1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "bolt/Core/MCPlus.h" 17 #include "bolt/Core/MCPlusBuilder.h" 18 #include "llvm/BinaryFormat/ELF.h" 19 #include "llvm/MC/MCContext.h" 20 #include "llvm/MC/MCFixupKindInfo.h" 21 #include "llvm/MC/MCInst.h" 22 #include "llvm/MC/MCInstBuilder.h" 23 #include "llvm/MC/MCInstrInfo.h" 24 #include "llvm/MC/MCRegister.h" 25 #include "llvm/MC/MCRegisterInfo.h" 26 #include "llvm/Support/CommandLine.h" 27 #include "llvm/Support/DataExtractor.h" 28 #include "llvm/Support/Debug.h" 29 #include "llvm/Support/Errc.h" 30 #include "llvm/Support/ErrorHandling.h" 31 #include "llvm/Support/ErrorOr.h" 32 #include <set> 33 34 #define DEBUG_TYPE "mcplus" 35 36 using namespace llvm; 37 using namespace bolt; 38 39 namespace opts { 40 41 extern cl::OptionCategory BoltOptCategory; 42 43 static cl::opt<bool> X86StripRedundantAddressSize( 44 "x86-strip-redundant-address-size", 45 cl::desc("Remove redundant Address-Size override prefix"), cl::init(true), 46 cl::ZeroOrMore, cl::cat(BoltOptCategory)); 47 48 } // namespace opts 49 50 namespace { 51 52 unsigned getShortBranchOpcode(unsigned Opcode) { 53 switch (Opcode) { 54 default: 55 return Opcode; 56 case X86::JMP_2: return X86::JMP_1; 57 case X86::JMP_4: return X86::JMP_1; 58 case X86::JCC_2: return X86::JCC_1; 59 case X86::JCC_4: return X86::JCC_1; 60 } 61 } 62 63 unsigned getShortArithOpcode(unsigned Opcode) { 64 return X86::getShortOpcodeArith(Opcode); 65 } 66 67 bool isMOVSX64rm32(const MCInst &Inst) { 68 return Inst.getOpcode() == X86::MOVSX64rm32; 69 } 70 71 class X86MCPlusBuilder : public MCPlusBuilder { 72 public: 73 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 74 const MCRegisterInfo *RegInfo) 75 : MCPlusBuilder(Analysis, Info, RegInfo) {} 76 77 bool isBranch(const MCInst &Inst) const override { 78 return Analysis->isBranch(Inst) && !isTailCall(Inst); 79 } 80 81 bool isUnconditionalBranch(const MCInst &Inst) const override { 82 return Analysis->isUnconditionalBranch(Inst) && !isTailCall(Inst); 83 } 84 85 bool isNoop(const MCInst &Inst) const override { 86 return X86::isNOP(Inst.getOpcode()); 87 } 88 89 unsigned getCondCode(const MCInst &Inst) const override { 90 unsigned Opcode = Inst.getOpcode(); 91 if (X86::isJCC(Opcode)) 92 return Inst.getOperand(Info->get(Opcode).NumOperands - 1).getImm(); 93 return X86::COND_INVALID; 94 } 95 96 unsigned getInvertedCondCode(unsigned CC) const override { 97 switch (CC) { 98 default: return X86::COND_INVALID; 99 case X86::COND_E: return X86::COND_NE; 100 case X86::COND_NE: return X86::COND_E; 101 case X86::COND_L: return X86::COND_GE; 102 case X86::COND_LE: return X86::COND_G; 103 case X86::COND_G: return X86::COND_LE; 104 case X86::COND_GE: return X86::COND_L; 105 case X86::COND_B: return X86::COND_AE; 106 case X86::COND_BE: return X86::COND_A; 107 case X86::COND_A: return X86::COND_BE; 108 case X86::COND_AE: return X86::COND_B; 109 case X86::COND_S: return X86::COND_NS; 110 case X86::COND_NS: return X86::COND_S; 111 case X86::COND_P: return X86::COND_NP; 112 case X86::COND_NP: return X86::COND_P; 113 case X86::COND_O: return X86::COND_NO; 114 case X86::COND_NO: return X86::COND_O; 115 } 116 } 117 118 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 119 enum DecodedCondCode : uint8_t { 120 DCC_EQUAL = 0x1, 121 DCC_GREATER = 0x2, 122 DCC_LESSER = 0x4, 123 DCC_GREATER_OR_LESSER = 0x6, 124 DCC_UNSIGNED = 0x8, 125 DCC_SIGNED = 0x10, 126 DCC_INVALID = 0x20, 127 }; 128 129 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 130 switch (CC) { 131 default: return DCC_INVALID; 132 case X86::COND_E: return DCC_EQUAL; 133 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 134 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 135 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 136 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 137 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 138 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 139 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 140 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 141 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 142 } 143 }; 144 145 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 146 147 if (DCC & DCC_INVALID) 148 return X86::COND_INVALID; 149 150 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 151 return X86::COND_INVALID; 152 153 switch (DCC) { 154 default: return X86::COND_INVALID; 155 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 156 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 157 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 158 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 159 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 160 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 161 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 162 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 163 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 164 case DCC_EQUAL: return X86::COND_E; 165 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 166 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 167 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 168 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 169 } 170 } 171 172 bool isValidCondCode(unsigned CC) const override { 173 return (CC != X86::COND_INVALID); 174 } 175 176 bool isBreakpoint(const MCInst &Inst) const override { 177 return Inst.getOpcode() == X86::INT3; 178 } 179 180 bool isPrefix(const MCInst &Inst) const override { 181 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 182 return X86II::isPrefix(Desc.TSFlags); 183 } 184 185 bool isRep(const MCInst &Inst) const override { 186 return Inst.getFlags() == X86::IP_HAS_REPEAT; 187 } 188 189 bool deleteREPPrefix(MCInst &Inst) const override { 190 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 191 Inst.setFlags(0); 192 return true; 193 } 194 return false; 195 } 196 197 // FIXME: For compatibility with old LLVM only! 198 bool isTerminator(const MCInst &Inst) const override { 199 unsigned Opcode = Inst.getOpcode(); 200 return Info->get(Opcode).isTerminator() || X86::isUD1(Opcode) || 201 X86::isUD2(Opcode); 202 } 203 204 bool isIndirectCall(const MCInst &Inst) const override { 205 return isCall(Inst) && 206 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 207 } 208 209 bool isPop(const MCInst &Inst) const override { 210 return getPopSize(Inst) == 0 ? false : true; 211 } 212 213 bool isTerminateBranch(const MCInst &Inst) const override { 214 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 215 } 216 217 int getPopSize(const MCInst &Inst) const override { 218 switch (Inst.getOpcode()) { 219 case X86::POP16r: 220 case X86::POP16rmm: 221 case X86::POP16rmr: 222 case X86::POPF16: 223 case X86::POPA16: 224 case X86::POPDS16: 225 case X86::POPES16: 226 case X86::POPFS16: 227 case X86::POPGS16: 228 case X86::POPSS16: 229 return 2; 230 case X86::POP32r: 231 case X86::POP32rmm: 232 case X86::POP32rmr: 233 case X86::POPA32: 234 case X86::POPDS32: 235 case X86::POPES32: 236 case X86::POPF32: 237 case X86::POPFS32: 238 case X86::POPGS32: 239 case X86::POPSS32: 240 return 4; 241 case X86::POP64r: 242 case X86::POP64rmm: 243 case X86::POP64rmr: 244 case X86::POPF64: 245 case X86::POPFS64: 246 case X86::POPGS64: 247 return 8; 248 } 249 return 0; 250 } 251 252 bool isPush(const MCInst &Inst) const override { 253 return getPushSize(Inst) == 0 ? false : true; 254 } 255 256 int getPushSize(const MCInst &Inst) const override { 257 switch (Inst.getOpcode()) { 258 case X86::PUSH16i8: 259 case X86::PUSH16r: 260 case X86::PUSH16rmm: 261 case X86::PUSH16rmr: 262 case X86::PUSHA16: 263 case X86::PUSHCS16: 264 case X86::PUSHDS16: 265 case X86::PUSHES16: 266 case X86::PUSHF16: 267 case X86::PUSHFS16: 268 case X86::PUSHGS16: 269 case X86::PUSHSS16: 270 case X86::PUSHi16: 271 return 2; 272 case X86::PUSH32i8: 273 case X86::PUSH32r: 274 case X86::PUSH32rmm: 275 case X86::PUSH32rmr: 276 case X86::PUSHA32: 277 case X86::PUSHCS32: 278 case X86::PUSHDS32: 279 case X86::PUSHES32: 280 case X86::PUSHF32: 281 case X86::PUSHFS32: 282 case X86::PUSHGS32: 283 case X86::PUSHSS32: 284 case X86::PUSHi32: 285 return 4; 286 case X86::PUSH64i32: 287 case X86::PUSH64i8: 288 case X86::PUSH64r: 289 case X86::PUSH64rmm: 290 case X86::PUSH64rmr: 291 case X86::PUSHF64: 292 case X86::PUSHFS64: 293 case X86::PUSHGS64: 294 return 8; 295 } 296 return 0; 297 } 298 299 bool isADD64rr(const MCInst &Inst) const override { 300 return Inst.getOpcode() == X86::ADD64rr; 301 } 302 303 bool isSUB(const MCInst &Inst) const override { 304 return X86::isSUB(Inst.getOpcode()); 305 } 306 307 bool isADDri(const MCInst &Inst) const { 308 return Inst.getOpcode() == X86::ADD64ri32 || 309 Inst.getOpcode() == X86::ADD64ri8; 310 } 311 312 bool isLEA64r(const MCInst &Inst) const override { 313 return Inst.getOpcode() == X86::LEA64r; 314 } 315 316 bool isLeave(const MCInst &Inst) const override { 317 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 318 } 319 320 bool isMoveMem2Reg(const MCInst &Inst) const override { 321 switch (Inst.getOpcode()) { 322 case X86::MOV16rm: 323 case X86::MOV32rm: 324 case X86::MOV64rm: 325 return true; 326 } 327 return false; 328 } 329 330 bool isUnsupportedBranch(unsigned Opcode) const override { 331 switch (Opcode) { 332 default: 333 return false; 334 case X86::LOOP: 335 case X86::LOOPE: 336 