1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "X86MCSymbolizer.h" 17 #include "bolt/Core/MCPlus.h" 18 #include "bolt/Core/MCPlusBuilder.h" 19 #include "llvm/BinaryFormat/ELF.h" 20 #include "llvm/MC/MCContext.h" 21 #include "llvm/MC/MCFixupKindInfo.h" 22 #include "llvm/MC/MCInst.h" 23 #include "llvm/MC/MCInstBuilder.h" 24 #include "llvm/MC/MCInstrInfo.h" 25 #include "llvm/MC/MCRegister.h" 26 #include "llvm/MC/MCRegisterInfo.h" 27 #include "llvm/Support/CommandLine.h" 28 #include "llvm/Support/DataExtractor.h" 29 #include "llvm/Support/Debug.h" 30 #include "llvm/Support/Errc.h" 31 #include "llvm/Support/ErrorHandling.h" 32 #include "llvm/Support/ErrorOr.h" 33 #include <set> 34 35 #define DEBUG_TYPE "mcplus" 36 37 using namespace llvm; 38 using namespace bolt; 39 40 namespace opts { 41 42 extern cl::OptionCategory BoltOptCategory; 43 44 static cl::opt<bool> X86StripRedundantAddressSize( 45 "x86-strip-redundant-address-size", 46 cl::desc("Remove redundant Address-Size override prefix"), cl::init(true), 47 cl::cat(BoltOptCategory)); 48 49 } // namespace opts 50 51 namespace { 52 53 unsigned getShortBranchOpcode(unsigned Opcode) { 54 switch (Opcode) { 55 default: 56 return Opcode; 57 case X86::JMP_2: return X86::JMP_1; 58 case X86::JMP_4: return X86::JMP_1; 59 case X86::JCC_2: return X86::JCC_1; 60 case X86::JCC_4: return X86::JCC_1; 61 } 62 } 63 64 unsigned getShortArithOpcode(unsigned Opcode) { 65 return X86::getShortOpcodeArith(Opcode); 66 } 67 68 bool isMOVSX64rm32(const MCInst &Inst) { 69 return Inst.getOpcode() == X86::MOVSX64rm32; 70 } 71 72 bool isADD64rr(const MCInst &Inst) { return Inst.getOpcode() == X86::ADD64rr; } 73 74 bool isADDri(const MCInst &Inst) { 75 return Inst.getOpcode() == X86::ADD64ri32 || 76 Inst.getOpcode() == X86::ADD64ri8; 77 } 78 79 #define GET_INSTRINFO_OPERAND_TYPES_ENUM 80 #define GET_INSTRINFO_OPERAND_TYPE 81 #define GET_INSTRINFO_MEM_OPERAND_SIZE 82 #include "X86GenInstrInfo.inc" 83 84 class X86MCPlusBuilder : public MCPlusBuilder { 85 public: 86 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 87 const MCRegisterInfo *RegInfo) 88 : MCPlusBuilder(Analysis, Info, RegInfo) {} 89 90 std::unique_ptr<MCSymbolizer> 91 createTargetSymbolizer(BinaryFunction &Function) const override { 92 return std::make_unique<X86MCSymbolizer>(Function); 93 } 94 95 bool isBranch(const MCInst &Inst) const override { 96 return Analysis->isBranch(Inst) && !isTailCall(Inst); 97 } 98 99 bool isNoop(const MCInst &Inst) const override { 100 return X86::isNOP(Inst.getOpcode()); 101 } 102 103 unsigned getCondCode(const MCInst &Inst) const override { 104 unsigned Opcode = Inst.getOpcode(); 105 if (X86::isJCC(Opcode)) 106 return Inst.getOperand(Info->get(Opcode).NumOperands - 1).getImm(); 107 return X86::COND_INVALID; 108 } 109 110 unsigned getInvertedCondCode(unsigned CC) const override { 111 switch (CC) { 112 default: return X86::COND_INVALID; 113 case X86::COND_E: return X86::COND_NE; 114 case X86::COND_NE: return X86::COND_E; 115 case X86::COND_L: return X86::COND_GE; 116 case X86::COND_LE: return X86::COND_G; 117 case X86::COND_G: return X86::COND_LE; 118 case X86::COND_GE: return X86::COND_L; 119 case X86::COND_B: return X86::COND_AE; 120 case X86::COND_BE: return X86::COND_A; 121 case X86::COND_A: return X86::COND_BE; 122 case X86::COND_AE: return X86::COND_B; 123 case X86::COND_S: return X86::COND_NS; 124 case X86::COND_NS: return X86::COND_S; 125 case X86::COND_P: return X86::COND_NP; 126 case X86::COND_NP: return X86::COND_P; 127 case X86::COND_O: return X86::COND_NO; 128 case X86::COND_NO: return X86::COND_O; 129 } 130 } 131 132 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 133 enum DecodedCondCode : uint8_t { 134 DCC_EQUAL = 0x1, 135 DCC_GREATER = 0x2, 136 DCC_LESSER = 0x4, 137 DCC_GREATER_OR_LESSER = 0x6, 138 DCC_UNSIGNED = 0x8, 139 DCC_SIGNED = 0x10, 140 DCC_INVALID = 0x20, 141 }; 142 143 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 144 switch (CC) { 145 default: return DCC_INVALID; 146 case X86::COND_E: return DCC_EQUAL; 147 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 148 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 149 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 150 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 151 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 152 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 153 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 154 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 155 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 156 } 157 }; 158 159 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 160 161 if (DCC & DCC_INVALID) 162 return X86::COND_INVALID; 163 164 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 165 return X86::COND_INVALID; 166 167 switch (DCC) { 168 default: return X86::COND_INVALID; 169 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 170 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 171 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 172 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 173 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 174 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 175 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 176 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 177 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 178 case DCC_EQUAL: return X86::COND_E; 179 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 180 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 181 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 182 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 183 } 184 } 185 186 bool isValidCondCode(unsigned CC) const override { 187 return (CC != X86::COND_INVALID); 188 } 189 190 bool isBreakpoint(const MCInst &Inst) const override { 191 return Inst.getOpcode() == X86::INT3; 192 } 193 194 bool isPrefix(const MCInst &Inst) const override { 195 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 196 return X86II::isPrefix(Desc.TSFlags); 197 } 198 199 bool isRep(const MCInst &Inst) const override { 200 return Inst.getFlags() == X86::IP_HAS_REPEAT; 201 } 202 203 bool deleteREPPrefix(MCInst &Inst) const override { 204 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 205 Inst.setFlags(0); 206 return true; 207 } 208 return false; 209 } 210 211 // FIXME: For compatibility with old LLVM only! 212 bool isTerminator(const MCInst &Inst) const override { 213 unsigned Opcode = Inst.getOpcode(); 214 return Info->get(Opcode).isTerminator() || X86::isUD1(Opcode) || 215 X86::isUD2(Opcode); 216 } 217 218 bool isIndirectCall(const MCInst &Inst) const override { 219 return isCall(Inst) && 220 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 221 } 222 223 bool isPop(const MCInst &Inst) const override { 224 return getPopSize(Inst) == 0 ? false : true; 225 } 226 227 bool isTerminateBranch(const MCInst &Inst) const override { 228 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 229 } 230 231 int getPopSize(const MCInst &Inst) const override { 232 switch (Inst.getOpcode()) { 233 case X86::POP16r: 234 case X86::POP16rmm: 235 case X86::POP16rmr: 236 case X86::POPF16: 237 case X86::POPA16: 238 case X86::POPDS16: 239 case X86::POPES16: 240 case X86::POPFS16: 241 case X86::POPGS16: 242 case X86::POPSS16: 243 return 2; 244 case X86::POP32r: 245 case X86::POP32rmm: 246 case X86::POP32rmr: 247 case X86::POPA32: 248 case X86::POPDS32: 249 case X86::POPES32: 250 case X86::POPF32: 251 case X86::POPFS32: 252 case X86::POPGS32: 253 case X86::POPSS32: 254 return 4; 255 case X86::POP64r: 256 case X86::POP64rmm: 257 case X86::POP64rmr: 258 case X86::POPF64: 259 case X86::POPFS64: 260 case X86::POPGS64: 261 return 8; 262 } 263 return 0; 264 } 265 266 bool isPush(const MCInst &Inst) const override { 267 return getPushSize(Inst) == 0 ? false : true; 268 } 269 270 int getPushSize(const MCInst &Inst) const override { 271 switch (Inst.getOpcode()) { 272 case X86::PUSH16i8: 273 case X86::PUSH16r: 274 case X86::PUSH16rmm: 275 case X86::PUSH16rmr: 276 case X86::PUSHA16: 277 case X86::PUSHCS16: 278 case X86::PUSHDS16: 279 case X86::PUSHES16: 280 case X86::PUSHF16: 281 case X86::PUSHFS16: 282 case X86::PUSHGS16: 283 case X86::PUSHSS16: 284 case X86::PUSHi16: 285 return 2; 286 case X86::PUSH32i8: 287 case X86::PUSH32r: 288 case X86::PUSH32rmm: 289 case X86::PUSH32rmr: 290 case X86::PUSHA32: 291 case X86::PUSHCS32: 292 case X86::PUSHDS32: 293 case X86::PUSHES32: 294 case X86::PUSHF32: 295 case X86::PUSHFS32: 296 case X86::PUSHGS32: 297 case X86::PUSHSS32: 298 case X86::PUSHi32: 299 return 4; 300 case X86::PUSH64i32: 301 case X86::PUSH64i8: 302 case X86::PUSH64r: 303 case X86::PUSH64rmm: 304 case X86::PUSH64rmr: 305 case X86::PUSHF64: 306 case X86::PUSHFS64: 307 case X86::PUSHGS64: 308 return 8; 309 } 310 return 0; 311 } 312 313 bool isSUB(const MCInst &Inst) const override { 314 return X86::isSUB(Inst.getOpcode()); 315 } 316 317 bool isLEA64r(const MCInst &Inst) const override { 318 return Inst.getOpcode() == X86::LEA64r; 319 } 320 321 bool isLeave(const MCInst &Inst) const override { 322 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 323 } 324 325 bool isMoveMem2Reg(const MCInst &Inst) const override { 326 switch (Inst.getOpcode()) { 327 case X86::MOV16rm: 328 case X86::MOV32rm: 329 case X86::MOV64rm: 330 return true; 331 } 332 return false; 333 } 334 335 bool isUnsupportedBranch(unsigned Opcode) const override { 336 switch (Opcode) { 337 default: 338 return false; 339 case X86::LOOP: 340 case X86::LOOPE: 341 case X86::LOOPNE: 342 case X86::JECXZ: 343 case X86::JRCXZ: 344 return true; 345 } 346 } 347 348 bool isLoad(const MCInst &Inst) const override { 349 if (isPop(Inst)) 350 return true; 351 352 int MemOpNo = getMemoryOperandNo(Inst); 353 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 354 355 if (MemOpNo == -1) 356 return false; 357 358 return MCII.mayLoad(); 359 } 360 361 bool isStore(const MCInst &Inst) const override { 362 if (isPush(Inst)) 363 return true; 364 365 int MemOpNo = getMemoryOperandNo(Inst); 366 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 367 368 if (MemOpNo == -1) 369 return false; 370 371 return MCII.mayStore(); 372 } 373 374 bool isCleanRegXOR(const MCInst &Inst) const override { 375 switch (Inst.getOpcode()) { 376 case X86::XOR16rr: 377 case X86::XOR32rr: 378 case X86::XOR64rr: 379 break; 380 default: 381 return false; 382 } 383 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 384 } 385 386 bool isPacked(const MCInst &Inst) const override { 387 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 388 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 389 } 390 391 unsigned getTrapFillValue() const override { return 0xCC; } 392 393 struct IndJmpMatcherFrag1 : MCInstMatcher { 394 std::unique_ptr<MCInstMatcher> Base; 395 std::unique_ptr<MCInstMatcher> Scale; 396 std::unique_ptr<MCInstMatcher> Index; 397 std::unique_ptr<MCInstMatcher> Offset; 398 399 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 400 std::unique_ptr<MCInstMatcher> Scale, 401 std::unique_ptr<MCInstMatcher> Index, 402 std::unique_ptr<MCInstMatcher> Offset) 403 : Base(std::move(Base)), Scale(std::move(Scale)), 404 Index(std::move(Index)), Offset(std::move(Offset)) {} 405 406 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 407 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 408 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 409 return false; 410 411 if (CurInst->getOpcode() != X86::JMP64m) 412 return false; 413 414 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 415 if (MemOpNo == -1) 416 return false; 417 418 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 419 return false; 420 if (!Scale->match(MRI, MIB, this->InstrWindow, 421 MemOpNo + X86::AddrScaleAmt)) 422 return false; 423 if (!Index->match(MRI, MIB, this->InstrWindow, 424 MemOpNo + X86::AddrIndexReg)) 425 return false; 426 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 427 return false; 428 return true; 429 } 430 431 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 432 MIB.addAnnotation(*CurInst, Annotation, true); 433 Base->annotate(MIB, Annotation); 434 Scale->annotate(MIB, Annotation); 435 Index->annotate(MIB, Annotation); 436 Offset->annotate(MIB, Annotation); 437 } 438 }; 439 440 std::unique_ptr<MCInstMatcher> 441 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 442 std::unique_ptr<MCInstMatcher> Scale, 443 std::unique_ptr<MCInstMatcher> Index, 444 std::unique_ptr<MCInstMatcher> Offset) const override { 445 return std::unique_ptr<MCInstMatcher>( 446 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 447 std::move(Index), std::move(Offset))); 448 } 449 450 struct IndJmpMatcherFrag2 : MCInstMatcher { 451 std::unique_ptr<MCInstMatcher> Reg; 452 453 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 454 : Reg(std::move(Reg)) {} 455 456 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 457 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 458 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 459 return false; 460 461 if (CurInst->getOpcode() != X86::JMP64r) 462 return false; 463 464 return Reg->match(MRI, MIB, this->InstrWindow, 0); 465 } 466 467 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 468 MIB.addAnnotation(*CurInst, Annotation, true); 469 Reg->annotate(MIB, Annotation); 470 } 471 }; 472 473 std::unique_ptr<MCInstMatcher> 474 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 475 return std::unique_ptr<MCInstMatcher>( 476 new IndJmpMatcherFrag2(std::move(Target))); 477 } 478 479 struct LoadMatcherFrag1 : MCInstMatcher { 480 std::unique_ptr<MCInstMatcher> Base; 481 std::unique_ptr<MCInstMatcher> Scale; 482 std::unique_ptr<MCInstMatcher> Index; 483 std::unique_ptr<MCInstMatcher> Offset; 484 485 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 486 std::unique_ptr<MCInstMatcher> Scale, 487 std::unique_ptr<MCInstMatcher> Index, 488 std::unique_ptr<MCInstMatcher> Offset) 489 : Base(std::move(Base)), Scale(std::move(Scale)), 490 Index(std::move(Index)), Offset(std::move(Offset)) {} 491 492 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 493 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 494 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 495 return false; 496 497 if (CurInst->getOpcode() != X86::MOV64rm && 498 CurInst->getOpcode() != X86::MOVSX64rm32) 499 return false; 500 501 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 