1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86MCTargetDesc.h" 15 #include "bolt/Core/MCPlusBuilder.h" 16 #include "llvm/MC/MCContext.h" 17 #include "llvm/MC/MCFixupKindInfo.h" 18 #include "llvm/MC/MCInstBuilder.h" 19 #include "llvm/MC/MCInstrInfo.h" 20 #include "llvm/MC/MCRegisterInfo.h" 21 #include "llvm/Support/DataExtractor.h" 22 #include "llvm/Support/Debug.h" 23 #include "llvm/Support/Errc.h" 24 #include "llvm/Support/ErrorHandling.h" 25 #include "llvm/Support/ErrorOr.h" 26 #include <set> 27 28 #define DEBUG_TYPE "mcplus" 29 30 using namespace llvm; 31 using namespace bolt; 32 33 namespace { 34 35 unsigned getShortBranchOpcode(unsigned Opcode) { 36 switch (Opcode) { 37 default: 38 return Opcode; 39 case X86::JMP_2: return X86::JMP_1; 40 case X86::JMP_4: return X86::JMP_1; 41 case X86::JCC_2: return X86::JCC_1; 42 case X86::JCC_4: return X86::JCC_1; 43 } 44 } 45 46 unsigned getShortArithOpcode(unsigned Opcode) { 47 switch (Opcode) { 48 default: 49 return Opcode; 50 51 // IMUL 52 case X86::IMUL16rri: return X86::IMUL16rri8; 53 case X86::IMUL16rmi: return X86::IMUL16rmi8; 54 case X86::IMUL32rri: return X86::IMUL32rri8; 55 case X86::IMUL32rmi: return X86::IMUL32rmi8; 56 case X86::IMUL64rri32: return X86::IMUL64rri8; 57 case X86::IMUL64rmi32: return X86::IMUL64rmi8; 58 59 // OR 60 case X86::OR16ri: return X86::OR16ri8; 61 case X86::OR16mi: return X86::OR16mi8; 62 case X86::OR32ri: return X86::OR32ri8; 63 case X86::OR32mi: return X86::OR32mi8; 64 case X86::OR64ri32: return X86::OR64ri8; 65 case X86::OR64mi32: return X86::OR64mi8; 66 67 // AND 68 case X86::AND16ri: return X86::AND16ri8; 69 case X86::AND16mi: return X86::AND16mi8; 70 case X86::AND32ri: return X86::AND32ri8; 71 case X86::AND32mi: return X86::AND32mi8; 72 case X86::AND64ri32: return X86::AND64ri8; 73 case X86::AND64mi32: return X86::AND64mi8; 74 75 // XOR 76 case X86::XOR16ri: return X86::XOR16ri8; 77 case X86::XOR16mi: return X86::XOR16mi8; 78 case X86::XOR32ri: return X86::XOR32ri8; 79 case X86::XOR32mi: return X86::XOR32mi8; 80 case X86::XOR64ri32: return X86::XOR64ri8; 81 case X86::XOR64mi32: return X86::XOR64mi8; 82 83 // ADD 84 case X86::ADD16ri: return X86::ADD16ri8; 85 case X86::ADD16mi: return X86::ADD16mi8; 86 case X86::ADD32ri: return X86::ADD32ri8; 87 case X86::ADD32mi: return X86::ADD32mi8; 88 case X86::ADD64ri32: return X86::ADD64ri8; 89 case X86::ADD64mi32: return X86::ADD64mi8; 90 91 // SUB 92 case X86::SUB16ri: return X86::SUB16ri8; 93 case X86::SUB16mi: return X86::SUB16mi8; 94 case X86::SUB32ri: return X86::SUB32ri8; 95 case X86::SUB32mi: return X86::SUB32mi8; 96 case X86::SUB64ri32: return X86::SUB64ri8; 97 case X86::SUB64mi32: return X86::SUB64mi8; 98 99 // CMP 100 case X86::CMP16ri: return X86::CMP16ri8; 101 case X86::CMP16mi: return X86::CMP16mi8; 102 case X86::CMP32ri: return X86::CMP32ri8; 103 case X86::CMP32mi: return X86::CMP32mi8; 104 case X86::CMP64ri32: return X86::CMP64ri8; 105 case X86::CMP64mi32: return X86::CMP64mi8; 106 107 // PUSH 108 case X86::PUSHi32: return X86::PUSH32i8; 109 case X86::PUSHi16: return X86::PUSH16i8; 110 case X86::PUSH64i32: return X86::PUSH64i8; 111 } 112 } 113 114 bool isADD(unsigned Opcode) { 115 switch (Opcode) { 116 default: 117 return false; 118 case X86::ADD16i16: 119 case X86::ADD16mi: 120 case X86::ADD16mi8: 121 case X86::ADD16mr: 122 case X86::ADD16ri: 123 case X86::ADD16ri8: 124 case X86::ADD16ri8_DB: 125 case X86::ADD16ri_DB: 126 case X86::ADD16rm: 127 case X86::ADD16rr: 128 case X86::ADD16rr_DB: 129 case X86::ADD16rr_REV: 130 case X86::ADD32i32: 131 case X86::ADD32mi: 132 case X86::ADD32mi8: 133 case X86::ADD32mr: 134 case X86::ADD32ri: 135 case X86::ADD32ri8: 136 case X86::ADD32ri8_DB: 137 case X86::ADD32ri_DB: 138 case X86::ADD32rm: 139 case X86::ADD32rr: 140 case X86::ADD32rr_DB: 141 case X86::ADD32rr_REV: 142 case X86::ADD64i32: 143 case X86::ADD64mi32: 144 case X86::ADD64mi8: 145 case X86::ADD64mr: 146 case X86::ADD64ri32: 147 case X86::ADD64ri32_DB: 148 case X86::ADD64ri8: 149 case X86::ADD64ri8_DB: 150 case X86::ADD64rm: 151 case X86::ADD64rr: 152 case X86::ADD64rr_DB: 153 case X86::ADD64rr_REV: 154 case X86::ADD8i8: 155 case X86::ADD8mi: 156 case X86::ADD8mi8: 157 case X86::ADD8mr: 158 case X86::ADD8ri: 159 case X86::ADD8ri8: 160 case X86::ADD8rm: 161 case X86::ADD8rr: 162 case X86::ADD8rr_REV: 163 return true; 164 } 165 } 166 167 bool isAND(unsigned Opcode) { 168 switch (Opcode) { 169 default: 170 return false; 171 case X86::AND16i16: 172 case X86::AND16mi: 173 case X86::AND16mi8: 174 case X86::AND16mr: 175 case X86::AND16ri: 176 case X86::AND16ri8: 177 case X86::AND16rm: 178 case X86::AND16rr: 179 case X86::AND16rr_REV: 180 case X86::AND32i32: 181 case X86::AND32mi: 182 case X86::AND32mi8: 183 case X86::AND32mr: 184 case X86::AND32ri: 185 case X86::AND32ri8: 186 case X86::AND32rm: 187 case X86::AND32rr: 188 case X86::AND32rr_REV: 189 case X86::AND64i32: 190 case X86::AND64mi32: 191 case X86::AND64mi8: 192 case X86::AND64mr: 193 case X86::AND64ri32: 194 case X86::AND64ri8: 195 case X86::AND64rm: 196 case X86::AND64rr: 197 case X86::AND64rr_REV: 198 case X86::AND8i8: 199 case X86::AND8mi: 200 case X86::AND8mi8: 201 case X86::AND8mr: 202 case X86::AND8ri: 203 case X86::AND8ri8: 204 case X86::AND8rm: 205 case X86::AND8rr: 206 case X86::AND8rr_REV: 207 return true; 208 } 209 } 210 211 bool isCMP(unsigned Opcode) { 212 switch (Opcode) { 213 default: 214 return false; 215 case X86::CMP16i16: 216 case X86::CMP16mi: 217 case X86::CMP16mi8: 218 case X86::CMP16mr: 219 case X86::CMP16ri: 220 case X86::CMP16ri8: 221 case X86::CMP16rm: 222 case X86::CMP16rr: 223 case X86::CMP16rr_REV: 224 case X86::CMP32i32: 225 case X86::CMP32mi: 226 case X86::CMP32mi8: 227 case X86::CMP32mr: 228 case X86::CMP32ri: 229 case X86::CMP32ri8: 230 case X86::CMP32rm: 231 case X86::CMP32rr: 232 case X86::CMP32rr_REV: 233 case X86::CMP64i32: 234 case X86::CMP64mi32: 235 case X86::CMP64mi8: 236 case X86::CMP64mr: 237 case X86::CMP64ri32: 238 case X86::CMP64ri8: 239 case X86::CMP64rm: 240 case X86::CMP64rr: 241 case X86::CMP64rr_REV: 242 case X86::CMP8i8: 243 case X86::CMP8mi: 244 case X86::CMP8mi8: 245 case X86::CMP8mr: 246 case X86::CMP8ri: 247 case X86::CMP8ri8: 248 case X86::CMP8rm: 249 case X86::CMP8rr: 250 case X86::CMP8rr_REV: 251 return true; 252 } 253 } 254 255 bool isSUB(unsigned Opcode) { 256 switch (Opcode) { 257 default: 258 return false; 259 case X86::SUB16i16: 260 case X86::SUB16mi: 261 case X86::SUB16mi8: 262 case X86::SUB16mr: 263 case X86::SUB16ri: 264 case X86::SUB16ri8: 265 case X86::SUB16rm: 266 case X86::SUB16rr: 267 case X86::SUB16rr_REV: 268 case X86::SUB32i32: 269 case X86::SUB32mi: 270 case X86::SUB32mi8: 271 case X86::SUB32mr: 272 case X86::SUB32ri: 273 case X86::SUB32ri8: 274 case X86::SUB32rm: 275 case X86::SUB32rr: 276 case X86::SUB32rr_REV: 277 case X86::SUB64i32: 278 case X86::SUB64mi32: 279 case X86::SUB64mi8: 280 case X86::SUB64mr: 281 case X86::SUB64ri32: 282 case X86::SUB64ri8: 283 case X86::SUB64rm: 284 case X86::SUB64rr: 285 case X86::SUB64rr_REV: 286 case X86::SUB8i8: 287 case X86::SUB8mi: 288 case X86::SUB8mi8: 289 case X86::SUB8mr: 290 case X86::SUB8ri: 291 case X86::SUB8ri8: 292 case X86::SUB8rm: 293 case X86::SUB8rr: 294 case X86::SUB8rr_REV: 295 return true; 296 } 297 } 298 299 bool isTEST(unsigned Opcode) { 300 switch (Opcode) { 301 default: 302 return false; 303 case X86::TEST16i16: 304 case X86::TEST16mi: 305 case X86::TEST16mr: 306 case X86::TEST16ri: 307 case X86::TEST16rr: 308 case X86::TEST32i32: 309 case X86::TEST32mi: 310 case X86::TEST32mr: 311 case X86::TEST32ri: 312 case X86::TEST32rr: 313 case X86::TEST64i32: 314 case X86::TEST64mi32: 315 case X86::TEST64mr: 316 case X86::TEST64ri32: 317 case X86::TEST64rr: 318 case X86::TEST8i8: 319 case X86::TEST8mi: 320 case X86::TEST8mr: 321 case X86::TEST8ri: 322 case X86::TEST8rr: 323 return true; 324 } 325 } 326 327 class X86MCPlusBuilder : public MCPlusBuilder { 328 public: 329 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 330 const MCRegisterInfo *RegInfo) 331 : MCPlusBuilder(Analysis, Info, RegInfo) {} 332 333 bool isBranch(const MCInst &Inst) const override { 334 return Analysis->isBranch(Inst) && !isTailCall(Inst); 335 } 336 337 bool isUnconditionalBranch(const MCInst &Inst) const override { 338 return Analysis->isUnconditionalBranch(Inst) && !isTailCall(Inst); 339 } 340 341 bool isNoop(const MCInst &Inst) const override { 342 switch (Inst.getOpcode()) { 343 case X86::NOOP: 344 case X86::NOOPL: 345 case X86::NOOPLr: 346 case X86::NOOPQ: 347 case X86::NOOPQr: 348 case X86::NOOPW: 349 case X86::NOOPWr: 350 return true; 351 } 352 return false; 353 } 354 355 unsigned getCondCode(const MCInst &Inst) const override { 356 switch (Inst.getOpcode()) { 357 default: 358 return X86::COND_INVALID; 359 case X86::JCC_1: 360 case X86::JCC_2: 361 case X86::JCC_4: 362 return Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1) 363 .getImm(); 364 } 365 } 366 367 unsigned getInvertedCondCode(unsigned CC) const override { 368 switch (CC) { 369 default: return X86::COND_INVALID; 370 case X86::COND_E: return X86::COND_NE; 371 case X86::COND_NE: return X86::COND_E; 372 case X86::COND_L: return X86::COND_GE; 373 case X86::COND_LE: return X86::COND_G; 374 case X86::COND_G: return X86::COND_LE; 375 case X86::COND_GE: return X86::COND_L; 376 case X86::COND_B: return X86::COND_AE; 377 case X86::COND_BE: return X86::COND_A; 378 case X86::COND_A: return X86::COND_BE; 379 case X86::COND_AE: return X86::COND_B; 380 case X86::COND_S: return X86::COND_NS; 381 case X86::COND_NS: return X86::COND_S; 382 case X86::COND_P: return X86::COND_NP; 383 case X86::COND_NP: return X86::COND_P; 384 case X86::COND_O: return X86::COND_NO; 385 case X86::COND_NO: return X86::COND_O; 386 } 387 } 388 389 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 390 enum DecodedCondCode : uint8_t { 391 DCC_EQUAL = 0x1, 392 DCC_GREATER = 0x2, 393 DCC_LESSER = 0x4, 394 DCC_GREATER_OR_LESSER = 0x6, 395 DCC_UNSIGNED = 0x8, 396 DCC_SIGNED = 0x10, 397 DCC_INVALID = 0x20, 398 }; 399 400 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 401 switch (CC) { 402 default: return DCC_INVALID; 403 case X86::COND_E: return DCC_EQUAL; 404 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 405 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 406 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 407 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 408 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 409 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 410 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 411 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 412 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 413 } 414 }; 415 416 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 417 418 if (DCC & DCC_INVALID) 419 return X86::COND_INVALID; 420 421 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 422 return X86::COND_INVALID; 423 424 switch (DCC) { 425 default: return X86::COND_INVALID; 426 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 427 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 428 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 429 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 430 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 431 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 432 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 433 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 434 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 435 case DCC_EQUAL: return X86::COND_E; 436 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 437 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 438 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 439 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 440 } 441 } 442 443 bool isValidCondCode(unsigned CC) const override { 444 return (CC != X86::COND_INVALID); 445 } 446 447 bool isBreakpoint(const MCInst &Inst) const override { 448 return Inst.getOpcode() == X86::INT3; 449 } 450 451 bool isPrefix(const MCInst &Inst) const override { 452 switch (Inst.getOpcode()) { 453 case X86::LOCK_PREFIX: 454 case X86::REPNE_PREFIX: 455 case X86::REP_PREFIX: 456 return true; 457 } 458 return false; 459 } 460 461 bool isRep(const MCInst &Inst) const override { 462 return Inst.getFlags() == X86::IP_HAS_REPEAT; 463 } 464 465 bool deleteREPPrefix(MCInst &Inst) const override { 466 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 467 Inst.setFlags(0); 468 return true; 469 } 470 return false; 471 } 472 473 // FIXME: For compatibility with old LLVM only! 474 bool isTerminator(const MCInst &Inst) const override { 475 if (Info->get(Inst.getOpcode()).isTerminator()) 476 return true; 477 switch (Inst.getOpcode()) { 478 default: 479 return false; 480 case X86::TRAP: 481 // Opcodes previously known as X86::UD2B 482 case X86::UD1Wm: 483 case X86::UD1Lm: 484 case X86::UD1Qm: 485 case X86::UD1Wr: 486 case X86::UD1Lr: 487 case X86::UD1Qr: 488 return true; 489 } 490 } 491 492 bool isIndirectCall(const MCInst &Inst) const override { 493 return isCall(Inst) && 494 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 495 } 496 497 bool isPop(const MCInst &Inst) const override { 498 return getPopSize(Inst) == 0 ? false : true; 499 } 500 501 bool isTerminateBranch(const MCInst &Inst) const override { 502 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 503 } 504 505 int getPopSize(const MCInst &Inst) const override { 506 switch (Inst.getOpcode()) { 507 case X86::POP16r: 508 case X86::POP16rmm: 509 case X86::POP16rmr: 510 case X86::POPF16: 511 case X86::POPA16: 512 case X86::POPDS16: 513 case X86::POPES16: 514 case X86::POPFS16: 515 case X86::POPGS16: 516 case X86::POPSS16: 517 return 2; 518 case X86::POP32r: 519 case X86::POP32rmm: 520 case X86::POP32rmr: 521 case X86::POPA32: 522 case X86::POPDS32: 523 case X86::POPES32: 524 case X86::POPF32: 525 case X86::POPFS32: 526 case X86::POPGS32: 527 case X86::POPSS32: 528 return 4; 529 case X86::POP64r: 530 case X86::POP64rmm: 531 case X86::POP64rmr: 532 case X86::POPF64: 533 case X86::POPFS64: 534 case X86::POPGS64: 535 return 8; 536 } 537 return 0; 538 } 539 540 bool isPush(const MCInst &Inst) const override { 541 return getPushSize(Inst) == 0 ? false : true; 542 } 543 544 int getPushSize(const MCInst &Inst) const override { 545 switch (Inst.getOpcode()) { 546 case X86::PUSH16i8: 547 case X86::PUSH16r: 548 case X86::PUSH16rmm: 549 case X86::PUSH16rmr: 550 case X86::PUSHA16: 551 case X86::PUSHCS16: 552 case X86::PUSHDS16: 553 case X86::PUSHES16: 554 case X86::PUSHF16: 555 case X86::PUSHFS16: 556 case X86::PUSHGS16: 557 case X86::PUSHSS16: 558 case X86::PUSHi16: 559 return 2; 560 case X86::PUSH32i8: 561 case X86::PUSH32r: 562 case X86::PUSH32rmm: 563 case X86::PUSH32rmr: 564 case X86::PUSHA32: 565 case X86::PUSHCS32: 566 case X86::PUSHDS32: 567 case X86::PUSHES32: 568 case X86::PUSHF32: 569 case X86::PUSHFS32: 570 case X86::PUSHGS32: 571 case X86::PUSHSS32: 572 case X86::PUSHi32: 573 return 4; 574 case X86::PUSH64i32: 575 case X86::PUSH64i8: 576 case X86::PUSH64r: 577 case X86::PUSH64rmm: 578 case X86::PUSH64rmr: 579 case X86::PUSHF64: 580 case X86::PUSHFS64: 581 case X86::PUSHGS64: 582 return 8; 583 } 584 return 0; 585 } 586 587 bool isADD64rr(const MCInst &Inst) const override { 588 return Inst.getOpcode() == X86::ADD64rr; 589 } 590 591 bool isSUB(const MCInst &Inst) const override { 592 return ::isSUB(Inst.getOpcode()); 593 } 594 595 bool isADDri(const MCInst &Inst) const { 596 return