1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "bolt/Core/MCPlus.h" 17 #include "bolt/Core/MCPlusBuilder.h" 18 #include "llvm/BinaryFormat/ELF.h" 19 #include "llvm/MC/MCContext.h" 20 #include "llvm/MC/MCFixupKindInfo.h" 21 #include "llvm/MC/MCInst.h" 22 #include "llvm/MC/MCInstBuilder.h" 23 #include "llvm/MC/MCInstrInfo.h" 24 #include "llvm/MC/MCRegister.h" 25 #include "llvm/MC/MCRegisterInfo.h" 26 #include "llvm/Support/CommandLine.h" 27 #include "llvm/Support/DataExtractor.h" 28 #include "llvm/Support/Debug.h" 29 #include "llvm/Support/Errc.h" 30 #include "llvm/Support/ErrorHandling.h" 31 #include "llvm/Support/ErrorOr.h" 32 #include <set> 33 34 #define DEBUG_TYPE "mcplus" 35 36 using namespace llvm; 37 using namespace bolt; 38 39 namespace opts { 40 41 extern cl::OptionCategory BoltOptCategory; 42 43 static cl::opt<bool> X86StripRedundantAddressSize( 44 "x86-strip-redundant-address-size", 45 cl::desc("Remove redundant Address-Size override prefix"), cl::init(true), 46 cl::ZeroOrMore, cl::cat(BoltOptCategory)); 47 48 } // namespace opts 49 50 namespace { 51 52 unsigned getShortBranchOpcode(unsigned Opcode) { 53 switch (Opcode) { 54 default: 55 return Opcode; 56 case X86::JMP_2: return X86::JMP_1; 57 case X86::JMP_4: return X86::JMP_1; 58 case X86::JCC_2: return X86::JCC_1; 59 case X86::JCC_4: return X86::JCC_1; 60 } 61 } 62 63 unsigned getShortArithOpcode(unsigned Opcode) { 64 return X86::getShortOpcodeArith(Opcode); 65 } 66 67 bool isMOVSX64rm32(const MCInst &Inst) { 68 return Inst.getOpcode() == X86::MOVSX64rm32; 69 } 70 71 class X86MCPlusBuilder : public MCPlusBuilder { 72 public: 73 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 74 const MCRegisterInfo *RegInfo) 75 : MCPlusBuilder(Analysis, Info, RegInfo) {} 76 77 bool isBranch(const MCInst &Inst) const override { 78 return Analysis->isBranch(Inst) && !isTailCall(Inst); 79 } 80 81 bool isNoop(const MCInst &Inst) const override { 82 return X86::isNOP(Inst.getOpcode()); 83 } 84 85 unsigned getCondCode(const MCInst &Inst) const override { 86 unsigned Opcode = Inst.getOpcode(); 87 if (X86::isJCC(Opcode)) 88 return Inst.getOperand(Info->get(Opcode).NumOperands - 1).getImm(); 89 return X86::COND_INVALID; 90 } 91 92 unsigned getInvertedCondCode(unsigned CC) const override { 93 switch (CC) { 94 default: return X86::COND_INVALID; 95 case X86::COND_E: return X86::COND_NE; 96 case X86::COND_NE: return X86::COND_E; 97 case X86::COND_L: return X86::COND_GE; 98 case X86::COND_LE: return X86::COND_G; 99 case X86::COND_G: return X86::COND_LE; 100 case X86::COND_GE: return X86::COND_L; 101 case X86::COND_B: return X86::COND_AE; 102 case X86::COND_BE: return X86::COND_A; 103 case X86::COND_A: return X86::COND_BE; 104 case X86::COND_AE: return X86::COND_B; 105 case X86::COND_S: return X86::COND_NS; 106 case X86::COND_NS: return X86::COND_S; 107 case X86::COND_P: return X86::COND_NP; 108 case X86::COND_NP: return X86::COND_P; 109 case X86::COND_O: return X86::COND_NO; 110 case X86::COND_NO: return X86::COND_O; 111 } 112 } 113 114 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 115 enum DecodedCondCode : uint8_t { 116 DCC_EQUAL = 0x1, 117 DCC_GREATER = 0x2, 118 DCC_LESSER = 0x4, 119 DCC_GREATER_OR_LESSER = 0x6, 120 DCC_UNSIGNED = 0x8, 121 DCC_SIGNED = 0x10, 122 DCC_INVALID = 0x20, 123 }; 124 125 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 126 switch (CC) { 127 default: return DCC_INVALID; 128 case X86::COND_E: return DCC_EQUAL; 129 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 130 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 131 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 132 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 133 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 134 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 135 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 136 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 137 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 138 } 139 }; 140 141 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 142 143 if (DCC & DCC_INVALID) 144 return X86::COND_INVALID; 145 146 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 147 return X86::COND_INVALID; 148 149 switch (DCC) { 150 default: return X86::COND_INVALID; 151 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 152 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 153 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 154 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 155 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 156 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 157 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 158 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 159 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 160 case DCC_EQUAL: return X86::COND_E; 161 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 162 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 163 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 164 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 165 } 166 } 167 168 bool isValidCondCode(unsigned CC) const override { 169 return (CC != X86::COND_INVALID); 170 } 171 172 bool isBreakpoint(const MCInst &Inst) const override { 173 return Inst.getOpcode() == X86::INT3; 174 } 175 176 bool isPrefix(const MCInst &Inst) const override { 177 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 178 return X86II::isPrefix(Desc.TSFlags); 179 } 180 181 bool isRep(const MCInst &Inst) const override { 182 return Inst.getFlags() == X86::IP_HAS_REPEAT; 183 } 184 185 bool deleteREPPrefix(MCInst &Inst) const override { 186 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 187 Inst.setFlags(0); 188 return true; 189 } 190 return false; 191 } 192 193 // FIXME: For compatibility with old LLVM only! 194 bool isTerminator(const MCInst &Inst) const override { 195 unsigned Opcode = Inst.getOpcode(); 196 return Info->get(Opcode).isTerminator() || X86::isUD1(Opcode) || 197 X86::isUD2(Opcode); 198 } 199 200 bool isIndirectCall(const MCInst &Inst) const override { 201 return isCall(Inst) && 202 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 203 } 204 205 bool isPop(const MCInst &Inst) const override { 206 return getPopSize(Inst) == 0 ? false : true; 207 } 208 209 bool isTerminateBranch(const MCInst &Inst) const override { 210 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 211 } 212 213 int getPopSize(const MCInst &Inst) const override { 214 switch (Inst.getOpcode()) { 215 case X86::POP16r: 216 case X86::POP16rmm: 217 case X86::POP16rmr: 218 case X86::POPF16: 219 case X86::POPA16: 220 case X86::POPDS16: 221 case X86::POPES16: 222 case X86::POPFS16: 223 case X86::POPGS16: 224 case X86::POPSS16: 225 return 2; 226 case X86::POP32r: 227 case X86::POP32rmm: 228 case X86::POP32rmr: 229 case X86::POPA32: 230 case X86::POPDS32: 231 case X86::POPES32: 232 case X86::POPF32: 233 case X86::POPFS32: 234 case X86::POPGS32: 235 case X86::POPSS32: 236 return 4; 237 case X86::POP64r: 238 case X86::POP64rmm: 239 case X86::POP64rmr: 240 case X86::POPF64: 241 case X86::POPFS64: 242 case X86::POPGS64: 243 return 8; 244 } 245 return 0; 246 } 247 248 bool isPush(const MCInst &Inst) const override { 249 return getPushSize(Inst) == 0 ? false : true; 250 } 251 252 int getPushSize(const MCInst &Inst) const override { 253 switch (Inst.getOpcode()) { 254 case X86::PUSH16i8: 255 case X86::PUSH16r: 256 case X86::PUSH16rmm: 257 case X86::PUSH16rmr: 258 case X86::PUSHA16: 259 case X86::PUSHCS16: 260 case X86::PUSHDS16: 261 case X86::PUSHES16: 262 case X86::PUSHF16: 263 case X86::PUSHFS16: 264 case X86::PUSHGS16: 265 case X86::PUSHSS16: 266 case X86::PUSHi16: 267 return 2; 268 case X86::PUSH32i8: 269 case X86::PUSH32r: 270 case X86::PUSH32rmm: 271 case X86::PUSH32rmr: 272 case X86::PUSHA32: 273 case X86::PUSHCS32: 274 case X86::PUSHDS32: 275 case X86::PUSHES32: 276 case X86::PUSHF32: 277 case X86::PUSHFS32: 278 case X86::PUSHGS32: 279 case X86::PUSHSS32: 280 case X86::PUSHi32: 281 return 4; 282 case X86::PUSH64i32: 283 case X86::PUSH64i8: 284 case X86::PUSH64r: 285 case X86::PUSH64rmm: 286 case X86::PUSH64rmr: 287 case X86::PUSHF64: 288 case X86::PUSHFS64: 289 case X86::PUSHGS64: 290 return 8; 291 } 292 return 0; 293 } 294 295 bool isADD64rr(const MCInst &Inst) const override { 296 return Inst.getOpcode() == X86::ADD64rr; 297 } 298 299 bool isSUB(const MCInst &Inst) const override { 300 return X86::isSUB(Inst.getOpcode()); 301 } 302 303 bool isADDri(const MCInst &Inst) const { 304 return Inst.getOpcode() == X86::ADD64ri32 || 305 Inst.getOpcode() == X86::ADD64ri8; 306 } 307 308 bool isLEA64r(const MCInst &Inst) const override { 309 return Inst.getOpcode() == X86::LEA64r; 310 } 311 312 bool isLeave(const MCInst &Inst) const override { 313 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 314 } 315 316 bool isMoveMem2Reg(const MCInst &Inst) const override { 317 switch (Inst.getOpcode()) { 318 case X86::MOV16rm: 319 case X86::MOV32rm: 320 case X86::MOV64rm: 321 return true; 322 } 323 return false; 324 } 325 326 bool isUnsupportedBranch(unsigned Opcode) const override { 327 switch (Opcode) { 328 default: 329 return false; 330 case X86::LOOP: 331 case X86::LOOPE: 332 case X86::LOOPNE: 333 case X86::JECXZ: 334 case X86::JRCXZ: 335 return true; 336 } 337 } 338 339 bool isLoad(const MCInst &Inst) const override { 340 if (isPop(Inst)) 341 return true; 342 343 int MemOpNo = getMemoryOperandNo(Inst); 344 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 345 346 if (MemOpNo == -1) 347 return false; 348 349 return MCII.mayLoad(); 350 } 351 352 bool isStore(const MCInst &Inst) const override { 353 if (isPush(Inst)) 354 return true; 355 356 int MemOpNo = getMemoryOperandNo(Inst); 357 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 358 359 if (MemOpNo == -1) 360 return false; 361 362 return MCII.mayStore(); 363 } 364 365 bool isCleanRegXOR(const MCInst &Inst) const override { 366 switch (Inst.getOpcode()) { 367 case X86::XOR16rr: 368 case X86::XOR32rr: 369 case X86::XOR64rr: 370 break; 371 default: 372 return false; 373 } 374 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 375 } 376 377 bool isPacked(const MCInst &Inst) const override { 378 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 379 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 380 } 381 382 unsigned getTrapFillValue() const override { return 0xCC; } 383 384 struct IndJmpMatcherFrag1 : MCInstMatcher { 385 std::unique_ptr<MCInstMatcher> Base; 386 std::unique_ptr<MCInstMatcher> Scale; 387 std::unique_ptr<MCInstMatcher> Index; 388 std::unique_ptr<MCInstMatcher> Offset; 389 390 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 391 std::unique_ptr<MCInstMatcher> Scale, 392 std::unique_ptr<MCInstMatcher> Index, 393 std::unique_ptr<MCInstMatcher> Offset) 394 : Base(std::move(Base)), Scale(std::move(Scale)), 395 Index(std::move(Index)), Offset(std::move(Offset)) {} 396 397 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 398 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 399 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 400 return false; 401 402 if (CurInst->getOpcode() != X86::JMP64m) 403 return false; 404 405 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 406 if (MemOpNo == -1) 407 return false; 408 409 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 410 return false; 411 if (!Scale->match(MRI, MIB, this->InstrWindow, 412 MemOpNo + X86::AddrScaleAmt)) 413 return false; 414 if (!Index->match(MRI, MIB, this->InstrWindow, 415 MemOpNo + X86::AddrIndexReg)) 416 return false; 417 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 418 return false; 419 return true; 420 } 421 422 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 423 MIB.addAnnotation(*CurInst, Annotation, true); 424 Base->annotate(MIB, Annotation); 425 Scale->annotate(MIB, Annotation); 426 Index->annotate(MIB, Annotation); 427 Offset->annotate(MIB, Annotation); 428 } 429 }; 430 431 std::unique_ptr<MCInstMatcher> 432 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 433 std::unique_ptr<MCInstMatcher> Scale, 434 std::unique_ptr<MCInstMatcher> Index, 435 std::unique_ptr<MCInstMatcher> Offset) const override { 436 return std::unique_ptr<MCInstMatcher>( 437 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 438 std::move(Index), std::move(Offset))); 439 } 440 441 struct IndJmpMatcherFrag2 : MCInstMatcher { 442 std::unique_ptr<MCInstMatcher> Reg; 443 444 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 445 : Reg(std::move(Reg)) {} 446 447 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 448 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 449 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 450 return false; 451 452 if (CurInst->getOpcode() != X86::JMP64r) 453 return false; 454 455 return Reg->match(MRI, MIB, this->InstrWindow, 0); 456 } 457 458 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 459 MIB.addAnnotation(*CurInst, Annotation, true); 460 Reg->annotate(MIB, Annotation); 461 } 462 }; 463 464 std::unique_ptr<MCInstMatcher> 465 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 466 return std::unique_ptr<MCInstMatcher>( 467 new IndJmpMatcherFrag2(std::move(Target))); 468 } 469 470 struct LoadMatcherFrag1 : MCInstMatcher { 471 std::unique_ptr<MCInstMatcher> Base; 472 std::unique_ptr<MCInstMatcher> Scale; 473 std::unique_ptr<MCInstMatcher> Index; 474 std::unique_ptr<MCInstMatcher> Offset; 475 476 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 477 std::unique_ptr<MCInstMatcher> Scale, 478 std::unique_ptr<MCInstMatcher> Index, 479 std::unique_ptr<MCInstMatcher> Offset) 480 : Base(std::move(Base)), Scale(std::move(Scale)), 481 Index(std::move(Index)), Offset(std::move(Offset)) {} 482 483 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 484 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 485 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 486 return false; 487 488 if (CurInst->getOpcode() != X86::MOV64rm && 489 CurInst->getOpcode() != X86::MOVSX64rm32) 490 return false; 491 492 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 493 if (MemOpNo == -1) 494 return false; 495 496 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 497 return false; 498 if (!Scale->match(MRI, MIB, this->InstrWindow, 499 MemOpNo + X86::AddrScaleAmt)) 500 return false; 501 if (!Index->match(MRI, MIB, this->InstrWindow, 502 MemOpNo + X86::AddrIndexReg)) 503 return false; 504 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 505 return false; 506 return true; 507 } 508 509 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 510 MIB.addAnnotation(*CurInst, Annotation, true); 511 Base->annotate(MIB, Annotation); 512 Scale->annotate(MIB, Annotation); 513 Index->annotate(MIB, Annotation); 514 Offset->annotate(MIB, Annotation); 515 } 516 }; 517 518 std::unique_ptr<MCInstMatcher> 519 