1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "bolt/Core/MCPlus.h" 17 #include "bolt/Core/MCPlusBuilder.h" 18 #include "llvm/BinaryFormat/ELF.h" 19 #include "llvm/MC/MCContext.h" 20 #include "llvm/MC/MCFixupKindInfo.h" 21 #include "llvm/MC/MCInst.h" 22 #include "llvm/MC/MCInstBuilder.h" 23 #include "llvm/MC/MCInstrInfo.h" 24 #include "llvm/MC/MCRegister.h" 25 #include "llvm/MC/MCRegisterInfo.h" 26 #include "llvm/Support/DataExtractor.h" 27 #include "llvm/Support/Debug.h" 28 #include "llvm/Support/Errc.h" 29 #include "llvm/Support/ErrorHandling.h" 30 #include "llvm/Support/ErrorOr.h" 31 #include <set> 32 33 #define DEBUG_TYPE "mcplus" 34 35 using namespace llvm; 36 using namespace bolt; 37 38 namespace { 39 40 unsigned getShortBranchOpcode(unsigned Opcode) { 41 switch (Opcode) { 42 default: 43 return Opcode; 44 case X86::JMP_2: return X86::JMP_1; 45 case X86::JMP_4: return X86::JMP_1; 46 case X86::JCC_2: return X86::JCC_1; 47 case X86::JCC_4: return X86::JCC_1; 48 } 49 } 50 51 unsigned getShortArithOpcode(unsigned Opcode) { 52 return X86::getShortOpcodeArith(Opcode); 53 } 54 55 bool isADD(unsigned Opcode) { 56 switch (Opcode) { 57 default: 58 return false; 59 case X86::ADD16i16: 60 case X86::ADD16mi: 61 case X86::ADD16mi8: 62 case X86::ADD16mr: 63 case X86::ADD16ri: 64 case X86::ADD16ri8: 65 case X86::ADD16ri8_DB: 66 case X86::ADD16ri_DB: 67 case X86::ADD16rm: 68 case X86::ADD16rr: 69 case X86::ADD16rr_DB: 70 case X86::ADD16rr_REV: 71 case X86::ADD32i32: 72 case X86::ADD32mi: 73 case X86::ADD32mi8: 74 case X86::ADD32mr: 75 case X86::ADD32ri: 76 case X86::ADD32ri8: 77 case X86::ADD32ri8_DB: 78 case X86::ADD32ri_DB: 79 case X86::ADD32rm: 80 case X86::ADD32rr: 81 case X86::ADD32rr_DB: 82 case X86::ADD32rr_REV: 83 case X86::ADD64i32: 84 case X86::ADD64mi32: 85 case X86::ADD64mi8: 86 case X86::ADD64mr: 87 case X86::ADD64ri32: 88 case X86::ADD64ri32_DB: 89 case X86::ADD64ri8: 90 case X86::ADD64ri8_DB: 91 case X86::ADD64rm: 92 case X86::ADD64rr: 93 case X86::ADD64rr_DB: 94 case X86::ADD64rr_REV: 95 case X86::ADD8i8: 96 case X86::ADD8mi: 97 case X86::ADD8mi8: 98 case X86::ADD8mr: 99 case X86::ADD8ri: 100 case X86::ADD8ri8: 101 case X86::ADD8rm: 102 case X86::ADD8rr: 103 case X86::ADD8rr_REV: 104 return true; 105 } 106 } 107 108 bool isAND(unsigned Opcode) { 109 switch (Opcode) { 110 default: 111 return false; 112 case X86::AND16i16: 113 case X86::AND16mi: 114 case X86::AND16mi8: 115 case X86::AND16mr: 116 case X86::AND16ri: 117 case X86::AND16ri8: 118 case X86::AND16rm: 119 case X86::AND16rr: 120 case X86::AND16rr_REV: 121 case X86::AND32i32: 122 case X86::AND32mi: 123 case X86::AND32mi8: 124 case X86::AND32mr: 125 case X86::AND32ri: 126 case X86::AND32ri8: 127 case X86::AND32rm: 128 case X86::AND32rr: 129 case X86::AND32rr_REV: 130 case X86::AND64i32: 131 case X86::AND64mi32: 132 case X86::AND64mi8: 133 case X86::AND64mr: 134 case X86::AND64ri32: 135 case X86::AND64ri8: 136 case X86::AND64rm: 137 case X86::AND64rr: 138 case X86::AND64rr_REV: 139 case X86::AND8i8: 140 case X86::AND8mi: 141 case X86::AND8mi8: 142 case X86::AND8mr: 143 case X86::AND8ri: 144 case X86::AND8ri8: 145 case X86::AND8rm: 146 case X86::AND8rr: 147 case X86::AND8rr_REV: 148 return true; 149 } 150 } 151 152 bool isCMP(unsigned Opcode) { 153 switch (Opcode) { 154 default: 155 return false; 156 case X86::CMP16i16: 157 case X86::CMP16mi: 158 case X86::CMP16mi8: 159 case X86::CMP16mr: 160 case X86::CMP16ri: 161 case X86::CMP16ri8: 162 case X86::CMP16rm: 163 case X86::CMP16rr: 164 case X86::CMP16rr_REV: 165 case X86::CMP32i32: 166 case X86::CMP32mi: 167 case X86::CMP32mi8: 168 case X86::CMP32mr: 169 case X86::CMP32ri: 170 case X86::CMP32ri8: 171 case X86::CMP32rm: 172 case X86::CMP32rr: 173 case X86::CMP32rr_REV: 174 case X86::CMP64i32: 175 case X86::CMP64mi32: 176 case X86::CMP64mi8: 177 case X86::CMP64mr: 178 case X86::CMP64ri32: 179 case X86::CMP64ri8: 180 case X86::CMP64rm: 181 case X86::CMP64rr: 182 case X86::CMP64rr_REV: 183 case X86::CMP8i8: 184 case X86::CMP8mi: 185 case X86::CMP8mi8: 186 case X86::CMP8mr: 187 case X86::CMP8ri: 188 case X86::CMP8ri8: 189 case X86::CMP8rm: 190 case X86::CMP8rr: 191 case X86::CMP8rr_REV: 192 return true; 193 } 194 } 195 196 bool isSUB(unsigned Opcode) { 197 switch (Opcode) { 198 default: 199 return false; 200 case X86::SUB16i16: 201 case X86::SUB16mi: 202 case X86::SUB16mi8: 203 case X86::SUB16mr: 204 case X86::SUB16ri: 205 case X86::SUB16ri8: 206 case X86::SUB16rm: 207 case X86::SUB16rr: 208 case X86::SUB16rr_REV: 209 case X86::SUB32i32: 210 case X86::SUB32mi: 211 case X86::SUB32mi8: 212 case X86::SUB32mr: 213 case X86::SUB32ri: 214 case X86::SUB32ri8: 215 case X86::SUB32rm: 216 case X86::SUB32rr: 217 case X86::SUB32rr_REV: 218 case X86::SUB64i32: 219 case X86::SUB64mi32: 220 case X86::SUB64mi8: 221 case X86::SUB64mr: 222 case X86::SUB64ri32: 223 case X86::SUB64ri8: 224 case X86::SUB64rm: 225 case X86::SUB64rr: 226 case X86::SUB64rr_REV: 227 case X86::SUB8i8: 228 case X86::SUB8mi: 229 case X86::SUB8mi8: 230 case X86::SUB8mr: 231 case X86::SUB8ri: 232 case X86::SUB8ri8: 233 case X86::SUB8rm: 234 case X86::SUB8rr: 235 case X86::SUB8rr_REV: 236 return true; 237 } 238 } 239 240 bool isTEST(unsigned Opcode) { 241 switch (Opcode) { 242 default: 243 return false; 244 case X86::TEST16i16: 245 case X86::TEST16mi: 246 case X86::TEST16mr: 247 case X86::TEST16ri: 248 case X86::TEST16rr: 249 case X86::TEST32i32: 250 case X86::TEST32mi: 251 case X86::TEST32mr: 252 case X86::TEST32ri: 253 case X86::TEST32rr: 254 case X86::TEST64i32: 255 case X86::TEST64mi32: 256 case X86::TEST64mr: 257 case X86::TEST64ri32: 258 case X86::TEST64rr: 259 case X86::TEST8i8: 260 case X86::TEST8mi: 261 case X86::TEST8mr: 262 case X86::TEST8ri: 263 case X86::TEST8rr: 264 return true; 265 } 266 } 267 268 class X86MCPlusBuilder : public MCPlusBuilder { 269 public: 270 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 271 const MCRegisterInfo *RegInfo) 272 : MCPlusBuilder(Analysis, Info, RegInfo) {} 273 274 bool isBranch(const MCInst &Inst) const override { 275 return Analysis->isBranch(Inst) && !isTailCall(Inst); 276 } 277 278 bool isUnconditionalBranch(const MCInst &Inst) const override { 279 return Analysis->isUnconditionalBranch(Inst) && !isTailCall(Inst); 280 } 281 282 bool isNoop(const MCInst &Inst) const override { 283 switch (Inst.getOpcode()) { 284 case X86::NOOP: 285 case X86::NOOPL: 286 case X86::NOOPLr: 287 case X86::NOOPQ: 288 case X86::NOOPQr: 289 case X86::NOOPW: 290 case X86::NOOPWr: 291 return true; 292 } 293 return false; 294 } 295 296 unsigned getCondCode(const MCInst &Inst) const override { 297 switch (Inst.getOpcode()) { 298 default: 299 return X86::COND_INVALID; 300 case X86::JCC_1: 301 case X86::JCC_2: 302 case X86::JCC_4: 303 return Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1) 304 .getImm(); 305 } 306 } 307 308 unsigned getInvertedCondCode(unsigned CC) const override { 309 switch (CC) { 310 default: return X86::COND_INVALID; 311 case X86::COND_E: return X86::COND_NE; 312 case X86::COND_NE: return X86::COND_E; 313 case X86::COND_L: return X86::COND_GE; 314 case X86::COND_LE: return X86::COND_G; 315 case X86::COND_G: return X86::COND_LE; 316 case X86::COND_GE: return X86::COND_L; 317 case X86::COND_B: return X86::COND_AE; 318 case X86::COND_BE: return X86::COND_A; 319 case X86::COND_A: return X86::COND_BE; 320 case X86::COND_AE: return X86::COND_B; 321 case X86::COND_S: return X86::COND_NS; 322 case X86::COND_NS: return X86::COND_S; 323 case X86::COND_P: return X86::COND_NP; 324 case X86::COND_NP: return X86::COND_P; 325 case X86::COND_O: return X86::COND_NO; 326 case X86::COND_NO: return X86::COND_O; 327 } 328 } 329 330 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 331 enum DecodedCondCode : uint8_t { 332 DCC_EQUAL = 0x1, 333 DCC_GREATER = 0x2, 334 DCC_LESSER = 0x4, 335 DCC_GREATER_OR_LESSER = 0x6, 336 DCC_UNSIGNED = 0x8, 337 DCC_SIGNED = 0x10, 338 DCC_INVALID = 0x20, 339 }; 340 341 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 342 switch (CC) { 343 default: return DCC_INVALID; 344 case X86::COND_E: return DCC_EQUAL; 345 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 346 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 347 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 348 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 349 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 350 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 351 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 352 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 353 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 354 } 355 }; 356 357 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 358 359 if (DCC & DCC_INVALID) 360 return X86::COND_INVALID; 361 362 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 363 return X86::COND_INVALID; 364 365 switch (DCC) { 366 default: return X86::COND_INVALID; 367 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 368 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 369 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 370 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 371 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 372 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 373 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 374 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 375 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 376 case DCC_EQUAL: return X86::COND_E; 377 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 378 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 379 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 380 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 381 } 382 } 383 384 bool isValidCondCode(unsigned CC) const override { 385 return (CC != X86::COND_INVALID); 386 } 387 388 bool isBreakpoint(const MCInst &Inst) const override { 389 return Inst.getOpcode() == X86::INT3; 390 } 391 392 bool isPrefix(const MCInst &Inst) const override { 393 switch (Inst.getOpcode()) { 394 case X86::LOCK_PREFIX: 395 case X86::REPNE_PREFIX: 396 case X86::REP_PREFIX: 397 return true; 398 } 399 return false; 400 } 401 402 bool isRep(const MCInst &Inst) const override { 403 return Inst.getFlags() == X86::IP_HAS_REPEAT; 404 } 405 406 bool deleteREPPrefix(MCInst &Inst) const override { 407 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 408 Inst.setFlags(0); 409 return true; 410 } 411 return false; 412 } 413 414 // FIXME: For compatibility with old LLVM only! 415 bool isTerminator(const MCInst &Inst) const override { 416 if (Info->get(Inst.getOpcode()).isTerminator()) 417 return true; 418 switch (Inst.getOpcode()) { 419 default: 420 return false; 421 case X86::TRAP: 422 // Opcodes previously known as X86::UD2B 423 case X86::UD1Wm: 424 case X86::UD1Lm: 425 case X86::UD1Qm: 426 case X86::UD1Wr: 427 case X86::UD1Lr: 428 case X86::UD1Qr: 429 return true; 430 } 431 } 432 433 bool isIndirectCall(const MCInst &Inst) const override { 434 return isCall(Inst) && 435 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 436 } 437 438 bool isPop(const MCInst &Inst) const override { 439 return getPopSize(Inst) == 0 ? false : true; 440 } 441 442 bool isTerminateBranch(const MCInst &Inst) const override { 443 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 444 } 445 446 int getPopSize(const MCInst &Inst) const override { 447 switch (Inst.getOpcode()) { 448 case X86::POP16r: 449 case X86::POP16rmm: 450 case X86::POP16rmr: 451 case X86::POPF16: 452 case X86::POPA16: 453 case X86::POPDS16: 454 case X86::POPES16: 455 case X86::POPFS16: 456 case X86::POPGS16: 457 case X86::POPSS16: 458 return 2; 459 case X86::POP32r: 460 case X86::POP32rmm: 461 case X86::POP32rmr: 462 case X86::POPA32: 463 case X86::POPDS32: 464 case X86::POPES32: 465 case X86::POPF32: 466 case X86::POPFS32: 467 case X86::POPGS32: 468 case X86::POPSS32: 469 return 4; 470 case X86::POP64r: 471 case X86::POP64rmm: 472 case X86::POP64rmr: 473 case X86::POPF64: 474 case X86::POPFS64: 475 case X86::POPGS64: 476 return 8; 477 } 478 return 0; 479 } 480 481 bool isPush(const MCInst &Inst) const override { 482 return getPushSize(Inst) == 0 ? false : true; 483 } 484 485 int getPushSize(const MCInst &Inst) const override { 486 switch (Inst.getOpcode()) { 487 case X86::PUSH16i8: 488 case X86::PUSH16r: 489 case X86::PUSH16rmm: 490 case X86::PUSH16rmr: 491 case X86::PUSHA16: 492 case X86::PUSHCS16: 493 case X86::PUSHDS16: 494 case X86::PUSHES16: 495 case X86::PUSHF16: 496 case X86::PUSHFS16: 497 case X86::PUSHGS16: 498 case X86::PUSHSS16: 499 case X86::PUSHi16: 500 return 2; 501 case X86::PUSH32i8: 502 case X86::PUSH32r: 503 case X86::PUSH32rmm: 504 case X86::PUSH32rmr: 505 case X86::PUSHA32: 506 case X86::PUSHCS32: 507 case X86::PUSHDS32: 508 case X86::PUSHES32: 509 case X86::PUSHF32: 510 case X86::PUSHFS32: 511 case X86::PUSHGS32: 512 case X86::PUSHSS32: 513 case X86::PUSHi32: 514 return 4; 515 case X86::PUSH64i32: 516 case X86::PUSH64i8: 517 case X86::PUSH64r: 518 case X86::PUSH64rmm: 519 case X86::PUSH64rmr: 520 case X86::PUSHF64: 521 case X86::PUSHFS64: 522 case X86::PUSHGS64: 523 return 8; 524 } 525 return 0; 526 } 527 528 bool isADD64rr(const MCInst &Inst) const override { 529 return Inst.getOpcode() == X86::ADD64rr; 530 } 531 532 bool isSUB(const MCInst &Inst) const override { 533 return ::isSUB(Inst.getOpcode()); 534 } 535 536 bool isADDri(const MCInst &Inst) const { 537 return Inst.getOpcode() == X86::ADD64ri32 || 538 Inst.getOpcode() == X86::ADD64ri8; 539 } 540 541 bool isLEA64r(const MCInst &Inst) const override { 542 return Inst.getOpcode() == X86::LEA64r; 543 } 544 545 bool isMOVSX64rm32(const MCInst &Inst) const override { 546 return Inst.getOpcode() == X86::MOVSX64rm32; 547 } 548 549 bool isLeave(const MCInst &Inst) const override { 550 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 551 } 552 553 bool isMoveMem2Reg(const MCInst &Inst) const override { 554 switch (Inst.getOpcode()) { 555 case X86::MOV16rm: 556 case X86::MOV32rm: 557 case X86::MOV64rm: 558 return true; 559 } 560 return false; 561 } 562 563 bool isUnsupportedBranch(unsigned Opcode) const override { 564 switch (Opcode) { 565 default: 566 return false; 567 case X86::LOOP: 568 case X86::LOOPE: 569 case X86::LOOPNE: 570 case X86::JECXZ: 571 case X86::JRCXZ: 572 return true; 573 } 574 } 575 576 bool isLoad(const MCInst &Inst) const override { 577 if (isPop(Inst)) 578 return true; 579 580 int MemOpNo = getMemoryOperandNo(Inst); 581 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 582 583 if (MemOpNo == -1) 584 return false; 585 586 return MCII.mayLoad(); 587 } 588 589 bool isStore(const MCInst &Inst) const override { 590 if (isPush(Inst)) 591 return true; 592 593 int MemOpNo = getMemoryOperandNo(Inst); 594 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 595 596 if (MemOpNo == -1) 597 return false; 598 599 return MCII.mayStore(); 600 } 601 602 bool isCleanRegXOR(const MCInst &Inst) const override { 603 switch (Inst.getOpcode()) { 604 case X86::XOR16rr: 605 case X86::XOR32rr: 606 case X86::XOR64rr: 607 break; 608 default: 609 return false; 610 } 611 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 612 } 613 614 bool isPacked(const MCInst &Inst) const override { 615 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 616 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 617 } 618 619 unsigned getTrapFillValue() const override { return 0xCC; } 620 621 struct IndJmpMatcherFrag1 : MCInstMatcher { 622 std::unique_ptr<MCInstMatcher> Base; 623 std::unique_ptr<MCInstMatcher> Scale; 624 std::unique_ptr<MCInstMatcher> Index; 625 std::unique_ptr<MCInstMatcher> Offset; 626 627 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 628 std::unique_ptr<MCInstMatcher> Scale, 629 std::unique_ptr<MCInstMatcher> Index, 630 std::unique_ptr<MCInstMatcher> Offset) 631 : Base(std::move(Base)), Scale(std::move(Scale)), 632 Index(std::move(Index)), Offset(std::move(Offset)) {} 633 634 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 635 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 636 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 637 return false; 638 639 if (CurInst->getOpcode() != X86::JMP64m) 640 return false; 641 642 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 643 if (MemOpNo == -1) 644 return false; 645 646 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 647 return false; 648 if (!Scale->match(MRI, MIB, this->InstrWindow, 649 MemOpNo + X86::AddrScaleAmt)) 650 return false; 651 if (!Index->match(MRI, MIB, this->InstrWindow, 652 MemOpNo + X86::AddrIndexReg)) 653 return false; 654 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 655 return false; 656 return true; 657 } 658 659 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 660 MIB.addAnnotation(*CurInst, Annotation, true); 661 Base->annotate(MIB, Annotation); 662 Scale->annotate(MIB, Annotation); 663 Index->annotate(MIB, Annotation); 664 Offset->annotate(MIB, Annotation); 665 } 666 }; 667 668 std::unique_ptr<MCInstMatcher> 669 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 670 std::unique_ptr<MCInstMatcher> Scale, 671 std::unique_ptr<MCInstMatcher> Index, 672 std::unique_ptr<MCInstMatcher> Offset) const override { 673 return std::unique_ptr<MCInstMatcher>( 674 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 675 std::move(Index), std::move(Offset))); 676 } 677 678 struct IndJmpMatcherFrag2 : MCInstMatcher { 679 std::unique_ptr<MCInstMatcher> Reg; 680 681 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 682 : Reg(std::move(Reg)) {} 683 684 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 685 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 686 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 687 return false; 688 689 if (CurInst->getOpcode() != X86::JMP64r) 690 return false; 691 692 return Reg->match(MRI, MIB, this->InstrWindow, 0); 693 } 694 695 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 696 MIB.addAnnotation(*CurInst, Annotation, true); 697 Reg->annotate(MIB, Annotation); 698 } 699 }; 700 701 std::unique_ptr<MCInstMatcher> 702 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 703 return std::unique_ptr<MCInstMatcher>( 704 new IndJmpMatcherFrag2(std::move(Target))); 705 } 706 707 struct LoadMatcherFrag1 : MCInstMatcher { 708 std::unique_ptr<MCInstMatcher> Base; 709 std::unique_ptr<MCInstMatcher> Scale; 710 std::unique_ptr<MCInstMatcher> Index; 711 std::unique_ptr<MCInstMatcher> Offset; 712 713 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 714 std::unique_ptr<MCInstMatcher> Scale, 715 std::unique_ptr<MCInstMatcher> Index, 716 std::unique_ptr<MCInstMatcher> Offset) 717 : Base(std::move(Base)), Scale(std::move(Scale)), 718 Index(std::move(Index)), Offset(std::move(Offset)) {} 719 720 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 721 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 722 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 723 return false; 724 725 if (CurInst->getOpcode() != X86::MOV64rm && 726 CurInst->getOpcode() != X86::MOVSX64rm32) 727 return false; 728 729 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 730 if (MemOpNo == -1) 731 return false; 732 733 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 734 return false; 735 if (!Scale->match(MRI, MIB, this->InstrWindow, 736 MemOpNo + X86::AddrScaleAmt)) 737 return false; 738 if (!Index->match(MRI, MIB, this->InstrWindow, 739 MemOpNo + X86::AddrIndexReg)) 740 return false; 741 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 742 return false; 743 return true; 744 } 745 746 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 747 MIB.addAnnotation(*CurInst, Annotation, true); 748 Base->annotate(MIB, Annotation); 749 Scale->annotate(MIB, Annotation); 750 Index->annotate(MIB, Annotation); 751 Offset->annotate(MIB, Annotation); 752 } 753 }; 754 755 std::unique_ptr<MCInstMatcher> 756 matchLoad(std::unique_ptr<MCInstMatcher> Base, 757 std::unique_ptr<MCInstMatcher> Scale, 758 std::unique_ptr<MCInstMatcher> Index, 759 std::unique_ptr<MCInstMatcher> Offset) const override { 760 return std::unique_ptr<MCInstMatcher>( 761 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 762 std::move(Index), std::move(Offset))); 763 } 764 765 struct AddMatcher : MCInstMatcher { 766 std::unique_ptr<MCInstMatcher> A; 767 std::unique_ptr<MCInstMatcher> B; 768 769 AddMatcher(std::unique_ptr<MCInstMatcher> A, 770 std::unique_ptr<MCInstMatcher> B) 771 : A(std::move(A)), B(std::move(B)) {} 772 773 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 774 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 775 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 776 return false; 777 778 if (CurInst->getOpcode() == X86::ADD64rr || 779 CurInst->getOpcode() == X86::ADD64rr_DB || 780 CurInst->getOpcode() == X86::ADD64rr_REV) { 781 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 782 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 783 return false; 784 return A->match(MRI, MIB, this->InstrWindow, 2); 785 } 786 787 if (B->match(MRI, MIB, this->InstrWindow, 2)) 788 return true; 789 790 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 791 return false; 792 return A->match(MRI, MIB, this->InstrWindow, 2); 793 } 794 795 return false; 796 } 797 798 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 799 MIB.addAnnotation(*CurInst, Annotation, true); 800 A->annotate(MIB, Annotation); 801 B->annotate(MIB, Annotation); 802 } 803 }; 804 805 virtual std::unique_ptr<MCInstMatcher> 806 matchAdd(std::unique_ptr<MCInstMatcher> A, 807 std::unique_ptr<MCInstMatcher> B) const override { 808 return std::unique_ptr<MCInstMatcher>( 809 new AddMatcher(std::move(A), std::move(B))); 810 } 811 812 struct LEAMatcher : MCInstMatcher { 813 std::unique_ptr<MCInstMatcher> Target; 814 815 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 816 : Target(std::move(Target)) {} 817 818 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 819 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 820 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 821 return false; 822 823 if (CurInst->getOpcode() != X86::LEA64r) 824 return false; 825 826 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 827 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 828 X86::NoRegister || 829 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 830 X86::NoRegister && 831 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 832 return false; 833 834 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 835 } 836 837 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 838 MIB.addAnnotation(*CurInst, Annotation, true); 839 Target->annotate(MIB, Annotation); 840 } 841 }; 842 843 virtual std::unique_ptr<MCInstMatcher> 844 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 845 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 846 } 847 848 bool hasPCRelOperand(const MCInst &Inst) const override { 849 for (const MCOperand &Operand : Inst) 850 if (Operand.isReg() && Operand.getReg() == X86::RIP) 851 return true; 852 return false; 853 } 854 855 int getMemoryOperandNo(const MCInst &Inst) const override { 856 unsigned Opcode = Inst.getOpcode(); 857 const MCInstrDesc &Desc = Info->get(Opcode); 858 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 859 if (MemOpNo >= 0) 860 MemOpNo += X86II::getOperandBias(Desc); 861 return MemOpNo; 862 } 863 864 bool hasEVEXEncoding(const MCInst &Inst) const override { 865 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 866 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 867 } 868 869 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 870 const auto *I = Insts.begin(); 871 while (I != Insts.end() && isPrefix(*I)) 872 ++I; 873 if (I == Insts.end()) 874 return false; 875 876 const MCInst &FirstInst = *I; 877 ++I; 878 while (I != Insts.end() && isPrefix(*I)) 879 ++I; 880 if (I == Insts.end()) 881 return false; 882 const MCInst &SecondInst = *I; 883 884 if (!isConditionalBranch(SecondInst)) 885 return false; 886 // Cannot fuse if the first instruction uses RIP-relative memory. 887 if (hasPCRelOperand(FirstInst)) 888 return false; 889 890 const X86::FirstMacroFusionInstKind CmpKind = 891 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 892 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 893 return false; 894 895 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 896 X86::SecondMacroFusionInstKind BranchKind = 897 X86::classifySecondCondCodeInMacroFusion(CC); 898 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 899 return false; 900 return X86::isMacroFused(CmpKind, BranchKind); 901 } 902 903 bool 904 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 905 int64_t *ScaleImm, unsigned *IndexRegNum, 906 int64_t *DispImm, unsigned *SegmentRegNum, 907 const MCExpr **DispExpr = nullptr) const override { 908 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 909 "one of the input pointers is null"); 910 int MemOpNo = getMemoryOperandNo(Inst); 911 if (MemOpNo < 0) 912 return false; 913 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 914 915 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 916 return false; 917 918 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 919 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 920 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 921 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 922 const MCOperand &Segment = 923 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 924 925 // Make sure it is a well-formed memory operand. 926 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 927 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 928 return false; 929 930 *BaseRegNum = Base.getReg(); 931 *ScaleImm = Scale.getImm(); 932 *IndexRegNum = Index.getReg(); 933 if (Disp.isImm()) { 934 assert(DispImm && "DispImm needs to be set"); 935 *DispImm = Disp.getImm(); 936 if (DispExpr) 937 *DispExpr = nullptr; 938 } else { 939 assert(DispExpr && "DispExpr needs to be set"); 940 *DispExpr = Disp.getExpr(); 941 if (DispImm) 942 *DispImm = 0; 943 } 944 *SegmentRegNum = Segment.getReg(); 945 return true; 946 } 947 948 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 949 uint64_t Address, 950 uint64_t Size) const override { 951 unsigned BaseRegNum; 952 int64_t ScaleValue; 953 unsigned IndexRegNum; 954 int64_t DispValue; 955 unsigned SegRegNum; 956 const MCExpr *DispExpr = nullptr; 957 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 958 &DispValue, &SegRegNum, &DispExpr)) 959 return false; 960 961 // Make sure it's a well-formed addressing we can statically evaluate. 962 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 963 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 964 DispExpr) 965 return false; 966 967 Target = DispValue; 968 if (BaseRegNum == X86::RIP) { 969 assert(Size != 0 && "instruction size required in order to statically " 970 "evaluate RIP-relative address"); 971 Target += Address + Size; 972 } 973 return true; 974 } 975 976 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 977 int MemOpNo = getMemoryOperandNo(Inst); 978 if (MemOpNo < 0) 979 return Inst.end(); 980 return Inst.begin() + (MemOpNo + X86::AddrDisp); 981 } 982 983 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 984 MCOperand *OI = getMemOperandDisp(Inst); 985 if (OI == Inst.end()) 986 return false; 987 *OI = Operand; 988 return true; 989 } 990 991 /// Get the registers used as function parameters. 992 /// This function is specific to the x86_64 abi on Linux. 993 BitVector getRegsUsedAsParams() const override { 994 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 995 Regs |= getAliases(X86::RSI); 996 Regs |= getAliases(X86::RDI); 997 Regs |= getAliases(X86::RDX); 998 Regs |= getAliases(X86::RCX); 999 Regs |= getAliases(X86::R8); 1000 Regs |= getAliases(X86::R9); 1001 return Regs; 1002 } 1003 1004 void getCalleeSavedRegs(BitVector &Regs) const override { 1005 Regs |= getAliases(X86::RBX); 1006 Regs |= getAliases(X86::RBP); 1007 Regs |= getAliases(X86::R12); 1008 Regs |= getAliases(X86::R13); 1009 Regs |= getAliases(X86::R14); 1010 Regs |= getAliases(X86::R15); 1011 } 1012 1013 void getDefaultDefIn(BitVector &Regs) const override { 1014 assert(Regs.size() >= RegInfo->getNumRegs() && 1015 "The size of BitVector is less than RegInfo->getNumRegs()."); 1016 Regs.set(X86::RAX); 1017 Regs.set(X86::RCX); 1018 Regs.set(X86::RDX); 1019 Regs.set(X86::RSI); 1020 Regs.set(X86::RDI); 1021 Regs.set(X86::R8); 1022 Regs.set(X86::R9); 1023 Regs.set(X86::XMM0); 1024 Regs.set(X86::XMM1); 1025 Regs.set(X86::XMM2); 1026 Regs.set(X86::XMM3); 1027 Regs.set(X86::XMM4); 1028 Regs.set(X86::XMM5); 1029 Regs.set(X86::XMM6); 1030 Regs.set(X86::XMM7); 1031 } 1032 1033 void getDefaultLiveOut(BitVector &Regs) const override { 1034 assert(Regs.size() >= RegInfo->getNumRegs() && 1035 "The size of BitVector is less than RegInfo->getNumRegs()."); 1036 Regs |= getAliases(X86::RAX); 1037 Regs |= getAliases(X86::RDX); 1038 Regs |= getAliases(X86::RCX); 1039 Regs |= getAliases(X86::XMM0); 1040 Regs |= getAliases(X86::XMM1); 1041 } 1042 1043 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 1044 if (IncludeAlias) { 1045 Regs |= getAliases(X86::RAX); 1046 Regs |= getAliases(X86::RBX); 1047 Regs |= getAliases(X86::RBP); 1048 Regs |= getAliases(X86::RSI); 1049 Regs |= getAliases(X86::RDI); 1050 Regs |= getAliases(X86::RDX); 1051 Regs |= getAliases(X86::RCX); 1052 Regs |= getAliases(X86::R8); 1053 Regs |= getAliases(X86::R9); 1054 Regs |= getAliases(X86::R10); 1055 Regs |= getAliases(X86::R11); 1056 Regs |= getAliases(X86::R12); 1057 Regs |= getAliases(X86::R13); 1058 Regs |= getAliases(X86::R14); 1059 Regs |= getAliases(X86::R15); 1060 return; 1061 } 1062 Regs.set(X86::RAX); 1063 Regs.set(X86::RBX); 1064 Regs.set(X86::RBP); 1065 Regs.set(X86::RSI); 1066 Regs.set(X86::RDI); 1067 Regs.set(X86::RDX); 1068 Regs.set(X86::RCX); 1069 Regs.set(X86::R8); 1070 Regs.set(X86::R9); 1071 Regs.set(X86::R10); 1072 Regs.set(X86::R11); 1073 Regs.set(X86::R12); 1074 Regs.set(X86::R13); 1075 Regs.set(X86::R14); 1076 Regs.set(X86::R15); 1077 } 1078 1079 void getClassicGPRegs(BitVector &Regs) const override { 1080 Regs |= getAliases(X86::RAX); 1081 Regs |= getAliases(X86::RBX); 1082 Regs |= getAliases(X86::RBP); 1083 Regs |= getAliases(X86::RSI); 1084 Regs |= getAliases(X86::RDI); 1085 Regs |= getAliases(X86::RDX); 1086 Regs |= getAliases(X86::RCX); 1087 } 1088 1089 void getRepRegs(BitVector &Regs) const override { 1090 Regs |= getAliases(X86::RCX); 1091 } 1092 1093 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 1094 switch (Reg) { 1095 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 1096 switch (Size) { 1097 case 8: return X86::RAX; case 4: return X86::EAX; 1098 case 2: return X86::AX; case 1: return X86::AL; 1099 default: llvm_unreachable("Unexpected size"); 1100 } 1101 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 1102 switch (Size) { 1103 case 8: return X86::RBX; case 