1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86MCTargetDesc.h" 15 #include "bolt/Core/MCPlusBuilder.h" 16 #include "llvm/BinaryFormat/ELF.h" 17 #include "llvm/MC/MCContext.h" 18 #include "llvm/MC/MCFixupKindInfo.h" 19 #include "llvm/MC/MCInstBuilder.h" 20 #include "llvm/MC/MCInstrInfo.h" 21 #include "llvm/MC/MCRegisterInfo.h" 22 #include "llvm/Support/DataExtractor.h" 23 #include "llvm/Support/Debug.h" 24 #include "llvm/Support/Errc.h" 25 #include "llvm/Support/ErrorHandling.h" 26 #include "llvm/Support/ErrorOr.h" 27 #include <set> 28 29 #define DEBUG_TYPE "mcplus" 30 31 using namespace llvm; 32 using namespace bolt; 33 34 namespace { 35 36 unsigned getShortBranchOpcode(unsigned Opcode) { 37 switch (Opcode) { 38 default: 39 return Opcode; 40 case X86::JMP_2: return X86::JMP_1; 41 case X86::JMP_4: return X86::JMP_1; 42 case X86::JCC_2: return X86::JCC_1; 43 case X86::JCC_4: return X86::JCC_1; 44 } 45 } 46 47 unsigned getShortArithOpcode(unsigned Opcode) { 48 switch (Opcode) { 49 default: 50 return Opcode; 51 52 // IMUL 53 case X86::IMUL16rri: return X86::IMUL16rri8; 54 case X86::IMUL16rmi: return X86::IMUL16rmi8; 55 case X86::IMUL32rri: return X86::IMUL32rri8; 56 case X86::IMUL32rmi: return X86::IMUL32rmi8; 57 case X86::IMUL64rri32: return X86::IMUL64rri8; 58 case X86::IMUL64rmi32: return X86::IMUL64rmi8; 59 60 // OR 61 case X86::OR16ri: return X86::OR16ri8; 62 case X86::OR16mi: return X86::OR16mi8; 63 case X86::OR32ri: return X86::OR32ri8; 64 case X86::OR32mi: return X86::OR32mi8; 65 case X86::OR64ri32: return X86::OR64ri8; 66 case X86::OR64mi32: return X86::OR64mi8; 67 68 // AND 69 case X86::AND16ri: return X86::AND16ri8; 70 case X86::AND16mi: return X86::AND16mi8; 71 case X86::AND32ri: return X86::AND32ri8; 72 case X86::AND32mi: return X86::AND32mi8; 73 case X86::AND64ri32: return X86::AND64ri8; 74 case X86::AND64mi32: return X86::AND64mi8; 75 76 // XOR 77 case X86::XOR16ri: return X86::XOR16ri8; 78 case X86::XOR16mi: return X86::XOR16mi8; 79 case X86::XOR32ri: return X86::XOR32ri8; 80 case X86::XOR32mi: return X86::XOR32mi8; 81 case X86::XOR64ri32: return X86::XOR64ri8; 82 case X86::XOR64mi32: return X86::XOR64mi8; 83 84 // ADD 85 case X86::ADD16ri: return X86::ADD16ri8; 86 case X86::ADD16mi: return X86::ADD16mi8; 87 case X86::ADD32ri: return X86::ADD32ri8; 88 case X86::ADD32mi: return X86::ADD32mi8; 89 case X86::ADD64ri32: return X86::ADD64ri8; 90 case X86::ADD64mi32: return X86::ADD64mi8; 91 92 // SUB 93 case X86::SUB16ri: return X86::SUB16ri8; 94 case X86::SUB16mi: return X86::SUB16mi8; 95 case X86::SUB32ri: return X86::SUB32ri8; 96 case X86::SUB32mi: return X86::SUB32mi8; 97 case X86::SUB64ri32: return X86::SUB64ri8; 98 case X86::SUB64mi32: return X86::SUB64mi8; 99 100 // CMP 101 case X86::CMP16ri: return X86::CMP16ri8; 102 case X86::CMP16mi: return X86::CMP16mi8; 103 case X86::CMP32ri: return X86::CMP32ri8; 104 case X86::CMP32mi: return X86::CMP32mi8; 105 case X86::CMP64ri32: return X86::CMP64ri8; 106 case X86::CMP64mi32: return X86::CMP64mi8; 107 108 // PUSH 109 case X86::PUSHi32: return X86::PUSH32i8; 110 case X86::PUSHi16: return X86::PUSH16i8; 111 case X86::PUSH64i32: return X86::PUSH64i8; 112 } 113 } 114 115 bool isADD(unsigned Opcode) { 116 switch (Opcode) { 117 default: 118 return false; 119 case X86::ADD16i16: 120 case X86::ADD16mi: 121 case X86::ADD16mi8: 122 case X86::ADD16mr: 123 case X86::ADD16ri: 124 case X86::ADD16ri8: 125 case X86::ADD16ri8_DB: 126 case X86::ADD16ri_DB: 127 case X86::ADD16rm: 128 case X86::ADD16rr: 129 case X86::ADD16rr_DB: 130 case X86::ADD16rr_REV: 131 case X86::ADD32i32: 132 case X86::ADD32mi: 133 case X86::ADD32mi8: 134 case X86::ADD32mr: 135 case X86::ADD32ri: 136 case X86::ADD32ri8: 137 case X86::ADD32ri8_DB: 138 case X86::ADD32ri_DB: 139 case X86::ADD32rm: 140 case X86::ADD32rr: 141 case X86::ADD32rr_DB: 142 case X86::ADD32rr_REV: 143 case X86::ADD64i32: 144 case X86::ADD64mi32: 145 case X86::ADD64mi8: 146 case X86::ADD64mr: 147 case X86::ADD64ri32: 148 case X86::ADD64ri32_DB: 149 case X86::ADD64ri8: 150 case X86::ADD64ri8_DB: 151 case X86::ADD64rm: 152 case X86::ADD64rr: 153 case X86::ADD64rr_DB: 154 case X86::ADD64rr_REV: 155 case X86::ADD8i8: 156 case X86::ADD8mi: 157 case X86::ADD8mi8: 158 case X86::ADD8mr: 159 case X86::ADD8ri: 160 case X86::ADD8ri8: 161 case X86::ADD8rm: 162 case X86::ADD8rr: 163 case X86::ADD8rr_REV: 164 return true; 165 } 166 } 167 168 bool isAND(unsigned Opcode) { 169 switch (Opcode) { 170 default: 171 return false; 172 case X86::AND16i16: 173 case X86::AND16mi: 174 case X86::AND16mi8: 175 case X86::AND16mr: 176 case X86::AND16ri: 177 case X86::AND16ri8: 178 case X86::AND16rm: 179 case X86::AND16rr: 180 case X86::AND16rr_REV: 181 case X86::AND32i32: 182 case X86::AND32mi: 183 case X86::AND32mi8: 184 case X86::AND32mr: 185 case X86::AND32ri: 186 case X86::AND32ri8: 187 case X86::AND32rm: 188 case X86::AND32rr: 189 case X86::AND32rr_REV: 190 case X86::AND64i32: 191 case X86::AND64mi32: 192 case X86::AND64mi8: 193 case X86::AND64mr: 194 case X86::AND64ri32: 195 case X86::AND64ri8: 196 case X86::AND64rm: 197 case X86::AND64rr: 198 case X86::AND64rr_REV: 199 case X86::AND8i8: 200 case X86::AND8mi: 201 case X86::AND8mi8: 202 case X86::AND8mr: 203 case X86::AND8ri: 204 case X86::AND8ri8: 205 case X86::AND8rm: 206 case X86::AND8rr: 207 case X86::AND8rr_REV: 208 return true; 209 } 210 } 211 212 bool isCMP(unsigned Opcode) { 213 switch (Opcode) { 214 default: 215 return false; 216 case X86::CMP16i16: 217 case X86::CMP16mi: 218 case X86::CMP16mi8: 219 case X86::CMP16mr: 220 case X86::CMP16ri: 221 case X86::CMP16ri8: 222 case X86::CMP16rm: 223 case X86::CMP16rr: 224 case X86::CMP16rr_REV: 225 case X86::CMP32i32: 226 case X86::CMP32mi: 227 case X86::CMP32mi8: 228 case X86::CMP32mr: 229 case X86::CMP32ri: 230 case X86::CMP32ri8: 231 case X86::CMP32rm: 232 case X86::CMP32rr: 233 case X86::CMP32rr_REV: 234 case X86::CMP64i32: 235 case X86::CMP64mi32: 236 case X86::CMP64mi8: 237 case X86::CMP64mr: 238 case X86::CMP64ri32: 239 case X86::CMP64ri8: 240 case X86::CMP64rm: 241 case X86::CMP64rr: 242 case X86::CMP64rr_REV: 243 case X86::CMP8i8: 244 case X86::CMP8mi: 245 case X86::CMP8mi8: 246 case X86::CMP8mr: 247 case X86::CMP8ri: 248 case X86::CMP8ri8: 249 case X86::CMP8rm: 250 case X86::CMP8rr: 251 case X86::CMP8rr_REV: 252 return true; 253 } 254 } 255 256 bool isSUB(unsigned Opcode) { 257 switch (Opcode) { 258 default: 259 return false; 260 case X86::SUB16i16: 261 case X86::SUB16mi: 262 case X86::SUB16mi8: 263 case X86::SUB16mr: 264 case X86::SUB16ri: 265 case X86::SUB16ri8: 266 case X86::SUB16rm: 267 case X86::SUB16rr: 268 case X86::SUB16rr_REV: 269 case X86::SUB32i32: 270 case X86::SUB32mi: 271 case X86::SUB32mi8: 272 case X86::SUB32mr: 273 case X86::SUB32ri: 274 case X86::SUB32ri8: 275 case X86::SUB32rm: 276 case X86::SUB32rr: 277 case X86::SUB32rr_REV: 278 case X86::SUB64i32: 279 case X86::SUB64mi32: 280 case X86::SUB64mi8: 281 case X86::SUB64mr: 282 case X86::SUB64ri32: 283 case X86::SUB64ri8: 284 case X86::SUB64rm: 285 case X86::SUB64rr: 286 case X86::SUB64rr_REV: 287 case X86::SUB8i8: 288 case X86::SUB8mi: 289 case X86::SUB8mi8: 290 case X86::SUB8mr: 291 case X86::SUB8ri: 292 case X86::SUB8ri8: 293 case X86::SUB8rm: 294 case X86::SUB8rr: 295 case X86::SUB8rr_REV: 296 return true; 297 } 298 } 299 300 bool isTEST(unsigned Opcode) { 301 switch (Opcode) { 302 default: 303 return false; 304 case X86::TEST16i16: 305 case X86::TEST16mi: 306 case X86::TEST16mr: 307 case X86::TEST16ri: 308 case X86::TEST16rr: 309 case X86::TEST32i32: 310 case X86::TEST32mi: 311 case X86::TEST32mr: 312 case X86::TEST32ri: 313 case X86::TEST32rr: 314 case X86::TEST64i32: 315 case X86::TEST64mi32: 316 case X86::TEST64mr: 317 case X86::TEST64ri32: 318 case X86::TEST64rr: 319 case X86::TEST8i8: 320 case X86::TEST8mi: 321 case X86::TEST8mr: 322 case X86::TEST8ri: 323 case X86::TEST8rr: 324 return true; 325 } 326 } 327 328 class X86MCPlusBuilder : public MCPlusBuilder { 329 public: 330 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 331 const MCRegisterInfo *RegInfo) 332 : MCPlusBuilder(Analysis, Info, RegInfo) {} 333 334 bool isBranch(const MCInst &Inst) const override { 335 return Analysis->isBranch(Inst) && !isTailCall(Inst); 336 } 337 338 bool isUnconditionalBranch(const MCInst &Inst) const override { 339 return Analysis->isUnconditionalBranch(Inst) && !isTailCall(Inst); 340 } 341 342 bool isNoop(const MCInst &Inst) const override { 343 switch (Inst.getOpcode()) { 344 case X86::NOOP: 345 case X86::NOOPL: 346 case X86::NOOPLr: 347 case X86::NOOPQ: 348 case X86::NOOPQr: 349 case X86::NOOPW: 350 case X86::NOOPWr: 351 return true; 352 } 353 return false; 354 } 355 356 unsigned getCondCode(const MCInst &Inst) const override { 357 switch (Inst.getOpcode()) { 358 default: 359 return X86::COND_INVALID; 360 case X86::JCC_1: 361 case X86::JCC_2: 362 case X86::JCC_4: 363 return Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1) 364 .getImm(); 365 } 366 } 367 368 unsigned getInvertedCondCode(unsigned CC) const override { 369 switch (CC) { 370 default: return X86::COND_INVALID; 371 case X86::COND_E: return X86::COND_NE; 372 case X86::COND_NE: return X86::COND_E; 373 case X86::COND_L: return X86::COND_GE; 374 case X86::COND_LE: return X86::COND_G; 375 case X86::COND_G: return X86::COND_LE; 376 case X86::COND_GE: return X86::COND_L; 377 case X86::COND_B: return X86::COND_AE; 378 case X86::COND_BE: return X86::COND_A; 379 case X86::COND_A: return X86::COND_BE; 380 case X86::COND_AE: return X86::COND_B; 381 case X86::COND_S: return X86::COND_NS; 382 case X86::COND_NS: return X86::COND_S; 383 case X86::COND_P: return X86::COND_NP; 384 case X86::COND_NP: return X86::COND_P; 385 case X86::COND_O: return X86::COND_NO; 386 case X86::COND_NO: return X86::COND_O; 387 } 388 } 389 390 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 391 enum DecodedCondCode : uint8_t { 392 DCC_EQUAL = 0x1, 393 DCC_GREATER = 0x2, 394 DCC_LESSER = 0x4, 395 DCC_GREATER_OR_LESSER = 0x6, 396 DCC_UNSIGNED = 0x8, 397 DCC_SIGNED = 0x10, 398 DCC_INVALID = 0x20, 399 }; 400 401 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 402 switch (CC) { 403 default: return DCC_INVALID; 404 case X86::COND_E: return DCC_EQUAL; 405 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 406 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 407 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 408 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 409 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 410 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 411 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 412 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 413 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 414 } 415 }; 416 417 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 418 419 if (DCC & DCC_INVALID) 420 return X86::COND_INVALID; 421 422 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 423 return X86::COND_INVALID; 424 425 switch (DCC) { 426 default: return X86::COND_INVALID; 427 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 428 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 429 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 430 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 431 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 432 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 433 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 434 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 435 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 436 case DCC_EQUAL: return X86::COND_E; 437 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 438 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 439 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 440 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 441 } 442 } 443 444 bool isValidCondCode(unsigned CC) const override { 445 return (CC != X86::COND_INVALID); 446 } 447 448 bool isBreakpoint(const MCInst &Inst) const override { 449 return Inst.getOpcode() == X86::INT3; 450 } 451 452 bool isPrefix(const MCInst &Inst) const override { 453 switch (Inst.getOpcode()) { 454 case X86::LOCK_PREFIX: 455 case X86::REPNE_PREFIX: 456 case X86::REP_PREFIX: 457 return true; 458 } 459 return false; 460 } 461 462 bool isRep(const MCInst &Inst) const override { 463 return Inst.getFlags() == X86::IP_HAS_REPEAT; 464 } 465 466 bool deleteREPPrefix(MCInst &Inst) const override { 467 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 468 Inst.setFlags(0); 469 return true; 470 } 471 return false; 472 } 473 474 // FIXME: For compatibility with old LLVM only! 475 bool isTerminator(const MCInst &Inst) const override { 476 if (Info->get(Inst.getOpcode()).isTerminator()) 477 return true; 478 switch (Inst.getOpcode()) { 479 default: 480 return false; 481 case X86::TRAP: 482 // Opcodes previously known as X86::UD2B 483 case X86::UD1Wm: 484 case X86::UD1Lm: 485 case X86::UD1Qm: 486 case X86::UD1Wr: 487 case X86::UD1Lr: 488 case X86::UD1Qr: 489 return true; 490 } 491 } 492 493 bool isIndirectCall(const MCInst &Inst) const override { 494 return isCall(Inst) && 495 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 496 } 497 498 bool isPop(const MCInst &Inst) const override { 499 return getPopSize(Inst) == 0 ? false : true; 500 } 501 502 bool isTerminateBranch(const MCInst &Inst) const override { 503 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 504 } 505 506 int getPopSize(const MCInst &Inst) const override { 507 switch (Inst.getOpcode()) { 508 case X86::POP16r: 509 case X86::POP16rmm: 510 case X86::POP16rmr: 511 case X86::POPF16: 512 case X86::POPA16: 513 case X86::POPDS16: 514 case X86::POPES16: 515 case X86::POPFS16: 516 case X86::POPGS16: 517 case X86::POPSS16: 518 return 2; 519 case X86::POP32r: 520 case X86::POP32rmm: 521 case X86::POP32rmr: 522 case X86::POPA32: 523 case X86::POPDS32: 524 case X86::POPES32: 525 case X86::POPF32: 526 case X86::POPFS32: 527 case X86::POPGS32: 528 case X86::POPSS32: 529 return 4; 530 case X86::POP64r: 531 case X86::POP64rmm: 532 case X86::POP64rmr: 533 case X86::POPF64: 534 case X86::POPFS64: 535 case X86::POPGS64: 536 return 8; 537 } 538 return 0; 539 } 540 541 bool isPush(const MCInst &Inst) const override { 542 return getPushSize(Inst) == 0 ? false : true; 543 } 544 545 int getPushSize(const MCInst &Inst) const override { 546 switch (Inst.getOpcode()) { 547 case X86::PUSH16i8: 548 case X86::PUSH16r: 549 case X86::PUSH16rmm: 550 case X86::PUSH16rmr: 551 case X86::PUSHA16: 552 case X86::PUSHCS16: 553 case X86::PUSHDS16: 554 case X86::PUSHES16: 555 case X86::PUSHF16: 556 case X86::PUSHFS16: 557 case X86::PUSHGS16: 558 case X86::PUSHSS16: 559 case X86::PUSHi16: 560 return 2; 561 case X86::PUSH32i8: 562 case X86::PUSH32r: 563 case X86::PUSH32rmm: 564 case X86::PUSH32rmr: 565 case X86::PUSHA32: 566 case X86::PUSHCS32: 567 case X86::PUSHDS32: 568 case X86::PUSHES32: 569 case X86::PUSHF32: 570 case X86::PUSHFS32: 571 case X86::PUSHGS32: 572 case X86::PUSHSS32: 573 case X86::PUSHi32: 574 return 4; 575 case X86::PUSH64i32: 576 case X86::PUSH64i8: 577 case X86::PUSH64r: 578 case X86::PUSH64rmm: 579 case X86::PUSH64rmr: 580 case X86::PUSHF64: 581 case X86::PUSHFS64: 582 case X86::PUSHGS64: 583 return 8; 584 } 585 return 0; 586 } 587 588 bool isADD64rr(const MCInst &Inst) const override { 589 return Inst.getOpcode() == X86::ADD64rr; 590 } 591 592 bool isSUB(const MCInst &Inst) const override { 593 return ::isSUB(Inst.getOpcode()); 594 } 595 596 bool isADDri(const MCInst &Inst) const { 597 return Inst.getOpcode() == X86::ADD64ri32 || 598 Inst.getOpcode() == X86::ADD64ri8; 599 } 600 601 bool isLEA64r(const MCInst &Inst) const override { 602 return Inst.getOpcode() == X86::LEA64r; 603 } 604 605 bool isMOVSX64rm32(const MCInst &Inst) const override { 606 return Inst.getOpcode() == X86::MOVSX64rm32; 607 } 608 609 bool isLeave(const MCInst &Inst) const override { 610 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 611 } 612 613 bool isMoveMem2Reg(const MCInst &Inst) const override { 614 switch (Inst.getOpcode()) { 615 case X86::MOV16rm: 616 case X86::MOV32rm: 617 case X86::MOV64rm: 618 return true; 619 } 620 return false; 621 } 622 623 bool isUnsupportedBranch(unsigned Opcode) const override { 624 switch (Opcode) { 625 default: 626 return false; 627 case X86::LOOP: 628 case X86::LOOPE: 629 case X86::LOOPNE: 630 case X86::JECXZ: 631 case X86::JRCXZ: 632 return true; 633 } 634 } 635 636 bool isLoad(const MCInst &Inst) const override { 637 if (isPop(Inst)) 638 return true; 639 640 int MemOpNo = getMemoryOperandNo(Inst); 641 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 642 643 if (MemOpNo == -1) 644 return false; 645 646 return MCII.mayLoad(); 647 } 648 649 bool isStore(const MCInst &Inst) const override { 650 if (isPush(Inst)) 651 return true; 652 653 int MemOpNo = getMemoryOperandNo(Inst); 654 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 655 656 if (MemOpNo == -1) 657 return false; 658 659 return MCII.mayStore(); 660 } 661 662 bool isCleanRegXOR(const MCInst &Inst) const override { 663 switch (Inst.getOpcode()) { 664 case X86::XOR16rr: 665 case X86::XOR32rr: 666 case X86::XOR64rr: 667 break; 668 default: 669 return false; 670 } 671 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 672 } 673 674 bool isPacked(const MCInst &Inst) const override { 675 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 676 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 677 } 678 679 unsigned getTrapFillValue() const override { return 0xCC; } 680 681 struct IndJmpMatcherFrag1 : MCInstMatcher { 682 std::unique_ptr<MCInstMatcher> Base; 683 std::unique_ptr<MCInstMatcher> Scale; 684 std::unique_ptr<MCInstMatcher> Index; 685 std::unique_ptr<MCInstMatcher> Offset; 686 687 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 688 std::unique_ptr<MCInstMatcher> Scale, 689 std::unique_ptr<MCInstMatcher> Index, 690 std::unique_ptr<MCInstMatcher> Offset) 691 : Base(std::move(Base)), Scale(std::move(Scale)), 692 Index(std::move(Index)), Offset(std::move(Offset)) {} 693 694 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 695 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 696 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 697 return false; 698 699 if (CurInst->getOpcode() != X86::JMP64m) 700 return false; 701 702 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 703 if (MemOpNo == -1) 704 return false; 705 706 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 707 return false; 708 if (!Scale->match(MRI, MIB, this->InstrWindow, 709 MemOpNo + X86::AddrScaleAmt)) 710 return false; 711 if (!Index->match(MRI, MIB, this->InstrWindow, 712 MemOpNo + X86::AddrIndexReg)) 713 return false; 714 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 715 return false; 716 return true; 717 } 718 719 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 720 MIB.addAnnotation(*CurInst, Annotation, true); 721 Base->annotate(MIB, Annotation); 722 Scale->annotate(MIB, Annotation); 723 Index->annotate(MIB, Annotation); 724 Offset->annotate(MIB, Annotation); 725 } 726 }; 727 728 std::unique_ptr<MCInstMatcher> 729 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 730 std::unique_ptr<MCInstMatcher> Scale, 731 std::unique_ptr<MCInstMatcher> Index, 732 std::unique_ptr<MCInstMatcher> Offset) const override { 733 return std::unique_ptr<MCInstMatcher>( 734 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 735 std::move(Index), std::move(Offset))); 736 } 737 738 struct IndJmpMatcherFrag2 : MCInstMatcher { 739 std::unique_ptr<MCInstMatcher> Reg; 740 741 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 742 : Reg(std::move(Reg)) {} 743 744 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 745 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 746 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 747 return false; 748 749 if (CurInst->getOpcode() != X86::JMP64r) 750 return false; 751 752 return Reg->match(MRI, MIB, this->InstrWindow, 0); 753 } 754 755 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 756 MIB.addAnnotation(*CurInst, Annotation, true); 757 Reg->annotate(MIB, Annotation); 758 } 759 }; 760 761 std::unique_ptr<MCInstMatcher> 762 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 763 return std::unique_ptr<MCInstMatcher>( 764 new IndJmpMatcherFrag2(std::move(Target))); 765 } 766 767 struct LoadMatcherFrag1 : MCInstMatcher { 768 std::unique_ptr<MCInstMatcher> Base; 769 std::unique_ptr<MCInstMatcher> Scale; 770 std::unique_ptr<MCInstMatcher> Index; 771 std::unique_ptr<MCInstMatcher> Offset; 772 773 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 774 std::unique_ptr<MCInstMatcher> Scale, 775 std::unique_ptr<MCInstMatcher> Index, 776 std::unique_ptr<MCInstMatcher> Offset) 777 : Base(std::move(Base)), Scale(std::move(Scale)), 778 Index(std::move(Index)), Offset(std::move(Offset)) {} 779 780 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 781 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 782 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 783 return false; 784 785 if (CurInst->getOpcode() != X86::MOV64rm && 786 CurInst->getOpcode() != X86::MOVSX64rm32) 787 return false; 788 789 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 790 if (MemOpNo == -1) 791 return false; 792 793 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 794 return false; 795 if (!Scale->match(MRI, MIB, this->InstrWindow, 796 MemOpNo + X86::AddrScaleAmt)) 797 return false; 798 if (!Index->match(MRI, MIB, this->InstrWindow, 799 MemOpNo + X86::AddrIndexReg)) 800 return false; 801 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 802 return false; 803 return true; 804 } 805 806 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 807 MIB.addAnnotation(*CurInst, Annotation, true); 808 Base->annotate(MIB, Annotation); 809 Scale->annotate(MIB, Annotation); 810 Index->annotate(MIB, Annotation); 811 Offset->annotate(MIB, Annotation); 812 } 813 }; 814 815 std::unique_ptr<MCInstMatcher> 816 matchLoad(std::unique_ptr<MCInstMatcher> Base, 817 std::unique_ptr<MCInstMatcher> Scale, 818 std::unique_ptr<MCInstMatcher> Index, 819 std::unique_ptr<MCInstMatcher> Offset) const override { 820 return std::unique_ptr<MCInstMatcher>( 821 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 822 std::move(Index), std::move(Offset))); 823 } 824 825 struct AddMatcher : MCInstMatcher { 826 std::unique_ptr<MCInstMatcher> A; 827 std::unique_ptr<MCInstMatcher> B; 828 829 AddMatcher(std::unique_ptr<MCInstMatcher> A, 830 std::unique_ptr<MCInstMatcher> B) 831 : A(std::move(A)), B(std::move(B)) {} 832 833 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 834 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 835 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 836 return false; 837 838 if (CurInst->getOpcode() == X86::ADD64rr || 839 CurInst->getOpcode() == X86::ADD64rr_DB || 840 CurInst->getOpcode() == X86::ADD64rr_REV) { 841 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 842 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 843 return false; 844 return A->match(MRI, MIB, this->InstrWindow, 2); 845 } 846 847 if (B->match(MRI, MIB, this->InstrWindow, 2)) 848 return true; 849 850 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 851 return false; 852 return A->match(MRI, MIB, this->InstrWindow, 2); 853 } 854 855 return false; 856 } 857 858 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 859 MIB.addAnnotation(*CurInst, Annotation, true); 860 A->annotate(MIB, Annotation); 861 B->annotate(MIB, Annotation); 862 } 863 }; 864 865 virtual std::unique_ptr<MCInstMatcher> 866 matchAdd(std::unique_ptr<MCInstMatcher> A, 867 std::unique_ptr<MCInstMatcher> B) const override { 868 return std::unique_ptr<MCInstMatcher>( 869 new AddMatcher(std::move(A), std::move(B))); 870 } 871 872 struct LEAMatcher : MCInstMatcher { 873 std::unique_ptr<MCInstMatcher> Target; 874 875 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 876 : Target(std::move(Target)) {} 877 878 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 879 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 880 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 881 return false; 882 883 if (CurInst->getOpcode() != X86::LEA64r) 884 return false; 885 886 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 887 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 888 X86::NoRegister || 889 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 890 X86::NoRegister && 891 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 892 return false; 893 894 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 895 } 896 897 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 898 MIB.addAnnotation(*CurInst, Annotation, true); 899 Target->annotate(MIB, Annotation); 900 } 901 }; 902 903 virtual std::unique_ptr<MCInstMatcher> 904 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 905 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 906 } 907 908 bool hasPCRelOperand(const MCInst &Inst) const override { 909 for (const MCOperand &Operand : Inst) 910 if (Operand.isReg() && Operand.getReg() == X86::RIP) 911 return true; 912 return false; 913 } 914 915 int getMemoryOperandNo(const MCInst &Inst) const override { 916 unsigned Opcode = Inst.getOpcode(); 917 const MCInstrDesc &Desc = Info->get(Opcode); 918 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 919 if (MemOpNo >= 0) 920 MemOpNo += X86II::getOperandBias(Desc); 921 return MemOpNo; 922 } 923 924 bool hasEVEXEncoding(const MCInst &Inst) const override { 925 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 926 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 927 } 928 929 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 930 const auto *I = Insts.begin(); 931 while (I != Insts.end() && isPrefix(*I)) 932 ++I; 933 if (I == Insts.end()) 934 return false; 935 936 const MCInst &FirstInst = *I; 937 ++I; 938 while (I != Insts.end() && isPrefix(*I)) 939 ++I; 940 if (I == Insts.end()) 941 return false; 942 const MCInst &SecondInst = *I; 943 944 if (!isConditionalBranch(SecondInst)) 945 return false; 946 // Cannot fuse if the first instruction uses RIP-relative memory. 947 if (hasPCRelOperand(FirstInst)) 948 return false; 949 950 const X86::FirstMacroFusionInstKind CmpKind = 951 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 952 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 953 return false; 954 955 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 956 X86::SecondMacroFusionInstKind BranchKind = 957 X86::classifySecondCondCodeInMacroFusion(CC); 958 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 959 return false; 960 return X86::isMacroFused(CmpKind, BranchKind); 961 } 962 963 bool 964 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 965 int64_t *ScaleImm, unsigned *IndexRegNum, 966 int64_t *DispImm, unsigned *SegmentRegNum, 967 const MCExpr **DispExpr = nullptr) const override { 968 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 969 "one of the input pointers is null"); 970 int MemOpNo = getMemoryOperandNo(Inst); 971 if (MemOpNo < 0) 972 return false; 973 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 974 975 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 976 return false; 977 978 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 979 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 980 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 981 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 982 const MCOperand &Segment = 983 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 984 985 // Make sure it is a well-formed memory operand. 986 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 987 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 988 return false; 989 990 *BaseRegNum = Base.getReg(); 991 *ScaleImm = Scale.getImm(); 992 *IndexRegNum = Index.getReg(); 993 if (Disp.isImm()) { 994 assert(DispImm && "DispImm needs to be set"); 995 *DispImm = Disp.getImm(); 996 if (DispExpr) 997 *DispExpr = nullptr; 998 } else { 999 assert(DispExpr && "DispExpr needs to be set"); 1000 *DispExpr = Disp.getExpr(); 1001 if (DispImm) 1002 *DispImm = 0; 1003 } 1004 *SegmentRegNum = Segment.getReg(); 1005 return true; 1006 } 1007 1008 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 1009 uint64_t Address, 1010 uint64_t Size) const override { 1011 unsigned BaseRegNum; 1012 int64_t ScaleValue; 1013 unsigned IndexRegNum; 1014 int64_t DispValue; 1015 unsigned SegRegNum; 1016 const MCExpr *DispExpr = nullptr; 1017 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1018 &DispValue, &SegRegNum, &DispExpr)) 1019 return false; 1020 1021 // Make sure it's a well-formed addressing we can statically evaluate. 1022 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 1023 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 1024 DispExpr) 1025 return false; 1026 1027 Target = DispValue; 1028 if (BaseRegNum == X86::RIP) { 1029 assert(Size != 0 && "instruction size required in order to statically " 1030 "evaluate RIP-relative address"); 1031 Target += Address + Size; 1032 } 1033 return true; 1034 } 1035 1036 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 1037 int MemOpNo = getMemoryOperandNo(Inst); 1038 if (MemOpNo < 0) 1039 return Inst.end(); 1040 return Inst.begin() + (MemOpNo + X86::AddrDisp); 1041 } 1042 1043 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 1044 MCOperand *OI = getMemOperandDisp(Inst); 1045 if (OI == Inst.end()) 1046 return false; 1047 *OI = Operand; 1048 return true; 1049 } 1050 1051 /// Get the registers used as function parameters. 1052 /// This function is specific to the x86_64 abi on Linux. 