Inst.getOpcode() == X86::ADD64ri32 || 597 Inst.getOpcode() == X86::ADD64ri8; 598 } 599 600 bool isLEA64r(const MCInst &Inst) const override { 601 return Inst.getOpcode() == X86::LEA64r; 602 } 603 604 bool isMOVSX64rm32(const MCInst &Inst) const override { 605 return Inst.getOpcode() == X86::MOVSX64rm32; 606 } 607 608 bool isLeave(const MCInst &Inst) const override { 609 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 610 } 611 612 bool isMoveMem2Reg(const MCInst &Inst) const override { 613 switch (Inst.getOpcode()) { 614 case X86::MOV16rm: 615 case X86::MOV32rm: 616 case X86::MOV64rm: 617 return true; 618 } 619 return false; 620 } 621 622 bool isUnsupportedBranch(unsigned Opcode) const override { 623 switch (Opcode) { 624 default: 625 return false; 626 case X86::LOOP: 627 case X86::LOOPE: 628 case X86::LOOPNE: 629 case X86::JECXZ: 630 case X86::JRCXZ: 631 return true; 632 } 633 } 634 635 bool isLoad(const MCInst &Inst) const override { 636 if (isPop(Inst)) 637 return true; 638 639 int MemOpNo = getMemoryOperandNo(Inst); 640 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 641 642 if (MemOpNo == -1) 643 return false; 644 645 return MCII.mayLoad(); 646 } 647 648 bool isStore(const MCInst &Inst) const override { 649 if (isPush(Inst)) 650 return true; 651 652 int MemOpNo = getMemoryOperandNo(Inst); 653 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 654 655 if (MemOpNo == -1) 656 return false; 657 658 return MCII.mayStore(); 659 } 660 661 bool isCleanRegXOR(const MCInst &Inst) const override { 662 switch (Inst.getOpcode()) { 663 case X86::XOR16rr: 664 case X86::XOR32rr: 665 case X86::XOR64rr: 666 break; 667 default: 668 return false; 669 } 670 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 671 } 672 673 bool isPacked(const MCInst &Inst) const override { 674 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 675 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 676 } 677 678 unsigned getTrapFillValue() const override { return 0xCC; } 679 680 struct IndJmpMatcherFrag1 : MCInstMatcher { 681 std::unique_ptr<MCInstMatcher> Base; 682 std::unique_ptr<MCInstMatcher> Scale; 683 std::unique_ptr<MCInstMatcher> Index; 684 std::unique_ptr<MCInstMatcher> Offset; 685 686 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 687 std::unique_ptr<MCInstMatcher> Scale, 688 std::unique_ptr<MCInstMatcher> Index, 689 std::unique_ptr<MCInstMatcher> Offset) 690 : Base(std::move(Base)), Scale(std::move(Scale)), 691 Index(std::move(Index)), Offset(std::move(Offset)) {} 692 693 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 694 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 695 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 696 return false; 697 698 if (CurInst->getOpcode() != X86::JMP64m) 699 return false; 700 701 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 702 if (MemOpNo == -1) 703 return false; 704 705 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 706 return false; 707 if (!Scale->match(MRI, MIB, this->InstrWindow, 708 MemOpNo + X86::AddrScaleAmt)) 709 return false; 710 if (!Index->match(MRI, MIB, this->InstrWindow, 711 MemOpNo + X86::AddrIndexReg)) 712 return false; 713 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 714 return false; 715 return true; 716 } 717 718 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 719 MIB.addAnnotation(*CurInst, Annotation, true); 720 Base->annotate(MIB, Annotation); 721 Scale->annotate(MIB, Annotation); 722 Index->annotate(MIB, Annotation); 723 Offset->annotate(MIB, Annotation); 724 } 725 }; 726 727 std::unique_ptr<MCInstMatcher> 728 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 729 std::unique_ptr<MCInstMatcher> Scale, 730 std::unique_ptr<MCInstMatcher> Index, 731 std::unique_ptr<MCInstMatcher> Offset) const override { 732 return std::unique_ptr<MCInstMatcher>( 733 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 734 std::move(Index), std::move(Offset))); 735 } 736 737 struct IndJmpMatcherFrag2 : MCInstMatcher { 738 std::unique_ptr<MCInstMatcher> Reg; 739 740 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 741 : Reg(std::move(Reg)) {} 742 743 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 744 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 745 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 746 return false; 747 748 if (CurInst->getOpcode() != X86::JMP64r) 749 return false; 750 751 return Reg->match(MRI, MIB, this->InstrWindow, 0); 752 } 753 754 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 755 MIB.addAnnotation(*CurInst, Annotation, true); 756 Reg->annotate(MIB, Annotation); 757 } 758 }; 759 760 std::unique_ptr<MCInstMatcher> 761 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 762 return std::unique_ptr<MCInstMatcher>( 763 new IndJmpMatcherFrag2(std::move(Target))); 764 } 765 766 struct LoadMatcherFrag1 : MCInstMatcher { 767 std::unique_ptr<MCInstMatcher> Base; 768 std::unique_ptr<MCInstMatcher> Scale; 769 std::unique_ptr<MCInstMatcher> Index; 770 std::unique_ptr<MCInstMatcher> Offset; 771 772 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 773 std::unique_ptr<MCInstMatcher> Scale, 774 std::unique_ptr<MCInstMatcher> Index, 775 std::unique_ptr<MCInstMatcher> Offset) 776 : Base(std::move(Base)), Scale(std::move(Scale)), 777 Index(std::move(Index)), Offset(std::move(Offset)) {} 778 779 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 780 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 781 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 782 return false; 783 784 if (CurInst->getOpcode() != X86::MOV64rm && 785 CurInst->getOpcode() != X86::MOVSX64rm32) 786 return false; 787 788 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 789 if (MemOpNo == -1) 790 return false; 791 792 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 793 return false; 794 if (!Scale->match(MRI, MIB, this->InstrWindow, 795 MemOpNo + X86::AddrScaleAmt)) 796 return false; 797 if (!Index->match(MRI, MIB, this->InstrWindow, 798 MemOpNo + X86::AddrIndexReg)) 799 return false; 800 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 801 return false; 802 return true; 803 } 804 805 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 806 MIB.addAnnotation(*CurInst, Annotation, true); 807 Base->annotate(MIB, Annotation); 808 Scale->annotate(MIB, Annotation); 809 Index->annotate(MIB, Annotation); 810 Offset->annotate(MIB, Annotation); 811 } 812 }; 813 814 std::unique_ptr<MCInstMatcher> 815 matchLoad(std::unique_ptr<MCInstMatcher> Base, 816 std::unique_ptr<MCInstMatcher> Scale, 817 std::unique_ptr<MCInstMatcher> Index, 818 std::unique_ptr<MCInstMatcher> Offset) const override { 819 return std::unique_ptr<MCInstMatcher>( 820 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 821 std::move(Index), std::move(Offset))); 822 } 823 824 struct AddMatcher : MCInstMatcher { 825 std::unique_ptr<MCInstMatcher> A; 826 std::unique_ptr<MCInstMatcher> B; 827 828 AddMatcher(std::unique_ptr<MCInstMatcher> A, 829 std::unique_ptr<MCInstMatcher> B) 830 : A(std::move(A)), B(std::move(B)) {} 831 832 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 833 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 834 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 835 return false; 836 837 if (CurInst->getOpcode() == X86::ADD64rr || 838 CurInst->getOpcode() == X86::ADD64rr_DB || 839 CurInst->getOpcode() == X86::ADD64rr_REV) { 840 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 841 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 842 return false; 843 return A->match(MRI, MIB, this->InstrWindow, 2); 844 } 845 846 if (B->match(MRI, MIB, this->InstrWindow, 2)) 847 return true; 848 849 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 850 return false; 851 return A->match(MRI, MIB, this->InstrWindow, 2); 852 } 853 854 return false; 855 } 856 857 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 858 MIB.addAnnotation(*CurInst, Annotation, true); 859 A->annotate(MIB, Annotation); 860 B->annotate(MIB, Annotation); 861 } 862 }; 863 864 virtual std::unique_ptr<MCInstMatcher> 865 matchAdd(std::unique_ptr<MCInstMatcher> A, 866 std::unique_ptr<MCInstMatcher> B) const override { 867 return std::unique_ptr<MCInstMatcher>( 868 new AddMatcher(std::move(A), std::move(B))); 869 } 870 871 struct LEAMatcher : MCInstMatcher { 872 std::unique_ptr<MCInstMatcher> Target; 873 874 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 875 : Target(std::move(Target)) {} 876 877 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 878 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 879 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 880 return false; 881 882 if (CurInst->getOpcode() != X86::LEA64r) 883 return false; 884 885 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 886 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 887 X86::NoRegister || 888 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 889 X86::NoRegister && 890 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 891 return false; 892 893 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 894 } 895 896 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 897 MIB.addAnnotation(*CurInst, Annotation, true); 898 Target->annotate(MIB, Annotation); 899 } 900 }; 901 902 virtual std::unique_ptr<MCInstMatcher> 903 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 904 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 905 } 906 907 bool hasPCRelOperand(const MCInst &Inst) const override { 908 for (const MCOperand &Operand : Inst) 909 if (Operand.isReg() && Operand.getReg() == X86::RIP) 910 return true; 911 return false; 912 } 913 914 int getMemoryOperandNo(const MCInst &Inst) const override { 915 unsigned Opcode = Inst.getOpcode(); 916 const MCInstrDesc &Desc = Info->get(Opcode); 917 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 918 if (MemOpNo >= 0) 919 MemOpNo += X86II::getOperandBias(Desc); 920 return MemOpNo; 921 } 922 923 bool hasEVEXEncoding(const MCInst &Inst) const override { 924 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 925 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 926 } 927 928 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 929 const auto *I = Insts.begin(); 930 while (I != Insts.end() && isPrefix(*I)) 931 ++I; 932 if (I == Insts.end()) 933 return false; 934 935 const MCInst &FirstInst = *I; 936 ++I; 937 while (I != Insts.end() && isPrefix(*I)) 938 ++I; 939 if (I == Insts.end()) 940 return false; 941 const MCInst &SecondInst = *I; 942 943 if (!isConditionalBranch(SecondInst)) 944 return false; 945 // Cannot fuse if the first instruction uses RIP-relative memory. 946 if (hasPCRelOperand(FirstInst)) 947 return false; 948 949 const X86::FirstMacroFusionInstKind CmpKind = 950 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 951 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 952 return false; 953 954 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 955 X86::SecondMacroFusionInstKind BranchKind = 956 X86::classifySecondCondCodeInMacroFusion(CC); 957 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 958 return false; 959 return X86::isMacroFused(CmpKind, BranchKind); 960 } 961 962 bool 963 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 964 int64_t *ScaleImm, unsigned *IndexRegNum, 965 int64_t *DispImm, unsigned *SegmentRegNum, 966 const MCExpr **DispExpr = nullptr) const override { 967 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 968 "one of the input pointers is null"); 969 int MemOpNo = getMemoryOperandNo(Inst); 970 if (MemOpNo < 0) 971 return false; 972 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 973 974 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 975 return false; 976 977 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 978 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 979 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 980 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 981 const MCOperand &Segment = 982 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 983 984 // Make sure it is a well-formed memory operand. 985 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 986 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 987 return false; 988 989 *BaseRegNum = Base.getReg(); 990 *ScaleImm = Scale.getImm(); 991 *IndexRegNum = Index.getReg(); 992 if (Disp.isImm()) { 993 assert(DispImm && "DispImm needs to be set"); 994 *DispImm = Disp.getImm(); 995 if (DispExpr) 996 *DispExpr = nullptr; 997 } else { 998 assert(DispExpr && "DispExpr needs to be set"); 999 *DispExpr = Disp.getExpr(); 1000 if (DispImm) 1001 *DispImm = 0; 1002 } 1003 *SegmentRegNum = Segment.getReg(); 1004 return true; 1005 } 1006 1007 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 1008 uint64_t Address, 1009 uint64_t Size) const override { 1010 unsigned BaseRegNum; 1011 int64_t ScaleValue; 1012 unsigned IndexRegNum; 1013 int64_t DispValue; 1014 unsigned SegRegNum; 1015 const MCExpr *DispExpr = nullptr; 1016 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1017 &DispValue, &SegRegNum, &DispExpr)) 1018 return false; 1019 1020 // Make sure it's a well-formed addressing we can statically evaluate. 1021 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 1022 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 1023 DispExpr) 1024 return false; 1025 1026 Target = DispValue; 1027 if (BaseRegNum == X86::RIP) { 1028 assert(Size != 0 && "instruction size required in order to statically " 1029 "evaluate RIP-relative address"); 1030 Target += Address + Size; 1031 } 1032 return true; 1033 } 1034 1035 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 1036 int MemOpNo = getMemoryOperandNo(Inst); 1037 if (MemOpNo < 0) 1038 return Inst.end(); 1039 return Inst.begin() + (MemOpNo + X86::AddrDisp); 1040 } 1041 1042 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 1043 MCOperand *OI = getMemOperandDisp(Inst); 1044 if (OI == Inst.end()) 1045 return false; 1046 *OI = Operand; 1047 return true; 1048 } 1049 1050 /// Get the registers used as function parameters. 1051 /// This function is specific to the x86_64 abi on Linux. 