matchLoad(std::unique_ptr<MCInstMatcher> Base, 520 std::unique_ptr<MCInstMatcher> Scale, 521 std::unique_ptr<MCInstMatcher> Index, 522 std::unique_ptr<MCInstMatcher> Offset) const override { 523 return std::unique_ptr<MCInstMatcher>( 524 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 525 std::move(Index), std::move(Offset))); 526 } 527 528 struct AddMatcher : MCInstMatcher { 529 std::unique_ptr<MCInstMatcher> A; 530 std::unique_ptr<MCInstMatcher> B; 531 532 AddMatcher(std::unique_ptr<MCInstMatcher> A, 533 std::unique_ptr<MCInstMatcher> B) 534 : A(std::move(A)), B(std::move(B)) {} 535 536 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 537 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 538 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 539 return false; 540 541 if (CurInst->getOpcode() == X86::ADD64rr || 542 CurInst->getOpcode() == X86::ADD64rr_DB || 543 CurInst->getOpcode() == X86::ADD64rr_REV) { 544 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 545 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 546 return false; 547 return A->match(MRI, MIB, this->InstrWindow, 2); 548 } 549 550 if (B->match(MRI, MIB, this->InstrWindow, 2)) 551 return true; 552 553 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 554 return false; 555 return A->match(MRI, MIB, this->InstrWindow, 2); 556 } 557 558 return false; 559 } 560 561 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 562 MIB.addAnnotation(*CurInst, Annotation, true); 563 A->annotate(MIB, Annotation); 564 B->annotate(MIB, Annotation); 565 } 566 }; 567 568 virtual std::unique_ptr<MCInstMatcher> 569 matchAdd(std::unique_ptr<MCInstMatcher> A, 570 std::unique_ptr<MCInstMatcher> B) const override { 571 return std::unique_ptr<MCInstMatcher>( 572 new AddMatcher(std::move(A), std::move(B))); 573 } 574 575 struct LEAMatcher : MCInstMatcher { 576 std::unique_ptr<MCInstMatcher> Target; 577 578 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 579 : Target(std::move(Target)) {} 580 581 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 582 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 583 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 584 return false; 585 586 if (CurInst->getOpcode() != X86::LEA64r) 587 return false; 588 589 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 590 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 591 X86::NoRegister || 592 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 593 X86::NoRegister && 594 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 595 return false; 596 597 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 598 } 599 600 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 601 MIB.addAnnotation(*CurInst, Annotation, true); 602 Target->annotate(MIB, Annotation); 603 } 604 }; 605 606 virtual std::unique_ptr<MCInstMatcher> 607 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 608 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 609 } 610 611 bool hasPCRelOperand(const MCInst &Inst) const override { 612 for (const MCOperand &Operand : Inst) 613 if (Operand.isReg() && Operand.getReg() == X86::RIP) 614 return true; 615 return false; 616 } 617 618 int getMemoryOperandNo(const MCInst &Inst) const override { 619 unsigned Opcode = Inst.getOpcode(); 620 const MCInstrDesc &Desc = Info->get(Opcode); 621 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 622 if (MemOpNo >= 0) 623 MemOpNo += X86II::getOperandBias(Desc); 624 return MemOpNo; 625 } 626 627 bool hasEVEXEncoding(const MCInst &Inst) const override { 628 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 629 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 630 } 631 632 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 633 const auto *I = Insts.begin(); 634 while (I != Insts.end() && isPrefix(*I)) 635 ++I; 636 if (I == Insts.end()) 637 return false; 638 639 const MCInst &FirstInst = *I; 640 ++I; 641 while (I != Insts.end() && isPrefix(*I)) 642 ++I; 643 if (I == Insts.end()) 644 return false; 645 const MCInst &SecondInst = *I; 646 647 if (!isConditionalBranch(SecondInst)) 648 return false; 649 // Cannot fuse if the first instruction uses RIP-relative memory. 650 if (hasPCRelOperand(FirstInst)) 651 return false; 652 653 const X86::FirstMacroFusionInstKind CmpKind = 654 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 655 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 656 return false; 657 658 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 659 X86::SecondMacroFusionInstKind BranchKind = 660 X86::classifySecondCondCodeInMacroFusion(CC); 661 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 662 return false; 663 return X86::isMacroFused(CmpKind, BranchKind); 664 } 665 666 bool 667 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 668 int64_t *ScaleImm, unsigned *IndexRegNum, 669 int64_t *DispImm, unsigned *SegmentRegNum, 670 const MCExpr **DispExpr = nullptr) const override { 671 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 672 "one of the input pointers is null"); 673 int MemOpNo = getMemoryOperandNo(Inst); 674 if (MemOpNo < 0) 675 return false; 676 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 677 678 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 679 return false; 680 681 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 682 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 683 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 684 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 685 const MCOperand &Segment = 686 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 687 688 // Make sure it is a well-formed memory operand. 689 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 690 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 691 return false; 692 693 *BaseRegNum = Base.getReg(); 694 *ScaleImm = Scale.getImm(); 695 *IndexRegNum = Index.getReg(); 696 if (Disp.isImm()) { 697 assert(DispImm && "DispImm needs to be set"); 698 *DispImm = Disp.getImm(); 699 if (DispExpr) 700 *DispExpr = nullptr; 701 } else { 702 assert(DispExpr && "DispExpr needs to be set"); 703 *DispExpr = Disp.getExpr(); 704 if (DispImm) 705 *DispImm = 0; 706 } 707 *SegmentRegNum = Segment.getReg(); 708 return true; 709 } 710 711 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 712 uint64_t Address, 713 uint64_t Size) const override { 714 unsigned BaseRegNum; 715 int64_t ScaleValue; 716 unsigned IndexRegNum; 717 int64_t DispValue; 718 unsigned SegRegNum; 719 const MCExpr *DispExpr = nullptr; 720 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 721 &DispValue, &SegRegNum, &DispExpr)) 722 return false; 723 724 // Make sure it's a well-formed addressing we can statically evaluate. 725 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 726 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 727 DispExpr) 728 return false; 729 730 Target = DispValue; 731 if (BaseRegNum == X86::RIP) { 732 assert(Size != 0 && "instruction size required in order to statically " 733 "evaluate RIP-relative address"); 734 Target += Address + Size; 735 } 736 return true; 737 } 738 739 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 740 int MemOpNo = getMemoryOperandNo(Inst); 741 if (MemOpNo < 0) 742 return Inst.end(); 743 return Inst.begin() + (MemOpNo + X86::AddrDisp); 744 } 745 746 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 747 MCOperand *OI = getMemOperandDisp(Inst); 748 if (OI == Inst.end()) 749 return false; 750 *OI = Operand; 751 return true; 752 } 753 754 /// Get the registers used as function parameters. 755 /// This function is specific to the x86_64 abi on Linux. 756 BitVector getRegsUsedAsParams() const override { 757 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 758 Regs |= getAliases(X86::RSI); 759 Regs |= getAliases(X86::RDI); 760 Regs |= getAliases(X86::RDX); 761 Regs |= getAliases(X86::RCX); 762 Regs |= getAliases(X86::R8); 763 Regs |= getAliases(X86::R9); 764 return Regs; 765 } 766 767 void getCalleeSavedRegs(BitVector &Regs) const override { 768 Regs |= getAliases(X86::RBX); 769 Regs |= getAliases(X86::RBP); 770 Regs |= getAliases(X86::R12); 771 Regs |= getAliases(X86::R13); 772 Regs |= getAliases(X86::R14); 773 Regs |= getAliases(X86::R15); 774 } 775 776 void getDefaultDefIn(BitVector &Regs) const override { 777 assert(Regs.size() >= RegInfo->getNumRegs() && 778 "The size of BitVector is less than RegInfo->getNumRegs()."); 779 Regs.set(X86::RAX); 780 Regs.set(X86::RCX); 781 Regs.set(X86::RDX); 782 Regs.set(X86::RSI); 783 Regs.set(X86::RDI); 784 Regs.set(X86::R8); 785 Regs.set(X86::R9); 786 Regs.set(X86::XMM0); 787 Regs.set(X86::XMM1); 788 Regs.set(X86::XMM2); 789 Regs.set(X86::XMM3); 790 Regs.set(X86::XMM4); 791 Regs.set(X86::XMM5); 792 Regs.set(X86::XMM6); 793 Regs.set(X86::XMM7); 794 } 795 796 void getDefaultLiveOut(BitVector &Regs) const override { 797 assert(Regs.size() >= RegInfo->getNumRegs() && 798 "The size of BitVector is less than RegInfo->getNumRegs()."); 799 Regs |= getAliases(X86::RAX); 800 Regs |= getAliases(X86::RDX); 801 Regs |= getAliases(X86::RCX); 802 Regs |= getAliases(X86::XMM0); 803 Regs |= getAliases(X86::XMM1); 804 } 805 806 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 807 if (IncludeAlias) { 808 Regs |= getAliases(X86::RAX); 809 Regs |= getAliases(X86::RBX); 810 Regs |= getAliases(X86::RBP); 811 Regs |= getAliases(X86::RSI); 812 Regs |= getAliases(X86::RDI); 813 Regs |= getAliases(X86::RDX); 814 Regs |= getAliases(X86::RCX); 815 Regs |= getAliases(X86::R8); 816 Regs |= getAliases(X86::R9); 817 Regs |= getAliases(X86::R10); 818 Regs |= getAliases(X86::R11); 819 Regs |= getAliases(X86::R12); 820 Regs |= getAliases(X86::R13); 821 Regs |= getAliases(X86::R14); 822 Regs |= getAliases(X86::R15); 823 return; 824 } 825 Regs.set(X86::RAX); 826 Regs.set(X86::RBX); 827 Regs.set(X86::RBP); 828 Regs.set(X86::RSI); 829 Regs.set(X86::RDI); 830 Regs.set(X86::RDX); 831 Regs.set(X86::RCX); 832 Regs.set(X86::R8); 833 Regs.set(X86::R9); 834 Regs.set(X86::R10); 835 Regs.set(X86::R11); 836 Regs.set(X86::R12); 837 Regs.set(X86::R13); 838 Regs.set(X86::R14); 839 Regs.set(X86::R15); 840 } 841 842 void getClassicGPRegs(BitVector &Regs) const override { 843 Regs |= getAliases(X86::RAX); 844 Regs |= getAliases(X86::RBX); 845 Regs |= getAliases(X86::RBP); 846 Regs |= getAliases(X86::RSI); 847 Regs |= getAliases(X86::RDI); 848 Regs |= getAliases(X86::RDX); 849 Regs |= getAliases(X86::RCX); 850 } 851 852 void getRepRegs(BitVector &Regs) const override { 853 Regs |= getAliases(X86::RCX); 854 } 855 856 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 857 switch (Reg) { 858 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 859 switch (Size) { 860 case 8: return X86::RAX; case 4: return X86::EAX; 861 case 2: return X86::AX; case 1: return X86::AL; 862 default: llvm_unreachable("Unexpected size"); 863 } 864 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 865 switch (Size) { 866 case 8: return X86::RBX; case 4: return X86::EBX; 867 case 2: return X86::BX; case 1: return X86::BL; 868 default: llvm_unreachable("Unexpected size"); 869 } 870 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 871 switch (Size) { 872 case 8: return X86::RDX; case 4: return X86::EDX; 873 case 2: return X86::DX; case 1: return X86::DL; 874 default: llvm_unreachable("Unexpected size"); 875 } 876 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 877 switch (Size) { 878 case 8: return X86::RDI; case 4: return X86::EDI; 879 case 2: return X86::DI; case 1: return X86::DIL; 880 default: llvm_unreachable("Unexpected size"); 881 } 882 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 883 switch (Size) { 884 case 8: return X86::RSI; case 4: return X86::ESI; 885 case 2: return X86::SI; case 1: return X86::SIL; 886 default: llvm_unreachable("Unexpected size"); 887 } 888 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 889 switch (Size) { 890 case 8: return X86::RCX; case 4: return X86::ECX; 891 case 2: return X86::CX; case 1: return X86::CL; 892 default: llvm_unreachable("Unexpected size"); 893 } 894 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 895 switch (Size) { 896 case 8: return X86::RSP; case 4: return X86::ESP; 897 case 2: return X86::SP; case 1: return X86::SPL; 898 default: llvm_unreachable("Unexpected size"); 899 } 900 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 901 switch (Size) { 902 case 8: return X86::RBP; case 4: return X86::EBP; 903 case 2: return X86::BP; case 1: return X86::BPL; 904 default: llvm_unreachable("Unexpected size"); 905 } 906 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 907 switch (Size) { 908 case 8: return X86::R8; case 4: return X86::R8D; 909 case 2: return X86::R8W; case 1: return X86::R8B; 910 default: llvm_unreachable("Unexpected size"); 911 } 912 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 913 switch (Size) { 914 case 8: return X86::R9; case 4: return X86::R9D; 915 case 2: return X86::R9W; case 1: return X86::R9B; 916 default: llvm_unreachable("Unexpected size"); 917 } 918 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 919 switch (Size) { 920 case 8: return X86::R10; case 4: return X86::R10D; 921 case 2: return X86::R10W; case 1: return X86::R10B; 922 default: llvm_unreachable("Unexpected size"); 923 } 924 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 925 switch (Size) { 926 case 8: return X86::R11; case 4: return X86::R11D; 927 case 2: return X86::R11W; case 1: return X86::R11B; 928 default: llvm_unreachable("Unexpected size"); 929 } 930 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 931 switch (Size) { 932 case 8: return X86::R12; case 4: return X86::R12D; 933 case 2: return X86::R12W; case 1: return X86::R12B; 934 default: llvm_unreachable("Unexpected size"); 935 } 936 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 937 switch (Size) { 938 case 8: return X86::R13; case 4: return X86::R13D; 939 case 2: return X86::R13W; case 1: return X86::R13B; 940 default: llvm_unreachable("Unexpected size"); 941 } 942 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 943 switch (Size) { 944 case 8: return X86::R14; case 4: return X86::R14D; 945 case 2: return X86::R14W; case 1: return X86::R14B; 946 default: llvm_unreachable("Unexpected size"); 947 } 948 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 949 switch (Size) { 950 case 8: return X86::R15; case 4: return X86::R15D; 951 case 2: return X86::R15W; case 1: return X86::R15B; 952 default: llvm_unreachable("Unexpected size"); 953 } 954 default: 955 dbgs() << Reg << " (get alias sized)\n"; 956 llvm_unreachable("Unexpected reg number"); 957 break; 958 } 959 } 960 961 bool isUpper8BitReg(MCPhysReg Reg) const override { 962 switch (Reg) { 963 case X86::AH: 964 case X86::BH: 965 case X86::CH: 966 case X86::DH: 967 return true; 968 default: 969 return false; 970 } 971 } 972 973 bool cannotUseREX(const MCInst &Inst) const override { 974 switch (Inst.getOpcode()) { 975 case X86::MOV8mr_NOREX: 976 case X86::MOV8rm_NOREX: 977 case X86::MOV8rr_NOREX: 978 case X86::MOVSX32rm8_NOREX: 979 case X86::MOVSX32rr8_NOREX: 980 case X86::MOVZX32rm8_NOREX: 981 case X86::MOVZX32rr8_NOREX: 982 case X86::MOV8mr: 983 case X86::MOV8rm: 984 case X86::MOV8rr: 985 case X86::MOVSX32rm8: 986 case X86::MOVSX32rr8: 987 case X86::MOVZX32rm8: 988 case X86::MOVZX32rr8: 989 case X86::TEST8ri: 990 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 991 const MCOperand &Operand = Inst.getOperand(I); 992 if (!Operand.isReg()) 993 continue; 994 if (isUpper8BitReg(Operand.getReg())) 995 return true; 996 } 997 LLVM_FALLTHROUGH; 998 default: 999 return false; 1000 } 1001 } 1002 1003 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1004 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1005 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1006 bool &IsSimple, bool &IsIndexed) const override { 1007 // Detect simple push/pop cases first 1008 if (int Sz = getPushSize(Inst)) { 1009 IsLoad = false; 1010 IsStore = true; 1011 IsStoreFromReg = true; 1012 StackPtrReg = X86::RSP; 1013 StackOffset = -Sz; 1014 Size = Sz; 1015 IsSimple = true; 1016 if (Inst.getOperand(0).isImm()) 1017 SrcImm = Inst.getOperand(0).getImm(); 1018 else if (Inst.getOperand(0).isReg()) 1019 Reg = Inst.getOperand(0).getReg(); 1020 else 1021 IsSimple = false; 1022 1023 return true; 1024 } 1025 if (int Sz = getPopSize(Inst)) { 1026 IsLoad = true; 1027 IsStore = false; 1028 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1029 IsSimple = false; 1030 } else { 1031 Reg = Inst.getOperand(0).getReg(); 1032 IsSimple = true; 1033 } 1034 StackPtrReg = X86::RSP; 1035 StackOffset = 0; 1036 Size = Sz; 1037 return true; 1038 } 1039 1040 struct InstInfo { 1041 // Size in bytes that Inst loads from memory. 