502 if (MemOpNo == -1) 503 return false; 504 505 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 506 return false; 507 if (!Scale->match(MRI, MIB, this->InstrWindow, 508 MemOpNo + X86::AddrScaleAmt)) 509 return false; 510 if (!Index->match(MRI, MIB, this->InstrWindow, 511 MemOpNo + X86::AddrIndexReg)) 512 return false; 513 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 514 return false; 515 return true; 516 } 517 518 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 519 MIB.addAnnotation(*CurInst, Annotation, true); 520 Base->annotate(MIB, Annotation); 521 Scale->annotate(MIB, Annotation); 522 Index->annotate(MIB, Annotation); 523 Offset->annotate(MIB, Annotation); 524 } 525 }; 526 527 std::unique_ptr<MCInstMatcher> 528 matchLoad(std::unique_ptr<MCInstMatcher> Base, 529 std::unique_ptr<MCInstMatcher> Scale, 530 std::unique_ptr<MCInstMatcher> Index, 531 std::unique_ptr<MCInstMatcher> Offset) const override { 532 return std::unique_ptr<MCInstMatcher>( 533 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 534 std::move(Index), std::move(Offset))); 535 } 536 537 struct AddMatcher : MCInstMatcher { 538 std::unique_ptr<MCInstMatcher> A; 539 std::unique_ptr<MCInstMatcher> B; 540 541 AddMatcher(std::unique_ptr<MCInstMatcher> A, 542 std::unique_ptr<MCInstMatcher> B) 543 : A(std::move(A)), B(std::move(B)) {} 544 545 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 546 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 547 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 548 return false; 549 550 if (CurInst->getOpcode() == X86::ADD64rr || 551 CurInst->getOpcode() == X86::ADD64rr_DB || 552 CurInst->getOpcode() == X86::ADD64rr_REV) { 553 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 554 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 555 return false; 556 return A->match(MRI, MIB, this->InstrWindow, 2); 557 } 558 559 if (B->match(MRI, MIB, this->InstrWindow, 2)) 560 return true; 561 562 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 563 return false; 564 return A->match(MRI, MIB, this->InstrWindow, 2); 565 } 566 567 return false; 568 } 569 570 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 571 MIB.addAnnotation(*CurInst, Annotation, true); 572 A->annotate(MIB, Annotation); 573 B->annotate(MIB, Annotation); 574 } 575 }; 576 577 std::unique_ptr<MCInstMatcher> 578 matchAdd(std::unique_ptr<MCInstMatcher> A, 579 std::unique_ptr<MCInstMatcher> B) const override { 580 return std::unique_ptr<MCInstMatcher>( 581 new AddMatcher(std::move(A), std::move(B))); 582 } 583 584 struct LEAMatcher : MCInstMatcher { 585 std::unique_ptr<MCInstMatcher> Target; 586 587 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 588 : Target(std::move(Target)) {} 589 590 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 591 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 592 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 593 return false; 594 595 if (CurInst->getOpcode() != X86::LEA64r) 596 return false; 597 598 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 599 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 600 X86::NoRegister || 601 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 602 X86::NoRegister && 603 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 604 return false; 605 606 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 607 } 608 609 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 610 MIB.addAnnotation(*CurInst, Annotation, true); 611 Target->annotate(MIB, Annotation); 612 } 613 }; 614 615 std::unique_ptr<MCInstMatcher> 616 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 617 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 618 } 619 620 bool hasPCRelOperand(const MCInst &Inst) const override { 621 for (const MCOperand &Operand : Inst) 622 if (Operand.isReg() && Operand.getReg() == X86::RIP) 623 return true; 624 return false; 625 } 626 627 int getMemoryOperandNo(const MCInst &Inst) const override { 628 unsigned Opcode = Inst.getOpcode(); 629 const MCInstrDesc &Desc = Info->get(Opcode); 630 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 631 if (MemOpNo >= 0) 632 MemOpNo += X86II::getOperandBias(Desc); 633 return MemOpNo; 634 } 635 636 bool hasEVEXEncoding(const MCInst &Inst) const override { 637 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 638 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 639 } 640 641 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 642 const auto *I = Insts.begin(); 643 while (I != Insts.end() && isPrefix(*I)) 644 ++I; 645 if (I == Insts.end()) 646 return false; 647 648 const MCInst &FirstInst = *I; 649 ++I; 650 while (I != Insts.end() && isPrefix(*I)) 651 ++I; 652 if (I == Insts.end()) 653 return false; 654 const MCInst &SecondInst = *I; 655 656 if (!isConditionalBranch(SecondInst)) 657 return false; 658 // Cannot fuse if the first instruction uses RIP-relative memory. 659 if (hasPCRelOperand(FirstInst)) 660 return false; 661 662 const X86::FirstMacroFusionInstKind CmpKind = 663 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 664 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 665 return false; 666 667 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 668 X86::SecondMacroFusionInstKind BranchKind = 669 X86::classifySecondCondCodeInMacroFusion(CC); 670 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 671 return false; 672 return X86::isMacroFused(CmpKind, BranchKind); 673 } 674 675 std::optional<X86MemOperand> 676 evaluateX86MemoryOperand(const MCInst &Inst) const override { 677 int MemOpNo = getMemoryOperandNo(Inst); 678 if (MemOpNo < 0) 679 return std::nullopt; 680 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 681 682 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 683 return std::nullopt; 684 685 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 686 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 687 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 688 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 689 const MCOperand &Segment = 690 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 691 692 // Make sure it is a well-formed memory operand. 693 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 694 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 695 return std::nullopt; 696 697 X86MemOperand MO; 698 MO.BaseRegNum = Base.getReg(); 699 MO.ScaleImm = Scale.getImm(); 700 MO.IndexRegNum = Index.getReg(); 701 MO.DispImm = Disp.isImm() ? Disp.getImm() : 0; 702 MO.DispExpr = Disp.isExpr() ? Disp.getExpr() : nullptr; 703 MO.SegRegNum = Segment.getReg(); 704 return MO; 705 } 706 707 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 708 uint64_t Address, 709 uint64_t Size) const override { 710 std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(Inst); 711 if (!MO) 712 return false; 713 714 // Make sure it's a well-formed addressing we can statically evaluate. 715 if ((MO->BaseRegNum != X86::RIP && MO->BaseRegNum != X86::NoRegister) || 716 MO->IndexRegNum != X86::NoRegister || 717 MO->SegRegNum != X86::NoRegister || MO->DispExpr) 718 return false; 719 720 Target = MO->DispImm; 721 if (MO->BaseRegNum == X86::RIP) { 722 assert(Size != 0 && "instruction size required in order to statically " 723 "evaluate RIP-relative address"); 724 Target += Address + Size; 725 } 726 return true; 727 } 728 729 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 730 int MemOpNo = getMemoryOperandNo(Inst); 731 if (MemOpNo < 0) 732 return Inst.end(); 733 return Inst.begin() + (MemOpNo + X86::AddrDisp); 734 } 735 736 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 737 MCOperand *OI = getMemOperandDisp(Inst); 738 if (OI == Inst.end()) 739 return false; 740 *OI = Operand; 741 return true; 742 } 743 744 /// Get the registers used as function parameters. 745 /// This function is specific to the x86_64 abi on Linux. 746 BitVector getRegsUsedAsParams() const override { 747 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 748 Regs |= getAliases(X86::RSI); 749 Regs |= getAliases(X86::RDI); 750 Regs |= getAliases(X86::RDX); 751 Regs |= getAliases(X86::RCX); 752 Regs |= getAliases(X86::R8); 753 Regs |= getAliases(X86::R9); 754 return Regs; 755 } 756 757 void getCalleeSavedRegs(BitVector &Regs) const override { 758 Regs |= getAliases(X86::RBX); 759 Regs |= getAliases(X86::RBP); 760 Regs |= getAliases(X86::R12); 761 Regs |= getAliases(X86::R13); 762 Regs |= getAliases(X86::R14); 763 Regs |= getAliases(X86::R15); 764 } 765 766 void getDefaultDefIn(BitVector &Regs) const override { 767 assert(Regs.size() >= RegInfo->getNumRegs() && 768 "The size of BitVector is less than RegInfo->getNumRegs()."); 769 Regs.set(X86::RAX); 770 Regs.set(X86::RCX); 771 Regs.set(X86::RDX); 772 Regs.set(X86::RSI); 773 Regs.set(X86::RDI); 774 Regs.set(X86::R8); 775 Regs.set(X86::R9); 776 Regs.set(X86::XMM0); 777 Regs.set(X86::XMM1); 778 Regs.set(X86::XMM2); 779 Regs.set(X86::XMM3); 780 Regs.set(X86::XMM4); 781 Regs.set(X86::XMM5); 782 Regs.set(X86::XMM6); 783 Regs.set(X86::XMM7); 784 } 785 786 void getDefaultLiveOut(BitVector &Regs) const override { 787 assert(Regs.size() >= RegInfo->getNumRegs() && 788 "The size of BitVector is less than RegInfo->getNumRegs()."); 789 Regs |= getAliases(X86::RAX); 790 Regs |= getAliases(X86::RDX); 791 Regs |= getAliases(X86::RCX); 792 Regs |= getAliases(X86::XMM0); 793 Regs |= getAliases(X86::XMM1); 794 } 795 796 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 797 if (IncludeAlias) { 798 Regs |= getAliases(X86::RAX); 799 Regs |= getAliases(X86::RBX); 800 Regs |= getAliases(X86::RBP); 801 Regs |= getAliases(X86::RSI); 802 Regs |= getAliases(X86::RDI); 803 Regs |= getAliases(X86::RDX); 804 Regs |= getAliases(X86::RCX); 805 Regs |= getAliases(X86::R8); 806 Regs |= getAliases(X86::R9); 807 Regs |= getAliases(X86::R10); 808 Regs |= getAliases(X86::R11); 809 Regs |= getAliases(X86::R12); 810 Regs |= getAliases(X86::R13); 811 Regs |= getAliases(X86::R14); 812 Regs |= getAliases(X86::R15); 813 return; 814 } 815 Regs.set(X86::RAX); 816 Regs.set(X86::RBX); 817 Regs.set(X86::RBP); 818 Regs.set(X86::RSI); 819 Regs.set(X86::RDI); 820 Regs.set(X86::RDX); 821 Regs.set(X86::RCX); 822 Regs.set(X86::R8); 823 Regs.set(X86::R9); 824 Regs.set(X86::R10); 825 Regs.set(X86::R11); 826 Regs.set(X86::R12); 827 Regs.set(X86::R13); 828 Regs.set(X86::R14); 829 Regs.set(X86::R15); 830 } 831 832 void getClassicGPRegs(BitVector &Regs) const override { 833 Regs |= getAliases(X86::RAX); 834 Regs |= getAliases(X86::RBX); 835 Regs |= getAliases(X86::RBP); 836 Regs |= getAliases(X86::RSI); 837 Regs |= getAliases(X86::RDI); 838 Regs |= getAliases(X86::RDX); 839 Regs |= getAliases(X86::RCX); 840 } 841 842 void getRepRegs(BitVector &Regs) const override { 843 Regs |= getAliases(X86::RCX); 844 } 845 846 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 847 Reg = getX86SubSuperRegister(Reg, Size * 8); 848 assert((Reg != X86::NoRegister) && "Invalid register"); 849 return Reg; 850 } 851 852 bool isUpper8BitReg(MCPhysReg Reg) const override { 853 switch (Reg) { 854 case X86::AH: 855 case X86::BH: 856 case X86::CH: 857 case X86::DH: 858 return true; 859 default: 860 return false; 861 } 862 } 863 864 bool cannotUseREX(const MCInst &Inst) const override { 865 switch (Inst.getOpcode()) { 866 case X86::MOV8mr_NOREX: 867 case X86::MOV8rm_NOREX: 868 case X86::MOV8rr_NOREX: 869 case X86::MOVSX32rm8_NOREX: 870 case X86::MOVSX32rr8_NOREX: 871 case X86::MOVZX32rm8_NOREX: 872 case X86::MOVZX32rr8_NOREX: 873 case X86::MOV8mr: 874 case X86::MOV8rm: 875 case X86::MOV8rr: 876 case X86::MOVSX32rm8: 877 case X86::MOVSX32rr8: 878 case X86::MOVZX32rm8: 879 case X86::MOVZX32rr8: 880 case X86::TEST8ri: 881 for (const MCOperand &Operand : MCPlus::primeOperands(Inst)) { 882 if (!Operand.isReg()) 883 continue; 884 if (isUpper8BitReg(Operand.getReg())) 885 return true; 886 } 887 [[fallthrough]]; 888 default: 889 return false; 890 } 891 } 892 893 static uint8_t getMemDataSize(const MCInst &Inst, int MemOpNo) { 894 using namespace llvm::X86; 895 int OpType = getOperandType(Inst.getOpcode(), MemOpNo); 896 return getMemOperandSize(OpType) / 8; 897 } 898 899 /// Classifying a stack access as *not* "SIMPLE" here means we don't know how 900 /// to change this instruction memory access. It will disable any changes to 901 /// the stack layout, so we can't do the most aggressive form of shrink 902 /// wrapping. We must do so in a way that keeps the original stack layout. 903 /// Otherwise you need to adjust the offset of all instructions accessing the 904 /// stack: we can't do that anymore because there is one instruction that is 905 /// not simple. There are other implications as well. We have heuristics to 906 /// detect when a register is callee-saved and thus eligible for shrink 907 /// wrapping. If you are restoring a register using a non-simple stack access, 908 /// then it is classified as NOT callee-saved, and it disables shrink wrapping 909 /// for *that* register (but not for others). 910 /// 911 /// Classifying a stack access as "size 0" or detecting an indexed memory 912 /// access (to address a vector, for example) here means we know there is a 913 /// stack access, but we can't quite understand how wide is the access in 914 /// bytes. This is very serious because we can't understand how memory 915 /// accesses alias with each other for this function. This will essentially 916 /// disable not only shrink wrapping but all frame analysis, it will fail it 917 /// as "we don't understand this function and we give up on it". 918 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 919 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 920 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 921 bool &IsSimple, bool &IsIndexed) const override { 922 // Detect simple push/pop cases first 923 if (int Sz = getPushSize(Inst)) { 924 IsLoad = false; 925 IsStore = true; 926 IsStoreFromReg = true; 927 StackPtrReg = X86::RSP; 928 StackOffset = -Sz; 929 Size = Sz; 930 IsSimple = true; 931 if (Inst.getOperand(0).isImm()) 932 SrcImm = Inst.getOperand(0).getImm(); 933 else if (Inst.getOperand(0).isReg()) 934 Reg = Inst.getOperand(0).getReg(); 935 else 936 IsSimple = false; 937 938 return true; 939 } 940 if (int Sz = getPopSize(Inst)) { 941 IsLoad = true; 942 IsStore = false; 943 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 944 IsSimple = false; 945 } else { 946 Reg = Inst.getOperand(0).getReg(); 947 IsSimple = true; 948 } 949 StackPtrReg = X86::RSP; 950 StackOffset = 0; 951 Size = Sz; 952 return true; 953 } 954 955 struct InstInfo { 956 // Size in bytes that Inst loads from memory. 