1052 BitVector getRegsUsedAsParams() const override { 1053 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 1054 Regs |= getAliases(X86::RSI); 1055 Regs |= getAliases(X86::RDI); 1056 Regs |= getAliases(X86::RDX); 1057 Regs |= getAliases(X86::RCX); 1058 Regs |= getAliases(X86::R8); 1059 Regs |= getAliases(X86::R9); 1060 return Regs; 1061 } 1062 1063 void getCalleeSavedRegs(BitVector &Regs) const override { 1064 Regs |= getAliases(X86::RBX); 1065 Regs |= getAliases(X86::RBP); 1066 Regs |= getAliases(X86::R12); 1067 Regs |= getAliases(X86::R13); 1068 Regs |= getAliases(X86::R14); 1069 Regs |= getAliases(X86::R15); 1070 } 1071 1072 void getDefaultDefIn(BitVector &Regs) const override { 1073 assert(Regs.size() >= RegInfo->getNumRegs() && 1074 "The size of BitVector is less than RegInfo->getNumRegs()."); 1075 Regs.set(X86::RAX); 1076 Regs.set(X86::RCX); 1077 Regs.set(X86::RDX); 1078 Regs.set(X86::RSI); 1079 Regs.set(X86::RDI); 1080 Regs.set(X86::R8); 1081 Regs.set(X86::R9); 1082 Regs.set(X86::XMM0); 1083 Regs.set(X86::XMM1); 1084 Regs.set(X86::XMM2); 1085 Regs.set(X86::XMM3); 1086 Regs.set(X86::XMM4); 1087 Regs.set(X86::XMM5); 1088 Regs.set(X86::XMM6); 1089 Regs.set(X86::XMM7); 1090 } 1091 1092 void getDefaultLiveOut(BitVector &Regs) const override { 1093 assert(Regs.size() >= RegInfo->getNumRegs() && 1094 "The size of BitVector is less than RegInfo->getNumRegs()."); 1095 Regs |= getAliases(X86::RAX); 1096 Regs |= getAliases(X86::RDX); 1097 Regs |= getAliases(X86::RCX); 1098 Regs |= getAliases(X86::XMM0); 1099 Regs |= getAliases(X86::XMM1); 1100 } 1101 1102 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 1103 if (IncludeAlias) { 1104 Regs |= getAliases(X86::RAX); 1105 Regs |= getAliases(X86::RBX); 1106 Regs |= getAliases(X86::RBP); 1107 Regs |= getAliases(X86::RSI); 1108 Regs |= getAliases(X86::RDI); 1109 Regs |= getAliases(X86::RDX); 1110 Regs |= getAliases(X86::RCX); 1111 Regs |= getAliases(X86::R8); 1112 Regs |= getAliases(X86::R9); 1113 Regs |= getAliases(X86::R10); 1114 Regs |= getAliases(X86::R11); 1115 Regs |= getAliases(X86::R12); 1116 Regs |= getAliases(X86::R13); 1117 Regs |= getAliases(X86::R14); 1118 Regs |= getAliases(X86::R15); 1119 return; 1120 } 1121 Regs.set(X86::RAX); 1122 Regs.set(X86::RBX); 1123 Regs.set(X86::RBP); 1124 Regs.set(X86::RSI); 1125 Regs.set(X86::RDI); 1126 Regs.set(X86::RDX); 1127 Regs.set(X86::RCX); 1128 Regs.set(X86::R8); 1129 Regs.set(X86::R9); 1130 Regs.set(X86::R10); 1131 Regs.set(X86::R11); 1132 Regs.set(X86::R12); 1133 Regs.set(X86::R13); 1134 Regs.set(X86::R14); 1135 Regs.set(X86::R15); 1136 } 1137 1138 void getClassicGPRegs(BitVector &Regs) const override { 1139 Regs |= getAliases(X86::RAX); 1140 Regs |= getAliases(X86::RBX); 1141 Regs |= getAliases(X86::RBP); 1142 Regs |= getAliases(X86::RSI); 1143 Regs |= getAliases(X86::RDI); 1144 Regs |= getAliases(X86::RDX); 1145 Regs |= getAliases(X86::RCX); 1146 } 1147 1148 void getRepRegs(BitVector &Regs) const override { 1149 Regs |= getAliases(X86::RCX); 1150 } 1151 1152 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 1153 switch (Reg) { 1154 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 1155 switch (Size) { 1156 case 8: return X86::RAX; case 4: return X86::EAX; 1157 case 2: return X86::AX; case 1: return X86::AL; 1158 default: llvm_unreachable("Unexpected size"); 1159 } 1160 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 1161 switch (Size) { 1162 case 8: return X86::RBX; case 4: return X86::EBX; 1163 case 2: return X86::BX; case 1: return X86::BL; 1164 default: llvm_unreachable("Unexpected size"); 1165 } 1166 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 1167 switch (Size) { 1168 case 8: return X86::RDX; case 4: return X86::EDX; 1169 case 2: return X86::DX; case 1: return X86::DL; 1170 default: llvm_unreachable("Unexpected size"); 1171 } 1172 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 1173 switch (Size) { 1174 case 8: return X86::RDI; case 4: return X86::EDI; 1175 case 2: return X86::DI; case 1: return X86::DIL; 1176 default: llvm_unreachable("Unexpected size"); 1177 } 1178 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 1179 switch (Size) { 1180 case 8: return X86::RSI; case 4: return X86::ESI; 1181 case 2: return X86::SI; case 1: return X86::SIL; 1182 default: llvm_unreachable("Unexpected size"); 1183 } 1184 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 1185 switch (Size) { 1186 case 8: return X86::RCX; case 4: return X86::ECX; 1187 case 2: return X86::CX; case 1: return X86::CL; 1188 default: llvm_unreachable("Unexpected size"); 1189 } 1190 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 1191 switch (Size) { 1192 case 8: return X86::RSP; case 4: return X86::ESP; 1193 case 2: return X86::SP; case 1: return X86::SPL; 1194 default: llvm_unreachable("Unexpected size"); 1195 } 1196 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 1197 switch (Size) { 1198 case 8: return X86::RBP; case 4: return X86::EBP; 1199 case 2: return X86::BP; case 1: return X86::BPL; 1200 default: llvm_unreachable("Unexpected size"); 1201 } 1202 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 1203 switch (Size) { 1204 case 8: return X86::R8; case 4: return X86::R8D; 1205 case 2: return X86::R8W; case 1: return X86::R8B; 1206 default: llvm_unreachable("Unexpected size"); 1207 } 1208 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 1209 switch (Size) { 1210 case 8: return X86::R9; case 4: return X86::R9D; 1211 case 2: return X86::R9W; case 1: return X86::R9B; 1212 default: llvm_unreachable("Unexpected size"); 1213 } 1214 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 1215 switch (Size) { 1216 case 8: return X86::R10; case 4: return X86::R10D; 1217 case 2: return X86::R10W; case 1: return X86::R10B; 1218 default: llvm_unreachable("Unexpected size"); 1219 } 1220 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 1221 switch (Size) { 1222 case 8: return X86::R11; case 4: return X86::R11D; 1223 case 2: return X86::R11W; case 1: return X86::R11B; 1224 default: llvm_unreachable("Unexpected size"); 1225 } 1226 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 1227 switch (Size) { 1228 case 8: return X86::R12; case 4: return X86::R12D; 1229 case 2: return X86::R12W; case 1: return X86::R12B; 1230 default: llvm_unreachable("Unexpected size"); 1231 } 1232 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 1233 switch (Size) { 1234 case 8: return X86::R13; case 4: return X86::R13D; 1235 case 2: return X86::R13W; case 1: return X86::R13B; 1236 default: llvm_unreachable("Unexpected size"); 1237 } 1238 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 1239 switch (Size) { 1240 case 8: return X86::R14; case 4: return X86::R14D; 1241 case 2: return X86::R14W; case 1: return X86::R14B; 1242 default: llvm_unreachable("Unexpected size"); 1243 } 1244 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 1245 switch (Size) { 1246 case 8: return X86::R15; case 4: return X86::R15D; 1247 case 2: return X86::R15W; case 1: return X86::R15B; 1248 default: llvm_unreachable("Unexpected size"); 1249 } 1250 default: 1251 dbgs() << Reg << " (get alias sized)\n"; 1252 llvm_unreachable("Unexpected reg number"); 1253 break; 1254 } 1255 } 1256 1257 bool isUpper8BitReg(MCPhysReg Reg) const override { 1258 switch (Reg) { 1259 case X86::AH: 1260 case X86::BH: 1261 case X86::CH: 1262 case X86::DH: 1263 return true; 1264 default: 1265 return false; 1266 } 1267 } 1268 1269 bool cannotUseREX(const MCInst &Inst) const override { 1270 switch (Inst.getOpcode()) { 1271 case X86::MOV8mr_NOREX: 1272 case X86::MOV8rm_NOREX: 1273 case X86::MOV8rr_NOREX: 1274 case X86::MOVSX32rm8_NOREX: 1275 case X86::MOVSX32rr8_NOREX: 1276 case X86::MOVZX32rm8_NOREX: 1277 case X86::MOVZX32rr8_NOREX: 1278 case X86::MOV8mr: 1279 case X86::MOV8rm: 1280 case X86::MOV8rr: 1281 case X86::MOVSX32rm8: 1282 case X86::MOVSX32rr8: 1283 case X86::MOVZX32rm8: 1284 case X86::MOVZX32rr8: 1285 case X86::TEST8ri: 1286 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1287 const MCOperand &Operand = Inst.getOperand(I); 1288 if (!Operand.isReg()) 1289 continue; 1290 if (isUpper8BitReg(Operand.getReg())) 1291 return true; 1292 } 1293 LLVM_FALLTHROUGH; 1294 default: 1295 return false; 1296 } 1297 } 1298 1299 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1300 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1301 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1302 bool &IsSimple, bool &IsIndexed) const override { 1303 // Detect simple push/pop cases first 1304 if (int Sz = getPushSize(Inst)) { 1305 IsLoad = false; 1306 IsStore = true; 1307 IsStoreFromReg = true; 1308 StackPtrReg = X86::RSP; 1309 StackOffset = -Sz; 1310 Size = Sz; 1311 IsSimple = true; 1312 if (Inst.getOperand(0).isImm()) 1313 SrcImm = Inst.getOperand(0).getImm(); 1314 else if (Inst.getOperand(0).isReg()) 1315 Reg = Inst.getOperand(0).getReg(); 1316 else 1317 IsSimple = false; 1318 1319 return true; 1320 } 1321 if (int Sz = getPopSize(Inst)) { 1322 IsLoad = true; 1323 IsStore = false; 1324 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1325 IsSimple = false; 1326 } else { 1327 Reg = Inst.getOperand(0).getReg(); 1328 IsSimple = true; 1329 } 1330 StackPtrReg = X86::RSP; 1331 StackOffset = 0; 1332 Size = Sz; 1333 return true; 1334 } 1335 1336 struct InstInfo { 1337 // Size in bytes that Inst loads from memory. 1338 uint8_t DataSize; 1339 bool IsLoad; 1340 bool IsStore; 1341 bool StoreFromReg; 1342 bool Simple; 1343 }; 1344 1345 InstInfo I; 1346 int MemOpNo = getMemoryOperandNo(Inst); 1347 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1348 // If it is not dealing with a memory operand, we discard it 1349 if (MemOpNo == -1 || MCII.isCall()) 1350 return false; 1351 1352 switch (Inst.getOpcode()) { 1353 default: { 1354 uint8_t Sz = 0; 1355 bool IsLoad = MCII.mayLoad(); 1356 bool IsStore = MCII.mayStore(); 1357 // Is it LEA? (deals with memory but is not loading nor storing) 1358 if (!IsLoad && !IsStore) 1359 return false; 1360 1361 // Try to guess data size involved in the load/store by looking at the 1362 // register size. If there's no reg involved, return 0 as size, meaning 1363 // we don't know. 1364 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1365 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1366 continue; 1367 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1368 continue; 1369 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1370 break; 1371 } 1372 I = {Sz, IsLoad, IsStore, false, false}; 1373 break; 1374 } 1375 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1376 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1377 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1378 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1379 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1380 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1381 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1382 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1383 } // end switch (Inst.getOpcode()) 1384 1385 unsigned BaseRegNum; 1386 int64_t ScaleValue; 1387 unsigned IndexRegNum; 1388 int64_t DispValue; 1389 unsigned SegRegNum; 1390 const MCExpr *DispExpr; 1391 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1392 &DispValue, &SegRegNum, &DispExpr)) { 1393 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1394 LLVM_DEBUG(Inst.dump()); 1395 return false; 1396 } 1397 1398 // Make sure it's a stack access 1399 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1400 return false; 1401 1402 IsLoad = I.IsLoad; 1403 IsStore = I.IsStore; 1404 IsStoreFromReg = I.StoreFromReg; 1405 Size = I.DataSize; 1406 IsSimple = I.Simple; 1407 StackPtrReg = BaseRegNum; 1408 StackOffset = DispValue; 1409 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1410 1411 if (!I.Simple) 1412 return true; 1413 1414 // Retrieve related register in simple MOV from/to stack operations. 1415 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1416 if (I.IsLoad) { 1417 MCOperand RegOpnd = Inst.getOperand(0); 1418 assert(RegOpnd.isReg() && "unexpected destination operand"); 1419 Reg = RegOpnd.getReg(); 1420 } else if (I.IsStore) { 1421 MCOperand SrcOpnd = 1422 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1423 if (I.StoreFromReg) { 1424 assert(SrcOpnd.isReg() && "unexpected source operand"); 1425 Reg = SrcOpnd.getReg(); 1426 } else { 1427 assert(SrcOpnd.isImm() && "unexpected source operand"); 1428 SrcImm = SrcOpnd.getImm(); 1429 } 1430 } 1431 1432 return true; 1433 } 1434 1435 void changeToPushOrPop(MCInst &Inst) const override { 1436 assert(!isPush(Inst) && !isPop(Inst)); 1437 1438 struct InstInfo { 1439 // Size in bytes that Inst loads from memory. 1440 uint8_t DataSize; 1441 bool IsLoad; 1442 bool StoreFromReg; 1443 }; 1444 1445 InstInfo I; 1446 switch (Inst.getOpcode()) { 1447 default: { 1448 llvm_unreachable("Unhandled opcode"); 1449 return; 1450 } 1451 case X86::MOV16rm: I = {2, true, false}; break; 1452 case X86::MOV32rm: I = {4, true, false}; break; 1453 case X86::MOV64rm: I = {8, true, false}; break; 1454 case X86::MOV16mr: I = {2, false, true}; break; 1455 case X86::MOV32mr: I = {4, false, true}; break; 1456 case X86::MOV64mr: I = {8, false, true}; break; 1457 case X86::MOV16mi: I = {2, false, false}; break; 1458 case X86::MOV32mi: I = {4, false, false}; break; 1459 } // end switch (Inst.getOpcode()) 1460 1461 unsigned BaseRegNum; 1462 int64_t ScaleValue; 1463 unsigned IndexRegNum; 1464 int64_t DispValue; 1465 unsigned SegRegNum; 1466 const MCExpr *DispExpr; 1467 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1468 &DispValue, &SegRegNum, &DispExpr)) { 1469 llvm_unreachable("Evaluate failed"); 1470 return; 1471 } 1472 // Make sure it's a stack access 1473 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1474 llvm_unreachable("Not a stack access"); 1475 return; 1476 } 1477 1478 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1479 unsigned NewOpcode = 0; 1480 if (I.IsLoad) { 1481 switch (I.DataSize) { 1482 case 2: NewOpcode = X86::POP16r; break; 1483 case 4: NewOpcode = X86::POP32r; break; 1484 case 8: NewOpcode = X86::POP64r; break; 1485 default: 1486 llvm_unreachable("Unexpected size"); 1487 } 1488 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1489 Inst.clear(); 1490 Inst.setOpcode(NewOpcode); 1491 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1492 } else { 1493 MCOperand SrcOpnd = 1494 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1495 if (I.StoreFromReg) { 1496 switch (I.DataSize) { 1497 case 2: NewOpcode = X86::PUSH16r; break; 1498 case 4: NewOpcode = X86::PUSH32r; break; 1499 case 8: NewOpcode = X86::PUSH64r; break; 1500 default: 1501 llvm_unreachable("Unexpected size"); 1502 } 1503 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1504 unsigned RegOpndNum = SrcOpnd.getReg(); 1505 Inst.clear(); 1506 Inst.setOpcode(NewOpcode); 1507 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1508 } else { 1509 switch (I.DataSize) { 1510 case 2: NewOpcode = X86::PUSH16i8; break; 1511 case 4: NewOpcode = X86::PUSH32i8; break; 1512 case 8: NewOpcode = X86::PUSH64i32; break; 1513 default: 1514 llvm_unreachable("Unexpected size"); 1515 } 1516 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1517 int64_t SrcImm = SrcOpnd.getImm(); 1518 Inst.clear(); 1519 Inst.setOpcode(NewOpcode); 1520 Inst.addOperand(MCOperand::createImm(SrcImm)); 1521 } 1522 } 1523 } 1524 1525 bool isStackAdjustment(const MCInst &Inst) const override { 1526 switch (Inst.getOpcode()) { 1527 default: 1528 return false; 1529 case X86::SUB64ri32: 1530 case X86::SUB64ri8: 1531 case X86::ADD64ri32: 1532 case X86::ADD64ri8: 1533 case X86::LEA64r: 1534 break; 1535 } 1536 1537 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1538 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1539 const MCOperand &Operand = Inst.getOperand(I); 1540 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1541 return true; 1542 } 1543 return false; 1544 } 1545 1546 bool evaluateSimple(const MCInst &Inst, int64_t &Output, 1547 std::pair<MCPhysReg, int64_t> Input1, 1548 std::pair<MCPhysReg, int64_t> Input2) const override { 1549 1550 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1551 if (Reg == Input1.first) 1552 return Input1.second; 1553 if (Reg == Input2.first) 1554 return Input2.second; 1555 return make_error_code(errc::result_out_of_range); 1556 }; 1557 1558 switch (Inst.getOpcode()) { 1559 default: 1560 return false; 1561 1562 case X86::AND64ri32: 1563 case X86::AND64ri8: 1564 if (!Inst.getOperand(2).isImm()) 1565 return false; 1566 if (ErrorOr<int64_t> InputVal = 1567 getOperandVal(Inst.getOperand(1).getReg())) 1568 Output = *InputVal & Inst.getOperand(2).getImm(); 1569 else 1570 return false; 1571 break; 1572 case X86::SUB64ri32: 1573 case X86::SUB64ri8: 1574 if (!Inst.getOperand(2).isImm()) 1575 return false; 1576 if (ErrorOr<int64_t> InputVal = 1577 getOperandVal(Inst.getOperand(1).getReg())) 1578 Output = *InputVal - Inst.getOperand(2).getImm(); 