1053 BitVector getRegsUsedAsParams() const override { 1054 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 1055 Regs |= getAliases(X86::RSI); 1056 Regs |= getAliases(X86::RDI); 1057 Regs |= getAliases(X86::RDX); 1058 Regs |= getAliases(X86::RCX); 1059 Regs |= getAliases(X86::R8); 1060 Regs |= getAliases(X86::R9); 1061 return Regs; 1062 } 1063 1064 void getCalleeSavedRegs(BitVector &Regs) const override { 1065 Regs |= getAliases(X86::RBX); 1066 Regs |= getAliases(X86::RBP); 1067 Regs |= getAliases(X86::R12); 1068 Regs |= getAliases(X86::R13); 1069 Regs |= getAliases(X86::R14); 1070 Regs |= getAliases(X86::R15); 1071 } 1072 1073 void getDefaultDefIn(BitVector &Regs) const override { 1074 assert(Regs.size() >= RegInfo->getNumRegs() && 1075 "The size of BitVector is less than RegInfo->getNumRegs()."); 1076 Regs.set(X86::RAX); 1077 Regs.set(X86::RCX); 1078 Regs.set(X86::RDX); 1079 Regs.set(X86::RSI); 1080 Regs.set(X86::RDI); 1081 Regs.set(X86::R8); 1082 Regs.set(X86::R9); 1083 Regs.set(X86::XMM0); 1084 Regs.set(X86::XMM1); 1085 Regs.set(X86::XMM2); 1086 Regs.set(X86::XMM3); 1087 Regs.set(X86::XMM4); 1088 Regs.set(X86::XMM5); 1089 Regs.set(X86::XMM6); 1090 Regs.set(X86::XMM7); 1091 } 1092 1093 void getDefaultLiveOut(BitVector &Regs) const override { 1094 assert(Regs.size() >= RegInfo->getNumRegs() && 1095 "The size of BitVector is less than RegInfo->getNumRegs()."); 1096 Regs |= getAliases(X86::RAX); 1097 Regs |= getAliases(X86::RDX); 1098 Regs |= getAliases(X86::RCX); 1099 Regs |= getAliases(X86::XMM0); 1100 Regs |= getAliases(X86::XMM1); 1101 } 1102 1103 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 1104 if (IncludeAlias) { 1105 Regs |= getAliases(X86::RAX); 1106 Regs |= getAliases(X86::RBX); 1107 Regs |= getAliases(X86::RBP); 1108 Regs |= getAliases(X86::RSI); 1109 Regs |= getAliases(X86::RDI); 1110 Regs |= getAliases(X86::RDX); 1111 Regs |= getAliases(X86::RCX); 1112 Regs |= getAliases(X86::R8); 1113 Regs |= getAliases(X86::R9); 1114 Regs |= getAliases(X86::R10); 1115 Regs |= getAliases(X86::R11); 1116 Regs |= getAliases(X86::R12); 1117 Regs |= getAliases(X86::R13); 1118 Regs |= getAliases(X86::R14); 1119 Regs |= getAliases(X86::R15); 1120 return; 1121 } 1122 Regs.set(X86::RAX); 1123 Regs.set(X86::RBX); 1124 Regs.set(X86::RBP); 1125 Regs.set(X86::RSI); 1126 Regs.set(X86::RDI); 1127 Regs.set(X86::RDX); 1128 Regs.set(X86::RCX); 1129 Regs.set(X86::R8); 1130 Regs.set(X86::R9); 1131 Regs.set(X86::R10); 1132 Regs.set(X86::R11); 1133 Regs.set(X86::R12); 1134 Regs.set(X86::R13); 1135 Regs.set(X86::R14); 1136 Regs.set(X86::R15); 1137 } 1138 1139 void getClassicGPRegs(BitVector &Regs) const override { 1140 Regs |= getAliases(X86::RAX); 1141 Regs |= getAliases(X86::RBX); 1142 Regs |= getAliases(X86::RBP); 1143 Regs |= getAliases(X86::RSI); 1144 Regs |= getAliases(X86::RDI); 1145 Regs |= getAliases(X86::RDX); 1146 Regs |= getAliases(X86::RCX); 1147 } 1148 1149 void getRepRegs(BitVector &Regs) const override { 1150 Regs |= getAliases(X86::RCX); 1151 } 1152 1153 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 1154 switch (Reg) { 1155 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 1156 switch (Size) { 1157 case 8: return X86::RAX; case 4: return X86::EAX; 1158 case 2: return X86::AX; case 1: return X86::AL; 1159 default: llvm_unreachable("Unexpected size"); 1160 } 1161 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 1162 switch (Size) { 1163 case 8: return X86::RBX; case 4: return X86::EBX; 1164 case 2: return X86::BX; case 1: return X86::BL; 1165 default: llvm_unreachable("Unexpected size"); 1166 } 1167 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 1168 switch (Size) { 1169 case 8: return X86::RDX; case 4: return X86::EDX; 1170 case 2: return X86::DX; case 1: return X86::DL; 1171 default: llvm_unreachable("Unexpected size"); 1172 } 1173 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 1174 switch (Size) { 1175 case 8: return X86::RDI; case 4: return X86::EDI; 1176 case 2: return X86::DI; case 1: return X86::DIL; 1177 default: llvm_unreachable("Unexpected size"); 1178 } 1179 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 1180 switch (Size) { 1181 case 8: return X86::RSI; case 4: return X86::ESI; 1182 case 2: return X86::SI; case 1: return X86::SIL; 1183 default: llvm_unreachable("Unexpected size"); 1184 } 1185 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 1186 switch (Size) { 1187 case 8: return X86::RCX; case 4: return X86::ECX; 1188 case 2: return X86::CX; case 1: return X86::CL; 1189 default: llvm_unreachable("Unexpected size"); 1190 } 1191 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 1192 switch (Size) { 1193 case 8: return X86::RSP; case 4: return X86::ESP; 1194 case 2: return X86::SP; case 1: return X86::SPL; 1195 default: llvm_unreachable("Unexpected size"); 1196 } 1197 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 1198 switch (Size) { 1199 case 8: return X86::RBP; case 4: return X86::EBP; 1200 case 2: return X86::BP; case 1: return X86::BPL; 1201 default: llvm_unreachable("Unexpected size"); 1202 } 1203 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 1204 switch (Size) { 1205 case 8: return X86::R8; case 4: return X86::R8D; 1206 case 2: return X86::R8W; case 1: return X86::R8B; 1207 default: llvm_unreachable("Unexpected size"); 1208 } 1209 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 1210 switch (Size) { 1211 case 8: return X86::R9; case 4: return X86::R9D; 1212 case 2: return X86::R9W; case 1: return X86::R9B; 1213 default: llvm_unreachable("Unexpected size"); 1214 } 1215 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 1216 switch (Size) { 1217 case 8: return X86::R10; case 4: return X86::R10D; 1218 case 2: return X86::R10W; case 1: return X86::R10B; 1219 default: llvm_unreachable("Unexpected size"); 1220 } 1221 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 1222 switch (Size) { 1223 case 8: return X86::R11; case 4: return X86::R11D; 1224 case 2: return X86::R11W; case 1: return X86::R11B; 1225 default: llvm_unreachable("Unexpected size"); 1226 } 1227 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 1228 switch (Size) { 1229 case 8: return X86::R12; case 4: return X86::R12D; 1230 case 2: return X86::R12W; case 1: return X86::R12B; 1231 default: llvm_unreachable("Unexpected size"); 1232 } 1233 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 1234 switch (Size) { 1235 case 8: return X86::R13; case 4: return X86::R13D; 1236 case 2: return X86::R13W; case 1: return X86::R13B; 1237 default: llvm_unreachable("Unexpected size"); 1238 } 1239 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 1240 switch (Size) { 1241 case 8: return X86::R14; case 4: return X86::R14D; 1242 case 2: return X86::R14W; case 1: return X86::R14B; 1243 default: llvm_unreachable("Unexpected size"); 1244 } 1245 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 1246 switch (Size) { 1247 case 8: return X86::R15; case 4: return X86::R15D; 1248 case 2: return X86::R15W; case 1: return X86::R15B; 1249 default: llvm_unreachable("Unexpected size"); 1250 } 1251 default: 1252 dbgs() << Reg << " (get alias sized)\n"; 1253 llvm_unreachable("Unexpected reg number"); 1254 break; 1255 } 1256 } 1257 1258 bool isUpper8BitReg(MCPhysReg Reg) const override { 1259 switch (Reg) { 1260 case X86::AH: 1261 case X86::BH: 1262 case X86::CH: 1263 case X86::DH: 1264 return true; 1265 default: 1266 return false; 1267 } 1268 } 1269 1270 bool cannotUseREX(const MCInst &Inst) const override { 1271 switch (Inst.getOpcode()) { 1272 case X86::MOV8mr_NOREX: 1273 case X86::MOV8rm_NOREX: 1274 case X86::MOV8rr_NOREX: 1275 case X86::MOVSX32rm8_NOREX: 1276 case X86::MOVSX32rr8_NOREX: 1277 case X86::MOVZX32rm8_NOREX: 1278 case X86::MOVZX32rr8_NOREX: 1279 case X86::MOV8mr: 1280 case X86::MOV8rm: 1281 case X86::MOV8rr: 1282 case X86::MOVSX32rm8: 1283 case X86::MOVSX32rr8: 1284 case X86::MOVZX32rm8: 1285 case X86::MOVZX32rr8: 1286 case X86::TEST8ri: 1287 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1288 const MCOperand &Operand = Inst.getOperand(I); 1289 if (!Operand.isReg()) 1290 continue; 1291 if (isUpper8BitReg(Operand.getReg())) 1292 return true; 1293 } 1294 LLVM_FALLTHROUGH; 1295 default: 1296 return false; 1297 } 1298 } 1299 1300 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1301 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1302 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1303 bool &IsSimple, bool &IsIndexed) const override { 1304 // Detect simple push/pop cases first 1305 if (int Sz = getPushSize(Inst)) { 1306 IsLoad = false; 1307 IsStore = true; 1308 IsStoreFromReg = true; 1309 StackPtrReg = X86::RSP; 1310 StackOffset = -Sz; 1311 Size = Sz; 1312 IsSimple = true; 1313 if (Inst.getOperand(0).isImm()) 1314 SrcImm = Inst.getOperand(0).getImm(); 1315 else if (Inst.getOperand(0).isReg()) 1316 Reg = Inst.getOperand(0).getReg(); 1317 else 1318 IsSimple = false; 1319 1320 return true; 1321 } 1322 if (int Sz = getPopSize(Inst)) { 1323 IsLoad = true; 1324 IsStore = false; 1325 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1326 IsSimple = false; 1327 } else { 1328 Reg = Inst.getOperand(0).getReg(); 1329 IsSimple = true; 1330 } 1331 StackPtrReg = X86::RSP; 1332 StackOffset = 0; 1333 Size = Sz; 1334 return true; 1335 } 1336 1337 struct InstInfo { 1338 // Size in bytes that Inst loads from memory. 1339 uint8_t DataSize; 1340 bool IsLoad; 1341 bool IsStore; 1342 bool StoreFromReg; 1343 bool Simple; 1344 }; 1345 1346 InstInfo I; 1347 int MemOpNo = getMemoryOperandNo(Inst); 1348 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1349 // If it is not dealing with a memory operand, we discard it 1350 if (MemOpNo == -1 || MCII.isCall()) 1351 return false; 1352 1353 switch (Inst.getOpcode()) { 1354 default: { 1355 uint8_t Sz = 0; 1356 bool IsLoad = MCII.mayLoad(); 1357 bool IsStore = MCII.mayStore(); 1358 // Is it LEA? (deals with memory but is not loading nor storing) 1359 if (!IsLoad && !IsStore) 1360 return false; 1361 1362 // Try to guess data size involved in the load/store by looking at the 1363 // register size. If there's no reg involved, return 0 as size, meaning 1364 // we don't know. 1365 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1366 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1367 continue; 1368 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1369 continue; 1370 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1371 break; 1372 } 1373 I = {Sz, IsLoad, IsStore, false, false}; 1374 break; 1375 } 1376 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1377 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1378 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1379 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1380 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1381 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1382 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1383 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1384 } // end switch (Inst.getOpcode()) 1385 1386 unsigned BaseRegNum; 1387 int64_t ScaleValue; 1388 unsigned IndexRegNum; 1389 int64_t DispValue; 1390 unsigned SegRegNum; 1391 const MCExpr *DispExpr; 1392 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1393 &DispValue, &SegRegNum, &DispExpr)) { 1394 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1395 LLVM_DEBUG(Inst.dump()); 1396 return false; 1397 } 1398 1399 // Make sure it's a stack access 1400 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1401 return false; 1402 1403 IsLoad = I.IsLoad; 1404 IsStore = I.IsStore; 1405 IsStoreFromReg = I.StoreFromReg; 1406 Size = I.DataSize; 1407 IsSimple = I.Simple; 1408 StackPtrReg = BaseRegNum; 1409 StackOffset = DispValue; 1410 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1411 1412 if (!I.Simple) 1413 return true; 1414 1415 // Retrieve related register in simple MOV from/to stack operations. 1416 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1417 if (I.IsLoad) { 1418 MCOperand RegOpnd = Inst.getOperand(0); 1419 assert(RegOpnd.isReg() && "unexpected destination operand"); 1420 Reg = RegOpnd.getReg(); 1421 } else if (I.IsStore) { 1422 MCOperand SrcOpnd = 1423 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1424 if (I.StoreFromReg) { 1425 assert(SrcOpnd.isReg() && "unexpected source operand"); 1426 Reg = SrcOpnd.getReg(); 1427 } else { 1428 assert(SrcOpnd.isImm() && "unexpected source operand"); 1429 SrcImm = SrcOpnd.getImm(); 1430 } 1431 } 1432 1433 return true; 1434 } 1435 1436 void changeToPushOrPop(MCInst &Inst) const override { 1437 assert(!isPush(Inst) && !isPop(Inst)); 1438 1439 struct InstInfo { 1440 // Size in bytes that Inst loads from memory. 1441 uint8_t DataSize; 1442 bool IsLoad; 1443 bool StoreFromReg; 1444 }; 1445 1446 InstInfo I; 1447 switch (Inst.getOpcode()) { 1448 default: { 1449 llvm_unreachable("Unhandled opcode"); 1450 return; 1451 } 1452 case X86::MOV16rm: I = {2, true, false}; break; 1453 case X86::MOV32rm: I = {4, true, false}; break; 1454 case X86::MOV64rm: I = {8, true, false}; break; 1455 case X86::MOV16mr: I = {2, false, true}; break; 1456 case X86::MOV32mr: I = {4, false, true}; break; 1457 case X86::MOV64mr: I = {8, false, true}; break; 1458 case X86::MOV16mi: I = {2, false, false}; break; 1459 case X86::MOV32mi: I = {4, false, false}; break; 1460 } // end switch (Inst.getOpcode()) 1461 1462 unsigned BaseRegNum; 1463 int64_t ScaleValue; 1464 unsigned IndexRegNum; 1465 int64_t DispValue; 1466 unsigned SegRegNum; 1467 const MCExpr *DispExpr; 1468 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1469 &DispValue, &SegRegNum, &DispExpr)) { 1470 llvm_unreachable("Evaluate failed"); 1471 return; 1472 } 1473 // Make sure it's a stack access 1474 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1475 llvm_unreachable("Not a stack access"); 1476 return; 1477 } 1478 1479 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1480 unsigned NewOpcode = 0; 1481 if (I.IsLoad) { 1482 switch (I.DataSize) { 1483 case 2: NewOpcode = X86::POP16r; break; 1484 case 4: NewOpcode = X86::POP32r; break; 1485 case 8: NewOpcode = X86::POP64r; break; 1486 default: 1487 llvm_unreachable("Unexpected size"); 1488 } 1489 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1490 Inst.clear(); 1491 Inst.setOpcode(NewOpcode); 1492 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1493 } else { 1494 MCOperand SrcOpnd = 1495 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1496 if (I.StoreFromReg) { 1497 switch (I.DataSize) { 1498 case 2: NewOpcode = X86::PUSH16r; break; 1499 case 4: NewOpcode = X86::PUSH32r; break; 1500 case 8: NewOpcode = X86::PUSH64r; break; 1501 default: 1502 llvm_unreachable("Unexpected size"); 1503 } 1504 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1505 unsigned RegOpndNum = SrcOpnd.getReg(); 1506 Inst.clear(); 1507 Inst.setOpcode(NewOpcode); 1508 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1509 } else { 1510 switch (I.DataSize) { 1511 case 2: NewOpcode = X86::PUSH16i8; break; 1512 case 4: NewOpcode = X86::PUSH32i8; break; 1513 case 8: NewOpcode = X86::PUSH64i32; break; 1514 default: 1515 llvm_unreachable("Unexpected size"); 1516 } 1517 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1518 int64_t SrcImm = SrcOpnd.getImm(); 1519 Inst.clear(); 1520 Inst.setOpcode(NewOpcode); 1521 Inst.addOperand(MCOperand::createImm(SrcImm)); 1522 } 1523 } 1524 } 1525 1526 bool isStackAdjustment(const MCInst &Inst) const override { 1527 switch (Inst.getOpcode()) { 1528 default: 1529 return false; 1530 case X86::SUB64ri32: 1531 case X86::SUB64ri8: 1532 case X86::ADD64ri32: 1533 case X86::ADD64ri8: 1534 case X86::LEA64r: 1535 break; 1536 } 1537 1538 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1539 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1540 const MCOperand &Operand = Inst.getOperand(I); 1541 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1542 return true; 1543 } 1544 return false; 1545 } 1546 1547 bool evaluateSimple(const MCInst &Inst, int64_t &Output, 1548 std::pair<MCPhysReg, int64_t> Input1, 1549 std::pair<MCPhysReg, int64_t> Input2) const override { 1550 1551 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1552 if (Reg == Input1.first) 1553 return Input1.second; 1554 if (Reg == Input2.first) 1555 return Input2.second; 1556 return make_error_code(errc::result_out_of_range); 1557 }; 1558 1559 switch (Inst.getOpcode()) { 1560 default: 1561 return false; 1562 1563 case X86::AND64ri32: 1564 case X86::AND64ri8: 1565 if (!Inst.getOperand(2).isImm()) 1566 return false; 1567 if (ErrorOr<int64_t> InputVal = 1568 getOperandVal(Inst.getOperand(1).getReg())) 1569 Output = *InputVal & Inst.getOperand(2).getImm(); 1570 else 1571 return false; 1572 break; 1573 case X86::SUB64ri32: 1574 case X86::SUB64ri8: 1575 if (!Inst.getOperand(2).isImm()) 1576 return false; 1577 if (ErrorOr<int64_t> InputVal = 1578 getOperandVal(Inst.getOperand(1).getReg())) 1579 Output = *InputVal - Inst.getOperand(2).getImm(); 1580 else 1581 return false; 1582 break; 1583 case X86::ADD64ri32: 1584 case X86::ADD64ri8: 1585 if (!Inst.getOperand(2).isImm()) 1586 return false; 1587 if (ErrorOr<int64_t> InputVal = 1588 getOperandVal(Inst.getOperand(1).getReg())) 1589 Output = *InputVal + Inst.getOperand(2).getImm(); 1590 else 1591 return false; 1592 break; 1593 case X86::ADD64i32: 1594 if (!Inst.getOperand(0).isImm()) 1595 return false; 1596 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1597 Output = *InputVal + Inst.getOperand(0).getImm(); 1598 else 1599 return false; 1600 break; 1601 1602 case X86::LEA64r: { 1603 unsigned BaseRegNum; 1604 int64_t ScaleValue; 1605 unsigned IndexRegNum; 1606 int64_t DispValue; 1607 unsigned SegRegNum; 1608 const MCExpr *DispExpr = nullptr; 1609 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1610 &IndexRegNum, &DispValue, &SegRegNum, 1611 &DispExpr)) 1612 return false; 1613 1614 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1615 SegRegNum != X86::NoRegister || DispExpr) 1616 return false; 1617 1618 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1619 Output = *InputVal + DispValue; 1620 else 1621 return false; 1622 1623 break; 1624 } 1625 } 1626 return true; 1627 } 1628 1629 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1630 MCPhysReg &To) const override { 1631 switch (Inst.getOpcode()) { 1632 default: 1633 return false; 1634 case X86::LEAVE: 1635 case X86::LEAVE64: 1636 To = getStackPointer(); 1637 From = getFramePointer(); 1638 return true; 1639 case X86::MOV64rr: 1640 To = Inst.getOperand(0).getReg(); 1641 From = Inst.getOperand(1).getReg(); 1642 return true; 1643 } 1644 } 1645 1646 MCPhysReg getStackPointer() const override { return X86::RSP; } 1647 MCPhysReg getFramePointer() const override { return X86::RBP; } 1648 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1649 1650 bool escapesVariable(const MCInst &Inst, 1651 bool HasFramePointer) const override { 1652 int MemOpNo = getMemoryOperandNo(Inst); 1653 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1654 const unsigned NumDefs = MCII.getNumDefs(); 1655 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1656 getAliases(X86::RBP)); 1657 static BitVector SPAliases(getAliases(X86::RSP)); 1658 1659 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1660 // because a lot of harmless prologue code will spill SP to the stack. 1661 // Unless push is clearly pushing an object address to the stack as 1662 // demonstrated by having a MemOp. 1663 bool IsPush = isPush(Inst); 1664 if (IsPush && MemOpNo == -1) 1665 return false; 1666 1667 // We use this to detect LEA (has memop but does not access mem) 1668 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1669 bool DoesLeak = false; 1670 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1671 // Ignore if SP/BP is used to dereference memory -- that's fine 1672 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1673 I <= MemOpNo + 5) 1674 continue; 1675 // Ignore if someone is writing to SP/BP 1676 if (I < static_cast<int>(NumDefs)) 1677 continue; 1678 1679 const MCOperand &Operand = Inst.getOperand(I); 1680 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1681 DoesLeak = true; 1682 break; 1683 } 1684 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1685 DoesLeak = true; 1686 break; 1687 } 1688 } 1689 1690 // If potential leak, check if it is not just writing to itself/sp/bp 1691 if (DoesLeak) { 1692 for (int I = 0, E = NumDefs; I != E; ++I) { 1693 const MCOperand &Operand = Inst.getOperand(I); 1694 if (HasFramePointer && Operand.isReg() && 1695 SPBPAliases[Operand.getReg()]) { 1696 DoesLeak = false; 1697 break; 1698 } 1699 if (!HasFramePointer && Operand.isReg() && 1700 SPAliases[Operand.getReg()]) { 1701 DoesLeak = false; 1702 break; 1703 } 1704 } 1705 } 1706 return DoesLeak; 1707 } 1708 1709 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1710 unsigned ImmOpNo = -1U; 1711 int MemOpNo = getMemoryOperandNo(Inst); 1712 if (MemOpNo != -1) 1713 ImmOpNo = MemOpNo + X86::AddrDisp; 1714 else 1715 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1716 ++Index) 1717 if (Inst.getOperand(Index).isImm()) 1718 ImmOpNo = Index; 1719 if (ImmOpNo == -1U) 1720 return false; 1721 1722 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1723 Amt += Operand.getImm(); 1724 Operand.setImm(Amt); 1725 // Check for the need for relaxation 1726 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1727 return true; 1728 1729 // Relax instruction 1730 switch (Inst.getOpcode()) { 1731 case X86::SUB64ri8: 1732 Inst.setOpcode(X86::SUB64ri32); 1733 break; 1734 case X86::ADD64ri8: 1735 Inst.setOpcode(X86::ADD64ri32); 1736 break; 1737 default: 1738 // No need for relaxation 1739 break; 1740 } 1741 return true; 1742 } 1743 1744 /// TODO: this implementation currently works for the most common opcodes that 1745 /// load from memory. It can be extended to work with memory store opcodes as 1746 /// well as more memory load opcodes. 1747 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1748 uint64_t Offset) const override { 1749 enum CheckSignExt : uint8_t { 1750 NOCHECK = 0, 1751 CHECK8, 1752 CHECK32, 1753 }; 1754 1755 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1756 struct InstInfo { 1757 // Size in bytes that Inst loads from memory. 1758 uint8_t DataSize; 1759 1760 // True when the target operand has to be duplicated because the opcode 1761 // expects a LHS operand. 1762 bool HasLHS; 1763 1764 // List of checks and corresponding opcodes to be used. We try to use the 1765 // smallest possible immediate value when various sizes are available, 1766 // hence we may need to check whether a larger constant fits in a smaller 1767 // immediate. 1768 CheckList Checks; 1769 }; 1770 1771 InstInfo I; 1772 1773 switch (Inst.getOpcode()) { 1774 default: { 1775 switch (getPopSize(Inst)) { 1776 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1777 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1778 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1779 {NOCHECK, X86::MOV64rm}}}; break; 1780 default: return false; 1781 } 1782 break; 1783 } 1784 1785 // MOV 1786 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1787 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1788 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1789 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1790 {NOCHECK, X86::MOV64rm}}}; break; 1791 1792 // MOVZX 1793 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1794 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1795 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1796 1797 // CMP 1798 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1799 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1800 {NOCHECK, X86::CMP16ri}}}; break; 1801 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1802 {NOCHECK, X86::CMP32ri}}}; break; 1803 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1804 {CHECK32, X86::CMP64ri32}, 1805 {NOCHECK, X86::CMP64rm}}}; break; 1806 1807 // TEST 1808 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1809 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1810 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1811 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1812 {NOCHECK, X86::TEST64mr}}}; break; 1813 1814 // ADD 1815 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1816 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1817 {NOCHECK, X86::ADD16ri}}}; break; 1818 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1819 {NOCHECK, X86::ADD32ri}}}; break; 1820 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1821 {CHECK32, X86::ADD64ri32}, 1822 {NOCHECK, X86::ADD64rm}}}; break; 1823 1824 // SUB 1825 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1826 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1827 {NOCHECK, X86::SUB16ri}}}; break; 1828 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1829 {NOCHECK, X86::SUB32ri}}}; break; 1830 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1831 {CHECK32, X86::SUB64ri32}, 1832 {NOCHECK, X86::SUB64rm}}}; break; 1833 1834 // AND 1835 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1836 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1837 {NOCHECK, X86::AND16ri}}}; break; 1838 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1839 {NOCHECK, X86::AND32ri}}}; break; 1840 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1841 {CHECK32, X86::AND64ri32}, 1842 {NOCHECK, X86::AND64rm}}}; break; 1843 1844 // OR 1845 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1846 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1847 {NOCHECK, X86::OR16ri}}}; break; 1848 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1849 {NOCHECK, X86::OR32ri}}}; break; 1850 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1851 {CHECK32, X86::OR64ri32}, 1852 {NOCHECK, X86::OR64rm}}}; break; 1853 1854 // XOR 1855 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1856 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1857 {NOCHECK, X86::XOR16ri}}}; break; 1858 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1859 {NOCHECK, X86::XOR32ri}}}; break; 1860 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1861 {CHECK32, X86::XOR64ri32}, 1862 {NOCHECK, X86::XOR64rm}}}; break; 1863 } 1864 1865 // Compute the immediate value. 1866 assert(Offset + I.DataSize <= ConstantData.size() && 1867 "invalid offset for given constant data"); 1868 int64_t ImmVal = 1869 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1870 1871 // Compute the new opcode. 1872 unsigned NewOpcode = 0; 1873 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1874 NewOpcode = Check.second; 1875 if (Check.first == NOCHECK) 1876 break; 1877 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1878 break; 1879 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1880 break; 1881 } 1882 if (NewOpcode == Inst.getOpcode()) 1883 return false; 1884 1885 // Modify the instruction. 1886 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1887 uint32_t TargetOpNum = 0; 1888 // Test instruction does not follow the regular pattern of putting the 1889 // memory reference of a load (5 MCOperands) last in the list of operands. 1890 // Since it is not modifying the register operand, it is not treated as 1891 // a destination operand and it is not the first operand as it is in the 1892 // other instructions we treat here. 1893 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1894 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1895 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1896 1897 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1898 Inst.clear(); 1899 Inst.setOpcode(NewOpcode); 1900 Inst.addOperand(TargetOp); 1901 if (I.HasLHS) 1902 Inst.addOperand(TargetOp); 1903 Inst.addOperand(ImmOp); 1904 1905 return true; 1906 } 1907 1908 /// TODO: this implementation currently works for the most common opcodes that 1909 /// load from memory. It can be extended to work with memory store opcodes as 1910 /// well as more memory load opcodes. 1911 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1912 unsigned NewOpcode; 1913 1914 switch (Inst.getOpcode()) { 1915 default: { 1916 switch (getPopSize(Inst)) { 1917 case 2: NewOpcode = X86::MOV16rr; break; 1918 case 4: NewOpcode = X86::MOV32rr; break; 1919 case 8: NewOpcode = X86::MOV64rr; break; 1920 default: return false; 1921 } 1922 break; 1923 } 1924 1925 // MOV 1926 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1927 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1928 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1929 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1930 } 1931 1932 // Modify the instruction. 1933 MCOperand RegOp = MCOperand::createReg(RegNum); 1934 MCOperand TargetOp = Inst.getOperand(0); 1935 Inst.clear(); 1936 Inst.setOpcode(NewOpcode); 1937 Inst.addOperand(TargetOp); 1938 Inst.addOperand(RegOp); 1939 1940 return true; 1941 } 1942 1943 bool isRedundantMove(const MCInst &Inst) const override { 1944 switch (Inst.getOpcode()) { 1945 default: 1946 return false; 1947 1948 // MOV 1949 case X86::MOV8rr: 1950 case X86::MOV16rr: 1951 case X86::MOV32rr: 1952 case X86::MOV64rr: 1953 break; 1954 } 1955 1956 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1957 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1958 } 1959 1960 bool requiresAlignedAddress(const MCInst &Inst) const override { 1961 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1962 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1963 const MCOperandInfo &Op = Desc.OpInfo[I]; 1964 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1965 continue; 1966 if (Op.RegClass == X86::VR128RegClassID) 1967 return true; 1968 } 1969 return false; 1970 } 1971 1972 bool convertJmpToTailCall(MCInst &Inst) override { 1973 if (isTailCall(Inst)) 1974 return false; 1975 1976 int NewOpcode; 1977 switch (Inst.getOpcode()) { 1978 default: 1979 return false; 1980 case X86::JMP_1: 1981 case X86::JMP_2: 1982 case X86::JMP_4: 1983 NewOpcode = X86::JMP_4; 1984 break; 1985 case X86::JMP16m: 1986 case X86::JMP32m: 1987 case X86::JMP64m: 1988 NewOpcode = X86::JMP32m; 1989 break; 1990 case X86::JMP16r: 1991 case X86::JMP32r: 1992 case X86::JMP64r: 1993 NewOpcode = X86::JMP32r; 1994 break; 1995 } 1996 1997 Inst.setOpcode(NewOpcode); 1998 setTailCall(Inst); 1999 return true; 2000 } 2001 2002 bool convertTailCallToJmp(MCInst &Inst) override { 2003 int NewOpcode; 2004 switch (Inst.getOpcode()) { 2005 default: 2006 return false; 2007 case X86::JMP_4: 2008 NewOpcode = X86::JMP_1; 2009 break; 2010 case X86::JMP32m: 2011 NewOpcode = X86::JMP64m; 2012 break; 2013 case X86::JMP32r: 2014 NewOpcode = X86::JMP64r; 2015 break; 2016 } 2017 2018 Inst.setOpcode(NewOpcode); 2019 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2020 clearOffset(Inst); 2021 return true; 2022 } 2023 2024 bool convertTailCallToCall(MCInst &Inst) override { 2025 int NewOpcode; 2026 switch (Inst.getOpcode()) { 2027 default: 2028 return false; 2029 case X86::JMP_4: 2030 NewOpcode = X86::CALL64pcrel32; 2031 break; 2032 case X86::JMP32m: 2033 NewOpcode = X86::CALL64m; 2034 break; 2035 case X86::JMP32r: 2036 NewOpcode = X86::CALL64r; 2037 break; 2038 } 2039 2040 Inst.setOpcode(NewOpcode); 2041 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2042 return true; 2043 } 2044 2045 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 2046 MCContext *Ctx) override { 2047 bool IsTailCall = isTailCall(Inst); 2048 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 2049 (Inst.getOpcode() == X86::JMP_4 && IsTailCall)) && 2050 "64-bit direct (tail) call instruction expected"); 2051 const auto NewOpcode = 2052 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 2053 Inst.setOpcode(NewOpcode); 2054 2055 // Replace the first operand and preserve auxiliary operands of 2056 // the instruction. 