1042 uint8_t DataSize; 1043 bool IsLoad; 1044 bool IsStore; 1045 bool StoreFromReg; 1046 bool Simple; 1047 }; 1048 1049 InstInfo I; 1050 int MemOpNo = getMemoryOperandNo(Inst); 1051 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1052 // If it is not dealing with a memory operand, we discard it 1053 if (MemOpNo == -1 || MCII.isCall()) 1054 return false; 1055 1056 switch (Inst.getOpcode()) { 1057 default: { 1058 uint8_t Sz = 0; 1059 bool IsLoad = MCII.mayLoad(); 1060 bool IsStore = MCII.mayStore(); 1061 // Is it LEA? (deals with memory but is not loading nor storing) 1062 if (!IsLoad && !IsStore) 1063 return false; 1064 1065 // Try to guess data size involved in the load/store by looking at the 1066 // register size. If there's no reg involved, return 0 as size, meaning 1067 // we don't know. 1068 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1069 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1070 continue; 1071 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1072 continue; 1073 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1074 break; 1075 } 1076 I = {Sz, IsLoad, IsStore, false, false}; 1077 break; 1078 } 1079 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1080 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1081 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1082 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1083 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1084 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1085 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1086 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1087 } // end switch (Inst.getOpcode()) 1088 1089 unsigned BaseRegNum; 1090 int64_t ScaleValue; 1091 unsigned IndexRegNum; 1092 int64_t DispValue; 1093 unsigned SegRegNum; 1094 const MCExpr *DispExpr; 1095 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1096 &DispValue, &SegRegNum, &DispExpr)) { 1097 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1098 LLVM_DEBUG(Inst.dump()); 1099 return false; 1100 } 1101 1102 // Make sure it's a stack access 1103 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1104 return false; 1105 1106 IsLoad = I.IsLoad; 1107 IsStore = I.IsStore; 1108 IsStoreFromReg = I.StoreFromReg; 1109 Size = I.DataSize; 1110 IsSimple = I.Simple; 1111 StackPtrReg = BaseRegNum; 1112 StackOffset = DispValue; 1113 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1114 1115 if (!I.Simple) 1116 return true; 1117 1118 // Retrieve related register in simple MOV from/to stack operations. 1119 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1120 if (I.IsLoad) { 1121 MCOperand RegOpnd = Inst.getOperand(0); 1122 assert(RegOpnd.isReg() && "unexpected destination operand"); 1123 Reg = RegOpnd.getReg(); 1124 } else if (I.IsStore) { 1125 MCOperand SrcOpnd = 1126 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1127 if (I.StoreFromReg) { 1128 assert(SrcOpnd.isReg() && "unexpected source operand"); 1129 Reg = SrcOpnd.getReg(); 1130 } else { 1131 assert(SrcOpnd.isImm() && "unexpected source operand"); 1132 SrcImm = SrcOpnd.getImm(); 1133 } 1134 } 1135 1136 return true; 1137 } 1138 1139 void changeToPushOrPop(MCInst &Inst) const override { 1140 assert(!isPush(Inst) && !isPop(Inst)); 1141 1142 struct InstInfo { 1143 // Size in bytes that Inst loads from memory. 1144 uint8_t DataSize; 1145 bool IsLoad; 1146 bool StoreFromReg; 1147 }; 1148 1149 InstInfo I; 1150 switch (Inst.getOpcode()) { 1151 default: { 1152 llvm_unreachable("Unhandled opcode"); 1153 return; 1154 } 1155 case X86::MOV16rm: I = {2, true, false}; break; 1156 case X86::MOV32rm: I = {4, true, false}; break; 1157 case X86::MOV64rm: I = {8, true, false}; break; 1158 case X86::MOV16mr: I = {2, false, true}; break; 1159 case X86::MOV32mr: I = {4, false, true}; break; 1160 case X86::MOV64mr: I = {8, false, true}; break; 1161 case X86::MOV16mi: I = {2, false, false}; break; 1162 case X86::MOV32mi: I = {4, false, false}; break; 1163 } // end switch (Inst.getOpcode()) 1164 1165 unsigned BaseRegNum; 1166 int64_t ScaleValue; 1167 unsigned IndexRegNum; 1168 int64_t DispValue; 1169 unsigned SegRegNum; 1170 const MCExpr *DispExpr; 1171 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1172 &DispValue, &SegRegNum, &DispExpr)) { 1173 llvm_unreachable("Evaluate failed"); 1174 return; 1175 } 1176 // Make sure it's a stack access 1177 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1178 llvm_unreachable("Not a stack access"); 1179 return; 1180 } 1181 1182 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1183 unsigned NewOpcode = 0; 1184 if (I.IsLoad) { 1185 switch (I.DataSize) { 1186 case 2: NewOpcode = X86::POP16r; break; 1187 case 4: NewOpcode = X86::POP32r; break; 1188 case 8: NewOpcode = X86::POP64r; break; 1189 default: 1190 llvm_unreachable("Unexpected size"); 1191 } 1192 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1193 Inst.clear(); 1194 Inst.setOpcode(NewOpcode); 1195 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1196 } else { 1197 MCOperand SrcOpnd = 1198 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1199 if (I.StoreFromReg) { 1200 switch (I.DataSize) { 1201 case 2: NewOpcode = X86::PUSH16r; break; 1202 case 4: NewOpcode = X86::PUSH32r; break; 1203 case 8: NewOpcode = X86::PUSH64r; break; 1204 default: 1205 llvm_unreachable("Unexpected size"); 1206 } 1207 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1208 unsigned RegOpndNum = SrcOpnd.getReg(); 1209 Inst.clear(); 1210 Inst.setOpcode(NewOpcode); 1211 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1212 } else { 1213 switch (I.DataSize) { 1214 case 2: NewOpcode = X86::PUSH16i8; break; 1215 case 4: NewOpcode = X86::PUSH32i8; break; 1216 case 8: NewOpcode = X86::PUSH64i32; break; 1217 default: 1218 llvm_unreachable("Unexpected size"); 1219 } 1220 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1221 int64_t SrcImm = SrcOpnd.getImm(); 1222 Inst.clear(); 1223 Inst.setOpcode(NewOpcode); 1224 Inst.addOperand(MCOperand::createImm(SrcImm)); 1225 } 1226 } 1227 } 1228 1229 bool isStackAdjustment(const MCInst &Inst) const override { 1230 switch (Inst.getOpcode()) { 1231 default: 1232 return false; 1233 case X86::SUB64ri32: 1234 case X86::SUB64ri8: 1235 case X86::ADD64ri32: 1236 case X86::ADD64ri8: 1237 case X86::LEA64r: 1238 break; 1239 } 1240 1241 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1242 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1243 const MCOperand &Operand = Inst.getOperand(I); 1244 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1245 return true; 1246 } 1247 return false; 1248 } 1249 1250 bool evaluateSimple(const MCInst &Inst, int64_t &Output, 1251 std::pair<MCPhysReg, int64_t> Input1, 1252 std::pair<MCPhysReg, int64_t> Input2) const override { 1253 1254 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1255 if (Reg == Input1.first) 1256 return Input1.second; 1257 if (Reg == Input2.first) 1258 return Input2.second; 1259 return make_error_code(errc::result_out_of_range); 1260 }; 1261 1262 switch (Inst.getOpcode()) { 1263 default: 1264 return false; 1265 1266 case X86::AND64ri32: 1267 case X86::AND64ri8: 1268 if (!Inst.getOperand(2).isImm()) 1269 return false; 1270 if (ErrorOr<int64_t> InputVal = 1271 getOperandVal(Inst.getOperand(1).getReg())) 1272 Output = *InputVal & Inst.getOperand(2).getImm(); 1273 else 1274 return false; 1275 break; 1276 case X86::SUB64ri32: 1277 case X86::SUB64ri8: 1278 if (!Inst.getOperand(2).isImm()) 1279 return false; 1280 if (ErrorOr<int64_t> InputVal = 1281 getOperandVal(Inst.getOperand(1).getReg())) 1282 Output = *InputVal - Inst.getOperand(2).getImm(); 1283 else 1284 return false; 1285 break; 1286 case X86::ADD64ri32: 1287 case X86::ADD64ri8: 1288 if (!Inst.getOperand(2).isImm()) 1289 return false; 1290 if (ErrorOr<int64_t> InputVal = 1291 getOperandVal(Inst.getOperand(1).getReg())) 1292 Output = *InputVal + Inst.getOperand(2).getImm(); 1293 else 1294 return false; 1295 break; 1296 case X86::ADD64i32: 1297 if (!Inst.getOperand(0).isImm()) 1298 return false; 1299 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1300 Output = *InputVal + Inst.getOperand(0).getImm(); 1301 else 1302 return false; 1303 break; 1304 1305 case X86::LEA64r: { 1306 unsigned BaseRegNum; 1307 int64_t ScaleValue; 1308 unsigned IndexRegNum; 1309 int64_t DispValue; 1310 unsigned SegRegNum; 1311 const MCExpr *DispExpr = nullptr; 1312 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1313 &IndexRegNum, &DispValue, &SegRegNum, 1314 &DispExpr)) 1315 return false; 1316 1317 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1318 SegRegNum != X86::NoRegister || DispExpr) 1319 return false; 1320 1321 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1322 Output = *InputVal + DispValue; 1323 else 1324 return false; 1325 1326 break; 1327 } 1328 } 1329 return true; 1330 } 1331 1332 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1333 MCPhysReg &To) const override { 1334 switch (Inst.getOpcode()) { 1335 default: 1336 return false; 1337 case X86::LEAVE: 1338 case X86::LEAVE64: 1339 To = getStackPointer(); 1340 From = getFramePointer(); 1341 return true; 1342 case X86::MOV64rr: 1343 To = Inst.getOperand(0).getReg(); 1344 From = Inst.getOperand(1).getReg(); 1345 return true; 1346 } 1347 } 1348 1349 MCPhysReg getStackPointer() const override { return X86::RSP; } 1350 MCPhysReg getFramePointer() const override { return X86::RBP; } 1351 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1352 1353 bool escapesVariable(const MCInst &Inst, 1354 bool HasFramePointer) const override { 1355 int MemOpNo = getMemoryOperandNo(Inst); 1356 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1357 const unsigned NumDefs = MCII.getNumDefs(); 1358 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1359 getAliases(X86::RBP)); 1360 static BitVector SPAliases(getAliases(X86::RSP)); 1361 1362 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1363 // because a lot of harmless prologue code will spill SP to the stack. 1364 // Unless push is clearly pushing an object address to the stack as 1365 // demonstrated by having a MemOp. 1366 bool IsPush = isPush(Inst); 1367 if (IsPush && MemOpNo == -1) 1368 return false; 1369 1370 // We use this to detect LEA (has memop but does not access mem) 1371 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1372 bool DoesLeak = false; 1373 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1374 // Ignore if SP/BP is used to dereference memory -- that's fine 1375 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1376 I <= MemOpNo + 5) 1377 continue; 1378 // Ignore if someone is writing to SP/BP 1379 if (I < static_cast<int>(NumDefs)) 1380 continue; 1381 1382 const MCOperand &Operand = Inst.getOperand(I); 1383 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1384 DoesLeak = true; 1385 break; 1386 } 1387 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1388 DoesLeak = true; 1389 break; 1390 } 1391 } 1392 1393 // If potential leak, check if it is not just writing to itself/sp/bp 1394 if (DoesLeak) { 1395 for (int I = 0, E = NumDefs; I != E; ++I) { 1396 const MCOperand &Operand = Inst.getOperand(I); 1397 if (HasFramePointer && Operand.isReg() && 1398 SPBPAliases[Operand.getReg()]) { 1399 DoesLeak = false; 1400 break; 1401 } 1402 if (!HasFramePointer && Operand.isReg() && 1403 SPAliases[Operand.getReg()]) { 1404 DoesLeak = false; 1405 break; 1406 } 1407 } 1408 } 1409 return DoesLeak; 1410 } 1411 1412 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1413 unsigned ImmOpNo = -1U; 1414 int MemOpNo = getMemoryOperandNo(Inst); 1415 if (MemOpNo != -1) 1416 ImmOpNo = MemOpNo + X86::AddrDisp; 1417 else 1418 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1419 ++Index) 1420 if (Inst.getOperand(Index).isImm()) 1421 ImmOpNo = Index; 1422 if (ImmOpNo == -1U) 1423 return false; 1424 1425 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1426 Amt += Operand.getImm(); 1427 Operand.setImm(Amt); 1428 // Check for the need for relaxation 1429 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1430 return true; 1431 1432 // Relax instruction 1433 switch (Inst.getOpcode()) { 1434 case X86::SUB64ri8: 1435 Inst.setOpcode(X86::SUB64ri32); 1436 break; 1437 case X86::ADD64ri8: 1438 Inst.setOpcode(X86::ADD64ri32); 1439 break; 1440 default: 1441 // No need for relaxation 1442 break; 1443 } 1444 return true; 1445 } 1446 1447 /// TODO: this implementation currently works for the most common opcodes that 1448 /// load from memory. It can be extended to work with memory store opcodes as 1449 /// well as more memory load opcodes. 1450 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1451 uint64_t Offset) const override { 1452 enum CheckSignExt : uint8_t { 1453 NOCHECK = 0, 1454 CHECK8, 1455 CHECK32, 1456 }; 1457 1458 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1459 struct InstInfo { 1460 // Size in bytes that Inst loads from memory. 1461 uint8_t DataSize; 1462 1463 // True when the target operand has to be duplicated because the opcode 1464 // expects a LHS operand. 