1579 else 1580 return false; 1581 break; 1582 case X86::ADD64ri32: 1583 case X86::ADD64ri8: 1584 if (!Inst.getOperand(2).isImm()) 1585 return false; 1586 if (ErrorOr<int64_t> InputVal = 1587 getOperandVal(Inst.getOperand(1).getReg())) 1588 Output = *InputVal + Inst.getOperand(2).getImm(); 1589 else 1590 return false; 1591 break; 1592 case X86::ADD64i32: 1593 if (!Inst.getOperand(0).isImm()) 1594 return false; 1595 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1596 Output = *InputVal + Inst.getOperand(0).getImm(); 1597 else 1598 return false; 1599 break; 1600 1601 case X86::LEA64r: { 1602 unsigned BaseRegNum; 1603 int64_t ScaleValue; 1604 unsigned IndexRegNum; 1605 int64_t DispValue; 1606 unsigned SegRegNum; 1607 const MCExpr *DispExpr = nullptr; 1608 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1609 &IndexRegNum, &DispValue, &SegRegNum, 1610 &DispExpr)) 1611 return false; 1612 1613 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1614 SegRegNum != X86::NoRegister || DispExpr) 1615 return false; 1616 1617 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1618 Output = *InputVal + DispValue; 1619 else 1620 return false; 1621 1622 break; 1623 } 1624 } 1625 return true; 1626 } 1627 1628 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1629 MCPhysReg &To) const override { 1630 switch (Inst.getOpcode()) { 1631 default: 1632 return false; 1633 case X86::LEAVE: 1634 case X86::LEAVE64: 1635 To = getStackPointer(); 1636 From = getFramePointer(); 1637 return true; 1638 case X86::MOV64rr: 1639 To = Inst.getOperand(0).getReg(); 1640 From = Inst.getOperand(1).getReg(); 1641 return true; 1642 } 1643 } 1644 1645 MCPhysReg getStackPointer() const override { return X86::RSP; } 1646 MCPhysReg getFramePointer() const override { return X86::RBP; } 1647 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1648 1649 bool escapesVariable(const MCInst &Inst, 1650 bool HasFramePointer) const override { 1651 int MemOpNo = getMemoryOperandNo(Inst); 1652 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1653 const unsigned NumDefs = MCII.getNumDefs(); 1654 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1655 getAliases(X86::RBP)); 1656 static BitVector SPAliases(getAliases(X86::RSP)); 1657 1658 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1659 // because a lot of harmless prologue code will spill SP to the stack. 1660 // Unless push is clearly pushing an object address to the stack as 1661 // demonstrated by having a MemOp. 1662 bool IsPush = isPush(Inst); 1663 if (IsPush && MemOpNo == -1) 1664 return false; 1665 1666 // We use this to detect LEA (has memop but does not access mem) 1667 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1668 bool DoesLeak = false; 1669 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1670 // Ignore if SP/BP is used to dereference memory -- that's fine 1671 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1672 I <= MemOpNo + 5) 1673 continue; 1674 // Ignore if someone is writing to SP/BP 1675 if (I < static_cast<int>(NumDefs)) 1676 continue; 1677 1678 const MCOperand &Operand = Inst.getOperand(I); 1679 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1680 DoesLeak = true; 1681 break; 1682 } 1683 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1684 DoesLeak = true; 1685 break; 1686 } 1687 } 1688 1689 // If potential leak, check if it is not just writing to itself/sp/bp 1690 if (DoesLeak) { 1691 for (int I = 0, E = NumDefs; I != E; ++I) { 1692 const MCOperand &Operand = Inst.getOperand(I); 1693 if (HasFramePointer && Operand.isReg() && 1694 SPBPAliases[Operand.getReg()]) { 1695 DoesLeak = false; 1696 break; 1697 } 1698 if (!HasFramePointer && Operand.isReg() && 1699 SPAliases[Operand.getReg()]) { 1700 DoesLeak = false; 1701 break; 1702 } 1703 } 1704 } 1705 return DoesLeak; 1706 } 1707 1708 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1709 unsigned ImmOpNo = -1U; 1710 int MemOpNo = getMemoryOperandNo(Inst); 1711 if (MemOpNo != -1) 1712 ImmOpNo = MemOpNo + X86::AddrDisp; 1713 else 1714 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1715 ++Index) 1716 if (Inst.getOperand(Index).isImm()) 1717 ImmOpNo = Index; 1718 if (ImmOpNo == -1U) 1719 return false; 1720 1721 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1722 Amt += Operand.getImm(); 1723 Operand.setImm(Amt); 1724 // Check for the need for relaxation 1725 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1726 return true; 1727 1728 // Relax instruction 1729 switch (Inst.getOpcode()) { 1730 case X86::SUB64ri8: 1731 Inst.setOpcode(X86::SUB64ri32); 1732 break; 1733 case X86::ADD64ri8: 1734 Inst.setOpcode(X86::ADD64ri32); 1735 break; 1736 default: 1737 // No need for relaxation 1738 break; 1739 } 1740 return true; 1741 } 1742 1743 /// TODO: this implementation currently works for the most common opcodes that 1744 /// load from memory. It can be extended to work with memory store opcodes as 1745 /// well as more memory load opcodes. 1746 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1747 uint64_t Offset) const override { 1748 enum CheckSignExt : uint8_t { 1749 NOCHECK = 0, 1750 CHECK8, 1751 CHECK32, 1752 }; 1753 1754 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1755 struct InstInfo { 1756 // Size in bytes that Inst loads from memory. 1757 uint8_t DataSize; 1758 1759 // True when the target operand has to be duplicated because the opcode 1760 // expects a LHS operand. 1761 bool HasLHS; 1762 1763 // List of checks and corresponding opcodes to be used. We try to use the 1764 // smallest possible immediate value when various sizes are available, 1765 // hence we may need to check whether a larger constant fits in a smaller 1766 // immediate. 1767 CheckList Checks; 1768 }; 1769 1770 InstInfo I; 1771 1772 switch (Inst.getOpcode()) { 1773 default: { 1774 switch (getPopSize(Inst)) { 1775 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1776 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1777 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1778 {NOCHECK, X86::MOV64rm}}}; break; 1779 default: return false; 1780 } 1781 break; 1782 } 1783 1784 // MOV 1785 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1786 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1787 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1788 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1789 {NOCHECK, X86::MOV64rm}}}; break; 1790 1791 // MOVZX 1792 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1793 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1794 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1795 1796 // CMP 1797 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1798 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1799 {NOCHECK, X86::CMP16ri}}}; break; 1800 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1801 {NOCHECK, X86::CMP32ri}}}; break; 1802 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1803 {CHECK32, X86::CMP64ri32}, 1804 {NOCHECK, X86::CMP64rm}}}; break; 1805 1806 // TEST 1807 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1808 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1809 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1810 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1811 {NOCHECK, X86::TEST64mr}}}; break; 1812 1813 // ADD 1814 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1815 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1816 {NOCHECK, X86::ADD16ri}}}; break; 1817 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1818 {NOCHECK, X86::ADD32ri}}}; break; 1819 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1820 {CHECK32, X86::ADD64ri32}, 1821 {NOCHECK, X86::ADD64rm}}}; break; 1822 1823 // SUB 1824 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1825 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1826 {NOCHECK, X86::SUB16ri}}}; break; 1827 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1828 {NOCHECK, X86::SUB32ri}}}; break; 1829 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1830 {CHECK32, X86::SUB64ri32}, 1831 {NOCHECK, X86::SUB64rm}}}; break; 1832 1833 // AND 1834 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1835 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1836 {NOCHECK, X86::AND16ri}}}; break; 1837 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1838 {NOCHECK, X86::AND32ri}}}; break; 1839 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1840 {CHECK32, X86::AND64ri32}, 1841 {NOCHECK, X86::AND64rm}}}; break; 1842 1843 // OR 1844 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1845 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1846 {NOCHECK, X86::OR16ri}}}; break; 1847 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1848 {NOCHECK, X86::OR32ri}}}; break; 1849 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1850 {CHECK32, X86::OR64ri32}, 1851 {NOCHECK, X86::OR64rm}}}; break; 1852 1853 // XOR 1854 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1855 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1856 {NOCHECK, X86::XOR16ri}}}; break; 1857 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1858 {NOCHECK, X86::XOR32ri}}}; break; 1859 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1860 {CHECK32, X86::XOR64ri32}, 1861 {NOCHECK, X86::XOR64rm}}}; break; 1862 } 1863 1864 // Compute the immediate value. 1865 assert(Offset + I.DataSize <= ConstantData.size() && 1866 "invalid offset for given constant data"); 1867 int64_t ImmVal = 1868 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1869 1870 // Compute the new opcode. 1871 unsigned NewOpcode = 0; 1872 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1873 NewOpcode = Check.second; 1874 if (Check.first == NOCHECK) 1875 break; 1876 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1877 break; 1878 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1879 break; 1880 } 1881 if (NewOpcode == Inst.getOpcode()) 1882 return false; 1883 1884 // Modify the instruction. 1885 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1886 uint32_t TargetOpNum = 0; 1887 // Test instruction does not follow the regular pattern of putting the 1888 // memory reference of a load (5 MCOperands) last in the list of operands. 1889 // Since it is not modifying the register operand, it is not treated as 1890 // a destination operand and it is not the first operand as it is in the 1891 // other instructions we treat here. 1892 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1893 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1894 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1895 1896 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1897 Inst.clear(); 1898 Inst.setOpcode(NewOpcode); 1899 Inst.addOperand(TargetOp); 1900 if (I.HasLHS) 1901 Inst.addOperand(TargetOp); 1902 Inst.addOperand(ImmOp); 1903 1904 return true; 1905 } 1906 1907 /// TODO: this implementation currently works for the most common opcodes that 1908 /// load from memory. It can be extended to work with memory store opcodes as 1909 /// well as more memory load opcodes. 1910 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1911 unsigned NewOpcode; 1912 1913 switch (Inst.getOpcode()) { 1914 default: { 1915 switch (getPopSize(Inst)) { 1916 case 2: NewOpcode = X86::MOV16rr; break; 1917 case 4: NewOpcode = X86::MOV32rr; break; 1918 case 8: NewOpcode = X86::MOV64rr; break; 1919 default: return false; 1920 } 1921 break; 1922 } 1923 1924 // MOV 1925 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1926 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1927 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1928 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1929 } 1930 1931 // Modify the instruction. 1932 MCOperand RegOp = MCOperand::createReg(RegNum); 1933 MCOperand TargetOp = Inst.getOperand(0); 1934 Inst.clear(); 1935 Inst.setOpcode(NewOpcode); 1936 Inst.addOperand(TargetOp); 1937 Inst.addOperand(RegOp); 1938 1939 return true; 1940 } 1941 1942 bool isRedundantMove(const MCInst &Inst) const override { 1943 switch (Inst.getOpcode()) { 1944 default: 1945 return false; 1946 1947 // MOV 1948 case X86::MOV8rr: 1949 case X86::MOV16rr: 1950 case X86::MOV32rr: 1951 case X86::MOV64rr: 1952 break; 1953 } 1954 1955 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1956 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1957 } 1958 1959 bool requiresAlignedAddress(const MCInst &Inst) const override { 1960 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1961 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1962 const MCOperandInfo &Op = Desc.OpInfo[I]; 1963 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1964 continue; 1965 if (Op.RegClass == X86::VR128RegClassID) 1966 return true; 1967 } 1968 return false; 1969 } 1970 1971 bool convertJmpToTailCall(MCInst &Inst) override { 1972 if (isTailCall(Inst)) 1973 return false; 1974 1975 int NewOpcode; 1976 switch (Inst.getOpcode()) { 1977 default: 1978 return false; 1979 case X86::JMP_1: 1980 case X86::JMP_2: 1981 case X86::JMP_4: 1982 NewOpcode = X86::JMP_4; 1983 break; 1984 case X86::JMP16m: 1985 case X86::JMP32m: 1986 case X86::JMP64m: 1987 NewOpcode = X86::JMP32m; 1988 break; 1989 case X86::JMP16r: 1990 case X86::JMP32r: 1991 case X86::JMP64r: 1992 NewOpcode = X86::JMP32r; 1993 break; 1994 } 1995 1996 Inst.setOpcode(NewOpcode); 1997 setTailCall(Inst); 1998 return true; 1999 } 2000 2001 bool convertTailCallToJmp(MCInst &Inst) override { 2002 int NewOpcode; 2003 switch (Inst.getOpcode()) { 2004 default: 2005 return false; 2006 case X86::JMP_4: 2007 NewOpcode = X86::JMP_1; 2008 break; 2009 case X86::JMP32m: 2010 NewOpcode = X86::JMP64m; 2011 break; 2012 case X86::JMP32r: 2013 NewOpcode = X86::JMP64r; 2014 break; 2015 } 2016 2017 Inst.setOpcode(NewOpcode); 2018 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2019 clearOffset(Inst); 2020 return true; 2021 } 2022 2023 bool convertTailCallToCall(MCInst &Inst) override { 2024 int NewOpcode; 2025 switch (Inst.getOpcode()) { 2026 default: 2027 return false; 2028 case X86::JMP_4: 2029 NewOpcode = X86::CALL64pcrel32; 2030 break; 2031 case X86::JMP32m: 2032 NewOpcode = X86::CALL64m; 2033 break; 2034 case X86::JMP32r: 2035 NewOpcode = X86::CALL64r; 2036 break; 2037 } 2038 2039 Inst.setOpcode(NewOpcode); 2040 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2041 return true; 2042 } 2043 2044 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 2045 MCContext *Ctx) override { 2046 bool IsTailCall = isTailCall(Inst); 2047 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 2048 (Inst.getOpcode() == X86::JMP_4 && IsTailCall)) && 2049 "64-bit direct (tail) call instruction expected"); 2050 const auto NewOpcode = 2051 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 2052 Inst.setOpcode(NewOpcode); 2053 2054 // Replace the first operand and preserve auxiliary operands of 2055 // the instruction. 