2057 Inst.erase(Inst.begin()); 2058 Inst.insert(Inst.begin(), 2059 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2060 Inst.insert(Inst.begin(), 2061 MCOperand::createExpr( // Displacement 2062 MCSymbolRefExpr::create(TargetLocation, 2063 MCSymbolRefExpr::VK_None, *Ctx))); 2064 Inst.insert(Inst.begin(), 2065 MCOperand::createReg(X86::NoRegister)); // IndexReg 2066 Inst.insert(Inst.begin(), 2067 MCOperand::createImm(1)); // ScaleAmt 2068 Inst.insert(Inst.begin(), 2069 MCOperand::createReg(X86::RIP)); // BaseReg 2070 2071 return true; 2072 } 2073 2074 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 2075 bool IsTailCall = isTailCall(Inst); 2076 if (IsTailCall) 2077 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2078 if (Inst.getOpcode() == X86::CALL64m || 2079 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 2080 Inst.setOpcode(X86::MOV64rm); 2081 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2082 return; 2083 } 2084 if (Inst.getOpcode() == X86::CALL64r || 2085 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 2086 Inst.setOpcode(X86::MOV64rr); 2087 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2088 return; 2089 } 2090 LLVM_DEBUG(Inst.dump()); 2091 llvm_unreachable("not implemented"); 2092 } 2093 2094 bool shortenInstruction(MCInst &Inst) const override { 2095 unsigned OldOpcode = Inst.getOpcode(); 2096 unsigned NewOpcode = OldOpcode; 2097 2098 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where SIB 2099 // byte is present, but no index is used and modrm alone shoud have been 2100 // enough. Converting to NoRegister effectively removes the SIB byte. 2101 int MemOpNo = getMemoryOperandNo(Inst); 2102 if (MemOpNo >= 0) { 2103 MCOperand &IndexOp = 2104 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 2105 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 2106 IndexOp = MCOperand::createReg(X86::NoRegister); 2107 } 2108 2109 if (isBranch(Inst)) { 2110 NewOpcode = getShortBranchOpcode(OldOpcode); 2111 } else if (OldOpcode == X86::MOV64ri) { 2112 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2113 const int64_t Imm = 2114 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2115 if (int64_t(Imm) == int64_t(int32_t(Imm))) 2116 NewOpcode = X86::MOV64ri32; 2117 } 2118 } else { 2119 // If it's arithmetic instruction check if signed operand fits in 1 byte. 2120 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 2121 if (ShortOpcode != OldOpcode && 2122 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2123 int64_t Imm = 2124 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2125 if (int64_t(Imm) == int64_t(int8_t(Imm))) 2126 NewOpcode = ShortOpcode; 2127 } 2128 } 2129 2130 if (NewOpcode == OldOpcode) 2131 return false; 2132 2133 Inst.setOpcode(NewOpcode); 2134 return true; 2135 } 2136 2137 bool lowerTailCall(MCInst &Inst) override { 2138 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 2139 Inst.setOpcode(X86::JMP_1); 2140 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2141 return true; 2142 } 2143 return false; 2144 } 2145 2146 const MCSymbol *getTargetSymbol(const MCInst &Inst, 2147 unsigned OpNum = 0) const override { 2148 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 2149 return nullptr; 2150 2151 const MCOperand &Op = Inst.getOperand(OpNum); 2152 if (!Op.isExpr()) 2153 return nullptr; 2154 2155 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 2156 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 2157 return nullptr; 2158 2159 return &SymExpr->getSymbol(); 2160 } 2161 2162 // This is the same as the base class, but since we are overriding one of 2163 // getTargetSymbol's signatures above, we need to override all of them. 2164 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 2165 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 2166 } 2167 2168 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 2169 const MCSymbol *&TBB, const MCSymbol *&FBB, 2170 MCInst *&CondBranch, 2171 MCInst *&UncondBranch) const override { 2172 auto I = End; 2173 2174 // Bottom-up analysis 2175 while (I != Begin) { 2176 --I; 2177 2178 // Ignore nops and CFIs 2179 if (isPseudo(*I)) 2180 continue; 2181 2182 // Stop when we find the first non-terminator 2183 if (!isTerminator(*I)) 2184 break; 2185 2186 if (!isBranch(*I)) 2187 break; 2188 2189 // Handle unconditional branches. 2190 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 2191 I->getOpcode() == X86::JMP_4) && 2192 !isTailCall(*I)) { 2193 // If any code was seen after this unconditional branch, we've seen 2194 // unreachable code. Ignore them. 2195 CondBranch = nullptr; 2196 UncondBranch = &*I; 2197 const MCSymbol *Sym = getTargetSymbol(*I); 2198 assert(Sym != nullptr && 2199 "Couldn't extract BB symbol from jump operand"); 2200 TBB = Sym; 2201 continue; 2202 } 2203 2204 // Handle conditional branches and ignore indirect branches 2205 if (!isUnsupportedBranch(I->getOpcode()) && 2206 getCondCode(*I) == X86::COND_INVALID) { 2207 // Indirect branch 2208 return false; 2209 } 2210 2211 if (CondBranch == nullptr) { 2212 const MCSymbol *TargetBB = getTargetSymbol(*I); 2213 if (TargetBB == nullptr) { 2214 // Unrecognized branch target 2215 return false; 2216 } 2217 FBB = TBB; 2218 TBB = TargetBB; 2219 CondBranch = &*I; 2220 continue; 2221 } 2222 2223 llvm_unreachable("multiple conditional branches in one BB"); 2224 } 2225 return true; 2226 } 2227 2228 template <typename Itr> 2229 std::pair<IndirectBranchType, MCInst *> 2230 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2231 // Analyze PIC-style jump table code template: 2232 // 2233 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2234 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2235 // add %r2, %r1 2236 // jmp *%r1 2237 // 2238 // (with any irrelevant instructions in-between) 2239 // 2240 // When we call this helper we've already determined %r1 and %r2, and 2241 // reverse instruction iterator \p II is pointing to the ADD instruction. 2242 // 2243 // PIC jump table looks like following: 2244 // 2245 // JT: ---------- 2246 // E1:| L1 - JT | 2247 // |----------| 2248 // E2:| L2 - JT | 2249 // |----------| 2250 // | | 2251 // ...... 2252 // En:| Ln - JT | 2253 // ---------- 2254 // 2255 // Where L1, L2, ..., Ln represent labels in the function. 2256 // 2257 // The actual relocations in the table will be of the form: 2258 // 2259 // Ln - JT 2260 // = (Ln - En) + (En - JT) 2261 // = R_X86_64_PC32(Ln) + En - JT 2262 // = R_X86_64_PC32(Ln + offsetof(En)) 2263 // 2264 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2265 MCInst *MemLocInstr = nullptr; 2266 const MCInst *MovInstr = nullptr; 2267 while (++II != IE) { 2268 MCInst &Instr = *II; 2269 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2270 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2271 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2272 // Ignore instructions that don't affect R1, R2 registers. 2273 continue; 2274 } 2275 if (!MovInstr) { 2276 // Expect to see MOV instruction. 2277 if (!isMOVSX64rm32(Instr)) { 2278 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2279 break; 2280 } 2281 2282 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2283 // If it sets %r1 - rename the registers so we have to only check 2284 // a single form. 2285 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2286 if (MovDestReg != R2) 2287 std::swap(R1, R2); 2288 if (MovDestReg != R2) { 2289 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2290 break; 2291 } 2292 2293 // Verify operands for MOV. 2294 unsigned BaseRegNum; 2295 int64_t ScaleValue; 2296 unsigned IndexRegNum; 2297 int64_t DispValue; 2298 unsigned SegRegNum; 2299 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2300 &IndexRegNum, &DispValue, &SegRegNum)) 2301 break; 2302 if (BaseRegNum != R1 || ScaleValue != 4 || 2303 IndexRegNum == X86::NoRegister || DispValue != 0 || 2304 SegRegNum != X86::NoRegister) 2305 break; 2306 MovInstr = &Instr; 2307 } else { 2308 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2309 continue; 2310 if (!isLEA64r(Instr)) { 2311 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2312 break; 2313 } 2314 if (Instr.getOperand(0).getReg() != R1) { 2315 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2316 break; 2317 } 2318 2319 // Verify operands for LEA. 2320 unsigned BaseRegNum; 2321 int64_t ScaleValue; 2322 unsigned IndexRegNum; 2323 const MCExpr *DispExpr = nullptr; 2324 int64_t DispValue; 2325 unsigned SegRegNum; 2326 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2327 &IndexRegNum, &DispValue, &SegRegNum, 2328 &DispExpr)) 2329 break; 2330 if (BaseRegNum != RegInfo->getProgramCounter() || 2331 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2332 DispExpr == nullptr) 2333 break; 2334 MemLocInstr = &Instr; 2335 break; 2336 } 2337 } 2338 2339 if (!MemLocInstr) 2340 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2341 2342 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2343 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2344 MemLocInstr); 2345 } 2346 2347 IndirectBranchType analyzeIndirectBranch( 2348 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2349 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2350 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2351 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2352 // Try to find a (base) memory location from where the address for 2353 // the indirect branch is loaded. For X86-64 the memory will be specified 2354 // in the following format: 2355 // 2356 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2357 // 2358 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2359 // the contents of the memory are presumably an array of pointers to code. 2360 // 2361 // Normal jump table: 2362 // 2363 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2364 // 2365 // or 2366 // 2367 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2368 // ... 2369 // jmp %r1 2370 // 2371 // We handle PIC-style jump tables separately. 2372 // 2373 MemLocInstrOut = nullptr; 2374 BaseRegNumOut = X86::NoRegister; 2375 IndexRegNumOut = X86::NoRegister; 2376 DispValueOut = 0; 2377 DispExprOut = nullptr; 2378 2379 std::reverse_iterator<InstructionIterator> II(End); 2380 std::reverse_iterator<InstructionIterator> IE(Begin); 2381 2382 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2383 2384 // An instruction referencing memory used by jump instruction (directly or 2385 // via register). This location could be an array of function pointers 2386 // in case of indirect tail call, or a jump table. 2387 MCInst *MemLocInstr = nullptr; 2388 2389 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2390 // If the indirect jump is on register - try to detect if the 2391 // register value is loaded from a memory location. 2392 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2393 const unsigned R1 = Instruction.getOperand(0).getReg(); 2394 // Check if one of the previous instructions defines the jump-on register. 2395 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2396 MCInst &PrevInstr = *PrevII; 2397 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2398 2399 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2400 continue; 2401 2402 if (isMoveMem2Reg(PrevInstr)) { 2403 MemLocInstr = &PrevInstr; 2404 break; 2405 } 2406 if (isADD64rr(PrevInstr)) { 2407 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2408 if (R1 == R2) 2409 return IndirectBranchType::UNKNOWN; 2410 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2411 break; 2412 } 2413 return IndirectBranchType::UNKNOWN; 2414 } 2415 if (!MemLocInstr) { 2416 // No definition seen for the register in this function so far. Could be 2417 // an input parameter - which means it is an external code reference. 2418 // It also could be that the definition happens to be in the code that 2419 // we haven't processed yet. Since we have to be conservative, return 2420 // as UNKNOWN case. 2421 return IndirectBranchType::UNKNOWN; 2422 } 2423 } else { 2424 MemLocInstr = &Instruction; 2425 } 2426 2427 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2428 2429 // Analyze the memory location. 2430 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2431 int64_t ScaleValue, DispValue; 2432 const MCExpr *DispExpr; 2433 2434 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2435 &IndexRegNum, &DispValue, &SegRegNum, 2436 &DispExpr)) 2437 return IndirectBranchType::UNKNOWN; 2438 2439 BaseRegNumOut = BaseRegNum; 2440 IndexRegNumOut = IndexRegNum; 2441 DispValueOut = DispValue; 2442 DispExprOut = DispExpr; 2443 2444 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2445 SegRegNum != X86::NoRegister) 2446 return IndirectBranchType::UNKNOWN; 2447 2448 if (MemLocInstr == &Instruction && 2449 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2450 MemLocInstrOut = MemLocInstr; 2451 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2452 } 2453 2454 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2455 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2456 return IndirectBranchType::UNKNOWN; 2457 2458 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2459 ScaleValue != PtrSize) 2460 return IndirectBranchType::UNKNOWN; 2461 2462 MemLocInstrOut = MemLocInstr; 2463 2464 return Type; 2465 } 2466 2467 /// Analyze a callsite to see if it could be a virtual method call. This only 2468 /// checks to see if the overall pattern is satisfied, it does not guarantee 2469 /// that the callsite is a true virtual method call. 2470 /// The format of virtual method calls that are recognized is one of the 2471 /// following: 2472 /// 2473 /// Form 1: (found in debug code) 2474 /// add METHOD_OFFSET, %VtableReg 2475 /// mov (%VtableReg), %MethodReg 2476 /// ... 2477 /// call or jmp *%MethodReg 2478 /// 2479 /// Form 2: 2480 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2481 /// ... 2482 /// call or jmp *%MethodReg 2483 /// 2484 /// Form 3: 2485 /// ... 2486 /// call or jmp *METHOD_OFFSET(%VtableReg) 2487 /// 2488 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2489 InstructionIterator ForwardEnd, 2490 std::vector<MCInst *> &MethodFetchInsns, 2491 unsigned &VtableRegNum, unsigned &MethodRegNum, 2492 uint64_t &MethodOffset) const override { 2493 VtableRegNum = X86::NoRegister; 2494 MethodRegNum = X86::NoRegister; 2495 MethodOffset = 0; 2496 2497 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2498 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2499 2500 MCInst &CallInst = *Itr++; 2501 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2502 2503 unsigned BaseReg, IndexReg, SegmentReg; 2504 int64_t Scale, Disp; 2505 const MCExpr *DispExpr; 2506 2507 // The call can just be jmp offset(reg) 2508 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2509 &SegmentReg, &DispExpr)) { 2510 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2511 BaseReg != X86::NoRegister) { 2512 MethodRegNum = BaseReg; 2513 if (Scale == 1 && IndexReg == X86::NoRegister && 2514 SegmentReg == X86::NoRegister) { 2515 VtableRegNum = MethodRegNum; 2516 MethodOffset = Disp; 2517 MethodFetchInsns.push_back(&CallInst); 2518 return true; 2519 } 2520 } 2521 return false; 2522 } 2523 if (CallInst.getOperand(0).isReg()) 2524 MethodRegNum = CallInst.getOperand(0).getReg(); 2525 else 2526 return false; 2527 2528 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2529 VtableRegNum = X86::NoRegister; 2530 MethodRegNum = X86::NoRegister; 2531 return false; 2532 } 2533 2534 // find load from vtable, this may or may not include the method offset 2535 while (Itr != End) { 2536 MCInst &CurInst = *Itr++; 2537 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2538 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2539 if (isLoad(CurInst) && 2540 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2541 &Disp, &SegmentReg, &DispExpr)) { 2542 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2543 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2544 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2545 BaseReg != X86::RIP) { 2546 VtableRegNum = BaseReg; 2547 MethodOffset = Disp; 2548 MethodFetchInsns.push_back(&CurInst); 2549 if (MethodOffset != 0) 2550 return true; 2551 break; 2552 } 2553 } 2554 return false; 2555 } 2556 } 2557 2558 if (!VtableRegNum) 2559 return false; 2560 2561 // look for any adds affecting the method register. 