1465 bool HasLHS; 1466 1467 // List of checks and corresponding opcodes to be used. We try to use the 1468 // smallest possible immediate value when various sizes are available, 1469 // hence we may need to check whether a larger constant fits in a smaller 1470 // immediate. 1471 CheckList Checks; 1472 }; 1473 1474 InstInfo I; 1475 1476 switch (Inst.getOpcode()) { 1477 default: { 1478 switch (getPopSize(Inst)) { 1479 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1480 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1481 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1482 {NOCHECK, X86::MOV64rm}}}; break; 1483 default: return false; 1484 } 1485 break; 1486 } 1487 1488 // MOV 1489 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1490 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1491 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1492 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1493 {NOCHECK, X86::MOV64rm}}}; break; 1494 1495 // MOVZX 1496 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1497 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1498 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1499 1500 // CMP 1501 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1502 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1503 {NOCHECK, X86::CMP16ri}}}; break; 1504 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1505 {NOCHECK, X86::CMP32ri}}}; break; 1506 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1507 {CHECK32, X86::CMP64ri32}, 1508 {NOCHECK, X86::CMP64rm}}}; break; 1509 1510 // TEST 1511 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1512 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1513 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1514 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1515 {NOCHECK, X86::TEST64mr}}}; break; 1516 1517 // ADD 1518 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1519 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1520 {NOCHECK, X86::ADD16ri}}}; break; 1521 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1522 {NOCHECK, X86::ADD32ri}}}; break; 1523 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1524 {CHECK32, X86::ADD64ri32}, 1525 {NOCHECK, X86::ADD64rm}}}; break; 1526 1527 // SUB 1528 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1529 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1530 {NOCHECK, X86::SUB16ri}}}; break; 1531 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1532 {NOCHECK, X86::SUB32ri}}}; break; 1533 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1534 {CHECK32, X86::SUB64ri32}, 1535 {NOCHECK, X86::SUB64rm}}}; break; 1536 1537 // AND 1538 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1539 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1540 {NOCHECK, X86::AND16ri}}}; break; 1541 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1542 {NOCHECK, X86::AND32ri}}}; break; 1543 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1544 {CHECK32, X86::AND64ri32}, 1545 {NOCHECK, X86::AND64rm}}}; break; 1546 1547 // OR 1548 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1549 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1550 {NOCHECK, X86::OR16ri}}}; break; 1551 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1552 {NOCHECK, X86::OR32ri}}}; break; 1553 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1554 {CHECK32, X86::OR64ri32}, 1555 {NOCHECK, X86::OR64rm}}}; break; 1556 1557 // XOR 1558 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1559 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1560 {NOCHECK, X86::XOR16ri}}}; break; 1561 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1562 {NOCHECK, X86::XOR32ri}}}; break; 1563 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1564 {CHECK32, X86::XOR64ri32}, 1565 {NOCHECK, X86::XOR64rm}}}; break; 1566 } 1567 1568 // Compute the immediate value. 1569 assert(Offset + I.DataSize <= ConstantData.size() && 1570 "invalid offset for given constant data"); 1571 int64_t ImmVal = 1572 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1573 1574 // Compute the new opcode. 1575 unsigned NewOpcode = 0; 1576 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1577 NewOpcode = Check.second; 1578 if (Check.first == NOCHECK) 1579 break; 1580 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1581 break; 1582 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1583 break; 1584 } 1585 if (NewOpcode == Inst.getOpcode()) 1586 return false; 1587 1588 // Modify the instruction. 1589 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1590 uint32_t TargetOpNum = 0; 1591 // Test instruction does not follow the regular pattern of putting the 1592 // memory reference of a load (5 MCOperands) last in the list of operands. 1593 // Since it is not modifying the register operand, it is not treated as 1594 // a destination operand and it is not the first operand as it is in the 1595 // other instructions we treat here. 1596 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1597 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1598 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1599 1600 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1601 Inst.clear(); 1602 Inst.setOpcode(NewOpcode); 1603 Inst.addOperand(TargetOp); 1604 if (I.HasLHS) 1605 Inst.addOperand(TargetOp); 1606 Inst.addOperand(ImmOp); 1607 1608 return true; 1609 } 1610 1611 /// TODO: this implementation currently works for the most common opcodes that 1612 /// load from memory. It can be extended to work with memory store opcodes as 1613 /// well as more memory load opcodes. 1614 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1615 unsigned NewOpcode; 1616 1617 switch (Inst.getOpcode()) { 1618 default: { 1619 switch (getPopSize(Inst)) { 1620 case 2: NewOpcode = X86::MOV16rr; break; 1621 case 4: NewOpcode = X86::MOV32rr; break; 1622 case 8: NewOpcode = X86::MOV64rr; break; 1623 default: return false; 1624 } 1625 break; 1626 } 1627 1628 // MOV 1629 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1630 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1631 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1632 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1633 } 1634 1635 // Modify the instruction. 1636 MCOperand RegOp = MCOperand::createReg(RegNum); 1637 MCOperand TargetOp = Inst.getOperand(0); 1638 Inst.clear(); 1639 Inst.setOpcode(NewOpcode); 1640 Inst.addOperand(TargetOp); 1641 Inst.addOperand(RegOp); 1642 1643 return true; 1644 } 1645 1646 bool isRedundantMove(const MCInst &Inst) const override { 1647 switch (Inst.getOpcode()) { 1648 default: 1649 return false; 1650 1651 // MOV 1652 case X86::MOV8rr: 1653 case X86::MOV16rr: 1654 case X86::MOV32rr: 1655 case X86::MOV64rr: 1656 break; 1657 } 1658 1659 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1660 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1661 } 1662 1663 bool requiresAlignedAddress(const MCInst &Inst) const override { 1664 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1665 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1666 const MCOperandInfo &Op = Desc.OpInfo[I]; 1667 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1668 continue; 1669 if (Op.RegClass == X86::VR128RegClassID) 1670 return true; 1671 } 1672 return false; 1673 } 1674 1675 bool convertJmpToTailCall(MCInst &Inst) override { 1676 if (isTailCall(Inst)) 1677 return false; 1678 1679 int NewOpcode; 1680 switch (Inst.getOpcode()) { 1681 default: 1682 return false; 1683 case X86::JMP_1: 1684 case X86::JMP_2: 1685 case X86::JMP_4: 1686 NewOpcode = X86::JMP_4; 1687 break; 1688 case X86::JMP16m: 1689 case X86::JMP32m: 1690 case X86::JMP64m: 1691 NewOpcode = X86::JMP32m; 1692 break; 1693 case X86::JMP16r: 1694 case X86::JMP32r: 1695 case X86::JMP64r: 1696 NewOpcode = X86::JMP32r; 1697 break; 1698 } 1699 1700 Inst.setOpcode(NewOpcode); 1701 setTailCall(Inst); 1702 return true; 1703 } 1704 1705 bool convertTailCallToJmp(MCInst &Inst) override { 1706 int NewOpcode; 1707 switch (Inst.getOpcode()) { 1708 default: 1709 return false; 1710 case X86::JMP_4: 1711 NewOpcode = X86::JMP_1; 1712 break; 1713 case X86::JMP32m: 1714 NewOpcode = X86::JMP64m; 1715 break; 1716 case X86::JMP32r: 1717 NewOpcode = X86::JMP64r; 1718 break; 1719 } 1720 1721 Inst.setOpcode(NewOpcode); 1722 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1723 clearOffset(Inst); 1724 return true; 1725 } 1726 1727 bool convertTailCallToCall(MCInst &Inst) override { 1728 int NewOpcode; 1729 switch (Inst.getOpcode()) { 1730 default: 1731 return false; 1732 case X86::JMP_4: 1733 NewOpcode = X86::CALL64pcrel32; 1734 break; 1735 case X86::JMP32m: 1736 NewOpcode = X86::CALL64m; 1737 break; 1738 case X86::JMP32r: 1739 NewOpcode = X86::CALL64r; 1740 break; 1741 } 1742 1743 Inst.setOpcode(NewOpcode); 1744 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1745 return true; 1746 } 1747 1748 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1749 MCContext *Ctx) override { 1750 bool IsTailCall = isTailCall(Inst); 1751 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 1752 (Inst.getOpcode() == X86::JMP_4 && IsTailCall)) && 1753 "64-bit direct (tail) call instruction expected"); 1754 const auto NewOpcode = 1755 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 1756 Inst.setOpcode(NewOpcode); 1757 1758 // Replace the first operand and preserve auxiliary operands of 1759 // the instruction. 1760 Inst.erase(Inst.begin()); 1761 Inst.insert(Inst.begin(), 1762 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 1763 Inst.insert(Inst.begin(), 1764 MCOperand::createExpr( // Displacement 1765 MCSymbolRefExpr::create(TargetLocation, 1766 MCSymbolRefExpr::VK_None, *Ctx))); 1767 Inst.insert(Inst.begin(), 1768 MCOperand::createReg(X86::NoRegister)); // IndexReg 1769 Inst.insert(Inst.begin(), 1770 MCOperand::createImm(1)); // ScaleAmt 1771 Inst.insert(Inst.begin(), 1772 MCOperand::createReg(X86::RIP)); // BaseReg 1773 1774 return true; 1775 } 1776 1777 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 1778 bool IsTailCall = isTailCall(Inst); 1779 if (IsTailCall) 1780 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1781 if (Inst.getOpcode() == X86::CALL64m || 1782 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 1783 Inst.setOpcode(X86::MOV64rm); 1784 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1785 return; 1786 } 1787 if (Inst.getOpcode() == X86::CALL64r || 1788 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 1789 Inst.setOpcode(X86::MOV64rr); 1790 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1791 return; 1792 } 1793 LLVM_DEBUG(Inst.dump()); 1794 llvm_unreachable("not implemented"); 1795 } 1796 1797 bool shortenInstruction(MCInst &Inst, 1798 const MCSubtargetInfo &STI) const override { 1799 unsigned OldOpcode = Inst.getOpcode(); 1800 unsigned NewOpcode = OldOpcode; 1801 1802 int MemOpNo = getMemoryOperandNo(Inst); 1803 1804 // Check and remove redundant Address-Size override prefix. 1805 if (opts::X86StripRedundantAddressSize) { 1806 uint64_t TSFlags = Info->get(OldOpcode).TSFlags; 1807 unsigned Flags = Inst.getFlags(); 1808 1809 if (!X86_MC::needsAddressSizeOverride(Inst, STI, MemOpNo, TSFlags) && 1810 Flags & X86::IP_HAS_AD_SIZE) 1811 Inst.setFlags(Flags ^ X86::IP_HAS_AD_SIZE); 1812 } 1813 1814 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where 1815 // SIB byte is present, but no index is used and modrm alone should have 1816 // been enough. Converting to NoRegister effectively removes the SIB byte. 1817 if (MemOpNo >= 0) { 1818 MCOperand &IndexOp = 1819 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 1820 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 1821 IndexOp = MCOperand::createReg(X86::NoRegister); 1822 } 1823 1824 if (isBranch(Inst)) { 1825 NewOpcode = getShortBranchOpcode(OldOpcode); 1826 } else if (OldOpcode == X86::MOV64ri) { 1827 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1828 const int64_t Imm = 1829 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1830 if (int64_t(Imm) == int64_t(int32_t(Imm))) 1831 NewOpcode = X86::MOV64ri32; 1832 } 1833 } else { 1834 // If it's arithmetic instruction check if signed operand fits in 1 byte. 1835 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 1836 if (ShortOpcode != OldOpcode && 1837 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1838 int64_t Imm = 1839 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1840 if (int64_t(Imm) == int64_t(int8_t(Imm))) 1841 NewOpcode = ShortOpcode; 1842 } 1843 } 1844 1845 if (NewOpcode == OldOpcode) 1846 return false; 1847 1848 Inst.setOpcode(NewOpcode); 1849 return true; 1850 } 1851 1852 bool 1853 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 1854 bool AllowBasePtrStackMemOp) const override { 1855 // - Register-register moves are OK 1856 // - Stores are filtered out by opcode (no store CMOV) 1857 // - Non-stack loads are prohibited (generally unsafe) 1858 // - Stack loads are OK if AllowStackMemOp is true 1859 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 1860 if (isLoad(Inst)) { 1861 // If stack memory operands are not allowed, no loads are allowed 1862 if (!AllowStackMemOp) 1863 return false; 1864 1865 // If stack memory operands are allowed, check if it's a load from stack 1866 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 1867 MCPhysReg Reg; 1868 int32_t SrcImm; 1869 uint16_t StackPtrReg; 1870 int64_t StackOffset; 1871 uint8_t Size; 1872 bool IsStackAccess = 1873 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 1874 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 1875 // Prohibit non-stack-based loads 1876 if (!IsStackAccess) 1877 return false; 1878 // If stack memory operands are allowed, check if it's RBP-based 1879 if (!AllowBasePtrStackMemOp && 1880 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 1881 return false; 1882 } 1883 1884 unsigned NewOpcode = 0; 1885 switch (Inst.getOpcode()) { 1886 case X86::MOV16rr: 1887 NewOpcode = X86::CMOV16rr; 1888 break; 1889 case X86::MOV16rm: 1890 NewOpcode = X86::CMOV16rm; 1891 break; 1892 case X86::MOV32rr: 1893 NewOpcode = X86::CMOV32rr; 1894 break; 1895 case X86::MOV32rm: 1896 NewOpcode = X86::CMOV32rm; 1897 break; 1898 case X86::MOV64rr: 1899 NewOpcode = X86::CMOV64rr; 1900 break; 1901 case X86::MOV64rm: 1902 NewOpcode = X86::CMOV64rm; 1903 break; 1904 default: 1905 return false; 1906 } 1907 Inst.setOpcode(NewOpcode); 1908 // Insert CC at the end of prime operands, before annotations 1909 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 1910 MCOperand::createImm(CC)); 1911 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 1912 Inst.insert(Inst.begin(), Inst.getOperand(0)); 1913 return true; 1914 } 1915 1916 bool lowerTailCall(MCInst &Inst) override { 1917 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 1918 Inst.setOpcode(X86::JMP_1); 1919 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1920 return true; 1921 } 1922 return false; 1923 } 1924 1925 const MCSymbol *getTargetSymbol(const MCInst &Inst, 1926 unsigned OpNum = 0) const override { 1927 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 1928 return nullptr; 1929 1930 const MCOperand &Op = Inst.getOperand(OpNum); 1931 if (!Op.isExpr()) 1932 return nullptr; 1933 1934 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 1935 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 1936 return nullptr; 1937 1938 return &SymExpr->getSymbol(); 1939 } 1940 1941 // This is the same as the base class, but since we are overriding one of 1942 // getTargetSymbol's signatures above, we need to override all of them. 1943 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 1944 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 1945 } 1946 1947 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 1948 const MCSymbol *&TBB, const MCSymbol *&FBB, 1949 MCInst *&CondBranch, 1950 MCInst *&UncondBranch) const override { 1951 auto I = End; 1952 1953 // Bottom-up analysis 1954 while (I != Begin) { 1955 --I; 1956 1957 // Ignore nops and CFIs 1958 if (isPseudo(*I)) 1959 continue; 1960 1961 // Stop when we find the first non-terminator 1962 if (!isTerminator(*I)) 1963 break; 1964 1965 if (!isBranch(*I)) 1966 break; 1967 1968 // Handle unconditional branches. 