2056 Inst.erase(Inst.begin()); 2057 Inst.insert(Inst.begin(), 2058 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2059 Inst.insert(Inst.begin(), 2060 MCOperand::createExpr( // Displacement 2061 MCSymbolRefExpr::create(TargetLocation, 2062 MCSymbolRefExpr::VK_None, *Ctx))); 2063 Inst.insert(Inst.begin(), 2064 MCOperand::createReg(X86::NoRegister)); // IndexReg 2065 Inst.insert(Inst.begin(), 2066 MCOperand::createImm(1)); // ScaleAmt 2067 Inst.insert(Inst.begin(), 2068 MCOperand::createReg(X86::RIP)); // BaseReg 2069 2070 return true; 2071 } 2072 2073 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 2074 bool IsTailCall = isTailCall(Inst); 2075 if (IsTailCall) 2076 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2077 if (Inst.getOpcode() == X86::CALL64m || 2078 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 2079 Inst.setOpcode(X86::MOV64rm); 2080 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2081 return; 2082 } 2083 if (Inst.getOpcode() == X86::CALL64r || 2084 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 2085 Inst.setOpcode(X86::MOV64rr); 2086 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2087 return; 2088 } 2089 LLVM_DEBUG(Inst.dump()); 2090 llvm_unreachable("not implemented"); 2091 } 2092 2093 bool shortenInstruction(MCInst &Inst) const override { 2094 unsigned OldOpcode = Inst.getOpcode(); 2095 unsigned NewOpcode = OldOpcode; 2096 2097 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where SIB 2098 // byte is present, but no index is used and modrm alone shoud have been 2099 // enough. Converting to NoRegister effectively removes the SIB byte. 2100 int MemOpNo = getMemoryOperandNo(Inst); 2101 if (MemOpNo >= 0) { 2102 MCOperand &IndexOp = 2103 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 2104 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 2105 IndexOp = MCOperand::createReg(X86::NoRegister); 2106 } 2107 2108 if (isBranch(Inst)) { 2109 NewOpcode = getShortBranchOpcode(OldOpcode); 2110 } else if (OldOpcode == X86::MOV64ri) { 2111 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2112 const int64_t Imm = 2113 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2114 if (int64_t(Imm) == int64_t(int32_t(Imm))) 2115 NewOpcode = X86::MOV64ri32; 2116 } 2117 } else { 2118 // If it's arithmetic instruction check if signed operand fits in 1 byte. 2119 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 2120 if (ShortOpcode != OldOpcode && 2121 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2122 int64_t Imm = 2123 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2124 if (int64_t(Imm) == int64_t(int8_t(Imm))) 2125 NewOpcode = ShortOpcode; 2126 } 2127 } 2128 2129 if (NewOpcode == OldOpcode) 2130 return false; 2131 2132 Inst.setOpcode(NewOpcode); 2133 return true; 2134 } 2135 2136 bool lowerTailCall(MCInst &Inst) override { 2137 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 2138 Inst.setOpcode(X86::JMP_1); 2139 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2140 return true; 2141 } 2142 return false; 2143 } 2144 2145 const MCSymbol *getTargetSymbol(const MCInst &Inst, 2146 unsigned OpNum = 0) const override { 2147 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 2148 return nullptr; 2149 2150 const MCOperand &Op = Inst.getOperand(OpNum); 2151 if (!Op.isExpr()) 2152 return nullptr; 2153 2154 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 2155 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 2156 return nullptr; 2157 2158 return &SymExpr->getSymbol(); 2159 } 2160 2161 // This is the same as the base class, but since we are overriding one of 2162 // getTargetSymbol's signatures above, we need to override all of them. 2163 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 2164 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 2165 } 2166 2167 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 2168 const MCSymbol *&TBB, const MCSymbol *&FBB, 2169 MCInst *&CondBranch, 2170 MCInst *&UncondBranch) const override { 2171 auto I = End; 2172 2173 // Bottom-up analysis 2174 while (I != Begin) { 2175 --I; 2176 2177 // Ignore nops and CFIs 2178 if (isPseudo(*I)) 2179 continue; 2180 2181 // Stop when we find the first non-terminator 2182 if (!isTerminator(*I)) 2183 break; 2184 2185 if (!isBranch(*I)) 2186 break; 2187 2188 // Handle unconditional branches. 2189 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 2190 I->getOpcode() == X86::JMP_4) && 2191 !isTailCall(*I)) { 2192 // If any code was seen after this unconditional branch, we've seen 2193 // unreachable code. Ignore them. 2194 CondBranch = nullptr; 2195 UncondBranch = &*I; 2196 const MCSymbol *Sym = getTargetSymbol(*I); 2197 assert(Sym != nullptr && 2198 "Couldn't extract BB symbol from jump operand"); 2199 TBB = Sym; 2200 continue; 2201 } 2202 2203 // Handle conditional branches and ignore indirect branches 2204 if (!isUnsupportedBranch(I->getOpcode()) && 2205 getCondCode(*I) == X86::COND_INVALID) { 2206 // Indirect branch 2207 return false; 2208 } 2209 2210 if (CondBranch == nullptr) { 2211 const MCSymbol *TargetBB = getTargetSymbol(*I); 2212 if (TargetBB == nullptr) { 2213 // Unrecognized branch target 2214 return false; 2215 } 2216 FBB = TBB; 2217 TBB = TargetBB; 2218 CondBranch = &*I; 2219 continue; 2220 } 2221 2222 llvm_unreachable("multiple conditional branches in one BB"); 2223 } 2224 return true; 2225 } 2226 2227 template <typename Itr> 2228 std::pair<IndirectBranchType, MCInst *> 2229 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2230 // Analyze PIC-style jump table code template: 2231 // 2232 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2233 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2234 // add %r2, %r1 2235 // jmp *%r1 2236 // 2237 // (with any irrelevant instructions in-between) 2238 // 2239 // When we call this helper we've already determined %r1 and %r2, and 2240 // reverse instruction iterator \p II is pointing to the ADD instruction. 2241 // 2242 // PIC jump table looks like following: 2243 // 2244 // JT: ---------- 2245 // E1:| L1 - JT | 2246 // |----------| 2247 // E2:| L2 - JT | 2248 // |----------| 2249 // | | 2250 // ...... 2251 // En:| Ln - JT | 2252 // ---------- 2253 // 2254 // Where L1, L2, ..., Ln represent labels in the function. 2255 // 2256 // The actual relocations in the table will be of the form: 2257 // 2258 // Ln - JT 2259 // = (Ln - En) + (En - JT) 2260 // = R_X86_64_PC32(Ln) + En - JT 2261 // = R_X86_64_PC32(Ln + offsetof(En)) 2262 // 2263 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2264 MCInst *MemLocInstr = nullptr; 2265 const MCInst *MovInstr = nullptr; 2266 while (++II != IE) { 2267 MCInst &Instr = *II; 2268 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2269 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2270 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2271 // Ignore instructions that don't affect R1, R2 registers. 2272 continue; 2273 } 2274 if (!MovInstr) { 2275 // Expect to see MOV instruction. 2276 if (!isMOVSX64rm32(Instr)) { 2277 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2278 break; 2279 } 2280 2281 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2282 // If it sets %r1 - rename the registers so we have to only check 2283 // a single form. 2284 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2285 if (MovDestReg != R2) 2286 std::swap(R1, R2); 2287 if (MovDestReg != R2) { 2288 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2289 break; 2290 } 2291 2292 // Verify operands for MOV. 2293 unsigned BaseRegNum; 2294 int64_t ScaleValue; 2295 unsigned IndexRegNum; 2296 int64_t DispValue; 2297 unsigned SegRegNum; 2298 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2299 &IndexRegNum, &DispValue, &SegRegNum)) 2300 break; 2301 if (BaseRegNum != R1 || ScaleValue != 4 || 2302 IndexRegNum == X86::NoRegister || DispValue != 0 || 2303 SegRegNum != X86::NoRegister) 2304 break; 2305 MovInstr = &Instr; 2306 } else { 2307 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2308 continue; 2309 if (!isLEA64r(Instr)) { 2310 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2311 break; 2312 } 2313 if (Instr.getOperand(0).getReg() != R1) { 2314 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2315 break; 2316 } 2317 2318 // Verify operands for LEA. 2319 unsigned BaseRegNum; 2320 int64_t ScaleValue; 2321 unsigned IndexRegNum; 2322 const MCExpr *DispExpr = nullptr; 2323 int64_t DispValue; 2324 unsigned SegRegNum; 2325 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2326 &IndexRegNum, &DispValue, &SegRegNum, 2327 &DispExpr)) 2328 break; 2329 if (BaseRegNum != RegInfo->getProgramCounter() || 2330 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2331 DispExpr == nullptr) 2332 break; 2333 MemLocInstr = &Instr; 2334 break; 2335 } 2336 } 2337 2338 if (!MemLocInstr) 2339 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2340 2341 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2342 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2343 MemLocInstr); 2344 } 2345 2346 IndirectBranchType analyzeIndirectBranch( 2347 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2348 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2349 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2350 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2351 // Try to find a (base) memory location from where the address for 2352 // the indirect branch is loaded. For X86-64 the memory will be specified 2353 // in the following format: 2354 // 2355 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2356 // 2357 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2358 // the contents of the memory are presumably an array of pointers to code. 2359 // 2360 // Normal jump table: 2361 // 2362 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2363 // 2364 // or 2365 // 2366 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2367 // ... 2368 // jmp %r1 2369 // 2370 // We handle PIC-style jump tables separately. 2371 // 2372 MemLocInstrOut = nullptr; 2373 BaseRegNumOut = X86::NoRegister; 2374 IndexRegNumOut = X86::NoRegister; 2375 DispValueOut = 0; 2376 DispExprOut = nullptr; 2377 2378 std::reverse_iterator<InstructionIterator> II(End); 2379 std::reverse_iterator<InstructionIterator> IE(Begin); 2380 2381 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2382 2383 // An instruction referencing memory used by jump instruction (directly or 2384 // via register). This location could be an array of function pointers 2385 // in case of indirect tail call, or a jump table. 2386 MCInst *MemLocInstr = nullptr; 2387 2388 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2389 // If the indirect jump is on register - try to detect if the 2390 // register value is loaded from a memory location. 2391 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2392 const unsigned R1 = Instruction.getOperand(0).getReg(); 2393 // Check if one of the previous instructions defines the jump-on register. 2394 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2395 MCInst &PrevInstr = *PrevII; 2396 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2397 2398 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2399 continue; 2400 2401 if (isMoveMem2Reg(PrevInstr)) { 2402 MemLocInstr = &PrevInstr; 2403 break; 2404 } 2405 if (isADD64rr(PrevInstr)) { 2406 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2407 if (R1 == R2) 2408 return IndirectBranchType::UNKNOWN; 2409 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2410 break; 2411 } 2412 return IndirectBranchType::UNKNOWN; 2413 } 2414 if (!MemLocInstr) { 2415 // No definition seen for the register in this function so far. Could be 2416 // an input parameter - which means it is an external code reference. 2417 // It also could be that the definition happens to be in the code that 2418 // we haven't processed yet. Since we have to be conservative, return 2419 // as UNKNOWN case. 2420 return IndirectBranchType::UNKNOWN; 2421 } 2422 } else { 2423 MemLocInstr = &Instruction; 2424 } 2425 2426 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2427 2428 // Analyze the memory location. 2429 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2430 int64_t ScaleValue, DispValue; 2431 const MCExpr *DispExpr; 2432 2433 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2434 &IndexRegNum, &DispValue, &SegRegNum, 2435 &DispExpr)) 2436 return IndirectBranchType::UNKNOWN; 2437 2438 BaseRegNumOut = BaseRegNum; 2439 IndexRegNumOut = IndexRegNum; 2440 DispValueOut = DispValue; 2441 DispExprOut = DispExpr; 2442 2443 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2444 SegRegNum != X86::NoRegister) 2445 return IndirectBranchType::UNKNOWN; 2446 2447 if (MemLocInstr == &Instruction && 2448 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2449 MemLocInstrOut = MemLocInstr; 2450 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2451 } 2452 2453 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2454 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2455 return IndirectBranchType::UNKNOWN; 2456 2457 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2458 ScaleValue != PtrSize) 2459 return IndirectBranchType::UNKNOWN; 2460 2461 MemLocInstrOut = MemLocInstr; 2462 2463 return Type; 2464 } 2465 2466 /// Analyze a callsite to see if it could be a virtual method call. This only 2467 /// checks to see if the overall pattern is satisfied, it does not guarantee 2468 /// that the callsite is a true virtual method call. 2469 /// The format of virtual method calls that are recognized is one of the 2470 /// following: 2471 /// 2472 /// Form 1: (found in debug code) 2473 /// add METHOD_OFFSET, %VtableReg 2474 /// mov (%VtableReg), %MethodReg 2475 /// ... 2476 /// call or jmp *%MethodReg 2477 /// 2478 /// Form 2: 2479 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2480 /// ... 2481 /// call or jmp *%MethodReg 2482 /// 2483 /// Form 3: 2484 /// ... 2485 /// call or jmp *METHOD_OFFSET(%VtableReg) 2486 /// 2487 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2488 InstructionIterator ForwardEnd, 2489 std::vector<MCInst *> &MethodFetchInsns, 2490 unsigned &VtableRegNum, unsigned &MethodRegNum, 2491 uint64_t &MethodOffset) const override { 2492 VtableRegNum = X86::NoRegister; 2493 MethodRegNum = X86::NoRegister; 2494 MethodOffset = 0; 2495 2496 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2497 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2498 2499 MCInst &CallInst = *Itr++; 2500 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2501 2502 unsigned BaseReg, IndexReg, SegmentReg; 2503 int64_t Scale, Disp; 2504 const MCExpr *DispExpr; 2505 2506 // The call can just be jmp offset(reg) 2507 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2508 &SegmentReg, &DispExpr)) { 2509 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2510 BaseReg != X86::NoRegister) { 2511 MethodRegNum = BaseReg; 2512 if (Scale == 1 && IndexReg == X86::NoRegister && 2513 SegmentReg == X86::NoRegister) { 2514 VtableRegNum = MethodRegNum; 2515 MethodOffset = Disp; 2516 MethodFetchInsns.push_back(&CallInst); 2517 return true; 2518 } 2519 } 2520 return false; 2521 } 2522 if (CallInst.getOperand(0).isReg()) 2523 MethodRegNum = CallInst.getOperand(0).getReg(); 2524 else 2525 return false; 2526 2527 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2528 VtableRegNum = X86::NoRegister; 2529 MethodRegNum = X86::NoRegister; 2530 return false; 2531 } 2532 2533 // find load from vtable, this may or may not include the method offset 2534 while (Itr != End) { 2535 MCInst &CurInst = *Itr++; 2536 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2537 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2538 if (isLoad(CurInst) && 2539 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2540 &Disp, &SegmentReg, &DispExpr)) { 2541 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2542 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2543 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2544 BaseReg != X86::RIP) { 2545 VtableRegNum = BaseReg; 2546 MethodOffset = Disp; 2547 MethodFetchInsns.push_back(&CurInst); 2548 if (MethodOffset != 0) 2549 return true; 2550 break; 2551 } 2552 } 2553 return false; 2554 } 2555 } 2556 2557 if (!VtableRegNum) 2558 return false; 2559 2560 // look for any adds affecting the method register. 