4: return X86::EBX; 1104 case 2: return X86::BX; case 1: return X86::BL; 1105 default: llvm_unreachable("Unexpected size"); 1106 } 1107 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 1108 switch (Size) { 1109 case 8: return X86::RDX; case 4: return X86::EDX; 1110 case 2: return X86::DX; case 1: return X86::DL; 1111 default: llvm_unreachable("Unexpected size"); 1112 } 1113 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 1114 switch (Size) { 1115 case 8: return X86::RDI; case 4: return X86::EDI; 1116 case 2: return X86::DI; case 1: return X86::DIL; 1117 default: llvm_unreachable("Unexpected size"); 1118 } 1119 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 1120 switch (Size) { 1121 case 8: return X86::RSI; case 4: return X86::ESI; 1122 case 2: return X86::SI; case 1: return X86::SIL; 1123 default: llvm_unreachable("Unexpected size"); 1124 } 1125 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 1126 switch (Size) { 1127 case 8: return X86::RCX; case 4: return X86::ECX; 1128 case 2: return X86::CX; case 1: return X86::CL; 1129 default: llvm_unreachable("Unexpected size"); 1130 } 1131 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 1132 switch (Size) { 1133 case 8: return X86::RSP; case 4: return X86::ESP; 1134 case 2: return X86::SP; case 1: return X86::SPL; 1135 default: llvm_unreachable("Unexpected size"); 1136 } 1137 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 1138 switch (Size) { 1139 case 8: return X86::RBP; case 4: return X86::EBP; 1140 case 2: return X86::BP; case 1: return X86::BPL; 1141 default: llvm_unreachable("Unexpected size"); 1142 } 1143 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 1144 switch (Size) { 1145 case 8: return X86::R8; case 4: return X86::R8D; 1146 case 2: return X86::R8W; case 1: return X86::R8B; 1147 default: llvm_unreachable("Unexpected size"); 1148 } 1149 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 1150 switch (Size) { 1151 case 8: return X86::R9; case 4: return X86::R9D; 1152 case 2: return X86::R9W; case 1: return X86::R9B; 1153 default: llvm_unreachable("Unexpected size"); 1154 } 1155 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 1156 switch (Size) { 1157 case 8: return X86::R10; case 4: return X86::R10D; 1158 case 2: return X86::R10W; case 1: return X86::R10B; 1159 default: llvm_unreachable("Unexpected size"); 1160 } 1161 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 1162 switch (Size) { 1163 case 8: return X86::R11; case 4: return X86::R11D; 1164 case 2: return X86::R11W; case 1: return X86::R11B; 1165 default: llvm_unreachable("Unexpected size"); 1166 } 1167 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 1168 switch (Size) { 1169 case 8: return X86::R12; case 4: return X86::R12D; 1170 case 2: return X86::R12W; case 1: return X86::R12B; 1171 default: llvm_unreachable("Unexpected size"); 1172 } 1173 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 1174 switch (Size) { 1175 case 8: return X86::R13; case 4: return X86::R13D; 1176 case 2: return X86::R13W; case 1: return X86::R13B; 1177 default: llvm_unreachable("Unexpected size"); 1178 } 1179 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 1180 switch (Size) { 1181 case 8: return X86::R14; case 4: return X86::R14D; 1182 case 2: return X86::R14W; case 1: return X86::R14B; 1183 default: llvm_unreachable("Unexpected size"); 1184 } 1185 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 1186 switch (Size) { 1187 case 8: return X86::R15; case 4: return X86::R15D; 1188 case 2: return X86::R15W; case 1: return X86::R15B; 1189 default: llvm_unreachable("Unexpected size"); 1190 } 1191 default: 1192 dbgs() << Reg << " (get alias sized)\n"; 1193 llvm_unreachable("Unexpected reg number"); 1194 break; 1195 } 1196 } 1197 1198 bool isUpper8BitReg(MCPhysReg Reg) const override { 1199 switch (Reg) { 1200 case X86::AH: 1201 case X86::BH: 1202 case X86::CH: 1203 case X86::DH: 1204 return true; 1205 default: 1206 return false; 1207 } 1208 } 1209 1210 bool cannotUseREX(const MCInst &Inst) const override { 1211 switch (Inst.getOpcode()) { 1212 case X86::MOV8mr_NOREX: 1213 case X86::MOV8rm_NOREX: 1214 case X86::MOV8rr_NOREX: 1215 case X86::MOVSX32rm8_NOREX: 1216 case X86::MOVSX32rr8_NOREX: 1217 case X86::MOVZX32rm8_NOREX: 1218 case X86::MOVZX32rr8_NOREX: 1219 case X86::MOV8mr: 1220 case X86::MOV8rm: 1221 case X86::MOV8rr: 1222 case X86::MOVSX32rm8: 1223 case X86::MOVSX32rr8: 1224 case X86::MOVZX32rm8: 1225 case X86::MOVZX32rr8: 1226 case X86::TEST8ri: 1227 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1228 const MCOperand &Operand = Inst.getOperand(I); 1229 if (!Operand.isReg()) 1230 continue; 1231 if (isUpper8BitReg(Operand.getReg())) 1232 return true; 1233 } 1234 LLVM_FALLTHROUGH; 1235 default: 1236 return false; 1237 } 1238 } 1239 1240 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1241 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1242 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1243 bool &IsSimple, bool &IsIndexed) const override { 1244 // Detect simple push/pop cases first 1245 if (int Sz = getPushSize(Inst)) { 1246 IsLoad = false; 1247 IsStore = true; 1248 IsStoreFromReg = true; 1249 StackPtrReg = X86::RSP; 1250 StackOffset = -Sz; 1251 Size = Sz; 1252 IsSimple = true; 1253 if (Inst.getOperand(0).isImm()) 1254 SrcImm = Inst.getOperand(0).getImm(); 1255 else if (Inst.getOperand(0).isReg()) 1256 Reg = Inst.getOperand(0).getReg(); 1257 else 1258 IsSimple = false; 1259 1260 return true; 1261 } 1262 if (int Sz = getPopSize(Inst)) { 1263 IsLoad = true; 1264 IsStore = false; 1265 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1266 IsSimple = false; 1267 } else { 1268 Reg = Inst.getOperand(0).getReg(); 1269 IsSimple = true; 1270 } 1271 StackPtrReg = X86::RSP; 1272 StackOffset = 0; 1273 Size = Sz; 1274 return true; 1275 } 1276 1277 struct InstInfo { 1278 // Size in bytes that Inst loads from memory. 1279 uint8_t DataSize; 1280 bool IsLoad; 1281 bool IsStore; 1282 bool StoreFromReg; 1283 bool Simple; 1284 }; 1285 1286 InstInfo I; 1287 int MemOpNo = getMemoryOperandNo(Inst); 1288 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1289 // If it is not dealing with a memory operand, we discard it 1290 if (MemOpNo == -1 || MCII.isCall()) 1291 return false; 1292 1293 switch (Inst.getOpcode()) { 1294 default: { 1295 uint8_t Sz = 0; 1296 bool IsLoad = MCII.mayLoad(); 1297 bool IsStore = MCII.mayStore(); 1298 // Is it LEA? (deals with memory but is not loading nor storing) 1299 if (!IsLoad && !IsStore) 1300 return false; 1301 1302 // Try to guess data size involved in the load/store by looking at the 1303 // register size. If there's no reg involved, return 0 as size, meaning 1304 // we don't know. 1305 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1306 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1307 continue; 1308 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1309 continue; 1310 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1311 break; 1312 } 1313 I = {Sz, IsLoad, IsStore, false, false}; 1314 break; 1315 } 1316 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1317 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1318 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1319 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1320 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1321 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1322 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1323 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1324 } // end switch (Inst.getOpcode()) 1325 1326 unsigned BaseRegNum; 1327 int64_t ScaleValue; 1328 unsigned IndexRegNum; 1329 int64_t DispValue; 1330 unsigned SegRegNum; 1331 const MCExpr *DispExpr; 1332 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1333 &DispValue, &SegRegNum, &DispExpr)) { 1334 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1335 LLVM_DEBUG(Inst.dump()); 1336 return false; 1337 } 1338 1339 // Make sure it's a stack access 1340 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1341 return false; 1342 1343 IsLoad = I.IsLoad; 1344 IsStore = I.IsStore; 1345 IsStoreFromReg = I.StoreFromReg; 1346 Size = I.DataSize; 1347 IsSimple = I.Simple; 1348 StackPtrReg = BaseRegNum; 1349 StackOffset = DispValue; 1350 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1351 1352 if (!I.Simple) 1353 return true; 1354 1355 // Retrieve related register in simple MOV from/to stack operations. 1356 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1357 if (I.IsLoad) { 1358 MCOperand RegOpnd = Inst.getOperand(0); 1359 assert(RegOpnd.isReg() && "unexpected destination operand"); 1360 Reg = RegOpnd.getReg(); 1361 } else if (I.IsStore) { 1362 MCOperand SrcOpnd = 1363 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1364 if (I.StoreFromReg) { 1365 assert(SrcOpnd.isReg() && "unexpected source operand"); 1366 Reg = SrcOpnd.getReg(); 1367 } else { 1368 assert(SrcOpnd.isImm() && "unexpected source operand"); 1369 SrcImm = SrcOpnd.getImm(); 1370 } 1371 } 1372 1373 return true; 1374 } 1375 1376 void changeToPushOrPop(MCInst &Inst) const override { 1377 assert(!isPush(Inst) && !isPop(Inst)); 1378 1379 struct InstInfo { 1380 // Size in bytes that Inst loads from memory. 1381 uint8_t DataSize; 1382 bool IsLoad; 1383 bool StoreFromReg; 1384 }; 1385 1386 InstInfo I; 1387 switch (Inst.getOpcode()) { 1388 default: { 1389 llvm_unreachable("Unhandled opcode"); 1390 return; 1391 } 1392 case X86::MOV16rm: I = {2, true, false}; break; 1393 case X86::MOV32rm: I = {4, true, false}; break; 1394 case X86::MOV64rm: I = {8, true, false}; break; 1395 case X86::MOV16mr: I = {2, false, true}; break; 1396 case X86::MOV32mr: I = {4, false, true}; break; 1397 case X86::MOV64mr: I = {8, false, true}; break; 1398 case X86::MOV16mi: I = {2, false, false}; break; 1399 case X86::MOV32mi: I = {4, false, false}; break; 1400 } // end switch (Inst.getOpcode()) 1401 1402 unsigned BaseRegNum; 1403 int64_t ScaleValue; 1404 unsigned IndexRegNum; 1405 int64_t DispValue; 1406 unsigned SegRegNum; 1407 const MCExpr *DispExpr; 1408 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1409 &DispValue, &SegRegNum, &DispExpr)) { 1410 llvm_unreachable("Evaluate failed"); 1411 return; 1412 } 1413 // Make sure it's a stack access 1414 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1415 llvm_unreachable("Not a stack access"); 1416 return; 1417 } 1418 1419 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1420 unsigned NewOpcode = 0; 1421 if (I.IsLoad) { 1422 switch (I.DataSize) { 1423 case 2: NewOpcode = X86::POP16r; break; 1424 case 4: NewOpcode = X86::POP32r; break; 1425 case 8: NewOpcode = X86::POP64r; break; 1426 default: 1427 llvm_unreachable("Unexpected size"); 1428 } 1429 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1430 Inst.clear(); 1431 Inst.setOpcode(NewOpcode); 1432 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1433 } else { 1434 MCOperand SrcOpnd = 1435 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1436 if (I.StoreFromReg) { 1437 switch (I.DataSize) { 1438 case 2: NewOpcode = X86::PUSH16r; break; 1439 case 4: NewOpcode = X86::PUSH32r; break; 1440 case 8: NewOpcode = X86::PUSH64r; break; 1441 default: 1442 llvm_unreachable("Unexpected size"); 1443 } 1444 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1445 unsigned RegOpndNum = SrcOpnd.getReg(); 1446 Inst.clear(); 1447 Inst.setOpcode(NewOpcode); 1448 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1449 } else { 1450 switch (I.DataSize) { 1451 case 2: NewOpcode = X86::PUSH16i8; break; 1452 case 4: NewOpcode = X86::PUSH32i8; break; 1453 case 8: NewOpcode = X86::PUSH64i32; break; 1454 default: 1455 llvm_unreachable("Unexpected size"); 1456 } 1457 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1458 int64_t SrcImm = SrcOpnd.getImm(); 1459 Inst.clear(); 1460 Inst.setOpcode(NewOpcode); 1461 Inst.addOperand(MCOperand::createImm(SrcImm)); 1462 } 1463 } 1464 } 1465 1466 bool isStackAdjustment(const MCInst &Inst) const override { 1467 switch (Inst.getOpcode()) { 1468 default: 1469 return false; 1470 case X86::SUB64ri32: 1471 case X86::SUB64ri8: 1472 case X86::ADD64ri32: 1473 case X86::ADD64ri8: 1474 case X86::LEA64r: 1475 break; 1476 } 1477 1478 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1479 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1480 const MCOperand &Operand = Inst.getOperand(I); 1481 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1482 return true; 1483 } 1484 return false; 1485 } 1486 1487 bool evaluateSimple(const MCInst &Inst, int64_t &Output, 1488 std::pair<MCPhysReg, int64_t> Input1, 1489 std::pair<MCPhysReg, int64_t> Input2) const override { 1490 1491 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1492 if (Reg == Input1.first) 1493 return Input1.second; 1494 if (Reg == Input2.first) 1495 return Input2.second; 1496 return make_error_code(errc::result_out_of_range); 1497 }; 1498 1499 switch (Inst.getOpcode()) { 1500 default: 1501 return false; 1502 1503 case X86::AND64ri32: 1504 case X86::AND64ri8: 1505 if (!Inst.getOperand(2).isImm()) 1506 return false; 1507 if (ErrorOr<int64_t> InputVal = 1508 getOperandVal(Inst.getOperand(1).getReg())) 1509 Output = *InputVal & Inst.getOperand(2).getImm(); 1510 else 1511 return false; 1512 break; 1513 case X86::SUB64ri32: 1514 case X86::SUB64ri8: 1515 if (!Inst.getOperand(2).isImm()) 1516 return false; 1517 if (ErrorOr<int64_t> InputVal = 1518 getOperandVal(Inst.getOperand(1).getReg())) 1519 Output = *InputVal - Inst.getOperand(2).getImm(); 1520 else 1521 return false; 1522 break; 1523 case X86::ADD64ri32: 1524 case X86::ADD64ri8: 1525 if (!Inst.getOperand(2).isImm()) 1526 return false; 1527 if (ErrorOr<int64_t> InputVal = 1528 getOperandVal(Inst.getOperand(1).getReg())) 1529 Output = *InputVal + Inst.getOperand(2).getImm(); 1530 else 1531 return false; 1532 break; 1533 case X86::ADD64i32: 1534 if (!Inst.getOperand(0).isImm()) 1535 return false; 1536 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1537 Output = *InputVal + Inst.getOperand(0).getImm(); 1538 else 1539 return false; 1540 break; 1541 1542 case X86::LEA64r: { 1543 unsigned BaseRegNum; 1544 int64_t ScaleValue; 1545 unsigned IndexRegNum; 1546 int64_t DispValue; 1547 unsigned SegRegNum; 1548 const MCExpr *DispExpr = nullptr; 1549 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1550 &IndexRegNum, &DispValue, &SegRegNum, 1551 &DispExpr)) 1552 return false; 1553 1554 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1555 SegRegNum != X86::NoRegister || DispExpr) 1556 return false; 1557 1558 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1559 Output = *InputVal + DispValue; 1560 else 1561 return false; 1562 1563 break; 1564 } 1565 } 1566 return true; 1567 } 1568 1569 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1570 MCPhysReg &To) const override { 1571 switch (Inst.getOpcode()) { 1572 default: 1573 return false; 1574 case X86::LEAVE: 1575 case X86::LEAVE64: 1576 To = getStackPointer(); 1577 From = getFramePointer(); 1578 return true; 1579 case X86::MOV64rr: 1580 To = Inst.getOperand(0).getReg(); 1581 From = Inst.getOperand(1).getReg(); 1582 return true; 1583 } 1584 } 1585 1586 MCPhysReg getStackPointer() const override { return X86::RSP; } 1587 MCPhysReg getFramePointer() const override { return X86::RBP; } 1588 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1589 1590 bool escapesVariable(const MCInst &Inst, 1591 bool HasFramePointer) const override { 1592 int MemOpNo = getMemoryOperandNo(Inst); 1593 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1594 const unsigned NumDefs = MCII.getNumDefs(); 1595 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1596 getAliases(X86::RBP)); 1597 static BitVector SPAliases(getAliases(X86::RSP)); 1598 1599 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1600 // because a lot of harmless prologue code will spill SP to the stack. 