else inlining breaks. So
798 // we explicitly set a artificial debug location here.
799 if (DISubprogram *SP = F.getSubprogram())
800 IRB.SetCurrentDebugLocation(
801 DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP));
802 if (SafeStackUsePointerAddress) {
803 const char *SafestackPointerAddressName =
804 TL.getLibcallName(RTLIB::SAFESTACK_POINTER_ADDRESS);
805 if (!SafestackPointerAddressName) {
806 F.getContext().emitError(
807 "no libcall available for safestack pointer address");
808 return false;
809 }
810
811 FunctionCallee Fn = F.getParent()->getOrInsertFunction(
812 SafestackPointerAddressName, IRB.getPtrTy(0));
813 UnsafeStackPtr = IRB.CreateCall(Fn);
814 } else {
815 UnsafeStackPtr = TL.getSafeStackPointerLocation(IRB);
816 }
817
818 // Load the current stack pointer (we'll also use it as a base pointer).
819 // FIXME: use a dedicated register for it ?
820 Instruction *BasePointer =
821 IRB.CreateLoad(StackPtrTy, UnsafeStackPtr, false, "unsafe_stack_ptr");
822 assert(BasePointer->getType() == StackPtrTy);
823
824 AllocaInst *StackGuardSlot = nullptr;
825 // FIXME: implement weaker forms of stack protector.
826 if (F.hasFnAttribute(Attribute::StackProtect) ||
827 F.hasFnAttribute(Attribute::StackProtectStrong) ||
828 F.hasFnAttribute(Attribute::StackProtectReq)) {
829 Value *StackGuard = getStackGuard(IRB, F);
830 StackGuardSlot = IRB.CreateAlloca(StackPtrTy, nullptr);
831 IRB.CreateStore(StackGuard, StackGuardSlot);
832
833 for (Instruction *RI : Returns) {
834 IRBuilder<> IRBRet(RI);
835 checkStackGuard(IRBRet, F, *RI, StackGuardSlot, StackGuard);
836 }
837 }
838
839 // The top of the unsafe stack after all unsafe static allocas are
840 // allocated.
841 Value *StaticTop = moveStaticAllocasToUnsafeStack(
842 IRB, F, StaticAllocas, ByValArguments, BasePointer, StackGuardSlot);
843
844 // Safe stack object that stores the current unsafe stack top. It is updated
845 // as unsafe dynamic (non-constant-sized) allocas are allocated and freed.
846 // This is only needed if we need to restore stack pointer after longjmp
847 // or exceptions, and we have dynamic allocations.
848 // FIXME: a better alternative might be to store the unsafe stack pointer
849 // before setjmp / invoke instructions.
850 AllocaInst *DynamicTop = createStackRestorePoints(
851 IRB, F, StackRestorePoints, StaticTop, !DynamicAllocas.empty());
852
853 // Handle dynamic allocas.
854 moveDynamicAllocasToUnsafeStack(F, UnsafeStackPtr, DynamicTop,
855 DynamicAllocas);
856
857 // Restore the unsafe stack pointer before each return.
858 for (Instruction *RI : Returns) {
859 IRB.SetInsertPoint(RI);
860 IRB.CreateStore(BasePointer, UnsafeStackPtr);
861 }
862
863 TryInlinePointerAddress();
864
865 LLVM_DEBUG(dbgs() << "[SafeStack] safestack applied\n");
866 return true;
867}
868
869class SafeStackLegacyPass : public FunctionPass {
870 const TargetMachine *TM = nullptr;
871
872public:
873 static char ID; // Pass identification, replacement for typeid..