2561 while (Itr != End) { 2562 MCInst &CurInst = *Itr++; 2563 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2564 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2565 if (isADDri(CurInst)) { 2566 assert(!MethodOffset); 2567 MethodOffset = CurInst.getOperand(2).getImm(); 2568 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2569 break; 2570 } 2571 } 2572 } 2573 2574 return true; 2575 } 2576 2577 bool createStackPointerIncrement(MCInst &Inst, int Size, 2578 bool NoFlagsClobber) const override { 2579 if (NoFlagsClobber) { 2580 Inst.setOpcode(X86::LEA64r); 2581 Inst.clear(); 2582 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2583 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2584 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2585 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2586 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2587 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2588 return true; 2589 } 2590 Inst.setOpcode(X86::SUB64ri8); 2591 Inst.clear(); 2592 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2593 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2594 Inst.addOperand(MCOperand::createImm(Size)); 2595 return true; 2596 } 2597 2598 bool createStackPointerDecrement(MCInst &Inst, int Size, 2599 bool NoFlagsClobber) const override { 2600 if (NoFlagsClobber) { 2601 Inst.setOpcode(X86::LEA64r); 2602 Inst.clear(); 2603 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2604 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2605 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2606 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2607 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2608 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2609 return true; 2610 } 2611 Inst.setOpcode(X86::ADD64ri8); 2612 Inst.clear(); 2613 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2614 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2615 Inst.addOperand(MCOperand::createImm(Size)); 2616 return true; 2617 } 2618 2619 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2620 const MCPhysReg &SrcReg, int Size) const override { 2621 unsigned NewOpcode; 2622 switch (Size) { 2623 default: 2624 return false; 2625 case 2: NewOpcode = X86::MOV16mr; break; 2626 case 4: NewOpcode = X86::MOV32mr; break; 2627 case 8: NewOpcode = X86::MOV64mr; break; 2628 } 2629 Inst.setOpcode(NewOpcode); 2630 Inst.clear(); 2631 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2632 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2633 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2634 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2635 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2636 Inst.addOperand(MCOperand::createReg(SrcReg)); 2637 return true; 2638 } 2639 2640 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2641 int Offset, const MCPhysReg &DstReg, 2642 int Size) const override { 2643 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2644 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2645 DstReg, Size); 2646 } 2647 2648 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2649 const MCPhysReg &IndexReg, int64_t Offset, 2650 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2651 const MCPhysReg &DstReg, int Size) const override { 2652 unsigned NewOpcode; 2653 switch (Size) { 2654 default: 2655 return false; 2656 case 2: NewOpcode = X86::MOV16rm; break; 2657 case 4: NewOpcode = X86::MOV32rm; break; 2658 case 8: NewOpcode = X86::MOV64rm; break; 2659 } 2660 Inst.setOpcode(NewOpcode); 2661 Inst.clear(); 2662 Inst.addOperand(MCOperand::createReg(DstReg)); 2663 Inst.addOperand(MCOperand::createReg(BaseReg)); 2664 Inst.addOperand(MCOperand::createImm(Scale)); 2665 Inst.addOperand(MCOperand::createReg(IndexReg)); 2666 if (OffsetExpr) 2667 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2668 else 2669 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2670 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2671 return true; 2672 } 2673 2674 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2675 uint32_t Imm) const override { 2676 Inst.setOpcode(X86::MOV64ri32); 2677 Inst.clear(); 2678 Inst.addOperand(MCOperand::createReg(Dest)); 2679 Inst.addOperand(MCOperand::createImm(Imm)); 2680 } 2681 2682 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2683 MCContext *Ctx) const override { 2684 2685 Inst.setOpcode(X86::LOCK_INC64m); 2686 Inst.clear(); 2687 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2688 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2689 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2690 2691 Inst.addOperand(MCOperand::createExpr( 2692 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2693 *Ctx))); // Displacement 2694 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2695 return true; 2696 } 2697 2698 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2699 const MCOperand &BaseReg, const MCOperand &Scale, 2700 const MCOperand &IndexReg, const MCOperand &Offset, 2701 const MCOperand &TmpReg) const override { 2702 // The code fragment we emit here is: 2703 // 2704 // mov32 (%base, %index, scale), %tmpreg 2705 // ijmp *(%tmpreg) 2706 // 2707 MCInst IJmp; 2708 IJmp.setOpcode(X86::JMP64r); 2709 IJmp.addOperand(TmpReg); 2710 2711 MCInst Load; 2712 Load.setOpcode(X86::MOV32rm); 2713 Load.addOperand(TmpReg); 2714 Load.addOperand(BaseReg); 2715 Load.addOperand(Scale); 2716 Load.addOperand(IndexReg); 2717 Load.addOperand(Offset); 2718 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2719 2720 Insts.push_back(Load); 2721 Insts.push_back(IJmp); 2722 return true; 2723 } 2724 2725 bool createNoop(MCInst &Inst) const override { 2726 Inst.setOpcode(X86::NOOP); 2727 return true; 2728 } 2729 2730 bool createReturn(MCInst &Inst) const override { 2731 Inst.setOpcode(X86::RET64); 2732 return true; 2733 } 2734 2735 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2736 InstructionListType Code; 2737 if (ReturnEnd) 2738 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2739 .addReg(X86::RAX) 2740 .addReg(X86::RDI) 2741 .addImm(1) 2742 .addReg(X86::RDX) 2743 .addImm(0) 2744 .addReg(X86::NoRegister)); 2745 else 2746 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2747 .addReg(X86::RAX) 2748 .addReg(X86::RDI)); 2749 2750 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2751 .addReg(X86::ECX) 2752 .addReg(X86::EDX)); 2753 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2754 2755 return Code; 2756 } 2757 2758 InstructionListType createOneByteMemcpy() const override { 2759 InstructionListType Code; 2760 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2761 .addReg(X86::CL) 2762 .addReg(X86::RSI) 2763 .addImm(0) 2764 .addReg(X86::NoRegister) 2765 .addImm(0) 2766 .addReg(X86::NoRegister)); 2767 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2768 .addReg(X86::RDI) 2769 .addImm(0) 2770 .addReg(X86::NoRegister) 2771 .addImm(0) 2772 .addReg(X86::NoRegister) 2773 .addReg(X86::CL)); 2774 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2775 .addReg(X86::RAX) 2776 .addReg(X86::RDI)); 2777 return Code; 2778 } 2779 2780 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2781 const MCSymbol *Target, 2782 MCContext *Ctx) const override { 2783 InstructionListType Code; 2784 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2785 .addReg(RegNo) 2786 .addImm(Imm)); 2787 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2788 .addExpr(MCSymbolRefExpr::create( 2789 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2790 .addImm(X86::COND_E)); 2791 return Code; 2792 } 2793 2794 Optional<Relocation> 2795 createRelocation(const MCFixup &Fixup, 2796 const MCAsmBackend &MAB) const override { 2797 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2798 2799 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2800 const uint64_t RelOffset = Fixup.getOffset(); 2801 2802 uint64_t RelType; 2803 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2804 switch (FKI.TargetSize) { 2805 default: 2806 return NoneType(); 2807 case 8: RelType = ELF::R_X86_64_PC8; break; 2808 case 16: RelType = ELF::R_X86_64_PC16; break; 2809 case 32: RelType = ELF::R_X86_64_PC32; break; 2810 case 64: RelType = ELF::R_X86_64_PC64; break; 2811 } 2812 } else { 2813 switch (FKI.TargetSize) { 2814 default: 2815 return NoneType(); 2816 case 8: RelType = ELF::R_X86_64_8; break; 2817 case 16: RelType = ELF::R_X86_64_16; break; 2818 case 32: RelType = ELF::R_X86_64_32; break; 2819 case 64: RelType = ELF::R_X86_64_64; break; 2820 } 2821 } 2822 2823 // Extract a symbol and an addend out of the fixup value expression. 2824 // 2825 // Only the following limited expression types are supported: 2826 // Symbol + Addend 2827 // Symbol 2828 uint64_t Addend = 0; 2829 MCSymbol *Symbol = nullptr; 2830 const MCExpr *ValueExpr = Fixup.getValue(); 2831 if (ValueExpr->getKind() == MCExpr::Binary) { 2832 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2833 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2834 "unexpected binary expression"); 2835 const MCExpr *LHS = BinaryExpr->getLHS(); 2836 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2837 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2838 const MCExpr *RHS = BinaryExpr->getRHS(); 2839 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2840 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2841 } else { 2842 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2843 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2844 } 2845 2846 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2847 } 2848 2849 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2850 int64_t Addend, MCContext *Ctx, int64_t &Value, 2851 uint64_t RelType) const override { 2852 unsigned ImmOpNo = -1U; 2853 2854 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2855 ++Index) { 2856 if (Inst.getOperand(Index).isImm()) { 2857 ImmOpNo = Index; 2858 // TODO: this is a bit hacky. It finds the correct operand by 2859 // searching for a specific immediate value. If no value is 2860 // provided it defaults to the last immediate operand found. 2861 // This could lead to unexpected results if the instruction 2862 // has more than one immediate with the same value. 2863 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2864 break; 2865 } 2866 } 2867 2868 if (ImmOpNo == -1U) 2869 return false; 2870 2871 Value = Inst.getOperand(ImmOpNo).getImm(); 2872 2873 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2874 2875 return true; 2876 } 2877 2878 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2879 int64_t Imm) const override { 2880 2881 enum CheckSignExt : uint8_t { 2882 NOCHECK = 0, 2883 CHECK8, 2884 CHECK32, 2885 }; 2886 2887 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2888 struct InstInfo { 2889 // Size in bytes that Inst loads from memory. 2890 uint8_t DataSize; 2891 2892 // True when the target operand has to be duplicated because the opcode 2893 // expects a LHS operand. 2894 bool HasLHS; 2895 2896 // List of checks and corresponding opcodes to be used. We try to use the 2897 // smallest possible immediate value when various sizes are available, 2898 // hence we may need to check whether a larger constant fits in a smaller 2899 // immediate. 2900 CheckList Checks; 2901 }; 2902 2903 InstInfo I; 2904 2905 switch (Inst.getOpcode()) { 2906 default: { 2907 switch (getPushSize(Inst)) { 2908 2909 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2910 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2911 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2912 {CHECK32, X86::PUSH64i32}, 2913 {NOCHECK, Inst.getOpcode()}}}; break; 2914 default: return false; 2915 } 2916 break; 2917 } 2918 2919 // MOV 2920 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2921 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2922 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2923 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2924 {NOCHECK, X86::MOV64ri}}}; break; 2925 2926 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2927 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2928 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2929 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2930 {NOCHECK, X86::MOV64mr}}}; break; 2931 2932 // MOVZX 2933 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2934 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2935 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2936 2937 // CMP 2938 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2939 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2940 {NOCHECK, X86::CMP16ri}}}; break; 2941 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2942 {NOCHECK, X86::CMP32ri}}}; break; 2943 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2944 {CHECK32, X86::CMP64ri32}, 2945 {NOCHECK, X86::CMP64rr}}}; break; 2946 2947 // TEST 2948 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2949 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2950 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2951 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2952 {NOCHECK, X86::TEST64rr}}}; break; 2953 2954 // ADD 2955 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2956 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2957 {NOCHECK, X86::ADD16ri}}}; break; 2958 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2959 {NOCHECK, X86::ADD32ri}}}; break; 2960 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2961 {CHECK32, X86::ADD64ri32}, 2962 {NOCHECK, X86::ADD64rr}}}; break; 2963 2964 // SUB 2965 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2966 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2967 {NOCHECK, X86::SUB16ri}}}; break; 2968 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2969 {NOCHECK, X86::SUB32ri}}}; break; 2970 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2971 {CHECK32, X86::SUB64ri32}, 2972 {NOCHECK, X86::SUB64rr}}}; break; 2973 2974 // AND 2975 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2976 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2977 {NOCHECK, X86::AND16ri}}}; break; 2978 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2979 {NOCHECK, X86::AND32ri}}}; break; 2980 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2981 {CHECK32, X86::AND64ri32}, 2982 {NOCHECK, X86::AND64rr}}}; break; 2983 2984 // OR 2985 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2986 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2987 {NOCHECK, X86::OR16ri}}}; break; 2988 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2989 {NOCHECK, X86::OR32ri}}}; break; 2990 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2991 {CHECK32, X86::OR64ri32}, 2992 {NOCHECK, X86::OR64rr}}}; break; 2993 2994 // XOR 2995 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2996 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2997 {NOCHECK, X86::XOR16ri}}}; break; 2998 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 2999 {NOCHECK, X86::XOR32ri}}}; break; 3000 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 3001 {CHECK32, X86::XOR64ri32}, 3002 {NOCHECK, X86::XOR64rr}}}; break; 3003 } 3004 3005 // Compute the new opcode. 