case X86::LOOPNE: 337 case X86::JECXZ: 338 case X86::JRCXZ: 339 return true; 340 } 341 } 342 343 bool isLoad(const MCInst &Inst) const override { 344 if (isPop(Inst)) 345 return true; 346 347 int MemOpNo = getMemoryOperandNo(Inst); 348 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 349 350 if (MemOpNo == -1) 351 return false; 352 353 return MCII.mayLoad(); 354 } 355 356 bool isStore(const MCInst &Inst) const override { 357 if (isPush(Inst)) 358 return true; 359 360 int MemOpNo = getMemoryOperandNo(Inst); 361 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 362 363 if (MemOpNo == -1) 364 return false; 365 366 return MCII.mayStore(); 367 } 368 369 bool isCleanRegXOR(const MCInst &Inst) const override { 370 switch (Inst.getOpcode()) { 371 case X86::XOR16rr: 372 case X86::XOR32rr: 373 case X86::XOR64rr: 374 break; 375 default: 376 return false; 377 } 378 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 379 } 380 381 bool isPacked(const MCInst &Inst) const override { 382 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 383 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 384 } 385 386 unsigned getTrapFillValue() const override { return 0xCC; } 387 388 struct IndJmpMatcherFrag1 : MCInstMatcher { 389 std::unique_ptr<MCInstMatcher> Base; 390 std::unique_ptr<MCInstMatcher> Scale; 391 std::unique_ptr<MCInstMatcher> Index; 392 std::unique_ptr<MCInstMatcher> Offset; 393 394 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 395 std::unique_ptr<MCInstMatcher> Scale, 396 std::unique_ptr<MCInstMatcher> Index, 397 std::unique_ptr<MCInstMatcher> Offset) 398 : Base(std::move(Base)), Scale(std::move(Scale)), 399 Index(std::move(Index)), Offset(std::move(Offset)) {} 400 401 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 402 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 403 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 404 return false; 405 406 if (CurInst->getOpcode() != X86::JMP64m) 407 return false; 408 409 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 410 if (MemOpNo == -1) 411 return false; 412 413 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 414 return false; 415 if (!Scale->match(MRI, MIB, this->InstrWindow, 416 MemOpNo + X86::AddrScaleAmt)) 417 return false; 418 if (!Index->match(MRI, MIB, this->InstrWindow, 419 MemOpNo + X86::AddrIndexReg)) 420 return false; 421 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 422 return false; 423 return true; 424 } 425 426 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 427 MIB.addAnnotation(*CurInst, Annotation, true); 428 Base->annotate(MIB, Annotation); 429 Scale->annotate(MIB, Annotation); 430 Index->annotate(MIB, Annotation); 431 Offset->annotate(MIB, Annotation); 432 } 433 }; 434 435 std::unique_ptr<MCInstMatcher> 436 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 437 std::unique_ptr<MCInstMatcher> Scale, 438 std::unique_ptr<MCInstMatcher> Index, 439 std::unique_ptr<MCInstMatcher> Offset) const override { 440 return std::unique_ptr<MCInstMatcher>( 441 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 442 std::move(Index), std::move(Offset))); 443 } 444 445 struct IndJmpMatcherFrag2 : MCInstMatcher { 446 std::unique_ptr<MCInstMatcher> Reg; 447 448 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 449 : Reg(std::move(Reg)) {} 450 451 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 452 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 453 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 454 return false; 455 456 if (CurInst->getOpcode() != X86::JMP64r) 457 return false; 458 459 return Reg->match(MRI, MIB, this->InstrWindow, 0); 460 } 461 462 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 463 MIB.addAnnotation(*CurInst, Annotation, true); 464 Reg->annotate(MIB, Annotation); 465 } 466 }; 467 468 std::unique_ptr<MCInstMatcher> 469 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 470 return std::unique_ptr<MCInstMatcher>( 471 new IndJmpMatcherFrag2(std::move(Target))); 472 } 473 474 struct LoadMatcherFrag1 : MCInstMatcher { 475 std::unique_ptr<MCInstMatcher> Base; 476 std::unique_ptr<MCInstMatcher> Scale; 477 std::unique_ptr<MCInstMatcher> Index; 478 std::unique_ptr<MCInstMatcher> Offset; 479 480 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 481 std::unique_ptr<MCInstMatcher> Scale, 482 std::unique_ptr<MCInstMatcher> Index, 483 std::unique_ptr<MCInstMatcher> Offset) 484 : Base(std::move(Base)), Scale(std::move(Scale)), 485 Index(std::move(Index)), Offset(std::move(Offset)) {} 486 487 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 488 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 489 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 490 return false; 491 492 if (CurInst->getOpcode() != X86::MOV64rm && 493 CurInst->getOpcode() != X86::MOVSX64rm32) 494 return false; 495 496 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 497 if (MemOpNo == -1) 498 return false; 499 500 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 501 return false; 502 if (!Scale->match(MRI, MIB, this->InstrWindow, 503 MemOpNo + X86::AddrScaleAmt)) 504 return false; 505 if (!Index->match(MRI, MIB, this->InstrWindow, 506 MemOpNo + X86::AddrIndexReg)) 507 return false; 508 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 509 return false; 510 return true; 511 } 512 513 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 514 MIB.addAnnotation(*CurInst, Annotation, true); 515 Base->annotate(MIB, Annotation); 516 Scale->annotate(MIB, Annotation); 517 Index->annotate(MIB, Annotation); 518 Offset->annotate(MIB, Annotation); 519 } 520 }; 521 522 std::unique_ptr<MCInstMatcher> 523 matchLoad(std::unique_ptr<MCInstMatcher> Base, 524 std::unique_ptr<MCInstMatcher> Scale, 525 std::unique_ptr<MCInstMatcher> Index, 526 std::unique_ptr<MCInstMatcher> Offset) const override { 527 return std::unique_ptr<MCInstMatcher>( 528 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 529 std::move(Index), std::move(Offset))); 530 } 531 532 struct AddMatcher : MCInstMatcher { 533 std::unique_ptr<MCInstMatcher> A; 534 std::unique_ptr<MCInstMatcher> B; 535 536 AddMatcher(std::unique_ptr<MCInstMatcher> A, 537 std::unique_ptr<MCInstMatcher> B) 538 : A(std::move(A)), B(std::move(B)) {} 539 540 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 541 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 542 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 543 return false; 544 545 if (CurInst->getOpcode() == X86::ADD64rr || 546 CurInst->getOpcode() == X86::ADD64rr_DB || 547 CurInst->getOpcode() == X86::ADD64rr_REV) { 548 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 549 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 550 return false; 551 return A->match(MRI, MIB, this->InstrWindow, 2); 552 } 553 554 if (B->match(MRI, MIB, this->InstrWindow, 2)) 555 return true; 556 557 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 558 return false; 559 return A->match(MRI, MIB, this->InstrWindow, 2); 560 } 561 562 return false; 563 } 564 565 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 566 MIB.addAnnotation(*CurInst, Annotation, true); 567 A->annotate(MIB, Annotation); 568 B->annotate(MIB, Annotation); 569 } 570 }; 571 572 virtual std::unique_ptr<MCInstMatcher> 573 matchAdd(std::unique_ptr<MCInstMatcher> A, 574 std::unique_ptr<MCInstMatcher> B) const override { 575 return std::unique_ptr<MCInstMatcher>( 576 new AddMatcher(std::move(A), std::move(B))); 577 } 578 579 struct LEAMatcher : MCInstMatcher { 580 std::unique_ptr<MCInstMatcher> Target; 581 582 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 583 : Target(std::move(Target)) {} 584 585 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 586 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 587 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 588 return false; 589 590 if (CurInst->getOpcode() != X86::LEA64r) 591 return false; 592 593 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 594 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 595 X86::NoRegister || 596 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 597 X86::NoRegister && 598 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 599 return false; 600 601 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 602 } 603 604 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 605 MIB.addAnnotation(*CurInst, Annotation, true); 606 Target->annotate(MIB, Annotation); 607 } 608 }; 609 610 virtual std::unique_ptr<MCInstMatcher> 611 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 612 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 613 } 614 615 bool hasPCRelOperand(const MCInst &Inst) const override { 616 for (const MCOperand &Operand : Inst) 617 if (Operand.isReg() && Operand.getReg() == X86::RIP) 618 return true; 619 return false; 620 } 621 622 int getMemoryOperandNo(const MCInst &Inst) const override { 623 unsigned Opcode = Inst.getOpcode(); 624 const MCInstrDesc &Desc = Info->get(Opcode); 625 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 626 if (MemOpNo >= 0) 627 MemOpNo += X86II::getOperandBias(Desc); 628 return MemOpNo; 629 } 630 631 bool hasEVEXEncoding(const MCInst &Inst) const override { 632 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 633 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 634 } 635 636 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 637 const auto *I = Insts.begin(); 638 while (I != Insts.end() && isPrefix(*I)) 639 ++I; 640 if (I == Insts.end()) 641 return false; 642 643 const MCInst &FirstInst = *I; 644 ++I; 645 while (I != Insts.end() && isPrefix(*I)) 646 ++I; 647 if (I == Insts.end()) 648 return false; 649 const MCInst &SecondInst = *I; 650 651 if (!isConditionalBranch(SecondInst)) 652 return false; 653 // Cannot fuse if the first instruction uses RIP-relative memory. 