874
875 SafeStackLegacyPass() : FunctionPass(ID) {
876 initializeSafeStackLegacyPassPass(*PassRegistry::getPassRegistry());
877 }
878
879 void getAnalysisUsage(AnalysisUsage &AU) const override {
880 AU.addRequired<TargetPassConfig>();
881 AU.addRequired<TargetLibraryInfoWrapperPass>();
882 AU.addRequired<AssumptionCacheTracker>();
883 AU.addPreserved<DominatorTreeWrapperPass>();
884 }
885
886 bool runOnFunction(Function &F) override {
887 LLVM_DEBUG(dbgs() << "[SafeStack] Function: " << F.getName() << "\n");
888
889 if (!F.hasFnAttribute(Attribute::SafeStack)) {
890 LLVM_DEBUG(dbgs() << "[SafeStack] safestack is not requested"
891 " for this function\n");
892 return false;
893 }
894
895 if (F.isDeclaration()) {
896 LLVM_DEBUG(dbgs() << "[SafeStack] function definition"
897 " is not available\n");
898 return false;
899 }
900
901 TM = &getAnalysis<TargetPassConfig>().getTM<TargetMachine>();
902 auto *TL = TM->getSubtargetImpl(F)->getTargetLowering();
903 if (!TL)
904 report_fatal_error("TargetLowering instance is required");
905
906 auto *DL = &F.getDataLayout();
907 auto &TLI = getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);
908 auto &ACT = getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);
909
910 // Compute DT and LI only for functions that have the attribute.
911 // This is only useful because the legacy pass manager doesn't let us
912 // compute analyzes lazily.
913
914 DominatorTree *DT;
915 bool ShouldPreserveDominatorTree;
916 std::optional<DominatorTree> LazilyComputedDomTree;
917
918 // Do we already have a DominatorTree available from the previous pass?
919 // Note that we should *NOT* require it, to avoid the case where we end up
920 // not needing it, but the legacy PM would have computed it for us anyways.
921 if (auto *DTWP = getAnalysisIfAvailable<DominatorTreeWrapperPass>()) {
922 DT = &DTWP->getDomTree();
923 ShouldPreserveDominatorTree = true;
924 } else {
925 // Otherwise, we need to compute it.
926 LazilyComputedDomTree.emplace(F);
927 DT = &*LazilyComputedDomTree;
928 ShouldPreserveDominatorTree = false;
929 }
930
931 // Likewise, lazily compute loop info.
932 LoopInfo LI(*DT);
933
934 DomTreeUpdater DTU(DT, DomTreeUpdater::UpdateStrategy::Lazy);
935
936 ScalarEvolution SE(F, TLI, ACT, *DT, LI);
937
938 return SafeStack(F, *TL, *DL, ShouldPreserveDominatorTree ? &DTU : nullptr,
939 SE)
940 .run();
941 }
942};
943
944} // end anonymous namespace
945
946PreservedAnalyses SafeStackPass::run(Function &F,
947 FunctionAnalysisManager &FAM) {
948 LLVM_DEBUG(dbgs() << "[SafeStack] Function: " << F.getName() << "\n");
949
950 if (!F.hasFnAttribute(Attribute::SafeStack)) {
951 LLVM_DEBUG(dbgs() << "[SafeStack] safestack is not requested"
952 " for this function\n");
953 return PreservedAnalyses::all();
954 }
955
956 if (F.isDeclaration()) {
957 LLVM_DEBUG(dbgs() << "[SafeStack] function definition"
958 " is not available\n");
959 return PreservedAnalyses::all();
960 }
961
962 auto *TL = TM->getSubtargetImpl(F)->getTargetLowering();
963 if (!TL)
964 report_fatal_error("TargetLowering instance is required");
965
966 auto &DL = F.getDataLayout();
967
968 // preserve DominatorTree
969 auto &DT = FAM.getResult<DominatorTreeAnalysis>(F);
970 auto &SE = FAM.getResult<ScalarEvolutionAnalysis>(F);
971 DomTreeUpdater DTU(DT, DomTreeUpdater::UpdateStrategy::Lazy);
972
973 bool Changed = SafeStack(F, *TL, DL, &DTU, SE).run();
974
975 if (!Changed)
976 return PreservedAnalyses::all();
977 PreservedAnalyses PA;
978 PA.preserve<DominatorTreeAnalysis>();
979 return PA;
980}
981
982char SafeStackLegacyPass::ID = 0;
983
984INITIALIZE_PASS_BEGIN(SafeStackLegacyPass, DEBUG_TYPE,
985 "Safe Stack instrumentation pass", false, false)
986INITIALIZE_PASS_DEPENDENCY(TargetPassConfig)
987INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)
988INITIALIZE_PASS_END(SafeStackLegacyPass, DEBUG_TYPE,
989 "Safe Stack instrumentation pass", false, false)
990
991FunctionPass *llvm::createSafeStackPass() { return new SafeStackLegacyPass(); }
assert
assert(UImm &&(UImm !=~static_cast< T >(0)) &&"Invalid immediate!")