3006 unsigned NewOpcode = 0; 3007 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 3008 NewOpcode = Check.second; 3009 if (Check.first == NOCHECK) 3010 break; 3011 if (Check.first == CHECK8 && isInt<8>(Imm)) 3012 break; 3013 if (Check.first == CHECK32 && isInt<32>(Imm)) 3014 break; 3015 } 3016 if (NewOpcode == Inst.getOpcode()) 3017 return false; 3018 3019 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3020 3021 unsigned NumFound = 0; 3022 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 3023 E = InstDesc.getNumOperands(); 3024 Index != E; ++Index) 3025 if (Inst.getOperand(Index).isReg() && 3026 Inst.getOperand(Index).getReg() == Register) 3027 NumFound++; 3028 3029 if (NumFound != 1) 3030 return false; 3031 3032 // Iterate backwards to replace the src register before the src/dest 3033 // register as in AND, ADD, and SUB Only iterate through src operands that 3034 // arent also dest operands 3035 for (unsigned Index = InstDesc.getNumOperands() - 1, 3036 E = InstDesc.getNumDefs() + (I.HasLHS ? 0 : -1); 3037 Index != E; --Index) { 3038 if (!Inst.getOperand(Index).isReg() || 3039 Inst.getOperand(Index).getReg() != Register) 3040 continue; 3041 MCOperand NewOperand = MCOperand::createImm(Imm); 3042 Inst.getOperand(Index) = NewOperand; 3043 break; 3044 } 3045 3046 Inst.setOpcode(NewOpcode); 3047 3048 return true; 3049 } 3050 3051 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 3052 unsigned ReplaceWith) const override { 3053 3054 // Get the HasLHS value so that iteration can be done 3055 bool HasLHS; 3056 if (isAND(Inst.getOpcode()) || isADD(Inst.getOpcode()) || isSUB(Inst)) { 3057 HasLHS = true; 3058 } else if (isPop(Inst) || isPush(Inst) || isCMP(Inst.getOpcode()) || 3059 isTEST(Inst.getOpcode())) { 3060 HasLHS = false; 3061 } else { 3062 switch (Inst.getOpcode()) { 3063 case X86::MOV8rr: 3064 case X86::MOV8rm: 3065 case X86::MOV8mr: 3066 case X86::MOV8ri: 3067 case X86::MOV16rr: 3068 case X86::MOV16rm: 3069 case X86::MOV16mr: 3070 case X86::MOV16ri: 3071 case X86::MOV32rr: 3072 case X86::MOV32rm: 3073 case X86::MOV32mr: 3074 case X86::MOV32ri: 3075 case X86::MOV64rr: 3076 case X86::MOV64rm: 3077 case X86::MOV64mr: 3078 case X86::MOV64ri: 3079 case X86::MOVZX16rr8: 3080 case X86::MOVZX32rr8: 3081 case X86::MOVZX32rr16: 3082 case X86::MOVSX32rm8: 3083 case X86::MOVSX32rr8: 3084 case X86::MOVSX64rm32: 3085 case X86::LEA64r: 3086 HasLHS = false; 3087 break; 3088 default: 3089 return false; 3090 } 3091 } 3092 3093 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3094 3095 bool FoundOne = false; 3096 3097 // Iterate only through src operands that arent also dest operands 3098 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 3099 E = InstDesc.getNumOperands(); 3100 Index != E; ++Index) { 3101 BitVector RegAliases = getAliases(ToReplace, true); 3102 if (!Inst.getOperand(Index).isReg() || 3103 !RegAliases.test(Inst.getOperand(Index).getReg())) 3104 continue; 3105 // Resize register if needed 3106 unsigned SizedReplaceWith = getAliasSized( 3107 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 3108 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 3109 Inst.getOperand(Index) = NewOperand; 3110 FoundOne = true; 3111 } 3112 3113 // Return true if at least one operand was replaced 3114 return FoundOne; 3115 } 3116 3117 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 3118 MCContext *Ctx) const override { 3119 Inst.setOpcode(X86::JMP_1); 3120 Inst.addOperand(MCOperand::createExpr( 3121 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 3122 return true; 3123 } 3124 3125 bool createCall(MCInst &Inst, const MCSymbol *Target, 3126 MCContext *Ctx) override { 3127 Inst.setOpcode(X86::CALL64pcrel32); 3128 Inst.addOperand(MCOperand::createExpr( 3129 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3130 return true; 3131 } 3132 3133 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 3134 MCContext *Ctx) override { 3135 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 3136 } 3137 3138 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 3139 MCContext *Ctx) override { 3140 Seq.clear(); 3141 Seq.emplace_back(); 3142 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 3143 } 3144 3145 bool createTrap(MCInst &Inst) const override { 3146 Inst.clear(); 3147 Inst.setOpcode(X86::TRAP); 3148 return true; 3149 } 3150 3151 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 3152 MCContext *Ctx) const override { 3153 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 3154 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 3155 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 3156 Inst.getOperand(0) = MCOperand::createExpr( 3157 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3158 return true; 3159 } 3160 3161 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 3162 unsigned CC) const override { 3163 if (CC == X86::COND_INVALID) 3164 return false; 3165 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 3166 Inst.getOperand(0) = MCOperand::createExpr( 3167 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3168 return true; 3169 } 3170 3171 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 3172 switch (CC) { 3173 default: return X86::COND_INVALID; 3174 3175 case X86::COND_E: return X86::COND_E; 3176 case X86::COND_NE: return X86::COND_E; 3177 3178 case X86::COND_L: return X86::COND_L; 3179 case X86::COND_GE: return X86::COND_L; 3180 3181 case X86::COND_LE: return X86::COND_G; 3182 case X86::COND_G: return X86::COND_G; 3183 3184 case X86::COND_B: return X86::COND_B; 3185 case X86::COND_AE: return X86::COND_B; 3186 3187 case X86::COND_BE: return X86::COND_A; 3188 case X86::COND_A: return X86::COND_A; 3189 3190 case X86::COND_S: return X86::COND_S; 3191 case X86::COND_NS: return X86::COND_S; 3192 3193 case X86::COND_P: return X86::COND_P; 3194 case X86::COND_NP: return X86::COND_P; 3195 3196 case X86::COND_O: return X86::COND_O; 3197 case X86::COND_NO: return X86::COND_O; 3198 } 3199 } 3200 3201 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 3202 MCContext *Ctx) const override { 3203 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 3204 "Invalid instruction"); 3205 Inst.getOperand(0) = MCOperand::createExpr( 3206 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3207 return true; 3208 } 3209 3210 MCPhysReg getX86R11() const override { return X86::R11; } 3211 3212 MCPhysReg getNoRegister() const override { return X86::NoRegister; } 3213 3214 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 3215 // FIXME: this should depend on the calling convention. 3216 switch (ArgNo) { 3217 case 0: return X86::RDI; 3218 case 1: return X86::RSI; 3219 case 2: return X86::RDX; 3220 case 3: return X86::RCX; 3221 case 4: return X86::R8; 3222 case 5: return X86::R9; 3223 default: return getNoRegister(); 3224 } 3225 } 3226 3227 void createPause(MCInst &Inst) const override { 3228 Inst.clear(); 3229 Inst.setOpcode(X86::PAUSE); 3230 } 3231 3232 void createLfence(MCInst &Inst) const override { 3233 Inst.clear(); 3234 Inst.setOpcode(X86::LFENCE); 3235 } 3236 3237 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3238 bool IsTailCall) override { 3239 Inst.clear(); 3240 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3241 Inst.addOperand(MCOperand::createExpr( 3242 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3243 if (IsTailCall) 3244 setTailCall(Inst); 3245 return true; 3246 } 3247 3248 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3249 MCContext *Ctx, bool IsTailCall) override { 3250 Seq.clear(); 3251 MCInst Inst; 3252 Inst.setOpcode(X86::JMP_1); 3253 Inst.addOperand(MCOperand::createExpr( 3254 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3255 if (IsTailCall) 3256 setTailCall(Inst); 3257 Seq.emplace_back(Inst); 3258 } 3259 3260 bool isConditionalMove(const MCInst &Inst) const override { 3261 unsigned OpCode = Inst.getOpcode(); 3262 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3263 OpCode == X86::CMOV64rr); 3264 } 3265 3266 bool isBranchOnMem(const MCInst &Inst) const override { 3267 unsigned OpCode = Inst.getOpcode(); 3268 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3269 OpCode == X86::JMP64m) 3270 return true; 3271 3272 return false; 3273 } 3274 3275 bool isBranchOnReg(const MCInst &Inst) const override { 3276 unsigned OpCode = Inst.getOpcode(); 3277 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3278 OpCode == X86::JMP64r) 3279 return true; 3280 3281 return false; 3282 } 3283 3284 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3285 unsigned Size) const override { 3286 Inst.clear(); 3287 unsigned NewOpcode = 0; 3288 if (Reg == X86::EFLAGS) { 3289 switch (Size) { 3290 case 2: NewOpcode = X86::PUSHF16; break; 3291 case 4: NewOpcode = X86::PUSHF32; break; 3292 case 8: NewOpcode = X86::PUSHF64; break; 3293 default: 3294 llvm_unreachable("Unexpected size"); 3295 } 3296 Inst.setOpcode(NewOpcode); 3297 return; 3298 } 3299 switch (Size) { 3300 case 2: NewOpcode = X86::PUSH16r; break; 3301 case 4: NewOpcode = X86::PUSH32r; break; 3302 case 8: NewOpcode = X86::PUSH64r; break; 3303 default: 3304 llvm_unreachable("Unexpected size"); 3305 } 3306 Inst.setOpcode(NewOpcode); 3307 Inst.addOperand(MCOperand::createReg(Reg)); 3308 } 3309 3310 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3311 unsigned Size) const override { 3312 Inst.clear(); 3313 unsigned NewOpcode = 0; 3314 if (Reg == X86::EFLAGS) { 3315 switch (Size) { 3316 case 2: NewOpcode = X86::POPF16; break; 3317 case 4: NewOpcode = X86::POPF32; break; 3318 case 8: NewOpcode = X86::POPF64; break; 3319 default: 3320 llvm_unreachable("Unexpected size"); 3321 } 3322 Inst.setOpcode(NewOpcode); 3323 return; 3324 } 3325 switch (Size) { 3326 case 2: NewOpcode = X86::POP16r; break; 3327 case 4: NewOpcode = X86::POP32r; break; 3328 case 8: NewOpcode = X86::POP64r; break; 3329 default: 3330 llvm_unreachable("Unexpected size"); 3331 } 3332 Inst.setOpcode(NewOpcode); 3333 Inst.addOperand(MCOperand::createReg(Reg)); 3334 } 3335 3336 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3337 return createPushRegister(Inst, X86::EFLAGS, Size); 3338 } 3339 3340 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3341 return createPopRegister(Inst, X86::EFLAGS, Size); 3342 } 3343 3344 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3345 unsigned Size) const { 3346 unsigned int Opcode; 3347 switch (Size) { 3348 case 1: Opcode = X86::ADD8ri; break; 3349 case 2: Opcode = X86::ADD16ri; break; 3350 case 4: Opcode = X86::ADD32ri; break; 3351 default: 3352 llvm_unreachable("Unexpected size"); 3353 } 3354 Inst.setOpcode(Opcode); 3355 Inst.clear(); 3356 Inst.addOperand(MCOperand::createReg(Reg)); 3357 Inst.addOperand(MCOperand::createReg(Reg)); 3358 Inst.addOperand(MCOperand::createImm(Value)); 3359 } 3360 3361 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3362 unsigned Size) const { 3363 unsigned int Opcode; 3364 switch (Size) { 3365 case 1: Opcode = X86::MOV8ri; break; 3366 case 2: Opcode = X86::MOV16ri; break; 3367 case 4: Opcode = X86::MOV32ri; break; 3368 case 8: Opcode = X86::MOV64ri; break; 3369 default: 3370 llvm_unreachable("Unexpected size"); 3371 } 3372 Inst.setOpcode(Opcode); 3373 Inst.clear(); 3374 Inst.addOperand(MCOperand::createReg(Reg)); 3375 Inst.addOperand(MCOperand::createImm(0)); 3376 } 3377 3378 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3379 Inst.setOpcode(X86::SETCCr); 3380 Inst.clear(); 3381 Inst.addOperand(MCOperand::createReg(Reg)); 3382 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3383 } 3384 3385 void createX86Lahf(MCInst &Inst) const { 3386 Inst.setOpcode(X86::LAHF); 3387 Inst.clear(); 3388 } 3389 3390 void createX86Sahf(MCInst &Inst) const { 3391 Inst.setOpcode(X86::SAHF); 3392 Inst.clear(); 3393 } 3394 3395 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3396 MCContext *Ctx, bool IsLeaf) const override { 3397 unsigned int I = 0; 3398 3399 Instrs.resize(IsLeaf ? 13 : 11); 3400 // Don't clobber application red zone (ABI dependent) 3401 if (IsLeaf) 3402 createStackPointerIncrement(Instrs[I++], 128, 3403 /*NoFlagsClobber=*/true); 3404 3405 // Performance improvements based on the optimization discussed at 3406 // https://reviews.llvm.org/D6629 3407 // LAHF/SAHF are used instead of PUSHF/POPF 3408 // PUSHF 3409 createPushRegister(Instrs[I++], X86::RAX, 8); 3410 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3411 createX86Lahf(Instrs[I++]); 3412 createPushRegister(Instrs[I++], X86::RAX, 8); 3413 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3414 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3415 // LOCK INC 3416 createIncMemory(Instrs[I++], Target, Ctx); 3417 // POPF 3418 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3419 createPopRegister(Instrs[I++], X86::RAX, 8); 3420 createX86Sahf(Instrs[I++]); 3421 createPopRegister(Instrs[I++], X86::RAX, 8); 3422 3423 if (IsLeaf) 3424 createStackPointerDecrement(Instrs[I], 128, 3425 /*NoFlagsClobber=*/true); 3426 } 3427 3428 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3429 int64_t Disp) const { 3430 Inst.setOpcode(X86::XCHG64rm); 3431 Inst.addOperand(MCOperand::createReg(Source)); 3432 Inst.addOperand(MCOperand::createReg(Source)); 3433 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3434 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3435 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3436 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3437 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3438 } 3439 3440 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3441 int64_t Disp) const { 3442 Inst.setOpcode(X86::JMP64m); 3443 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3444 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3445 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3446 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3447 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3448 } 3449 3450 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3451 bool TailCall, 3452 MCSymbol *HandlerFuncAddr, 3453 int CallSiteID, 3454 MCContext *Ctx) override { 3455 // Check if the target address expression used in the original indirect call 3456 // uses the stack pointer, which we are going to clobber. 3457 static BitVector SPAliases(getAliases(X86::RSP)); 3458 bool UsesSP = false; 3459 // Skip defs. 3460 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3461 E = MCPlus::getNumPrimeOperands(CallInst); 3462 I != E; ++I) { 3463 const MCOperand &Operand = CallInst.getOperand(I); 3464 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3465 UsesSP = true; 3466 break; 3467 } 3468 } 3469 3470 InstructionListType Insts; 3471 MCPhysReg TempReg = getIntArgRegister(0); 3472 // Code sequence used to enter indirect call instrumentation helper: 3473 // push %rdi 3474 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3475 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3476 // sub $8, %rsp ;; restore correct stack value 3477 // push %rdi 3478 // movq $CallSiteID, %rdi 3479 // push %rdi 3480 // callq/jmp HandlerFuncAddr 3481 Insts.emplace_back(); 3482 createPushRegister(Insts.back(), TempReg, 8); 3483 if (UsesSP) { // Only adjust SP if we really need to 3484 Insts.emplace_back(); 3485 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3486 } 3487 Insts.emplace_back(CallInst); 3488 // Insts.back() and CallInst now share the same annotation instruction. 3489 // Strip it from Insts.back(), only preserving tail call annotation. 