654 if (hasPCRelOperand(FirstInst)) 655 return false; 656 657 const X86::FirstMacroFusionInstKind CmpKind = 658 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 659 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 660 return false; 661 662 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 663 X86::SecondMacroFusionInstKind BranchKind = 664 X86::classifySecondCondCodeInMacroFusion(CC); 665 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 666 return false; 667 return X86::isMacroFused(CmpKind, BranchKind); 668 } 669 670 bool 671 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 672 int64_t *ScaleImm, unsigned *IndexRegNum, 673 int64_t *DispImm, unsigned *SegmentRegNum, 674 const MCExpr **DispExpr = nullptr) const override { 675 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 676 "one of the input pointers is null"); 677 int MemOpNo = getMemoryOperandNo(Inst); 678 if (MemOpNo < 0) 679 return false; 680 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 681 682 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 683 return false; 684 685 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 686 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 687 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 688 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 689 const MCOperand &Segment = 690 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 691 692 // Make sure it is a well-formed memory operand. 693 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 694 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 695 return false; 696 697 *BaseRegNum = Base.getReg(); 698 *ScaleImm = Scale.getImm(); 699 *IndexRegNum = Index.getReg(); 700 if (Disp.isImm()) { 701 assert(DispImm && "DispImm needs to be set"); 702 *DispImm = Disp.getImm(); 703 if (DispExpr) 704 *DispExpr = nullptr; 705 } else { 706 assert(DispExpr && "DispExpr needs to be set"); 707 *DispExpr = Disp.getExpr(); 708 if (DispImm) 709 *DispImm = 0; 710 } 711 *SegmentRegNum = Segment.getReg(); 712 return true; 713 } 714 715 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 716 uint64_t Address, 717 uint64_t Size) const override { 718 unsigned BaseRegNum; 719 int64_t ScaleValue; 720 unsigned IndexRegNum; 721 int64_t DispValue; 722 unsigned SegRegNum; 723 const MCExpr *DispExpr = nullptr; 724 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 725 &DispValue, &SegRegNum, &DispExpr)) 726 return false; 727 728 // Make sure it's a well-formed addressing we can statically evaluate. 729 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 730 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 731 DispExpr) 732 return false; 733 734 Target = DispValue; 735 if (BaseRegNum == X86::RIP) { 736 assert(Size != 0 && "instruction size required in order to statically " 737 "evaluate RIP-relative address"); 738 Target += Address + Size; 739 } 740 return true; 741 } 742 743 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 744 int MemOpNo = getMemoryOperandNo(Inst); 745 if (MemOpNo < 0) 746 return Inst.end(); 747 return Inst.begin() + (MemOpNo + X86::AddrDisp); 748 } 749 750 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 751 MCOperand *OI = getMemOperandDisp(Inst); 752 if (OI == Inst.end()) 753 return false; 754 *OI = Operand; 755 return true; 756 } 757 758 /// Get the registers used as function parameters. 759 /// This function is specific to the x86_64 abi on Linux. 760 BitVector getRegsUsedAsParams() const override { 761 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 762 Regs |= getAliases(X86::RSI); 763 Regs |= getAliases(X86::RDI); 764 Regs |= getAliases(X86::RDX); 765 Regs |= getAliases(X86::RCX); 766 Regs |= getAliases(X86::R8); 767 Regs |= getAliases(X86::R9); 768 return Regs; 769 } 770 771 void getCalleeSavedRegs(BitVector &Regs) const override { 772 Regs |= getAliases(X86::RBX); 773 Regs |= getAliases(X86::RBP); 774 Regs |= getAliases(X86::R12); 775 Regs |= getAliases(X86::R13); 776 Regs |= getAliases(X86::R14); 777 Regs |= getAliases(X86::R15); 778 } 779 780 void getDefaultDefIn(BitVector &Regs) const override { 781 assert(Regs.size() >= RegInfo->getNumRegs() && 782 "The size of BitVector is less than RegInfo->getNumRegs()."); 783 Regs.set(X86::RAX); 784 Regs.set(X86::RCX); 785 Regs.set(X86::RDX); 786 Regs.set(X86::RSI); 787 Regs.set(X86::RDI); 788 Regs.set(X86::R8); 789 Regs.set(X86::R9); 790 Regs.set(X86::XMM0); 791 Regs.set(X86::XMM1); 792 Regs.set(X86::XMM2); 793 Regs.set(X86::XMM3); 794 Regs.set(X86::XMM4); 795 Regs.set(X86::XMM5); 796 Regs.set(X86::XMM6); 797 Regs.set(X86::XMM7); 798 } 799 800 void getDefaultLiveOut(BitVector &Regs) const override { 801 assert(Regs.size() >= RegInfo->getNumRegs() && 802 "The size of BitVector is less than RegInfo->getNumRegs()."); 803 Regs |= getAliases(X86::RAX); 804 Regs |= getAliases(X86::RDX); 805 Regs |= getAliases(X86::RCX); 806 Regs |= getAliases(X86::XMM0); 807 Regs |= getAliases(X86::XMM1); 808 } 809 810 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 811 if (IncludeAlias) { 812 Regs |= getAliases(X86::RAX); 813 Regs |= getAliases(X86::RBX); 814 Regs |= getAliases(X86::RBP); 815 Regs |= getAliases(X86::RSI); 816 Regs |= getAliases(X86::RDI); 817 Regs |= getAliases(X86::RDX); 818 Regs |= getAliases(X86::RCX); 819 Regs |= getAliases(X86::R8); 820 Regs |= getAliases(X86::R9); 821 Regs |= getAliases(X86::R10); 822 Regs |= getAliases(X86::R11); 823 Regs |= getAliases(X86::R12); 824 Regs |= getAliases(X86::R13); 825 Regs |= getAliases(X86::R14); 826 Regs |= getAliases(X86::R15); 827 return; 828 } 829 Regs.set(X86::RAX); 830 Regs.set(X86::RBX); 831 Regs.set(X86::RBP); 832 Regs.set(X86::RSI); 833 Regs.set(X86::RDI); 834 Regs.set(X86::RDX); 835 Regs.set(X86::RCX); 836 Regs.set(X86::R8); 837 Regs.set(X86::R9); 838 Regs.set(X86::R10); 839 Regs.set(X86::R11); 840 Regs.set(X86::R12); 841 Regs.set(X86::R13); 842 Regs.set(X86::R14); 843 Regs.set(X86::R15); 844 } 845 846 void getClassicGPRegs(BitVector &Regs) const override { 847 Regs |= getAliases(X86::RAX); 848 Regs |= getAliases(X86::RBX); 849 Regs |= getAliases(X86::RBP); 850 Regs |= getAliases(X86::RSI); 851 Regs |= getAliases(X86::RDI); 852 Regs |= getAliases(X86::RDX); 853 Regs |= getAliases(X86::RCX); 854 } 855 856 void getRepRegs(BitVector &Regs) const override { 857 Regs |= getAliases(X86::RCX); 858 } 859 860 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 861 switch (Reg) { 862 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 863 switch (Size) { 864 case 8: return X86::RAX; case 4: return X86::EAX; 865 case 2: return X86::AX; case 1: return X86::AL; 866 default: llvm_unreachable("Unexpected size"); 867 } 868 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 869 switch (Size) { 870 case 8: return X86::RBX; case 4: return X86::EBX; 871 case 2: return X86::BX; case 1: return X86::BL; 872 default: llvm_unreachable("Unexpected size"); 873 } 874 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 875 switch (Size) { 876 case 8: return X86::RDX; case 4: return X86::EDX; 877 case 2: return X86::DX; case 1: return X86::DL; 878 default: llvm_unreachable("Unexpected size"); 879 } 880 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 881 switch (Size) { 882 case 8: return X86::RDI; case 4: return X86::EDI; 883 case 2: return X86::DI; case 1: return X86::DIL; 884 default: llvm_unreachable("Unexpected size"); 885 } 886 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 887 switch (Size) { 888 case 8: return X86::RSI; case 4: return X86::ESI; 889 case 2: return X86::SI; case 1: return X86::SIL; 890 default: llvm_unreachable("Unexpected size"); 891 } 892 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 893 switch (Size) { 894 case 8: return X86::RCX; case 4: return X86::ECX; 895 case 2: return X86::CX; case 1: return X86::CL; 896 default: llvm_unreachable("Unexpected size"); 897 } 898 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 899 switch (Size) { 900 case 8: return X86::RSP; case 4: return X86::ESP; 901 case 2: return X86::SP; case 1: return X86::SPL; 902 default: llvm_unreachable("Unexpected size"); 903 } 904 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 905 switch (Size) { 906 case 8: return X86::RBP; case 4: return X86::EBP; 907 case 2: return X86::BP; case 1: return X86::BPL; 908 default: llvm_unreachable("Unexpected size"); 909 } 910 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 911 switch (Size) { 912 case 8: return X86::R8; case 4: return X86::R8D; 913 case 2: return X86::R8W; case 1: return X86::R8B; 914 default: llvm_unreachable("Unexpected size"); 915 } 916 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 917 switch (Size) { 918 case 8: return X86::R9; case 4: return X86::R9D; 919 case 2: return X86::R9W; case 1: return X86::R9B; 920 default: llvm_unreachable("Unexpected size"); 921 } 922 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 923 switch (Size) { 924 case 8: return X86::R10; case 