1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "X86MCSymbolizer.h" 17 #include "bolt/Core/MCPlus.h" 18 #include "bolt/Core/MCPlusBuilder.h" 19 #include "llvm/BinaryFormat/ELF.h" 20 #include "llvm/MC/MCContext.h" 21 #include "llvm/MC/MCFixupKindInfo.h" 22 #include "llvm/MC/MCInst.h" 23 #include "llvm/MC/MCInstBuilder.h" 24 #include "llvm/MC/MCInstrInfo.h" 25 #include "llvm/MC/MCRegister.h" 26 #include "llvm/MC/MCRegisterInfo.h" 27 #include "llvm/Support/CommandLine.h" 28 #include "llvm/Support/DataExtractor.h" 29 #include "llvm/Support/Debug.h" 30 #include "llvm/Support/Errc.h" 31 #include "llvm/Support/ErrorHandling.h" 32 #include "llvm/Support/ErrorOr.h" 33 #include <set> 34 35 #define DEBUG_TYPE "mcplus" 36 37 using namespace llvm; 38 using namespace bolt; 39 40 namespace opts { 41 42 extern cl::OptionCategory BoltOptCategory; 43 44 static cl::opt<bool> X86StripRedundantAddressSize( 45 "x86-strip-redundant-address-size", 46 cl::desc("Remove redundant Address-Size override prefix"), cl::init(true), 47 cl::cat(BoltOptCategory)); 48 49 } // namespace opts 50 51 namespace { 52 53 unsigned getShortBranchOpcode(unsigned Opcode) { 54 switch (Opcode) { 55 default: 56 return Opcode; 57 case X86::JMP_2: return X86::JMP_1; 58 case X86::JMP_4: return X86::JMP_1; 59 case X86::JCC_2: return X86::JCC_1; 60 case X86::JCC_4: return X86::JCC_1; 61 } 62 } 63 64 unsigned getShortArithOpcode(unsigned Opcode) { 65 return X86::getShortOpcodeArith(Opcode); 66 } 67 68 bool isMOVSX64rm32(const MCInst &Inst) { 69 return Inst.getOpcode() == X86::MOVSX64rm32; 70 } 71 72 bool isADD64rr(const MCInst &Inst) { return Inst.getOpcode() == X86::ADD64rr; } 73 74 bool isADDri(const MCInst &Inst) { 75 return Inst.getOpcode() == X86::ADD64ri32 || 76 Inst.getOpcode() == X86::ADD64ri8; 77 } 78 79 #define GET_INSTRINFO_OPERAND_TYPES_ENUM 80 #define GET_INSTRINFO_OPERAND_TYPE 81 #define GET_INSTRINFO_MEM_OPERAND_SIZE 82 #include "X86GenInstrInfo.inc" 83 84 class X86MCPlusBuilder : public MCPlusBuilder { 85 public: 86 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 87 const MCRegisterInfo *RegInfo) 88 : MCPlusBuilder(Analysis, Info, RegInfo) {} 89 90 std::unique_ptr<MCSymbolizer> 91 createTargetSymbolizer(BinaryFunction &Function) const override { 92 return std::make_unique<X86MCSymbolizer>(Function); 93 } 94 95 bool isBranch(const MCInst &Inst) const override { 96 return Analysis->isBranch(Inst) && !isTailCall(Inst); 97 } 98 99 bool isNoop(const MCInst &Inst) const override { 100 return X86::isNOP(Inst.getOpcode()); 101 } 102 103 unsigned getCondCode(const MCInst &Inst) const override { 104 unsigned Opcode = Inst.getOpcode(); 105 if (X86::isJCC(Opcode)) 106 return Inst.getOperand(Info->get(Opcode).NumOperands - 1).getImm(); 107 return X86::COND_INVALID; 108 } 109 110 unsigned getInvertedCondCode(unsigned CC) const override { 111 switch (CC) { 112 default: return X86::COND_INVALID; 113 case X86::COND_E: return X86::COND_NE; 114 case X86::COND_NE: return X86::COND_E; 115 case X86::COND_L: return X86::COND_GE; 116 case X86::COND_LE: return X86::COND_G; 117 case X86::COND_G: return X86::COND_LE; 118 case X86::COND_GE: return X86::COND_L; 119 case X86::COND_B: return X86::COND_AE; 120 case X86::COND_BE: return X86::COND_A; 121 case X86::COND_A: return X86::COND_BE; 122 case X86::COND_AE: return X86::COND_B; 123 case X86::COND_S: return X86::COND_NS; 124 case X86::COND_NS: return X86::COND_S; 125 case X86::COND_P: return X86::COND_NP; 126 case X86::COND_NP: return X86::COND_P; 127 case X86::COND_O: return X86::COND_NO; 128 case X86::COND_NO: return X86::COND_O; 129 } 130 } 131 132 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 133 enum DecodedCondCode : uint8_t { 134 DCC_EQUAL = 0x1, 135 DCC_GREATER = 0x2, 136 DCC_LESSER = 0x4, 137 DCC_GREATER_OR_LESSER = 0x6, 138 DCC_UNSIGNED = 0x8, 139 DCC_SIGNED = 0x10, 140 DCC_INVALID = 0x20, 141 }; 142 143 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 144 switch (CC) { 145 default: return DCC_INVALID; 146 case X86::COND_E: return DCC_EQUAL; 147 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 148 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 149 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 150 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 151 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 152 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 153 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 154 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 155 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 156 } 157 }; 158 159 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 160 161 if (DCC & DCC_INVALID) 162 return X86::COND_INVALID; 163 164 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 165 return X86::COND_INVALID; 166 167 switch (DCC) { 168 default: return X86::COND_INVALID; 169 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 170 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 171 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 172 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 173 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 174 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 175 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 176 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 177 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 178 case DCC_EQUAL: return X86::COND_E; 179 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 180 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 181 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 182 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 183 } 184 } 185 186 bool isValidCondCode(unsigned CC) const override { 187 return (CC != X86::COND_INVALID); 188 } 189 190 bool isBreakpoint(const MCInst &Inst) const override { 191 return Inst.getOpcode() == X86::INT3; 192 } 193 194 bool isPrefix(const MCInst &Inst) const override { 195 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 196 return X86II::isPrefix(Desc.TSFlags); 197 } 198 199 bool isRep(const MCInst &Inst) const override { 200 return Inst.getFlags() == X86::IP_HAS_REPEAT; 201 } 202 203 bool deleteREPPrefix(MCInst &Inst) const override { 204 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 205 Inst.setFlags(0); 206 return true; 207 } 208 return false; 209 } 210 211 // FIXME: For compatibility with old LLVM only! 212 bool isTerminator(const MCInst &Inst) const override { 213 unsigned Opcode = Inst.getOpcode(); 214 return Info->get(Opcode).isTerminator() || X86::isUD1(Opcode) || 215 X86::isUD2(Opcode); 216 } 217 218 bool isIndirectCall(const MCInst &Inst) const override { 219 return isCall(Inst) && 220 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 221 } 222 223 bool isPop(const MCInst &Inst) const override { 224 return getPopSize(Inst) == 0 ? false : true; 225 } 226 227 bool isTerminateBranch(const MCInst &Inst) const override { 228 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 229 } 230 231 int getPopSize(const MCInst &Inst) const override { 232 switch (Inst.getOpcode()) { 233 case X86::POP16r: 234 case X86::POP16rmm: 235 case X86::POP16rmr: 236 case X86::POPF16: 237 case X86::POPA16: 238 case X86::POPDS16: 239 case X86::POPES16: 240 case X86::POPFS16: 241 case X86::POPGS16: 242 case X86::POPSS16: 243 return 2; 244 case X86::POP32r: 245 case X86::POP32rmm: 246 case X86::POP32rmr: 247 case X86::POPA32: 248 case X86::POPDS32: 249 case X86::POPES32: 250 case X86::POPF32: 251 case X86::POPFS32: 252 case X86::POPGS32: 253 case X86::POPSS32: 254 return 4; 255 case X86::POP64r: 256 case X86::POP64rmm: 257 case X86::POP64rmr: 258 case X86::POPF64: 259 case X86::POPFS64: 260 case X86::POPGS64: 261 return 8; 262 } 263 return 0; 264 } 265 266 bool isPush(const MCInst &Inst) const override { 267 return getPushSize(Inst) == 0 ? false : true; 268 } 269 270 int getPushSize(const MCInst &Inst) const override { 271 switch (Inst.getOpcode()) { 272 case X86::PUSH16i8: 273 case X86::PUSH16r: 274 case X86::PUSH16rmm: 275 case X86::PUSH16rmr: 276 case X86::PUSHA16: 277 case X86::PUSHCS16: 278 case X86::PUSHDS16: 279 case X86::PUSHES16: 280 case X86::PUSHF16: 281 case X86::PUSHFS16: 282 case X86::PUSHGS16: 283 case X86::PUSHSS16: 284 case X86::PUSHi16: 285 return 2; 286 case X86::PUSH32i8: 287 case X86::PUSH32r: 288 case X86::PUSH32rmm: 289 case X86::PUSH32rmr: 290 case X86::PUSHA32: 291 case X86::PUSHCS32: 292 case X86::PUSHDS32: 293 case X86::PUSHES32: 294 case X86::PUSHF32: 295 case X86::PUSHFS32: 296 case X86::PUSHGS32: 297 case X86::PUSHSS32: 298 case X86::PUSHi32: 299 return 4; 300 case X86::PUSH64i32: 301 case X86::PUSH64i8: 302 case X86::PUSH64r: 303 case X86::PUSH64rmm: 304 case X86::PUSH64rmr: 305 case X86::PUSHF64: 306 case X86::PUSHFS64: 307 case X86::PUSHGS64: 308 return 8; 309 } 310 return 0; 311 } 312 313 bool isSUB(const MCInst &Inst) const override { 314 return X86::isSUB(Inst.getOpcode()); 315 } 316 317 bool isLEA64r(const MCInst &Inst) const override { 318 return Inst.getOpcode() == X86::LEA64r; 319 } 320 321 bool isLeave(const MCInst &Inst) const override { 322 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 323 } 324 325 bool isMoveMem2Reg(const MCInst &Inst) const override { 326 switch (Inst.getOpcode()) { 327 case X86::MOV16rm: 328 case X86::MOV32rm: 329 case X86::MOV64rm: 330 return true; 331 } 332 return false; 333 } 334 335 bool isUnsupportedBranch(unsigned Opcode) const override { 336 switch (Opcode) { 337 default: 338 return false; 339 case X86::LOOP: 340 case X86::LOOPE: 341 case X86::LOOPNE: 342 case X86::JECXZ: 343 case X86::JRCXZ: 344 return true; 345 } 346 } 347 348 bool isLoad(const MCInst &Inst) const override { 349 if (isPop(Inst)) 350 return true; 351 352 int MemOpNo = getMemoryOperandNo(Inst); 353 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 354 355 if (MemOpNo == -1) 356 return false; 357 358 return MCII.mayLoad(); 359 } 360 361 bool isStore(const MCInst &Inst) const override { 362 if (isPush(Inst)) 363 return true; 364 365 int MemOpNo = getMemoryOperandNo(Inst); 366 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 367 368 if (MemOpNo == -1) 369 return false; 370 371 return MCII.mayStore(); 372 } 373 374 bool isCleanRegXOR(const MCInst &Inst) const override { 375 switch (Inst.getOpcode()) { 376 case X86::XOR16rr: 377 case X86::XOR32rr: 378 case X86::XOR64rr: 379 break; 380 default: 381 return false; 382 } 383 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 384 } 385 386 bool isPacked(const MCInst &Inst) const override { 387 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 388 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 389 } 390 391 unsigned getTrapFillValue() const override { return 0xCC; } 392 393 struct IndJmpMatcherFrag1 : MCInstMatcher { 394 std::unique_ptr<MCInstMatcher> Base; 395 std::unique_ptr<MCInstMatcher> Scale; 396 std::unique_ptr<MCInstMatcher> Index; 397 std::unique_ptr<MCInstMatcher> Offset; 398 399 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 400 std::unique_ptr<MCInstMatcher> Scale, 401 std::unique_ptr<MCInstMatcher> Index, 402 std::unique_ptr<MCInstMatcher> Offset) 403 : Base(std::move(Base)), Scale(std::move(Scale)), 404 Index(std::move(Index)), Offset(std::move(Offset)) {} 405 406 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 407 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 408 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 409 return false; 410 411 if (CurInst->getOpcode() != X86::JMP64m) 412 return false; 413 414 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 415 if (MemOpNo == -1) 416 return false; 417 418 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 419 return false; 420 if (!Scale->match(MRI, MIB, this->InstrWindow, 421 MemOpNo + X86::AddrScaleAmt)) 422 return false; 423 if (!Index->match(MRI, MIB, this->InstrWindow, 424 MemOpNo + X86::AddrIndexReg)) 425 return false; 426 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 427 return false; 428 return true; 429 } 430 431 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 432 MIB.addAnnotation(*CurInst, Annotation, true); 433 Base->annotate(MIB, Annotation); 434 Scale->annotate(MIB, Annotation); 435 Index->annotate(MIB, Annotation); 436 Offset->annotate(MIB, Annotation); 437 } 438 }; 439 440 std::unique_ptr<MCInstMatcher> 441 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 442 std::unique_ptr<MCInstMatcher> Scale, 443 std::unique_ptr<MCInstMatcher> Index, 444 std::unique_ptr<MCInstMatcher> Offset) const override { 445 return std::unique_ptr<MCInstMatcher>( 446 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 447 std::move(Index), std::move(Offset))); 448 } 449 450 struct IndJmpMatcherFrag2 : MCInstMatcher { 451 std::unique_ptr<MCInstMatcher> Reg; 452 453 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 454 : Reg(std::move(Reg)) {} 455 456 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 457 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 458 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 459 return false; 460 461 if (CurInst->getOpcode() != X86::JMP64r) 462 return false; 463 464 return Reg->match(MRI, MIB, this->InstrWindow, 0); 465 } 466 467 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 468 MIB.addAnnotation(*CurInst, Annotation, true); 469 Reg->annotate(MIB, Annotation); 470 } 471 }; 472 473 std::unique_ptr<MCInstMatcher> 474 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 475 return std::unique_ptr<MCInstMatcher>( 476 new IndJmpMatcherFrag2(std::move(Target))); 477 } 478 479 struct LoadMatcherFrag1 : MCInstMatcher { 480 std::unique_ptr<MCInstMatcher> Base; 481 std::unique_ptr<MCInstMatcher> Scale; 482 std::unique_ptr<MCInstMatcher> Index; 483 std::unique_ptr<MCInstMatcher> Offset; 484 485 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 486 std::unique_ptr<MCInstMatcher> Scale, 487 std::unique_ptr<MCInstMatcher> Index, 488 std::unique_ptr<MCInstMatcher> Offset) 489 : Base(std::move(Base)), Scale(std::move(Scale)), 490 Index(std::move(Index)), Offset(std::move(Offset)) {} 491 492 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 493 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 494 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 495 return false; 496 497 if (CurInst->getOpcode() != X86::MOV64rm && 498 CurInst->getOpcode() != X86::MOVSX64rm32) 499 return false; 500 501 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 502 if (MemOpNo == -1) 503 return false; 504 505 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 506 return false; 507 if (!Scale->match(MRI, MIB, this->InstrWindow, 508 MemOpNo + X86::AddrScaleAmt)) 509 return false; 510 if (!Index->match(MRI, MIB, this->InstrWindow, 511 MemOpNo + X86::AddrIndexReg)) 512 return false; 513 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 514 return false; 515 return true; 516 } 517 518 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 519 MIB.addAnnotation(*CurInst, Annotation, true); 520 Base->annotate(MIB, Annotation); 521 Scale->annotate(MIB, Annotation); 522 