957 uint8_t DataSize; 958 bool IsLoad; 959 bool IsStore; 960 bool StoreFromReg; 961 bool Simple; 962 }; 963 964 InstInfo I; 965 int MemOpNo = getMemoryOperandNo(Inst); 966 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 967 // If it is not dealing with a memory operand, we discard it 968 if (MemOpNo == -1 || MCII.isCall()) 969 return false; 970 971 switch (Inst.getOpcode()) { 972 default: { 973 bool IsLoad = MCII.mayLoad(); 974 bool IsStore = MCII.mayStore(); 975 // Is it LEA? (deals with memory but is not loading nor storing) 976 if (!IsLoad && !IsStore) { 977 I = {0, IsLoad, IsStore, false, false}; 978 break; 979 } 980 uint8_t Sz = getMemDataSize(Inst, MemOpNo); 981 I = {Sz, IsLoad, IsStore, false, false}; 982 break; 983 } 984 // Report simple stack accesses 985 case X86::MOV8rm: I = {1, true, false, false, true}; break; 986 case X86::MOV16rm: I = {2, true, false, false, true}; break; 987 case X86::MOV32rm: I = {4, true, false, false, true}; break; 988 case X86::MOV64rm: I = {8, true, false, false, true}; break; 989 case X86::MOV8mr: I = {1, false, true, true, true}; break; 990 case X86::MOV16mr: I = {2, false, true, true, true}; break; 991 case X86::MOV32mr: I = {4, false, true, true, true}; break; 992 case X86::MOV64mr: I = {8, false, true, true, true}; break; 993 case X86::MOV8mi: I = {1, false, true, false, true}; break; 994 case X86::MOV16mi: I = {2, false, true, false, true}; break; 995 case X86::MOV32mi: I = {4, false, true, false, true}; break; 996 } // end switch (Inst.getOpcode()) 997 998 std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(Inst); 999 if (!MO) { 1000 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1001 LLVM_DEBUG(Inst.dump()); 1002 return false; 1003 } 1004 1005 // Make sure it's a stack access 1006 if (MO->BaseRegNum != X86::RBP && MO->BaseRegNum != X86::RSP) 1007 return false; 1008 1009 IsLoad = I.IsLoad; 1010 IsStore = I.IsStore; 1011 IsStoreFromReg = I.StoreFromReg; 1012 Size = I.DataSize; 1013 IsSimple = I.Simple; 1014 StackPtrReg = MO->BaseRegNum; 1015 StackOffset = MO->DispImm; 1016 IsIndexed = 1017 MO->IndexRegNum != X86::NoRegister || MO->SegRegNum != X86::NoRegister; 1018 1019 if (!I.Simple) 1020 return true; 1021 1022 // Retrieve related register in simple MOV from/to stack operations. 1023 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1024 if (I.IsLoad) { 1025 MCOperand RegOpnd = Inst.getOperand(0); 1026 assert(RegOpnd.isReg() && "unexpected destination operand"); 1027 Reg = RegOpnd.getReg(); 1028 } else if (I.IsStore) { 1029 MCOperand SrcOpnd = 1030 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1031 if (I.StoreFromReg) { 1032 assert(SrcOpnd.isReg() && "unexpected source operand"); 1033 Reg = SrcOpnd.getReg(); 1034 } else { 1035 assert(SrcOpnd.isImm() && "unexpected source operand"); 1036 SrcImm = SrcOpnd.getImm(); 1037 } 1038 } 1039 1040 return true; 1041 } 1042 1043 void changeToPushOrPop(MCInst &Inst) const override { 1044 assert(!isPush(Inst) && !isPop(Inst)); 1045 1046 struct InstInfo { 1047 // Size in bytes that Inst loads from memory. 1048 uint8_t DataSize; 1049 bool IsLoad; 1050 bool StoreFromReg; 1051 }; 1052 1053 InstInfo I; 1054 switch (Inst.getOpcode()) { 1055 default: { 1056 llvm_unreachable("Unhandled opcode"); 1057 return; 1058 } 1059 case X86::MOV16rm: I = {2, true, false}; break; 1060 case X86::MOV32rm: I = {4, true, false}; break; 1061 case X86::MOV64rm: I = {8, true, false}; break; 1062 case X86::MOV16mr: I = {2, false, true}; break; 1063 case X86::MOV32mr: I = {4, false, true}; break; 1064 case X86::MOV64mr: I = {8, false, true}; break; 1065 case X86::MOV16mi: I = {2, false, false}; break; 1066 case X86::MOV32mi: I = {4, false, false}; break; 1067 } // end switch (Inst.getOpcode()) 1068 1069 std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(Inst); 1070 if (!MO) { 1071 llvm_unreachable("Evaluate failed"); 1072 return; 1073 } 1074 // Make sure it's a stack access 1075 if (MO->BaseRegNum != X86::RBP && MO->BaseRegNum != X86::RSP) { 1076 llvm_unreachable("Not a stack access"); 1077 return; 1078 } 1079 1080 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1081 unsigned NewOpcode = 0; 1082 if (I.IsLoad) { 1083 switch (I.DataSize) { 1084 case 2: NewOpcode = X86::POP16r; break; 1085 case 4: NewOpcode = X86::POP32r; break; 1086 case 8: NewOpcode = X86::POP64r; break; 1087 default: 1088 llvm_unreachable("Unexpected size"); 1089 } 1090 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1091 Inst.clear(); 1092 Inst.setOpcode(NewOpcode); 1093 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1094 } else { 1095 MCOperand SrcOpnd = 1096 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1097 if (I.StoreFromReg) { 1098 switch (I.DataSize) { 1099 case 2: NewOpcode = X86::PUSH16r; break; 1100 case 4: NewOpcode = X86::PUSH32r; break; 1101 case 8: NewOpcode = X86::PUSH64r; break; 1102 default: 1103 llvm_unreachable("Unexpected size"); 1104 } 1105 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1106 unsigned RegOpndNum = SrcOpnd.getReg(); 1107 Inst.clear(); 1108 Inst.setOpcode(NewOpcode); 1109 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1110 } else { 1111 switch (I.DataSize) { 1112 case 2: NewOpcode = X86::PUSH16i8; break; 1113 case 4: NewOpcode = X86::PUSH32i8; break; 1114 case 8: NewOpcode = X86::PUSH64i32; break; 1115 default: 1116 llvm_unreachable("Unexpected size"); 1117 } 1118 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1119 int64_t SrcImm = SrcOpnd.getImm(); 1120 Inst.clear(); 1121 Inst.setOpcode(NewOpcode); 1122 Inst.addOperand(MCOperand::createImm(SrcImm)); 1123 } 1124 } 1125 } 1126 1127 bool isStackAdjustment(const MCInst &Inst) const override { 1128 switch (Inst.getOpcode()) { 1129 default: 1130 return false; 1131 case X86::SUB64ri32: 1132 case X86::SUB64ri8: 1133 case X86::ADD64ri32: 1134 case X86::ADD64ri8: 1135 case X86::LEA64r: 1136 break; 1137 } 1138 1139 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1140 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1141 const MCOperand &Operand = Inst.getOperand(I); 1142 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1143 return true; 1144 } 1145 return false; 1146 } 1147 1148 bool 1149 evaluateStackOffsetExpr(const MCInst &Inst, int64_t &Output, 1150 std::pair<MCPhysReg, int64_t> Input1, 1151 std::pair<MCPhysReg, int64_t> Input2) const override { 1152 1153 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1154 if (Reg == Input1.first) 1155 return Input1.second; 1156 if (Reg == Input2.first) 1157 return Input2.second; 1158 return make_error_code(errc::result_out_of_range); 1159 }; 1160 1161 switch (Inst.getOpcode()) { 1162 default: 1163 return false; 1164 1165 case X86::SUB64ri32: 1166 case X86::SUB64ri8: 1167 if (!Inst.getOperand(2).isImm()) 1168 return false; 1169 if (ErrorOr<int64_t> InputVal = 1170 getOperandVal(Inst.getOperand(1).getReg())) 1171 Output = *InputVal - Inst.getOperand(2).getImm(); 1172 else 1173 return false; 1174 break; 1175 case X86::ADD64ri32: 1176 case X86::ADD64ri8: 1177 if (!Inst.getOperand(2).isImm()) 1178 return false; 1179 if (ErrorOr<int64_t> InputVal = 1180 getOperandVal(Inst.getOperand(1).getReg())) 1181 Output = *InputVal + Inst.getOperand(2).getImm(); 1182 else 1183 return false; 1184 break; 1185 case X86::ADD64i32: 1186 if (!Inst.getOperand(0).isImm()) 1187 return false; 1188 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1189 Output = *InputVal + Inst.getOperand(0).getImm(); 1190 else 1191 return false; 1192 break; 1193 1194 case X86::LEA64r: { 1195 std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(Inst); 1196 if (!MO) 1197 return false; 1198 1199 if (MO->BaseRegNum == X86::NoRegister || 1200 MO->IndexRegNum != X86::NoRegister || 1201 MO->SegRegNum != X86::NoRegister || MO->DispExpr) 1202 return false; 1203 1204 if (ErrorOr<int64_t> InputVal = getOperandVal(MO->BaseRegNum)) 1205 Output = *InputVal + MO->DispImm; 1206 else 1207 return false; 1208 1209 break; 1210 } 1211 } 1212 return true; 1213 } 1214 1215 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1216 MCPhysReg &To) const override { 1217 switch (Inst.getOpcode()) { 1218 default: 1219 return false; 1220 case X86::LEAVE: 1221 case X86::LEAVE64: 1222 To = getStackPointer(); 1223 From = getFramePointer(); 1224 return true; 1225 case X86::MOV64rr: 1226 To = Inst.getOperand(0).getReg(); 1227 From = Inst.getOperand(1).getReg(); 1228 return true; 1229 } 1230 } 1231 1232 MCPhysReg getStackPointer() const override { return X86::RSP; } 1233 MCPhysReg getFramePointer() const override { return X86::RBP; } 1234 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1235 1236 bool escapesVariable(const MCInst &Inst, 1237 bool HasFramePointer) const override { 1238 int MemOpNo = getMemoryOperandNo(Inst); 1239 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1240 const unsigned NumDefs = MCII.getNumDefs(); 1241 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1242 getAliases(X86::RBP)); 1243 static BitVector SPAliases(getAliases(X86::RSP)); 1244 1245 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1246 // because a lot of harmless prologue code will spill SP to the stack. 1247 // Unless push is clearly pushing an object address to the stack as 1248 // demonstrated by having a MemOp. 1249 bool IsPush = isPush(Inst); 1250 if (IsPush && MemOpNo == -1) 1251 return false; 1252 1253 // We use this to detect LEA (has memop but does not access mem) 1254 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1255 bool DoesLeak = false; 1256 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1257 // Ignore if SP/BP is used to dereference memory -- that's fine 1258 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1259 I <= MemOpNo + 5) 1260 continue; 1261 // Ignore if someone is writing to SP/BP 1262 if (I < static_cast<int>(NumDefs)) 1263 continue; 1264 1265 const MCOperand &Operand = Inst.getOperand(I); 1266 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1267 DoesLeak = true; 1268 break; 1269 } 1270 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1271 DoesLeak = true; 1272 break; 1273 } 1274 } 1275 1276 // If potential leak, check if it is not just writing to itself/sp/bp 1277 if (DoesLeak) { 1278 for (int I = 0, E = NumDefs; I != E; ++I) { 1279 const MCOperand &Operand = Inst.getOperand(I); 1280 if (HasFramePointer && Operand.isReg() && 1281 SPBPAliases[Operand.getReg()]) { 1282 DoesLeak = false; 1283 break; 1284 } 1285 if (!HasFramePointer && Operand.isReg() && 1286 SPAliases[Operand.getReg()]) { 1287 DoesLeak = false; 1288 break; 1289 } 1290 } 1291 } 1292 return DoesLeak; 1293 } 1294 1295 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1296 unsigned ImmOpNo = -1U; 1297 int MemOpNo = getMemoryOperandNo(Inst); 1298 if (MemOpNo != -1) 1299 ImmOpNo = MemOpNo + X86::AddrDisp; 1300 else 1301 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1302 ++Index) 1303 if (Inst.getOperand(Index).isImm()) 1304 ImmOpNo = Index; 1305 if (ImmOpNo == -1U) 1306 return false; 1307 1308 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1309 Amt += Operand.getImm(); 1310 Operand.setImm(Amt); 1311 // Check for the need for relaxation 1312 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1313 return true; 1314 1315 // Relax instruction 1316 switch (Inst.getOpcode()) { 1317 case X86::SUB64ri8: 1318 Inst.setOpcode(X86::SUB64ri32); 1319 break; 1320 case X86::ADD64ri8: 1321 Inst.setOpcode(X86::ADD64ri32); 1322 break; 1323 default: 1324 // No need for relaxation 1325 break; 1326 } 1327 return true; 1328 } 1329 1330 /// TODO: this implementation currently works for the most common opcodes that 1331 /// load from memory. It can be extended to work with memory store opcodes as 1332 /// well as more memory load opcodes. 1333 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1334 uint64_t Offset) const override { 1335 enum CheckSignExt : uint8_t { 1336 NOCHECK = 0, 1337 CHECK8, 1338 CHECK32, 1339 }; 1340 1341 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1342 struct InstInfo { 1343 // Size in bytes that Inst loads from memory. 1344 uint8_t DataSize; 1345 1346 // True when the target operand has to be duplicated because the opcode 1347 // expects a LHS operand. 1348 bool HasLHS; 1349 1350 // List of checks and corresponding opcodes to be used. We try to use the 1351 // smallest possible immediate value when various sizes are available, 1352 // hence we may need to check whether a larger constant fits in a smaller 1353 // immediate. 