PHI
Rewrite undef for PHI
Definition AMDGPURewriteUndefForPHI.cpp:98
APInt.h
This file implements a class to represent arbitrary precision integral constant values and operations...
DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition ARMSLSHardening.cpp:73
getNextNode
VarLocInsertPt getNextNode(const DbgRecord *DVR)
Definition AssignmentTrackingAnalysis.cpp:1463
instructions
Expand Atomic instructions
Definition AtomicExpandPass.cpp:184
Attributes.h
This file contains the simple types necessary to represent the attributes associated with functions a...
A
static GCRegistry::Add< ErlangGC > A("erlang", "erlang-compatible garbage collector")
E
static GCRegistry::Add< CoreCLRGC > E("coreclr", "CoreCLR-compatible GC")
B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")
Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...
runOnFunction
static bool runOnFunction(Function &F, bool PostInlining)
Definition EntryExitInstrumenter.cpp:103
DEBUG_TYPE
#define DEBUG_TYPE
Definition GenericCycleImpl.h:31
MI
IRTranslator LLVM IR MI
Definition IRTranslator.cpp:110
Module.h
Module.h This file contains the declarations for the Module class.
Use.h
This defines the Use class.
F
#define F(x, y, z)
Definition MD5.cpp:55
I
#define I(x, y, z)
Definition MD5.cpp:58
Module
Machine Check Debug Module
Definition MachineCheckDebugify.cpp:124
Metadata.h
This file contains the declarations for metadata subclasses.
II
uint64_t IntrinsicInst * II
Definition NVVMIntrRange.cpp:46
FAM
FunctionAnalysisManager FAM
Definition PassBuilderBindings.cpp:61
INITIALIZE_PASS_DEPENDENCY
#define INITIALIZE_PASS_DEPENDENCY(depName)
Definition PassSupport.h:42
INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition PassSupport.h:44
INITIALIZE_PASS_BEGIN
#define INITIALIZE_PASS_BEGIN(passName, arg, name, cfg, analysis)
Definition PassSupport.h:39
SafeStackUsePointerAddress
static cl::opt< bool > SafeStackUsePointerAddress("safestack-use-pointer-address", cl::init(false), cl::Hidden)
Use __safestack_pointer_address even if the platform has a faster way of access safe stack pointer.
ClColoring
static cl::opt< bool > ClColoring("safe-stack-coloring", cl::desc("enable safe stack coloring"), cl::Hidden, cl::init(true))
SmallPtrSet.h
This file defines the SmallPtrSet class.
SmallVector.h
This file defines the SmallVector class.
getStackGuard
static Value * getStackGuard(const TargetLoweringBase *TLI, Module *M, IRBuilder<> &B, bool *SupportsSelectionDAGSP=nullptr)
Create a stack guard loading and populate whether SelectionDAG SSP is supported.
Definition StackProtector.cpp:523
Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...
STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition Statistic.h:171
LLVM_DEBUG
#define LLVM_DEBUG(...)