1601 // Unless push is clearly pushing an object address to the stack as 1602 // demonstrated by having a MemOp. 1603 bool IsPush = isPush(Inst); 1604 if (IsPush && MemOpNo == -1) 1605 return false; 1606 1607 // We use this to detect LEA (has memop but does not access mem) 1608 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1609 bool DoesLeak = false; 1610 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1611 // Ignore if SP/BP is used to dereference memory -- that's fine 1612 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1613 I <= MemOpNo + 5) 1614 continue; 1615 // Ignore if someone is writing to SP/BP 1616 if (I < static_cast<int>(NumDefs)) 1617 continue; 1618 1619 const MCOperand &Operand = Inst.getOperand(I); 1620 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1621 DoesLeak = true; 1622 break; 1623 } 1624 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1625 DoesLeak = true; 1626 break; 1627 } 1628 } 1629 1630 // If potential leak, check if it is not just writing to itself/sp/bp 1631 if (DoesLeak) { 1632 for (int I = 0, E = NumDefs; I != E; ++I) { 1633 const MCOperand &Operand = Inst.getOperand(I); 1634 if (HasFramePointer && Operand.isReg() && 1635 SPBPAliases[Operand.getReg()]) { 1636 DoesLeak = false; 1637 break; 1638 } 1639 if (!HasFramePointer && Operand.isReg() && 1640 SPAliases[Operand.getReg()]) { 1641 DoesLeak = false; 1642 break; 1643 } 1644 } 1645 } 1646 return DoesLeak; 1647 } 1648 1649 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1650 unsigned ImmOpNo = -1U; 1651 int MemOpNo = getMemoryOperandNo(Inst); 1652 if (MemOpNo != -1) 1653 ImmOpNo = MemOpNo + X86::AddrDisp; 1654 else 1655 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1656 ++Index) 1657 if (Inst.getOperand(Index).isImm()) 1658 ImmOpNo = Index; 1659 if (ImmOpNo == -1U) 1660 return false; 1661 1662 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1663 Amt += Operand.getImm(); 1664 Operand.setImm(Amt); 1665 // Check for the need for relaxation 1666 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1667 return true; 1668 1669 // Relax instruction 1670 switch (Inst.getOpcode()) { 1671 case X86::SUB64ri8: 1672 Inst.setOpcode(X86::SUB64ri32); 1673 break; 1674 case X86::ADD64ri8: 1675 Inst.setOpcode(X86::ADD64ri32); 1676 break; 1677 default: 1678 // No need for relaxation 1679 break; 1680 } 1681 return true; 1682 } 1683 1684 /// TODO: this implementation currently works for the most common opcodes that 1685 /// load from memory. It can be extended to work with memory store opcodes as 1686 /// well as more memory load opcodes. 1687 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1688 uint64_t Offset) const override { 1689 enum CheckSignExt : uint8_t { 1690 NOCHECK = 0, 1691 CHECK8, 1692 CHECK32, 1693 }; 1694 1695 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1696 struct InstInfo { 1697 // Size in bytes that Inst loads from memory. 1698 uint8_t DataSize; 1699 1700 // True when the target operand has to be duplicated because the opcode 1701 // expects a LHS operand. 1702 bool HasLHS; 1703 1704 // List of checks and corresponding opcodes to be used. We try to use the 1705 // smallest possible immediate value when various sizes are available, 1706 // hence we may need to check whether a larger constant fits in a smaller 1707 // immediate. 1708 CheckList Checks; 1709 }; 1710 1711 InstInfo I; 1712 1713 switch (Inst.getOpcode()) { 1714 default: { 1715 switch (getPopSize(Inst)) { 1716 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1717 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1718 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1719 {NOCHECK, X86::MOV64rm}}}; break; 1720 default: return false; 1721 } 1722 break; 1723 } 1724 1725 // MOV 1726 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1727 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1728 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1729 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1730 {NOCHECK, X86::MOV64rm}}}; break; 1731 1732 // MOVZX 1733 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1734 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1735 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1736 1737 // CMP 1738 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1739 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1740 {NOCHECK, X86::CMP16ri}}}; break; 1741 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1742 {NOCHECK, X86::CMP32ri}}}; break; 1743 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1744 {CHECK32, X86::CMP64ri32}, 1745 {NOCHECK, X86::CMP64rm}}}; break; 1746 1747 // TEST 1748 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1749 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1750 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1751 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1752 {NOCHECK, X86::TEST64mr}}}; break; 1753 1754 // ADD 1755 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1756 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1757 {NOCHECK, X86::ADD16ri}}}; break; 1758 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1759 {NOCHECK, X86::ADD32ri}}}; break; 1760 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1761 {CHECK32, X86::ADD64ri32}, 1762 {NOCHECK, X86::ADD64rm}}}; break; 1763 1764 // SUB 1765 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1766 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1767 {NOCHECK, X86::SUB16ri}}}; break; 1768 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1769 {NOCHECK, X86::SUB32ri}}}; break; 1770 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1771 {CHECK32, X86::SUB64ri32}, 1772 {NOCHECK, X86::SUB64rm}}}; break; 1773 1774 // AND 1775 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1776 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1777 {NOCHECK, X86::AND16ri}}}; break; 1778 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1779 {NOCHECK, X86::AND32ri}}}; break; 1780 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1781 {CHECK32, X86::AND64ri32}, 1782 {NOCHECK, X86::AND64rm}}}; break; 1783 1784 // OR 1785 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1786 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1787 {NOCHECK, X86::OR16ri}}}; break; 1788 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1789 {NOCHECK, X86::OR32ri}}}; break; 1790 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1791 {CHECK32, X86::OR64ri32}, 1792 {NOCHECK, X86::OR64rm}}}; break; 1793 1794 // XOR 1795 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1796 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1797 {NOCHECK, X86::XOR16ri}}}; break; 1798 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1799 {NOCHECK, X86::XOR32ri}}}; break; 1800 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1801 {CHECK32, X86::XOR64ri32}, 1802 {NOCHECK, X86::XOR64rm}}}; break; 1803 } 1804 1805 // Compute the immediate value. 1806 assert(Offset + I.DataSize <= ConstantData.size() && 1807 "invalid offset for given constant data"); 1808 int64_t ImmVal = 1809 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1810 1811 // Compute the new opcode. 1812 unsigned NewOpcode = 0; 1813 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1814 NewOpcode = Check.second; 1815 if (Check.first == NOCHECK) 1816 break; 1817 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1818 break; 1819 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1820 break; 1821 } 1822 if (NewOpcode == Inst.getOpcode()) 1823 return false; 1824 1825 // Modify the instruction. 1826 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1827 uint32_t TargetOpNum = 0; 1828 // Test instruction does not follow the regular pattern of putting the 1829 // memory reference of a load (5 MCOperands) last in the list of operands. 1830 // Since it is not modifying the register operand, it is not treated as 1831 // a destination operand and it is not the first operand as it is in the 1832 // other instructions we treat here. 1833 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1834 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1835 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1836 1837 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1838 Inst.clear(); 1839 Inst.setOpcode(NewOpcode); 1840 Inst.addOperand(TargetOp); 1841 if (I.HasLHS) 1842 Inst.addOperand(TargetOp); 1843 Inst.addOperand(ImmOp); 1844 1845 return true; 1846 } 1847 1848 /// TODO: this implementation currently works for the most common opcodes that 1849 /// load from memory. It can be extended to work with memory store opcodes as 1850 /// well as more memory load opcodes. 1851 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1852 unsigned NewOpcode; 1853 1854 switch (Inst.getOpcode()) { 1855 default: { 1856 switch (getPopSize(Inst)) { 1857 case 2: NewOpcode = X86::MOV16rr; break; 1858 case 4: NewOpcode = X86::MOV32rr; break; 1859 case 8: NewOpcode = X86::MOV64rr; break; 1860 default: return false; 1861 } 1862 break; 1863 } 1864 1865 // MOV 1866 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1867 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1868 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1869 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1870 } 1871 1872 // Modify the instruction. 1873 MCOperand RegOp = MCOperand::createReg(RegNum); 1874 MCOperand TargetOp = Inst.getOperand(0); 1875 Inst.clear(); 1876 Inst.setOpcode(NewOpcode); 1877 Inst.addOperand(TargetOp); 1878 Inst.addOperand(RegOp); 1879 1880 return true; 1881 } 1882 1883 bool isRedundantMove(const MCInst &Inst) const override { 1884 switch (Inst.getOpcode()) { 1885 default: 1886 return false; 1887 1888 // MOV 1889 case X86::MOV8rr: 1890 case X86::MOV16rr: 1891 case X86::MOV32rr: 1892 case X86::MOV64rr: 1893 break; 1894 } 1895 1896 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1897 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1898 } 1899 1900 bool requiresAlignedAddress(const MCInst &Inst) const override { 1901 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1902 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1903 const MCOperandInfo &Op = Desc.OpInfo[I]; 1904 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1905 continue; 1906 if (Op.RegClass == X86::VR128RegClassID) 1907 return true; 1908 } 1909 return false; 1910 } 1911 1912 bool convertJmpToTailCall(MCInst &Inst) override { 1913 if (isTailCall(Inst)) 1914 return false; 1915 1916 int NewOpcode; 1917 switch (Inst.getOpcode()) { 1918 default: 1919 return false; 1920 case X86::JMP_1: 1921 case X86::JMP_2: 1922 case X86::JMP_4: 1923 NewOpcode = X86::JMP_4; 1924 break; 1925 case X86::JMP16m: 1926 case X86::JMP32m: 1927 case X86::JMP64m: 1928 NewOpcode = X86::JMP32m; 1929 break; 1930 case X86::JMP16r: 1931 case X86::JMP32r: 1932 case X86::JMP64r: 1933 NewOpcode = X86::JMP32r; 1934 break; 1935 } 1936 1937 Inst.setOpcode(NewOpcode); 1938 setTailCall(Inst); 1939 return true; 1940 } 1941 1942 bool convertTailCallToJmp(MCInst &Inst) override { 1943 int NewOpcode; 1944 switch (Inst.getOpcode()) { 1945 default: 1946 return false; 1947 case X86::JMP_4: 1948 NewOpcode = X86::JMP_1; 1949 break; 1950 case X86::JMP32m: 1951 NewOpcode = X86::JMP64m; 1952 break; 1953 case X86::JMP32r: 1954 NewOpcode = X86::JMP64r; 1955 break; 1956 } 1957 1958 Inst.setOpcode(NewOpcode); 1959 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1960 clearOffset(Inst); 1961 return true; 1962 } 1963 1964 bool convertTailCallToCall(MCInst &Inst) override { 1965 int NewOpcode; 1966 switch (Inst.getOpcode()) { 1967 default: 1968 return false; 1969 case X86::JMP_4: 1970 NewOpcode = X86::CALL64pcrel32; 1971 break; 1972 case X86::JMP32m: 1973 NewOpcode = X86::CALL64m; 1974 break; 1975 case X86::JMP32r: 1976 NewOpcode = X86::CALL64r; 1977 break; 1978 } 1979 1980 Inst.setOpcode(NewOpcode); 1981 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1982 return true; 1983 } 1984 1985 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1986 MCContext *Ctx) override { 1987 bool IsTailCall = isTailCall(Inst); 1988 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 1989 (Inst.getOpcode() == X86::JMP_4 && IsTailCall)) && 1990 "64-bit direct (tail) call instruction expected"); 1991 const auto NewOpcode = 1992 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 1993 Inst.setOpcode(NewOpcode); 1994 1995 // Replace the first operand and preserve auxiliary operands of 1996 // the instruction. 1997 Inst.erase(Inst.begin()); 1998 Inst.insert(Inst.begin(), 1999 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2000 Inst.insert(Inst.begin(), 2001 MCOperand::createExpr( // Displacement 2002 MCSymbolRefExpr::create(TargetLocation, 2003 MCSymbolRefExpr::VK_None, *Ctx))); 2004 Inst.insert(Inst.begin(), 2005 MCOperand::createReg(X86::NoRegister)); // IndexReg 2006 Inst.insert(Inst.begin(), 2007 MCOperand::createImm(1)); // ScaleAmt 2008 Inst.insert(Inst.begin(), 2009 MCOperand::createReg(X86::RIP)); // BaseReg 2010 2011 return true; 2012 } 2013 2014 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 2015 bool IsTailCall = isTailCall(Inst); 2016 if (IsTailCall) 2017 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2018 if (Inst.getOpcode() == X86::CALL64m || 2019 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 2020 Inst.setOpcode(X86::MOV64rm); 2021 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2022 return; 2023 } 2024 if (Inst.getOpcode() == X86::CALL64r || 2025 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 2026 Inst.setOpcode(X86::MOV64rr); 2027 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2028 return; 2029 } 2030 LLVM_DEBUG(Inst.dump()); 2031 llvm_unreachable("not implemented"); 2032 } 2033 2034 bool shortenInstruction(MCInst &Inst) const override { 2035 unsigned OldOpcode = Inst.getOpcode(); 2036 unsigned NewOpcode = OldOpcode; 2037 2038 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where SIB 2039 // byte is present, but no index is used and modrm alone shoud have been 2040 // enough. Converting to NoRegister effectively removes the SIB byte. 2041 int MemOpNo = getMemoryOperandNo(Inst); 2042 if (MemOpNo >= 0) { 2043 MCOperand &IndexOp = 2044 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 2045 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 2046 IndexOp = MCOperand::createReg(X86::NoRegister); 2047 } 2048 2049 if (isBranch(Inst)) { 2050 NewOpcode = getShortBranchOpcode(OldOpcode); 2051 } else if (OldOpcode == X86::MOV64ri) { 2052 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2053 const int64_t Imm = 2054 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2055 if (int64_t(Imm) == int64_t(int32_t(Imm))) 2056 NewOpcode = X86::MOV64ri32; 2057 } 2058 } else { 2059 // If it's arithmetic instruction check if signed operand fits in 1 byte. 2060 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 2061 if (ShortOpcode != OldOpcode && 2062 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2063 int64_t Imm = 2064 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2065 