4: return X86::R10D; 925 case 2: return X86::R10W; case 1: return X86::R10B; 926 default: llvm_unreachable("Unexpected size"); 927 } 928 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 929 switch (Size) { 930 case 8: return X86::R11; case 4: return X86::R11D; 931 case 2: return X86::R11W; case 1: return X86::R11B; 932 default: llvm_unreachable("Unexpected size"); 933 } 934 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 935 switch (Size) { 936 case 8: return X86::R12; case 4: return X86::R12D; 937 case 2: return X86::R12W; case 1: return X86::R12B; 938 default: llvm_unreachable("Unexpected size"); 939 } 940 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 941 switch (Size) { 942 case 8: return X86::R13; case 4: return X86::R13D; 943 case 2: return X86::R13W; case 1: return X86::R13B; 944 default: llvm_unreachable("Unexpected size"); 945 } 946 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 947 switch (Size) { 948 case 8: return X86::R14; case 4: return X86::R14D; 949 case 2: return X86::R14W; case 1: return X86::R14B; 950 default: llvm_unreachable("Unexpected size"); 951 } 952 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 953 switch (Size) { 954 case 8: return X86::R15; case 4: return X86::R15D; 955 case 2: return X86::R15W; case 1: return X86::R15B; 956 default: llvm_unreachable("Unexpected size"); 957 } 958 default: 959 dbgs() << Reg << " (get alias sized)\n"; 960 llvm_unreachable("Unexpected reg number"); 961 break; 962 } 963 } 964 965 bool isUpper8BitReg(MCPhysReg Reg) const override { 966 switch (Reg) { 967 case X86::AH: 968 case X86::BH: 969 case X86::CH: 970 case X86::DH: 971 return true; 972 default: 973 return false; 974 } 975 } 976 977 bool cannotUseREX(const MCInst &Inst) const override { 978 switch (Inst.getOpcode()) { 979 case X86::MOV8mr_NOREX: 980 case X86::MOV8rm_NOREX: 981 case X86::MOV8rr_NOREX: 982 case X86::MOVSX32rm8_NOREX: 983 case X86::MOVSX32rr8_NOREX: 984 case X86::MOVZX32rm8_NOREX: 985 case X86::MOVZX32rr8_NOREX: 986 case X86::MOV8mr: 987 case X86::MOV8rm: 988 case X86::MOV8rr: 989 case X86::MOVSX32rm8: 990 case X86::MOVSX32rr8: 991 case X86::MOVZX32rm8: 992 case X86::MOVZX32rr8: 993 case X86::TEST8ri: 994 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 995 const MCOperand &Operand = Inst.getOperand(I); 996 if (!Operand.isReg()) 997 continue; 998 if (isUpper8BitReg(Operand.getReg())) 999 return true; 1000 } 1001 LLVM_FALLTHROUGH; 1002 default: 1003 return false; 1004 } 1005 } 1006 1007 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1008 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1009 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1010 bool &IsSimple, bool &IsIndexed) const override { 1011 // Detect simple push/pop cases first 1012 if (int Sz = getPushSize(Inst)) { 1013 IsLoad = false; 1014 IsStore = true; 1015 IsStoreFromReg = true; 1016 StackPtrReg = X86::RSP; 1017 StackOffset = -Sz; 1018 Size = Sz; 1019 IsSimple = true; 1020 if (Inst.getOperand(0).isImm()) 1021 SrcImm = Inst.getOperand(0).getImm(); 1022 else if (Inst.getOperand(0).isReg()) 1023 Reg = Inst.getOperand(0).getReg(); 1024 else 1025 IsSimple = false; 1026 1027 return true; 1028 } 1029 if (int Sz = getPopSize(Inst)) { 1030 IsLoad = true; 1031 IsStore = false; 1032 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1033 IsSimple = false; 1034 } else { 1035 Reg = Inst.getOperand(0).getReg(); 1036 IsSimple = true; 1037 } 1038 StackPtrReg = X86::RSP; 1039 StackOffset = 0; 1040 Size = Sz; 1041 return true; 1042 } 1043 1044 struct InstInfo { 1045 // Size in bytes that Inst loads from memory. 1046 uint8_t DataSize; 1047 bool IsLoad; 1048 bool IsStore; 1049 bool StoreFromReg; 1050 bool Simple; 1051 }; 1052 1053 InstInfo I; 1054 int MemOpNo = getMemoryOperandNo(Inst); 1055 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1056 // If it is not dealing with a memory operand, we discard it 1057 if (MemOpNo == -1 || MCII.isCall()) 1058 return false; 1059 1060 switch (Inst.getOpcode()) { 1061 default: { 1062 uint8_t Sz = 0; 1063 bool IsLoad = MCII.mayLoad(); 1064 bool IsStore = MCII.mayStore(); 1065 // Is it LEA? (deals with memory but is not loading nor storing) 1066 if (!IsLoad && !IsStore) 1067 return false; 1068 1069 // Try to guess data size involved in the load/store by looking at the 1070 // register size. If there's no reg involved, return 0 as size, meaning 1071 // we don't know. 1072 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1073 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1074 continue; 1075 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1076 continue; 1077 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1078 break; 1079 } 1080 I = {Sz, IsLoad, IsStore, false, false}; 1081 break; 1082 } 1083 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1084 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1085 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1086 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1087 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1088 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1089 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1090 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1091 } // end switch (Inst.getOpcode()) 1092 1093 unsigned BaseRegNum; 1094 int64_t ScaleValue; 1095 unsigned IndexRegNum; 1096 int64_t DispValue; 1097 unsigned SegRegNum; 1098 const MCExpr *DispExpr; 1099 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1100 &DispValue, &SegRegNum, &DispExpr)) { 1101 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1102 LLVM_DEBUG(Inst.dump()); 1103 return false; 1104 } 1105 1106 // Make sure it's a stack access 1107 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1108 return false; 1109 1110 IsLoad = I.IsLoad; 1111 IsStore = I.IsStore; 1112 IsStoreFromReg = I.StoreFromReg; 1113 Size = I.DataSize; 1114 IsSimple = I.Simple; 1115 StackPtrReg = BaseRegNum; 1116 StackOffset = DispValue; 1117 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1118 1119 if (!I.Simple) 1120 return true; 1121 1122 // Retrieve related register in simple MOV from/to stack operations. 1123 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1124 if (I.IsLoad) { 1125 MCOperand RegOpnd = Inst.getOperand(0); 1126 assert(RegOpnd.isReg() && "unexpected destination operand"); 1127 Reg = RegOpnd.getReg(); 1128 } else if (I.IsStore) { 1129 MCOperand SrcOpnd = 1130 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1131 if (I.StoreFromReg) { 1132 assert(SrcOpnd.isReg() && "unexpected source operand"); 1133 Reg = SrcOpnd.getReg(); 1134 } else { 1135 assert(SrcOpnd.isImm() && "unexpected source operand"); 1136 SrcImm = SrcOpnd.getImm(); 1137 } 1138 } 1139 1140 return true; 1141 } 1142 1143 void changeToPushOrPop(MCInst &Inst) const override { 1144 assert(!isPush(Inst) && !isPop(Inst)); 1145 1146 struct InstInfo { 1147 // Size in bytes that Inst loads from memory. 1148 uint8_t DataSize; 1149 bool IsLoad; 1150 bool StoreFromReg; 1151 }; 1152 1153 InstInfo I; 1154 switch (Inst.getOpcode()) { 1155 default: { 1156 llvm_unreachable("Unhandled opcode"); 1157 return; 1158 } 1159 case X86::MOV16rm: I = {2, true, false}; break; 1160 case X86::MOV32rm: I = {4, true, false}; break; 1161 case X86::MOV64rm: I = {8, true, false}; break; 1162 case X86::MOV16mr: I = {2, false, true}; break; 1163 case X86::MOV32mr: I = {4, false, true}; break; 1164 case X86::MOV64mr: I = {8, false, true}; break; 1165 case X86::MOV16mi: I = {2, false, false}; break; 1166 case X86::MOV32mi: I = {4, false, false}; break; 1167 } // end switch (Inst.getOpcode()) 1168 1169 unsigned BaseRegNum; 1170 int64_t ScaleValue; 1171 unsigned IndexRegNum; 1172 int64_t DispValue; 1173 unsigned SegRegNum; 1174 const MCExpr *DispExpr; 1175 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1176 &DispValue, &SegRegNum, &DispExpr)) { 1177 llvm_unreachable("Evaluate failed"); 1178 return; 1179 } 1180 // Make sure it's a stack access 1181 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1182 llvm_unreachable("Not a stack access"); 1183 return; 1184 } 1185 1186 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1187 unsigned NewOpcode = 0; 1188 if (I.IsLoad) { 1189 switch (I.DataSize) { 1190 case 2: NewOpcode = X86::POP16r; break; 1191 case 4: NewOpcode = X86::POP32r; break; 1192 case 8: NewOpcode = X86::POP64r; break; 1193 default: 1194 llvm_unreachable("Unexpected size"); 1195 } 1196 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1197 Inst.clear(); 1198 Inst.setOpcode(NewOpcode); 1199 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1200 } else { 1201 MCOperand SrcOpnd = 1202 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1203 if (I.StoreFromReg) { 1204 switch (I.DataSize) { 1205 case 2: NewOpcode = X86::PUSH16r; break; 1206 case 4: NewOpcode = X86::PUSH32r; break; 1207 case 8: NewOpcode = X86::PUSH64r; break; 1208 default: 1209 llvm_unreachable("Unexpected size"); 1210 } 1211 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1212 unsigned RegOpndNum = SrcOpnd.getReg(); 1213 Inst.clear(); 1214 Inst.setOpcode(NewOpcode); 1215 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1216 } else { 1217 switch (I.DataSize) { 1218 case 2: NewOpcode = X86::PUSH16i8; break; 1219 case 4: NewOpcode = X86::PUSH32i8; break; 1220 case 8: NewOpcode = X86::PUSH64i32; break; 1221 default: 1222 