Definition Debug.h:114
TargetLowering.h
This file describes how to lower LLVM code to machine code.
TargetPassConfig.h
Target-Independent Code Generator Pass Configuration Options pass.
llvm::AllocaInst
an instruction to allocate memory on the stack
Definition Instructions.h:65
llvm::AllocaInst::isStaticAlloca
LLVM_ABI bool isStaticAlloca() const
Return true if this alloca is in the entry block of the function and is a constant size.
Definition Instructions.cpp:1303
llvm::AllocaInst::getAlign
Align getAlign() const
Return the alignment of the memory that is being allocated by the instruction.
Definition Instructions.h:129
llvm::AllocaInst::getType
PointerType * getType() const
Overload to return most specific pointer type.
Definition Instructions.h:102
llvm::AllocaInst::getAllocatedType
Type * getAllocatedType() const
Return the type that is being allocated by the instruction.
Definition Instructions.h:122
llvm::AllocaInst::isArrayAllocation
LLVM_ABI bool isArrayAllocation() const
Return true if there is an allocation size parameter to the allocation instruction that is not 1.
Definition Instructions.cpp:1294
llvm::AllocaInst::getArraySize
const Value * getArraySize() const
Get the number of elements allocated.
Definition Instructions.h:98
llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition PassAnalysisSupport.h:76
llvm::AnalysisUsage::addPreserved
AnalysisUsage & addPreserved()
Add the specified Pass class to the set of analyses preserved by this pass.
Definition PassAnalysisSupport.h:99
llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition ArrayRef.h:41
llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition ArrayRef.h:138
llvm::BranchProbabilityInfo::getBranchProbStackProtector
static BranchProbability getBranchProbStackProtector(bool IsLikely)
Definition BranchProbabilityInfo.h:204
llvm::CallBase::doesNotCapture
bool doesNotCapture(unsigned OpNo) const
Determine whether this data operand is not captured.
Definition InstrTypes.h:1697
llvm::CallBase::getCalledFunction
Function * getCalledFunction() const
Returns the function called, or null if this is an indirect function invocation or the function signa...
Definition InstrTypes.h:1346
llvm::CallBase::doesNotAccessMemory
bool doesNotAccessMemory(unsigned OpNo) const
Definition InstrTypes.h:1743
llvm::CallBase::hasFnAttr
bool hasFnAttr(Attribute::AttrKind Kind) const
Determine whether this call has the given attribute.
Definition InstrTypes.h:1456
llvm::CallBase::arg_begin
User::op_iterator arg_begin()
Return the iterator pointing to the beginning of the argument list.
Definition InstrTypes.h:1265
llvm::CallBase::isNoInline
bool isNoInline() const
Return true if the call should not be inlined.
Definition InstrTypes.h:1912
llvm::CallBase::arg_end
User::op_iterator arg_end()
Return the iterator pointing to the end of the argument list.
Definition InstrTypes.h:1271
llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition Instructions.h:1511
llvm::ConstantRange::add
LLVM_ABI ConstantRange add(const ConstantRange &Other) const
Return a new range representing the possible values resulting from an addition of a value in this ran...
Definition ConstantRange.cpp:1097
llvm::ConstantRange::contains
LLVM_ABI bool contains(const APInt &Val) const
Return true if the specified value is in the set.
Definition ConstantRange.cpp:517
llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition DataLayout.h:63
llvm::DominatorTreeAnalysis
Analysis pass which computes a DominatorTree.
Definition Dominators.h:284
llvm::DominatorTreeWrapperPass
Legacy analysis pass which computes a DominatorTree.
Definition Dominators.h:322
llvm::FunctionPass
FunctionPass class - This class is used to implement most global optimizations.