Index->annotate(MIB, Annotation); 523 Offset->annotate(MIB, Annotation); 524 } 525 }; 526 527 std::unique_ptr<MCInstMatcher> 528 matchLoad(std::unique_ptr<MCInstMatcher> Base, 529 std::unique_ptr<MCInstMatcher> Scale, 530 std::unique_ptr<MCInstMatcher> Index, 531 std::unique_ptr<MCInstMatcher> Offset) const override { 532 return std::unique_ptr<MCInstMatcher>( 533 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 534 std::move(Index), std::move(Offset))); 535 } 536 537 struct AddMatcher : MCInstMatcher { 538 std::unique_ptr<MCInstMatcher> A; 539 std::unique_ptr<MCInstMatcher> B; 540 541 AddMatcher(std::unique_ptr<MCInstMatcher> A, 542 std::unique_ptr<MCInstMatcher> B) 543 : A(std::move(A)), B(std::move(B)) {} 544 545 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 546 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 547 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 548 return false; 549 550 if (CurInst->getOpcode() == X86::ADD64rr || 551 CurInst->getOpcode() == X86::ADD64rr_DB || 552 CurInst->getOpcode() == X86::ADD64rr_REV) { 553 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 554 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 555 return false; 556 return A->match(MRI, MIB, this->InstrWindow, 2); 557 } 558 559 if (B->match(MRI, MIB, this->InstrWindow, 2)) 560 return true; 561 562 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 563 return false; 564 return A->match(MRI, MIB, this->InstrWindow, 2); 565 } 566 567 return false; 568 } 569 570 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 571 MIB.addAnnotation(*CurInst, Annotation, true); 572 A->annotate(MIB, Annotation); 573 B->annotate(MIB, Annotation); 574 } 575 }; 576 577 virtual std::unique_ptr<MCInstMatcher> 578 matchAdd(std::unique_ptr<MCInstMatcher> A, 579 std::unique_ptr<MCInstMatcher> B) const override { 580 return std::unique_ptr<MCInstMatcher>( 581 new AddMatcher(std::move(A), std::move(B))); 582 } 583 584 struct LEAMatcher : MCInstMatcher { 585 std::unique_ptr<MCInstMatcher> Target; 586 587 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 588 : Target(std::move(Target)) {} 589 590 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 591 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 592 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 593 return false; 594 595 if (CurInst->getOpcode() != X86::LEA64r) 596 return false; 597 598 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 599 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 600 X86::NoRegister || 601 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 602 X86::NoRegister && 603 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 604 return false; 605 606 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 607 } 608 609 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 610 MIB.addAnnotation(*CurInst, Annotation, true); 611 Target->annotate(MIB, Annotation); 612 } 613 }; 614 615 virtual std::unique_ptr<MCInstMatcher> 616 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 617 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 618 } 619 620 bool hasPCRelOperand(const MCInst &Inst) const override { 621 for (const MCOperand &Operand : Inst) 622 if (Operand.isReg() && Operand.getReg() == X86::RIP) 623 return true; 624 return false; 625 } 626 627 int getMemoryOperandNo(const MCInst &Inst) const override { 628 unsigned Opcode = Inst.getOpcode(); 629 const MCInstrDesc &Desc = Info->get(Opcode); 630 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 631 if (MemOpNo >= 0) 632 MemOpNo += X86II::getOperandBias(Desc); 633 return MemOpNo; 634 } 635 636 bool hasEVEXEncoding(const MCInst &Inst) const override { 637 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 638 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 639 } 640 641 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 642 const auto *I = Insts.begin(); 643 while (I != Insts.end() && isPrefix(*I)) 644 ++I; 645 if (I == Insts.end()) 646 return false; 647 648 const MCInst &FirstInst = *I; 649 ++I; 650 while (I != Insts.end() && isPrefix(*I)) 651 ++I; 652 if (I == Insts.end()) 653 return false; 654 const MCInst &SecondInst = *I; 655 656 if (!isConditionalBranch(SecondInst)) 657 return false; 658 // Cannot fuse if the first instruction uses RIP-relative memory. 659 if (hasPCRelOperand(FirstInst)) 660 return false; 661 662 const X86::FirstMacroFusionInstKind CmpKind = 663 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 664 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 665 return false; 666 667 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 668 X86::SecondMacroFusionInstKind BranchKind = 669 X86::classifySecondCondCodeInMacroFusion(CC); 670 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 671 return false; 672 return X86::isMacroFused(CmpKind, BranchKind); 673 } 674 675 bool 676 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 677 int64_t *ScaleImm, unsigned *IndexRegNum, 678 int64_t *DispImm, unsigned *SegmentRegNum, 679 const MCExpr **DispExpr = nullptr) const override { 680 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 681 "one of the input pointers is null"); 682 int MemOpNo = getMemoryOperandNo(Inst); 683 if (MemOpNo < 0) 684 return false; 685 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 686 687 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 688 return false; 689 690 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 691 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 692 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 693 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 694 const MCOperand &Segment = 695 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 696 697 // Make sure it is a well-formed memory operand. 698 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 699 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 700 return false; 701 702 *BaseRegNum = Base.getReg(); 703 *ScaleImm = Scale.getImm(); 704 *IndexRegNum = Index.getReg(); 705 if (Disp.isImm()) { 706 assert(DispImm && "DispImm needs to be set"); 707 *DispImm = Disp.getImm(); 708 if (DispExpr) 709 *DispExpr = nullptr; 710 } else { 711 assert(DispExpr && "DispExpr needs to be set"); 712 *DispExpr = Disp.getExpr(); 713 if (DispImm) 714 *DispImm = 0; 715 } 716 *SegmentRegNum = Segment.getReg(); 717 return true; 718 } 719 720 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 721 uint64_t Address, 722 uint64_t Size) const override { 723 unsigned BaseRegNum; 724 int64_t ScaleValue; 725 unsigned IndexRegNum; 726 int64_t DispValue; 727 unsigned SegRegNum; 728 const MCExpr *DispExpr = nullptr; 729 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 730 &DispValue, &SegRegNum, &DispExpr)) 731 return false; 732 733 // Make sure it's a well-formed addressing we can statically evaluate. 734 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 735 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 736 DispExpr) 737 return false; 738 739 Target = DispValue; 740 if (BaseRegNum == X86::RIP) { 741 assert(Size != 0 && "instruction size required in order to statically " 742 "evaluate RIP-relative address"); 743 Target += Address + Size; 744 } 745 return true; 746 } 747 748 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 749 int MemOpNo = getMemoryOperandNo(Inst); 750 if (MemOpNo < 0) 751 return Inst.end(); 752 return Inst.begin() + (MemOpNo + X86::AddrDisp); 753 } 754 755 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 756 MCOperand *OI = getMemOperandDisp(Inst); 757 if (OI == Inst.end()) 758 return false; 759 *OI = Operand; 760 return true; 761 } 762 763 /// Get the registers used as function parameters. 764 /// This function is specific to the x86_64 abi on Linux. 765 BitVector getRegsUsedAsParams() const override { 766 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 767 Regs |= getAliases(X86::RSI); 768 Regs |= getAliases(X86::RDI); 769 Regs |= getAliases(X86::RDX); 770 Regs |= getAliases(X86::RCX); 771 Regs |= getAliases(X86::R8); 772 Regs |= getAliases(X86::R9); 773 return Regs; 774 } 775 776 void getCalleeSavedRegs(BitVector &Regs) const override { 777 Regs |= getAliases(X86::RBX); 778 Regs |= getAliases(X86::RBP); 779 Regs |= getAliases(X86::R12); 780 Regs |= getAliases(X86::R13); 781 Regs |= getAliases(X86::R14); 782 Regs |= getAliases(X86::R15); 783 } 784 785 void getDefaultDefIn(BitVector &Regs) const override { 786 assert(Regs.size() >= RegInfo->getNumRegs() && 787 "The size of BitVector is less than RegInfo->getNumRegs()."); 788 Regs.set(X86::RAX); 789 Regs.set(X86::RCX); 790 Regs.set(X86::RDX); 791 Regs.set(X86::RSI); 792 Regs.set(X86::RDI); 793 Regs.set(X86::R8); 794 Regs.set(X86::R9); 795 Regs.set(X86::XMM0); 796 Regs.set(X86::XMM1); 797 Regs.set(X86::XMM2); 798 Regs.set(X86::XMM3); 799 Regs.set(X86::XMM4); 800 Regs.set(X86::XMM5); 801 Regs.set(X86::XMM6); 802 Regs.set(X86::XMM7); 803 } 804 805 void getDefaultLiveOut(BitVector &Regs) const override { 806 assert(Regs.size() >= RegInfo->getNumRegs() && 807 "The size of BitVector is less than RegInfo->getNumRegs()."); 808 Regs |= getAliases(X86::RAX); 809 Regs |= getAliases(X86::RDX); 810 Regs |= getAliases(X86::RCX); 811 Regs |= getAliases(X86::XMM0); 812 Regs |= getAliases(X86::XMM1); 813 } 814 815 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 816 if (IncludeAlias) { 817 Regs |= getAliases(X86::RAX); 818 Regs |= getAliases(X86::RBX); 819 Regs |= getAliases(X86::RBP); 820 Regs |= getAliases(X86::RSI); 821 Regs |= getAliases(X86::RDI); 822 Regs |= getAliases(X86::RDX); 823 Regs |= getAliases(X86::RCX); 824 Regs |= getAliases(X86::R8); 825 Regs |= getAliases(X86::R9); 826 Regs |= getAliases(X86::R10); 827 Regs |= getAliases(X86::R11); 828 Regs |= getAliases(X86::R12); 829 Regs |= getAliases(X86::R13); 830 Regs |= getAliases(X86::R14); 831 Regs |= getAliases(X86::R15); 832 return; 833 } 834 Regs.set(X86::RAX); 835 Regs.set(X86::RBX); 836 Regs.set(X86::RBP); 837 Regs.set(X86::RSI); 838 Regs.set(X86::RDI); 839 Regs.set(X86::RDX); 840 Regs.set(X86::RCX); 841 Regs.set(X86::R8); 842 Regs.set(X86::R9); 843 Regs.set(X86::R10); 844 Regs.set(X86::R11); 845 Regs.set(X86::R12); 846 Regs.set(X86::R13); 847 Regs.set(X86::R14); 848 Regs.set(X86::R15); 849 } 850 851 void getClassicGPRegs(BitVector &Regs) const override { 852 Regs |= getAliases(X86::RAX); 853 Regs |= getAliases(X86::RBX); 854 Regs |= getAliases(X86::RBP); 855 Regs |= getAliases(X86::RSI); 856 Regs |= getAliases(X86::RDI); 857 Regs |= getAliases(X86::RDX); 858 Regs |= getAliases(X86::RCX); 859 } 860 861 void getRepRegs(BitVector &Regs) const override { 862 Regs |= getAliases(X86::RCX); 863 } 864 865 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 866 switch (Reg) { 867 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 868 switch (Size) { 869 case 8: return X86::RAX; case 4: return X86::EAX; 870 case 2: return X86::AX; case 1: return X86::AL; 871 default: llvm_unreachable("Unexpected size"); 872 } 873 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 874 switch (Size) { 875 case 8: return X86::RBX; case 4: return X86::EBX; 876 case 2: return X86::BX; case 1: return X86::BL; 877 default: llvm_unreachable("Unexpected size"); 878 } 879 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 880 switch (Size) { 881 case 8: return X86::RDX; case 4: return X86::EDX; 882 case 2: return X86::DX; case 1: return X86::DL; 883 default: llvm_unreachable("Unexpected size"); 884 } 885 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 886 switch (Size) { 887 case 8: return X86::RDI; case 4: return X86::EDI; 888 case 2: return X86::DI; case 1: return X86::DIL; 889 default: llvm_unreachable("Unexpected size"); 890 } 891 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 892 switch (Size) { 893 case 8: return X86::RSI; case 4: return X86::ESI; 894 case 2: return X86::SI; case 1: return X86::SIL; 895 default: llvm_unreachable("Unexpected size"); 896 } 897 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 898 switch (Size) { 899 case 8: return X86::RCX; case 4: return X86::ECX; 900 case 2: return X86::CX; case 1: return X86::CL; 901 default: llvm_unreachable("Unexpected size"); 902 } 903 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 904 switch (Size) { 905 case 8: return X86::RSP; case 4: return X86::ESP; 906 case 2: return X86::SP; case 1: return X86::SPL; 907 default: llvm_unreachable("Unexpected size"); 908 } 909 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 910 switch (Size) { 911 case 8: return X86::RBP; case 4: return X86::EBP; 912 case 2: return X86::BP; case 1: return X86::BPL; 913 default: llvm_unreachable("Unexpected size"); 914 } 915 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 916 switch (Size) { 917 case 8: return X86::R8; case 4: return X86::R8D; 918 case 2: return X86::R8W; case 1: return X86::R8B; 919 default: llvm_unreachable("Unexpected size"); 920 } 921 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 922 switch (Size) { 923 case 8: return X86::R9; case 4: return X86::R9D; 924 case 2: return X86::R9W; case 1: return X86::R9B; 925 default: llvm_unreachable("Unexpected size"); 926 } 927 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 928 switch (Size) { 929 case 8: return X86::R10; case 4: return X86::R10D; 930 case 2: return X86::R10W; case 1: return X86::R10B; 931 default: llvm_unreachable("Unexpected size"); 932 } 933 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 934 switch (Size) { 935 case 8: return X86::R11; case 4: return X86::R11D; 936 case 2: return X86::R11W; case 1: return X86::R11B; 937 default: llvm_unreachable("Unexpected size"); 938 } 939 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 940 switch (Size) { 941 case 8: return X86::R12; case 4: return X86::R12D; 942 case 2: return X86::R12W; case 1: return X86::R12B; 943 default: llvm_unreachable("Unexpected size"); 944 } 945 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 946 switch (Size) { 947 case 8: return X86::R13; case 4: return X86::R13D; 948 case 2: return X86::R13W; case 1: return X86::R13B; 949 default: llvm_unreachable("Unexpected size"); 950 } 951 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 952 switch (Size) { 953 case 8: return X86::R14; case 4: return X86::R14D; 954 case 2: return X86::R14W; case 1: return X86::R14B; 955 default: llvm_unreachable("Unexpected size"); 956 } 957 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 958 switch (Size) { 959 case 8: return X86::R15; case 4: return X86::R15D; 960 case 2: return X86::R15W; case 1: return X86::R15B; 961 default: llvm_unreachable("Unexpected size"); 962 } 963 default: 964 dbgs() << Reg << " (get alias sized)\n"; 965 llvm_unreachable("Unexpected reg number"); 966 break; 967 } 968 } 969 970 bool isUpper8BitReg(MCPhysReg Reg) const override { 971 switch (Reg) { 972 case X86::AH: 973 case X86::BH: 974 case X86::CH: 975 case X86::DH: 976 return true; 977 default: 978 return false; 979 } 980 } 981 982 bool cannotUseREX(const MCInst &Inst) const override { 983 switch (Inst.getOpcode()) { 984 case X86::MOV8mr_NOREX: 985 case X86::MOV8rm_NOREX: 986 case X86::MOV8rr_NOREX: 987 case X86::MOVSX32rm8_NOREX: 988 case X86::MOVSX32rr8_NOREX: 989 case X86::MOVZX32rm8_NOREX: 990 case X86::MOVZX32rr8_NOREX: 991 case X86::MOV8mr: 992 case X86::MOV8rm: 993 case X86::MOV8rr: 994 case X86::MOVSX32rm8: 995 case X86::MOVSX32rr8: 996 case X86::MOVZX32rm8: 997 case X86::MOVZX32rr8: 998 case X86::TEST8ri: 999 for (const MCOperand &Operand : MCPlus::primeOperands(Inst)) { 1000 if (!Operand.isReg()) 1001 continue; 1002 if (isUpper8BitReg(Operand.getReg())) 1003 return true; 1004 } 1005 LLVM_FALLTHROUGH; 1006 default: 1007 return false; 1008 } 1009 } 1010 1011 static uint8_t getMemDataSize(const MCInst &Inst, int MemOpNo) { 1012 using namespace llvm::X86; 1013 int OpType = getOperandType(Inst.getOpcode(), MemOpNo); 1014 return getMemOperandSize(OpType) / 8; 1015 } 1016 1017 /// Classifying a stack access as *not* "SIMPLE" here means we don't know how 1018 /// to change this instruction memory access. It will disable any changes to 1019 /// the stack layout, so we can't do the most aggressive form of shrink 1020 /// wrapping. We must do so in a way that keeps the original stack layout. 