1969 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 1970 I->getOpcode() == X86::JMP_4) && 1971 !isTailCall(*I)) { 1972 // If any code was seen after this unconditional branch, we've seen 1973 // unreachable code. Ignore them. 1974 CondBranch = nullptr; 1975 UncondBranch = &*I; 1976 const MCSymbol *Sym = getTargetSymbol(*I); 1977 assert(Sym != nullptr && 1978 "Couldn't extract BB symbol from jump operand"); 1979 TBB = Sym; 1980 continue; 1981 } 1982 1983 // Handle conditional branches and ignore indirect branches 1984 if (!isUnsupportedBranch(I->getOpcode()) && 1985 getCondCode(*I) == X86::COND_INVALID) { 1986 // Indirect branch 1987 return false; 1988 } 1989 1990 if (CondBranch == nullptr) { 1991 const MCSymbol *TargetBB = getTargetSymbol(*I); 1992 if (TargetBB == nullptr) { 1993 // Unrecognized branch target 1994 return false; 1995 } 1996 FBB = TBB; 1997 TBB = TargetBB; 1998 CondBranch = &*I; 1999 continue; 2000 } 2001 2002 llvm_unreachable("multiple conditional branches in one BB"); 2003 } 2004 return true; 2005 } 2006 2007 template <typename Itr> 2008 std::pair<IndirectBranchType, MCInst *> 2009 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2010 // Analyze PIC-style jump table code template: 2011 // 2012 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2013 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2014 // add %r2, %r1 2015 // jmp *%r1 2016 // 2017 // (with any irrelevant instructions in-between) 2018 // 2019 // When we call this helper we've already determined %r1 and %r2, and 2020 // reverse instruction iterator \p II is pointing to the ADD instruction. 2021 // 2022 // PIC jump table looks like following: 2023 // 2024 // JT: ---------- 2025 // E1:| L1 - JT | 2026 // |----------| 2027 // E2:| L2 - JT | 2028 // |----------| 2029 // | | 2030 // ...... 2031 // En:| Ln - JT | 2032 // ---------- 2033 // 2034 // Where L1, L2, ..., Ln represent labels in the function. 2035 // 2036 // The actual relocations in the table will be of the form: 2037 // 2038 // Ln - JT 2039 // = (Ln - En) + (En - JT) 2040 // = R_X86_64_PC32(Ln) + En - JT 2041 // = R_X86_64_PC32(Ln + offsetof(En)) 2042 // 2043 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2044 MCInst *MemLocInstr = nullptr; 2045 const MCInst *MovInstr = nullptr; 2046 while (++II != IE) { 2047 MCInst &Instr = *II; 2048 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2049 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2050 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2051 // Ignore instructions that don't affect R1, R2 registers. 2052 continue; 2053 } 2054 if (!MovInstr) { 2055 // Expect to see MOV instruction. 2056 if (!isMOVSX64rm32(Instr)) { 2057 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2058 break; 2059 } 2060 2061 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2062 // If it sets %r1 - rename the registers so we have to only check 2063 // a single form. 2064 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2065 if (MovDestReg != R2) 2066 std::swap(R1, R2); 2067 if (MovDestReg != R2) { 2068 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2069 break; 2070 } 2071 2072 // Verify operands for MOV. 2073 unsigned BaseRegNum; 2074 int64_t ScaleValue; 2075 unsigned IndexRegNum; 2076 int64_t DispValue; 2077 unsigned SegRegNum; 2078 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2079 &IndexRegNum, &DispValue, &SegRegNum)) 2080 break; 2081 if (BaseRegNum != R1 || ScaleValue != 4 || 2082 IndexRegNum == X86::NoRegister || DispValue != 0 || 2083 SegRegNum != X86::NoRegister) 2084 break; 2085 MovInstr = &Instr; 2086 } else { 2087 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2088 continue; 2089 if (!isLEA64r(Instr)) { 2090 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2091 break; 2092 } 2093 if (Instr.getOperand(0).getReg() != R1) { 2094 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2095 break; 2096 } 2097 2098 // Verify operands for LEA. 2099 unsigned BaseRegNum; 2100 int64_t ScaleValue; 2101 unsigned IndexRegNum; 2102 const MCExpr *DispExpr = nullptr; 2103 int64_t DispValue; 2104 unsigned SegRegNum; 2105 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2106 &IndexRegNum, &DispValue, &SegRegNum, 2107 &DispExpr)) 2108 break; 2109 if (BaseRegNum != RegInfo->getProgramCounter() || 2110 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2111 DispExpr == nullptr) 2112 break; 2113 MemLocInstr = &Instr; 2114 break; 2115 } 2116 } 2117 2118 if (!MemLocInstr) 2119 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2120 2121 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2122 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2123 MemLocInstr); 2124 } 2125 2126 IndirectBranchType analyzeIndirectBranch( 2127 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2128 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2129 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2130 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2131 // Try to find a (base) memory location from where the address for 2132 // the indirect branch is loaded. For X86-64 the memory will be specified 2133 // in the following format: 2134 // 2135 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2136 // 2137 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2138 // the contents of the memory are presumably an array of pointers to code. 2139 // 2140 // Normal jump table: 2141 // 2142 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2143 // 2144 // or 2145 // 2146 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2147 // ... 2148 // jmp %r1 2149 // 2150 // We handle PIC-style jump tables separately. 2151 // 2152 MemLocInstrOut = nullptr; 2153 BaseRegNumOut = X86::NoRegister; 2154 IndexRegNumOut = X86::NoRegister; 2155 DispValueOut = 0; 2156 DispExprOut = nullptr; 2157 2158 std::reverse_iterator<InstructionIterator> II(End); 2159 std::reverse_iterator<InstructionIterator> IE(Begin); 2160 2161 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2162 2163 // An instruction referencing memory used by jump instruction (directly or 2164 // via register). This location could be an array of function pointers 2165 // in case of indirect tail call, or a jump table. 2166 MCInst *MemLocInstr = nullptr; 2167 2168 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2169 // If the indirect jump is on register - try to detect if the 2170 // register value is loaded from a memory location. 2171 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2172 const unsigned R1 = Instruction.getOperand(0).getReg(); 2173 // Check if one of the previous instructions defines the jump-on register. 2174 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2175 MCInst &PrevInstr = *PrevII; 2176 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2177 2178 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2179 continue; 2180 2181 if (isMoveMem2Reg(PrevInstr)) { 2182 MemLocInstr = &PrevInstr; 2183 break; 2184 } 2185 if (isADD64rr(PrevInstr)) { 2186 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2187 if (R1 == R2) 2188 return IndirectBranchType::UNKNOWN; 2189 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2190 break; 2191 } 2192 return IndirectBranchType::UNKNOWN; 2193 } 2194 if (!MemLocInstr) { 2195 // No definition seen for the register in this function so far. Could be 2196 // an input parameter - which means it is an external code reference. 2197 // It also could be that the definition happens to be in the code that 2198 // we haven't processed yet. Since we have to be conservative, return 2199 // as UNKNOWN case. 2200 return IndirectBranchType::UNKNOWN; 2201 } 2202 } else { 2203 MemLocInstr = &Instruction; 2204 } 2205 2206 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2207 2208 // Analyze the memory location. 2209 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2210 int64_t ScaleValue, DispValue; 2211 const MCExpr *DispExpr; 2212 2213 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2214 &IndexRegNum, &DispValue, &SegRegNum, 2215 &DispExpr)) 2216 return IndirectBranchType::UNKNOWN; 2217 2218 BaseRegNumOut = BaseRegNum; 2219 IndexRegNumOut = IndexRegNum; 2220 DispValueOut = DispValue; 2221 DispExprOut = DispExpr; 2222 2223 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2224 SegRegNum != X86::NoRegister) 2225 return IndirectBranchType::UNKNOWN; 2226 2227 if (MemLocInstr == &Instruction && 2228 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2229 MemLocInstrOut = MemLocInstr; 2230 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2231 } 2232 2233 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2234 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2235 return IndirectBranchType::UNKNOWN; 2236 2237 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2238 ScaleValue != PtrSize) 2239 return IndirectBranchType::UNKNOWN; 2240 2241 MemLocInstrOut = MemLocInstr; 2242 2243 return Type; 2244 } 2245 2246 /// Analyze a callsite to see if it could be a virtual method call. This only 2247 /// checks to see if the overall pattern is satisfied, it does not guarantee 2248 /// that the callsite is a true virtual method call. 2249 /// The format of virtual method calls that are recognized is one of the 2250 /// following: 2251 /// 2252 /// Form 1: (found in debug code) 2253 /// add METHOD_OFFSET, %VtableReg 2254 /// mov (%VtableReg), %MethodReg 2255 /// ... 2256 /// call or jmp *%MethodReg 2257 /// 2258 /// Form 2: 2259 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2260 /// ... 2261 /// call or jmp *%MethodReg 2262 /// 2263 /// Form 3: 2264 /// ... 2265 /// call or jmp *METHOD_OFFSET(%VtableReg) 2266 /// 2267 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2268 InstructionIterator ForwardEnd, 2269 std::vector<MCInst *> &MethodFetchInsns, 2270 unsigned &VtableRegNum, unsigned &MethodRegNum, 2271 uint64_t &MethodOffset) const override { 2272 VtableRegNum = X86::NoRegister; 2273 MethodRegNum = X86::NoRegister; 2274 MethodOffset = 0; 2275 2276 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2277 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2278 2279 MCInst &CallInst = *Itr++; 2280 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2281 2282 unsigned BaseReg, IndexReg, SegmentReg; 2283 int64_t Scale, Disp; 2284 const MCExpr *DispExpr; 2285 2286 // The call can just be jmp offset(reg) 2287 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2288 &SegmentReg, &DispExpr)) { 2289 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2290 BaseReg != X86::NoRegister) { 2291 MethodRegNum = BaseReg; 2292 if (Scale == 1 && IndexReg == X86::NoRegister && 2293 SegmentReg == X86::NoRegister) { 2294 VtableRegNum = MethodRegNum; 2295 MethodOffset = Disp; 2296 MethodFetchInsns.push_back(&CallInst); 2297 return true; 2298 } 2299 } 2300 return false; 2301 } 2302 if (CallInst.getOperand(0).isReg()) 2303 MethodRegNum = CallInst.getOperand(0).getReg(); 2304 else 2305 return false; 2306 2307 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2308 VtableRegNum = X86::NoRegister; 2309 MethodRegNum = X86::NoRegister; 2310 return false; 2311 } 2312 2313 // find load from vtable, this may or may not include the method offset 2314 while (Itr != End) { 2315 MCInst &CurInst = *Itr++; 2316 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2317 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2318 if (isLoad(CurInst) && 2319 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2320 &Disp, &SegmentReg, &DispExpr)) { 2321 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2322 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2323 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2324 BaseReg != X86::RIP) { 2325 VtableRegNum = BaseReg; 2326 MethodOffset = Disp; 2327 MethodFetchInsns.push_back(&CurInst); 2328 if (MethodOffset != 0) 2329 return true; 2330 break; 2331 } 2332 } 2333 return false; 2334 } 2335 } 2336 2337 if (!VtableRegNum) 2338 return false; 2339 2340 // look for any adds affecting the method register. 