llvm_unreachable("Unexpected size"); 1223 } 1224 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1225 int64_t SrcImm = SrcOpnd.getImm(); 1226 Inst.clear(); 1227 Inst.setOpcode(NewOpcode); 1228 Inst.addOperand(MCOperand::createImm(SrcImm)); 1229 } 1230 } 1231 } 1232 1233 bool isStackAdjustment(const MCInst &Inst) const override { 1234 switch (Inst.getOpcode()) { 1235 default: 1236 return false; 1237 case X86::SUB64ri32: 1238 case X86::SUB64ri8: 1239 case X86::ADD64ri32: 1240 case X86::ADD64ri8: 1241 case X86::LEA64r: 1242 break; 1243 } 1244 1245 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1246 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1247 const MCOperand &Operand = Inst.getOperand(I); 1248 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1249 return true; 1250 } 1251 return false; 1252 } 1253 1254 bool evaluateSimple(const MCInst &Inst, int64_t &Output, 1255 std::pair<MCPhysReg, int64_t> Input1, 1256 std::pair<MCPhysReg, int64_t> Input2) const override { 1257 1258 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1259 if (Reg == Input1.first) 1260 return Input1.second; 1261 if (Reg == Input2.first) 1262 return Input2.second; 1263 return make_error_code(errc::result_out_of_range); 1264 }; 1265 1266 switch (Inst.getOpcode()) { 1267 default: 1268 return false; 1269 1270 case X86::AND64ri32: 1271 case X86::AND64ri8: 1272 if (!Inst.getOperand(2).isImm()) 1273 return false; 1274 if (ErrorOr<int64_t> InputVal = 1275 getOperandVal(Inst.getOperand(1).getReg())) 1276 Output = *InputVal & Inst.getOperand(2).getImm(); 1277 else 1278 return false; 1279 break; 1280 case X86::SUB64ri32: 1281 case X86::SUB64ri8: 1282 if (!Inst.getOperand(2).isImm()) 1283 return false; 1284 if (ErrorOr<int64_t> InputVal = 1285 getOperandVal(Inst.getOperand(1).getReg())) 1286 Output = *InputVal - Inst.getOperand(2).getImm(); 1287 else 1288 return false; 1289 break; 1290 case X86::ADD64ri32: 1291 case X86::ADD64ri8: 1292 if (!Inst.getOperand(2).isImm()) 1293 return false; 1294 if (ErrorOr<int64_t> InputVal = 1295 getOperandVal(Inst.getOperand(1).getReg())) 1296 Output = *InputVal + Inst.getOperand(2).getImm(); 1297 else 1298 return false; 1299 break; 1300 case X86::ADD64i32: 1301 if (!Inst.getOperand(0).isImm()) 1302 return false; 1303 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1304 Output = *InputVal + Inst.getOperand(0).getImm(); 1305 else 1306 return false; 1307 break; 1308 1309 case X86::LEA64r: { 1310 unsigned BaseRegNum; 1311 int64_t ScaleValue; 1312 unsigned IndexRegNum; 1313 int64_t DispValue; 1314 unsigned SegRegNum; 1315 const MCExpr *DispExpr = nullptr; 1316 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1317 &IndexRegNum, &DispValue, &SegRegNum, 1318 &DispExpr)) 1319 return false; 1320 1321 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1322 SegRegNum != X86::NoRegister || DispExpr) 1323 return false; 1324 1325 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1326 Output = *InputVal + DispValue; 1327 else 1328 return false; 1329 1330 break; 1331 } 1332 } 1333 return true; 1334 } 1335 1336 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1337 MCPhysReg &To) const override { 1338 switch (Inst.getOpcode()) { 1339 default: 1340 return false; 1341 case X86::LEAVE: 1342 case X86::LEAVE64: 1343 To = getStackPointer(); 1344 From = getFramePointer(); 1345 return true; 1346 case X86::MOV64rr: 1347 To = Inst.getOperand(0).getReg(); 1348 From = Inst.getOperand(1).getReg(); 1349 return true; 1350 } 1351 } 1352 1353 MCPhysReg getStackPointer() const override { return X86::RSP; } 1354 MCPhysReg getFramePointer() const override { return X86::RBP; } 1355 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1356 1357 bool escapesVariable(const MCInst &Inst, 1358 bool HasFramePointer) const override { 1359 int MemOpNo = getMemoryOperandNo(Inst); 1360 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1361 const unsigned NumDefs = MCII.getNumDefs(); 1362 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1363 getAliases(X86::RBP)); 1364 static BitVector SPAliases(getAliases(X86::RSP)); 1365 1366 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1367 // because a lot of harmless prologue code will spill SP to the stack. 1368 // Unless push is clearly pushing an object address to the stack as 1369 // demonstrated by having a MemOp. 1370 bool IsPush = isPush(Inst); 1371 if (IsPush && MemOpNo == -1) 1372 return false; 1373 1374 // We use this to detect LEA (has memop but does not access mem) 1375 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1376 bool DoesLeak = false; 1377 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1378 // Ignore if SP/BP is used to dereference memory -- that's fine 1379 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1380 I <= MemOpNo + 5) 1381 continue; 1382 // Ignore if someone is writing to SP/BP 1383 if (I < static_cast<int>(NumDefs)) 1384 continue; 1385 1386 const MCOperand &Operand = Inst.getOperand(I); 1387 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1388 DoesLeak = true; 1389 break; 1390 } 1391 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1392 DoesLeak = true; 1393 break; 1394 } 1395 } 1396 1397 // If potential leak, check if it is not just writing to itself/sp/bp 1398 if (DoesLeak) { 1399 for (int I = 0, E = NumDefs; I != E; ++I) { 1400 const MCOperand &Operand = Inst.getOperand(I); 1401 if (HasFramePointer && Operand.isReg() && 1402 SPBPAliases[Operand.getReg()]) { 1403 DoesLeak = false; 1404 break; 1405 } 1406 if (!HasFramePointer && Operand.isReg() && 1407 SPAliases[Operand.getReg()]) { 1408 DoesLeak = false; 1409 break; 1410 } 1411 } 1412 } 1413 return DoesLeak; 1414 } 1415 1416 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1417 unsigned ImmOpNo = -1U; 1418 int MemOpNo = getMemoryOperandNo(Inst); 1419 if (MemOpNo != -1) 1420 ImmOpNo = MemOpNo + X86::AddrDisp; 1421 else 1422 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1423 ++Index) 1424 if (Inst.getOperand(Index).isImm()) 1425 ImmOpNo = Index; 1426 if (ImmOpNo == -1U) 1427 return false; 1428 1429 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1430 Amt += Operand.getImm(); 1431 Operand.setImm(Amt); 1432 // Check for the need for relaxation 1433 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1434 return true; 1435 1436 // Relax instruction 1437 switch (Inst.getOpcode()) { 1438 case X86::SUB64ri8: 1439 Inst.setOpcode(X86::SUB64ri32); 1440 break; 1441 case X86::ADD64ri8: 1442 Inst.setOpcode(X86::ADD64ri32); 1443 break; 1444 default: 1445 // No need for relaxation 1446 break; 1447 } 1448 return true; 1449 } 1450 1451 /// TODO: this implementation currently works for the most common opcodes that 1452 /// load from memory. It can be extended to work with memory store opcodes as 1453 /// well as more memory load opcodes. 1454 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1455 uint64_t Offset) const override { 1456 enum CheckSignExt : uint8_t { 1457 NOCHECK = 0, 1458 CHECK8, 1459 CHECK32, 1460 }; 1461 1462 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1463 struct InstInfo { 1464 // Size in bytes that Inst loads from memory. 1465 uint8_t DataSize; 1466 1467 // True when the target operand has to be duplicated because the opcode 1468 // expects a LHS operand. 1469 bool HasLHS; 1470 1471 // List of checks and corresponding opcodes to be used. We try to use the 1472 // smallest possible immediate value when various sizes are available, 1473 // hence we may need to check whether a larger constant fits in a smaller 1474 // immediate. 1475 CheckList Checks; 1476 }; 1477 1478 InstInfo I; 1479 1480 switch (Inst.getOpcode()) { 1481 default: { 1482 switch (getPopSize(Inst)) { 1483 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1484 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1485 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1486 {NOCHECK, X86::MOV64rm}}}; break; 1487 default: return false; 1488 } 1489 break; 1490 } 1491 1492 // MOV 1493 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1494 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1495 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1496 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1497 {NOCHECK, X86::MOV64rm}}}; break; 1498 1499 // MOVZX 1500 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1501 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1502 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1503 1504 // CMP 1505 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1506 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1507 {NOCHECK, X86::CMP16ri}}}; break; 1508 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1509 {NOCHECK, X86::CMP32ri}}}; break; 1510 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1511 {CHECK32, X86::CMP64ri32}, 1512 {NOCHECK, X86::CMP64rm}}}; break; 1513 1514 // TEST 1515 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1516 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1517 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1518 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1519 {NOCHECK, X86::TEST64mr}}}; break; 1520 1521 // ADD 1522 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1523 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1524 {NOCHECK, X86::ADD16ri}}}; break; 1525 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1526 {NOCHECK, X86::ADD32ri}}}; break; 1527 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1528 {CHECK32, X86::ADD64ri32}, 1529 {NOCHECK, X86::ADD64rm}}}; break; 1530 1531 // SUB 1532 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1533 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1534 {NOCHECK, X86::SUB16ri}}}; break; 1535 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1536 {NOCHECK, X86::SUB32ri}}}; break; 1537 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1538 {CHECK32, X86::SUB64ri32}, 1539 {NOCHECK, X86::SUB64rm}}}; break; 1540 1541 // AND 1542 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1543 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1544 {NOCHECK, X86::AND16ri}}}; break; 1545 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1546 {NOCHECK, X86::AND32ri}}}; break; 1547 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1548 {CHECK32, X86::AND64ri32}, 1549 {NOCHECK, X86::AND64rm}}}; break; 1550 1551 // OR 1552 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1553 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1554 {NOCHECK, X86::OR16ri}}}; break; 1555 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1556 {NOCHECK, X86::OR32ri}}}; break; 1557 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1558 {CHECK32, X86::OR64ri32}, 1559 {NOCHECK, X86::OR64rm}}}; break; 1560 1561 // XOR 1562 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1563 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1564 {NOCHECK, X86::XOR16ri}}}; break; 1565 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1566 {NOCHECK, X86::XOR32ri}}}; break; 1567 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1568 {CHECK32, X86::XOR64ri32}, 1569 {NOCHECK, X86::XOR64rm}}}; break; 1570 } 1571 1572 // Compute the immediate value. 1573 assert(Offset + I.DataSize <= ConstantData.size() && 1574 "invalid offset for given constant data"); 1575 int64_t ImmVal = 1576 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1577 1578 // Compute the new opcode. 1579 unsigned NewOpcode = 0; 1580 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1581 NewOpcode = Check.second; 1582 if (Check.first == NOCHECK) 1583 break; 1584 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1585 break; 1586 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1587 break; 1588 } 1589 if (NewOpcode == Inst.getOpcode()) 1590 return false; 1591 1592 // Modify the instruction. 1593 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1594 uint32_t TargetOpNum = 0; 1595 // Test instruction does not follow the regular pattern of putting the 1596 // memory reference of a load (5 MCOperands) last in the list of operands. 1597 // Since it is not modifying the register operand, it is not treated as 1598 // a destination operand and it is not the first operand as it is in the 1599 // other instructions we treat here. 1600 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1601 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1602 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1603 1604 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1605 Inst.clear(); 1606 Inst.setOpcode(NewOpcode); 1607 Inst.addOperand(TargetOp); 1608 if (I.HasLHS) 1609 Inst.addOperand(TargetOp); 1610 Inst.addOperand(ImmOp); 1611 1612 return true; 1613 } 1614 1615 /// TODO: this implementation currently works for the most common opcodes that 1616 /// load from memory. It can be extended to work with memory store opcodes as 1617 /// well as more memory load opcodes. 1618 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1619 unsigned NewOpcode; 1620 1621 switch (Inst.getOpcode()) { 1622 default: { 1623 switch (getPopSize(Inst)) { 1624 case 2: NewOpcode = X86::MOV16rr; break; 1625 case 4: NewOpcode = X86::MOV32rr; break; 1626 case 8: NewOpcode = X86::MOV64rr; break; 1627 default: return false; 1628 } 1629 break; 1630 } 1631 1632 // MOV 1633 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1634 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1635 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1636 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1637 } 1638 1639 // Modify the instruction. 1640 MCOperand RegOp = MCOperand::createReg(RegNum); 1641 MCOperand TargetOp = Inst.getOperand(0); 1642 Inst.clear(); 1643 Inst.setOpcode(NewOpcode); 1644 Inst.addOperand(TargetOp); 1645 Inst.addOperand(RegOp); 1646 1647 return true; 1648 } 1649 1650 bool isRedundantMove(const MCInst &Inst) const override { 1651 switch (Inst.getOpcode()) { 1652 default: 1653 return false; 1654 1655 // MOV 1656 case X86::MOV8rr: 1657 case X86::MOV16rr: 1658 case X86::MOV32rr: 1659 case X86::MOV64rr: 1660 break; 1661 } 1662 1663 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1664 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1665 } 1666 1667 bool requiresAlignedAddress(const MCInst &Inst) const override { 1668 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1669 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1670 const MCOperandInfo &Op = Desc.OpInfo[I]; 1671 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1672 continue; 1673 if (Op.RegClass == X86::VR128RegClassID) 1674 return true; 1675 } 1676 return false; 1677 } 1678 1679 bool convertJmpToTailCall(MCInst &Inst) override { 1680 if (isTailCall(Inst)) 1681 return false; 1682 1683 int NewOpcode; 1684 switch (Inst.getOpcode()) { 1685 default: 1686 return false; 1687 case X86::JMP_1: 1688 case X86::JMP_2: 1689 case X86::JMP_4: 1690 NewOpcode = X86::JMP_4; 1691 break; 1692 case X86::JMP16m: 1693 case X86::JMP32m: 1694 case X86::JMP64m: 1695 NewOpcode = X86::JMP32m; 1696 break; 1697 case X86::JMP16r: 1698 case X86::JMP32r: 1699 case X86::JMP64r: 1700 NewOpcode = X86::JMP32r; 1701 break; 1702 } 1703 1704 Inst.setOpcode(NewOpcode); 1705 setTailCall(Inst); 1706 return true; 1707 } 1708 1709 bool convertTailCallToJmp(MCInst &Inst) override { 1710 int NewOpcode; 1711 switch (Inst.getOpcode()) { 1712 default: 1713 return false; 1714 case X86::JMP_4: 1715 NewOpcode = X86::JMP_1; 1716 break; 1717 case X86::JMP32m: 1718 NewOpcode = X86::JMP64m; 1719 break; 1720 case X86::JMP32r: 1721 NewOpcode = X86::JMP64r; 1722 break; 1723 } 1724 1725 Inst.setOpcode(NewOpcode); 1726 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1727 clearOffset(Inst); 1728 return true; 1729 } 1730 1731 bool convertTailCallToCall(MCInst &Inst) override { 1732 int NewOpcode; 1733 switch (Inst.getOpcode()) { 1734 default: 1735 return false; 1736 case X86::JMP_4: 1737 NewOpcode = X86::CALL64pcrel32; 1738 break; 1739 case X86::JMP32m: 1740 NewOpcode = X86::CALL64m; 1741 break; 1742 case X86::JMP32r: 1743 NewOpcode = X86::CALL64r; 1744 break; 1745 } 1746 1747 Inst.setOpcode(NewOpcode); 1748 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1749 return true; 1750 } 1751 1752 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1753 MCContext *Ctx) override { 1754 bool IsTailCall = isTailCall(Inst); 1755 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 1756 (Inst.getOpcode() == X86::JMP_4 && IsTailCall)) && 1757 "64-bit direct (tail) call instruction expected"); 1758 const auto NewOpcode = 1759 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 1760 Inst.setOpcode(NewOpcode); 1761 1762 // Replace the first operand and preserve auxiliary operands of 1763 // the instruction. 1764 Inst.erase(Inst.begin()); 1765 Inst.insert(Inst.begin(), 1766 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 1767 Inst.insert(Inst.begin(), 1768 MCOperand::createExpr( // Displacement 1769 MCSymbolRefExpr::create(TargetLocation, 1770 MCSymbolRefExpr::VK_None, *Ctx))); 1771 Inst.insert(Inst.begin(), 1772 MCOperand::createReg(X86::NoRegister)); // IndexReg 1773 Inst.insert(Inst.begin(), 1774 MCOperand::createImm(1)); // ScaleAmt 1775 Inst.insert(Inst.begin(), 1776 MCOperand::createReg(X86::RIP)); // BaseReg 1777 1778 return true; 1779 } 1780 1781 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 1782 bool IsTailCall = isTailCall(Inst); 1783 if (IsTailCall) 1784 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1785 if (Inst.getOpcode() == X86::CALL64m || 1786 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 1787 Inst.setOpcode(X86::MOV64rm); 1788 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1789 return; 1790 } 1791 if (Inst.getOpcode() == X86::CALL64r || 1792 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 1793 Inst.setOpcode(X86::MOV64rr); 1794 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1795 return; 1796 } 1797 LLVM_DEBUG(Inst.dump()); 1798 llvm_unreachable("not implemented"); 1799 } 1800 1801 bool shortenInstruction(MCInst &Inst, 1802 const MCSubtargetInfo &STI) const override { 1803 unsigned OldOpcode = Inst.getOpcode(); 1804 unsigned NewOpcode = OldOpcode; 1805 1806 int MemOpNo = getMemoryOperandNo(Inst); 1807 1808 // Check and remove redundant Address-Size override prefix. 