1021 /// Otherwise you need to adjust the offset of all instructions accessing the 1022 /// stack: we can't do that anymore because there is one instruction that is 1023 /// not simple. There are other implications as well. We have heuristics to 1024 /// detect when a register is callee-saved and thus eligible for shrink 1025 /// wrapping. If you are restoring a register using a non-simple stack access, 1026 /// then it is classified as NOT callee-saved, and it disables shrink wrapping 1027 /// for *that* register (but not for others). 1028 /// 1029 /// Classifying a stack access as "size 0" or detecting an indexed memory 1030 /// access (to address a vector, for example) here means we know there is a 1031 /// stack access, but we can't quite understand how wide is the access in 1032 /// bytes. This is very serious because we can't understand how memory 1033 /// accesses alias with each other for this function. This will essentially 1034 /// disable not only shrink wrapping but all frame analysis, it will fail it 1035 /// as "we don't understand this function and we give up on it". 1036 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1037 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1038 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1039 bool &IsSimple, bool &IsIndexed) const override { 1040 // Detect simple push/pop cases first 1041 if (int Sz = getPushSize(Inst)) { 1042 IsLoad = false; 1043 IsStore = true; 1044 IsStoreFromReg = true; 1045 StackPtrReg = X86::RSP; 1046 StackOffset = -Sz; 1047 Size = Sz; 1048 IsSimple = true; 1049 if (Inst.getOperand(0).isImm()) 1050 SrcImm = Inst.getOperand(0).getImm(); 1051 else if (Inst.getOperand(0).isReg()) 1052 Reg = Inst.getOperand(0).getReg(); 1053 else 1054 IsSimple = false; 1055 1056 return true; 1057 } 1058 if (int Sz = getPopSize(Inst)) { 1059 IsLoad = true; 1060 IsStore = false; 1061 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1062 IsSimple = false; 1063 } else { 1064 Reg = Inst.getOperand(0).getReg(); 1065 IsSimple = true; 1066 } 1067 StackPtrReg = X86::RSP; 1068 StackOffset = 0; 1069 Size = Sz; 1070 return true; 1071 } 1072 1073 struct InstInfo { 1074 // Size in bytes that Inst loads from memory. 1075 uint8_t DataSize; 1076 bool IsLoad; 1077 bool IsStore; 1078 bool StoreFromReg; 1079 bool Simple; 1080 }; 1081 1082 InstInfo I; 1083 int MemOpNo = getMemoryOperandNo(Inst); 1084 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1085 // If it is not dealing with a memory operand, we discard it 1086 if (MemOpNo == -1 || MCII.isCall()) 1087 return false; 1088 1089 switch (Inst.getOpcode()) { 1090 default: { 1091 bool IsLoad = MCII.mayLoad(); 1092 bool IsStore = MCII.mayStore(); 1093 // Is it LEA? (deals with memory but is not loading nor storing) 1094 if (!IsLoad && !IsStore) 1095 return false; 1096 uint8_t Sz = getMemDataSize(Inst, MemOpNo); 1097 I = {Sz, IsLoad, IsStore, false, false}; 1098 break; 1099 } 1100 // Report simple stack accesses 1101 case X86::MOV8rm: I = {1, true, false, false, true}; break; 1102 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1103 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1104 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1105 case X86::MOV8mr: I = {1, false, true, true, true}; break; 1106 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1107 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1108 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1109 case X86::MOV8mi: I = {1, false, true, false, true}; break; 1110 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1111 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1112 } // end switch (Inst.getOpcode()) 1113 1114 unsigned BaseRegNum; 1115 int64_t ScaleValue; 1116 unsigned IndexRegNum; 1117 int64_t DispValue; 1118 unsigned SegRegNum; 1119 const MCExpr *DispExpr; 1120 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1121 &DispValue, &SegRegNum, &DispExpr)) { 1122 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1123 LLVM_DEBUG(Inst.dump()); 1124 return false; 1125 } 1126 1127 // Make sure it's a stack access 1128 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1129 return false; 1130 1131 IsLoad = I.IsLoad; 1132 IsStore = I.IsStore; 1133 IsStoreFromReg = I.StoreFromReg; 1134 Size = I.DataSize; 1135 IsSimple = I.Simple; 1136 StackPtrReg = BaseRegNum; 1137 StackOffset = DispValue; 1138 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1139 1140 if (!I.Simple) 1141 return true; 1142 1143 // Retrieve related register in simple MOV from/to stack operations. 1144 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1145 if (I.IsLoad) { 1146 MCOperand RegOpnd = Inst.getOperand(0); 1147 assert(RegOpnd.isReg() && "unexpected destination operand"); 1148 Reg = RegOpnd.getReg(); 1149 } else if (I.IsStore) { 1150 MCOperand SrcOpnd = 1151 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1152 if (I.StoreFromReg) { 1153 assert(SrcOpnd.isReg() && "unexpected source operand"); 1154 Reg = SrcOpnd.getReg(); 1155 } else { 1156 assert(SrcOpnd.isImm() && "unexpected source operand"); 1157 SrcImm = SrcOpnd.getImm(); 1158 } 1159 } 1160 1161 return true; 1162 } 1163 1164 void changeToPushOrPop(MCInst &Inst) const override { 1165 assert(!isPush(Inst) && !isPop(Inst)); 1166 1167 struct InstInfo { 1168 // Size in bytes that Inst loads from memory. 1169 uint8_t DataSize; 1170 bool IsLoad; 1171 bool StoreFromReg; 1172 }; 1173 1174 InstInfo I; 1175 switch (Inst.getOpcode()) { 1176 default: { 1177 llvm_unreachable("Unhandled opcode"); 1178 return; 1179 } 1180 case X86::MOV16rm: I = {2, true, false}; break; 1181 case X86::MOV32rm: I = {4, true, false}; break; 1182 case X86::MOV64rm: I = {8, true, false}; break; 1183 case X86::MOV16mr: I = {2, false, true}; break; 1184 case X86::MOV32mr: I = {4, false, true}; break; 1185 case X86::MOV64mr: I = {8, false, true}; break; 1186 case X86::MOV16mi: I = {2, false, false}; break; 1187 case X86::MOV32mi: I = {4, false, false}; break; 1188 } // end switch (Inst.getOpcode()) 1189 1190 unsigned BaseRegNum; 1191 int64_t ScaleValue; 1192 unsigned IndexRegNum; 1193 int64_t DispValue; 1194 unsigned SegRegNum; 1195 const MCExpr *DispExpr; 1196 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1197 &DispValue, &SegRegNum, &DispExpr)) { 1198 llvm_unreachable("Evaluate failed"); 1199 return; 1200 } 1201 // Make sure it's a stack access 1202 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1203 llvm_unreachable("Not a stack access"); 1204 return; 1205 } 1206 1207 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1208 unsigned NewOpcode = 0; 1209 if (I.IsLoad) { 1210 switch (I.DataSize) { 1211 case 2: NewOpcode = X86::POP16r; break; 1212 case 4: NewOpcode = X86::POP32r; break; 1213 case 8: NewOpcode = X86::POP64r; break; 1214 default: 1215 llvm_unreachable("Unexpected size"); 1216 } 1217 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1218 Inst.clear(); 1219 Inst.setOpcode(NewOpcode); 1220 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1221 } else { 1222 MCOperand SrcOpnd = 1223 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1224 if (I.StoreFromReg) { 1225 switch (I.DataSize) { 1226 case 2: NewOpcode = X86::PUSH16r; break; 1227 case 4: NewOpcode = X86::PUSH32r; break; 1228 case 8: NewOpcode = X86::PUSH64r; break; 1229 default: 1230 llvm_unreachable("Unexpected size"); 1231 } 1232 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1233 unsigned RegOpndNum = SrcOpnd.getReg(); 1234 Inst.clear(); 1235 Inst.setOpcode(NewOpcode); 1236 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1237 } else { 1238 switch (I.DataSize) { 1239 case 2: NewOpcode = X86::PUSH16i8; break; 1240 case 4: NewOpcode = X86::PUSH32i8; break; 1241 case 8: NewOpcode = X86::PUSH64i32; break; 1242 default: 1243 llvm_unreachable("Unexpected size"); 1244 } 1245 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1246 int64_t SrcImm = SrcOpnd.getImm(); 1247 Inst.clear(); 1248 Inst.setOpcode(NewOpcode); 1249 Inst.addOperand(MCOperand::createImm(SrcImm)); 1250 } 1251 } 1252 } 1253 1254 bool isStackAdjustment(const MCInst &Inst) const override { 1255 switch (Inst.getOpcode()) { 1256 default: 1257 return false; 1258 case X86::SUB64ri32: 1259 case X86::SUB64ri8: 1260 case X86::ADD64ri32: 1261 case X86::ADD64ri8: 1262 case X86::LEA64r: 1263 break; 1264 } 1265 1266 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1267 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1268 const MCOperand &Operand = Inst.getOperand(I); 1269 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1270 return true; 1271 } 1272 return false; 1273 } 1274 1275 bool 1276 evaluateStackOffsetExpr(const MCInst &Inst, int64_t &Output, 1277 std::pair<MCPhysReg, int64_t> Input1, 1278 std::pair<MCPhysReg, int64_t> Input2) const override { 1279 1280 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1281 if (Reg == Input1.first) 1282 return Input1.second; 1283 if (Reg == Input2.first) 1284 return Input2.second; 1285 return make_error_code(errc::result_out_of_range); 1286 }; 1287 1288 switch (Inst.getOpcode()) { 1289 default: 1290 return false; 1291 1292 case X86::SUB64ri32: 1293 case X86::SUB64ri8: 1294 if (!Inst.getOperand(2).isImm()) 1295 return false; 1296 if (ErrorOr<int64_t> InputVal = 1297 getOperandVal(Inst.getOperand(1).getReg())) 1298 Output = *InputVal - Inst.getOperand(2).getImm(); 1299 else 1300 return false; 1301 break; 1302 case X86::ADD64ri32: 1303 case X86::ADD64ri8: 1304 if (!Inst.getOperand(2).isImm()) 1305 return false; 1306 if (ErrorOr<int64_t> InputVal = 1307 getOperandVal(Inst.getOperand(1).getReg())) 1308 Output = *InputVal + Inst.getOperand(2).getImm(); 1309 else 1310 return false; 1311 break; 1312 case X86::ADD64i32: 1313 if (!Inst.getOperand(0).isImm()) 1314 return false; 1315 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1316 Output = *InputVal + Inst.getOperand(0).getImm(); 1317 else 1318 return false; 1319 break; 1320 1321 case X86::LEA64r: { 1322 unsigned BaseRegNum; 1323 int64_t ScaleValue; 1324 unsigned IndexRegNum; 1325 int64_t DispValue; 1326 unsigned SegRegNum; 1327 const MCExpr *DispExpr = nullptr; 1328 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1329 &IndexRegNum, &DispValue, &SegRegNum, 1330 &DispExpr)) 1331 return false; 1332 1333 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1334 SegRegNum != X86::NoRegister || DispExpr) 1335 return false; 1336 1337 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1338 Output = *InputVal + DispValue; 1339 else 1340 return false; 1341 1342 break; 1343 } 1344 } 1345 return true; 1346 } 1347 1348 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1349 MCPhysReg &To) const override { 1350 switch (Inst.getOpcode()) { 1351 default: 1352 return false; 1353 case X86::LEAVE: 1354 case X86::LEAVE64: 1355 To = getStackPointer(); 1356 From = getFramePointer(); 1357 return true; 1358 case X86::MOV64rr: 1359 To = Inst.getOperand(0).getReg(); 1360 From = Inst.getOperand(1).getReg(); 1361 return true; 1362 } 1363 } 1364 1365 MCPhysReg getStackPointer() const override { return X86::RSP; } 1366 MCPhysReg getFramePointer() const override { return X86::RBP; } 1367 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1368 1369 bool escapesVariable(const MCInst &Inst, 1370 bool HasFramePointer) const override { 1371 int MemOpNo = getMemoryOperandNo(Inst); 1372 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1373 const unsigned NumDefs = MCII.getNumDefs(); 1374 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1375 getAliases(X86::RBP)); 1376 static BitVector SPAliases(getAliases(X86::RSP)); 1377 1378 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1379 // because a lot of harmless prologue code will spill SP to the stack. 1380 // Unless push is clearly pushing an object address to the stack as 1381 // demonstrated by having a MemOp. 1382 bool IsPush = isPush(Inst); 1383 if (IsPush && MemOpNo == -1) 1384 return false; 1385 1386 // We use this to detect LEA (has memop but does not access mem) 1387 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1388 bool DoesLeak = false; 1389 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1390 // Ignore if SP/BP is used to dereference memory -- that's fine 1391 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1392 I <= MemOpNo + 5) 1393 continue; 1394 // Ignore if someone is writing to SP/BP 1395 if (I < static_cast<int>(NumDefs)) 1396 continue; 1397 1398 const MCOperand &Operand = Inst.getOperand(I); 1399 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1400 DoesLeak = true; 1401 break; 1402 } 1403 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1404 DoesLeak = true; 1405 break; 1406 } 1407 } 1408 1409 // If potential leak, check if it is not just writing to itself/sp/bp 1410 if (DoesLeak) { 1411 for (int I = 0, E = NumDefs; I != E; ++I) { 1412 const MCOperand &Operand = Inst.getOperand(I); 1413 if (HasFramePointer && Operand.isReg() && 1414 SPBPAliases[Operand.getReg()]) { 1415 DoesLeak = false; 1416 break; 1417 } 1418 if (!HasFramePointer && Operand.isReg() && 1419 SPAliases[Operand.getReg()]) { 1420 DoesLeak = false; 1421 break; 1422 } 1423 } 1424 } 1425 return DoesLeak; 1426 } 1427 1428 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1429 unsigned ImmOpNo = -1U; 1430 int MemOpNo = getMemoryOperandNo(Inst); 1431 if (MemOpNo != -1) 1432 ImmOpNo = MemOpNo + X86::AddrDisp; 1433 else 1434 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1435 ++Index) 1436 if (Inst.getOperand(Index).isImm()) 1437 ImmOpNo = Index; 1438 if (ImmOpNo == -1U) 1439 return false; 1440 1441 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1442 Amt += Operand.getImm(); 1443 Operand.setImm(Amt); 1444 // Check for the need for relaxation 1445 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1446 return true; 1447 1448 // Relax instruction 1449 switch (Inst.getOpcode()) { 1450 case X86::SUB64ri8: 1451 Inst.setOpcode(X86::SUB64ri32); 1452 break; 1453 case X86::ADD64ri8: 1454 Inst.setOpcode(X86::ADD64ri32); 1455 break; 1456 default: 1457 // No need for relaxation 1458 break; 1459 } 1460 return true; 1461 } 1462 1463 /// TODO: this implementation currently works for the most common opcodes that 1464 /// load from memory. It can be extended to work with memory store opcodes as 1465 /// well as more memory load opcodes. 