1354 CheckList Checks; 1355 }; 1356 1357 InstInfo I; 1358 1359 switch (Inst.getOpcode()) { 1360 default: { 1361 switch (getPopSize(Inst)) { 1362 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1363 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1364 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1365 {NOCHECK, X86::MOV64rm}}}; break; 1366 default: return false; 1367 } 1368 break; 1369 } 1370 1371 // MOV 1372 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1373 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1374 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1375 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1376 {NOCHECK, X86::MOV64rm}}}; break; 1377 1378 // MOVZX 1379 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1380 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1381 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1382 1383 // CMP 1384 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1385 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1386 {NOCHECK, X86::CMP16ri}}}; break; 1387 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1388 {NOCHECK, X86::CMP32ri}}}; break; 1389 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1390 {CHECK32, X86::CMP64ri32}, 1391 {NOCHECK, X86::CMP64rm}}}; break; 1392 1393 // TEST 1394 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1395 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1396 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1397 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1398 {NOCHECK, X86::TEST64mr}}}; break; 1399 1400 // ADD 1401 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1402 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1403 {NOCHECK, X86::ADD16ri}}}; break; 1404 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1405 {NOCHECK, X86::ADD32ri}}}; break; 1406 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1407 {CHECK32, X86::ADD64ri32}, 1408 {NOCHECK, X86::ADD64rm}}}; break; 1409 1410 // SUB 1411 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1412 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1413 {NOCHECK, X86::SUB16ri}}}; break; 1414 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1415 {NOCHECK, X86::SUB32ri}}}; break; 1416 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1417 {CHECK32, X86::SUB64ri32}, 1418 {NOCHECK, X86::SUB64rm}}}; break; 1419 1420 // AND 1421 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1422 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1423 {NOCHECK, X86::AND16ri}}}; break; 1424 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1425 {NOCHECK, X86::AND32ri}}}; break; 1426 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1427 {CHECK32, X86::AND64ri32}, 1428 {NOCHECK, X86::AND64rm}}}; break; 1429 1430 // OR 1431 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1432 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1433 {NOCHECK, X86::OR16ri}}}; break; 1434 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1435 {NOCHECK, X86::OR32ri}}}; break; 1436 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1437 {CHECK32, X86::OR64ri32}, 1438 {NOCHECK, X86::OR64rm}}}; break; 1439 1440 // XOR 1441 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1442 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1443 {NOCHECK, X86::XOR16ri}}}; break; 1444 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1445 {NOCHECK, X86::XOR32ri}}}; break; 1446 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1447 {CHECK32, X86::XOR64ri32}, 1448 {NOCHECK, X86::XOR64rm}}}; break; 1449 } 1450 1451 // Compute the immediate value. 1452 assert(Offset + I.DataSize <= ConstantData.size() && 1453 "invalid offset for given constant data"); 1454 int64_t ImmVal = 1455 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1456 1457 // Compute the new opcode. 1458 unsigned NewOpcode = 0; 1459 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1460 NewOpcode = Check.second; 1461 if (Check.first == NOCHECK) 1462 break; 1463 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1464 break; 1465 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1466 break; 1467 } 1468 if (NewOpcode == Inst.getOpcode()) 1469 return false; 1470 1471 // Modify the instruction. 1472 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1473 uint32_t TargetOpNum = 0; 1474 // Test instruction does not follow the regular pattern of putting the 1475 // memory reference of a load (5 MCOperands) last in the list of operands. 1476 // Since it is not modifying the register operand, it is not treated as 1477 // a destination operand and it is not the first operand as it is in the 1478 // other instructions we treat here. 1479 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1480 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1481 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1482 1483 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1484 Inst.clear(); 1485 Inst.setOpcode(NewOpcode); 1486 Inst.addOperand(TargetOp); 1487 if (I.HasLHS) 1488 Inst.addOperand(TargetOp); 1489 Inst.addOperand(ImmOp); 1490 1491 return true; 1492 } 1493 1494 /// TODO: this implementation currently works for the most common opcodes that 1495 /// load from memory. It can be extended to work with memory store opcodes as 1496 /// well as more memory load opcodes. 1497 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1498 unsigned NewOpcode; 1499 1500 switch (Inst.getOpcode()) { 1501 default: { 1502 switch (getPopSize(Inst)) { 1503 case 2: NewOpcode = X86::MOV16rr; break; 1504 case 4: NewOpcode = X86::MOV32rr; break; 1505 case 8: NewOpcode = X86::MOV64rr; break; 1506 default: return false; 1507 } 1508 break; 1509 } 1510 1511 // MOV 1512 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1513 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1514 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1515 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1516 } 1517 1518 // Modify the instruction. 1519 MCOperand RegOp = MCOperand::createReg(RegNum); 1520 MCOperand TargetOp = Inst.getOperand(0); 1521 Inst.clear(); 1522 Inst.setOpcode(NewOpcode); 1523 Inst.addOperand(TargetOp); 1524 Inst.addOperand(RegOp); 1525 1526 return true; 1527 } 1528 1529 bool isRedundantMove(const MCInst &Inst) const override { 1530 switch (Inst.getOpcode()) { 1531 default: 1532 return false; 1533 1534 // MOV 1535 case X86::MOV8rr: 1536 case X86::MOV16rr: 1537 case X86::MOV32rr: 1538 case X86::MOV64rr: 1539 break; 1540 } 1541 1542 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1543 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1544 } 1545 1546 bool requiresAlignedAddress(const MCInst &Inst) const override { 1547 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1548 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1549 const MCOperandInfo &Op = Desc.operands()[I]; 1550 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1551 continue; 1552 if (Op.RegClass == X86::VR128RegClassID) 1553 return true; 1554 } 1555 return false; 1556 } 1557 1558 bool convertJmpToTailCall(MCInst &Inst) override { 1559 if (isTailCall(Inst)) 1560 return false; 1561 1562 int NewOpcode; 1563 switch (Inst.getOpcode()) { 1564 default: 1565 return false; 1566 case X86::JMP_1: 1567 case X86::JMP_2: 1568 case X86::JMP_4: 1569 NewOpcode = X86::JMP_4; 1570 break; 1571 case X86::JMP16m: 1572 case X86::JMP32m: 1573 case X86::JMP64m: 1574 NewOpcode = X86::JMP32m; 1575 break; 1576 case X86::JMP16r: 1577 case X86::JMP32r: 1578 case X86::JMP64r: 1579 NewOpcode = X86::JMP32r; 1580 break; 1581 } 1582 1583 Inst.setOpcode(NewOpcode); 1584 setTailCall(Inst); 1585 return true; 1586 } 1587 1588 bool convertTailCallToJmp(MCInst &Inst) override { 1589 int NewOpcode; 1590 switch (Inst.getOpcode()) { 1591 default: 1592 return false; 1593 case X86::JMP_4: 1594 NewOpcode = X86::JMP_1; 1595 break; 1596 case X86::JMP32m: 1597 NewOpcode = X86::JMP64m; 1598 break; 1599 case X86::JMP32r: 1600 NewOpcode = X86::JMP64r; 1601 break; 1602 } 1603 1604 Inst.setOpcode(NewOpcode); 1605 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1606 clearOffset(Inst); 1607 return true; 1608 } 1609 1610 bool convertTailCallToCall(MCInst &Inst) override { 1611 int NewOpcode; 1612 switch (Inst.getOpcode()) { 1613 default: 1614 return false; 1615 case X86::JMP_4: 1616 NewOpcode = X86::CALL64pcrel32; 1617 break; 1618 case X86::JMP32m: 1619 NewOpcode = X86::CALL64m; 1620 break; 1621 case X86::JMP32r: 1622 NewOpcode = X86::CALL64r; 1623 break; 1624 } 1625 1626 Inst.setOpcode(NewOpcode); 1627 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1628 return true; 1629 } 1630 1631 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1632 MCContext *Ctx) override { 1633 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 1634 (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst))) && 1635 "64-bit direct (tail) call instruction expected"); 1636 const auto NewOpcode = 1637 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 1638 Inst.setOpcode(NewOpcode); 1639 1640 // Replace the first operand and preserve auxiliary operands of 1641 // the instruction. 1642 Inst.erase(Inst.begin()); 1643 Inst.insert(Inst.begin(), 1644 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 1645 Inst.insert(Inst.begin(), 1646 MCOperand::createExpr( // Displacement 1647 MCSymbolRefExpr::create(TargetLocation, 1648 MCSymbolRefExpr::VK_None, *Ctx))); 1649 Inst.insert(Inst.begin(), 1650 MCOperand::createReg(X86::NoRegister)); // IndexReg 1651 Inst.insert(Inst.begin(), 1652 MCOperand::createImm(1)); // ScaleAmt 1653 Inst.insert(Inst.begin(), 1654 MCOperand::createReg(X86::RIP)); // BaseReg 1655 1656 return true; 1657 } 1658 1659 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 1660 bool IsTailCall = isTailCall(Inst); 1661 if (IsTailCall) 1662 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1663 if (Inst.getOpcode() == X86::CALL64m || 1664 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 1665 Inst.setOpcode(X86::MOV64rm); 1666 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1667 return; 1668 } 1669 if (Inst.getOpcode() == X86::CALL64r || 1670 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 1671 Inst.setOpcode(X86::MOV64rr); 1672 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1673 return; 1674 } 1675 LLVM_DEBUG(Inst.dump()); 1676 llvm_unreachable("not implemented"); 1677 } 1678 1679 bool shortenInstruction(MCInst &Inst, 1680 const MCSubtargetInfo &STI) const override { 1681 unsigned OldOpcode = Inst.getOpcode(); 1682 unsigned NewOpcode = OldOpcode; 1683 1684 int MemOpNo = getMemoryOperandNo(Inst); 1685 1686 // Check and remove redundant Address-Size override prefix. 1687 if (opts::X86StripRedundantAddressSize) { 1688 uint64_t TSFlags = Info->get(OldOpcode).TSFlags; 1689 unsigned Flags = Inst.getFlags(); 1690 1691 if (!X86_MC::needsAddressSizeOverride(Inst, STI, MemOpNo, TSFlags) && 1692 Flags & X86::IP_HAS_AD_SIZE) 1693 Inst.setFlags(Flags ^ X86::IP_HAS_AD_SIZE); 1694 } 1695 1696 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where 1697 // SIB byte is present, but no index is used and modrm alone should have 1698 // been enough. Converting to NoRegister effectively removes the SIB byte. 1699 if (MemOpNo >= 0) { 1700 MCOperand &IndexOp = 1701 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 1702 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 1703 IndexOp = MCOperand::createReg(X86::NoRegister); 1704 } 1705 1706 if (isBranch(Inst)) { 1707 NewOpcode = getShortBranchOpcode(OldOpcode); 1708 } else if (OldOpcode == X86::MOV64ri) { 1709 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1710 const int64_t Imm = 1711 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1712 if (int64_t(Imm) == int64_t(int32_t(Imm))) 1713 NewOpcode = X86::MOV64ri32; 1714 } 1715 } else { 1716 // If it's arithmetic instruction check if signed operand fits in 1 byte. 1717 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 1718 if (ShortOpcode != OldOpcode && 1719 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1720 int64_t Imm = 1721 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1722 if (int64_t(Imm) == int64_t(int8_t(Imm))) 1723 NewOpcode = ShortOpcode; 1724 } 1725 } 1726 1727 if (NewOpcode == OldOpcode) 1728 return false; 1729 1730 Inst.setOpcode(NewOpcode); 1731 return true; 1732 } 1733 1734 bool 1735 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 1736 bool AllowBasePtrStackMemOp) const override { 1737 // - Register-register moves are OK 1738 // - Stores are filtered out by opcode (no store CMOV) 1739 // - Non-stack loads are prohibited (generally unsafe) 1740 // - Stack loads are OK if AllowStackMemOp is true 1741 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 1742 if (isLoad(Inst)) { 1743 // If stack memory operands are not allowed, no loads are allowed 1744 if (!AllowStackMemOp) 1745 return false; 1746 1747 // If stack memory operands are allowed, check if it's a load from stack 1748 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 1749 MCPhysReg Reg; 1750 int32_t SrcImm; 1751 uint16_t StackPtrReg; 1752 int64_t StackOffset; 1753 uint8_t Size; 1754 bool IsStackAccess = 1755 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 1756 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 1757 // Prohibit non-stack-based loads 1758 if (!IsStackAccess) 1759 return false; 1760 // If stack memory operands are allowed, check if it's RBP-based 1761 if (!AllowBasePtrStackMemOp && 1762 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 1763 return false; 1764 } 1765 1766 unsigned NewOpcode = 0; 1767 switch (Inst.getOpcode()) { 1768 case X86::MOV16rr: 1769 NewOpcode = X86::CMOV16rr; 1770 break; 1771 case X86::MOV16rm: 1772 NewOpcode = X86::CMOV16rm; 1773 break; 1774 case X86::MOV32rr: 1775 NewOpcode = X86::CMOV32rr; 1776 break; 1777 case X86::MOV32rm: 1778 NewOpcode = X86::CMOV32rm; 1779 break; 1780 case X86::MOV64rr: 1781 NewOpcode = X86::CMOV64rr; 1782 break; 1783 case X86::MOV64rm: 1784 NewOpcode = X86::CMOV64rm; 1785 break; 1786 default: 1787 return false; 1788 } 1789 Inst.setOpcode(NewOpcode); 1790 // Insert CC at the end of prime operands, before annotations 1791 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 1792 MCOperand::createImm(CC)); 1793 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 1794 Inst.insert(Inst.begin(), Inst.getOperand(0)); 1795 return true; 1796 } 1797 1798 bool lowerTailCall(MCInst &Inst) override { 1799 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 1800 Inst.setOpcode(X86::JMP_1); 1801 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1802 return true; 1803 } 1804 return false; 1805 } 1806 1807 const MCSymbol *getTargetSymbol(const MCInst &Inst, 1808 unsigned OpNum = 0) const override { 1809 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 1810 return nullptr; 1811 1812 const MCOperand &Op = Inst.getOperand(OpNum); 1813 if (!Op.isExpr()) 1814 return nullptr; 1815 1816 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 1817 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 1818 return nullptr; 1819 1820 return &SymExpr->getSymbol(); 1821 } 1822 1823 // This is the same as the base class, but since we are overriding one of 1824 // getTargetSymbol's signatures above, we need to override all of them. 1825 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 1826 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 1827 } 1828 1829 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 1830 const MCSymbol *&TBB, const MCSymbol *&FBB, 1831 MCInst *&CondBranch, 1832 MCInst *&UncondBranch) const override { 1833 auto I = End; 1834 1835 // Bottom-up analysis 1836 while (I != Begin) { 1837 --I; 1838 1839 // Ignore nops and CFIs 1840 if (isPseudo(*I)) 1841 continue; 1842 1843 // Stop when we find the first non-terminator 1844 if (!isTerminator(*I)) 1845 break; 1846 1847 if (!isBranch(*I)) 1848 break; 1849 1850 // Handle unconditional branches. 