2562 while (Itr != End) { 2563 MCInst &CurInst = *Itr++; 2564 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2565 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2566 if (isADDri(CurInst)) { 2567 assert(!MethodOffset); 2568 MethodOffset = CurInst.getOperand(2).getImm(); 2569 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2570 break; 2571 } 2572 } 2573 } 2574 2575 return true; 2576 } 2577 2578 bool createStackPointerIncrement(MCInst &Inst, int Size, 2579 bool NoFlagsClobber) const override { 2580 if (NoFlagsClobber) { 2581 Inst.setOpcode(X86::LEA64r); 2582 Inst.clear(); 2583 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2584 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2585 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2586 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2587 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2588 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2589 return true; 2590 } 2591 Inst.setOpcode(X86::SUB64ri8); 2592 Inst.clear(); 2593 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2594 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2595 Inst.addOperand(MCOperand::createImm(Size)); 2596 return true; 2597 } 2598 2599 bool createStackPointerDecrement(MCInst &Inst, int Size, 2600 bool NoFlagsClobber) const override { 2601 if (NoFlagsClobber) { 2602 Inst.setOpcode(X86::LEA64r); 2603 Inst.clear(); 2604 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2605 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2606 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2607 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2608 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2609 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2610 return true; 2611 } 2612 Inst.setOpcode(X86::ADD64ri8); 2613 Inst.clear(); 2614 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2615 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2616 Inst.addOperand(MCOperand::createImm(Size)); 2617 return true; 2618 } 2619 2620 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2621 const MCPhysReg &SrcReg, int Size) const override { 2622 unsigned NewOpcode; 2623 switch (Size) { 2624 default: 2625 return false; 2626 case 2: NewOpcode = X86::MOV16mr; break; 2627 case 4: NewOpcode = X86::MOV32mr; break; 2628 case 8: NewOpcode = X86::MOV64mr; break; 2629 } 2630 Inst.setOpcode(NewOpcode); 2631 Inst.clear(); 2632 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2633 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2634 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2635 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2636 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2637 Inst.addOperand(MCOperand::createReg(SrcReg)); 2638 return true; 2639 } 2640 2641 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2642 int Offset, const MCPhysReg &DstReg, 2643 int Size) const override { 2644 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2645 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2646 DstReg, Size); 2647 } 2648 2649 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2650 const MCPhysReg &IndexReg, int64_t Offset, 2651 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2652 const MCPhysReg &DstReg, int Size) const override { 2653 unsigned NewOpcode; 2654 switch (Size) { 2655 default: 2656 return false; 2657 case 2: NewOpcode = X86::MOV16rm; break; 2658 case 4: NewOpcode = X86::MOV32rm; break; 2659 case 8: NewOpcode = X86::MOV64rm; break; 2660 } 2661 Inst.setOpcode(NewOpcode); 2662 Inst.clear(); 2663 Inst.addOperand(MCOperand::createReg(DstReg)); 2664 Inst.addOperand(MCOperand::createReg(BaseReg)); 2665 Inst.addOperand(MCOperand::createImm(Scale)); 2666 Inst.addOperand(MCOperand::createReg(IndexReg)); 2667 if (OffsetExpr) 2668 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2669 else 2670 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2671 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2672 return true; 2673 } 2674 2675 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2676 uint32_t Imm) const override { 2677 Inst.setOpcode(X86::MOV64ri32); 2678 Inst.clear(); 2679 Inst.addOperand(MCOperand::createReg(Dest)); 2680 Inst.addOperand(MCOperand::createImm(Imm)); 2681 } 2682 2683 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2684 MCContext *Ctx) const override { 2685 2686 Inst.setOpcode(X86::LOCK_INC64m); 2687 Inst.clear(); 2688 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2689 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2690 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2691 2692 Inst.addOperand(MCOperand::createExpr( 2693 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2694 *Ctx))); // Displacement 2695 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2696 return true; 2697 } 2698 2699 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2700 const MCOperand &BaseReg, const MCOperand &Scale, 2701 const MCOperand &IndexReg, const MCOperand &Offset, 2702 const MCOperand &TmpReg) const override { 2703 // The code fragment we emit here is: 2704 // 2705 // mov32 (%base, %index, scale), %tmpreg 2706 // ijmp *(%tmpreg) 2707 // 2708 MCInst IJmp; 2709 IJmp.setOpcode(X86::JMP64r); 2710 IJmp.addOperand(TmpReg); 2711 2712 MCInst Load; 2713 Load.setOpcode(X86::MOV32rm); 2714 Load.addOperand(TmpReg); 2715 Load.addOperand(BaseReg); 2716 Load.addOperand(Scale); 2717 Load.addOperand(IndexReg); 2718 Load.addOperand(Offset); 2719 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2720 2721 Insts.push_back(Load); 2722 Insts.push_back(IJmp); 2723 return true; 2724 } 2725 2726 bool createNoop(MCInst &Inst) const override { 2727 Inst.setOpcode(X86::NOOP); 2728 return true; 2729 } 2730 2731 bool createReturn(MCInst &Inst) const override { 2732 Inst.setOpcode(X86::RET64); 2733 return true; 2734 } 2735 2736 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2737 InstructionListType Code; 2738 if (ReturnEnd) 2739 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2740 .addReg(X86::RAX) 2741 .addReg(X86::RDI) 2742 .addImm(1) 2743 .addReg(X86::RDX) 2744 .addImm(0) 2745 .addReg(X86::NoRegister)); 2746 else 2747 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2748 .addReg(X86::RAX) 2749 .addReg(X86::RDI)); 2750 2751 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2752 .addReg(X86::ECX) 2753 .addReg(X86::EDX)); 2754 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2755 2756 return Code; 2757 } 2758 2759 InstructionListType createOneByteMemcpy() const override { 2760 InstructionListType Code; 2761 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2762 .addReg(X86::CL) 2763 .addReg(X86::RSI) 2764 .addImm(0) 2765 .addReg(X86::NoRegister) 2766 .addImm(0) 2767 .addReg(X86::NoRegister)); 2768 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2769 .addReg(X86::RDI) 2770 .addImm(0) 2771 .addReg(X86::NoRegister) 2772 .addImm(0) 2773 .addReg(X86::NoRegister) 2774 .addReg(X86::CL)); 2775 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2776 .addReg(X86::RAX) 2777 .addReg(X86::RDI)); 2778 return Code; 2779 } 2780 2781 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2782 const MCSymbol *Target, 2783 MCContext *Ctx) const override { 2784 InstructionListType Code; 2785 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2786 .addReg(RegNo) 2787 .addImm(Imm)); 2788 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2789 .addExpr(MCSymbolRefExpr::create( 2790 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2791 .addImm(X86::COND_E)); 2792 return Code; 2793 } 2794 2795 Optional<Relocation> 2796 createRelocation(const MCFixup &Fixup, 2797 const MCAsmBackend &MAB) const override { 2798 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2799 2800 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2801 const uint64_t RelOffset = Fixup.getOffset(); 2802 2803 uint64_t RelType; 2804 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2805 switch (FKI.TargetSize) { 2806 default: 2807 return NoneType(); 2808 case 8: RelType = ELF::R_X86_64_PC8; break; 2809 case 16: RelType = ELF::R_X86_64_PC16; break; 2810 case 32: RelType = ELF::R_X86_64_PC32; break; 2811 case 64: RelType = ELF::R_X86_64_PC64; break; 2812 } 2813 } else { 2814 switch (FKI.TargetSize) { 2815 default: 2816 return NoneType(); 2817 case 8: RelType = ELF::R_X86_64_8; break; 2818 case 16: RelType = ELF::R_X86_64_16; break; 2819 case 32: RelType = ELF::R_X86_64_32; break; 2820 case 64: RelType = ELF::R_X86_64_64; break; 2821 } 2822 } 2823 2824 // Extract a symbol and an addend out of the fixup value expression. 2825 // 2826 // Only the following limited expression types are supported: 2827 // Symbol + Addend 2828 // Symbol 2829 uint64_t Addend = 0; 2830 MCSymbol *Symbol = nullptr; 2831 const MCExpr *ValueExpr = Fixup.getValue(); 2832 if (ValueExpr->getKind() == MCExpr::Binary) { 2833 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2834 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2835 "unexpected binary expression"); 2836 const MCExpr *LHS = BinaryExpr->getLHS(); 2837 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2838 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2839 const MCExpr *RHS = BinaryExpr->getRHS(); 2840 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2841 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2842 } else { 2843 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2844 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2845 } 2846 2847 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2848 } 2849 2850 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2851 int64_t Addend, MCContext *Ctx, int64_t &Value, 2852 uint64_t RelType) const override { 2853 unsigned ImmOpNo = -1U; 2854 2855 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2856 ++Index) { 2857 if (Inst.getOperand(Index).isImm()) { 2858 ImmOpNo = Index; 2859 // TODO: this is a bit hacky. It finds the correct operand by 2860 // searching for a specific immediate value. If no value is 2861 // provided it defaults to the last immediate operand found. 2862 // This could lead to unexpected results if the instruction 2863 // has more than one immediate with the same value. 2864 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2865 break; 2866 } 2867 } 2868 2869 if (ImmOpNo == -1U) 2870 return false; 2871 2872 Value = Inst.getOperand(ImmOpNo).getImm(); 2873 2874 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2875 2876 return true; 2877 } 2878 2879 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2880 int64_t Imm) const override { 2881 2882 enum CheckSignExt : uint8_t { 2883 NOCHECK = 0, 2884 CHECK8, 2885 CHECK32, 2886 }; 2887 2888 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2889 struct InstInfo { 2890 // Size in bytes that Inst loads from memory. 2891 uint8_t DataSize; 2892 2893 // True when the target operand has to be duplicated because the opcode 2894 // expects a LHS operand. 2895 bool HasLHS; 2896 2897 // List of checks and corresponding opcodes to be used. We try to use the 2898 // smallest possible immediate value when various sizes are available, 2899 // hence we may need to check whether a larger constant fits in a smaller 2900 // immediate. 2901 CheckList Checks; 2902 }; 2903 2904 InstInfo I; 2905 2906 switch (Inst.getOpcode()) { 2907 default: { 2908 switch (getPushSize(Inst)) { 2909 2910 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2911 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2912 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2913 {CHECK32, X86::PUSH64i32}, 2914 {NOCHECK, Inst.getOpcode()}}}; break; 2915 default: return false; 2916 } 2917 break; 2918 } 2919 2920 // MOV 2921 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2922 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2923 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2924 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2925 {NOCHECK, X86::MOV64ri}}}; break; 2926 2927 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2928 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2929 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2930 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2931 {NOCHECK, X86::MOV64mr}}}; break; 2932 2933 // MOVZX 2934 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2935 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2936 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2937 2938 // CMP 2939 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2940 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2941 {NOCHECK, X86::CMP16ri}}}; break; 2942 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2943 {NOCHECK, X86::CMP32ri}}}; break; 2944 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2945 {CHECK32, X86::CMP64ri32}, 2946 {NOCHECK, X86::CMP64rr}}}; break; 2947 2948 // TEST 2949 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2950 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2951 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2952 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2953 {NOCHECK, X86::TEST64rr}}}; break; 2954 2955 // ADD 2956 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2957 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2958 {NOCHECK, X86::ADD16ri}}}; break; 2959 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2960 {NOCHECK, X86::ADD32ri}}}; break; 2961 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2962 {CHECK32, X86::ADD64ri32}, 2963 {NOCHECK, X86::ADD64rr}}}; break; 2964 2965 // SUB 2966 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2967 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2968 {NOCHECK, X86::SUB16ri}}}; break; 2969 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2970 {NOCHECK, X86::SUB32ri}}}; break; 2971 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2972 {CHECK32, X86::SUB64ri32}, 2973 {NOCHECK, X86::SUB64rr}}}; break; 2974 2975 // AND 2976 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2977 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2978 {NOCHECK, X86::AND16ri}}}; break; 2979 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2980 {NOCHECK, X86::AND32ri}}}; break; 2981 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2982 {CHECK32, X86::AND64ri32}, 2983 {NOCHECK, X86::AND64rr}}}; break; 2984 2985 // OR 2986 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2987 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2988 {NOCHECK, X86::OR16ri}}}; break; 2989 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2990 {NOCHECK, X86::OR32ri}}}; break; 2991 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2992 {CHECK32, X86::OR64ri32}, 2993 {NOCHECK, X86::OR64rr}}}; break; 2994 2995 // XOR 2996 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2997 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2998 {NOCHECK, X86::XOR16ri}}}; break; 2999 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 3000 {NOCHECK, X86::XOR32ri}}}; break; 3001 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 3002 {CHECK32, X86::XOR64ri32}, 3003 {NOCHECK, X86::XOR64rr}}}; break; 3004 } 3005 3006 // Compute the new opcode. 