if (int64_t(Imm) == int64_t(int8_t(Imm))) 2066 NewOpcode = ShortOpcode; 2067 } 2068 } 2069 2070 if (NewOpcode == OldOpcode) 2071 return false; 2072 2073 Inst.setOpcode(NewOpcode); 2074 return true; 2075 } 2076 2077 bool 2078 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 2079 bool AllowBasePtrStackMemOp) const override { 2080 // - Register-register moves are OK 2081 // - Stores are filtered out by opcode (no store CMOV) 2082 // - Non-stack loads are prohibited (generally unsafe) 2083 // - Stack loads are OK if AllowStackMemOp is true 2084 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 2085 if (isLoad(Inst)) { 2086 // If stack memory operands are not allowed, no loads are allowed 2087 if (!AllowStackMemOp) 2088 return false; 2089 2090 // If stack memory operands are allowed, check if it's a load from stack 2091 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 2092 MCPhysReg Reg; 2093 int32_t SrcImm; 2094 uint16_t StackPtrReg; 2095 int64_t StackOffset; 2096 uint8_t Size; 2097 bool IsStackAccess = 2098 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 2099 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 2100 // Prohibit non-stack-based loads 2101 if (!IsStackAccess) 2102 return false; 2103 // If stack memory operands are allowed, check if it's RBP-based 2104 if (!AllowBasePtrStackMemOp && 2105 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 2106 return false; 2107 } 2108 2109 unsigned NewOpcode = 0; 2110 switch (Inst.getOpcode()) { 2111 case X86::MOV16rr: 2112 NewOpcode = X86::CMOV16rr; 2113 break; 2114 case X86::MOV16rm: 2115 NewOpcode = X86::CMOV16rm; 2116 break; 2117 case X86::MOV32rr: 2118 NewOpcode = X86::CMOV32rr; 2119 break; 2120 case X86::MOV32rm: 2121 NewOpcode = X86::CMOV32rm; 2122 break; 2123 case X86::MOV64rr: 2124 NewOpcode = X86::CMOV64rr; 2125 break; 2126 case X86::MOV64rm: 2127 NewOpcode = X86::CMOV64rm; 2128 break; 2129 default: 2130 return false; 2131 } 2132 Inst.setOpcode(NewOpcode); 2133 // Insert CC at the end of prime operands, before annotations 2134 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 2135 MCOperand::createImm(CC)); 2136 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 2137 Inst.insert(Inst.begin(), Inst.getOperand(0)); 2138 return true; 2139 } 2140 2141 bool lowerTailCall(MCInst &Inst) override { 2142 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 2143 Inst.setOpcode(X86::JMP_1); 2144 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2145 return true; 2146 } 2147 return false; 2148 } 2149 2150 const MCSymbol *getTargetSymbol(const MCInst &Inst, 2151 unsigned OpNum = 0) const override { 2152 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 2153 return nullptr; 2154 2155 const MCOperand &Op = Inst.getOperand(OpNum); 2156 if (!Op.isExpr()) 2157 return nullptr; 2158 2159 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 2160 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 2161 return nullptr; 2162 2163 return &SymExpr->getSymbol(); 2164 } 2165 2166 // This is the same as the base class, but since we are overriding one of 2167 // getTargetSymbol's signatures above, we need to override all of them. 2168 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 2169 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 2170 } 2171 2172 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 2173 const MCSymbol *&TBB, const MCSymbol *&FBB, 2174 MCInst *&CondBranch, 2175 MCInst *&UncondBranch) const override { 2176 auto I = End; 2177 2178 // Bottom-up analysis 2179 while (I != Begin) { 2180 --I; 2181 2182 // Ignore nops and CFIs 2183 if (isPseudo(*I)) 2184 continue; 2185 2186 // Stop when we find the first non-terminator 2187 if (!isTerminator(*I)) 2188 break; 2189 2190 if (!isBranch(*I)) 2191 break; 2192 2193 // Handle unconditional branches. 2194 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 2195 I->getOpcode() == X86::JMP_4) && 2196 !isTailCall(*I)) { 2197 // If any code was seen after this unconditional branch, we've seen 2198 // unreachable code. Ignore them. 2199 CondBranch = nullptr; 2200 UncondBranch = &*I; 2201 const MCSymbol *Sym = getTargetSymbol(*I); 2202 assert(Sym != nullptr && 2203 "Couldn't extract BB symbol from jump operand"); 2204 TBB = Sym; 2205 continue; 2206 } 2207 2208 // Handle conditional branches and ignore indirect branches 2209 if (!isUnsupportedBranch(I->getOpcode()) && 2210 getCondCode(*I) == X86::COND_INVALID) { 2211 // Indirect branch 2212 return false; 2213 } 2214 2215 if (CondBranch == nullptr) { 2216 const MCSymbol *TargetBB = getTargetSymbol(*I); 2217 if (TargetBB == nullptr) { 2218 // Unrecognized branch target 2219 return false; 2220 } 2221 FBB = TBB; 2222 TBB = TargetBB; 2223 CondBranch = &*I; 2224 continue; 2225 } 2226 2227 llvm_unreachable("multiple conditional branches in one BB"); 2228 } 2229 return true; 2230 } 2231 2232 template <typename Itr> 2233 std::pair<IndirectBranchType, MCInst *> 2234 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2235 // Analyze PIC-style jump table code template: 2236 // 2237 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2238 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2239 // add %r2, %r1 2240 // jmp *%r1 2241 // 2242 // (with any irrelevant instructions in-between) 2243 // 2244 // When we call this helper we've already determined %r1 and %r2, and 2245 // reverse instruction iterator \p II is pointing to the ADD instruction. 2246 // 2247 // PIC jump table looks like following: 2248 // 2249 // JT: ---------- 2250 // E1:| L1 - JT | 2251 // |----------| 2252 // E2:| L2 - JT | 2253 // |----------| 2254 // | | 2255 // ...... 2256 // En:| Ln - JT | 2257 // ---------- 2258 // 2259 // Where L1, L2, ..., Ln represent labels in the function. 2260 // 2261 // The actual relocations in the table will be of the form: 2262 // 2263 // Ln - JT 2264 // = (Ln - En) + (En - JT) 2265 // = R_X86_64_PC32(Ln) + En - JT 2266 // = R_X86_64_PC32(Ln + offsetof(En)) 2267 // 2268 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2269 MCInst *MemLocInstr = nullptr; 2270 const MCInst *MovInstr = nullptr; 2271 while (++II != IE) { 2272 MCInst &Instr = *II; 2273 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2274 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2275 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2276 // Ignore instructions that don't affect R1, R2 registers. 2277 continue; 2278 } 2279 if (!MovInstr) { 2280 // Expect to see MOV instruction. 2281 if (!isMOVSX64rm32(Instr)) { 2282 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2283 break; 2284 } 2285 2286 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2287 // If it sets %r1 - rename the registers so we have to only check 2288 // a single form. 2289 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2290 if (MovDestReg != R2) 2291 std::swap(R1, R2); 2292 if (MovDestReg != R2) { 2293 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2294 break; 2295 } 2296 2297 // Verify operands for MOV. 2298 unsigned BaseRegNum; 2299 int64_t ScaleValue; 2300 unsigned IndexRegNum; 2301 int64_t DispValue; 2302 unsigned SegRegNum; 2303 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2304 &IndexRegNum, &DispValue, &SegRegNum)) 2305 break; 2306 if (BaseRegNum != R1 || ScaleValue != 4 || 2307 IndexRegNum == X86::NoRegister || DispValue != 0 || 2308 SegRegNum != X86::NoRegister) 2309 break; 2310 MovInstr = &Instr; 2311 } else { 2312 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2313 continue; 2314 if (!isLEA64r(Instr)) { 2315 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2316 break; 2317 } 2318 if (Instr.getOperand(0).getReg() != R1) { 2319 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2320 break; 2321 } 2322 2323 // Verify operands for LEA. 2324 unsigned BaseRegNum; 2325 int64_t ScaleValue; 2326 unsigned IndexRegNum; 2327 const MCExpr *DispExpr = nullptr; 2328 int64_t DispValue; 2329 unsigned SegRegNum; 2330 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2331 &IndexRegNum, &DispValue, &SegRegNum, 2332 &DispExpr)) 2333 break; 2334 if (BaseRegNum != RegInfo->getProgramCounter() || 2335 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2336 DispExpr == nullptr) 2337 break; 2338 MemLocInstr = &Instr; 2339 break; 2340 } 2341 } 2342 2343 if (!MemLocInstr) 2344 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2345 2346 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2347 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2348 MemLocInstr); 2349 } 2350 2351 IndirectBranchType analyzeIndirectBranch( 2352 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2353 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2354 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2355 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2356 // Try to find a (base) memory location from where the address for 2357 // the indirect branch is loaded. For X86-64 the memory will be specified 2358 // in the following format: 2359 // 2360 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2361 // 2362 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2363 // the contents of the memory are presumably an array of pointers to code. 2364 // 2365 // Normal jump table: 2366 // 2367 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2368 // 2369 // or 2370 // 2371 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2372 // ... 2373 // jmp %r1 2374 // 2375 // We handle PIC-style jump tables separately. 2376 // 2377 MemLocInstrOut = nullptr; 2378 BaseRegNumOut = X86::NoRegister; 2379 IndexRegNumOut = X86::NoRegister; 2380 DispValueOut = 0; 2381 DispExprOut = nullptr; 2382 2383 std::reverse_iterator<InstructionIterator> II(End); 2384 std::reverse_iterator<InstructionIterator> IE(Begin); 2385 2386 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2387 2388 // An instruction referencing memory used by jump instruction (directly or 2389 // via register). This location could be an array of function pointers 2390 // in case of indirect tail call, or a jump table. 2391 MCInst *MemLocInstr = nullptr; 2392 2393 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2394 // If the indirect jump is on register - try to detect if the 2395 // register value is loaded from a memory location. 2396 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2397 const unsigned R1 = Instruction.getOperand(0).getReg(); 2398 // Check if one of the previous instructions defines the jump-on register. 2399 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2400 MCInst &PrevInstr = *PrevII; 2401 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2402 2403 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2404 continue; 2405 2406 if (isMoveMem2Reg(PrevInstr)) { 2407 MemLocInstr = &PrevInstr; 2408 break; 2409 } 2410 if (isADD64rr(PrevInstr)) { 2411 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2412 if (R1 == R2) 2413 return IndirectBranchType::UNKNOWN; 2414 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2415 break; 2416 } 2417 return IndirectBranchType::UNKNOWN; 2418 } 2419 if (!MemLocInstr) { 2420 // No definition seen for the register in this function so far. Could be 2421 // an input parameter - which means it is an external code reference. 2422 // It also could be that the definition happens to be in the code that 2423 // we haven't processed yet. Since we have to be conservative, return 2424 // as UNKNOWN case. 2425 return IndirectBranchType::UNKNOWN; 2426 } 2427 } else { 2428 MemLocInstr = &Instruction; 2429 } 2430 2431 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2432 2433 // Analyze the memory location. 2434 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2435 int64_t ScaleValue, DispValue; 2436 const MCExpr *DispExpr; 2437 2438 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2439 &IndexRegNum, &DispValue, &SegRegNum, 2440 &DispExpr)) 2441 return IndirectBranchType::UNKNOWN; 2442 2443 BaseRegNumOut = BaseRegNum; 2444 IndexRegNumOut = IndexRegNum; 2445 DispValueOut = DispValue; 2446 DispExprOut = DispExpr; 2447 2448 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2449 SegRegNum != X86::NoRegister) 2450 return IndirectBranchType::UNKNOWN; 2451 2452 if (MemLocInstr == &Instruction && 2453 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2454 MemLocInstrOut = MemLocInstr; 2455 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2456 } 2457 2458 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2459 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2460 return IndirectBranchType::UNKNOWN; 2461 2462 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2463 ScaleValue != PtrSize) 2464 return IndirectBranchType::UNKNOWN; 2465 2466 MemLocInstrOut = MemLocInstr; 2467 2468 return Type; 2469 } 2470 2471 /// Analyze a callsite to see if it could be a virtual method call. This only 2472 /// checks to see if the overall pattern is satisfied, it does not guarantee 2473 /// that the callsite is a true virtual method call. 2474 /// The format of virtual method calls that are recognized is one of the 2475 /// following: 2476 /// 2477 /// Form 1: (found in debug code) 2478 /// add METHOD_OFFSET, %VtableReg 2479 /// mov (%VtableReg), %MethodReg 2480 /// ... 2481 /// call or jmp *%MethodReg 2482 /// 2483 /// Form 2: 2484 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2485 /// ... 2486 /// call or jmp *%MethodReg 2487 /// 2488 /// Form 3: 2489 /// ... 2490 /// call or jmp *METHOD_OFFSET(%VtableReg) 2491 /// 2492 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2493 InstructionIterator ForwardEnd, 2494 std::vector<MCInst *> &MethodFetchInsns, 2495 unsigned &VtableRegNum, unsigned &MethodRegNum, 2496 uint64_t &MethodOffset) const override { 2497 VtableRegNum = X86::NoRegister; 2498 MethodRegNum = X86::NoRegister; 2499 MethodOffset = 0; 2500 2501 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2502 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2503 2504 MCInst &CallInst = *Itr++; 2505 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2506 2507 unsigned BaseReg, IndexReg, SegmentReg; 2508 int64_t Scale, Disp; 2509 const MCExpr *DispExpr; 2510 2511 // The call can just be jmp offset(reg) 2512 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2513 &SegmentReg, &DispExpr)) { 2514 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2515 BaseReg != X86::NoRegister) { 2516 MethodRegNum = BaseReg; 2517 if (Scale == 1 && IndexReg == X86::NoRegister && 2518 SegmentReg == X86::NoRegister) { 2519 VtableRegNum = MethodRegNum; 2520 MethodOffset = Disp; 2521 MethodFetchInsns.push_back(&CallInst); 2522 return true; 2523 } 2524 } 2525 return false; 2526 } 2527 if (CallInst.getOperand(0).isReg()) 2528 MethodRegNum = CallInst.getOperand(0).getReg(); 2529 else 2530 return false; 2531 2532 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2533 VtableRegNum = X86::NoRegister; 2534 MethodRegNum = X86::NoRegister; 2535 return false; 2536 } 2537 2538 // find load from vtable, this may or may not include the method offset 2539 while (Itr != End) { 2540 MCInst &CurInst = *Itr++; 2541 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2542 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2543 if (isLoad(CurInst) && 2544 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2545 &Disp, &SegmentReg, &DispExpr)) { 2546 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2547 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2548 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2549 BaseReg != X86::RIP) { 2550 VtableRegNum = BaseReg; 2551 MethodOffset = Disp; 2552 MethodFetchInsns.push_back(&CurInst); 2553 if (MethodOffset != 0) 2554 return true; 2555 break; 2556 } 2557 } 2558 return false; 2559 } 2560 } 2561 2562 if (!VtableRegNum) 2563 return false; 2564 2565 // look for any adds affecting the method register. 