1851 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 1852 I->getOpcode() == X86::JMP_4) && 1853 !isTailCall(*I)) { 1854 // If any code was seen after this unconditional branch, we've seen 1855 // unreachable code. Ignore them. 1856 CondBranch = nullptr; 1857 UncondBranch = &*I; 1858 const MCSymbol *Sym = getTargetSymbol(*I); 1859 assert(Sym != nullptr && 1860 "Couldn't extract BB symbol from jump operand"); 1861 TBB = Sym; 1862 continue; 1863 } 1864 1865 // Handle conditional branches and ignore indirect branches 1866 if (!isUnsupportedBranch(I->getOpcode()) && 1867 getCondCode(*I) == X86::COND_INVALID) { 1868 // Indirect branch 1869 return false; 1870 } 1871 1872 if (CondBranch == nullptr) { 1873 const MCSymbol *TargetBB = getTargetSymbol(*I); 1874 if (TargetBB == nullptr) { 1875 // Unrecognized branch target 1876 return false; 1877 } 1878 FBB = TBB; 1879 TBB = TargetBB; 1880 CondBranch = &*I; 1881 continue; 1882 } 1883 1884 llvm_unreachable("multiple conditional branches in one BB"); 1885 } 1886 return true; 1887 } 1888 1889 template <typename Itr> 1890 std::pair<IndirectBranchType, MCInst *> 1891 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 1892 // Analyze PIC-style jump table code template: 1893 // 1894 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 1895 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 1896 // add %r2, %r1 1897 // jmp *%r1 1898 // 1899 // (with any irrelevant instructions in-between) 1900 // 1901 // When we call this helper we've already determined %r1 and %r2, and 1902 // reverse instruction iterator \p II is pointing to the ADD instruction. 1903 // 1904 // PIC jump table looks like following: 1905 // 1906 // JT: ---------- 1907 // E1:| L1 - JT | 1908 // |----------| 1909 // E2:| L2 - JT | 1910 // |----------| 1911 // | | 1912 // ...... 1913 // En:| Ln - JT | 1914 // ---------- 1915 // 1916 // Where L1, L2, ..., Ln represent labels in the function. 1917 // 1918 // The actual relocations in the table will be of the form: 1919 // 1920 // Ln - JT 1921 // = (Ln - En) + (En - JT) 1922 // = R_X86_64_PC32(Ln) + En - JT 1923 // = R_X86_64_PC32(Ln + offsetof(En)) 1924 // 1925 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 1926 MCInst *MemLocInstr = nullptr; 1927 const MCInst *MovInstr = nullptr; 1928 while (++II != IE) { 1929 MCInst &Instr = *II; 1930 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 1931 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 1932 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 1933 // Ignore instructions that don't affect R1, R2 registers. 1934 continue; 1935 } 1936 if (!MovInstr) { 1937 // Expect to see MOV instruction. 1938 if (!isMOVSX64rm32(Instr)) { 1939 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 1940 break; 1941 } 1942 1943 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 1944 // If it sets %r1 - rename the registers so we have to only check 1945 // a single form. 1946 unsigned MovDestReg = Instr.getOperand(0).getReg(); 1947 if (MovDestReg != R2) 1948 std::swap(R1, R2); 1949 if (MovDestReg != R2) { 1950 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 1951 break; 1952 } 1953 1954 // Verify operands for MOV. 1955 std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(Instr); 1956 if (!MO) 1957 break; 1958 if (MO->BaseRegNum != R1 || MO->ScaleImm != 4 || 1959 MO->IndexRegNum == X86::NoRegister || MO->DispImm != 0 || 1960 MO->SegRegNum != X86::NoRegister) 1961 break; 1962 MovInstr = &Instr; 1963 } else { 1964 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 1965 continue; 1966 if (!isLEA64r(Instr)) { 1967 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 1968 break; 1969 } 1970 if (Instr.getOperand(0).getReg() != R1) { 1971 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 1972 break; 1973 } 1974 1975 // Verify operands for LEA. 1976 std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(Instr); 1977 if (!MO) 1978 break; 1979 if (MO->BaseRegNum != RegInfo->getProgramCounter() || 1980 MO->IndexRegNum != X86::NoRegister || 1981 MO->SegRegNum != X86::NoRegister || MO->DispExpr == nullptr) 1982 break; 1983 MemLocInstr = &Instr; 1984 break; 1985 } 1986 } 1987 1988 if (!MemLocInstr) 1989 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 1990 1991 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 1992 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 1993 MemLocInstr); 1994 } 1995 1996 IndirectBranchType analyzeIndirectBranch( 1997 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 1998 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 1999 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2000 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2001 // Try to find a (base) memory location from where the address for 2002 // the indirect branch is loaded. For X86-64 the memory will be specified 2003 // in the following format: 2004 // 2005 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2006 // 2007 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2008 // the contents of the memory are presumably an array of pointers to code. 2009 // 2010 // Normal jump table: 2011 // 2012 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2013 // 2014 // or 2015 // 2016 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2017 // ... 2018 // jmp %r1 2019 // 2020 // We handle PIC-style jump tables separately. 2021 // 2022 MemLocInstrOut = nullptr; 2023 BaseRegNumOut = X86::NoRegister; 2024 IndexRegNumOut = X86::NoRegister; 2025 DispValueOut = 0; 2026 DispExprOut = nullptr; 2027 2028 std::reverse_iterator<InstructionIterator> II(End); 2029 std::reverse_iterator<InstructionIterator> IE(Begin); 2030 2031 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2032 2033 // An instruction referencing memory used by jump instruction (directly or 2034 // via register). This location could be an array of function pointers 2035 // in case of indirect tail call, or a jump table. 2036 MCInst *MemLocInstr = nullptr; 2037 2038 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2039 // If the indirect jump is on register - try to detect if the 2040 // register value is loaded from a memory location. 2041 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2042 const unsigned R1 = Instruction.getOperand(0).getReg(); 2043 // Check if one of the previous instructions defines the jump-on register. 2044 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2045 MCInst &PrevInstr = *PrevII; 2046 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2047 2048 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2049 continue; 2050 2051 if (isMoveMem2Reg(PrevInstr)) { 2052 MemLocInstr = &PrevInstr; 2053 break; 2054 } 2055 if (isADD64rr(PrevInstr)) { 2056 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2057 if (R1 == R2) 2058 return IndirectBranchType::UNKNOWN; 2059 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2060 break; 2061 } 2062 return IndirectBranchType::UNKNOWN; 2063 } 2064 if (!MemLocInstr) { 2065 // No definition seen for the register in this function so far. Could be 2066 // an input parameter - which means it is an external code reference. 2067 // It also could be that the definition happens to be in the code that 2068 // we haven't processed yet. Since we have to be conservative, return 2069 // as UNKNOWN case. 2070 return IndirectBranchType::UNKNOWN; 2071 } 2072 } else { 2073 MemLocInstr = &Instruction; 2074 } 2075 2076 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2077 2078 // Analyze the memory location. 2079 std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(*MemLocInstr); 2080 if (!MO) 2081 return IndirectBranchType::UNKNOWN; 2082 2083 BaseRegNumOut = MO->BaseRegNum; 2084 IndexRegNumOut = MO->IndexRegNum; 2085 DispValueOut = MO->DispImm; 2086 DispExprOut = MO->DispExpr; 2087 2088 if ((MO->BaseRegNum != X86::NoRegister && MO->BaseRegNum != RIPRegister) || 2089 MO->SegRegNum != X86::NoRegister) 2090 return IndirectBranchType::UNKNOWN; 2091 2092 if (MemLocInstr == &Instruction && 2093 (!MO->ScaleImm || MO->IndexRegNum == X86::NoRegister)) { 2094 MemLocInstrOut = MemLocInstr; 2095 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2096 } 2097 2098 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2099 (MO->ScaleImm != 1 || MO->BaseRegNum != RIPRegister)) 2100 return IndirectBranchType::UNKNOWN; 2101 2102 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2103 MO->ScaleImm != PtrSize) 2104 return IndirectBranchType::UNKNOWN; 2105 2106 MemLocInstrOut = MemLocInstr; 2107 2108 return Type; 2109 } 2110 2111 /// Analyze a callsite to see if it could be a virtual method call. This only 2112 /// checks to see if the overall pattern is satisfied, it does not guarantee 2113 /// that the callsite is a true virtual method call. 2114 /// The format of virtual method calls that are recognized is one of the 2115 /// following: 2116 /// 2117 /// Form 1: (found in debug code) 2118 /// add METHOD_OFFSET, %VtableReg 2119 /// mov (%VtableReg), %MethodReg 2120 /// ... 2121 /// call or jmp *%MethodReg 2122 /// 2123 /// Form 2: 2124 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2125 /// ... 2126 /// call or jmp *%MethodReg 2127 /// 2128 /// Form 3: 2129 /// ... 2130 /// call or jmp *METHOD_OFFSET(%VtableReg) 2131 /// 2132 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2133 InstructionIterator ForwardEnd, 2134 std::vector<MCInst *> &MethodFetchInsns, 2135 unsigned &VtableRegNum, unsigned &MethodRegNum, 2136 uint64_t &MethodOffset) const override { 2137 VtableRegNum = X86::NoRegister; 2138 MethodRegNum = X86::NoRegister; 2139 MethodOffset = 0; 2140 2141 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2142 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2143 2144 MCInst &CallInst = *Itr++; 2145 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2146 2147 // The call can just be jmp offset(reg) 2148 if (std::optional<X86MemOperand> MO = evaluateX86MemoryOperand(CallInst)) { 2149 if (!MO->DispExpr && MO->BaseRegNum != X86::RIP && 2150 MO->BaseRegNum != X86::RBP && MO->BaseRegNum != X86::NoRegister) { 2151 MethodRegNum = MO->BaseRegNum; 2152 if (MO->ScaleImm == 1 && MO->IndexRegNum == X86::NoRegister && 2153 MO->SegRegNum == X86::NoRegister) { 2154 VtableRegNum = MethodRegNum; 2155 MethodOffset = MO->DispImm; 2156 MethodFetchInsns.push_back(&CallInst); 2157 return true; 2158 } 2159 } 2160 return false; 2161 } 2162 if (CallInst.getOperand(0).isReg()) 2163 MethodRegNum = CallInst.getOperand(0).getReg(); 2164 else 2165 return false; 2166 2167 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2168 VtableRegNum = X86::NoRegister; 2169 MethodRegNum = X86::NoRegister; 2170 return false; 2171 } 2172 2173 // find load from vtable, this may or may not include the method offset 2174 while (Itr != End) { 2175 MCInst &CurInst = *Itr++; 2176 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2177 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2178 if (!isLoad(CurInst)) 2179 return false; 2180 if (std::optional<X86MemOperand> MO = 2181 evaluateX86MemoryOperand(CurInst)) { 2182 if (!MO->DispExpr && MO->ScaleImm == 1 && 2183 MO->BaseRegNum != X86::RIP && MO->BaseRegNum != X86::RBP && 2184 MO->BaseRegNum != X86::NoRegister && 2185 MO->IndexRegNum == X86::NoRegister && 2186 MO->SegRegNum == X86::NoRegister && MO->BaseRegNum != X86::RIP) { 2187 VtableRegNum = MO->BaseRegNum; 2188 MethodOffset = MO->DispImm; 2189 MethodFetchInsns.push_back(&CurInst); 2190 if (MethodOffset != 0) 2191 return true; 2192 break; 2193 } 2194 } 2195 return false; 2196 } 2197 } 2198 2199 if (!VtableRegNum) 2200 return false; 2201 2202 // look for any adds affecting the method register. 2203 while (Itr != End) { 2204 MCInst &CurInst = *Itr++; 2205 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2206 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2207 if (isADDri(CurInst)) { 2208 assert(!MethodOffset); 2209 MethodOffset = CurInst.getOperand(2).getImm(); 2210 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2211 break; 2212 } 2213 } 2214 } 2215 2216 return true; 2217 } 2218 2219 bool createStackPointerIncrement(MCInst &Inst, int Size, 2220 bool NoFlagsClobber) const override { 2221 if (NoFlagsClobber) { 2222 Inst.setOpcode(X86::LEA64r); 2223 Inst.clear(); 2224 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2225 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2226 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2227 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2228 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2229 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2230 return true; 2231 } 2232 Inst.setOpcode(X86::SUB64ri8); 2233 Inst.clear(); 2234 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2235 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2236 Inst.addOperand(MCOperand::createImm(Size)); 2237 return true; 2238 } 2239 2240 bool createStackPointerDecrement(MCInst &Inst, int Size, 2241 bool NoFlagsClobber) const override { 2242 if (NoFlagsClobber) { 2243 Inst.setOpcode(X86::LEA64r); 2244 Inst.clear(); 2245 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2246 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2247 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2248 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2249 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2250 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2251 return true; 2252 } 2253 Inst.setOpcode(X86::ADD64ri8); 2254 Inst.clear(); 2255 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2256 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2257 Inst.addOperand(MCOperand::createImm(Size)); 2258 return true; 2259 } 2260 2261 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2262 const MCPhysReg &SrcReg, int Size) const override { 2263 unsigned NewOpcode; 2264 switch (Size) { 2265 default: 2266 return false; 2267 case 2: NewOpcode = X86::MOV16mr; break; 2268 case 4: NewOpcode = X86::MOV32mr; break; 2269 case 8: NewOpcode = X86::MOV64mr; break; 2270 } 2271 Inst.setOpcode(NewOpcode); 2272 Inst.clear(); 2273 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2274 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2275 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2276 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2277 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2278 Inst.addOperand(MCOperand::createReg(SrcReg)); 2279 return true; 2280 } 2281 2282 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2283 int Offset, const MCPhysReg &DstReg, 2284 int Size) const override { 2285 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2286 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2287 DstReg, Size); 2288 } 