Definition Pass.h:314
llvm::IRBuilderBase::CreateAlloca
AllocaInst * CreateAlloca(Type *Ty, unsigned AddrSpace, Value *ArraySize=nullptr, const Twine &Name="")
Definition IRBuilder.h:1833
llvm::IRBuilderBase::CreateMemCpy
CallInst * CreateMemCpy(Value *Dst, MaybeAlign DstAlign, Value *Src, MaybeAlign SrcAlign, uint64_t Size, bool isVolatile=false, const AAMDNodes &AAInfo=AAMDNodes())
Create and insert a memcpy between the specified pointers.
Definition IRBuilder.h:687
llvm::IRBuilderBase::CreatePointerCast
Value * CreatePointerCast(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2254
llvm::IRBuilderBase::CreateIntToPtr
Value * CreateIntToPtr(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2202
llvm::IRBuilderBase::CreatePtrAdd
Value * CreatePtrAdd(Value *Ptr, Value *Offset, const Twine &Name="", GEPNoWrapFlags NW=GEPNoWrapFlags::none())
Definition IRBuilder.h:2039
llvm::IRBuilderBase::SetCurrentDebugLocation
void SetCurrentDebugLocation(DebugLoc L)
Set location information used by debugging information.
Definition IRBuilder.h:247
llvm::IRBuilderBase::CreateICmpNE
Value * CreateICmpNE(Value *LHS, Value *RHS, const Twine &Name="")
Definition IRBuilder.h:2336
llvm::IRBuilderBase::CreateIntrinsic
LLVM_ABI CallInst * CreateIntrinsic(Intrinsic::ID ID, ArrayRef< Type * > Types, ArrayRef< Value * > Args, FMFSource FMFSource={}, const Twine &Name="")
Create a call to intrinsic ID with Args, mangled using Types.
Definition IRBuilder.cpp:845
llvm::IRBuilderBase::CreateSub
Value * CreateSub(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition IRBuilder.h:1420
llvm::IRBuilderBase::CreateBitCast
Value * CreateBitCast(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2207
llvm::IRBuilderBase::CreateLoad
LoadInst * CreateLoad(Type *Ty, Value *Ptr, const char *Name)
Provided to resolve 'CreateLoad(Ty, Ptr, "...")' correctly, instead of converting the string to 'bool...
Definition IRBuilder.h:1850
llvm::IRBuilderBase::CreateAnd
Value * CreateAnd(Value *LHS, Value *RHS, const Twine &Name="")
Definition IRBuilder.h:1551
llvm::IRBuilderBase::CreateStore
StoreInst * CreateStore(Value *Val, Value *Ptr, bool isVolatile=false)
Definition IRBuilder.h:1863
llvm::IRBuilderBase::CreatePtrToInt
Value * CreatePtrToInt(Value *V, Type *DestTy, const Twine &Name="")
Definition IRBuilder.h:2197
llvm::IRBuilderBase::CreateCall
CallInst * CreateCall(FunctionType *FTy, Value *Callee, ArrayRef< Value * > Args={}, const Twine &Name="", MDNode *FPMathTag=nullptr)
Definition IRBuilder.h:2511
llvm::IRBuilderBase::getPtrTy
PointerType * getPtrTy(unsigned AddrSpace=0)
Fetch the type representing a pointer.
Definition IRBuilder.h:605
llvm::IRBuilderBase::CreateIntCast
Value * CreateIntCast(Value *V, Type *DestTy, bool isSigned, const Twine &Name="")
Definition IRBuilder.h:2280
llvm::IRBuilderBase::SetInsertPoint
void SetInsertPoint(BasicBlock *TheBB)
This specifies that created instructions should be appended to the end of the specified block.
Definition IRBuilder.h:207
llvm::IRBuilderBase::getVoidTy
Type * getVoidTy()
Fetch the type representing void.
Definition IRBuilder.h:600
llvm::IRBuilderBase::CreateMul
Value * CreateMul(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition IRBuilder.h:1437
llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition IRBuilder.h:2788
llvm::InlineResult::isSuccess
bool isSuccess() const
Definition InlineCost.h:190
llvm::Instruction::eraseFromParent
LLVM_ABI InstListType::iterator eraseFromParent()
This method unlinks 'this' from the containing basic block and deletes it.