3490 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3491 convertIndirectCallToLoad(Insts.back(), TempReg); 3492 if (UsesSP) { 3493 Insts.emplace_back(); 3494 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3495 } 3496 Insts.emplace_back(); 3497 createPushRegister(Insts.back(), TempReg, 8); 3498 Insts.emplace_back(); 3499 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3500 Insts.emplace_back(); 3501 createPushRegister(Insts.back(), TempReg, 8); 3502 Insts.emplace_back(); 3503 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3504 /*TailCall=*/TailCall); 3505 // Carry over metadata 3506 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3507 E = CallInst.getNumOperands(); 3508 I != E; ++I) 3509 Insts.back().addOperand(CallInst.getOperand(I)); 3510 3511 return Insts; 3512 } 3513 3514 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3515 const MCPhysReg TempReg = getIntArgRegister(0); 3516 // We just need to undo the sequence created for every ind call in 3517 // instrumentIndirectTarget(), which can be accomplished minimally with: 3518 // popfq 3519 // pop %rdi 3520 // add $16, %rsp 3521 // xchg (%rsp), %rdi 3522 // jmp *-8(%rsp) 3523 InstructionListType Insts(5); 3524 createPopFlags(Insts[0], 8); 3525 createPopRegister(Insts[1], TempReg, 8); 3526 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3527 createSwap(Insts[3], TempReg, X86::RSP, 0); 3528 createIndirectBranch(Insts[4], X86::RSP, -8); 3529 return Insts; 3530 } 3531 3532 InstructionListType 3533 createInstrumentedIndTailCallHandlerExitBB() const override { 3534 const MCPhysReg TempReg = getIntArgRegister(0); 3535 // Same thing as above, but for tail calls 3536 // popfq 3537 // add $16, %rsp 3538 // pop %rdi 3539 // jmp *-16(%rsp) 3540 InstructionListType Insts(4); 3541 createPopFlags(Insts[0], 8); 3542 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3543 createPopRegister(Insts[2], TempReg, 8); 3544 createIndirectBranch(Insts[3], X86::RSP, -16); 3545 return Insts; 3546 } 3547 3548 InstructionListType 3549 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3550 const MCSymbol *IndCallHandler, 3551 MCContext *Ctx) override { 3552 const MCPhysReg TempReg = getIntArgRegister(0); 3553 // Code sequence used to check whether InstrTampoline was initialized 3554 // and call it if so, returns via IndCallHandler. 3555 // pushfq 3556 // mov InstrTrampoline,%rdi 3557 // cmp $0x0,%rdi 3558 // je IndCallHandler 3559 // callq *%rdi 3560 // jmpq IndCallHandler 3561 InstructionListType Insts; 3562 Insts.emplace_back(); 3563 createPushFlags(Insts.back(), 8); 3564 Insts.emplace_back(); 3565 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3566 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3567 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3568 Insts.emplace_back(); 3569 Insts.back().setOpcode(X86::CALL64r); 3570 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3571 Insts.emplace_back(); 3572 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3573 return Insts; 3574 } 3575 3576 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3577 InstructionListType Insts(2); 3578 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3579 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3580 createReturn(Insts[1]); 3581 return Insts; 3582 } 3583 3584 InstructionListType 3585 createInstrLocationsGetter(MCContext *Ctx) const override { 3586 InstructionListType Insts(2); 3587 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3588 createLea(Insts[0], Locs, X86::EAX, Ctx); 3589 createReturn(Insts[1]); 3590 return Insts; 3591 } 3592 3593 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3594 InstructionListType Insts(2); 3595 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3596 createLea(Insts[0], Locs, X86::EAX, Ctx); 3597 createReturn(Insts[1]); 3598 return Insts; 3599 } 3600 3601 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3602 InstructionListType Insts(2); 3603 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3604 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3605 createReturn(Insts[1]); 3606 return Insts; 3607 } 3608 3609 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3610 MCContext *Ctx) const override { 3611 InstructionListType Insts(1); 3612 createUncondBranch(Insts[0], TgtSym, Ctx); 3613 return Insts; 3614 } 3615 3616 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3617 InstructionListType Insts(1); 3618 createReturn(Insts[0]); 3619 return Insts; 3620 } 3621 3622 BlocksVectorTy indirectCallPromotion( 3623 const MCInst &CallInst, 3624 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3625 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3626 const std::vector<MCInst *> &MethodFetchInsns, 3627 const bool MinimizeCodeSize, MCContext *Ctx) override { 3628 const bool IsTailCall = isTailCall(CallInst); 3629 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3630 BlocksVectorTy Results; 3631 3632 // Label for the current code block. 3633 MCSymbol *NextTarget = nullptr; 3634 3635 // The join block which contains all the instructions following CallInst. 3636 // MergeBlock remains null if CallInst is a tail call. 3637 MCSymbol *MergeBlock = nullptr; 3638 3639 unsigned FuncAddrReg = X86::R10; 3640 3641 const bool LoadElim = !VtableSyms.empty(); 3642 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3643 "There must be a vtable entry for every method " 3644 "in the targets vector."); 3645 3646 if (MinimizeCodeSize && !LoadElim) { 3647 std::set<unsigned> UsedRegs; 3648 3649 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3650 const MCOperand &Op = CallInst.getOperand(I); 3651 if (Op.isReg()) 3652 UsedRegs.insert(Op.getReg()); 3653 } 3654 3655 if (UsedRegs.count(X86::R10) == 0) 3656 FuncAddrReg = X86::R10; 3657 else if (UsedRegs.count(X86::R11) == 0) 3658 FuncAddrReg = X86::R11; 3659 else 3660 return Results; 3661 } 3662 3663 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3664 assert(MergeBlock); 3665 NewCall.push_back(CallInst); 3666 MCInst &Merge = NewCall.back(); 3667 Merge.clear(); 3668 createUncondBranch(Merge, MergeBlock, Ctx); 3669 }; 3670 3671 for (unsigned int i = 0; i < Targets.size(); ++i) { 3672 Results.emplace_back(NextTarget, InstructionListType()); 3673 InstructionListType *NewCall = &Results.back().second; 3674 3675 if (MinimizeCodeSize && !LoadElim) { 3676 // Load the call target into FuncAddrReg. 3677 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3678 MCInst &Target = NewCall->back(); 3679 Target.clear(); 3680 Target.setOpcode(X86::MOV64ri32); 3681 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3682 if (Targets[i].first) { 3683 // Is this OK? 3684 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3685 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3686 } else { 3687 const uint64_t Addr = Targets[i].second; 3688 // Immediate address is out of sign extended 32 bit range. 3689 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3690 return BlocksVectorTy(); 3691 3692 Target.addOperand(MCOperand::createImm(Addr)); 3693 } 3694 3695 // Compare current call target to a specific address. 3696 NewCall->push_back(CallInst); 3697 MCInst &Compare = NewCall->back(); 3698 Compare.clear(); 3699 if (isBranchOnReg(CallInst)) 3700 Compare.setOpcode(X86::CMP64rr); 3701 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3702 Compare.setOpcode(X86::CMP64ri32); 3703 else 3704 Compare.setOpcode(X86::CMP64rm); 3705 3706 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3707 3708 // TODO: Would be preferable to only load this value once. 3709 for (unsigned i = 0; 3710 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3711 if (!CallInst.getOperand(i).isInst()) 3712 Compare.addOperand(CallInst.getOperand(i)); 3713 } else { 3714 // Compare current call target to a specific address. 3715 NewCall->push_back(CallInst); 3716 MCInst &Compare = NewCall->back(); 3717 Compare.clear(); 3718 if (isBranchOnReg(CallInst)) 3719 Compare.setOpcode(X86::CMP64ri32); 3720 else 3721 Compare.setOpcode(X86::CMP64mi32); 3722 3723 // Original call address. 3724 for (unsigned i = 0; 3725 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3726 if (!CallInst.getOperand(i).isInst()) 3727 Compare.addOperand(CallInst.getOperand(i)); 3728 3729 // Target address. 3730 if (Targets[i].first || LoadElim) { 3731 const MCSymbol *Sym = 3732 LoadElim ? VtableSyms[i].first : Targets[i].first; 3733 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3734 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3735 if (Addend) 3736 Expr = MCBinaryExpr::createAdd( 3737 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3738 Compare.addOperand(MCOperand::createExpr(Expr)); 3739 } else { 3740 const uint64_t Addr = Targets[i].second; 3741 // Immediate address is out of sign extended 32 bit range. 3742 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3743 return BlocksVectorTy(); 3744 3745 Compare.addOperand(MCOperand::createImm(Addr)); 3746 } 3747 } 3748 3749 // jump to next target compare. 3750 NextTarget = 3751 Ctx->createNamedTempSymbol(); // generate label for the next block 3752 NewCall->push_back(CallInst); 3753 3754 if (IsJumpTable) { 3755 MCInst &Je = NewCall->back(); 3756 3757 // Jump to next compare if target addresses don't match. 3758 Je.clear(); 3759 Je.setOpcode(X86::JCC_1); 3760 if (Targets[i].first) 3761 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3762 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3763 else 3764 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3765 3766 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3767 assert(!isInvoke(CallInst)); 3768 } else { 3769 MCInst &Jne = NewCall->back(); 3770 3771 // Jump to next compare if target addresses don't match. 3772 Jne.clear(); 3773 Jne.setOpcode(X86::JCC_1); 3774 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3775 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3776 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3777 3778 // Call specific target directly. 3779 Results.emplace_back(Ctx->createNamedTempSymbol(), 3780 InstructionListType()); 3781 NewCall = &Results.back().second; 3782 NewCall->push_back(CallInst); 3783 MCInst &CallOrJmp = NewCall->back(); 3784 3785 CallOrJmp.clear(); 3786 3787 if (MinimizeCodeSize && !LoadElim) { 3788 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3789 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3790 } else { 3791 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3792 3793 if (Targets[i].first) 3794 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3795 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3796 else 3797 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3798 } 3799 if (IsTailCall) 3800 setTailCall(CallOrJmp); 3801 3802 if (CallOrJmp.getOpcode() == X86::CALL64r || 3803 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3804 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3805 // Annotated as duplicated call 3806 setOffset(CallOrJmp, *Offset); 3807 } 3808 3809 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3810 // Copy over any EH or GNU args size information from the original 3811 // call. 3812 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3813 if (EHInfo) 3814 addEHInfo(CallOrJmp, *EHInfo); 3815 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3816 if (GnuArgsSize >= 0) 3817 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3818 } 3819 3820 if (!IsTailCall) { 3821 // The fallthrough block for the most common target should be 3822 // the merge block. 3823 if (i == 0) { 3824 // Fallthrough to merge block. 3825 MergeBlock = Ctx->createNamedTempSymbol(); 3826 } else { 3827 // Insert jump to the merge block if we are not doing a fallthrough. 3828 jumpToMergeBlock(*NewCall); 3829 } 3830 } 3831 } 3832 } 3833 3834 // Cold call block. 3835 Results.emplace_back(NextTarget, InstructionListType()); 3836 InstructionListType &NewCall = Results.back().second; 3837 for (const MCInst *Inst : MethodFetchInsns) 3838 if (Inst != &CallInst) 3839 NewCall.push_back(*Inst); 3840 NewCall.push_back(CallInst); 3841 3842 // Jump to merge block from cold call block 3843 if (!IsTailCall && !IsJumpTable) { 3844 jumpToMergeBlock(NewCall); 3845 3846 // Record merge block 3847 Results.emplace_back(MergeBlock, InstructionListType()); 3848 } 3849 3850 return Results; 3851 } 3852 3853 BlocksVectorTy jumpTablePromotion( 3854 const MCInst &IJmpInst, 3855 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3856 const std::vector<MCInst *> &TargetFetchInsns, 3857 MCContext *Ctx) const override { 3858 assert(getJumpTable(IJmpInst) != 0); 3859 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3860 if (IndexReg == 0) 3861 return BlocksVectorTy(); 3862 3863 BlocksVectorTy Results; 3864 3865 // Label for the current code block. 3866 MCSymbol *NextTarget = nullptr; 3867 3868 for (unsigned int i = 0; i < Targets.size(); ++i) { 3869 Results.emplace_back(NextTarget, InstructionListType()); 3870 InstructionListType *CurBB = &Results.back().second; 3871 3872 // Compare current index to a specific index. 3873 CurBB->emplace_back(MCInst()); 3874 MCInst &CompareInst = CurBB->back(); 3875 CompareInst.setLoc(IJmpInst.getLoc()); 3876 CompareInst.setOpcode(X86::CMP64ri32); 3877 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3878 3879 const uint64_t CaseIdx = Targets[i].second; 3880 // Immediate address is out of sign extended 32 bit range. 3881 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3882 return BlocksVectorTy(); 3883 3884 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3885 shortenInstruction(CompareInst); 3886 3887 // jump to next target compare. 3888 NextTarget = 3889 Ctx->createNamedTempSymbol(); // generate label for the next block 3890 CurBB->push_back(MCInst()); 3891 3892 MCInst &JEInst = CurBB->back(); 3893 JEInst.setLoc(IJmpInst.getLoc()); 3894 3895 // Jump to target if indices match 3896 JEInst.setOpcode(X86::JCC_1); 3897 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3898 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3899 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3900 } 3901 3902 // Cold call block. 3903 Results.emplace_back(NextTarget, InstructionListType()); 3904 InstructionListType &CurBB = Results.back().second; 3905 for (const MCInst *Inst : TargetFetchInsns) 3906 if (Inst != &IJmpInst) 3907 CurBB.push_back(*Inst); 3908 3909 CurBB.push_back(IJmpInst); 3910 3911 return Results; 3912 } 3913 3914 private: 3915 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3916 MCContext *Ctx) const { 3917 Inst.setOpcode(X86::MOV64rm); 3918 Inst.addOperand(MCOperand::createReg(Reg)); 3919 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3920 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3921 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3922 Inst.addOperand(MCOperand::createExpr( 3923 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3924 *Ctx))); // Displacement 3925 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3926 3927 return true; 3928 } 3929 3930 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3931 MCContext *Ctx) const { 3932 Inst.setOpcode(X86::LEA64r); 3933 Inst.addOperand(MCOperand::createReg(Reg)); 3934 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3935 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3936 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3937 Inst.addOperand(MCOperand::createExpr( 3938 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3939 *Ctx))); // Displacement 3940 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3941 return true; 3942 } 3943 }; 3944 3945 } // namespace 3946 3947 namespace llvm { 3948 namespace bolt { 3949 3950 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3951 const MCInstrInfo *Info, 3952 const MCRegisterInfo *RegInfo) { 3953 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3954 } 3955 3956 } // namespace bolt 3957 } // namespace llvm 3958