2289 2290 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2291 const MCPhysReg &IndexReg, int64_t Offset, 2292 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2293 const MCPhysReg &DstReg, int Size) const override { 2294 unsigned NewOpcode; 2295 switch (Size) { 2296 default: 2297 return false; 2298 case 2: NewOpcode = X86::MOV16rm; break; 2299 case 4: NewOpcode = X86::MOV32rm; break; 2300 case 8: NewOpcode = X86::MOV64rm; break; 2301 } 2302 Inst.setOpcode(NewOpcode); 2303 Inst.clear(); 2304 Inst.addOperand(MCOperand::createReg(DstReg)); 2305 Inst.addOperand(MCOperand::createReg(BaseReg)); 2306 Inst.addOperand(MCOperand::createImm(Scale)); 2307 Inst.addOperand(MCOperand::createReg(IndexReg)); 2308 if (OffsetExpr) 2309 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2310 else 2311 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2312 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2313 return true; 2314 } 2315 2316 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2317 uint32_t Imm) const override { 2318 Inst.setOpcode(X86::MOV64ri32); 2319 Inst.clear(); 2320 Inst.addOperand(MCOperand::createReg(Dest)); 2321 Inst.addOperand(MCOperand::createImm(Imm)); 2322 } 2323 2324 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2325 MCContext *Ctx) const override { 2326 2327 Inst.setOpcode(X86::LOCK_INC64m); 2328 Inst.clear(); 2329 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2330 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2331 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2332 2333 Inst.addOperand(MCOperand::createExpr( 2334 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2335 *Ctx))); // Displacement 2336 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2337 return true; 2338 } 2339 2340 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2341 const MCOperand &BaseReg, const MCOperand &Scale, 2342 const MCOperand &IndexReg, const MCOperand &Offset, 2343 const MCOperand &TmpReg) const override { 2344 // The code fragment we emit here is: 2345 // 2346 // mov32 (%base, %index, scale), %tmpreg 2347 // ijmp *(%tmpreg) 2348 // 2349 MCInst IJmp; 2350 IJmp.setOpcode(X86::JMP64r); 2351 IJmp.addOperand(TmpReg); 2352 2353 MCInst Load; 2354 Load.setOpcode(X86::MOV32rm); 2355 Load.addOperand(TmpReg); 2356 Load.addOperand(BaseReg); 2357 Load.addOperand(Scale); 2358 Load.addOperand(IndexReg); 2359 Load.addOperand(Offset); 2360 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2361 2362 Insts.push_back(Load); 2363 Insts.push_back(IJmp); 2364 return true; 2365 } 2366 2367 bool createNoop(MCInst &Inst) const override { 2368 Inst.setOpcode(X86::NOOP); 2369 return true; 2370 } 2371 2372 bool createReturn(MCInst &Inst) const override { 2373 Inst.setOpcode(X86::RET64); 2374 return true; 2375 } 2376 2377 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2378 InstructionListType Code; 2379 if (ReturnEnd) 2380 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2381 .addReg(X86::RAX) 2382 .addReg(X86::RDI) 2383 .addImm(1) 2384 .addReg(X86::RDX) 2385 .addImm(0) 2386 .addReg(X86::NoRegister)); 2387 else 2388 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2389 .addReg(X86::RAX) 2390 .addReg(X86::RDI)); 2391 2392 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2393 .addReg(X86::ECX) 2394 .addReg(X86::EDX)); 2395 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2396 2397 return Code; 2398 } 2399 2400 InstructionListType createOneByteMemcpy() const override { 2401 InstructionListType Code; 2402 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2403 .addReg(X86::CL) 2404 .addReg(X86::RSI) 2405 .addImm(0) 2406 .addReg(X86::NoRegister) 2407 .addImm(0) 2408 .addReg(X86::NoRegister)); 2409 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2410 .addReg(X86::RDI) 2411 .addImm(0) 2412 .addReg(X86::NoRegister) 2413 .addImm(0) 2414 .addReg(X86::NoRegister) 2415 .addReg(X86::CL)); 2416 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2417 .addReg(X86::RAX) 2418 .addReg(X86::RDI)); 2419 return Code; 2420 } 2421 2422 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2423 const MCSymbol *Target, 2424 MCContext *Ctx) const override { 2425 InstructionListType Code; 2426 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2427 .addReg(RegNo) 2428 .addImm(Imm)); 2429 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2430 .addExpr(MCSymbolRefExpr::create( 2431 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2432 .addImm(X86::COND_E)); 2433 return Code; 2434 } 2435 2436 std::optional<Relocation> 2437 createRelocation(const MCFixup &Fixup, 2438 const MCAsmBackend &MAB) const override { 2439 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2440 2441 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2442 const uint64_t RelOffset = Fixup.getOffset(); 2443 2444 uint64_t RelType; 2445 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2446 switch (FKI.TargetSize) { 2447 default: 2448 return std::nullopt; 2449 case 8: RelType = ELF::R_X86_64_PC8; break; 2450 case 16: RelType = ELF::R_X86_64_PC16; break; 2451 case 32: RelType = ELF::R_X86_64_PC32; break; 2452 case 64: RelType = ELF::R_X86_64_PC64; break; 2453 } 2454 } else { 2455 switch (FKI.TargetSize) { 2456 default: 2457 return std::nullopt; 2458 case 8: RelType = ELF::R_X86_64_8; break; 2459 case 16: RelType = ELF::R_X86_64_16; break; 2460 case 32: RelType = ELF::R_X86_64_32; break; 2461 case 64: RelType = ELF::R_X86_64_64; break; 2462 } 2463 } 2464 2465 // Extract a symbol and an addend out of the fixup value expression. 2466 // 2467 // Only the following limited expression types are supported: 2468 // Symbol + Addend 2469 // Symbol 2470 uint64_t Addend = 0; 2471 MCSymbol *Symbol = nullptr; 2472 const MCExpr *ValueExpr = Fixup.getValue(); 2473 if (ValueExpr->getKind() == MCExpr::Binary) { 2474 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2475 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2476 "unexpected binary expression"); 2477 const MCExpr *LHS = BinaryExpr->getLHS(); 2478 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2479 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2480 const MCExpr *RHS = BinaryExpr->getRHS(); 2481 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2482 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2483 } else { 2484 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2485 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2486 } 2487 2488 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2489 } 2490 2491 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2492 int64_t Addend, MCContext *Ctx, int64_t &Value, 2493 uint64_t RelType) const override { 2494 unsigned ImmOpNo = -1U; 2495 2496 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2497 ++Index) { 2498 if (Inst.getOperand(Index).isImm()) { 2499 ImmOpNo = Index; 2500 // TODO: this is a bit hacky. It finds the correct operand by 2501 // searching for a specific immediate value. If no value is 2502 // provided it defaults to the last immediate operand found. 2503 // This could lead to unexpected results if the instruction 2504 // has more than one immediate with the same value. 2505 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2506 break; 2507 } 2508 } 2509 2510 if (ImmOpNo == -1U) 2511 return false; 2512 2513 Value = Inst.getOperand(ImmOpNo).getImm(); 2514 2515 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2516 2517 return true; 2518 } 2519 2520 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2521 int64_t Imm) const override { 2522 2523 enum CheckSignExt : uint8_t { 2524 NOCHECK = 0, 2525 CHECK8, 2526 CHECK32, 2527 }; 2528 2529 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2530 struct InstInfo { 2531 // Size in bytes that Inst loads from memory. 2532 uint8_t DataSize; 2533 2534 // True when the target operand has to be duplicated because the opcode 2535 // expects a LHS operand. 2536 bool HasLHS; 2537 2538 // List of checks and corresponding opcodes to be used. We try to use the 2539 // smallest possible immediate value when various sizes are available, 2540 // hence we may need to check whether a larger constant fits in a smaller 2541 // immediate. 2542 CheckList Checks; 2543 }; 2544 2545 InstInfo I; 2546 2547 switch (Inst.getOpcode()) { 2548 default: { 2549 switch (getPushSize(Inst)) { 2550 2551 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2552 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2553 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2554 {CHECK32, X86::PUSH64i32}, 2555 {NOCHECK, Inst.getOpcode()}}}; break; 2556 default: return false; 2557 } 2558 break; 2559 } 2560 2561 // MOV 2562 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2563 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2564 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2565 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2566 {NOCHECK, X86::MOV64ri}}}; break; 2567 2568 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2569 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2570 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2571 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2572 {NOCHECK, X86::MOV64mr}}}; break; 2573 2574 // MOVZX 2575 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2576 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2577 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2578 2579 // CMP 2580 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2581 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2582 {NOCHECK, X86::CMP16ri}}}; break; 2583 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2584 {NOCHECK, X86::CMP32ri}}}; break; 2585 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2586 {CHECK32, X86::CMP64ri32}, 2587 {NOCHECK, X86::CMP64rr}}}; break; 2588 2589 // TEST 2590 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2591 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2592 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2593 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2594 {NOCHECK, X86::TEST64rr}}}; break; 2595 2596 // ADD 2597 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2598 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2599 {NOCHECK, X86::ADD16ri}}}; break; 2600 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2601 {NOCHECK, X86::ADD32ri}}}; break; 2602 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2603 {CHECK32, X86::ADD64ri32}, 2604 {NOCHECK, X86::ADD64rr}}}; break; 2605 2606 // SUB 2607 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2608 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2609 {NOCHECK, X86::SUB16ri}}}; break; 2610 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2611 {NOCHECK, X86::SUB32ri}}}; break; 2612 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2613 {CHECK32, X86::SUB64ri32}, 2614 {NOCHECK, X86::SUB64rr}}}; break; 2615 2616 // AND 2617 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2618 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2619 {NOCHECK, X86::AND16ri}}}; break; 2620 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2621 {NOCHECK, X86::AND32ri}}}; break; 2622 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2623 {CHECK32, X86::AND64ri32}, 2624 {NOCHECK, X86::AND64rr}}}; break; 2625 2626 // OR 2627 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2628 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2629 {NOCHECK, X86::OR16ri}}}; break; 2630 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2631 {NOCHECK, X86::OR32ri}}}; break; 2632 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2633 {CHECK32, X86::OR64ri32}, 2634 {NOCHECK, X86::OR64rr}}}; break; 2635 2636 // XOR 2637 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2638 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2639 {NOCHECK, X86::XOR16ri}}}; break; 2640 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 2641 {NOCHECK, X86::XOR32ri}}}; break; 2642 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 2643 {CHECK32, X86::XOR64ri32}, 2644 {NOCHECK, X86::XOR64rr}}}; break; 2645 } 2646 2647 // Compute the new opcode. 2648 unsigned NewOpcode = 0; 2649 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 2650 NewOpcode = Check.second; 2651 if (Check.first == NOCHECK) 2652 break; 2653 if (Check.first == CHECK8 && isInt<8>(Imm)) 2654 break; 2655 if (Check.first == CHECK32 && isInt<32>(Imm)) 2656 break; 2657 } 2658 if (NewOpcode == Inst.getOpcode()) 2659 return false; 2660 2661 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2662 2663 unsigned NumFound = 0; 2664 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 2665 E = InstDesc.getNumOperands(); 2666 Index != E; ++Index) 2667 if (Inst.getOperand(Index).isReg() && 2668 Inst.getOperand(Index).getReg() == Register) 2669 NumFound++; 2670 2671 if (NumFound != 1) 2672 return false; 2673 2674 MCOperand TargetOp = Inst.getOperand(0); 2675 Inst.clear(); 2676 Inst.setOpcode(NewOpcode); 2677 Inst.addOperand(TargetOp); 2678 if (I.HasLHS) 2679 Inst.addOperand(TargetOp); 2680 Inst.addOperand(MCOperand::createImm(Imm)); 2681 2682 return true; 2683 } 2684 2685 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 2686 unsigned ReplaceWith) const override { 2687 2688 // Get the HasLHS value so that iteration can be done 2689 bool HasLHS; 2690 if (X86::isAND(Inst.getOpcode()) || X86::isADD(Inst.getOpcode()) || 2691 X86::isSUB(Inst.getOpcode())) { 2692 HasLHS = true; 2693 } else if (isPop(Inst) || isPush(Inst) || X86::isCMP(Inst.getOpcode()) || 2694 X86::isTEST(Inst.getOpcode())) { 2695 HasLHS = false; 2696 } else { 2697 switch (Inst.getOpcode()) { 2698 case X86::MOV8rr: 2699 case X86::MOV8rm: 2700 case X86::MOV8mr: 2701 case X86::MOV8ri: 2702 case X86::MOV16rr: 2703 case X86::MOV16rm: 2704 case X86::MOV16mr: 2705 case X86::MOV16ri: 2706 case X86::MOV32rr: 2707 case X86::MOV32rm: 2708 case X86::MOV32mr: 2709 case X86::MOV32ri: 2710 case X86::MOV64rr: 2711 case X86::MOV64rm: 2712 case X86::MOV64mr: 2713 case X86::MOV64ri: 2714 case X86::MOVZX16rr8: 2715 case X86::MOVZX32rr8: 2716 case X86::MOVZX32rr16: 2717 case X86::MOVSX32rm8: 2718 case X86::MOVSX32rr8: 2719 case X86::MOVSX64rm32: 2720 case X86::LEA64r: 2721 HasLHS = false; 2722 break; 2723 default: 2724 return false; 2725 } 2726 } 2727 2728 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2729 2730 bool FoundOne = false; 2731 2732 // Iterate only through src operands that arent also dest operands 2733 