1809 if (opts::X86StripRedundantAddressSize) { 1810 uint64_t TSFlags = Info->get(OldOpcode).TSFlags; 1811 unsigned Flags = Inst.getFlags(); 1812 1813 if (!X86_MC::needsAddressSizeOverride(Inst, STI, MemOpNo, TSFlags) && 1814 Flags & X86::IP_HAS_AD_SIZE) 1815 Inst.setFlags(Flags ^ X86::IP_HAS_AD_SIZE); 1816 } 1817 1818 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where 1819 // SIB byte is present, but no index is used and modrm alone should have 1820 // been enough. Converting to NoRegister effectively removes the SIB byte. 1821 if (MemOpNo >= 0) { 1822 MCOperand &IndexOp = 1823 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 1824 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 1825 IndexOp = MCOperand::createReg(X86::NoRegister); 1826 } 1827 1828 if (isBranch(Inst)) { 1829 NewOpcode = getShortBranchOpcode(OldOpcode); 1830 } else if (OldOpcode == X86::MOV64ri) { 1831 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1832 const int64_t Imm = 1833 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1834 if (int64_t(Imm) == int64_t(int32_t(Imm))) 1835 NewOpcode = X86::MOV64ri32; 1836 } 1837 } else { 1838 // If it's arithmetic instruction check if signed operand fits in 1 byte. 1839 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 1840 if (ShortOpcode != OldOpcode && 1841 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1842 int64_t Imm = 1843 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1844 if (int64_t(Imm) == int64_t(int8_t(Imm))) 1845 NewOpcode = ShortOpcode; 1846 } 1847 } 1848 1849 if (NewOpcode == OldOpcode) 1850 return false; 1851 1852 Inst.setOpcode(NewOpcode); 1853 return true; 1854 } 1855 1856 bool 1857 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 1858 bool AllowBasePtrStackMemOp) const override { 1859 // - Register-register moves are OK 1860 // - Stores are filtered out by opcode (no store CMOV) 1861 // - Non-stack loads are prohibited (generally unsafe) 1862 // - Stack loads are OK if AllowStackMemOp is true 1863 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 1864 if (isLoad(Inst)) { 1865 // If stack memory operands are not allowed, no loads are allowed 1866 if (!AllowStackMemOp) 1867 return false; 1868 1869 // If stack memory operands are allowed, check if it's a load from stack 1870 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 1871 MCPhysReg Reg; 1872 int32_t SrcImm; 1873 uint16_t StackPtrReg; 1874 int64_t StackOffset; 1875 uint8_t Size; 1876 bool IsStackAccess = 1877 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 1878 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 1879 // Prohibit non-stack-based loads 1880 if (!IsStackAccess) 1881 return false; 1882 // If stack memory operands are allowed, check if it's RBP-based 1883 if (!AllowBasePtrStackMemOp && 1884 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 1885 return false; 1886 } 1887 1888 unsigned NewOpcode = 0; 1889 switch (Inst.getOpcode()) { 1890 case X86::MOV16rr: 1891 NewOpcode = X86::CMOV16rr; 1892 break; 1893 case X86::MOV16rm: 1894 NewOpcode = X86::CMOV16rm; 1895 break; 1896 case X86::MOV32rr: 1897 NewOpcode = X86::CMOV32rr; 1898 break; 1899 case X86::MOV32rm: 1900 NewOpcode = X86::CMOV32rm; 1901 break; 1902 case X86::MOV64rr: 1903 NewOpcode = X86::CMOV64rr; 1904 break; 1905 case X86::MOV64rm: 1906 NewOpcode = X86::CMOV64rm; 1907 break; 1908 default: 1909 return false; 1910 } 1911 Inst.setOpcode(NewOpcode); 1912 // Insert CC at the end of prime operands, before annotations 1913 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 1914 MCOperand::createImm(CC)); 1915 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 1916 Inst.insert(Inst.begin(), Inst.getOperand(0)); 1917 return true; 1918 } 1919 1920 bool lowerTailCall(MCInst &Inst) override { 1921 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 1922 Inst.setOpcode(X86::JMP_1); 1923 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1924 return true; 1925 } 1926 return false; 1927 } 1928 1929 const MCSymbol *getTargetSymbol(const MCInst &Inst, 1930 unsigned OpNum = 0) const override { 1931 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 1932 return nullptr; 1933 1934 const MCOperand &Op = Inst.getOperand(OpNum); 1935 if (!Op.isExpr()) 1936 return nullptr; 1937 1938 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 1939 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 1940 return nullptr; 1941 1942 return &SymExpr->getSymbol(); 1943 } 1944 1945 // This is the same as the base class, but since we are overriding one of 1946 // getTargetSymbol's signatures above, we need to override all of them. 1947 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 1948 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 1949 } 1950 1951 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 1952 const MCSymbol *&TBB, const MCSymbol *&FBB, 1953 MCInst *&CondBranch, 1954 MCInst *&UncondBranch) const override { 1955 auto I = End; 1956 1957 // Bottom-up analysis 1958 while (I != Begin) { 1959 --I; 1960 1961 // Ignore nops and CFIs 1962 if (isPseudo(*I)) 1963 continue; 1964 1965 // Stop when we find the first non-terminator 1966 if (!isTerminator(*I)) 1967 break; 1968 1969 if (!isBranch(*I)) 1970 break; 1971 1972 // Handle unconditional branches. 1973 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 1974 I->getOpcode() == X86::JMP_4) && 1975 !isTailCall(*I)) { 1976 // If any code was seen after this unconditional branch, we've seen 1977 // unreachable code. Ignore them. 1978 CondBranch = nullptr; 1979 UncondBranch = &*I; 1980 const MCSymbol *Sym = getTargetSymbol(*I); 1981 assert(Sym != nullptr && 1982 "Couldn't extract BB symbol from jump operand"); 1983 TBB = Sym; 1984 continue; 1985 } 1986 1987 // Handle conditional branches and ignore indirect branches 1988 if (!isUnsupportedBranch(I->getOpcode()) && 1989 getCondCode(*I) == X86::COND_INVALID) { 1990 // Indirect branch 1991 return false; 1992 } 1993 1994 if (CondBranch == nullptr) { 1995 const MCSymbol *TargetBB = getTargetSymbol(*I); 1996 if (TargetBB == nullptr) { 1997 // Unrecognized branch target 1998 return false; 1999 } 2000 FBB = TBB; 2001 TBB = TargetBB; 2002 CondBranch = &*I; 2003 continue; 2004 } 2005 2006 llvm_unreachable("multiple conditional branches in one BB"); 2007 } 2008 return true; 2009 } 2010 2011 template <typename Itr> 2012 std::pair<IndirectBranchType, MCInst *> 2013 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2014 // Analyze PIC-style jump table code template: 2015 // 2016 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2017 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2018 // add %r2, %r1 2019 // jmp *%r1 2020 // 2021 // (with any irrelevant instructions in-between) 2022 // 2023 // When we call this helper we've already determined %r1 and %r2, and 2024 // reverse instruction iterator \p II is pointing to the ADD instruction. 2025 // 2026 // PIC jump table looks like following: 2027 // 2028 // JT: ---------- 2029 // E1:| L1 - JT | 2030 // |----------| 2031 // E2:| L2 - JT | 2032 // |----------| 2033 // | | 2034 // ...... 2035 // En:| Ln - JT | 2036 // ---------- 2037 // 2038 // Where L1, L2, ..., Ln represent labels in the function. 2039 // 2040 // The actual relocations in the table will be of the form: 2041 // 2042 // Ln - JT 2043 // = (Ln - En) + (En - JT) 2044 // = R_X86_64_PC32(Ln) + En - JT 2045 // = R_X86_64_PC32(Ln + offsetof(En)) 2046 // 2047 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2048 MCInst *MemLocInstr = nullptr; 2049 const MCInst *MovInstr = nullptr; 2050 while (++II != IE) { 2051 MCInst &Instr = *II; 2052 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2053 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2054 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2055 // Ignore instructions that don't affect R1, R2 registers. 2056 continue; 2057 } 2058 if (!MovInstr) { 2059 // Expect to see MOV instruction. 2060 if (!isMOVSX64rm32(Instr)) { 2061 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2062 break; 2063 } 2064 2065 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2066 // If it sets %r1 - rename the registers so we have to only check 2067 // a single form. 2068 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2069 if (MovDestReg != R2) 2070 std::swap(R1, R2); 2071 if (MovDestReg != R2) { 2072 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2073 break; 2074 } 2075 2076 // Verify operands for MOV. 2077 unsigned BaseRegNum; 2078 int64_t ScaleValue; 2079 unsigned IndexRegNum; 2080 int64_t DispValue; 2081 unsigned SegRegNum; 2082 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2083 &IndexRegNum, &DispValue, &SegRegNum)) 2084 break; 2085 if (BaseRegNum != R1 || ScaleValue != 4 || 2086 IndexRegNum == X86::NoRegister || DispValue != 0 || 2087 SegRegNum != X86::NoRegister) 2088 break; 2089 MovInstr = &Instr; 2090 } else { 2091 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2092 continue; 2093 if (!isLEA64r(Instr)) { 2094 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2095 break; 2096 } 2097 if (Instr.getOperand(0).getReg() != R1) { 2098 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2099 break; 2100 } 2101 2102 // Verify operands for LEA. 2103 unsigned BaseRegNum; 2104 int64_t ScaleValue; 2105 unsigned IndexRegNum; 2106 const MCExpr *DispExpr = nullptr; 2107 int64_t DispValue; 2108 unsigned SegRegNum; 2109 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2110 &IndexRegNum, &DispValue, &SegRegNum, 2111 &DispExpr)) 2112 break; 2113 if (BaseRegNum != RegInfo->getProgramCounter() || 2114 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2115 DispExpr == nullptr) 2116 break; 2117 MemLocInstr = &Instr; 2118 break; 2119 } 2120 } 2121 2122 if (!MemLocInstr) 2123 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2124 2125 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2126 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2127 MemLocInstr); 2128 } 2129 2130 IndirectBranchType analyzeIndirectBranch( 2131 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2132 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2133 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2134 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2135 // Try to find a (base) memory location from where the address for 2136 // the indirect branch is loaded. For X86-64 the memory will be specified 2137 // in the following format: 2138 // 2139 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2140 // 2141 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2142 // the contents of the memory are presumably an array of pointers to code. 2143 // 2144 // Normal jump table: 2145 // 2146 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2147 // 2148 // or 2149 // 2150 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2151 // ... 