Definition Instruction.cpp:108
llvm::MDTuple::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition Metadata.h:1526
llvm::MemIntrinsic
This is the common base class for memset/memcpy/memmove.
Definition IntrinsicInst.h:1128
llvm::PassRegistry::getPassRegistry
static LLVM_ABI PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition PassRegistry.cpp:24
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition Analysis.h:112
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition Analysis.h:118
llvm::PreservedAnalyses::preserve
PreservedAnalyses & preserve()
Mark an analysis as preserved.
Definition Analysis.h:132
llvm::SCEV::getType
LLVM_ABI Type * getType() const
Return the LLVM type of this SCEV expression.
Definition ScalarEvolution.cpp:383
llvm::SafeStackPass::run
PreservedAnalyses run(Function &F, FunctionAnalysisManager &FAM)
Definition SafeStack.cpp:946
llvm::ScalarEvolutionAnalysis
Analysis pass that exposes the ScalarEvolution for a function.
Definition ScalarEvolution.h:2367
llvm::ScalarEvolution
The main scalar evolution driver.
Definition ScalarEvolution.h:448
llvm::ScalarEvolution::removePointerBase
LLVM_ABI const SCEV * removePointerBase(const SCEV *S)
Compute an expression equivalent to S - getPointerBase(S).
Definition ScalarEvolution.cpp:4659
llvm::ScalarEvolution::getTypeSizeInBits
LLVM_ABI uint64_t getTypeSizeInBits(Type *Ty) const
Return the size in bits of the specified type, for which isSCEVable must return true.
Definition ScalarEvolution.cpp:4488
llvm::ScalarEvolution::getSCEV
LLVM_ABI const SCEV * getSCEV(Value *V)
Return a SCEV expression for the full generality of the specified expression.
Definition ScalarEvolution.cpp:4587
llvm::ScalarEvolution::getSignedRange
ConstantRange getSignedRange(const SCEV *S)
Determine the signed range for a particular SCEV.
Definition ScalarEvolution.h:1039
llvm::ScalarEvolution::getUnsignedRange
ConstantRange getUnsignedRange(const SCEV *S)
Determine the unsigned range for a particular SCEV.
Definition ScalarEvolution.h:1023
llvm::ScalarEvolution::getPointerBase
LLVM_ABI const SCEV * getPointerBase(const SCEV *V)
Transitively follow the chain of pointer-type operands until reaching a SCEV that does not have a sin...
Definition ScalarEvolution.cpp:4857
llvm::SmallPtrSetImpl::insert
std::pair< iterator, bool > insert(PtrType Ptr)
Inserts Ptr if and only if there is no element in the container equal to Ptr.
Definition SmallPtrSet.h:389
llvm::SmallVectorImpl
This class consists of common code factored out of the SmallVector class to reduce code duplication b...
Definition SmallVector.h:574
llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition SmallVector.h:417
llvm::TargetLoweringBase
This base class for TargetLowering contains the SelectionDAG-independent parts that can be used from ...
Definition TargetLowering.h:199
llvm::TargetLoweringBase::getSafeStackPointerLocation
virtual Value * getSafeStackPointerLocation(IRBuilderBase &IRB) const
Returns the target-specific address of the unsafe stack pointer.
Definition TargetLoweringBase.cpp:1990
llvm::TargetLoweringBase::getIRStackGuard
virtual Value * getIRStackGuard(IRBuilderBase &IRB) const
If the target has a standard location for the stack protector guard, returns the address of that loca...
Definition TargetLoweringBase.cpp:2065
llvm::TargetLoweringBase::getLibcallName
const char * getLibcallName(RTLIB::Libcall Call) const
Get the libcall routine name for the specified libcall.