2566 while (Itr != End) { 2567 MCInst &CurInst = *Itr++; 2568 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2569 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2570 if (isADDri(CurInst)) { 2571 assert(!MethodOffset); 2572 MethodOffset = CurInst.getOperand(2).getImm(); 2573 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2574 break; 2575 } 2576 } 2577 } 2578 2579 return true; 2580 } 2581 2582 bool createStackPointerIncrement(MCInst &Inst, int Size, 2583 bool NoFlagsClobber) const override { 2584 if (NoFlagsClobber) { 2585 Inst.setOpcode(X86::LEA64r); 2586 Inst.clear(); 2587 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2588 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2589 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2590 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2591 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2592 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2593 return true; 2594 } 2595 Inst.setOpcode(X86::SUB64ri8); 2596 Inst.clear(); 2597 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2598 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2599 Inst.addOperand(MCOperand::createImm(Size)); 2600 return true; 2601 } 2602 2603 bool createStackPointerDecrement(MCInst &Inst, int Size, 2604 bool NoFlagsClobber) const override { 2605 if (NoFlagsClobber) { 2606 Inst.setOpcode(X86::LEA64r); 2607 Inst.clear(); 2608 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2609 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2610 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2611 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2612 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2613 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2614 return true; 2615 } 2616 Inst.setOpcode(X86::ADD64ri8); 2617 Inst.clear(); 2618 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2619 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2620 Inst.addOperand(MCOperand::createImm(Size)); 2621 return true; 2622 } 2623 2624 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2625 const MCPhysReg &SrcReg, int Size) const override { 2626 unsigned NewOpcode; 2627 switch (Size) { 2628 default: 2629 return false; 2630 case 2: NewOpcode = X86::MOV16mr; break; 2631 case 4: NewOpcode = X86::MOV32mr; break; 2632 case 8: NewOpcode = X86::MOV64mr; break; 2633 } 2634 Inst.setOpcode(NewOpcode); 2635 Inst.clear(); 2636 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2637 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2638 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2639 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2640 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2641 Inst.addOperand(MCOperand::createReg(SrcReg)); 2642 return true; 2643 } 2644 2645 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2646 int Offset, const MCPhysReg &DstReg, 2647 int Size) const override { 2648 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2649 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2650 DstReg, Size); 2651 } 2652 2653 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2654 const MCPhysReg &IndexReg, int64_t Offset, 2655 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2656 const MCPhysReg &DstReg, int Size) const override { 2657 unsigned NewOpcode; 2658 switch (Size) { 2659 default: 2660 return false; 2661 case 2: NewOpcode = X86::MOV16rm; break; 2662 case 4: NewOpcode = X86::MOV32rm; break; 2663 case 8: NewOpcode = X86::MOV64rm; break; 2664 } 2665 Inst.setOpcode(NewOpcode); 2666 Inst.clear(); 2667 Inst.addOperand(MCOperand::createReg(DstReg)); 2668 Inst.addOperand(MCOperand::createReg(BaseReg)); 2669 Inst.addOperand(MCOperand::createImm(Scale)); 2670 Inst.addOperand(MCOperand::createReg(IndexReg)); 2671 if (OffsetExpr) 2672 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2673 else 2674 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2675 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2676 return true; 2677 } 2678 2679 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2680 uint32_t Imm) const override { 2681 Inst.setOpcode(X86::MOV64ri32); 2682 Inst.clear(); 2683 Inst.addOperand(MCOperand::createReg(Dest)); 2684 Inst.addOperand(MCOperand::createImm(Imm)); 2685 } 2686 2687 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2688 MCContext *Ctx) const override { 2689 2690 Inst.setOpcode(X86::LOCK_INC64m); 2691 Inst.clear(); 2692 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2693 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2694 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2695 2696 Inst.addOperand(MCOperand::createExpr( 2697 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2698 *Ctx))); // Displacement 2699 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2700 return true; 2701 } 2702 2703 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2704 const MCOperand &BaseReg, const MCOperand &Scale, 2705 const MCOperand &IndexReg, const MCOperand &Offset, 2706 const MCOperand &TmpReg) const override { 2707 // The code fragment we emit here is: 2708 // 2709 // mov32 (%base, %index, scale), %tmpreg 2710 // ijmp *(%tmpreg) 2711 // 2712 MCInst IJmp; 2713 IJmp.setOpcode(X86::JMP64r); 2714 IJmp.addOperand(TmpReg); 2715 2716 MCInst Load; 2717 Load.setOpcode(X86::MOV32rm); 2718 Load.addOperand(TmpReg); 2719 Load.addOperand(BaseReg); 2720 Load.addOperand(Scale); 2721 Load.addOperand(IndexReg); 2722 Load.addOperand(Offset); 2723 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2724 2725 Insts.push_back(Load); 2726 Insts.push_back(IJmp); 2727 return true; 2728 } 2729 2730 bool createNoop(MCInst &Inst) const override { 2731 Inst.setOpcode(X86::NOOP); 2732 return true; 2733 } 2734 2735 bool createReturn(MCInst &Inst) const override { 2736 Inst.setOpcode(X86::RET64); 2737 return true; 2738 } 2739 2740 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2741 InstructionListType Code; 2742 if (ReturnEnd) 2743 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2744 .addReg(X86::RAX) 2745 .addReg(X86::RDI) 2746 .addImm(1) 2747 .addReg(X86::RDX) 2748 .addImm(0) 2749 .addReg(X86::NoRegister)); 2750 else 2751 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2752 .addReg(X86::RAX) 2753 .addReg(X86::RDI)); 2754 2755 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2756 .addReg(X86::ECX) 2757 .addReg(X86::EDX)); 2758 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2759 2760 return Code; 2761 } 2762 2763 InstructionListType createOneByteMemcpy() const override { 2764 InstructionListType Code; 2765 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2766 .addReg(X86::CL) 2767 .addReg(X86::RSI) 2768 .addImm(0) 2769 .addReg(X86::NoRegister) 2770 .addImm(0) 2771 .addReg(X86::NoRegister)); 2772 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2773 .addReg(X86::RDI) 2774 .addImm(0) 2775 .addReg(X86::NoRegister) 2776 .addImm(0) 2777 .addReg(X86::NoRegister) 2778 .addReg(X86::CL)); 2779 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2780 .addReg(X86::RAX) 2781 .addReg(X86::RDI)); 2782 return Code; 2783 } 2784 2785 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2786 const MCSymbol *Target, 2787 MCContext *Ctx) const override { 2788 InstructionListType Code; 2789 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2790 .addReg(RegNo) 2791 .addImm(Imm)); 2792 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2793 .addExpr(MCSymbolRefExpr::create( 2794 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2795 .addImm(X86::COND_E)); 2796 return Code; 2797 } 2798 2799 Optional<Relocation> 2800 createRelocation(const MCFixup &Fixup, 2801 const MCAsmBackend &MAB) const override { 2802 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2803 2804 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2805 const uint64_t RelOffset = Fixup.getOffset(); 2806 2807 uint64_t RelType; 2808 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2809 switch (FKI.TargetSize) { 2810 default: 2811 return NoneType(); 2812 case 8: RelType = ELF::R_X86_64_PC8; break; 2813 case 16: RelType = ELF::R_X86_64_PC16; break; 2814 case 32: RelType = ELF::R_X86_64_PC32; break; 2815 case 64: RelType = ELF::R_X86_64_PC64; break; 2816 } 2817 } else { 2818 switch (FKI.TargetSize) { 2819 default: 2820 return NoneType(); 2821 case 8: RelType = ELF::R_X86_64_8; break; 2822 case 16: RelType = ELF::R_X86_64_16; break; 2823 case 32: RelType = ELF::R_X86_64_32; break; 2824 case 64: RelType = ELF::R_X86_64_64; break; 2825 } 2826 } 2827 2828 // Extract a symbol and an addend out of the fixup value expression. 2829 // 2830 // Only the following limited expression types are supported: 2831 // Symbol + Addend 2832 // Symbol 2833 uint64_t Addend = 0; 2834 MCSymbol *Symbol = nullptr; 2835 const MCExpr *ValueExpr = Fixup.getValue(); 2836 if (ValueExpr->getKind() == MCExpr::Binary) { 2837 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2838 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2839 "unexpected binary expression"); 2840 const MCExpr *LHS = BinaryExpr->getLHS(); 2841 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2842 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2843 const MCExpr *RHS = BinaryExpr->getRHS(); 2844 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2845 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2846 } else { 2847 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2848 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2849 } 2850 2851 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2852 } 2853 2854 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2855 int64_t Addend, MCContext *Ctx, int64_t &Value, 2856 uint64_t RelType) const override { 2857 unsigned ImmOpNo = -1U; 2858 2859 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2860 ++Index) { 2861 if (Inst.getOperand(Index).isImm()) { 2862 ImmOpNo = Index; 2863 // TODO: this is a bit hacky. It finds the correct operand by 2864 // searching for a specific immediate value. If no value is 2865 // provided it defaults to the last immediate operand found. 2866 // This could lead to unexpected results if the instruction 2867 // has more than one immediate with the same value. 2868 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2869 break; 2870 } 2871 } 2872 2873 if (ImmOpNo == -1U) 2874 return false; 2875 2876 Value = Inst.getOperand(ImmOpNo).getImm(); 2877 2878 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2879 2880 return true; 2881 } 2882 2883 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2884 int64_t Imm) const override { 2885 2886 enum CheckSignExt : uint8_t { 2887 NOCHECK = 0, 2888 CHECK8, 2889 CHECK32, 2890 }; 2891 2892 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2893 struct InstInfo { 2894 // Size in bytes that Inst loads from memory. 2895 uint8_t DataSize; 2896 2897 // True when the target operand has to be duplicated because the opcode 2898 // expects a LHS operand. 2899 bool HasLHS; 2900 2901 // List of checks and corresponding opcodes to be used. We try to use the 2902 // smallest possible immediate value when various sizes are available, 2903 // hence we may need to check whether a larger constant fits in a smaller 2904 // immediate. 2905 CheckList Checks; 2906 }; 2907 2908 InstInfo I; 2909 2910 switch (Inst.getOpcode()) { 2911 default: { 2912 switch (getPushSize(Inst)) { 2913 2914 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2915 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2916 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2917 {CHECK32, X86::PUSH64i32}, 2918 {NOCHECK, Inst.getOpcode()}}}; break; 2919 default: return false; 2920 } 2921 break; 2922 } 2923 2924 // MOV 2925 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2926 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2927 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2928 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2929 {NOCHECK, X86::MOV64ri}}}; break; 2930 2931 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2932 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2933 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2934 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2935 {NOCHECK, X86::MOV64mr}}}; break; 2936 2937 // MOVZX 2938 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2939 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2940 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2941 2942 // CMP 2943 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2944 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2945 {NOCHECK, X86::CMP16ri}}}; break; 2946 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2947 {NOCHECK, X86::CMP32ri}}}; break; 2948 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2949 {CHECK32, X86::CMP64ri32}, 2950 {NOCHECK, X86::CMP64rr}}}; break; 2951 2952 // TEST 2953 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2954 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2955 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2956 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2957 {NOCHECK, X86::TEST64rr}}}; break; 2958 2959 // ADD 2960 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2961 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2962 {NOCHECK, X86::ADD16ri}}}; break; 2963 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2964 {NOCHECK, X86::ADD32ri}}}; break; 2965 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2966 {CHECK32, X86::ADD64ri32}, 2967 {NOCHECK, X86::ADD64rr}}}; break; 2968 2969 // SUB 2970 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2971 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2972 {NOCHECK, X86::SUB16ri}}}; break; 2973 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2974 {NOCHECK, X86::SUB32ri}}}; break; 2975 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2976 {CHECK32, X86::SUB64ri32}, 2977 {NOCHECK, X86::SUB64rr}}}; break; 2978 2979 // AND 2980 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2981 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2982 {NOCHECK, X86::AND16ri}}}; break; 2983 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2984 {NOCHECK, X86::AND32ri}}}; break; 2985 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2986 {CHECK32, X86::AND64ri32}, 2987 {NOCHECK, X86::AND64rr}}}; break; 2988 2989 // OR 2990 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2991 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2992 {NOCHECK, X86::OR16ri}}}; break; 2993 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2994 {NOCHECK, X86::OR32ri}}}; break; 2995 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2996 {CHECK32, X86::OR64ri32}, 2997 {NOCHECK, X86::OR64rr}}}; break; 2998 2999 // XOR 3000 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 3001 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 3002 {NOCHECK, X86::XOR16ri}}}; break; 3003 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 3004 {NOCHECK, X86::XOR32ri}}}; break; 3005 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 3006 {CHECK32, X86::XOR64ri32}, 3007 {NOCHECK, X86::XOR64rr}}}; break; 3008 } 3009 3010 // Compute the new opcode. 