2341 while (Itr != End) { 2342 MCInst &CurInst = *Itr++; 2343 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2344 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2345 if (isADDri(CurInst)) { 2346 assert(!MethodOffset); 2347 MethodOffset = CurInst.getOperand(2).getImm(); 2348 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2349 break; 2350 } 2351 } 2352 } 2353 2354 return true; 2355 } 2356 2357 bool createStackPointerIncrement(MCInst &Inst, int Size, 2358 bool NoFlagsClobber) const override { 2359 if (NoFlagsClobber) { 2360 Inst.setOpcode(X86::LEA64r); 2361 Inst.clear(); 2362 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2363 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2364 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2365 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2366 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2367 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2368 return true; 2369 } 2370 Inst.setOpcode(X86::SUB64ri8); 2371 Inst.clear(); 2372 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2373 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2374 Inst.addOperand(MCOperand::createImm(Size)); 2375 return true; 2376 } 2377 2378 bool createStackPointerDecrement(MCInst &Inst, int Size, 2379 bool NoFlagsClobber) const override { 2380 if (NoFlagsClobber) { 2381 Inst.setOpcode(X86::LEA64r); 2382 Inst.clear(); 2383 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2384 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2385 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2386 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2387 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2388 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2389 return true; 2390 } 2391 Inst.setOpcode(X86::ADD64ri8); 2392 Inst.clear(); 2393 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2394 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2395 Inst.addOperand(MCOperand::createImm(Size)); 2396 return true; 2397 } 2398 2399 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2400 const MCPhysReg &SrcReg, int Size) const override { 2401 unsigned NewOpcode; 2402 switch (Size) { 2403 default: 2404 return false; 2405 case 2: NewOpcode = X86::MOV16mr; break; 2406 case 4: NewOpcode = X86::MOV32mr; break; 2407 case 8: NewOpcode = X86::MOV64mr; break; 2408 } 2409 Inst.setOpcode(NewOpcode); 2410 Inst.clear(); 2411 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2412 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2413 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2414 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2415 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2416 Inst.addOperand(MCOperand::createReg(SrcReg)); 2417 return true; 2418 } 2419 2420 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2421 int Offset, const MCPhysReg &DstReg, 2422 int Size) const override { 2423 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2424 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2425 DstReg, Size); 2426 } 2427 2428 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2429 const MCPhysReg &IndexReg, int64_t Offset, 2430 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2431 const MCPhysReg &DstReg, int Size) const override { 2432 unsigned NewOpcode; 2433 switch (Size) { 2434 default: 2435 return false; 2436 case 2: NewOpcode = X86::MOV16rm; break; 2437 case 4: NewOpcode = X86::MOV32rm; break; 2438 case 8: NewOpcode = X86::MOV64rm; break; 2439 } 2440 Inst.setOpcode(NewOpcode); 2441 Inst.clear(); 2442 Inst.addOperand(MCOperand::createReg(DstReg)); 2443 Inst.addOperand(MCOperand::createReg(BaseReg)); 2444 Inst.addOperand(MCOperand::createImm(Scale)); 2445 Inst.addOperand(MCOperand::createReg(IndexReg)); 2446 if (OffsetExpr) 2447 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2448 else 2449 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2450 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2451 return true; 2452 } 2453 2454 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2455 uint32_t Imm) const override { 2456 Inst.setOpcode(X86::MOV64ri32); 2457 Inst.clear(); 2458 Inst.addOperand(MCOperand::createReg(Dest)); 2459 Inst.addOperand(MCOperand::createImm(Imm)); 2460 } 2461 2462 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2463 MCContext *Ctx) const override { 2464 2465 Inst.setOpcode(X86::LOCK_INC64m); 2466 Inst.clear(); 2467 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2468 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2469 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2470 2471 Inst.addOperand(MCOperand::createExpr( 2472 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2473 *Ctx))); // Displacement 2474 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2475 return true; 2476 } 2477 2478 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2479 const MCOperand &BaseReg, const MCOperand &Scale, 2480 const MCOperand &IndexReg, const MCOperand &Offset, 2481 const MCOperand &TmpReg) const override { 2482 // The code fragment we emit here is: 2483 // 2484 // mov32 (%base, %index, scale), %tmpreg 2485 // ijmp *(%tmpreg) 2486 // 2487 MCInst IJmp; 2488 IJmp.setOpcode(X86::JMP64r); 2489 IJmp.addOperand(TmpReg); 2490 2491 MCInst Load; 2492 Load.setOpcode(X86::MOV32rm); 2493 Load.addOperand(TmpReg); 2494 Load.addOperand(BaseReg); 2495 Load.addOperand(Scale); 2496 Load.addOperand(IndexReg); 2497 Load.addOperand(Offset); 2498 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2499 2500 Insts.push_back(Load); 2501 Insts.push_back(IJmp); 2502 return true; 2503 } 2504 2505 bool createNoop(MCInst &Inst) const override { 2506 Inst.setOpcode(X86::NOOP); 2507 return true; 2508 } 2509 2510 bool createReturn(MCInst &Inst) const override { 2511 Inst.setOpcode(X86::RET64); 2512 return true; 2513 } 2514 2515 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2516 InstructionListType Code; 2517 if (ReturnEnd) 2518 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2519 .addReg(X86::RAX) 2520 .addReg(X86::RDI) 2521 .addImm(1) 2522 .addReg(X86::RDX) 2523 .addImm(0) 2524 .addReg(X86::NoRegister)); 2525 else 2526 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2527 .addReg(X86::RAX) 2528 .addReg(X86::RDI)); 2529 2530 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2531 .addReg(X86::ECX) 2532 .addReg(X86::EDX)); 2533 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2534 2535 return Code; 2536 } 2537 2538 InstructionListType createOneByteMemcpy() const override { 2539 InstructionListType Code; 2540 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2541 .addReg(X86::CL) 2542 .addReg(X86::RSI) 2543 .addImm(0) 2544 .addReg(X86::NoRegister) 2545 .addImm(0) 2546 .addReg(X86::NoRegister)); 2547 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2548 .addReg(X86::RDI) 2549 .addImm(0) 2550 .addReg(X86::NoRegister) 2551 .addImm(0) 2552 .addReg(X86::NoRegister) 2553 .addReg(X86::CL)); 2554 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2555 .addReg(X86::RAX) 2556 .addReg(X86::RDI)); 2557 return Code; 2558 } 2559 2560 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2561 const MCSymbol *Target, 2562 MCContext *Ctx) const override { 2563 InstructionListType Code; 2564 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2565 .addReg(RegNo) 2566 .addImm(Imm)); 2567 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2568 .addExpr(MCSymbolRefExpr::create( 2569 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2570 .addImm(X86::COND_E)); 2571 return Code; 2572 } 2573 2574 Optional<Relocation> 2575 createRelocation(const MCFixup &Fixup, 2576 const MCAsmBackend &MAB) const override { 2577 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2578 2579 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2580 const uint64_t RelOffset = Fixup.getOffset(); 2581 2582 uint64_t RelType; 2583 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2584 switch (FKI.TargetSize) { 2585 default: 2586 return NoneType(); 2587 case 8: RelType = ELF::R_X86_64_PC8; break; 2588 case 16: RelType = ELF::R_X86_64_PC16; break; 2589 case 32: RelType = ELF::R_X86_64_PC32; break; 2590 case 64: RelType = ELF::R_X86_64_PC64; break; 2591 } 2592 } else { 2593 switch (FKI.TargetSize) { 2594 default: 2595 return NoneType(); 2596 case 8: RelType = ELF::R_X86_64_8; break; 2597 case 16: RelType = ELF::R_X86_64_16; break; 2598 case 32: RelType = ELF::R_X86_64_32; break; 2599 case 64: RelType = ELF::R_X86_64_64; break; 2600 } 2601 } 2602 2603 // Extract a symbol and an addend out of the fixup value expression. 2604 // 2605 // Only the following limited expression types are supported: 2606 // Symbol + Addend 2607 // Symbol 2608 uint64_t Addend = 0; 2609 MCSymbol *Symbol = nullptr; 2610 const MCExpr *ValueExpr = Fixup.getValue(); 2611 if (ValueExpr->getKind() == MCExpr::Binary) { 2612 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2613 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2614 "unexpected binary expression"); 2615 const MCExpr *LHS = BinaryExpr->getLHS(); 2616 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2617 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2618 const MCExpr *RHS = BinaryExpr->getRHS(); 2619 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2620 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2621 } else { 2622 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2623 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2624 } 2625 2626 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2627 } 2628 2629 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2630 int64_t Addend, MCContext *Ctx, int64_t &Value, 2631 uint64_t RelType) const override { 2632 unsigned ImmOpNo = -1U; 2633 2634 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2635 ++Index) { 2636 if (Inst.getOperand(Index).isImm()) { 2637 ImmOpNo = Index; 2638 // TODO: this is a bit hacky. It finds the correct operand by 2639 // searching for a specific immediate value. If no value is 2640 // provided it defaults to the last immediate operand found. 2641 // This could lead to unexpected results if the instruction 2642 // has more than one immediate with the same value. 2643 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2644 break; 2645 } 2646 } 2647 2648 if (ImmOpNo == -1U) 2649 return false; 2650 2651 Value = Inst.getOperand(ImmOpNo).getImm(); 2652 2653 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2654 2655 return true; 2656 } 2657 2658 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2659 int64_t Imm) const override { 2660 2661 enum CheckSignExt : uint8_t { 2662 NOCHECK = 0, 2663 CHECK8, 2664 CHECK32, 2665 }; 2666 2667 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2668 struct InstInfo { 2669 // Size in bytes that Inst loads from memory. 2670 uint8_t DataSize; 2671 2672 // True when the target operand has to be duplicated because the opcode 2673 // expects a LHS operand. 2674 bool HasLHS; 2675 2676 // List of checks and corresponding opcodes to be used. We try to use the 2677 // smallest possible immediate value when various sizes are available, 2678 // hence we may need to check whether a larger constant fits in a smaller 2679 // immediate. 2680 CheckList Checks; 2681 }; 2682 2683 InstInfo I; 2684 2685 switch (Inst.getOpcode()) { 2686 default: { 2687 switch (getPushSize(Inst)) { 2688 2689 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2690 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2691 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2692 {CHECK32, X86::PUSH64i32}, 2693 {NOCHECK, Inst.getOpcode()}}}; break; 2694 default: return false; 2695 } 2696 break; 2697 } 2698 2699 // MOV 2700 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2701 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2702 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2703 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2704 {NOCHECK, X86::MOV64ri}}}; break; 2705 2706 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2707 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2708 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2709 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2710 {NOCHECK, X86::MOV64mr}}}; break; 2711 2712 // MOVZX 2713 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2714 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2715 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2716 2717 // CMP 2718 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2719 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2720 {NOCHECK, X86::CMP16ri}}}; break; 2721 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2722 {NOCHECK, X86::CMP32ri}}}; break; 2723 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2724 {CHECK32, X86::CMP64ri32}, 2725 {NOCHECK, X86::CMP64rr}}}; break; 2726 2727 // TEST 2728 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2729 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2730 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2731 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2732 {NOCHECK, X86::TEST64rr}}}; break; 2733 2734 // ADD 2735 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2736 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2737 {NOCHECK, X86::ADD16ri}}}; break; 2738 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2739 {NOCHECK, X86::ADD32ri}}}; break; 2740 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2741 {CHECK32, X86::ADD64ri32}, 2742 {NOCHECK, X86::ADD64rr}}}; break; 2743 2744 // SUB 2745 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2746 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2747 {NOCHECK, X86::SUB16ri}}}; break; 2748 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2749 {NOCHECK, X86::SUB32ri}}}; break; 2750 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2751 {CHECK32, X86::SUB64ri32}, 2752 {NOCHECK, X86::SUB64rr}}}; break; 2753 2754 // AND 2755 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2756 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2757 {NOCHECK, X86::AND16ri}}}; break; 2758 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2759 {NOCHECK, X86::AND32ri}}}; break; 2760 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2761 {CHECK32, X86::AND64ri32}, 2762 {NOCHECK, X86::AND64rr}}}; break; 2763 2764 // OR 2765 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2766 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2767 {NOCHECK, X86::OR16ri}}}; break; 2768 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2769 {NOCHECK, X86::OR32ri}}}; break; 2770 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2771 {CHECK32, X86::OR64ri32}, 2772 {NOCHECK, X86::OR64rr}}}; break; 2773 2774 // XOR 2775 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2776 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2777 {NOCHECK, X86::XOR16ri}}}; break; 2778 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 2779 {NOCHECK, X86::XOR32ri}}}; break; 2780 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 2781 {CHECK32, X86::XOR64ri32}, 2782 {NOCHECK, X86::XOR64rr}}}; break; 2783 } 2784 2785 // Compute the new opcode. 