1466 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1467 uint64_t Offset) const override { 1468 enum CheckSignExt : uint8_t { 1469 NOCHECK = 0, 1470 CHECK8, 1471 CHECK32, 1472 }; 1473 1474 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1475 struct InstInfo { 1476 // Size in bytes that Inst loads from memory. 1477 uint8_t DataSize; 1478 1479 // True when the target operand has to be duplicated because the opcode 1480 // expects a LHS operand. 1481 bool HasLHS; 1482 1483 // List of checks and corresponding opcodes to be used. We try to use the 1484 // smallest possible immediate value when various sizes are available, 1485 // hence we may need to check whether a larger constant fits in a smaller 1486 // immediate. 1487 CheckList Checks; 1488 }; 1489 1490 InstInfo I; 1491 1492 switch (Inst.getOpcode()) { 1493 default: { 1494 switch (getPopSize(Inst)) { 1495 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1496 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1497 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1498 {NOCHECK, X86::MOV64rm}}}; break; 1499 default: return false; 1500 } 1501 break; 1502 } 1503 1504 // MOV 1505 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1506 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1507 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1508 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1509 {NOCHECK, X86::MOV64rm}}}; break; 1510 1511 // MOVZX 1512 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1513 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1514 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1515 1516 // CMP 1517 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1518 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1519 {NOCHECK, X86::CMP16ri}}}; break; 1520 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1521 {NOCHECK, X86::CMP32ri}}}; break; 1522 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1523 {CHECK32, X86::CMP64ri32}, 1524 {NOCHECK, X86::CMP64rm}}}; break; 1525 1526 // TEST 1527 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1528 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1529 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1530 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1531 {NOCHECK, X86::TEST64mr}}}; break; 1532 1533 // ADD 1534 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1535 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1536 {NOCHECK, X86::ADD16ri}}}; break; 1537 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1538 {NOCHECK, X86::ADD32ri}}}; break; 1539 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1540 {CHECK32, X86::ADD64ri32}, 1541 {NOCHECK, X86::ADD64rm}}}; break; 1542 1543 // SUB 1544 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1545 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1546 {NOCHECK, X86::SUB16ri}}}; break; 1547 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1548 {NOCHECK, X86::SUB32ri}}}; break; 1549 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1550 {CHECK32, X86::SUB64ri32}, 1551 {NOCHECK, X86::SUB64rm}}}; break; 1552 1553 // AND 1554 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1555 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1556 {NOCHECK, X86::AND16ri}}}; break; 1557 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1558 {NOCHECK, X86::AND32ri}}}; break; 1559 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1560 {CHECK32, X86::AND64ri32}, 1561 {NOCHECK, X86::AND64rm}}}; break; 1562 1563 // OR 1564 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1565 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1566 {NOCHECK, X86::OR16ri}}}; break; 1567 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1568 {NOCHECK, X86::OR32ri}}}; break; 1569 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1570 {CHECK32, X86::OR64ri32}, 1571 {NOCHECK, X86::OR64rm}}}; break; 1572 1573 // XOR 1574 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1575 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1576 {NOCHECK, X86::XOR16ri}}}; break; 1577 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1578 {NOCHECK, X86::XOR32ri}}}; break; 1579 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1580 {CHECK32, X86::XOR64ri32}, 1581 {NOCHECK, X86::XOR64rm}}}; break; 1582 } 1583 1584 // Compute the immediate value. 1585 assert(Offset + I.DataSize <= ConstantData.size() && 1586 "invalid offset for given constant data"); 1587 int64_t ImmVal = 1588 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1589 1590 // Compute the new opcode. 1591 unsigned NewOpcode = 0; 1592 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1593 NewOpcode = Check.second; 1594 if (Check.first == NOCHECK) 1595 break; 1596 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1597 break; 1598 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1599 break; 1600 } 1601 if (NewOpcode == Inst.getOpcode()) 1602 return false; 1603 1604 // Modify the instruction. 1605 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1606 uint32_t TargetOpNum = 0; 1607 // Test instruction does not follow the regular pattern of putting the 1608 // memory reference of a load (5 MCOperands) last in the list of operands. 1609 // Since it is not modifying the register operand, it is not treated as 1610 // a destination operand and it is not the first operand as it is in the 1611 // other instructions we treat here. 1612 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1613 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1614 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1615 1616 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1617 Inst.clear(); 1618 Inst.setOpcode(NewOpcode); 1619 Inst.addOperand(TargetOp); 1620 if (I.HasLHS) 1621 Inst.addOperand(TargetOp); 1622 Inst.addOperand(ImmOp); 1623 1624 return true; 1625 } 1626 1627 /// TODO: this implementation currently works for the most common opcodes that 1628 /// load from memory. It can be extended to work with memory store opcodes as 1629 /// well as more memory load opcodes. 1630 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1631 unsigned NewOpcode; 1632 1633 switch (Inst.getOpcode()) { 1634 default: { 1635 switch (getPopSize(Inst)) { 1636 case 2: NewOpcode = X86::MOV16rr; break; 1637 case 4: NewOpcode = X86::MOV32rr; break; 1638 case 8: NewOpcode = X86::MOV64rr; break; 1639 default: return false; 1640 } 1641 break; 1642 } 1643 1644 // MOV 1645 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1646 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1647 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1648 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1649 } 1650 1651 // Modify the instruction. 1652 MCOperand RegOp = MCOperand::createReg(RegNum); 1653 MCOperand TargetOp = Inst.getOperand(0); 1654 Inst.clear(); 1655 Inst.setOpcode(NewOpcode); 1656 Inst.addOperand(TargetOp); 1657 Inst.addOperand(RegOp); 1658 1659 return true; 1660 } 1661 1662 bool isRedundantMove(const MCInst &Inst) const override { 1663 switch (Inst.getOpcode()) { 1664 default: 1665 return false; 1666 1667 // MOV 1668 case X86::MOV8rr: 1669 case X86::MOV16rr: 1670 case X86::MOV32rr: 1671 case X86::MOV64rr: 1672 break; 1673 } 1674 1675 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1676 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1677 } 1678 1679 bool requiresAlignedAddress(const MCInst &Inst) const override { 1680 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1681 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1682 const MCOperandInfo &Op = Desc.OpInfo[I]; 1683 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1684 continue; 1685 if (Op.RegClass == X86::VR128RegClassID) 1686 return true; 1687 } 1688 return false; 1689 } 1690 1691 bool convertJmpToTailCall(MCInst &Inst) override { 1692 if (isTailCall(Inst)) 1693 return false; 1694 1695 int NewOpcode; 1696 switch (Inst.getOpcode()) { 1697 default: 1698 return false; 1699 case X86::JMP_1: 1700 case X86::JMP_2: 1701 case X86::JMP_4: 1702 NewOpcode = X86::JMP_4; 1703 break; 1704 case X86::JMP16m: 1705 case X86::JMP32m: 1706 case X86::JMP64m: 1707 NewOpcode = X86::JMP32m; 1708 break; 1709 case X86::JMP16r: 1710 case X86::JMP32r: 1711 case X86::JMP64r: 1712 NewOpcode = X86::JMP32r; 1713 break; 1714 } 1715 1716 Inst.setOpcode(NewOpcode); 1717 setTailCall(Inst); 1718 return true; 1719 } 1720 1721 bool convertTailCallToJmp(MCInst &Inst) override { 1722 int NewOpcode; 1723 switch (Inst.getOpcode()) { 1724 default: 1725 return false; 1726 case X86::JMP_4: 1727 NewOpcode = X86::JMP_1; 1728 break; 1729 case X86::JMP32m: 1730 NewOpcode = X86::JMP64m; 1731 break; 1732 case X86::JMP32r: 1733 NewOpcode = X86::JMP64r; 1734 break; 1735 } 1736 1737 Inst.setOpcode(NewOpcode); 1738 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1739 clearOffset(Inst); 1740 return true; 1741 } 1742 1743 bool convertTailCallToCall(MCInst &Inst) override { 1744 int NewOpcode; 1745 switch (Inst.getOpcode()) { 1746 default: 1747 return false; 1748 case X86::JMP_4: 1749 NewOpcode = X86::CALL64pcrel32; 1750 break; 1751 case X86::JMP32m: 1752 NewOpcode = X86::CALL64m; 1753 break; 1754 case X86::JMP32r: 1755 NewOpcode = X86::CALL64r; 1756 break; 1757 } 1758 1759 Inst.setOpcode(NewOpcode); 1760 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1761 return true; 1762 } 1763 1764 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1765 MCContext *Ctx) override { 1766 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 1767 (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst))) && 1768 "64-bit direct (tail) call instruction expected"); 1769 const auto NewOpcode = 1770 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 1771 Inst.setOpcode(NewOpcode); 1772 1773 // Replace the first operand and preserve auxiliary operands of 1774 // the instruction. 1775 Inst.erase(Inst.begin()); 1776 Inst.insert(Inst.begin(), 1777 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 1778 Inst.insert(Inst.begin(), 1779 MCOperand::createExpr( // Displacement 1780 MCSymbolRefExpr::create(TargetLocation, 1781 MCSymbolRefExpr::VK_None, *Ctx))); 1782 Inst.insert(Inst.begin(), 1783 MCOperand::createReg(X86::NoRegister)); // IndexReg 1784 Inst.insert(Inst.begin(), 1785 MCOperand::createImm(1)); // ScaleAmt 1786 Inst.insert(Inst.begin(), 1787 MCOperand::createReg(X86::RIP)); // BaseReg 1788 1789 return true; 1790 } 1791 1792 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 1793 bool IsTailCall = isTailCall(Inst); 1794 if (IsTailCall) 1795 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1796 if (Inst.getOpcode() == X86::CALL64m || 1797 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 1798 Inst.setOpcode(X86::MOV64rm); 1799 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1800 return; 1801 } 1802 if (Inst.getOpcode() == X86::CALL64r || 1803 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 1804 Inst.setOpcode(X86::MOV64rr); 1805 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1806 return; 1807 } 1808 LLVM_DEBUG(Inst.dump()); 1809 llvm_unreachable("not implemented"); 1810 } 1811 1812 bool shortenInstruction(MCInst &Inst, 1813 const MCSubtargetInfo &STI) const override { 1814 unsigned OldOpcode = Inst.getOpcode(); 1815 unsigned NewOpcode = OldOpcode; 1816 1817 int MemOpNo = getMemoryOperandNo(Inst); 1818 1819 // Check and remove redundant Address-Size override prefix. 1820 if (opts::X86StripRedundantAddressSize) { 1821 uint64_t TSFlags = Info->get(OldOpcode).TSFlags; 1822 unsigned Flags = Inst.getFlags(); 1823 1824 if (!X86_MC::needsAddressSizeOverride(Inst, STI, MemOpNo, TSFlags) && 1825 Flags & X86::IP_HAS_AD_SIZE) 1826 Inst.setFlags(Flags ^ X86::IP_HAS_AD_SIZE); 1827 } 1828 1829 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where 1830 // SIB byte is present, but no index is used and modrm alone should have 1831 // been enough. Converting to NoRegister effectively removes the SIB byte. 1832 if (MemOpNo >= 0) { 1833 MCOperand &IndexOp = 1834 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 1835 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 1836 IndexOp = MCOperand::createReg(X86::NoRegister); 1837 } 1838 1839 if (isBranch(Inst)) { 1840 NewOpcode = getShortBranchOpcode(OldOpcode); 1841 } else if (OldOpcode == X86::MOV64ri) { 1842 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1843 const int64_t Imm = 1844 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1845 if (int64_t(Imm) == int64_t(int32_t(Imm))) 1846 NewOpcode = X86::MOV64ri32; 1847 } 1848 } else { 1849 // If it's arithmetic instruction check if signed operand fits in 1 byte. 1850 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 1851 if (ShortOpcode != OldOpcode && 1852 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1853 int64_t Imm = 1854 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1855 if (int64_t(Imm) == int64_t(int8_t(Imm))) 1856 NewOpcode = ShortOpcode; 1857 } 1858 } 1859 1860 if (NewOpcode == OldOpcode) 1861 return false; 1862 1863 Inst.setOpcode(NewOpcode); 1864 return true; 1865 } 1866 1867 bool 1868 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 1869 bool AllowBasePtrStackMemOp) const override { 1870 // - Register-register moves are OK 1871 // - Stores are filtered out by opcode (no store CMOV) 1872 // - Non-stack loads are prohibited (generally unsafe) 1873 // - Stack loads are OK if AllowStackMemOp is true 1874 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 1875 if (isLoad(Inst)) { 1876 // If stack memory operands are not allowed, no loads are allowed 1877 if (!AllowStackMemOp) 1878 return false; 1879 1880 // If stack memory operands are allowed, check if it's a load from stack 1881 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 1882 MCPhysReg Reg; 1883 int32_t SrcImm; 1884 uint16_t StackPtrReg; 1885 int64_t StackOffset; 1886 uint8_t Size; 1887 bool IsStackAccess = 1888 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 1889 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 1890 // Prohibit non-stack-based loads 1891 if (!IsStackAccess) 1892 return false; 1893 // If stack memory operands are allowed, check if it's RBP-based 1894 if (!AllowBasePtrStackMemOp && 1895 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 1896 return false; 1897 } 1898 1899 unsigned NewOpcode = 0; 1900 switch (Inst.getOpcode()) { 1901 case X86::MOV16rr: 1902 NewOpcode = X86::CMOV16rr; 1903 break; 1904 case X86::MOV16rm: 1905 NewOpcode = X86::CMOV16rm; 1906 break; 1907 case X86::MOV32rr: 1908 NewOpcode = X86::CMOV32rr; 1909 break; 1910 case X86::MOV32rm: 1911 NewOpcode = X86::CMOV32rm; 1912 break; 1913 case X86::MOV64rr: 1914 NewOpcode = X86::CMOV64rr; 1915 break; 1916 case X86::MOV64rm: 1917 NewOpcode = X86::CMOV64rm; 1918 break; 1919 default: 1920 return false; 1921 } 1922 Inst.setOpcode(NewOpcode); 1923 // Insert CC at the end of prime operands, before annotations 1924 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 1925 MCOperand::createImm(CC)); 1926 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 1927 Inst.insert(Inst.begin(), Inst.getOperand(0)); 1928 return true; 1929 } 1930 1931 bool lowerTailCall(MCInst &Inst) override { 1932 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 1933 Inst.setOpcode(X86::JMP_1); 1934 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1935 return true; 1936 } 1937 return false; 1938 } 1939 1940 const MCSymbol *getTargetSymbol(const MCInst &Inst, 1941 unsigned OpNum = 0) const override { 1942 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 1943 return nullptr; 1944 1945 const MCOperand &Op = Inst.getOperand(OpNum); 1946 if (!Op.isExpr()) 1947 return nullptr; 1948 1949 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 1950 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 1951 return nullptr; 1952 1953 return &SymExpr->getSymbol(); 1954 } 1955 1956 // This is the same as the base class, but since we are overriding one of 1957 // getTargetSymbol's signatures above, we need to override all of them. 1958 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 1959 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 1960 } 1961 1962 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 1963 const MCSymbol *&TBB, const MCSymbol *&FBB, 1964 MCInst *&CondBranch, 1965 MCInst *&UncondBranch) const override { 1966 auto I = End; 1967 1968 // Bottom-up analysis 1969 while (I != Begin) { 1970 --I; 1971 1972 // Ignore nops and CFIs 1973 if (isPseudo(*I)) 1974 continue; 1975 1976 // Stop when we find the first non-terminator 1977 if (!isTerminator(*I)) 1978 break; 1979 1980 if (!isBranch(*I)) 1981 break; 1982 1983 // Handle unconditional branches. 