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 2734 E = InstDesc.getNumOperands(); 2735 Index != E; ++Index) { 2736 BitVector RegAliases = getAliases(ToReplace, true); 2737 if (!Inst.getOperand(Index).isReg() || 2738 !RegAliases.test(Inst.getOperand(Index).getReg())) 2739 continue; 2740 // Resize register if needed 2741 unsigned SizedReplaceWith = getAliasSized( 2742 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 2743 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 2744 Inst.getOperand(Index) = NewOperand; 2745 FoundOne = true; 2746 } 2747 2748 // Return true if at least one operand was replaced 2749 return FoundOne; 2750 } 2751 2752 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 2753 MCContext *Ctx) const override { 2754 Inst.setOpcode(X86::JMP_1); 2755 Inst.addOperand(MCOperand::createExpr( 2756 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 2757 return true; 2758 } 2759 2760 bool createCall(MCInst &Inst, const MCSymbol *Target, 2761 MCContext *Ctx) override { 2762 Inst.setOpcode(X86::CALL64pcrel32); 2763 Inst.addOperand(MCOperand::createExpr( 2764 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2765 return true; 2766 } 2767 2768 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 2769 MCContext *Ctx) override { 2770 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 2771 } 2772 2773 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 2774 MCContext *Ctx) override { 2775 Seq.clear(); 2776 Seq.emplace_back(); 2777 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 2778 } 2779 2780 bool createTrap(MCInst &Inst) const override { 2781 Inst.clear(); 2782 Inst.setOpcode(X86::TRAP); 2783 return true; 2784 } 2785 2786 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 2787 MCContext *Ctx) const override { 2788 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 2789 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 2790 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 2791 Inst.getOperand(0) = MCOperand::createExpr( 2792 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2793 return true; 2794 } 2795 2796 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 2797 unsigned CC) const override { 2798 if (CC == X86::COND_INVALID) 2799 return false; 2800 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 2801 Inst.getOperand(0) = MCOperand::createExpr( 2802 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2803 return true; 2804 } 2805 2806 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 2807 switch (CC) { 2808 default: return X86::COND_INVALID; 2809 2810 case X86::COND_E: return X86::COND_E; 2811 case X86::COND_NE: return X86::COND_E; 2812 2813 case X86::COND_L: return X86::COND_L; 2814 case X86::COND_GE: return X86::COND_L; 2815 2816 case X86::COND_LE: return X86::COND_G; 2817 case X86::COND_G: return X86::COND_G; 2818 2819 case X86::COND_B: return X86::COND_B; 2820 case X86::COND_AE: return X86::COND_B; 2821 2822 case X86::COND_BE: return X86::COND_A; 2823 case X86::COND_A: return X86::COND_A; 2824 2825 case X86::COND_S: return X86::COND_S; 2826 case X86::COND_NS: return X86::COND_S; 2827 2828 case X86::COND_P: return X86::COND_P; 2829 case X86::COND_NP: return X86::COND_P; 2830 2831 case X86::COND_O: return X86::COND_O; 2832 case X86::COND_NO: return X86::COND_O; 2833 } 2834 } 2835 2836 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 2837 MCContext *Ctx) const override { 2838 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 2839 "Invalid instruction"); 2840 Inst.getOperand(0) = MCOperand::createExpr( 2841 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2842 return true; 2843 } 2844 2845 MCPhysReg getX86R11() const override { return X86::R11; } 2846 2847 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 2848 // FIXME: this should depend on the calling convention. 2849 switch (ArgNo) { 2850 case 0: return X86::RDI; 2851 case 1: return X86::RSI; 2852 case 2: return X86::RDX; 2853 case 3: return X86::RCX; 2854 case 4: return X86::R8; 2855 case 5: return X86::R9; 2856 default: return getNoRegister(); 2857 } 2858 } 2859 2860 void createPause(MCInst &Inst) const override { 2861 Inst.clear(); 2862 Inst.setOpcode(X86::PAUSE); 2863 } 2864 2865 void createLfence(MCInst &Inst) const override { 2866 Inst.clear(); 2867 Inst.setOpcode(X86::LFENCE); 2868 } 2869 2870 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 2871 bool IsTailCall) override { 2872 Inst.clear(); 2873 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 2874 Inst.addOperand(MCOperand::createExpr( 2875 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2876 if (IsTailCall) 2877 setTailCall(Inst); 2878 return true; 2879 } 2880 2881 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 2882 MCContext *Ctx, bool IsTailCall) override { 2883 Seq.clear(); 2884 MCInst Inst; 2885 Inst.setOpcode(X86::JMP_1); 2886 Inst.addOperand(MCOperand::createExpr( 2887 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2888 if (IsTailCall) 2889 setTailCall(Inst); 2890 Seq.emplace_back(Inst); 2891 } 2892 2893 bool isConditionalMove(const MCInst &Inst) const override { 2894 unsigned OpCode = Inst.getOpcode(); 2895 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 2896 OpCode == X86::CMOV64rr); 2897 } 2898 2899 bool isBranchOnMem(const MCInst &Inst) const override { 2900 unsigned OpCode = Inst.getOpcode(); 2901 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 2902 OpCode == X86::JMP64m) 2903 return true; 2904 2905 return false; 2906 } 2907 2908 bool isBranchOnReg(const MCInst &Inst) const override { 2909 unsigned OpCode = Inst.getOpcode(); 2910 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 2911 OpCode == X86::JMP64r) 2912 return true; 2913 2914 return false; 2915 } 2916 2917 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 2918 unsigned Size) const override { 2919 Inst.clear(); 2920 unsigned NewOpcode = 0; 2921 if (Reg == X86::EFLAGS) { 2922 switch (Size) { 2923 case 2: NewOpcode = X86::PUSHF16; break; 2924 case 4: NewOpcode = X86::PUSHF32; break; 2925 case 8: NewOpcode = X86::PUSHF64; break; 2926 default: 2927 llvm_unreachable("Unexpected size"); 2928 } 2929 Inst.setOpcode(NewOpcode); 2930 return; 2931 } 2932 switch (Size) { 2933 case 2: NewOpcode = X86::PUSH16r; break; 2934 case 4: NewOpcode = X86::PUSH32r; break; 2935 case 8: NewOpcode = X86::PUSH64r; break; 2936 default: 2937 llvm_unreachable("Unexpected size"); 2938 } 2939 Inst.setOpcode(NewOpcode); 2940 Inst.addOperand(MCOperand::createReg(Reg)); 2941 } 2942 2943 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 2944 unsigned Size) const override { 2945 Inst.clear(); 2946 unsigned NewOpcode = 0; 2947 if (Reg == X86::EFLAGS) { 2948 switch (Size) { 2949 case 2: NewOpcode = X86::POPF16; break; 2950 case 4: NewOpcode = X86::POPF32; break; 2951 case 8: NewOpcode = X86::POPF64; break; 2952 default: 2953 llvm_unreachable("Unexpected size"); 2954 } 2955 Inst.setOpcode(NewOpcode); 2956 return; 2957 } 2958 switch (Size) { 2959 case 2: NewOpcode = X86::POP16r; break; 2960 case 4: NewOpcode = X86::POP32r; break; 2961 case 8: NewOpcode = X86::POP64r; break; 2962 default: 2963 llvm_unreachable("Unexpected size"); 2964 } 2965 Inst.setOpcode(NewOpcode); 2966 Inst.addOperand(MCOperand::createReg(Reg)); 2967 } 2968 2969 void createPushFlags(MCInst &Inst, unsigned Size) const override { 2970 return createPushRegister(Inst, X86::EFLAGS, Size); 2971 } 2972 2973 void createPopFlags(MCInst &Inst, unsigned Size) const override { 2974 return createPopRegister(Inst, X86::EFLAGS, Size); 2975 } 2976 2977 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 2978 unsigned Size) const { 2979 unsigned int Opcode; 2980 switch (Size) { 2981 case 1: Opcode = X86::ADD8ri; break; 2982 case 2: Opcode = X86::ADD16ri; break; 2983 case 4: Opcode = X86::ADD32ri; break; 2984 default: 2985 llvm_unreachable("Unexpected size"); 2986 } 2987 Inst.setOpcode(Opcode); 2988 Inst.clear(); 2989 Inst.addOperand(MCOperand::createReg(Reg)); 2990 Inst.addOperand(MCOperand::createReg(Reg)); 2991 Inst.addOperand(MCOperand::createImm(Value)); 2992 } 2993 2994 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 2995 unsigned Size) const { 2996 unsigned int Opcode; 2997 switch (Size) { 2998 case 1: Opcode = X86::MOV8ri; break; 2999 case 2: Opcode = X86::MOV16ri; break; 3000 case 4: Opcode = X86::MOV32ri; break; 3001 // Writing to a 32-bit register always zeros the upper 32 bits of the 3002 // full-width register 3003 case 8: 3004 Opcode = X86::MOV32ri; 3005 Reg = getAliasSized(Reg, 4); 3006 break; 3007 default: 3008 llvm_unreachable("Unexpected size"); 3009 } 3010 Inst.setOpcode(Opcode); 3011 Inst.clear(); 3012 Inst.addOperand(MCOperand::createReg(Reg)); 3013 Inst.addOperand(MCOperand::createImm(0)); 3014 } 3015 3016 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3017 Inst.setOpcode(X86::SETCCr); 3018 Inst.clear(); 3019 Inst.addOperand(MCOperand::createReg(Reg)); 3020 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3021 } 3022 3023 void createX86Lahf(MCInst &Inst) const { 3024 Inst.setOpcode(X86::LAHF); 3025 Inst.clear(); 3026 } 3027 3028 void createX86Sahf(MCInst &Inst) const { 3029 Inst.setOpcode(X86::SAHF); 3030 Inst.clear(); 3031 } 3032 3033 InstructionListType createInstrIncMemory(const MCSymbol *Target, 3034 MCContext *Ctx, 3035 bool IsLeaf) const override { 3036 InstructionListType Instrs(IsLeaf ? 13 : 11); 3037 unsigned int I = 0; 3038 3039 // Don't clobber application red zone (ABI dependent) 3040 if (IsLeaf) 3041 createStackPointerIncrement(Instrs[I++], 128, 3042 /*NoFlagsClobber=*/true); 3043 3044 // Performance improvements based on the optimization discussed at 3045 // https://reviews.llvm.org/D6629 3046 // LAHF/SAHF are used instead of PUSHF/POPF 3047 // PUSHF 3048 createPushRegister(Instrs[I++], X86::RAX, 8); 3049 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3050 createX86Lahf(Instrs[I++]); 3051 createPushRegister(Instrs[I++], X86::RAX, 8); 3052 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3053 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3054 // LOCK INC 3055 createIncMemory(Instrs[I++], Target, Ctx); 3056 // POPF 3057 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3058 createPopRegister(Instrs[I++], X86::RAX, 8); 3059 createX86Sahf(Instrs[I++]); 3060 createPopRegister(Instrs[I++], X86::RAX, 8); 3061 3062 if (IsLeaf) 3063 createStackPointerDecrement(Instrs[I], 128, 3064 /*NoFlagsClobber=*/true); 3065 return Instrs; 3066 } 3067 3068 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3069 int64_t Disp) const { 3070 Inst.setOpcode(X86::XCHG64rm); 3071 Inst.addOperand(MCOperand::createReg(Source)); 3072 Inst.addOperand(MCOperand::createReg(Source)); 3073 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3074 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3075 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3076 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3077 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3078 } 3079 3080 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3081 int64_t Disp) const { 3082 Inst.setOpcode(X86::JMP64m); 3083 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3084 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3085 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3086 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3087 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3088 } 3089 3090 InstructionListType createInstrumentedIndirectCall(MCInst &&CallInst, 3091 MCSymbol *HandlerFuncAddr, 3092 int CallSiteID, 3093 MCContext *Ctx) override { 3094 // Check if the target address expression used in the original indirect call 3095 // uses the stack pointer, which we are going to clobber. 3096 static BitVector SPAliases(getAliases(X86::RSP)); 3097 bool UsesSP = false; 3098 // Skip defs. 3099 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3100 E = MCPlus::getNumPrimeOperands(CallInst); 3101 I != E; ++I) { 3102 const MCOperand &Operand = CallInst.getOperand(I); 3103 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3104 UsesSP = true; 3105 break; 3106 } 3107 } 3108 3109 InstructionListType Insts; 3110 MCPhysReg TempReg = getIntArgRegister(0); 3111 // Code sequence used to enter indirect call instrumentation helper: 3112 // push %rdi 3113 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3114 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3115 // sub $8, %rsp ;; restore correct stack value 3116 // push %rdi 3117 // movq $CallSiteID, %rdi 3118 // push %rdi 3119 // callq/jmp HandlerFuncAddr 3120 Insts.emplace_back(); 3121 createPushRegister(Insts.back(), TempReg, 8); 3122 if (UsesSP) { // Only adjust SP if we really need to 3123 Insts.emplace_back(); 3124 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3125 } 3126 Insts.emplace_back(CallInst); 3127 // Insts.back() and CallInst now share the same annotation instruction. 3128 // Strip it from Insts.back(), only preserving tail call annotation. 3129 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3130 convertIndirectCallToLoad(Insts.back(), TempReg); 3131 if (UsesSP) { 3132 Insts.emplace_back(); 3133 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3134 } 3135 Insts.emplace_back(); 3136 createPushRegister(Insts.back(), TempReg, 8); 3137 Insts.emplace_back(); 3138 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3139 Insts.emplace_back(); 3140 createPushRegister(Insts.back(), TempReg, 8); 3141 3142 MCInst &NewCallInst = Insts.emplace_back(); 3143 createDirectCall(NewCallInst, HandlerFuncAddr, Ctx, isTailCall(CallInst)); 3144 3145 // Carry over metadata including tail call marker if present. 3146 stripAnnotations(NewCallInst); 3147 moveAnnotations(std::move(CallInst), NewCallInst); 3148 3149 return Insts; 3150 } 3151 3152 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3153 const MCPhysReg TempReg = getIntArgRegister(0); 3154 // We just need to undo the sequence created for every ind call in 3155 // instrumentIndirectTarget(), which can be accomplished minimally with: 3156 // popfq 3157 // pop %rdi 3158 // add $16, %rsp 3159 // xchg (%rsp), %rdi 3160 // jmp *-8(%rsp) 3161 InstructionListType Insts(5); 3162 createPopFlags(Insts[0], 8); 3163 createPopRegister(Insts[1], TempReg, 8); 3164 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3165 createSwap(Insts[3], TempReg, X86::RSP, 0); 3166 createIndirectBranch(Insts[4], X86::RSP, -8); 3167 return Insts; 3168 } 3169 3170 InstructionListType 3171 createInstrumentedIndTailCallHandlerExitBB() const override { 3172 const MCPhysReg TempReg = getIntArgRegister(0); 3173 // Same thing as above, but for tail calls 3174 // popfq 3175 // add $16, %rsp 3176 // pop %rdi 3177 // jmp *-16(%rsp) 3178 InstructionListType Insts(4); 3179 createPopFlags(Insts[0], 8); 3180 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3181 createPopRegister(Insts[2], TempReg, 8); 3182 createIndirectBranch(Insts[3], X86::RSP, -16); 3183 return Insts; 3184 } 3185 3186 InstructionListType 3187 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3188 const MCSymbol *IndCallHandler, 3189 MCContext *Ctx) override { 3190 const MCPhysReg TempReg = getIntArgRegister(0); 3191 // Code sequence used to check whether InstrTampoline was initialized 3192 // and call it if so, returns via IndCallHandler. 