Definition TargetLowering.h:3615
llvm::TargetLoweringBase::insertSSPDeclarations
virtual void insertSSPDeclarations(Module &M) const
Inserts necessary declarations for SSP (stack protection) purpose.
Definition TargetLoweringBase.cpp:2080
llvm::TargetMachine::getSubtargetImpl
virtual const TargetSubtargetInfo * getSubtargetImpl(const Function &) const
Virtual method implemented by subclasses that returns a reference to that target's TargetSubtargetInf...
Definition TargetMachine.h:139
llvm::TargetPassConfig
Target-Independent Code Generator Pass Configuration Options.
Definition TargetPassConfig.h:84
llvm::TargetSubtargetInfo::getTargetLowering
virtual const TargetLowering * getTargetLowering() const
Definition TargetSubtargetInfo.h:103
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition Type.h:45
llvm::Use
A Use represents the edge between a Value definition and its users.
Definition Use.h:35
llvm::Value
LLVM Value Representation.
Definition Value.h:75
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition Value.h:256
llvm::Value::replaceAllUsesWith
LLVM_ABI void replaceAllUsesWith(Value *V)
Change all uses of this to point to a new Value.
Definition Value.cpp:546
llvm::Value::use_begin
use_iterator use_begin()
Definition Value.h:364
llvm::Value::use_empty
bool use_empty() const
Definition Value.h:346
llvm::Value::hasName
bool hasName() const
Definition Value.h:262
llvm::Value::getName
LLVM_ABI StringRef getName() const
Return a constant reference to the value's name.
Definition Value.cpp:322
llvm::Value::takeName
LLVM_ABI void takeName(Value *V)
Transfer the name from V to this value.
Definition Value.cpp:396
llvm::ilist_node_with_parent::getNextNode
NodeTy * getNextNode()
Get the next node, or nullptr for the list tail.
Definition ilist_node.h:348
uint64_t
Changed
Changed
Definition ObjCARCOpts.cpp:2369
llvm::AMDGPU::HSAMD::Kernel::Arg::Key::Align
constexpr char Align[]
Key for Kernel::Arg::Metadata::mAlign.
Definition AMDGPUMetadata.h:183
llvm::CallingConv::ID
unsigned ID
LLVM IR allows to use arbitrary numbers as calling convention identifiers.
Definition CallingConv.h:24
llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition CallingConv.h:34
llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition CommandLine.h:445
llvm::dxil::PointerTypeAnalysis::run
PointerTypeMap run(const Module &M)
Compute the PointerTypeMap for the module M.
Definition PointerTypeAnalysis.cpp:205
llvm::objcarc::ARCInstKind::User
@ User
could "use" a pointer
Definition ObjCARCInstKind.h:52
llvm::rdf::Use
NodeAddr< UseNode * > Use
Definition RDFGraph.h:385
llvm::sandboxir::Instruction
friend class Instruction
Iterator for Instructions in a `BasicBlock.
Definition BasicBlock.h:73
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition AddressRanges.h:18
llvm::Offset
@ Offset
Definition DWP.cpp:477
llvm::Value
FunctionAddr VTableAddr Value
Definition InstrProf.h:137
llvm::InlineFunction
LLVM_ABI InlineResult InlineFunction(CallBase &CB, InlineFunctionInfo &IFI, bool MergeAttributes=false, AAResults *CalleeAAR=nullptr, bool InsertLifetime=true, Function *ForwardVarArgsTo=nullptr, OptimizationRemarkEmitter *ORE=nullptr)
This function inlines the called function into the basic block of the caller.
Definition InlineFunction.cpp:3413
llvm::createSafeStackPass
LLVM_ABI FunctionPass * createSafeStackPass()
This pass splits the stack into a safe stack and an unsafe stack to protect against stack-based overf...