1984 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 1985 I->getOpcode() == X86::JMP_4) && 1986 !isTailCall(*I)) { 1987 // If any code was seen after this unconditional branch, we've seen 1988 // unreachable code. Ignore them. 1989 CondBranch = nullptr; 1990 UncondBranch = &*I; 1991 const MCSymbol *Sym = getTargetSymbol(*I); 1992 assert(Sym != nullptr && 1993 "Couldn't extract BB symbol from jump operand"); 1994 TBB = Sym; 1995 continue; 1996 } 1997 1998 // Handle conditional branches and ignore indirect branches 1999 if (!isUnsupportedBranch(I->getOpcode()) && 2000 getCondCode(*I) == X86::COND_INVALID) { 2001 // Indirect branch 2002 return false; 2003 } 2004 2005 if (CondBranch == nullptr) { 2006 const MCSymbol *TargetBB = getTargetSymbol(*I); 2007 if (TargetBB == nullptr) { 2008 // Unrecognized branch target 2009 return false; 2010 } 2011 FBB = TBB; 2012 TBB = TargetBB; 2013 CondBranch = &*I; 2014 continue; 2015 } 2016 2017 llvm_unreachable("multiple conditional branches in one BB"); 2018 } 2019 return true; 2020 } 2021 2022 template <typename Itr> 2023 std::pair<IndirectBranchType, MCInst *> 2024 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2025 // Analyze PIC-style jump table code template: 2026 // 2027 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2028 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2029 // add %r2, %r1 2030 // jmp *%r1 2031 // 2032 // (with any irrelevant instructions in-between) 2033 // 2034 // When we call this helper we've already determined %r1 and %r2, and 2035 // reverse instruction iterator \p II is pointing to the ADD instruction. 2036 // 2037 // PIC jump table looks like following: 2038 // 2039 // JT: ---------- 2040 // E1:| L1 - JT | 2041 // |----------| 2042 // E2:| L2 - JT | 2043 // |----------| 2044 // | | 2045 // ...... 2046 // En:| Ln - JT | 2047 // ---------- 2048 // 2049 // Where L1, L2, ..., Ln represent labels in the function. 2050 // 2051 // The actual relocations in the table will be of the form: 2052 // 2053 // Ln - JT 2054 // = (Ln - En) + (En - JT) 2055 // = R_X86_64_PC32(Ln) + En - JT 2056 // = R_X86_64_PC32(Ln + offsetof(En)) 2057 // 2058 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2059 MCInst *MemLocInstr = nullptr; 2060 const MCInst *MovInstr = nullptr; 2061 while (++II != IE) { 2062 MCInst &Instr = *II; 2063 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2064 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2065 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2066 // Ignore instructions that don't affect R1, R2 registers. 2067 continue; 2068 } 2069 if (!MovInstr) { 2070 // Expect to see MOV instruction. 2071 if (!isMOVSX64rm32(Instr)) { 2072 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2073 break; 2074 } 2075 2076 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2077 // If it sets %r1 - rename the registers so we have to only check 2078 // a single form. 2079 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2080 if (MovDestReg != R2) 2081 std::swap(R1, R2); 2082 if (MovDestReg != R2) { 2083 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2084 break; 2085 } 2086 2087 // Verify operands for MOV. 2088 unsigned BaseRegNum; 2089 int64_t ScaleValue; 2090 unsigned IndexRegNum; 2091 int64_t DispValue; 2092 unsigned SegRegNum; 2093 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2094 &IndexRegNum, &DispValue, &SegRegNum)) 2095 break; 2096 if (BaseRegNum != R1 || ScaleValue != 4 || 2097 IndexRegNum == X86::NoRegister || DispValue != 0 || 2098 SegRegNum != X86::NoRegister) 2099 break; 2100 MovInstr = &Instr; 2101 } else { 2102 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2103 continue; 2104 if (!isLEA64r(Instr)) { 2105 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2106 break; 2107 } 2108 if (Instr.getOperand(0).getReg() != R1) { 2109 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2110 break; 2111 } 2112 2113 // Verify operands for LEA. 2114 unsigned BaseRegNum; 2115 int64_t ScaleValue; 2116 unsigned IndexRegNum; 2117 const MCExpr *DispExpr = nullptr; 2118 int64_t DispValue; 2119 unsigned SegRegNum; 2120 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2121 &IndexRegNum, &DispValue, &SegRegNum, 2122 &DispExpr)) 2123 break; 2124 if (BaseRegNum != RegInfo->getProgramCounter() || 2125 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2126 DispExpr == nullptr) 2127 break; 2128 MemLocInstr = &Instr; 2129 break; 2130 } 2131 } 2132 2133 if (!MemLocInstr) 2134 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2135 2136 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2137 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2138 MemLocInstr); 2139 } 2140 2141 IndirectBranchType analyzeIndirectBranch( 2142 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2143 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2144 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2145 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2146 // Try to find a (base) memory location from where the address for 2147 // the indirect branch is loaded. For X86-64 the memory will be specified 2148 // in the following format: 2149 // 2150 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2151 // 2152 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2153 // the contents of the memory are presumably an array of pointers to code. 2154 // 2155 // Normal jump table: 2156 // 2157 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2158 // 2159 // or 2160 // 2161 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2162 // ... 2163 // jmp %r1 2164 // 2165 // We handle PIC-style jump tables separately. 2166 // 2167 MemLocInstrOut = nullptr; 2168 BaseRegNumOut = X86::NoRegister; 2169 IndexRegNumOut = X86::NoRegister; 2170 DispValueOut = 0; 2171 DispExprOut = nullptr; 2172 2173 std::reverse_iterator<InstructionIterator> II(End); 2174 std::reverse_iterator<InstructionIterator> IE(Begin); 2175 2176 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2177 2178 // An instruction referencing memory used by jump instruction (directly or 2179 // via register). This location could be an array of function pointers 2180 // in case of indirect tail call, or a jump table. 2181 MCInst *MemLocInstr = nullptr; 2182 2183 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2184 // If the indirect jump is on register - try to detect if the 2185 // register value is loaded from a memory location. 2186 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2187 const unsigned R1 = Instruction.getOperand(0).getReg(); 2188 // Check if one of the previous instructions defines the jump-on register. 2189 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2190 MCInst &PrevInstr = *PrevII; 2191 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2192 2193 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2194 continue; 2195 2196 if (isMoveMem2Reg(PrevInstr)) { 2197 MemLocInstr = &PrevInstr; 2198 break; 2199 } 2200 if (isADD64rr(PrevInstr)) { 2201 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2202 if (R1 == R2) 2203 return IndirectBranchType::UNKNOWN; 2204 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2205 break; 2206 } 2207 return IndirectBranchType::UNKNOWN; 2208 } 2209 if (!MemLocInstr) { 2210 // No definition seen for the register in this function so far. Could be 2211 // an input parameter - which means it is an external code reference. 2212 // It also could be that the definition happens to be in the code that 2213 // we haven't processed yet. Since we have to be conservative, return 2214 // as UNKNOWN case. 2215 return IndirectBranchType::UNKNOWN; 2216 } 2217 } else { 2218 MemLocInstr = &Instruction; 2219 } 2220 2221 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2222 2223 // Analyze the memory location. 2224 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2225 int64_t ScaleValue, DispValue; 2226 const MCExpr *DispExpr; 2227 2228 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2229 &IndexRegNum, &DispValue, &SegRegNum, 2230 &DispExpr)) 2231 return IndirectBranchType::UNKNOWN; 2232 2233 BaseRegNumOut = BaseRegNum; 2234 IndexRegNumOut = IndexRegNum; 2235 DispValueOut = DispValue; 2236 DispExprOut = DispExpr; 2237 2238 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2239 SegRegNum != X86::NoRegister) 2240 return IndirectBranchType::UNKNOWN; 2241 2242 if (MemLocInstr == &Instruction && 2243 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2244 MemLocInstrOut = MemLocInstr; 2245 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2246 } 2247 2248 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2249 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2250 return IndirectBranchType::UNKNOWN; 2251 2252 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2253 ScaleValue != PtrSize) 2254 return IndirectBranchType::UNKNOWN; 2255 2256 MemLocInstrOut = MemLocInstr; 2257 2258 return Type; 2259 } 2260 2261 /// Analyze a callsite to see if it could be a virtual method call. This only 2262 /// checks to see if the overall pattern is satisfied, it does not guarantee 2263 /// that the callsite is a true virtual method call. 2264 /// The format of virtual method calls that are recognized is one of the 2265 /// following: 2266 /// 2267 /// Form 1: (found in debug code) 2268 /// add METHOD_OFFSET, %VtableReg 2269 /// mov (%VtableReg), %MethodReg 2270 /// ... 2271 /// call or jmp *%MethodReg 2272 /// 2273 /// Form 2: 2274 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2275 /// ... 2276 /// call or jmp *%MethodReg 2277 /// 2278 /// Form 3: 2279 /// ... 2280 /// call or jmp *METHOD_OFFSET(%VtableReg) 2281 /// 2282 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2283 InstructionIterator ForwardEnd, 2284 std::vector<MCInst *> &MethodFetchInsns, 2285 unsigned &VtableRegNum, unsigned &MethodRegNum, 2286 uint64_t &MethodOffset) const override { 2287 VtableRegNum = X86::NoRegister; 2288 MethodRegNum = X86::NoRegister; 2289 MethodOffset = 0; 2290 2291 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2292 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2293 2294 MCInst &CallInst = *Itr++; 2295 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2296 2297 unsigned BaseReg, IndexReg, SegmentReg; 2298 int64_t Scale, Disp; 2299 const MCExpr *DispExpr; 2300 2301 // The call can just be jmp offset(reg) 2302 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2303 &SegmentReg, &DispExpr)) { 2304 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2305 BaseReg != X86::NoRegister) { 2306 MethodRegNum = BaseReg; 2307 if (Scale == 1 && IndexReg == X86::NoRegister && 2308 SegmentReg == X86::NoRegister) { 2309 VtableRegNum = MethodRegNum; 2310 MethodOffset = Disp; 2311 MethodFetchInsns.push_back(&CallInst); 2312 return true; 2313 } 2314 } 2315 return false; 2316 } 2317 if (CallInst.getOperand(0).isReg()) 2318 MethodRegNum = CallInst.getOperand(0).getReg(); 2319 else 2320 return false; 2321 2322 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2323 VtableRegNum = X86::NoRegister; 2324 MethodRegNum = X86::NoRegister; 2325 return false; 2326 } 2327 2328 // find load from vtable, this may or may not include the method offset 2329 while (Itr != End) { 2330 MCInst &CurInst = *Itr++; 2331 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2332 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2333 if (isLoad(CurInst) && 2334 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2335 &Disp, &SegmentReg, &DispExpr)) { 2336 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2337 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2338 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2339 BaseReg != X86::RIP) { 2340 VtableRegNum = BaseReg; 2341 MethodOffset = Disp; 2342 MethodFetchInsns.push_back(&CurInst); 2343 if (MethodOffset != 0) 2344 return true; 2345 break; 2346 } 2347 } 2348 return false; 2349 } 2350 } 2351 2352 if (!VtableRegNum) 2353 return false; 2354 2355 // look for any adds affecting the method register. 