3011 unsigned NewOpcode = 0; 3012 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 3013 NewOpcode = Check.second; 3014 if (Check.first == NOCHECK) 3015 break; 3016 if (Check.first == CHECK8 && isInt<8>(Imm)) 3017 break; 3018 if (Check.first == CHECK32 && isInt<32>(Imm)) 3019 break; 3020 } 3021 if (NewOpcode == Inst.getOpcode()) 3022 return false; 3023 3024 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3025 3026 unsigned NumFound = 0; 3027 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 3028 E = InstDesc.getNumOperands(); 3029 Index != E; ++Index) 3030 if (Inst.getOperand(Index).isReg() && 3031 Inst.getOperand(Index).getReg() == Register) 3032 NumFound++; 3033 3034 if (NumFound != 1) 3035 return false; 3036 3037 MCOperand TargetOp = Inst.getOperand(0); 3038 Inst.clear(); 3039 Inst.setOpcode(NewOpcode); 3040 Inst.addOperand(TargetOp); 3041 if (I.HasLHS) 3042 Inst.addOperand(TargetOp); 3043 Inst.addOperand(MCOperand::createImm(Imm)); 3044 3045 return true; 3046 } 3047 3048 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 3049 unsigned ReplaceWith) const override { 3050 3051 // Get the HasLHS value so that iteration can be done 3052 bool HasLHS; 3053 if (isAND(Inst.getOpcode()) || isADD(Inst.getOpcode()) || isSUB(Inst)) { 3054 HasLHS = true; 3055 } else if (isPop(Inst) || isPush(Inst) || isCMP(Inst.getOpcode()) || 3056 isTEST(Inst.getOpcode())) { 3057 HasLHS = false; 3058 } else { 3059 switch (Inst.getOpcode()) { 3060 case X86::MOV8rr: 3061 case X86::MOV8rm: 3062 case X86::MOV8mr: 3063 case X86::MOV8ri: 3064 case X86::MOV16rr: 3065 case X86::MOV16rm: 3066 case X86::MOV16mr: 3067 case X86::MOV16ri: 3068 case X86::MOV32rr: 3069 case X86::MOV32rm: 3070 case X86::MOV32mr: 3071 case X86::MOV32ri: 3072 case X86::MOV64rr: 3073 case X86::MOV64rm: 3074 case X86::MOV64mr: 3075 case X86::MOV64ri: 3076 case X86::MOVZX16rr8: 3077 case X86::MOVZX32rr8: 3078 case X86::MOVZX32rr16: 3079 case X86::MOVSX32rm8: 3080 case X86::MOVSX32rr8: 3081 case X86::MOVSX64rm32: 3082 case X86::LEA64r: 3083 HasLHS = false; 3084 break; 3085 default: 3086 return false; 3087 } 3088 } 3089 3090 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3091 3092 bool FoundOne = false; 3093 3094 // Iterate only through src operands that arent also dest operands 3095 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 3096 E = InstDesc.getNumOperands(); 3097 Index != E; ++Index) { 3098 BitVector RegAliases = getAliases(ToReplace, true); 3099 if (!Inst.getOperand(Index).isReg() || 3100 !RegAliases.test(Inst.getOperand(Index).getReg())) 3101 continue; 3102 // Resize register if needed 3103 unsigned SizedReplaceWith = getAliasSized( 3104 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 3105 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 3106 Inst.getOperand(Index) = NewOperand; 3107 FoundOne = true; 3108 } 3109 3110 // Return true if at least one operand was replaced 3111 return FoundOne; 3112 } 3113 3114 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 3115 MCContext *Ctx) const override { 3116 Inst.setOpcode(X86::JMP_1); 3117 Inst.addOperand(MCOperand::createExpr( 3118 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 3119 return true; 3120 } 3121 3122 bool createCall(MCInst &Inst, const MCSymbol *Target, 3123 MCContext *Ctx) override { 3124 Inst.setOpcode(X86::CALL64pcrel32); 3125 Inst.addOperand(MCOperand::createExpr( 3126 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3127 return true; 3128 } 3129 3130 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 3131 MCContext *Ctx) override { 3132 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 3133 } 3134 3135 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 3136 MCContext *Ctx) override { 3137 Seq.clear(); 3138 Seq.emplace_back(); 3139 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 3140 } 3141 3142 bool createTrap(MCInst &Inst) const override { 3143 Inst.clear(); 3144 Inst.setOpcode(X86::TRAP); 3145 return true; 3146 } 3147 3148 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 3149 MCContext *Ctx) const override { 3150 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 3151 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 3152 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 3153 Inst.getOperand(0) = MCOperand::createExpr( 3154 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3155 return true; 3156 } 3157 3158 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 3159 unsigned CC) const override { 3160 if (CC == X86::COND_INVALID) 3161 return false; 3162 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 3163 Inst.getOperand(0) = MCOperand::createExpr( 3164 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3165 return true; 3166 } 3167 3168 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 3169 switch (CC) { 3170 default: return X86::COND_INVALID; 3171 3172 case X86::COND_E: return X86::COND_E; 3173 case X86::COND_NE: return X86::COND_E; 3174 3175 case X86::COND_L: return X86::COND_L; 3176 case X86::COND_GE: return X86::COND_L; 3177 3178 case X86::COND_LE: return X86::COND_G; 3179 case X86::COND_G: return X86::COND_G; 3180 3181 case X86::COND_B: return X86::COND_B; 3182 case X86::COND_AE: return X86::COND_B; 3183 3184 case X86::COND_BE: return X86::COND_A; 3185 case X86::COND_A: return X86::COND_A; 3186 3187 case X86::COND_S: return X86::COND_S; 3188 case X86::COND_NS: return X86::COND_S; 3189 3190 case X86::COND_P: return X86::COND_P; 3191 case X86::COND_NP: return X86::COND_P; 3192 3193 case X86::COND_O: return X86::COND_O; 3194 case X86::COND_NO: return X86::COND_O; 3195 } 3196 } 3197 3198 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 3199 MCContext *Ctx) const override { 3200 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 3201 "Invalid instruction"); 3202 Inst.getOperand(0) = MCOperand::createExpr( 3203 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3204 return true; 3205 } 3206 3207 MCPhysReg getX86R11() const override { return X86::R11; } 3208 3209 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 3210 // FIXME: this should depend on the calling convention. 3211 switch (ArgNo) { 3212 case 0: return X86::RDI; 3213 case 1: return X86::RSI; 3214 case 2: return X86::RDX; 3215 case 3: return X86::RCX; 3216 case 4: return X86::R8; 3217 case 5: return X86::R9; 3218 default: return getNoRegister(); 3219 } 3220 } 3221 3222 void createPause(MCInst &Inst) const override { 3223 Inst.clear(); 3224 Inst.setOpcode(X86::PAUSE); 3225 } 3226 3227 void createLfence(MCInst &Inst) const override { 3228 Inst.clear(); 3229 Inst.setOpcode(X86::LFENCE); 3230 } 3231 3232 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3233 bool IsTailCall) override { 3234 Inst.clear(); 3235 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3236 Inst.addOperand(MCOperand::createExpr( 3237 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3238 if (IsTailCall) 3239 setTailCall(Inst); 3240 return true; 3241 } 3242 3243 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3244 MCContext *Ctx, bool IsTailCall) override { 3245 Seq.clear(); 3246 MCInst Inst; 3247 Inst.setOpcode(X86::JMP_1); 3248 Inst.addOperand(MCOperand::createExpr( 3249 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3250 if (IsTailCall) 3251 setTailCall(Inst); 3252 Seq.emplace_back(Inst); 3253 } 3254 3255 bool isConditionalMove(const MCInst &Inst) const override { 3256 unsigned OpCode = Inst.getOpcode(); 3257 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3258 OpCode == X86::CMOV64rr); 3259 } 3260 3261 bool isBranchOnMem(const MCInst &Inst) const override { 3262 unsigned OpCode = Inst.getOpcode(); 3263 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3264 OpCode == X86::JMP64m) 3265 return true; 3266 3267 return false; 3268 } 3269 3270 bool isBranchOnReg(const MCInst &Inst) const override { 3271 unsigned OpCode = Inst.getOpcode(); 3272 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3273 OpCode == X86::JMP64r) 3274 return true; 3275 3276 return false; 3277 } 3278 3279 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3280 unsigned Size) const override { 3281 Inst.clear(); 3282 unsigned NewOpcode = 0; 3283 if (Reg == X86::EFLAGS) { 3284 switch (Size) { 3285 case 2: NewOpcode = X86::PUSHF16; break; 3286 case 4: NewOpcode = X86::PUSHF32; break; 3287 case 8: NewOpcode = X86::PUSHF64; break; 3288 default: 3289 llvm_unreachable("Unexpected size"); 3290 } 3291 Inst.setOpcode(NewOpcode); 3292 return; 3293 } 3294 switch (Size) { 3295 case 2: NewOpcode = X86::PUSH16r; break; 3296 case 4: NewOpcode = X86::PUSH32r; break; 3297 case 8: NewOpcode = X86::PUSH64r; break; 3298 default: 3299 llvm_unreachable("Unexpected size"); 3300 } 3301 Inst.setOpcode(NewOpcode); 3302 Inst.addOperand(MCOperand::createReg(Reg)); 3303 } 3304 3305 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3306 unsigned Size) const override { 3307 Inst.clear(); 3308 unsigned NewOpcode = 0; 3309 if (Reg == X86::EFLAGS) { 3310 switch (Size) { 3311 case 2: NewOpcode = X86::POPF16; break; 3312 case 4: NewOpcode = X86::POPF32; break; 3313 case 8: NewOpcode = X86::POPF64; break; 3314 default: 3315 llvm_unreachable("Unexpected size"); 3316 } 3317 Inst.setOpcode(NewOpcode); 3318 return; 3319 } 3320 switch (Size) { 3321 case 2: NewOpcode = X86::POP16r; break; 3322 case 4: NewOpcode = X86::POP32r; break; 3323 case 8: NewOpcode = X86::POP64r; break; 3324 default: 3325 llvm_unreachable("Unexpected size"); 3326 } 3327 Inst.setOpcode(NewOpcode); 3328 Inst.addOperand(MCOperand::createReg(Reg)); 3329 } 3330 3331 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3332 return createPushRegister(Inst, X86::EFLAGS, Size); 3333 } 3334 3335 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3336 return createPopRegister(Inst, X86::EFLAGS, Size); 3337 } 3338 3339 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3340 unsigned Size) const { 3341 unsigned int Opcode; 3342 switch (Size) { 3343 case 1: Opcode = X86::ADD8ri; break; 3344 case 2: Opcode = X86::ADD16ri; break; 3345 case 4: Opcode = X86::ADD32ri; break; 3346 default: 3347 llvm_unreachable("Unexpected size"); 3348 } 3349 Inst.setOpcode(Opcode); 3350 Inst.clear(); 3351 Inst.addOperand(MCOperand::createReg(Reg)); 3352 Inst.addOperand(MCOperand::createReg(Reg)); 3353 Inst.addOperand(MCOperand::createImm(Value)); 3354 } 3355 3356 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3357 unsigned Size) const { 3358 unsigned int Opcode; 3359 switch (Size) { 3360 case 1: Opcode = X86::MOV8ri; break; 3361 case 2: Opcode = X86::MOV16ri; break; 3362 case 4: Opcode = X86::MOV32ri; break; 3363 case 8: Opcode = X86::MOV64ri; break; 3364 default: 3365 llvm_unreachable("Unexpected size"); 3366 } 3367 Inst.setOpcode(Opcode); 3368 Inst.clear(); 3369 Inst.addOperand(MCOperand::createReg(Reg)); 3370 Inst.addOperand(MCOperand::createImm(0)); 3371 } 3372 3373 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3374 Inst.setOpcode(X86::SETCCr); 3375 Inst.clear(); 3376 Inst.addOperand(MCOperand::createReg(Reg)); 3377 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3378 } 3379 3380 void createX86Lahf(MCInst &Inst) const { 3381 Inst.setOpcode(X86::LAHF); 3382 Inst.clear(); 3383 } 3384 3385 void createX86Sahf(MCInst &Inst) const { 3386 Inst.setOpcode(X86::SAHF); 3387 Inst.clear(); 3388 } 3389 3390 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3391 MCContext *Ctx, bool IsLeaf) const override { 3392 unsigned int I = 0; 3393 3394 Instrs.resize(IsLeaf ? 13 : 11); 3395 // Don't clobber application red zone (ABI dependent) 3396 if (IsLeaf) 3397 createStackPointerIncrement(Instrs[I++], 128, 3398 /*NoFlagsClobber=*/true); 3399 3400 // Performance improvements based on the optimization discussed at 3401 // https://reviews.llvm.org/D6629 3402 // LAHF/SAHF are used instead of PUSHF/POPF 3403 // PUSHF 3404 createPushRegister(Instrs[I++], X86::RAX, 8); 3405 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3406 createX86Lahf(Instrs[I++]); 3407 createPushRegister(Instrs[I++], X86::RAX, 8); 3408 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3409 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3410 // LOCK INC 3411 createIncMemory(Instrs[I++], Target, Ctx); 3412 // POPF 3413 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3414 createPopRegister(Instrs[I++], X86::RAX, 8); 3415 createX86Sahf(Instrs[I++]); 3416 createPopRegister(Instrs[I++], X86::RAX, 8); 3417 3418 if (IsLeaf) 3419 createStackPointerDecrement(Instrs[I], 128, 3420 /*NoFlagsClobber=*/true); 3421 } 3422 3423 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3424 int64_t Disp) const { 3425 Inst.setOpcode(X86::XCHG64rm); 3426 Inst.addOperand(MCOperand::createReg(Source)); 3427 Inst.addOperand(MCOperand::createReg(Source)); 3428 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3429 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3430 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3431 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3432 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3433 } 3434 3435 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3436 int64_t Disp) const { 3437 Inst.setOpcode(X86::JMP64m); 3438 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3439 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3440 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3441 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3442 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3443 } 3444 3445 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3446 bool TailCall, 3447 MCSymbol *HandlerFuncAddr, 3448 int CallSiteID, 3449 MCContext *Ctx) override { 3450 // Check if the target address expression used in the original indirect call 3451 // uses the stack pointer, which we are going to clobber. 3452 static BitVector SPAliases(getAliases(X86::RSP)); 3453 bool UsesSP = false; 3454 // Skip defs. 3455 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3456 E = MCPlus::getNumPrimeOperands(CallInst); 3457 I != E; ++I) { 3458 const MCOperand &Operand = CallInst.getOperand(I); 3459 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3460 UsesSP = true; 3461 break; 3462 } 3463 } 3464 3465 InstructionListType Insts; 3466 MCPhysReg TempReg = getIntArgRegister(0); 3467 // Code sequence used to enter indirect call instrumentation helper: 3468 // push %rdi 3469 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3470 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3471 // sub $8, %rsp ;; restore correct stack value 3472 // push %rdi 3473 // movq $CallSiteID, %rdi 3474 // push %rdi 3475 // callq/jmp HandlerFuncAddr 3476 Insts.emplace_back(); 3477 createPushRegister(Insts.back(), TempReg, 8); 3478 if (UsesSP) { // Only adjust SP if we really need to 3479 Insts.emplace_back(); 3480 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3481 } 3482 Insts.emplace_back(CallInst); 3483 // Insts.back() and CallInst now share the same annotation instruction. 3484 // Strip it from Insts.back(), only preserving tail call annotation. 