Definition SafeStack.cpp:991
llvm::dyn_cast
decltype(auto) dyn_cast(const From &Val)
dyn_cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:643
llvm::Int32Ty
FunctionAddr VTableAddr uintptr_t uintptr_t Int32Ty
Definition InstrProf.h:296
llvm::make_early_inc_range
iterator_range< early_inc_iterator_impl< detail::IterOfRange< RangeT > > > make_early_inc_range(RangeT &&Range)
Make a range that does early increment to allow mutation of the underlying range without disrupting i...
Definition STLExtras.h:632
llvm::isInlineViable
LLVM_ABI InlineResult isInlineViable(Function &Callee)
Check if it is mechanically possible to inline the function Callee, based on the contents of the func...
Definition InlineCost.cpp:3316
llvm::initializeSafeStackLegacyPassPass
LLVM_ABI void initializeSafeStackLegacyPassPass(PassRegistry &)
llvm::dbgs
LLVM_ABI raw_ostream & dbgs()
dbgs() - This returns a reference to a raw_ostream for debugging messages.
Definition Debug.cpp:207
llvm::report_fatal_error
LLVM_ABI void report_fatal_error(Error Err, bool gen_crash_diag=true)
Definition Error.cpp:167
llvm::SmallVector
class LLVM_GSL_OWNER SmallVector
Forward declaration of SmallVector so that calculateSmallVectorDefaultInlinedElements can reference s...
Definition SmallVector.h:1129
llvm::isa
bool isa(const From &Val)
isa<X> - Return true if the parameter to the template is an instance of one of the template type argu...
Definition Casting.h:547
llvm::Data
FunctionAddr VTableAddr uintptr_t uintptr_t Data
Definition InstrProf.h:189
llvm::IRBuilder
IRBuilder(LLVMContext &, FolderTy, InserterTy, MDNode *, ArrayRef< OperandBundleDef >) -> IRBuilder< FolderTy, InserterTy >
llvm::alignTo
uint64_t alignTo(uint64_t Size, Align A)
Returns a multiple of A needed to store Size bytes.
Definition Alignment.h:144
llvm::Op
DWARFExpression::Operation Op
Definition DWARFExpressionPrinter.cpp:22
llvm::replaceDbgValueForAlloca
LLVM_ABI void replaceDbgValueForAlloca(AllocaInst *AI, Value *NewAllocaAddress, DIBuilder &Builder, int Offset=0)
Replaces multiple dbg.value records when the alloca it describes is replaced with a new value.
Definition Local.cpp:1982
llvm::ArrayRef
ArrayRef(const T &OneElt) -> ArrayRef< T >
llvm::BitWidth
constexpr unsigned BitWidth
Definition BitmaskEnum.h:220
llvm::cast
decltype(auto) cast(const From &Val)
cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:559
llvm::SplitBlockAndInsertIfThen
LLVM_ABI Instruction * SplitBlockAndInsertIfThen(Value *Cond, BasicBlock::iterator SplitBefore, bool Unreachable, MDNode *BranchWeights=nullptr, DomTreeUpdater *DTU=nullptr, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition BasicBlockUtils.cpp:1559
llvm::FunctionAnalysisManager
AnalysisManager< Function > FunctionAnalysisManager
Convenience typedef for the Function analysis manager.
Definition PassManager.h:564
llvm::replaceDbgDeclare
LLVM_ABI bool replaceDbgDeclare(Value *Address, Value *NewAddress, DIBuilder &Builder, uint8_t DIExprFlags, int Offset)
Replaces dbg.declare record when the address it describes is replaced with a new value.
Definition Local.cpp:1942
raw_ostream.h
llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition Alignment.h:39
llvm::Align::value
constexpr uint64_t value() const
This is a hole in the type system and should not be abused.
Definition Alignment.h:77
llvm::Align::Constant
static constexpr Align Constant()
Allow constructions of constexpr Align.
Definition Alignment.h:88
Generated on for LLVM by doxygen 1.14.0