2356 while (Itr != End) { 2357 MCInst &CurInst = *Itr++; 2358 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2359 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2360 if (isADDri(CurInst)) { 2361 assert(!MethodOffset); 2362 MethodOffset = CurInst.getOperand(2).getImm(); 2363 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2364 break; 2365 } 2366 } 2367 } 2368 2369 return true; 2370 } 2371 2372 bool createStackPointerIncrement(MCInst &Inst, int Size, 2373 bool NoFlagsClobber) const override { 2374 if (NoFlagsClobber) { 2375 Inst.setOpcode(X86::LEA64r); 2376 Inst.clear(); 2377 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2378 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2379 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2380 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2381 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2382 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2383 return true; 2384 } 2385 Inst.setOpcode(X86::SUB64ri8); 2386 Inst.clear(); 2387 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2388 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2389 Inst.addOperand(MCOperand::createImm(Size)); 2390 return true; 2391 } 2392 2393 bool createStackPointerDecrement(MCInst &Inst, int Size, 2394 bool NoFlagsClobber) const override { 2395 if (NoFlagsClobber) { 2396 Inst.setOpcode(X86::LEA64r); 2397 Inst.clear(); 2398 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2399 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2400 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2401 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2402 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2403 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2404 return true; 2405 } 2406 Inst.setOpcode(X86::ADD64ri8); 2407 Inst.clear(); 2408 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2409 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2410 Inst.addOperand(MCOperand::createImm(Size)); 2411 return true; 2412 } 2413 2414 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2415 const MCPhysReg &SrcReg, int Size) const override { 2416 unsigned NewOpcode; 2417 switch (Size) { 2418 default: 2419 return false; 2420 case 2: NewOpcode = X86::MOV16mr; break; 2421 case 4: NewOpcode = X86::MOV32mr; break; 2422 case 8: NewOpcode = X86::MOV64mr; break; 2423 } 2424 Inst.setOpcode(NewOpcode); 2425 Inst.clear(); 2426 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2427 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2428 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2429 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2430 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2431 Inst.addOperand(MCOperand::createReg(SrcReg)); 2432 return true; 2433 } 2434 2435 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2436 int Offset, const MCPhysReg &DstReg, 2437 int Size) const override { 2438 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2439 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2440 DstReg, Size); 2441 } 2442 2443 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2444 const MCPhysReg &IndexReg, int64_t Offset, 2445 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2446 const MCPhysReg &DstReg, int Size) const override { 2447 unsigned NewOpcode; 2448 switch (Size) { 2449 default: 2450 return false; 2451 case 2: NewOpcode = X86::MOV16rm; break; 2452 case 4: NewOpcode = X86::MOV32rm; break; 2453 case 8: NewOpcode = X86::MOV64rm; break; 2454 } 2455 Inst.setOpcode(NewOpcode); 2456 Inst.clear(); 2457 Inst.addOperand(MCOperand::createReg(DstReg)); 2458 Inst.addOperand(MCOperand::createReg(BaseReg)); 2459 Inst.addOperand(MCOperand::createImm(Scale)); 2460 Inst.addOperand(MCOperand::createReg(IndexReg)); 2461 if (OffsetExpr) 2462 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2463 else 2464 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2465 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2466 return true; 2467 } 2468 2469 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2470 uint32_t Imm) const override { 2471 Inst.setOpcode(X86::MOV64ri32); 2472 Inst.clear(); 2473 Inst.addOperand(MCOperand::createReg(Dest)); 2474 Inst.addOperand(MCOperand::createImm(Imm)); 2475 } 2476 2477 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2478 MCContext *Ctx) const override { 2479 2480 Inst.setOpcode(X86::LOCK_INC64m); 2481 Inst.clear(); 2482 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2483 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2484 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2485 2486 Inst.addOperand(MCOperand::createExpr( 2487 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2488 *Ctx))); // Displacement 2489 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2490 return true; 2491 } 2492 2493 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2494 const MCOperand &BaseReg, const MCOperand &Scale, 2495 const MCOperand &IndexReg, const MCOperand &Offset, 2496 const MCOperand &TmpReg) const override { 2497 // The code fragment we emit here is: 2498 // 2499 // mov32 (%base, %index, scale), %tmpreg 2500 // ijmp *(%tmpreg) 2501 // 2502 MCInst IJmp; 2503 IJmp.setOpcode(X86::JMP64r); 2504 IJmp.addOperand(TmpReg); 2505 2506 MCInst Load; 2507 Load.setOpcode(X86::MOV32rm); 2508 Load.addOperand(TmpReg); 2509 Load.addOperand(BaseReg); 2510 Load.addOperand(Scale); 2511 Load.addOperand(IndexReg); 2512 Load.addOperand(Offset); 2513 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2514 2515 Insts.push_back(Load); 2516 Insts.push_back(IJmp); 2517 return true; 2518 } 2519 2520 bool createNoop(MCInst &Inst) const override { 2521 Inst.setOpcode(X86::NOOP); 2522 return true; 2523 } 2524 2525 bool createReturn(MCInst &Inst) const override { 2526 Inst.setOpcode(X86::RET64); 2527 return true; 2528 } 2529 2530 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2531 InstructionListType Code; 2532 if (ReturnEnd) 2533 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2534 .addReg(X86::RAX) 2535 .addReg(X86::RDI) 2536 .addImm(1) 2537 .addReg(X86::RDX) 2538 .addImm(0) 2539 .addReg(X86::NoRegister)); 2540 else 2541 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2542 .addReg(X86::RAX) 2543 .addReg(X86::RDI)); 2544 2545 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2546 .addReg(X86::ECX) 2547 .addReg(X86::EDX)); 2548 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2549 2550 return Code; 2551 } 2552 2553 InstructionListType createOneByteMemcpy() const override { 2554 InstructionListType Code; 2555 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2556 .addReg(X86::CL) 2557 .addReg(X86::RSI) 2558 .addImm(0) 2559 .addReg(X86::NoRegister) 2560 .addImm(0) 2561 .addReg(X86::NoRegister)); 2562 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2563 .addReg(X86::RDI) 2564 .addImm(0) 2565 .addReg(X86::NoRegister) 2566 .addImm(0) 2567 .addReg(X86::NoRegister) 2568 .addReg(X86::CL)); 2569 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2570 .addReg(X86::RAX) 2571 .addReg(X86::RDI)); 2572 return Code; 2573 } 2574 2575 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2576 const MCSymbol *Target, 2577 MCContext *Ctx) const override { 2578 InstructionListType Code; 2579 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2580 .addReg(RegNo) 2581 .addImm(Imm)); 2582 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2583 .addExpr(MCSymbolRefExpr::create( 2584 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2585 .addImm(X86::COND_E)); 2586 return Code; 2587 } 2588 2589 Optional<Relocation> 2590 createRelocation(const MCFixup &Fixup, 2591 const MCAsmBackend &MAB) const override { 2592 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2593 2594 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2595 const uint64_t RelOffset = Fixup.getOffset(); 2596 2597 uint64_t RelType; 2598 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2599 switch (FKI.TargetSize) { 2600 default: 2601 return NoneType(); 2602 case 8: RelType = ELF::R_X86_64_PC8; break; 2603 case 16: RelType = ELF::R_X86_64_PC16; break; 2604 case 32: RelType = ELF::R_X86_64_PC32; break; 2605 case 64: RelType = ELF::R_X86_64_PC64; break; 2606 } 2607 } else { 2608 switch (FKI.TargetSize) { 2609 default: 2610 return NoneType(); 2611 case 8: RelType = ELF::R_X86_64_8; break; 2612 case 16: RelType = ELF::R_X86_64_16; break; 2613 case 32: RelType = ELF::R_X86_64_32; break; 2614 case 64: RelType = ELF::R_X86_64_64; break; 2615 } 2616 } 2617 2618 // Extract a symbol and an addend out of the fixup value expression. 2619 // 2620 // Only the following limited expression types are supported: 2621 // Symbol + Addend 2622 // Symbol 2623 uint64_t Addend = 0; 2624 MCSymbol *Symbol = nullptr; 2625 const MCExpr *ValueExpr = Fixup.getValue(); 2626 if (ValueExpr->getKind() == MCExpr::Binary) { 2627 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2628 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2629 "unexpected binary expression"); 2630 const MCExpr *LHS = BinaryExpr->getLHS(); 2631 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2632 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2633 const MCExpr *RHS = BinaryExpr->getRHS(); 2634 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2635 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2636 } else { 2637 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2638 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2639 } 2640 2641 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2642 } 2643 2644 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2645 int64_t Addend, MCContext *Ctx, int64_t &Value, 2646 uint64_t RelType) const override { 2647 unsigned ImmOpNo = -1U; 2648 2649 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2650 ++Index) { 2651 if (Inst.getOperand(Index).isImm()) { 2652 ImmOpNo = Index; 2653 // TODO: this is a bit hacky. It finds the correct operand by 2654 // searching for a specific immediate value. If no value is 2655 // provided it defaults to the last immediate operand found. 2656 // This could lead to unexpected results if the instruction 2657 // has more than one immediate with the same value. 2658 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2659 break; 2660 } 2661 } 2662 2663 if (ImmOpNo == -1U) 2664 return false; 2665 2666 Value = Inst.getOperand(ImmOpNo).getImm(); 2667 2668 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2669 2670 return true; 2671 } 2672 2673 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2674 int64_t Imm) const override { 2675 2676 enum CheckSignExt : uint8_t { 2677 NOCHECK = 0, 2678 CHECK8, 2679 CHECK32, 2680 }; 2681 2682 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2683 struct InstInfo { 2684 // Size in bytes that Inst loads from memory. 2685 uint8_t DataSize; 2686 2687 // True when the target operand has to be duplicated because the opcode 2688 // expects a LHS operand. 2689 bool HasLHS; 2690 2691 // List of checks and corresponding opcodes to be used. We try to use the 2692 // smallest possible immediate value when various sizes are available, 2693 // hence we may need to check whether a larger constant fits in a smaller 2694 // immediate. 2695 CheckList Checks; 2696 }; 2697 2698 InstInfo I; 2699 2700 switch (Inst.getOpcode()) { 2701 default: { 2702 switch (getPushSize(Inst)) { 2703 2704 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2705 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2706 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2707 {CHECK32, X86::PUSH64i32}, 2708 {NOCHECK, Inst.getOpcode()}}}; break; 2709 default: return false; 2710 } 2711 break; 2712 } 2713 2714 // MOV 2715 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2716 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2717 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2718 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2719 {NOCHECK, X86::MOV64ri}}}; break; 2720 2721 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2722 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2723 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2724 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2725 {NOCHECK, X86::MOV64mr}}}; break; 2726 2727 // MOVZX 2728 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2729 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2730 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2731 2732 // CMP 2733 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2734 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2735 {NOCHECK, X86::CMP16ri}}}; break; 2736 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2737 {NOCHECK, X86::CMP32ri}}}; break; 2738 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2739 {CHECK32, X86::CMP64ri32}, 2740 {NOCHECK, X86::CMP64rr}}}; break; 2741 2742 // TEST 2743 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2744 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2745 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2746 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2747 {NOCHECK, X86::TEST64rr}}}; break; 2748 2749 // ADD 2750 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2751 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2752 {NOCHECK, X86::ADD16ri}}}; break; 2753 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2754 {NOCHECK, X86::ADD32ri}}}; break; 2755 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2756 {CHECK32, X86::ADD64ri32}, 2757 {NOCHECK, X86::ADD64rr}}}; break; 2758 2759 // SUB 2760 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2761 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2762 {NOCHECK, X86::SUB16ri}}}; break; 2763 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2764 {NOCHECK, X86::SUB32ri}}}; break; 2765 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2766 {CHECK32, X86::SUB64ri32}, 2767 {NOCHECK, X86::SUB64rr}}}; break; 2768 2769 // AND 2770 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2771 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2772 {NOCHECK, X86::AND16ri}}}; break; 2773 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2774 {NOCHECK, X86::AND32ri}}}; break; 2775 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2776 {CHECK32, X86::AND64ri32}, 2777 {NOCHECK, X86::AND64rr}}}; break; 2778 2779 // OR 2780 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2781 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2782 {NOCHECK, X86::OR16ri}}}; break; 2783 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2784 {NOCHECK, X86::OR32ri}}}; break; 2785 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2786 {CHECK32, X86::OR64ri32}, 2787 {NOCHECK, X86::OR64rr}}}; break; 2788 2789 // XOR 2790 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2791 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2792 {NOCHECK, X86::XOR16ri}}}; break; 2793 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 2794 {NOCHECK, X86::XOR32ri}}}; break; 2795 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 2796 {CHECK32, X86::XOR64ri32}, 2797 {NOCHECK, X86::XOR64rr}}}; break; 2798 } 2799 2800 // Compute the new opcode. 