3007 unsigned NewOpcode = 0; 3008 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 3009 NewOpcode = Check.second; 3010 if (Check.first == NOCHECK) 3011 break; 3012 if (Check.first == CHECK8 && isInt<8>(Imm)) 3013 break; 3014 if (Check.first == CHECK32 && isInt<32>(Imm)) 3015 break; 3016 } 3017 if (NewOpcode == Inst.getOpcode()) 3018 return false; 3019 3020 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3021 3022 unsigned NumFound = 0; 3023 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 3024 E = InstDesc.getNumOperands(); 3025 Index != E; ++Index) 3026 if (Inst.getOperand(Index).isReg() && 3027 Inst.getOperand(Index).getReg() == Register) 3028 NumFound++; 3029 3030 if (NumFound != 1) 3031 return false; 3032 3033 // Iterate backwards to replace the src register before the src/dest 3034 // register as in AND, ADD, and SUB Only iterate through src operands that 3035 // arent also dest operands 3036 for (unsigned Index = InstDesc.getNumOperands() - 1, 3037 E = InstDesc.getNumDefs() + (I.HasLHS ? 0 : -1); 3038 Index != E; --Index) { 3039 if (!Inst.getOperand(Index).isReg() || 3040 Inst.getOperand(Index).getReg() != Register) 3041 continue; 3042 MCOperand NewOperand = MCOperand::createImm(Imm); 3043 Inst.getOperand(Index) = NewOperand; 3044 break; 3045 } 3046 3047 Inst.setOpcode(NewOpcode); 3048 3049 return true; 3050 } 3051 3052 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 3053 unsigned ReplaceWith) const override { 3054 3055 // Get the HasLHS value so that iteration can be done 3056 bool HasLHS; 3057 if (isAND(Inst.getOpcode()) || isADD(Inst.getOpcode()) || isSUB(Inst)) { 3058 HasLHS = true; 3059 } else if (isPop(Inst) || isPush(Inst) || isCMP(Inst.getOpcode()) || 3060 isTEST(Inst.getOpcode())) { 3061 HasLHS = false; 3062 } else { 3063 switch (Inst.getOpcode()) { 3064 case X86::MOV8rr: 3065 case X86::MOV8rm: 3066 case X86::MOV8mr: 3067 case X86::MOV8ri: 3068 case X86::MOV16rr: 3069 case X86::MOV16rm: 3070 case X86::MOV16mr: 3071 case X86::MOV16ri: 3072 case X86::MOV32rr: 3073 case X86::MOV32rm: 3074 case X86::MOV32mr: 3075 case X86::MOV32ri: 3076 case X86::MOV64rr: 3077 case X86::MOV64rm: 3078 case X86::MOV64mr: 3079 case X86::MOV64ri: 3080 case X86::MOVZX16rr8: 3081 case X86::MOVZX32rr8: 3082 case X86::MOVZX32rr16: 3083 case X86::MOVSX32rm8: 3084 case X86::MOVSX32rr8: 3085 case X86::MOVSX64rm32: 3086 case X86::LEA64r: 3087 HasLHS = false; 3088 break; 3089 default: 3090 return false; 3091 } 3092 } 3093 3094 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3095 3096 bool FoundOne = false; 3097 3098 // Iterate only through src operands that arent also dest operands 3099 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 3100 E = InstDesc.getNumOperands(); 3101 Index != E; ++Index) { 3102 BitVector RegAliases = getAliases(ToReplace, true); 3103 if (!Inst.getOperand(Index).isReg() || 3104 !RegAliases.test(Inst.getOperand(Index).getReg())) 3105 continue; 3106 // Resize register if needed 3107 unsigned SizedReplaceWith = getAliasSized( 3108 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 3109 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 3110 Inst.getOperand(Index) = NewOperand; 3111 FoundOne = true; 3112 } 3113 3114 // Return true if at least one operand was replaced 3115 return FoundOne; 3116 } 3117 3118 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 3119 MCContext *Ctx) const override { 3120 Inst.setOpcode(X86::JMP_1); 3121 Inst.addOperand(MCOperand::createExpr( 3122 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 3123 return true; 3124 } 3125 3126 bool createCall(MCInst &Inst, const MCSymbol *Target, 3127 MCContext *Ctx) override { 3128 Inst.setOpcode(X86::CALL64pcrel32); 3129 Inst.addOperand(MCOperand::createExpr( 3130 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3131 return true; 3132 } 3133 3134 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 3135 MCContext *Ctx) override { 3136 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 3137 } 3138 3139 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 3140 MCContext *Ctx) override { 3141 Seq.clear(); 3142 Seq.emplace_back(); 3143 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 3144 } 3145 3146 bool createTrap(MCInst &Inst) const override { 3147 Inst.clear(); 3148 Inst.setOpcode(X86::TRAP); 3149 return true; 3150 } 3151 3152 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 3153 MCContext *Ctx) const override { 3154 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 3155 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 3156 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 3157 Inst.getOperand(0) = MCOperand::createExpr( 3158 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3159 return true; 3160 } 3161 3162 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 3163 unsigned CC) const override { 3164 if (CC == X86::COND_INVALID) 3165 return false; 3166 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 3167 Inst.getOperand(0) = MCOperand::createExpr( 3168 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3169 return true; 3170 } 3171 3172 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 3173 switch (CC) { 3174 default: return X86::COND_INVALID; 3175 3176 case X86::COND_E: return X86::COND_E; 3177 case X86::COND_NE: return X86::COND_E; 3178 3179 case X86::COND_L: return X86::COND_L; 3180 case X86::COND_GE: return X86::COND_L; 3181 3182 case X86::COND_LE: return X86::COND_G; 3183 case X86::COND_G: return X86::COND_G; 3184 3185 case X86::COND_B: return X86::COND_B; 3186 case X86::COND_AE: return X86::COND_B; 3187 3188 case X86::COND_BE: return X86::COND_A; 3189 case X86::COND_A: return X86::COND_A; 3190 3191 case X86::COND_S: return X86::COND_S; 3192 case X86::COND_NS: return X86::COND_S; 3193 3194 case X86::COND_P: return X86::COND_P; 3195 case X86::COND_NP: return X86::COND_P; 3196 3197 case X86::COND_O: return X86::COND_O; 3198 case X86::COND_NO: return X86::COND_O; 3199 } 3200 } 3201 3202 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 3203 MCContext *Ctx) const override { 3204 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 3205 "Invalid instruction"); 3206 Inst.getOperand(0) = MCOperand::createExpr( 3207 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3208 return true; 3209 } 3210 3211 MCPhysReg getX86R11() const override { return X86::R11; } 3212 3213 MCPhysReg getNoRegister() const override { return X86::NoRegister; } 3214 3215 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 3216 // FIXME: this should depend on the calling convention. 3217 switch (ArgNo) { 3218 case 0: return X86::RDI; 3219 case 1: return X86::RSI; 3220 case 2: return X86::RDX; 3221 case 3: return X86::RCX; 3222 case 4: return X86::R8; 3223 case 5: return X86::R9; 3224 default: return getNoRegister(); 3225 } 3226 } 3227 3228 void createPause(MCInst &Inst) const override { 3229 Inst.clear(); 3230 Inst.setOpcode(X86::PAUSE); 3231 } 3232 3233 void createLfence(MCInst &Inst) const override { 3234 Inst.clear(); 3235 Inst.setOpcode(X86::LFENCE); 3236 } 3237 3238 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3239 bool IsTailCall) override { 3240 Inst.clear(); 3241 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3242 Inst.addOperand(MCOperand::createExpr( 3243 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3244 if (IsTailCall) 3245 setTailCall(Inst); 3246 return true; 3247 } 3248 3249 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3250 MCContext *Ctx, bool IsTailCall) override { 3251 Seq.clear(); 3252 MCInst Inst; 3253 Inst.setOpcode(X86::JMP_1); 3254 Inst.addOperand(MCOperand::createExpr( 3255 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3256 if (IsTailCall) 3257 setTailCall(Inst); 3258 Seq.emplace_back(Inst); 3259 } 3260 3261 bool isConditionalMove(const MCInst &Inst) const override { 3262 unsigned OpCode = Inst.getOpcode(); 3263 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3264 OpCode == X86::CMOV64rr); 3265 } 3266 3267 bool isBranchOnMem(const MCInst &Inst) const override { 3268 unsigned OpCode = Inst.getOpcode(); 3269 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3270 OpCode == X86::JMP64m) 3271 return true; 3272 3273 return false; 3274 } 3275 3276 bool isBranchOnReg(const MCInst &Inst) const override { 3277 unsigned OpCode = Inst.getOpcode(); 3278 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3279 OpCode == X86::JMP64r) 3280 return true; 3281 3282 return false; 3283 } 3284 3285 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3286 unsigned Size) const override { 3287 Inst.clear(); 3288 unsigned NewOpcode = 0; 3289 if (Reg == X86::EFLAGS) { 3290 switch (Size) { 3291 case 2: NewOpcode = X86::PUSHF16; break; 3292 case 4: NewOpcode = X86::PUSHF32; break; 3293 case 8: NewOpcode = X86::PUSHF64; break; 3294 default: 3295 llvm_unreachable("Unexpected size"); 3296 } 3297 Inst.setOpcode(NewOpcode); 3298 return; 3299 } 3300 switch (Size) { 3301 case 2: NewOpcode = X86::PUSH16r; break; 3302 case 4: NewOpcode = X86::PUSH32r; break; 3303 case 8: NewOpcode = X86::PUSH64r; break; 3304 default: 3305 llvm_unreachable("Unexpected size"); 3306 } 3307 Inst.setOpcode(NewOpcode); 3308 Inst.addOperand(MCOperand::createReg(Reg)); 3309 } 3310 3311 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3312 unsigned Size) const override { 3313 Inst.clear(); 3314 unsigned NewOpcode = 0; 3315 if (Reg == X86::EFLAGS) { 3316 switch (Size) { 3317 case 2: NewOpcode = X86::POPF16; break; 3318 case 4: NewOpcode = X86::POPF32; break; 3319 case 8: NewOpcode = X86::POPF64; break; 3320 default: 3321 llvm_unreachable("Unexpected size"); 3322 } 3323 Inst.setOpcode(NewOpcode); 3324 return; 3325 } 3326 switch (Size) { 3327 case 2: NewOpcode = X86::POP16r; break; 3328 case 4: NewOpcode = X86::POP32r; break; 3329 case 8: NewOpcode = X86::POP64r; break; 3330 default: 3331 llvm_unreachable("Unexpected size"); 3332 } 3333 Inst.setOpcode(NewOpcode); 3334 Inst.addOperand(MCOperand::createReg(Reg)); 3335 } 3336 3337 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3338 return createPushRegister(Inst, X86::EFLAGS, Size); 3339 } 3340 3341 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3342 return createPopRegister(Inst, X86::EFLAGS, Size); 3343 } 3344 3345 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3346 unsigned Size) const { 3347 unsigned int Opcode; 3348 switch (Size) { 3349 case 1: Opcode = X86::ADD8ri; break; 3350 case 2: Opcode = X86::ADD16ri; break; 3351 case 4: Opcode = X86::ADD32ri; break; 3352 default: 3353 llvm_unreachable("Unexpected size"); 3354 } 3355 Inst.setOpcode(Opcode); 3356 Inst.clear(); 3357 Inst.addOperand(MCOperand::createReg(Reg)); 3358 Inst.addOperand(MCOperand::createReg(Reg)); 3359 Inst.addOperand(MCOperand::createImm(Value)); 3360 } 3361 3362 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3363 unsigned Size) const { 3364 unsigned int Opcode; 3365 switch (Size) { 3366 case 1: Opcode = X86::MOV8ri; break; 3367 case 2: Opcode = X86::MOV16ri; break; 3368 case 4: Opcode = X86::MOV32ri; break; 3369 case 8: Opcode = X86::MOV64ri; break; 3370 default: 3371 llvm_unreachable("Unexpected size"); 3372 } 3373 Inst.setOpcode(Opcode); 3374 Inst.clear(); 3375 Inst.addOperand(MCOperand::createReg(Reg)); 3376 Inst.addOperand(MCOperand::createImm(0)); 3377 } 3378 3379 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3380 Inst.setOpcode(X86::SETCCr); 3381 Inst.clear(); 3382 Inst.addOperand(MCOperand::createReg(Reg)); 3383 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3384 } 3385 3386 void createX86Lahf(MCInst &Inst) const { 3387 Inst.setOpcode(X86::LAHF); 3388 Inst.clear(); 3389 } 3390 3391 void createX86Sahf(MCInst &Inst) const { 3392 Inst.setOpcode(X86::SAHF); 3393 Inst.clear(); 3394 } 3395 3396 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3397 MCContext *Ctx, bool IsLeaf) const override { 3398 unsigned int I = 0; 3399 3400 Instrs.resize(IsLeaf ? 13 : 11); 3401 // Don't clobber application red zone (ABI dependent) 3402 if (IsLeaf) 3403 createStackPointerIncrement(Instrs[I++], 128, 3404 /*NoFlagsClobber=*/true); 3405 3406 // Performance improvements based on the optimization discussed at 3407 // https://reviews.llvm.org/D6629 3408 // LAHF/SAHF are used instead of PUSHF/POPF 3409 // PUSHF 3410 createPushRegister(Instrs[I++], X86::RAX, 8); 3411 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3412 createX86Lahf(Instrs[I++]); 3413 createPushRegister(Instrs[I++], X86::RAX, 8); 3414 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3415 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3416 // LOCK INC 3417 createIncMemory(Instrs[I++], Target, Ctx); 3418 // POPF 3419 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3420 createPopRegister(Instrs[I++], X86::RAX, 8); 3421 createX86Sahf(Instrs[I++]); 3422 createPopRegister(Instrs[I++], X86::RAX, 8); 3423 3424 if (IsLeaf) 3425 createStackPointerDecrement(Instrs[I], 128, 3426 /*NoFlagsClobber=*/true); 3427 } 3428 3429 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3430 int64_t Disp) const { 3431 Inst.setOpcode(X86::XCHG64rm); 3432 Inst.addOperand(MCOperand::createReg(Source)); 3433 Inst.addOperand(MCOperand::createReg(Source)); 3434 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3435 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3436 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3437 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3438 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3439 } 3440 3441 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3442 int64_t Disp) const { 3443 Inst.setOpcode(X86::JMP64m); 3444 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3445 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3446 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3447 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3448 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3449 } 3450 3451 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3452 bool TailCall, 3453 MCSymbol *HandlerFuncAddr, 3454 int CallSiteID, 3455 MCContext *Ctx) override { 3456 // Check if the target address expression used in the original indirect call 3457 // uses the stack pointer, which we are going to clobber. 3458 static BitVector SPAliases(getAliases(X86::RSP)); 3459 bool UsesSP = false; 3460 // Skip defs. 3461 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3462 E = MCPlus::getNumPrimeOperands(CallInst); 3463 I != E; ++I) { 3464 const MCOperand &Operand = CallInst.getOperand(I); 3465 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3466 UsesSP = true; 3467 break; 3468 } 3469 } 3470 3471 InstructionListType Insts; 3472 MCPhysReg TempReg = getIntArgRegister(0); 3473 // Code sequence used to enter indirect call instrumentation helper: 3474 // push %rdi 3475 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3476 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3477 // sub $8, %rsp ;; restore correct stack value 3478 // push %rdi 3479 // movq $CallSiteID, %rdi 3480 // push %rdi 3481 // callq/jmp HandlerFuncAddr 3482 Insts.emplace_back(); 3483 createPushRegister(Insts.back(), TempReg, 8); 3484 if (UsesSP) { // Only adjust SP if we really need to 3485 Insts.emplace_back(); 3486 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3487 } 3488 Insts.emplace_back(CallInst); 3489 // Insts.back() and CallInst now share the same annotation instruction. 3490 // Strip it from Insts.back(), only preserving tail call annotation. 