2786 unsigned NewOpcode = 0; 2787 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 2788 NewOpcode = Check.second; 2789 if (Check.first == NOCHECK) 2790 break; 2791 if (Check.first == CHECK8 && isInt<8>(Imm)) 2792 break; 2793 if (Check.first == CHECK32 && isInt<32>(Imm)) 2794 break; 2795 } 2796 if (NewOpcode == Inst.getOpcode()) 2797 return false; 2798 2799 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2800 2801 unsigned NumFound = 0; 2802 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 2803 E = InstDesc.getNumOperands(); 2804 Index != E; ++Index) 2805 if (Inst.getOperand(Index).isReg() && 2806 Inst.getOperand(Index).getReg() == Register) 2807 NumFound++; 2808 2809 if (NumFound != 1) 2810 return false; 2811 2812 MCOperand TargetOp = Inst.getOperand(0); 2813 Inst.clear(); 2814 Inst.setOpcode(NewOpcode); 2815 Inst.addOperand(TargetOp); 2816 if (I.HasLHS) 2817 Inst.addOperand(TargetOp); 2818 Inst.addOperand(MCOperand::createImm(Imm)); 2819 2820 return true; 2821 } 2822 2823 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 2824 unsigned ReplaceWith) const override { 2825 2826 // Get the HasLHS value so that iteration can be done 2827 bool HasLHS; 2828 if (X86::isAND(Inst.getOpcode()) || X86::isADD(Inst.getOpcode()) || 2829 X86::isSUB(Inst.getOpcode())) { 2830 HasLHS = true; 2831 } else if (isPop(Inst) || isPush(Inst) || X86::isCMP(Inst.getOpcode()) || 2832 X86::isTEST(Inst.getOpcode())) { 2833 HasLHS = false; 2834 } else { 2835 switch (Inst.getOpcode()) { 2836 case X86::MOV8rr: 2837 case X86::MOV8rm: 2838 case X86::MOV8mr: 2839 case X86::MOV8ri: 2840 case X86::MOV16rr: 2841 case X86::MOV16rm: 2842 case X86::MOV16mr: 2843 case X86::MOV16ri: 2844 case X86::MOV32rr: 2845 case X86::MOV32rm: 2846 case X86::MOV32mr: 2847 case X86::MOV32ri: 2848 case X86::MOV64rr: 2849 case X86::MOV64rm: 2850 case X86::MOV64mr: 2851 case X86::MOV64ri: 2852 case X86::MOVZX16rr8: 2853 case X86::MOVZX32rr8: 2854 case X86::MOVZX32rr16: 2855 case X86::MOVSX32rm8: 2856 case X86::MOVSX32rr8: 2857 case X86::MOVSX64rm32: 2858 case X86::LEA64r: 2859 HasLHS = false; 2860 break; 2861 default: 2862 return false; 2863 } 2864 } 2865 2866 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2867 2868 bool FoundOne = false; 2869 2870 // Iterate only through src operands that arent also dest operands 2871 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 2872 E = InstDesc.getNumOperands(); 2873 Index != E; ++Index) { 2874 BitVector RegAliases = getAliases(ToReplace, true); 2875 if (!Inst.getOperand(Index).isReg() || 2876 !RegAliases.test(Inst.getOperand(Index).getReg())) 2877 continue; 2878 // Resize register if needed 2879 unsigned SizedReplaceWith = getAliasSized( 2880 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 2881 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 2882 Inst.getOperand(Index) = NewOperand; 2883 FoundOne = true; 2884 } 2885 2886 // Return true if at least one operand was replaced 2887 return FoundOne; 2888 } 2889 2890 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 2891 MCContext *Ctx) const override { 2892 Inst.setOpcode(X86::JMP_1); 2893 Inst.addOperand(MCOperand::createExpr( 2894 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 2895 return true; 2896 } 2897 2898 bool createCall(MCInst &Inst, const MCSymbol *Target, 2899 MCContext *Ctx) override { 2900 Inst.setOpcode(X86::CALL64pcrel32); 2901 Inst.addOperand(MCOperand::createExpr( 2902 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2903 return true; 2904 } 2905 2906 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 2907 MCContext *Ctx) override { 2908 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 2909 } 2910 2911 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 2912 MCContext *Ctx) override { 2913 Seq.clear(); 2914 Seq.emplace_back(); 2915 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 2916 } 2917 2918 bool createTrap(MCInst &Inst) const override { 2919 Inst.clear(); 2920 Inst.setOpcode(X86::TRAP); 2921 return true; 2922 } 2923 2924 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 2925 MCContext *Ctx) const override { 2926 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 2927 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 2928 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 2929 Inst.getOperand(0) = MCOperand::createExpr( 2930 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2931 return true; 2932 } 2933 2934 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 2935 unsigned CC) const override { 2936 if (CC == X86::COND_INVALID) 2937 return false; 2938 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 2939 Inst.getOperand(0) = MCOperand::createExpr( 2940 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2941 return true; 2942 } 2943 2944 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 2945 switch (CC) { 2946 default: return X86::COND_INVALID; 2947 2948 case X86::COND_E: return X86::COND_E; 2949 case X86::COND_NE: return X86::COND_E; 2950 2951 case X86::COND_L: return X86::COND_L; 2952 case X86::COND_GE: return X86::COND_L; 2953 2954 case X86::COND_LE: return X86::COND_G; 2955 case X86::COND_G: return X86::COND_G; 2956 2957 case X86::COND_B: return X86::COND_B; 2958 case X86::COND_AE: return X86::COND_B; 2959 2960 case X86::COND_BE: return X86::COND_A; 2961 case X86::COND_A: return X86::COND_A; 2962 2963 case X86::COND_S: return X86::COND_S; 2964 case X86::COND_NS: return X86::COND_S; 2965 2966 case X86::COND_P: return X86::COND_P; 2967 case X86::COND_NP: return X86::COND_P; 2968 2969 case X86::COND_O: return X86::COND_O; 2970 case X86::COND_NO: return X86::COND_O; 2971 } 2972 } 2973 2974 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 2975 MCContext *Ctx) const override { 2976 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 2977 "Invalid instruction"); 2978 Inst.getOperand(0) = MCOperand::createExpr( 2979 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2980 return true; 2981 } 2982 2983 MCPhysReg getX86R11() const override { return X86::R11; } 2984 2985 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 2986 // FIXME: this should depend on the calling convention. 2987 switch (ArgNo) { 2988 case 0: return X86::RDI; 2989 case 1: return X86::RSI; 2990 case 2: return X86::RDX; 2991 case 3: return X86::RCX; 2992 case 4: return X86::R8; 2993 case 5: return X86::R9; 2994 default: return getNoRegister(); 2995 } 2996 } 2997 2998 void createPause(MCInst &Inst) const override { 2999 Inst.clear(); 3000 Inst.setOpcode(X86::PAUSE); 3001 } 3002 3003 void createLfence(MCInst &Inst) const override { 3004 Inst.clear(); 3005 Inst.setOpcode(X86::LFENCE); 3006 } 3007 3008 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3009 bool IsTailCall) override { 3010 Inst.clear(); 3011 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3012 Inst.addOperand(MCOperand::createExpr( 3013 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3014 if (IsTailCall) 3015 setTailCall(Inst); 3016 return true; 3017 } 3018 3019 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3020 MCContext *Ctx, bool IsTailCall) override { 3021 Seq.clear(); 3022 MCInst Inst; 3023 Inst.setOpcode(X86::JMP_1); 3024 Inst.addOperand(MCOperand::createExpr( 3025 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3026 if (IsTailCall) 3027 setTailCall(Inst); 3028 Seq.emplace_back(Inst); 3029 } 3030 3031 bool isConditionalMove(const MCInst &Inst) const override { 3032 unsigned OpCode = Inst.getOpcode(); 3033 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3034 OpCode == X86::CMOV64rr); 3035 } 3036 3037 bool isBranchOnMem(const MCInst &Inst) const override { 3038 unsigned OpCode = Inst.getOpcode(); 3039 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3040 OpCode == X86::JMP64m) 3041 return true; 3042 3043 return false; 3044 } 3045 3046 bool isBranchOnReg(const MCInst &Inst) const override { 3047 unsigned OpCode = Inst.getOpcode(); 3048 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3049 OpCode == X86::JMP64r) 3050 return true; 3051 3052 return false; 3053 } 3054 3055 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3056 unsigned Size) const override { 3057 Inst.clear(); 3058 unsigned NewOpcode = 0; 3059 if (Reg == X86::EFLAGS) { 3060 switch (Size) { 3061 case 2: NewOpcode = X86::PUSHF16; break; 3062 case 4: NewOpcode = X86::PUSHF32; break; 3063 case 8: NewOpcode = X86::PUSHF64; break; 3064 default: 3065 llvm_unreachable("Unexpected size"); 3066 } 3067 Inst.setOpcode(NewOpcode); 3068 return; 3069 } 3070 switch (Size) { 3071 case 2: NewOpcode = X86::PUSH16r; break; 3072 case 4: NewOpcode = X86::PUSH32r; break; 3073 case 8: NewOpcode = X86::PUSH64r; break; 3074 default: 3075 llvm_unreachable("Unexpected size"); 3076 } 3077 Inst.setOpcode(NewOpcode); 3078 Inst.addOperand(MCOperand::createReg(Reg)); 3079 } 3080 3081 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3082 unsigned Size) const override { 3083 Inst.clear(); 3084 unsigned NewOpcode = 0; 3085 if (Reg == X86::EFLAGS) { 3086 switch (Size) { 3087 case 2: NewOpcode = X86::POPF16; break; 3088 case 4: NewOpcode = X86::POPF32; break; 3089 case 8: NewOpcode = X86::POPF64; break; 3090 default: 3091 llvm_unreachable("Unexpected size"); 3092 } 3093 Inst.setOpcode(NewOpcode); 3094 return; 3095 } 3096 switch (Size) { 3097 case 2: NewOpcode = X86::POP16r; break; 3098 case 4: NewOpcode = X86::POP32r; break; 3099 case 8: NewOpcode = X86::POP64r; break; 3100 default: 3101 llvm_unreachable("Unexpected size"); 3102 } 3103 Inst.setOpcode(NewOpcode); 3104 Inst.addOperand(MCOperand::createReg(Reg)); 3105 } 3106 3107 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3108 return createPushRegister(Inst, X86::EFLAGS, Size); 3109 } 3110 3111 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3112 return createPopRegister(Inst, X86::EFLAGS, Size); 3113 } 3114 3115 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3116 unsigned Size) const { 3117 unsigned int Opcode; 3118 switch (Size) { 3119 case 1: Opcode = X86::ADD8ri; break; 3120 case 2: Opcode = X86::ADD16ri; break; 3121 case 4: Opcode = X86::ADD32ri; break; 3122 default: 3123 llvm_unreachable("Unexpected size"); 3124 } 3125 Inst.setOpcode(Opcode); 3126 Inst.clear(); 3127 Inst.addOperand(MCOperand::createReg(Reg)); 3128 Inst.addOperand(MCOperand::createReg(Reg)); 3129 Inst.addOperand(MCOperand::createImm(Value)); 3130 } 3131 3132 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3133 unsigned Size) const { 3134 unsigned int Opcode; 3135 switch (Size) { 3136 case 1: Opcode = X86::MOV8ri; break; 3137 case 2: Opcode = X86::MOV16ri; break; 3138 case 4: Opcode = X86::MOV32ri; break; 3139 case 8: Opcode = X86::MOV64ri; break; 3140 default: 3141 llvm_unreachable("Unexpected size"); 3142 } 3143 Inst.setOpcode(Opcode); 3144 Inst.clear(); 3145 Inst.addOperand(MCOperand::createReg(Reg)); 3146 Inst.addOperand(MCOperand::createImm(0)); 3147 } 3148 3149 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3150 Inst.setOpcode(X86::SETCCr); 3151 Inst.clear(); 3152 Inst.addOperand(MCOperand::createReg(Reg)); 3153 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3154 } 3155 3156 void createX86Lahf(MCInst &Inst) const { 3157 Inst.setOpcode(X86::LAHF); 3158 Inst.clear(); 3159 } 3160 3161 void createX86Sahf(MCInst &Inst) const { 3162 Inst.setOpcode(X86::SAHF); 3163 Inst.clear(); 3164 } 3165 3166 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3167 MCContext *Ctx, bool IsLeaf) const override { 3168 unsigned int I = 0; 3169 3170 Instrs.resize(IsLeaf ? 13 : 11); 3171 // Don't clobber application red zone (ABI dependent) 3172 if (IsLeaf) 3173 createStackPointerIncrement(Instrs[I++], 128, 3174 /*NoFlagsClobber=*/true); 3175 3176 // Performance improvements based on the optimization discussed at 3177 // https://reviews.llvm.org/D6629 3178 // LAHF/SAHF are used instead of PUSHF/POPF 3179 // PUSHF 3180 createPushRegister(Instrs[I++], X86::RAX, 8); 3181 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3182 createX86Lahf(Instrs[I++]); 3183 createPushRegister(Instrs[I++], X86::RAX, 8); 3184 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3185 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3186 // LOCK INC 3187 createIncMemory(Instrs[I++], Target, Ctx); 3188 // POPF 3189 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3190 createPopRegister(Instrs[I++], X86::RAX, 8); 3191 createX86Sahf(Instrs[I++]); 3192 createPopRegister(Instrs[I++], X86::RAX, 8); 3193 3194 if (IsLeaf) 3195 createStackPointerDecrement(Instrs[I], 128, 3196 /*NoFlagsClobber=*/true); 3197 } 3198 3199 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3200 int64_t Disp) const { 3201 Inst.setOpcode(X86::XCHG64rm); 3202 Inst.addOperand(MCOperand::createReg(Source)); 3203 Inst.addOperand(MCOperand::createReg(Source)); 3204 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3205 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3206 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3207 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3208 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3209 } 3210 3211 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3212 int64_t Disp) const { 3213 Inst.setOpcode(X86::JMP64m); 3214 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3215 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3216 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3217 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3218 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3219 } 3220 3221 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3222 bool TailCall, 3223 MCSymbol *HandlerFuncAddr, 3224 int CallSiteID, 3225 MCContext *Ctx) override { 3226 // Check if the target address expression used in the original indirect call 3227 // uses the stack pointer, which we are going to clobber. 3228 static BitVector SPAliases(getAliases(X86::RSP)); 3229 bool UsesSP = false; 3230 // Skip defs. 3231 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3232 E = MCPlus::getNumPrimeOperands(CallInst); 3233 I != E; ++I) { 3234 const MCOperand &Operand = CallInst.getOperand(I); 3235 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3236 UsesSP = true; 3237 break; 3238 } 3239 } 3240 3241 InstructionListType Insts; 3242 MCPhysReg TempReg = getIntArgRegister(0); 3243 // Code sequence used to enter indirect call instrumentation helper: 3244 // push %rdi 3245 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3246 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3247 // sub $8, %rsp ;; restore correct stack value 3248 // push %rdi 3249 // movq $CallSiteID, %rdi 3250 // push %rdi 3251 // callq/jmp HandlerFuncAddr 3252 Insts.emplace_back(); 3253 createPushRegister(Insts.back(), TempReg, 8); 3254 if (UsesSP) { // Only adjust SP if we really need to 3255 Insts.emplace_back(); 3256 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3257 } 3258 Insts.emplace_back(CallInst); 3259 // Insts.back() and CallInst now share the same annotation instruction. 3260 // Strip it from Insts.back(), only preserving tail call annotation. 