2801 unsigned NewOpcode = 0; 2802 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 2803 NewOpcode = Check.second; 2804 if (Check.first == NOCHECK) 2805 break; 2806 if (Check.first == CHECK8 && isInt<8>(Imm)) 2807 break; 2808 if (Check.first == CHECK32 && isInt<32>(Imm)) 2809 break; 2810 } 2811 if (NewOpcode == Inst.getOpcode()) 2812 return false; 2813 2814 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2815 2816 unsigned NumFound = 0; 2817 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 2818 E = InstDesc.getNumOperands(); 2819 Index != E; ++Index) 2820 if (Inst.getOperand(Index).isReg() && 2821 Inst.getOperand(Index).getReg() == Register) 2822 NumFound++; 2823 2824 if (NumFound != 1) 2825 return false; 2826 2827 MCOperand TargetOp = Inst.getOperand(0); 2828 Inst.clear(); 2829 Inst.setOpcode(NewOpcode); 2830 Inst.addOperand(TargetOp); 2831 if (I.HasLHS) 2832 Inst.addOperand(TargetOp); 2833 Inst.addOperand(MCOperand::createImm(Imm)); 2834 2835 return true; 2836 } 2837 2838 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 2839 unsigned ReplaceWith) const override { 2840 2841 // Get the HasLHS value so that iteration can be done 2842 bool HasLHS; 2843 if (X86::isAND(Inst.getOpcode()) || X86::isADD(Inst.getOpcode()) || 2844 X86::isSUB(Inst.getOpcode())) { 2845 HasLHS = true; 2846 } else if (isPop(Inst) || isPush(Inst) || X86::isCMP(Inst.getOpcode()) || 2847 X86::isTEST(Inst.getOpcode())) { 2848 HasLHS = false; 2849 } else { 2850 switch (Inst.getOpcode()) { 2851 case X86::MOV8rr: 2852 case X86::MOV8rm: 2853 case X86::MOV8mr: 2854 case X86::MOV8ri: 2855 case X86::MOV16rr: 2856 case X86::MOV16rm: 2857 case X86::MOV16mr: 2858 case X86::MOV16ri: 2859 case X86::MOV32rr: 2860 case X86::MOV32rm: 2861 case X86::MOV32mr: 2862 case X86::MOV32ri: 2863 case X86::MOV64rr: 2864 case X86::MOV64rm: 2865 case X86::MOV64mr: 2866 case X86::MOV64ri: 2867 case X86::MOVZX16rr8: 2868 case X86::MOVZX32rr8: 2869 case X86::MOVZX32rr16: 2870 case X86::MOVSX32rm8: 2871 case X86::MOVSX32rr8: 2872 case X86::MOVSX64rm32: 2873 case X86::LEA64r: 2874 HasLHS = false; 2875 break; 2876 default: 2877 return false; 2878 } 2879 } 2880 2881 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2882 2883 bool FoundOne = false; 2884 2885 // Iterate only through src operands that arent also dest operands 2886 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 2887 E = InstDesc.getNumOperands(); 2888 Index != E; ++Index) { 2889 BitVector RegAliases = getAliases(ToReplace, true); 2890 if (!Inst.getOperand(Index).isReg() || 2891 !RegAliases.test(Inst.getOperand(Index).getReg())) 2892 continue; 2893 // Resize register if needed 2894 unsigned SizedReplaceWith = getAliasSized( 2895 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 2896 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 2897 Inst.getOperand(Index) = NewOperand; 2898 FoundOne = true; 2899 } 2900 2901 // Return true if at least one operand was replaced 2902 return FoundOne; 2903 } 2904 2905 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 2906 MCContext *Ctx) const override { 2907 Inst.setOpcode(X86::JMP_1); 2908 Inst.addOperand(MCOperand::createExpr( 2909 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 2910 return true; 2911 } 2912 2913 bool createCall(MCInst &Inst, const MCSymbol *Target, 2914 MCContext *Ctx) override { 2915 Inst.setOpcode(X86::CALL64pcrel32); 2916 Inst.addOperand(MCOperand::createExpr( 2917 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2918 return true; 2919 } 2920 2921 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 2922 MCContext *Ctx) override { 2923 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 2924 } 2925 2926 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 2927 MCContext *Ctx) override { 2928 Seq.clear(); 2929 Seq.emplace_back(); 2930 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 2931 } 2932 2933 bool createTrap(MCInst &Inst) const override { 2934 Inst.clear(); 2935 Inst.setOpcode(X86::TRAP); 2936 return true; 2937 } 2938 2939 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 2940 MCContext *Ctx) const override { 2941 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 2942 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 2943 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 2944 Inst.getOperand(0) = MCOperand::createExpr( 2945 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2946 return true; 2947 } 2948 2949 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 2950 unsigned CC) const override { 2951 if (CC == X86::COND_INVALID) 2952 return false; 2953 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 2954 Inst.getOperand(0) = MCOperand::createExpr( 2955 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2956 return true; 2957 } 2958 2959 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 2960 switch (CC) { 2961 default: return X86::COND_INVALID; 2962 2963 case X86::COND_E: return X86::COND_E; 2964 case X86::COND_NE: return X86::COND_E; 2965 2966 case X86::COND_L: return X86::COND_L; 2967 case X86::COND_GE: return X86::COND_L; 2968 2969 case X86::COND_LE: return X86::COND_G; 2970 case X86::COND_G: return X86::COND_G; 2971 2972 case X86::COND_B: return X86::COND_B; 2973 case X86::COND_AE: return X86::COND_B; 2974 2975 case X86::COND_BE: return X86::COND_A; 2976 case X86::COND_A: return X86::COND_A; 2977 2978 case X86::COND_S: return X86::COND_S; 2979 case X86::COND_NS: return X86::COND_S; 2980 2981 case X86::COND_P: return X86::COND_P; 2982 case X86::COND_NP: return X86::COND_P; 2983 2984 case X86::COND_O: return X86::COND_O; 2985 case X86::COND_NO: return X86::COND_O; 2986 } 2987 } 2988 2989 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 2990 MCContext *Ctx) const override { 2991 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 2992 "Invalid instruction"); 2993 Inst.getOperand(0) = MCOperand::createExpr( 2994 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2995 return true; 2996 } 2997 2998 MCPhysReg getX86R11() const override { return X86::R11; } 2999 3000 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 3001 // FIXME: this should depend on the calling convention. 3002 switch (ArgNo) { 3003 case 0: return X86::RDI; 3004 case 1: return X86::RSI; 3005 case 2: return X86::RDX; 3006 case 3: return X86::RCX; 3007 case 4: return X86::R8; 3008 case 5: return X86::R9; 3009 default: return getNoRegister(); 3010 } 3011 } 3012 3013 void createPause(MCInst &Inst) const override { 3014 Inst.clear(); 3015 Inst.setOpcode(X86::PAUSE); 3016 } 3017 3018 void createLfence(MCInst &Inst) const override { 3019 Inst.clear(); 3020 Inst.setOpcode(X86::LFENCE); 3021 } 3022 3023 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3024 bool IsTailCall) override { 3025 Inst.clear(); 3026 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3027 Inst.addOperand(MCOperand::createExpr( 3028 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3029 if (IsTailCall) 3030 setTailCall(Inst); 3031 return true; 3032 } 3033 3034 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3035 MCContext *Ctx, bool IsTailCall) override { 3036 Seq.clear(); 3037 MCInst Inst; 3038 Inst.setOpcode(X86::JMP_1); 3039 Inst.addOperand(MCOperand::createExpr( 3040 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3041 if (IsTailCall) 3042 setTailCall(Inst); 3043 Seq.emplace_back(Inst); 3044 } 3045 3046 bool isConditionalMove(const MCInst &Inst) const override { 3047 unsigned OpCode = Inst.getOpcode(); 3048 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3049 OpCode == X86::CMOV64rr); 3050 } 3051 3052 bool isBranchOnMem(const MCInst &Inst) const override { 3053 unsigned OpCode = Inst.getOpcode(); 3054 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3055 OpCode == X86::JMP64m) 3056 return true; 3057 3058 return false; 3059 } 3060 3061 bool isBranchOnReg(const MCInst &Inst) const override { 3062 unsigned OpCode = Inst.getOpcode(); 3063 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3064 OpCode == X86::JMP64r) 3065 return true; 3066 3067 return false; 3068 } 3069 3070 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3071 unsigned Size) const override { 3072 Inst.clear(); 3073 unsigned NewOpcode = 0; 3074 if (Reg == X86::EFLAGS) { 3075 switch (Size) { 3076 case 2: NewOpcode = X86::PUSHF16; break; 3077 case 4: NewOpcode = X86::PUSHF32; break; 3078 case 8: NewOpcode = X86::PUSHF64; break; 3079 default: 3080 llvm_unreachable("Unexpected size"); 3081 } 3082 Inst.setOpcode(NewOpcode); 3083 return; 3084 } 3085 switch (Size) { 3086 case 2: NewOpcode = X86::PUSH16r; break; 3087 case 4: NewOpcode = X86::PUSH32r; break; 3088 case 8: NewOpcode = X86::PUSH64r; break; 3089 default: 3090 llvm_unreachable("Unexpected size"); 3091 } 3092 Inst.setOpcode(NewOpcode); 3093 Inst.addOperand(MCOperand::createReg(Reg)); 3094 } 3095 3096 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3097 unsigned Size) const override { 3098 Inst.clear(); 3099 unsigned NewOpcode = 0; 3100 if (Reg == X86::EFLAGS) { 3101 switch (Size) { 3102 case 2: NewOpcode = X86::POPF16; break; 3103 case 4: NewOpcode = X86::POPF32; break; 3104 case 8: NewOpcode = X86::POPF64; break; 3105 default: 3106 llvm_unreachable("Unexpected size"); 3107 } 3108 Inst.setOpcode(NewOpcode); 3109 return; 3110 } 3111 switch (Size) { 3112 case 2: NewOpcode = X86::POP16r; break; 3113 case 4: NewOpcode = X86::POP32r; break; 3114 case 8: NewOpcode = X86::POP64r; break; 3115 default: 3116 llvm_unreachable("Unexpected size"); 3117 } 3118 Inst.setOpcode(NewOpcode); 3119 Inst.addOperand(MCOperand::createReg(Reg)); 3120 } 3121 3122 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3123 return createPushRegister(Inst, X86::EFLAGS, Size); 3124 } 3125 3126 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3127 return createPopRegister(Inst, X86::EFLAGS, Size); 3128 } 3129 3130 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3131 unsigned Size) const { 3132 unsigned int Opcode; 3133 switch (Size) { 3134 case 1: Opcode = X86::ADD8ri; break; 3135 case 2: Opcode = X86::ADD16ri; break; 3136 case 4: Opcode = X86::ADD32ri; break; 3137 default: 3138 llvm_unreachable("Unexpected size"); 3139 } 3140 Inst.setOpcode(Opcode); 3141 Inst.clear(); 3142 Inst.addOperand(MCOperand::createReg(Reg)); 3143 Inst.addOperand(MCOperand::createReg(Reg)); 3144 Inst.addOperand(MCOperand::createImm(Value)); 3145 } 3146 3147 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3148 unsigned Size) const { 3149 unsigned int Opcode; 3150 switch (Size) { 3151 case 1: Opcode = X86::MOV8ri; break; 3152 case 2: Opcode = X86::MOV16ri; break; 3153 case 4: Opcode = X86::MOV32ri; break; 3154 // Writing to a 32-bit register always zeros the upper 32 bits of the 3155 // full-width register 3156 case 8: 3157 Opcode = X86::MOV32ri; 3158 Reg = getAliasSized(Reg, 4); 3159 break; 3160 default: 3161 llvm_unreachable("Unexpected size"); 3162 } 3163 Inst.setOpcode(Opcode); 3164 Inst.clear(); 3165 Inst.addOperand(MCOperand::createReg(Reg)); 3166 Inst.addOperand(MCOperand::createImm(0)); 3167 } 3168 3169 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3170 Inst.setOpcode(X86::SETCCr); 3171 Inst.clear(); 3172 Inst.addOperand(MCOperand::createReg(Reg)); 3173 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3174 } 3175 3176 void createX86Lahf(MCInst &Inst) const { 3177 Inst.setOpcode(X86::LAHF); 3178 Inst.clear(); 3179 } 3180 3181 void createX86Sahf(MCInst &Inst) const { 3182 Inst.setOpcode(X86::SAHF); 3183 Inst.clear(); 3184 } 3185 3186 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3187 MCContext *Ctx, bool IsLeaf) const override { 3188 unsigned int I = 0; 3189 3190 Instrs.resize(IsLeaf ? 13 : 11); 3191 // Don't clobber application red zone (ABI dependent) 3192 if (IsLeaf) 3193 createStackPointerIncrement(Instrs[I++], 128, 3194 /*NoFlagsClobber=*/true); 3195 3196 // Performance improvements based on the optimization discussed at 3197 // https://reviews.llvm.org/D6629 3198 // LAHF/SAHF are used instead of PUSHF/POPF 3199 // PUSHF 3200 createPushRegister(Instrs[I++], X86::RAX, 8); 3201 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3202 createX86Lahf(Instrs[I++]); 3203 createPushRegister(Instrs[I++], X86::RAX, 8); 3204 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3205 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3206 // LOCK INC 3207 createIncMemory(Instrs[I++], Target, Ctx); 3208 // POPF 3209 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3210 createPopRegister(Instrs[I++], X86::RAX, 8); 3211 createX86Sahf(Instrs[I++]); 3212 createPopRegister(Instrs[I++], X86::RAX, 8); 3213 3214 if (IsLeaf) 3215 createStackPointerDecrement(Instrs[I], 128, 3216 /*NoFlagsClobber=*/true); 3217 } 3218 3219 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3220 int64_t Disp) const { 3221 Inst.setOpcode(X86::XCHG64rm); 3222 Inst.addOperand(MCOperand::createReg(Source)); 3223 Inst.addOperand(MCOperand::createReg(Source)); 3224 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3225 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3226 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3227 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3228 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3229 } 3230 3231 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3232 int64_t Disp) const { 3233 Inst.setOpcode(X86::JMP64m); 3234 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3235 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3236 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3237 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3238 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3239 } 3240 3241 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3242 bool TailCall, 3243 MCSymbol *HandlerFuncAddr, 3244 int CallSiteID, 3245 MCContext *Ctx) override { 3246 // Check if the target address expression used in the original indirect call 3247 // uses the stack pointer, which we are going to clobber. 3248 static BitVector SPAliases(getAliases(X86::RSP)); 3249 bool UsesSP = false; 3250 // Skip defs. 3251 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3252 E = MCPlus::getNumPrimeOperands(CallInst); 3253 I != E; ++I) { 3254 const MCOperand &Operand = CallInst.getOperand(I); 3255 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3256 UsesSP = true; 3257 break; 3258 } 3259 } 3260 3261 InstructionListType Insts; 3262 MCPhysReg TempReg = getIntArgRegister(0); 3263 // Code sequence used to enter indirect call instrumentation helper: 3264 // push %rdi 3265 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3266 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3267 // sub $8, %rsp ;; restore correct stack value 3268 // push %rdi 3269 // movq $CallSiteID, %rdi 3270 // push %rdi 3271 // callq/jmp HandlerFuncAddr 3272 Insts.emplace_back(); 3273 createPushRegister(Insts.back(), TempReg, 8); 3274 if (UsesSP) { // Only adjust SP if we really need to 3275 Insts.emplace_back(); 3276 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3277 } 3278 Insts.emplace_back(CallInst); 3279 // Insts.back() and CallInst now share the same annotation instruction. 3280 // Strip it from Insts.back(), only preserving tail call annotation. 