3491 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3492 convertIndirectCallToLoad(Insts.back(), TempReg); 3493 if (UsesSP) { 3494 Insts.emplace_back(); 3495 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3496 } 3497 Insts.emplace_back(); 3498 createPushRegister(Insts.back(), TempReg, 8); 3499 Insts.emplace_back(); 3500 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3501 Insts.emplace_back(); 3502 createPushRegister(Insts.back(), TempReg, 8); 3503 Insts.emplace_back(); 3504 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3505 /*TailCall=*/TailCall); 3506 // Carry over metadata 3507 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3508 E = CallInst.getNumOperands(); 3509 I != E; ++I) 3510 Insts.back().addOperand(CallInst.getOperand(I)); 3511 3512 return Insts; 3513 } 3514 3515 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3516 const MCPhysReg TempReg = getIntArgRegister(0); 3517 // We just need to undo the sequence created for every ind call in 3518 // instrumentIndirectTarget(), which can be accomplished minimally with: 3519 // popfq 3520 // pop %rdi 3521 // add $16, %rsp 3522 // xchg (%rsp), %rdi 3523 // jmp *-8(%rsp) 3524 InstructionListType Insts(5); 3525 createPopFlags(Insts[0], 8); 3526 createPopRegister(Insts[1], TempReg, 8); 3527 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3528 createSwap(Insts[3], TempReg, X86::RSP, 0); 3529 createIndirectBranch(Insts[4], X86::RSP, -8); 3530 return Insts; 3531 } 3532 3533 InstructionListType 3534 createInstrumentedIndTailCallHandlerExitBB() const override { 3535 const MCPhysReg TempReg = getIntArgRegister(0); 3536 // Same thing as above, but for tail calls 3537 // popfq 3538 // add $16, %rsp 3539 // pop %rdi 3540 // jmp *-16(%rsp) 3541 InstructionListType Insts(4); 3542 createPopFlags(Insts[0], 8); 3543 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3544 createPopRegister(Insts[2], TempReg, 8); 3545 createIndirectBranch(Insts[3], X86::RSP, -16); 3546 return Insts; 3547 } 3548 3549 InstructionListType 3550 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3551 const MCSymbol *IndCallHandler, 3552 MCContext *Ctx) override { 3553 const MCPhysReg TempReg = getIntArgRegister(0); 3554 // Code sequence used to check whether InstrTampoline was initialized 3555 // and call it if so, returns via IndCallHandler. 3556 // pushfq 3557 // mov InstrTrampoline,%rdi 3558 // cmp $0x0,%rdi 3559 // je IndCallHandler 3560 // callq *%rdi 3561 // jmpq IndCallHandler 3562 InstructionListType Insts; 3563 Insts.emplace_back(); 3564 createPushFlags(Insts.back(), 8); 3565 Insts.emplace_back(); 3566 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3567 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3568 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3569 Insts.emplace_back(); 3570 Insts.back().setOpcode(X86::CALL64r); 3571 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3572 Insts.emplace_back(); 3573 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3574 return Insts; 3575 } 3576 3577 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3578 InstructionListType Insts(2); 3579 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3580 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3581 createReturn(Insts[1]); 3582 return Insts; 3583 } 3584 3585 InstructionListType 3586 createInstrLocationsGetter(MCContext *Ctx) const override { 3587 InstructionListType Insts(2); 3588 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3589 createLea(Insts[0], Locs, X86::EAX, Ctx); 3590 createReturn(Insts[1]); 3591 return Insts; 3592 } 3593 3594 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3595 InstructionListType Insts(2); 3596 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3597 createLea(Insts[0], Locs, X86::EAX, Ctx); 3598 createReturn(Insts[1]); 3599 return Insts; 3600 } 3601 3602 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3603 InstructionListType Insts(2); 3604 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3605 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3606 createReturn(Insts[1]); 3607 return Insts; 3608 } 3609 3610 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3611 MCContext *Ctx) const override { 3612 InstructionListType Insts(1); 3613 createUncondBranch(Insts[0], TgtSym, Ctx); 3614 return Insts; 3615 } 3616 3617 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3618 InstructionListType Insts(1); 3619 createReturn(Insts[0]); 3620 return Insts; 3621 } 3622 3623 BlocksVectorTy indirectCallPromotion( 3624 const MCInst &CallInst, 3625 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3626 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3627 const std::vector<MCInst *> &MethodFetchInsns, 3628 const bool MinimizeCodeSize, MCContext *Ctx) override { 3629 const bool IsTailCall = isTailCall(CallInst); 3630 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3631 BlocksVectorTy Results; 3632 3633 // Label for the current code block. 3634 MCSymbol *NextTarget = nullptr; 3635 3636 // The join block which contains all the instructions following CallInst. 3637 // MergeBlock remains null if CallInst is a tail call. 3638 MCSymbol *MergeBlock = nullptr; 3639 3640 unsigned FuncAddrReg = X86::R10; 3641 3642 const bool LoadElim = !VtableSyms.empty(); 3643 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3644 "There must be a vtable entry for every method " 3645 "in the targets vector."); 3646 3647 if (MinimizeCodeSize && !LoadElim) { 3648 std::set<unsigned> UsedRegs; 3649 3650 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3651 const MCOperand &Op = CallInst.getOperand(I); 3652 if (Op.isReg()) 3653 UsedRegs.insert(Op.getReg()); 3654 } 3655 3656 if (UsedRegs.count(X86::R10) == 0) 3657 FuncAddrReg = X86::R10; 3658 else if (UsedRegs.count(X86::R11) == 0) 3659 FuncAddrReg = X86::R11; 3660 else 3661 return Results; 3662 } 3663 3664 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3665 assert(MergeBlock); 3666 NewCall.push_back(CallInst); 3667 MCInst &Merge = NewCall.back(); 3668 Merge.clear(); 3669 createUncondBranch(Merge, MergeBlock, Ctx); 3670 }; 3671 3672 for (unsigned int i = 0; i < Targets.size(); ++i) { 3673 Results.emplace_back(NextTarget, InstructionListType()); 3674 InstructionListType *NewCall = &Results.back().second; 3675 3676 if (MinimizeCodeSize && !LoadElim) { 3677 // Load the call target into FuncAddrReg. 3678 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3679 MCInst &Target = NewCall->back(); 3680 Target.clear(); 3681 Target.setOpcode(X86::MOV64ri32); 3682 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3683 if (Targets[i].first) { 3684 // Is this OK? 3685 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3686 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3687 } else { 3688 const uint64_t Addr = Targets[i].second; 3689 // Immediate address is out of sign extended 32 bit range. 3690 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3691 return BlocksVectorTy(); 3692 3693 Target.addOperand(MCOperand::createImm(Addr)); 3694 } 3695 3696 // Compare current call target to a specific address. 3697 NewCall->push_back(CallInst); 3698 MCInst &Compare = NewCall->back(); 3699 Compare.clear(); 3700 if (isBranchOnReg(CallInst)) 3701 Compare.setOpcode(X86::CMP64rr); 3702 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3703 Compare.setOpcode(X86::CMP64ri32); 3704 else 3705 Compare.setOpcode(X86::CMP64rm); 3706 3707 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3708 3709 // TODO: Would be preferable to only load this value once. 3710 for (unsigned i = 0; 3711 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3712 if (!CallInst.getOperand(i).isInst()) 3713 Compare.addOperand(CallInst.getOperand(i)); 3714 } else { 3715 // Compare current call target to a specific address. 3716 NewCall->push_back(CallInst); 3717 MCInst &Compare = NewCall->back(); 3718 Compare.clear(); 3719 if (isBranchOnReg(CallInst)) 3720 Compare.setOpcode(X86::CMP64ri32); 3721 else 3722 Compare.setOpcode(X86::CMP64mi32); 3723 3724 // Original call address. 3725 for (unsigned i = 0; 3726 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3727 if (!CallInst.getOperand(i).isInst()) 3728 Compare.addOperand(CallInst.getOperand(i)); 3729 3730 // Target address. 3731 if (Targets[i].first || LoadElim) { 3732 const MCSymbol *Sym = 3733 LoadElim ? VtableSyms[i].first : Targets[i].first; 3734 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3735 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3736 if (Addend) 3737 Expr = MCBinaryExpr::createAdd( 3738 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3739 Compare.addOperand(MCOperand::createExpr(Expr)); 3740 } else { 3741 const uint64_t Addr = Targets[i].second; 3742 // Immediate address is out of sign extended 32 bit range. 3743 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3744 return BlocksVectorTy(); 3745 3746 Compare.addOperand(MCOperand::createImm(Addr)); 3747 } 3748 } 3749 3750 // jump to next target compare. 3751 NextTarget = 3752 Ctx->createNamedTempSymbol(); // generate label for the next block 3753 NewCall->push_back(CallInst); 3754 3755 if (IsJumpTable) { 3756 MCInst &Je = NewCall->back(); 3757 3758 // Jump to next compare if target addresses don't match. 3759 Je.clear(); 3760 Je.setOpcode(X86::JCC_1); 3761 if (Targets[i].first) 3762 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3763 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3764 else 3765 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3766 3767 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3768 assert(!isInvoke(CallInst)); 3769 } else { 3770 MCInst &Jne = NewCall->back(); 3771 3772 // Jump to next compare if target addresses don't match. 3773 Jne.clear(); 3774 Jne.setOpcode(X86::JCC_1); 3775 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3776 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3777 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3778 3779 // Call specific target directly. 3780 Results.emplace_back(Ctx->createNamedTempSymbol(), 3781 InstructionListType()); 3782 NewCall = &Results.back().second; 3783 NewCall->push_back(CallInst); 3784 MCInst &CallOrJmp = NewCall->back(); 3785 3786 CallOrJmp.clear(); 3787 3788 if (MinimizeCodeSize && !LoadElim) { 3789 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3790 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3791 } else { 3792 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3793 3794 if (Targets[i].first) 3795 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3796 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3797 else 3798 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3799 } 3800 if (IsTailCall) 3801 setTailCall(CallOrJmp); 3802 3803 if (CallOrJmp.getOpcode() == X86::CALL64r || 3804 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3805 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3806 // Annotated as duplicated call 3807 setOffset(CallOrJmp, *Offset); 3808 } 3809 3810 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3811 // Copy over any EH or GNU args size information from the original 3812 // call. 3813 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3814 if (EHInfo) 3815 addEHInfo(CallOrJmp, *EHInfo); 3816 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3817 if (GnuArgsSize >= 0) 3818 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3819 } 3820 3821 if (!IsTailCall) { 3822 // The fallthrough block for the most common target should be 3823 // the merge block. 3824 if (i == 0) { 3825 // Fallthrough to merge block. 3826 MergeBlock = Ctx->createNamedTempSymbol(); 3827 } else { 3828 // Insert jump to the merge block if we are not doing a fallthrough. 3829 jumpToMergeBlock(*NewCall); 3830 } 3831 } 3832 } 3833 } 3834 3835 // Cold call block. 3836 Results.emplace_back(NextTarget, InstructionListType()); 3837 InstructionListType &NewCall = Results.back().second; 3838 for (const MCInst *Inst : MethodFetchInsns) 3839 if (Inst != &CallInst) 3840 NewCall.push_back(*Inst); 3841 NewCall.push_back(CallInst); 3842 3843 // Jump to merge block from cold call block 3844 if (!IsTailCall && !IsJumpTable) { 3845 jumpToMergeBlock(NewCall); 3846 3847 // Record merge block 3848 Results.emplace_back(MergeBlock, InstructionListType()); 3849 } 3850 3851 return Results; 3852 } 3853 3854 BlocksVectorTy jumpTablePromotion( 3855 const MCInst &IJmpInst, 3856 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3857 const std::vector<MCInst *> &TargetFetchInsns, 3858 MCContext *Ctx) const override { 3859 assert(getJumpTable(IJmpInst) != 0); 3860 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3861 if (IndexReg == 0) 3862 return BlocksVectorTy(); 3863 3864 BlocksVectorTy Results; 3865 3866 // Label for the current code block. 3867 MCSymbol *NextTarget = nullptr; 3868 3869 for (unsigned int i = 0; i < Targets.size(); ++i) { 3870 Results.emplace_back(NextTarget, InstructionListType()); 3871 InstructionListType *CurBB = &Results.back().second; 3872 3873 // Compare current index to a specific index. 3874 CurBB->emplace_back(MCInst()); 3875 MCInst &CompareInst = CurBB->back(); 3876 CompareInst.setLoc(IJmpInst.getLoc()); 3877 CompareInst.setOpcode(X86::CMP64ri32); 3878 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3879 3880 const uint64_t CaseIdx = Targets[i].second; 3881 // Immediate address is out of sign extended 32 bit range. 3882 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3883 return BlocksVectorTy(); 3884 3885 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3886 shortenInstruction(CompareInst); 3887 3888 // jump to next target compare. 3889 NextTarget = 3890 Ctx->createNamedTempSymbol(); // generate label for the next block 3891 CurBB->push_back(MCInst()); 3892 3893 MCInst &JEInst = CurBB->back(); 3894 JEInst.setLoc(IJmpInst.getLoc()); 3895 3896 // Jump to target if indices match 3897 JEInst.setOpcode(X86::JCC_1); 3898 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3899 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3900 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3901 } 3902 3903 // Cold call block. 3904 Results.emplace_back(NextTarget, InstructionListType()); 3905 InstructionListType &CurBB = Results.back().second; 3906 for (const MCInst *Inst : TargetFetchInsns) 3907 if (Inst != &IJmpInst) 3908 CurBB.push_back(*Inst); 3909 3910 CurBB.push_back(IJmpInst); 3911 3912 return Results; 3913 } 3914 3915 private: 3916 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3917 MCContext *Ctx) const { 3918 Inst.setOpcode(X86::MOV64rm); 3919 Inst.addOperand(MCOperand::createReg(Reg)); 3920 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3921 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3922 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3923 Inst.addOperand(MCOperand::createExpr( 3924 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3925 *Ctx))); // Displacement 3926 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3927 3928 return true; 3929 } 3930 3931 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3932 MCContext *Ctx) const { 3933 Inst.setOpcode(X86::LEA64r); 3934 Inst.addOperand(MCOperand::createReg(Reg)); 3935 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3936 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3937 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3938 Inst.addOperand(MCOperand::createExpr( 3939 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3940 *Ctx))); // Displacement 3941 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3942 return true; 3943 } 3944 }; 3945 3946 } // namespace 3947 3948 namespace llvm { 3949 namespace bolt { 3950 3951 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3952 const MCInstrInfo *Info, 3953 const MCRegisterInfo *RegInfo) { 3954 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3955 } 3956 3957 } // namespace bolt 3958 } // namespace llvm 3959