3485 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3486 convertIndirectCallToLoad(Insts.back(), TempReg); 3487 if (UsesSP) { 3488 Insts.emplace_back(); 3489 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3490 } 3491 Insts.emplace_back(); 3492 createPushRegister(Insts.back(), TempReg, 8); 3493 Insts.emplace_back(); 3494 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3495 Insts.emplace_back(); 3496 createPushRegister(Insts.back(), TempReg, 8); 3497 Insts.emplace_back(); 3498 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3499 /*TailCall=*/TailCall); 3500 // Carry over metadata 3501 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3502 E = CallInst.getNumOperands(); 3503 I != E; ++I) 3504 Insts.back().addOperand(CallInst.getOperand(I)); 3505 3506 return Insts; 3507 } 3508 3509 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3510 const MCPhysReg TempReg = getIntArgRegister(0); 3511 // We just need to undo the sequence created for every ind call in 3512 // instrumentIndirectTarget(), which can be accomplished minimally with: 3513 // popfq 3514 // pop %rdi 3515 // add $16, %rsp 3516 // xchg (%rsp), %rdi 3517 // jmp *-8(%rsp) 3518 InstructionListType Insts(5); 3519 createPopFlags(Insts[0], 8); 3520 createPopRegister(Insts[1], TempReg, 8); 3521 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3522 createSwap(Insts[3], TempReg, X86::RSP, 0); 3523 createIndirectBranch(Insts[4], X86::RSP, -8); 3524 return Insts; 3525 } 3526 3527 InstructionListType 3528 createInstrumentedIndTailCallHandlerExitBB() const override { 3529 const MCPhysReg TempReg = getIntArgRegister(0); 3530 // Same thing as above, but for tail calls 3531 // popfq 3532 // add $16, %rsp 3533 // pop %rdi 3534 // jmp *-16(%rsp) 3535 InstructionListType Insts(4); 3536 createPopFlags(Insts[0], 8); 3537 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3538 createPopRegister(Insts[2], TempReg, 8); 3539 createIndirectBranch(Insts[3], X86::RSP, -16); 3540 return Insts; 3541 } 3542 3543 InstructionListType 3544 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3545 const MCSymbol *IndCallHandler, 3546 MCContext *Ctx) override { 3547 const MCPhysReg TempReg = getIntArgRegister(0); 3548 // Code sequence used to check whether InstrTampoline was initialized 3549 // and call it if so, returns via IndCallHandler. 3550 // pushfq 3551 // mov InstrTrampoline,%rdi 3552 // cmp $0x0,%rdi 3553 // je IndCallHandler 3554 // callq *%rdi 3555 // jmpq IndCallHandler 3556 InstructionListType Insts; 3557 Insts.emplace_back(); 3558 createPushFlags(Insts.back(), 8); 3559 Insts.emplace_back(); 3560 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3561 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3562 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3563 Insts.emplace_back(); 3564 Insts.back().setOpcode(X86::CALL64r); 3565 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3566 Insts.emplace_back(); 3567 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3568 return Insts; 3569 } 3570 3571 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3572 InstructionListType Insts(2); 3573 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3574 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3575 createReturn(Insts[1]); 3576 return Insts; 3577 } 3578 3579 InstructionListType 3580 createInstrLocationsGetter(MCContext *Ctx) const override { 3581 InstructionListType Insts(2); 3582 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3583 createLea(Insts[0], Locs, X86::EAX, Ctx); 3584 createReturn(Insts[1]); 3585 return Insts; 3586 } 3587 3588 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3589 InstructionListType Insts(2); 3590 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3591 createLea(Insts[0], Locs, X86::EAX, Ctx); 3592 createReturn(Insts[1]); 3593 return Insts; 3594 } 3595 3596 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3597 InstructionListType Insts(2); 3598 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3599 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3600 createReturn(Insts[1]); 3601 return Insts; 3602 } 3603 3604 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3605 MCContext *Ctx) const override { 3606 InstructionListType Insts(1); 3607 createUncondBranch(Insts[0], TgtSym, Ctx); 3608 return Insts; 3609 } 3610 3611 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3612 InstructionListType Insts(1); 3613 createReturn(Insts[0]); 3614 return Insts; 3615 } 3616 3617 BlocksVectorTy indirectCallPromotion( 3618 const MCInst &CallInst, 3619 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3620 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3621 const std::vector<MCInst *> &MethodFetchInsns, 3622 const bool MinimizeCodeSize, MCContext *Ctx) override { 3623 const bool IsTailCall = isTailCall(CallInst); 3624 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3625 BlocksVectorTy Results; 3626 3627 // Label for the current code block. 3628 MCSymbol *NextTarget = nullptr; 3629 3630 // The join block which contains all the instructions following CallInst. 3631 // MergeBlock remains null if CallInst is a tail call. 3632 MCSymbol *MergeBlock = nullptr; 3633 3634 unsigned FuncAddrReg = X86::R10; 3635 3636 const bool LoadElim = !VtableSyms.empty(); 3637 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3638 "There must be a vtable entry for every method " 3639 "in the targets vector."); 3640 3641 if (MinimizeCodeSize && !LoadElim) { 3642 std::set<unsigned> UsedRegs; 3643 3644 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3645 const MCOperand &Op = CallInst.getOperand(I); 3646 if (Op.isReg()) 3647 UsedRegs.insert(Op.getReg()); 3648 } 3649 3650 if (UsedRegs.count(X86::R10) == 0) 3651 FuncAddrReg = X86::R10; 3652 else if (UsedRegs.count(X86::R11) == 0) 3653 FuncAddrReg = X86::R11; 3654 else 3655 return Results; 3656 } 3657 3658 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3659 assert(MergeBlock); 3660 NewCall.push_back(CallInst); 3661 MCInst &Merge = NewCall.back(); 3662 Merge.clear(); 3663 createUncondBranch(Merge, MergeBlock, Ctx); 3664 }; 3665 3666 for (unsigned int i = 0; i < Targets.size(); ++i) { 3667 Results.emplace_back(NextTarget, InstructionListType()); 3668 InstructionListType *NewCall = &Results.back().second; 3669 3670 if (MinimizeCodeSize && !LoadElim) { 3671 // Load the call target into FuncAddrReg. 3672 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3673 MCInst &Target = NewCall->back(); 3674 Target.clear(); 3675 Target.setOpcode(X86::MOV64ri32); 3676 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3677 if (Targets[i].first) { 3678 // Is this OK? 3679 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3680 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3681 } else { 3682 const uint64_t Addr = Targets[i].second; 3683 // Immediate address is out of sign extended 32 bit range. 3684 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3685 return BlocksVectorTy(); 3686 3687 Target.addOperand(MCOperand::createImm(Addr)); 3688 } 3689 3690 // Compare current call target to a specific address. 3691 NewCall->push_back(CallInst); 3692 MCInst &Compare = NewCall->back(); 3693 Compare.clear(); 3694 if (isBranchOnReg(CallInst)) 3695 Compare.setOpcode(X86::CMP64rr); 3696 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3697 Compare.setOpcode(X86::CMP64ri32); 3698 else 3699 Compare.setOpcode(X86::CMP64rm); 3700 3701 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3702 3703 // TODO: Would be preferable to only load this value once. 3704 for (unsigned i = 0; 3705 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3706 if (!CallInst.getOperand(i).isInst()) 3707 Compare.addOperand(CallInst.getOperand(i)); 3708 } else { 3709 // Compare current call target to a specific address. 3710 NewCall->push_back(CallInst); 3711 MCInst &Compare = NewCall->back(); 3712 Compare.clear(); 3713 if (isBranchOnReg(CallInst)) 3714 Compare.setOpcode(X86::CMP64ri32); 3715 else 3716 Compare.setOpcode(X86::CMP64mi32); 3717 3718 // Original call address. 3719 for (unsigned i = 0; 3720 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3721 if (!CallInst.getOperand(i).isInst()) 3722 Compare.addOperand(CallInst.getOperand(i)); 3723 3724 // Target address. 3725 if (Targets[i].first || LoadElim) { 3726 const MCSymbol *Sym = 3727 LoadElim ? VtableSyms[i].first : Targets[i].first; 3728 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3729 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3730 if (Addend) 3731 Expr = MCBinaryExpr::createAdd( 3732 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3733 Compare.addOperand(MCOperand::createExpr(Expr)); 3734 } else { 3735 const uint64_t Addr = Targets[i].second; 3736 // Immediate address is out of sign extended 32 bit range. 3737 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3738 return BlocksVectorTy(); 3739 3740 Compare.addOperand(MCOperand::createImm(Addr)); 3741 } 3742 } 3743 3744 // jump to next target compare. 3745 NextTarget = 3746 Ctx->createNamedTempSymbol(); // generate label for the next block 3747 NewCall->push_back(CallInst); 3748 3749 if (IsJumpTable) { 3750 MCInst &Je = NewCall->back(); 3751 3752 // Jump to next compare if target addresses don't match. 3753 Je.clear(); 3754 Je.setOpcode(X86::JCC_1); 3755 if (Targets[i].first) 3756 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3757 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3758 else 3759 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3760 3761 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3762 assert(!isInvoke(CallInst)); 3763 } else { 3764 MCInst &Jne = NewCall->back(); 3765 3766 // Jump to next compare if target addresses don't match. 3767 Jne.clear(); 3768 Jne.setOpcode(X86::JCC_1); 3769 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3770 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3771 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3772 3773 // Call specific target directly. 3774 Results.emplace_back(Ctx->createNamedTempSymbol(), 3775 InstructionListType()); 3776 NewCall = &Results.back().second; 3777 NewCall->push_back(CallInst); 3778 MCInst &CallOrJmp = NewCall->back(); 3779 3780 CallOrJmp.clear(); 3781 3782 if (MinimizeCodeSize && !LoadElim) { 3783 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3784 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3785 } else { 3786 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3787 3788 if (Targets[i].first) 3789 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3790 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3791 else 3792 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3793 } 3794 if (IsTailCall) 3795 setTailCall(CallOrJmp); 3796 3797 if (CallOrJmp.getOpcode() == X86::CALL64r || 3798 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3799 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3800 // Annotated as duplicated call 3801 setOffset(CallOrJmp, *Offset); 3802 } 3803 3804 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3805 // Copy over any EH or GNU args size information from the original 3806 // call. 3807 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3808 if (EHInfo) 3809 addEHInfo(CallOrJmp, *EHInfo); 3810 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3811 if (GnuArgsSize >= 0) 3812 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3813 } 3814 3815 if (!IsTailCall) { 3816 // The fallthrough block for the most common target should be 3817 // the merge block. 3818 if (i == 0) { 3819 // Fallthrough to merge block. 3820 MergeBlock = Ctx->createNamedTempSymbol(); 3821 } else { 3822 // Insert jump to the merge block if we are not doing a fallthrough. 3823 jumpToMergeBlock(*NewCall); 3824 } 3825 } 3826 } 3827 } 3828 3829 // Cold call block. 3830 Results.emplace_back(NextTarget, InstructionListType()); 3831 InstructionListType &NewCall = Results.back().second; 3832 for (const MCInst *Inst : MethodFetchInsns) 3833 if (Inst != &CallInst) 3834 NewCall.push_back(*Inst); 3835 NewCall.push_back(CallInst); 3836 3837 // Jump to merge block from cold call block 3838 if (!IsTailCall && !IsJumpTable) { 3839 jumpToMergeBlock(NewCall); 3840 3841 // Record merge block 3842 Results.emplace_back(MergeBlock, InstructionListType()); 3843 } 3844 3845 return Results; 3846 } 3847 3848 BlocksVectorTy jumpTablePromotion( 3849 const MCInst &IJmpInst, 3850 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3851 const std::vector<MCInst *> &TargetFetchInsns, 3852 MCContext *Ctx) const override { 3853 assert(getJumpTable(IJmpInst) != 0); 3854 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3855 if (IndexReg == 0) 3856 return BlocksVectorTy(); 3857 3858 BlocksVectorTy Results; 3859 3860 // Label for the current code block. 3861 MCSymbol *NextTarget = nullptr; 3862 3863 for (unsigned int i = 0; i < Targets.size(); ++i) { 3864 Results.emplace_back(NextTarget, InstructionListType()); 3865 InstructionListType *CurBB = &Results.back().second; 3866 3867 // Compare current index to a specific index. 3868 CurBB->emplace_back(MCInst()); 3869 MCInst &CompareInst = CurBB->back(); 3870 CompareInst.setLoc(IJmpInst.getLoc()); 3871 CompareInst.setOpcode(X86::CMP64ri32); 3872 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3873 3874 const uint64_t CaseIdx = Targets[i].second; 3875 // Immediate address is out of sign extended 32 bit range. 3876 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3877 return BlocksVectorTy(); 3878 3879 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3880 shortenInstruction(CompareInst); 3881 3882 // jump to next target compare. 3883 NextTarget = 3884 Ctx->createNamedTempSymbol(); // generate label for the next block 3885 CurBB->push_back(MCInst()); 3886 3887 MCInst &JEInst = CurBB->back(); 3888 JEInst.setLoc(IJmpInst.getLoc()); 3889 3890 // Jump to target if indices match 3891 JEInst.setOpcode(X86::JCC_1); 3892 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3893 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3894 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3895 } 3896 3897 // Cold call block. 3898 Results.emplace_back(NextTarget, InstructionListType()); 3899 InstructionListType &CurBB = Results.back().second; 3900 for (const MCInst *Inst : TargetFetchInsns) 3901 if (Inst != &IJmpInst) 3902 CurBB.push_back(*Inst); 3903 3904 CurBB.push_back(IJmpInst); 3905 3906 return Results; 3907 } 3908 3909 private: 3910 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3911 MCContext *Ctx) const { 3912 Inst.setOpcode(X86::MOV64rm); 3913 Inst.addOperand(MCOperand::createReg(Reg)); 3914 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3915 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3916 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3917 Inst.addOperand(MCOperand::createExpr( 3918 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3919 *Ctx))); // Displacement 3920 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3921 3922 return true; 3923 } 3924 3925 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3926 MCContext *Ctx) const { 3927 Inst.setOpcode(X86::LEA64r); 3928 Inst.addOperand(MCOperand::createReg(Reg)); 3929 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3930 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3931 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3932 Inst.addOperand(MCOperand::createExpr( 3933 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3934 *Ctx))); // Displacement 3935 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3936 return true; 3937 } 3938 }; 3939 3940 } // namespace 3941 3942 namespace llvm { 3943 namespace bolt { 3944 3945 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3946 const MCInstrInfo *Info, 3947 const MCRegisterInfo *RegInfo) { 3948 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3949 } 3950 3951 } // namespace bolt 3952 } // namespace llvm 3953