3281 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3282 convertIndirectCallToLoad(Insts.back(), TempReg); 3283 if (UsesSP) { 3284 Insts.emplace_back(); 3285 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3286 } 3287 Insts.emplace_back(); 3288 createPushRegister(Insts.back(), TempReg, 8); 3289 Insts.emplace_back(); 3290 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3291 Insts.emplace_back(); 3292 createPushRegister(Insts.back(), TempReg, 8); 3293 Insts.emplace_back(); 3294 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3295 /*TailCall=*/TailCall); 3296 // Carry over metadata 3297 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3298 E = CallInst.getNumOperands(); 3299 I != E; ++I) 3300 Insts.back().addOperand(CallInst.getOperand(I)); 3301 3302 return Insts; 3303 } 3304 3305 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3306 const MCPhysReg TempReg = getIntArgRegister(0); 3307 // We just need to undo the sequence created for every ind call in 3308 // instrumentIndirectTarget(), which can be accomplished minimally with: 3309 // popfq 3310 // pop %rdi 3311 // add $16, %rsp 3312 // xchg (%rsp), %rdi 3313 // jmp *-8(%rsp) 3314 InstructionListType Insts(5); 3315 createPopFlags(Insts[0], 8); 3316 createPopRegister(Insts[1], TempReg, 8); 3317 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3318 createSwap(Insts[3], TempReg, X86::RSP, 0); 3319 createIndirectBranch(Insts[4], X86::RSP, -8); 3320 return Insts; 3321 } 3322 3323 InstructionListType 3324 createInstrumentedIndTailCallHandlerExitBB() const override { 3325 const MCPhysReg TempReg = getIntArgRegister(0); 3326 // Same thing as above, but for tail calls 3327 // popfq 3328 // add $16, %rsp 3329 // pop %rdi 3330 // jmp *-16(%rsp) 3331 InstructionListType Insts(4); 3332 createPopFlags(Insts[0], 8); 3333 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3334 createPopRegister(Insts[2], TempReg, 8); 3335 createIndirectBranch(Insts[3], X86::RSP, -16); 3336 return Insts; 3337 } 3338 3339 InstructionListType 3340 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3341 const MCSymbol *IndCallHandler, 3342 MCContext *Ctx) override { 3343 const MCPhysReg TempReg = getIntArgRegister(0); 3344 // Code sequence used to check whether InstrTampoline was initialized 3345 // and call it if so, returns via IndCallHandler. 3346 // pushfq 3347 // mov InstrTrampoline,%rdi 3348 // cmp $0x0,%rdi 3349 // je IndCallHandler 3350 // callq *%rdi 3351 // jmpq IndCallHandler 3352 InstructionListType Insts; 3353 Insts.emplace_back(); 3354 createPushFlags(Insts.back(), 8); 3355 Insts.emplace_back(); 3356 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3357 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3358 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3359 Insts.emplace_back(); 3360 Insts.back().setOpcode(X86::CALL64r); 3361 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3362 Insts.emplace_back(); 3363 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3364 return Insts; 3365 } 3366 3367 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3368 InstructionListType Insts(2); 3369 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3370 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3371 createReturn(Insts[1]); 3372 return Insts; 3373 } 3374 3375 InstructionListType 3376 createInstrLocationsGetter(MCContext *Ctx) const override { 3377 InstructionListType Insts(2); 3378 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3379 createLea(Insts[0], Locs, X86::EAX, Ctx); 3380 createReturn(Insts[1]); 3381 return Insts; 3382 } 3383 3384 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3385 InstructionListType Insts(2); 3386 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3387 createLea(Insts[0], Locs, X86::EAX, Ctx); 3388 createReturn(Insts[1]); 3389 return Insts; 3390 } 3391 3392 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3393 InstructionListType Insts(2); 3394 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3395 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3396 createReturn(Insts[1]); 3397 return Insts; 3398 } 3399 3400 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3401 MCContext *Ctx) const override { 3402 InstructionListType Insts(1); 3403 createUncondBranch(Insts[0], TgtSym, Ctx); 3404 return Insts; 3405 } 3406 3407 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3408 InstructionListType Insts(1); 3409 createReturn(Insts[0]); 3410 return Insts; 3411 } 3412 3413 BlocksVectorTy indirectCallPromotion( 3414 const MCInst &CallInst, 3415 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3416 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3417 const std::vector<MCInst *> &MethodFetchInsns, 3418 const bool MinimizeCodeSize, MCContext *Ctx) override { 3419 const bool IsTailCall = isTailCall(CallInst); 3420 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3421 BlocksVectorTy Results; 3422 3423 // Label for the current code block. 3424 MCSymbol *NextTarget = nullptr; 3425 3426 // The join block which contains all the instructions following CallInst. 3427 // MergeBlock remains null if CallInst is a tail call. 3428 MCSymbol *MergeBlock = nullptr; 3429 3430 unsigned FuncAddrReg = X86::R10; 3431 3432 const bool LoadElim = !VtableSyms.empty(); 3433 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3434 "There must be a vtable entry for every method " 3435 "in the targets vector."); 3436 3437 if (MinimizeCodeSize && !LoadElim) { 3438 std::set<unsigned> UsedRegs; 3439 3440 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3441 const MCOperand &Op = CallInst.getOperand(I); 3442 if (Op.isReg()) 3443 UsedRegs.insert(Op.getReg()); 3444 } 3445 3446 if (UsedRegs.count(X86::R10) == 0) 3447 FuncAddrReg = X86::R10; 3448 else if (UsedRegs.count(X86::R11) == 0) 3449 FuncAddrReg = X86::R11; 3450 else 3451 return Results; 3452 } 3453 3454 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3455 assert(MergeBlock); 3456 NewCall.push_back(CallInst); 3457 MCInst &Merge = NewCall.back(); 3458 Merge.clear(); 3459 createUncondBranch(Merge, MergeBlock, Ctx); 3460 }; 3461 3462 for (unsigned int i = 0; i < Targets.size(); ++i) { 3463 Results.emplace_back(NextTarget, InstructionListType()); 3464 InstructionListType *NewCall = &Results.back().second; 3465 3466 if (MinimizeCodeSize && !LoadElim) { 3467 // Load the call target into FuncAddrReg. 3468 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3469 MCInst &Target = NewCall->back(); 3470 Target.clear(); 3471 Target.setOpcode(X86::MOV64ri32); 3472 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3473 if (Targets[i].first) { 3474 // Is this OK? 3475 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3476 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3477 } else { 3478 const uint64_t Addr = Targets[i].second; 3479 // Immediate address is out of sign extended 32 bit range. 3480 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3481 return BlocksVectorTy(); 3482 3483 Target.addOperand(MCOperand::createImm(Addr)); 3484 } 3485 3486 // Compare current call target to a specific address. 3487 NewCall->push_back(CallInst); 3488 MCInst &Compare = NewCall->back(); 3489 Compare.clear(); 3490 if (isBranchOnReg(CallInst)) 3491 Compare.setOpcode(X86::CMP64rr); 3492 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3493 Compare.setOpcode(X86::CMP64ri32); 3494 else 3495 Compare.setOpcode(X86::CMP64rm); 3496 3497 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3498 3499 // TODO: Would be preferable to only load this value once. 3500 for (unsigned i = 0; 3501 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3502 if (!CallInst.getOperand(i).isInst()) 3503 Compare.addOperand(CallInst.getOperand(i)); 3504 } else { 3505 // Compare current call target to a specific address. 3506 NewCall->push_back(CallInst); 3507 MCInst &Compare = NewCall->back(); 3508 Compare.clear(); 3509 if (isBranchOnReg(CallInst)) 3510 Compare.setOpcode(X86::CMP64ri32); 3511 else 3512 Compare.setOpcode(X86::CMP64mi32); 3513 3514 // Original call address. 3515 for (unsigned i = 0; 3516 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3517 if (!CallInst.getOperand(i).isInst()) 3518 Compare.addOperand(CallInst.getOperand(i)); 3519 3520 // Target address. 3521 if (Targets[i].first || LoadElim) { 3522 const MCSymbol *Sym = 3523 LoadElim ? VtableSyms[i].first : Targets[i].first; 3524 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3525 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3526 if (Addend) 3527 Expr = MCBinaryExpr::createAdd( 3528 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3529 Compare.addOperand(MCOperand::createExpr(Expr)); 3530 } else { 3531 const uint64_t Addr = Targets[i].second; 3532 // Immediate address is out of sign extended 32 bit range. 3533 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3534 return BlocksVectorTy(); 3535 3536 Compare.addOperand(MCOperand::createImm(Addr)); 3537 } 3538 } 3539 3540 // jump to next target compare. 3541 NextTarget = 3542 Ctx->createNamedTempSymbol(); // generate label for the next block 3543 NewCall->push_back(CallInst); 3544 3545 if (IsJumpTable) { 3546 MCInst &Je = NewCall->back(); 3547 3548 // Jump to next compare if target addresses don't match. 3549 Je.clear(); 3550 Je.setOpcode(X86::JCC_1); 3551 if (Targets[i].first) 3552 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3553 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3554 else 3555 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3556 3557 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3558 assert(!isInvoke(CallInst)); 3559 } else { 3560 MCInst &Jne = NewCall->back(); 3561 3562 // Jump to next compare if target addresses don't match. 3563 Jne.clear(); 3564 Jne.setOpcode(X86::JCC_1); 3565 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3566 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3567 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3568 3569 // Call specific target directly. 3570 Results.emplace_back(Ctx->createNamedTempSymbol(), 3571 InstructionListType()); 3572 NewCall = &Results.back().second; 3573 NewCall->push_back(CallInst); 3574 MCInst &CallOrJmp = NewCall->back(); 3575 3576 CallOrJmp.clear(); 3577 3578 if (MinimizeCodeSize && !LoadElim) { 3579 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3580 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3581 } else { 3582 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3583 3584 if (Targets[i].first) 3585 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3586 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3587 else 3588 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3589 } 3590 if (IsTailCall) 3591 setTailCall(CallOrJmp); 3592 3593 if (CallOrJmp.getOpcode() == X86::CALL64r || 3594 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3595 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3596 // Annotated as duplicated call 3597 setOffset(CallOrJmp, *Offset); 3598 } 3599 3600 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3601 // Copy over any EH or GNU args size information from the original 3602 // call. 3603 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3604 if (EHInfo) 3605 addEHInfo(CallOrJmp, *EHInfo); 3606 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3607 if (GnuArgsSize >= 0) 3608 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3609 } 3610 3611 if (!IsTailCall) { 3612 // The fallthrough block for the most common target should be 3613 // the merge block. 3614 if (i == 0) { 3615 // Fallthrough to merge block. 3616 MergeBlock = Ctx->createNamedTempSymbol(); 3617 } else { 3618 // Insert jump to the merge block if we are not doing a fallthrough. 3619 jumpToMergeBlock(*NewCall); 3620 } 3621 } 3622 } 3623 } 3624 3625 // Cold call block. 3626 Results.emplace_back(NextTarget, InstructionListType()); 3627 InstructionListType &NewCall = Results.back().second; 3628 for (const MCInst *Inst : MethodFetchInsns) 3629 if (Inst != &CallInst) 3630 NewCall.push_back(*Inst); 3631 NewCall.push_back(CallInst); 3632 3633 // Jump to merge block from cold call block 3634 if (!IsTailCall && !IsJumpTable) { 3635 jumpToMergeBlock(NewCall); 3636 3637 // Record merge block 3638 Results.emplace_back(MergeBlock, InstructionListType()); 3639 } 3640 3641 return Results; 3642 } 3643 3644 BlocksVectorTy jumpTablePromotion( 3645 const MCInst &IJmpInst, 3646 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3647 const std::vector<MCInst *> &TargetFetchInsns, 3648 MCContext *Ctx) const override { 3649 assert(getJumpTable(IJmpInst) != 0); 3650 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3651 if (IndexReg == 0) 3652 return BlocksVectorTy(); 3653 3654 BlocksVectorTy Results; 3655 3656 // Label for the current code block. 3657 MCSymbol *NextTarget = nullptr; 3658 3659 for (unsigned int i = 0; i < Targets.size(); ++i) { 3660 Results.emplace_back(NextTarget, InstructionListType()); 3661 InstructionListType *CurBB = &Results.back().second; 3662 3663 // Compare current index to a specific index. 3664 CurBB->emplace_back(MCInst()); 3665 MCInst &CompareInst = CurBB->back(); 3666 CompareInst.setLoc(IJmpInst.getLoc()); 3667 CompareInst.setOpcode(X86::CMP64ri32); 3668 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3669 3670 const uint64_t CaseIdx = Targets[i].second; 3671 // Immediate address is out of sign extended 32 bit range. 3672 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3673 return BlocksVectorTy(); 3674 3675 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3676 shortenInstruction(CompareInst, *Ctx->getSubtargetInfo()); 3677 3678 // jump to next target compare. 3679 NextTarget = 3680 Ctx->createNamedTempSymbol(); // generate label for the next block 3681 CurBB->push_back(MCInst()); 3682 3683 MCInst &JEInst = CurBB->back(); 3684 JEInst.setLoc(IJmpInst.getLoc()); 3685 3686 // Jump to target if indices match 3687 JEInst.setOpcode(X86::JCC_1); 3688 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3689 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3690 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3691 } 3692 3693 // Cold call block. 3694 Results.emplace_back(NextTarget, InstructionListType()); 3695 InstructionListType &CurBB = Results.back().second; 3696 for (const MCInst *Inst : TargetFetchInsns) 3697 if (Inst != &IJmpInst) 3698 CurBB.push_back(*Inst); 3699 3700 CurBB.push_back(IJmpInst); 3701 3702 return Results; 3703 } 3704 3705 private: 3706 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3707 MCContext *Ctx) const { 3708 Inst.setOpcode(X86::MOV64rm); 3709 Inst.addOperand(MCOperand::createReg(Reg)); 3710 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3711 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3712 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3713 Inst.addOperand(MCOperand::createExpr( 3714 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3715 *Ctx))); // Displacement 3716 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3717 3718 return true; 3719 } 3720 3721 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3722 MCContext *Ctx) const { 3723 Inst.setOpcode(X86::LEA64r); 3724 Inst.addOperand(MCOperand::createReg(Reg)); 3725 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3726 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3727 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3728 Inst.addOperand(MCOperand::createExpr( 3729 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3730 *Ctx))); // Displacement 3731 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3732 return true; 3733 } 3734 }; 3735 3736 } // namespace 3737 3738 namespace llvm { 3739 namespace bolt { 3740 3741 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3742 const MCInstrInfo *Info, 3743 const MCRegisterInfo *RegInfo) { 3744 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3745 } 3746 3747 } // namespace bolt 3748 } // namespace llvm 3749