3193 // pushfq 3194 // mov InstrTrampoline,%rdi 3195 // cmp $0x0,%rdi 3196 // je IndCallHandler 3197 // callq *%rdi 3198 // jmpq IndCallHandler 3199 InstructionListType Insts; 3200 Insts.emplace_back(); 3201 createPushFlags(Insts.back(), 8); 3202 Insts.emplace_back(); 3203 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3204 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3205 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3206 Insts.emplace_back(); 3207 Insts.back().setOpcode(X86::CALL64r); 3208 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3209 Insts.emplace_back(); 3210 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3211 return Insts; 3212 } 3213 3214 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3215 InstructionListType Insts(2); 3216 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3217 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3218 createReturn(Insts[1]); 3219 return Insts; 3220 } 3221 3222 InstructionListType 3223 createInstrLocationsGetter(MCContext *Ctx) const override { 3224 InstructionListType Insts(2); 3225 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3226 createLea(Insts[0], Locs, X86::EAX, Ctx); 3227 createReturn(Insts[1]); 3228 return Insts; 3229 } 3230 3231 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3232 InstructionListType Insts(2); 3233 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3234 createLea(Insts[0], Locs, X86::EAX, Ctx); 3235 createReturn(Insts[1]); 3236 return Insts; 3237 } 3238 3239 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3240 InstructionListType Insts(2); 3241 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3242 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3243 createReturn(Insts[1]); 3244 return Insts; 3245 } 3246 3247 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3248 MCContext *Ctx) const override { 3249 InstructionListType Insts(1); 3250 createUncondBranch(Insts[0], TgtSym, Ctx); 3251 return Insts; 3252 } 3253 3254 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3255 InstructionListType Insts(1); 3256 createReturn(Insts[0]); 3257 return Insts; 3258 } 3259 3260 BlocksVectorTy indirectCallPromotion( 3261 const MCInst &CallInst, 3262 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3263 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3264 const std::vector<MCInst *> &MethodFetchInsns, 3265 const bool MinimizeCodeSize, MCContext *Ctx) override { 3266 const bool IsTailCall = isTailCall(CallInst); 3267 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3268 BlocksVectorTy Results; 3269 3270 // Label for the current code block. 3271 MCSymbol *NextTarget = nullptr; 3272 3273 // The join block which contains all the instructions following CallInst. 3274 // MergeBlock remains null if CallInst is a tail call. 3275 MCSymbol *MergeBlock = nullptr; 3276 3277 unsigned FuncAddrReg = X86::R10; 3278 3279 const bool LoadElim = !VtableSyms.empty(); 3280 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3281 "There must be a vtable entry for every method " 3282 "in the targets vector."); 3283 3284 if (MinimizeCodeSize && !LoadElim) { 3285 std::set<unsigned> UsedRegs; 3286 3287 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3288 const MCOperand &Op = CallInst.getOperand(I); 3289 if (Op.isReg()) 3290 UsedRegs.insert(Op.getReg()); 3291 } 3292 3293 if (UsedRegs.count(X86::R10) == 0) 3294 FuncAddrReg = X86::R10; 3295 else if (UsedRegs.count(X86::R11) == 0) 3296 FuncAddrReg = X86::R11; 3297 else 3298 return Results; 3299 } 3300 3301 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3302 assert(MergeBlock); 3303 NewCall.push_back(CallInst); 3304 MCInst &Merge = NewCall.back(); 3305 Merge.clear(); 3306 createUncondBranch(Merge, MergeBlock, Ctx); 3307 }; 3308 3309 for (unsigned int i = 0; i < Targets.size(); ++i) { 3310 Results.emplace_back(NextTarget, InstructionListType()); 3311 InstructionListType *NewCall = &Results.back().second; 3312 3313 if (MinimizeCodeSize && !LoadElim) { 3314 // Load the call target into FuncAddrReg. 3315 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3316 MCInst &Target = NewCall->back(); 3317 Target.clear(); 3318 Target.setOpcode(X86::MOV64ri32); 3319 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3320 if (Targets[i].first) { 3321 // Is this OK? 3322 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3323 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3324 } else { 3325 const uint64_t Addr = Targets[i].second; 3326 // Immediate address is out of sign extended 32 bit range. 3327 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3328 return BlocksVectorTy(); 3329 3330 Target.addOperand(MCOperand::createImm(Addr)); 3331 } 3332 3333 // Compare current call target to a specific address. 3334 NewCall->push_back(CallInst); 3335 MCInst &Compare = NewCall->back(); 3336 Compare.clear(); 3337 if (isBranchOnReg(CallInst)) 3338 Compare.setOpcode(X86::CMP64rr); 3339 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3340 Compare.setOpcode(X86::CMP64ri32); 3341 else 3342 Compare.setOpcode(X86::CMP64rm); 3343 3344 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3345 3346 // TODO: Would be preferable to only load this value once. 3347 for (unsigned i = 0; 3348 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3349 if (!CallInst.getOperand(i).isInst()) 3350 Compare.addOperand(CallInst.getOperand(i)); 3351 } else { 3352 // Compare current call target to a specific address. 3353 NewCall->push_back(CallInst); 3354 MCInst &Compare = NewCall->back(); 3355 Compare.clear(); 3356 if (isBranchOnReg(CallInst)) 3357 Compare.setOpcode(X86::CMP64ri32); 3358 else 3359 Compare.setOpcode(X86::CMP64mi32); 3360 3361 // Original call address. 3362 for (unsigned i = 0; 3363 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3364 if (!CallInst.getOperand(i).isInst()) 3365 Compare.addOperand(CallInst.getOperand(i)); 3366 3367 // Target address. 3368 if (Targets[i].first || LoadElim) { 3369 const MCSymbol *Sym = 3370 LoadElim ? VtableSyms[i].first : Targets[i].first; 3371 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3372 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3373 if (Addend) 3374 Expr = MCBinaryExpr::createAdd( 3375 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3376 Compare.addOperand(MCOperand::createExpr(Expr)); 3377 } else { 3378 const uint64_t Addr = Targets[i].second; 3379 // Immediate address is out of sign extended 32 bit range. 3380 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3381 return BlocksVectorTy(); 3382 3383 Compare.addOperand(MCOperand::createImm(Addr)); 3384 } 3385 } 3386 3387 // jump to next target compare. 3388 NextTarget = 3389 Ctx->createNamedTempSymbol(); // generate label for the next block 3390 NewCall->push_back(CallInst); 3391 3392 if (IsJumpTable) { 3393 MCInst &Je = NewCall->back(); 3394 3395 // Jump to next compare if target addresses don't match. 3396 Je.clear(); 3397 Je.setOpcode(X86::JCC_1); 3398 if (Targets[i].first) 3399 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3400 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3401 else 3402 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3403 3404 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3405 assert(!isInvoke(CallInst)); 3406 } else { 3407 MCInst &Jne = NewCall->back(); 3408 3409 // Jump to next compare if target addresses don't match. 3410 Jne.clear(); 3411 Jne.setOpcode(X86::JCC_1); 3412 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3413 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3414 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3415 3416 // Call specific target directly. 3417 Results.emplace_back(Ctx->createNamedTempSymbol(), 3418 InstructionListType()); 3419 NewCall = &Results.back().second; 3420 NewCall->push_back(CallInst); 3421 MCInst &CallOrJmp = NewCall->back(); 3422 3423 CallOrJmp.clear(); 3424 3425 if (MinimizeCodeSize && !LoadElim) { 3426 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3427 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3428 } else { 3429 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3430 3431 if (Targets[i].first) 3432 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3433 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3434 else 3435 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3436 } 3437 if (IsTailCall) 3438 setTailCall(CallOrJmp); 3439 3440 if (CallOrJmp.getOpcode() == X86::CALL64r || 3441 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3442 if (std::optional<uint32_t> Offset = getOffset(CallInst)) 3443 // Annotated as duplicated call 3444 setOffset(CallOrJmp, *Offset); 3445 } 3446 3447 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3448 // Copy over any EH or GNU args size information from the original 3449 // call. 3450 std::optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3451 if (EHInfo) 3452 addEHInfo(CallOrJmp, *EHInfo); 3453 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3454 if (GnuArgsSize >= 0) 3455 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3456 } 3457 3458 if (!IsTailCall) { 3459 // The fallthrough block for the most common target should be 3460 // the merge block. 3461 if (i == 0) { 3462 // Fallthrough to merge block. 3463 MergeBlock = Ctx->createNamedTempSymbol(); 3464 } else { 3465 // Insert jump to the merge block if we are not doing a fallthrough. 3466 jumpToMergeBlock(*NewCall); 3467 } 3468 } 3469 } 3470 } 3471 3472 // Cold call block. 3473 Results.emplace_back(NextTarget, InstructionListType()); 3474 InstructionListType &NewCall = Results.back().second; 3475 for (const MCInst *Inst : MethodFetchInsns) 3476 if (Inst != &CallInst) 3477 NewCall.push_back(*Inst); 3478 NewCall.push_back(CallInst); 3479 3480 // Jump to merge block from cold call block 3481 if (!IsTailCall && !IsJumpTable) { 3482 jumpToMergeBlock(NewCall); 3483 3484 // Record merge block 3485 Results.emplace_back(MergeBlock, InstructionListType()); 3486 } 3487 3488 return Results; 3489 } 3490 3491 BlocksVectorTy jumpTablePromotion( 3492 const MCInst &IJmpInst, 3493 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3494 const std::vector<MCInst *> &TargetFetchInsns, 3495 MCContext *Ctx) const override { 3496 assert(getJumpTable(IJmpInst) != 0); 3497 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3498 if (IndexReg == 0) 3499 return BlocksVectorTy(); 3500 3501 BlocksVectorTy Results; 3502 3503 // Label for the current code block. 3504 MCSymbol *NextTarget = nullptr; 3505 3506 for (unsigned int i = 0; i < Targets.size(); ++i) { 3507 Results.emplace_back(NextTarget, InstructionListType()); 3508 InstructionListType *CurBB = &Results.back().second; 3509 3510 // Compare current index to a specific index. 3511 CurBB->emplace_back(MCInst()); 3512 MCInst &CompareInst = CurBB->back(); 3513 CompareInst.setLoc(IJmpInst.getLoc()); 3514 CompareInst.setOpcode(X86::CMP64ri32); 3515 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3516 3517 const uint64_t CaseIdx = Targets[i].second; 3518 // Immediate address is out of sign extended 32 bit range. 3519 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3520 return BlocksVectorTy(); 3521 3522 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3523 shortenInstruction(CompareInst, *Ctx->getSubtargetInfo()); 3524 3525 // jump to next target compare. 3526 NextTarget = 3527 Ctx->createNamedTempSymbol(); // generate label for the next block 3528 CurBB->push_back(MCInst()); 3529 3530 MCInst &JEInst = CurBB->back(); 3531 JEInst.setLoc(IJmpInst.getLoc()); 3532 3533 // Jump to target if indices match 3534 JEInst.setOpcode(X86::JCC_1); 3535 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3536 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3537 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3538 } 3539 3540 // Cold call block. 3541 Results.emplace_back(NextTarget, InstructionListType()); 3542 InstructionListType &CurBB = Results.back().second; 3543 for (const MCInst *Inst : TargetFetchInsns) 3544 if (Inst != &IJmpInst) 3545 CurBB.push_back(*Inst); 3546 3547 CurBB.push_back(IJmpInst); 3548 3549 return Results; 3550 } 3551 3552 private: 3553 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3554 MCContext *Ctx) const { 3555 Inst.setOpcode(X86::MOV64rm); 3556 Inst.addOperand(MCOperand::createReg(Reg)); 3557 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3558 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3559 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3560 Inst.addOperand(MCOperand::createExpr( 3561 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3562 *Ctx))); // Displacement 3563 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3564 3565 return true; 3566 } 3567 3568 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3569 MCContext *Ctx) const { 3570 Inst.setOpcode(X86::LEA64r); 3571 Inst.addOperand(MCOperand::createReg(Reg)); 3572 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3573 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3574 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3575 Inst.addOperand(MCOperand::createExpr( 3576 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3577 *Ctx))); // Displacement 3578 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3579 return true; 3580 } 3581 }; 3582 3583 } // namespace 3584 3585 namespace llvm { 3586 namespace bolt { 3587 3588 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3589 const MCInstrInfo *Info, 3590 const MCRegisterInfo *RegInfo) { 3591 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3592 } 3593 3594 } // namespace bolt 3595 } // namespace llvm 3596