3261 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3262 convertIndirectCallToLoad(Insts.back(), TempReg); 3263 if (UsesSP) { 3264 Insts.emplace_back(); 3265 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3266 } 3267 Insts.emplace_back(); 3268 createPushRegister(Insts.back(), TempReg, 8); 3269 Insts.emplace_back(); 3270 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3271 Insts.emplace_back(); 3272 createPushRegister(Insts.back(), TempReg, 8); 3273 Insts.emplace_back(); 3274 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3275 /*TailCall=*/TailCall); 3276 // Carry over metadata 3277 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3278 E = CallInst.getNumOperands(); 3279 I != E; ++I) 3280 Insts.back().addOperand(CallInst.getOperand(I)); 3281 3282 return Insts; 3283 } 3284 3285 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3286 const MCPhysReg TempReg = getIntArgRegister(0); 3287 // We just need to undo the sequence created for every ind call in 3288 // instrumentIndirectTarget(), which can be accomplished minimally with: 3289 // popfq 3290 // pop %rdi 3291 // add $16, %rsp 3292 // xchg (%rsp), %rdi 3293 // jmp *-8(%rsp) 3294 InstructionListType Insts(5); 3295 createPopFlags(Insts[0], 8); 3296 createPopRegister(Insts[1], TempReg, 8); 3297 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3298 createSwap(Insts[3], TempReg, X86::RSP, 0); 3299 createIndirectBranch(Insts[4], X86::RSP, -8); 3300 return Insts; 3301 } 3302 3303 InstructionListType 3304 createInstrumentedIndTailCallHandlerExitBB() const override { 3305 const MCPhysReg TempReg = getIntArgRegister(0); 3306 // Same thing as above, but for tail calls 3307 // popfq 3308 // add $16, %rsp 3309 // pop %rdi 3310 // jmp *-16(%rsp) 3311 InstructionListType Insts(4); 3312 createPopFlags(Insts[0], 8); 3313 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3314 createPopRegister(Insts[2], TempReg, 8); 3315 createIndirectBranch(Insts[3], X86::RSP, -16); 3316 return Insts; 3317 } 3318 3319 InstructionListType 3320 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3321 const MCSymbol *IndCallHandler, 3322 MCContext *Ctx) override { 3323 const MCPhysReg TempReg = getIntArgRegister(0); 3324 // Code sequence used to check whether InstrTampoline was initialized 3325 // and call it if so, returns via IndCallHandler. 3326 // pushfq 3327 // mov InstrTrampoline,%rdi 3328 // cmp $0x0,%rdi 3329 // je IndCallHandler 3330 // callq *%rdi 3331 // jmpq IndCallHandler 3332 InstructionListType Insts; 3333 Insts.emplace_back(); 3334 createPushFlags(Insts.back(), 8); 3335 Insts.emplace_back(); 3336 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3337 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3338 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3339 Insts.emplace_back(); 3340 Insts.back().setOpcode(X86::CALL64r); 3341 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3342 Insts.emplace_back(); 3343 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3344 return Insts; 3345 } 3346 3347 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3348 InstructionListType Insts(2); 3349 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3350 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3351 createReturn(Insts[1]); 3352 return Insts; 3353 } 3354 3355 InstructionListType 3356 createInstrLocationsGetter(MCContext *Ctx) const override { 3357 InstructionListType Insts(2); 3358 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3359 createLea(Insts[0], Locs, X86::EAX, Ctx); 3360 createReturn(Insts[1]); 3361 return Insts; 3362 } 3363 3364 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3365 InstructionListType Insts(2); 3366 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3367 createLea(Insts[0], Locs, X86::EAX, Ctx); 3368 createReturn(Insts[1]); 3369 return Insts; 3370 } 3371 3372 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3373 InstructionListType Insts(2); 3374 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3375 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3376 createReturn(Insts[1]); 3377 return Insts; 3378 } 3379 3380 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3381 MCContext *Ctx) const override { 3382 InstructionListType Insts(1); 3383 createUncondBranch(Insts[0], TgtSym, Ctx); 3384 return Insts; 3385 } 3386 3387 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3388 InstructionListType Insts(1); 3389 createReturn(Insts[0]); 3390 return Insts; 3391 } 3392 3393 BlocksVectorTy indirectCallPromotion( 3394 const MCInst &CallInst, 3395 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3396 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3397 const std::vector<MCInst *> &MethodFetchInsns, 3398 const bool MinimizeCodeSize, MCContext *Ctx) override { 3399 const bool IsTailCall = isTailCall(CallInst); 3400 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3401 BlocksVectorTy Results; 3402 3403 // Label for the current code block. 3404 MCSymbol *NextTarget = nullptr; 3405 3406 // The join block which contains all the instructions following CallInst. 3407 // MergeBlock remains null if CallInst is a tail call. 3408 MCSymbol *MergeBlock = nullptr; 3409 3410 unsigned FuncAddrReg = X86::R10; 3411 3412 const bool LoadElim = !VtableSyms.empty(); 3413 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3414 "There must be a vtable entry for every method " 3415 "in the targets vector."); 3416 3417 if (MinimizeCodeSize && !LoadElim) { 3418 std::set<unsigned> UsedRegs; 3419 3420 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3421 const MCOperand &Op = CallInst.getOperand(I); 3422 if (Op.isReg()) 3423 UsedRegs.insert(Op.getReg()); 3424 } 3425 3426 if (UsedRegs.count(X86::R10) == 0) 3427 FuncAddrReg = X86::R10; 3428 else if (UsedRegs.count(X86::R11) == 0) 3429 FuncAddrReg = X86::R11; 3430 else 3431 return Results; 3432 } 3433 3434 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3435 assert(MergeBlock); 3436 NewCall.push_back(CallInst); 3437 MCInst &Merge = NewCall.back(); 3438 Merge.clear(); 3439 createUncondBranch(Merge, MergeBlock, Ctx); 3440 }; 3441 3442 for (unsigned int i = 0; i < Targets.size(); ++i) { 3443 Results.emplace_back(NextTarget, InstructionListType()); 3444 InstructionListType *NewCall = &Results.back().second; 3445 3446 if (MinimizeCodeSize && !LoadElim) { 3447 // Load the call target into FuncAddrReg. 3448 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3449 MCInst &Target = NewCall->back(); 3450 Target.clear(); 3451 Target.setOpcode(X86::MOV64ri32); 3452 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3453 if (Targets[i].first) { 3454 // Is this OK? 3455 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3456 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3457 } else { 3458 const uint64_t Addr = Targets[i].second; 3459 // Immediate address is out of sign extended 32 bit range. 3460 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3461 return BlocksVectorTy(); 3462 3463 Target.addOperand(MCOperand::createImm(Addr)); 3464 } 3465 3466 // Compare current call target to a specific address. 3467 NewCall->push_back(CallInst); 3468 MCInst &Compare = NewCall->back(); 3469 Compare.clear(); 3470 if (isBranchOnReg(CallInst)) 3471 Compare.setOpcode(X86::CMP64rr); 3472 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3473 Compare.setOpcode(X86::CMP64ri32); 3474 else 3475 Compare.setOpcode(X86::CMP64rm); 3476 3477 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3478 3479 // TODO: Would be preferable to only load this value once. 3480 for (unsigned i = 0; 3481 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3482 if (!CallInst.getOperand(i).isInst()) 3483 Compare.addOperand(CallInst.getOperand(i)); 3484 } else { 3485 // Compare current call target to a specific address. 3486 NewCall->push_back(CallInst); 3487 MCInst &Compare = NewCall->back(); 3488 Compare.clear(); 3489 if (isBranchOnReg(CallInst)) 3490 Compare.setOpcode(X86::CMP64ri32); 3491 else 3492 Compare.setOpcode(X86::CMP64mi32); 3493 3494 // Original call address. 3495 for (unsigned i = 0; 3496 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3497 if (!CallInst.getOperand(i).isInst()) 3498 Compare.addOperand(CallInst.getOperand(i)); 3499 3500 // Target address. 3501 if (Targets[i].first || LoadElim) { 3502 const MCSymbol *Sym = 3503 LoadElim ? VtableSyms[i].first : Targets[i].first; 3504 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3505 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3506 if (Addend) 3507 Expr = MCBinaryExpr::createAdd( 3508 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3509 Compare.addOperand(MCOperand::createExpr(Expr)); 3510 } else { 3511 const uint64_t Addr = Targets[i].second; 3512 // Immediate address is out of sign extended 32 bit range. 3513 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3514 return BlocksVectorTy(); 3515 3516 Compare.addOperand(MCOperand::createImm(Addr)); 3517 } 3518 } 3519 3520 // jump to next target compare. 3521 NextTarget = 3522 Ctx->createNamedTempSymbol(); // generate label for the next block 3523 NewCall->push_back(CallInst); 3524 3525 if (IsJumpTable) { 3526 MCInst &Je = NewCall->back(); 3527 3528 // Jump to next compare if target addresses don't match. 3529 Je.clear(); 3530 Je.setOpcode(X86::JCC_1); 3531 if (Targets[i].first) 3532 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3533 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3534 else 3535 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3536 3537 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3538 assert(!isInvoke(CallInst)); 3539 } else { 3540 MCInst &Jne = NewCall->back(); 3541 3542 // Jump to next compare if target addresses don't match. 3543 Jne.clear(); 3544 Jne.setOpcode(X86::JCC_1); 3545 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3546 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3547 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3548 3549 // Call specific target directly. 3550 Results.emplace_back(Ctx->createNamedTempSymbol(), 3551 InstructionListType()); 3552 NewCall = &Results.back().second; 3553 NewCall->push_back(CallInst); 3554 MCInst &CallOrJmp = NewCall->back(); 3555 3556 CallOrJmp.clear(); 3557 3558 if (MinimizeCodeSize && !LoadElim) { 3559 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3560 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3561 } else { 3562 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3563 3564 if (Targets[i].first) 3565 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3566 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3567 else 3568 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3569 } 3570 if (IsTailCall) 3571 setTailCall(CallOrJmp); 3572 3573 if (CallOrJmp.getOpcode() == X86::CALL64r || 3574 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3575 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3576 // Annotated as duplicated call 3577 setOffset(CallOrJmp, *Offset); 3578 } 3579 3580 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3581 // Copy over any EH or GNU args size information from the original 3582 // call. 3583 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3584 if (EHInfo) 3585 addEHInfo(CallOrJmp, *EHInfo); 3586 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3587 if (GnuArgsSize >= 0) 3588 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3589 } 3590 3591 if (!IsTailCall) { 3592 // The fallthrough block for the most common target should be 3593 // the merge block. 3594 if (i == 0) { 3595 // Fallthrough to merge block. 3596 MergeBlock = Ctx->createNamedTempSymbol(); 3597 } else { 3598 // Insert jump to the merge block if we are not doing a fallthrough. 3599 jumpToMergeBlock(*NewCall); 3600 } 3601 } 3602 } 3603 } 3604 3605 // Cold call block. 3606 Results.emplace_back(NextTarget, InstructionListType()); 3607 InstructionListType &NewCall = Results.back().second; 3608 for (const MCInst *Inst : MethodFetchInsns) 3609 if (Inst != &CallInst) 3610 NewCall.push_back(*Inst); 3611 NewCall.push_back(CallInst); 3612 3613 // Jump to merge block from cold call block 3614 if (!IsTailCall && !IsJumpTable) { 3615 jumpToMergeBlock(NewCall); 3616 3617 // Record merge block 3618 Results.emplace_back(MergeBlock, InstructionListType()); 3619 } 3620 3621 return Results; 3622 } 3623 3624 BlocksVectorTy jumpTablePromotion( 3625 const MCInst &IJmpInst, 3626 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3627 const std::vector<MCInst *> &TargetFetchInsns, 3628 MCContext *Ctx) const override { 3629 assert(getJumpTable(IJmpInst) != 0); 3630 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3631 if (IndexReg == 0) 3632 return BlocksVectorTy(); 3633 3634 BlocksVectorTy Results; 3635 3636 // Label for the current code block. 3637 MCSymbol *NextTarget = nullptr; 3638 3639 for (unsigned int i = 0; i < Targets.size(); ++i) { 3640 Results.emplace_back(NextTarget, InstructionListType()); 3641 InstructionListType *CurBB = &Results.back().second; 3642 3643 // Compare current index to a specific index. 3644 CurBB->emplace_back(MCInst()); 3645 MCInst &CompareInst = CurBB->back(); 3646 CompareInst.setLoc(IJmpInst.getLoc()); 3647 CompareInst.setOpcode(X86::CMP64ri32); 3648 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3649 3650 const uint64_t CaseIdx = Targets[i].second; 3651 // Immediate address is out of sign extended 32 bit range. 3652 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3653 return BlocksVectorTy(); 3654 3655 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3656 shortenInstruction(CompareInst, *Ctx->getSubtargetInfo()); 3657 3658 // jump to next target compare. 3659 NextTarget = 3660 Ctx->createNamedTempSymbol(); // generate label for the next block 3661 CurBB->push_back(MCInst()); 3662 3663 MCInst &JEInst = CurBB->back(); 3664 JEInst.setLoc(IJmpInst.getLoc()); 3665 3666 // Jump to target if indices match 3667 JEInst.setOpcode(X86::JCC_1); 3668 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3669 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3670 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3671 } 3672 3673 // Cold call block. 3674 Results.emplace_back(NextTarget, InstructionListType()); 3675 InstructionListType &CurBB = Results.back().second; 3676 for (const MCInst *Inst : TargetFetchInsns) 3677 if (Inst != &IJmpInst) 3678 CurBB.push_back(*Inst); 3679 3680 CurBB.push_back(IJmpInst); 3681 3682 return Results; 3683 } 3684 3685 private: 3686 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3687 MCContext *Ctx) const { 3688 Inst.setOpcode(X86::MOV64rm); 3689 Inst.addOperand(MCOperand::createReg(Reg)); 3690 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3691 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3692 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3693 Inst.addOperand(MCOperand::createExpr( 3694 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3695 *Ctx))); // Displacement 3696 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3697 3698 return true; 3699 } 3700 3701 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3702 MCContext *Ctx) const { 3703 Inst.setOpcode(X86::LEA64r); 3704 Inst.addOperand(MCOperand::createReg(Reg)); 3705 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3706 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3707 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3708 Inst.addOperand(MCOperand::createExpr( 3709 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3710 *Ctx))); // Displacement 3711 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3712 return true; 3713 } 3714 }; 3715 3716 } // namespace 3717 3718 namespace llvm { 3719 namespace bolt { 3720 3721 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3722 const MCInstrInfo *Info, 3723 const MCRegisterInfo *RegInfo) { 3724 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3725 } 3726 3727 } // namespace bolt 3728 } // namespace llvm 3729