2152 // jmp %r1 2153 // 2154 // We handle PIC-style jump tables separately. 2155 // 2156 MemLocInstrOut = nullptr; 2157 BaseRegNumOut = X86::NoRegister; 2158 IndexRegNumOut = X86::NoRegister; 2159 DispValueOut = 0; 2160 DispExprOut = nullptr; 2161 2162 std::reverse_iterator<InstructionIterator> II(End); 2163 std::reverse_iterator<InstructionIterator> IE(Begin); 2164 2165 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2166 2167 // An instruction referencing memory used by jump instruction (directly or 2168 // via register). This location could be an array of function pointers 2169 // in case of indirect tail call, or a jump table. 2170 MCInst *MemLocInstr = nullptr; 2171 2172 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2173 // If the indirect jump is on register - try to detect if the 2174 // register value is loaded from a memory location. 2175 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2176 const unsigned R1 = Instruction.getOperand(0).getReg(); 2177 // Check if one of the previous instructions defines the jump-on register. 2178 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2179 MCInst &PrevInstr = *PrevII; 2180 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2181 2182 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2183 continue; 2184 2185 if (isMoveMem2Reg(PrevInstr)) { 2186 MemLocInstr = &PrevInstr; 2187 break; 2188 } 2189 if (isADD64rr(PrevInstr)) { 2190 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2191 if (R1 == R2) 2192 return IndirectBranchType::UNKNOWN; 2193 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2194 break; 2195 } 2196 return IndirectBranchType::UNKNOWN; 2197 } 2198 if (!MemLocInstr) { 2199 // No definition seen for the register in this function so far. Could be 2200 // an input parameter - which means it is an external code reference. 2201 // It also could be that the definition happens to be in the code that 2202 // we haven't processed yet. Since we have to be conservative, return 2203 // as UNKNOWN case. 2204 return IndirectBranchType::UNKNOWN; 2205 } 2206 } else { 2207 MemLocInstr = &Instruction; 2208 } 2209 2210 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2211 2212 // Analyze the memory location. 2213 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2214 int64_t ScaleValue, DispValue; 2215 const MCExpr *DispExpr; 2216 2217 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2218 &IndexRegNum, &DispValue, &SegRegNum, 2219 &DispExpr)) 2220 return IndirectBranchType::UNKNOWN; 2221 2222 BaseRegNumOut = BaseRegNum; 2223 IndexRegNumOut = IndexRegNum; 2224 DispValueOut = DispValue; 2225 DispExprOut = DispExpr; 2226 2227 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2228 SegRegNum != X86::NoRegister) 2229 return IndirectBranchType::UNKNOWN; 2230 2231 if (MemLocInstr == &Instruction && 2232 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2233 MemLocInstrOut = MemLocInstr; 2234 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2235 } 2236 2237 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2238 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2239 return IndirectBranchType::UNKNOWN; 2240 2241 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2242 ScaleValue != PtrSize) 2243 return IndirectBranchType::UNKNOWN; 2244 2245 MemLocInstrOut = MemLocInstr; 2246 2247 return Type; 2248 } 2249 2250 /// Analyze a callsite to see if it could be a virtual method call. This only 2251 /// checks to see if the overall pattern is satisfied, it does not guarantee 2252 /// that the callsite is a true virtual method call. 2253 /// The format of virtual method calls that are recognized is one of the 2254 /// following: 2255 /// 2256 /// Form 1: (found in debug code) 2257 /// add METHOD_OFFSET, %VtableReg 2258 /// mov (%VtableReg), %MethodReg 2259 /// ... 2260 /// call or jmp *%MethodReg 2261 /// 2262 /// Form 2: 2263 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2264 /// ... 2265 /// call or jmp *%MethodReg 2266 /// 2267 /// Form 3: 2268 /// ... 2269 /// call or jmp *METHOD_OFFSET(%VtableReg) 2270 /// 2271 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2272 InstructionIterator ForwardEnd, 2273 std::vector<MCInst *> &MethodFetchInsns, 2274 unsigned &VtableRegNum, unsigned &MethodRegNum, 2275 uint64_t &MethodOffset) const override { 2276 VtableRegNum = X86::NoRegister; 2277 MethodRegNum = X86::NoRegister; 2278 MethodOffset = 0; 2279 2280 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2281 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2282 2283 MCInst &CallInst = *Itr++; 2284 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2285 2286 unsigned BaseReg, IndexReg, SegmentReg; 2287 int64_t Scale, Disp; 2288 const MCExpr *DispExpr; 2289 2290 // The call can just be jmp offset(reg) 2291 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2292 &SegmentReg, &DispExpr)) { 2293 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2294 BaseReg != X86::NoRegister) { 2295 MethodRegNum = BaseReg; 2296 if (Scale == 1 && IndexReg == X86::NoRegister && 2297 SegmentReg == X86::NoRegister) { 2298 VtableRegNum = MethodRegNum; 2299 MethodOffset = Disp; 2300 MethodFetchInsns.push_back(&CallInst); 2301 return true; 2302 } 2303 } 2304 return false; 2305 } 2306 if (CallInst.getOperand(0).isReg()) 2307 MethodRegNum = CallInst.getOperand(0).getReg(); 2308 else 2309 return false; 2310 2311 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2312 VtableRegNum = X86::NoRegister; 2313 MethodRegNum = X86::NoRegister; 2314 return false; 2315 } 2316 2317 // find load from vtable, this may or may not include the method offset 2318 while (Itr != End) { 2319 MCInst &CurInst = *Itr++; 2320 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2321 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2322 if (isLoad(CurInst) && 2323 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2324 &Disp, &SegmentReg, &DispExpr)) { 2325 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2326 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2327 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2328 BaseReg != X86::RIP) { 2329 VtableRegNum = BaseReg; 2330 MethodOffset = Disp; 2331 MethodFetchInsns.push_back(&CurInst); 2332 if (MethodOffset != 0) 2333 return true; 2334 break; 2335 } 2336 } 2337 return false; 2338 } 2339 } 2340 2341 if (!VtableRegNum) 2342 return false; 2343 2344 // look for any adds affecting the method register. 2345 while (Itr != End) { 2346 MCInst &CurInst = *Itr++; 2347 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2348 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2349 if (isADDri(CurInst)) { 2350 assert(!MethodOffset); 2351 MethodOffset = CurInst.getOperand(2).getImm(); 2352 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2353 break; 2354 } 2355 } 2356 } 2357 2358 return true; 2359 } 2360 2361 bool createStackPointerIncrement(MCInst &Inst, int Size, 2362 bool NoFlagsClobber) const override { 2363 if (NoFlagsClobber) { 2364 Inst.setOpcode(X86::LEA64r); 2365 Inst.clear(); 2366 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2367 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2368 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2369 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2370 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2371 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2372 return true; 2373 } 2374 Inst.setOpcode(X86::SUB64ri8); 2375 Inst.clear(); 2376 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2377 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2378 Inst.addOperand(MCOperand::createImm(Size)); 2379 return true; 2380 } 2381 2382 bool createStackPointerDecrement(MCInst &Inst, int Size, 2383 bool NoFlagsClobber) const override { 2384 if (NoFlagsClobber) { 2385 Inst.setOpcode(X86::LEA64r); 2386 Inst.clear(); 2387 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2388 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2389 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2390 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2391 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2392 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2393 return true; 2394 } 2395 Inst.setOpcode(X86::ADD64ri8); 2396 Inst.clear(); 2397 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2398 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2399 Inst.addOperand(MCOperand::createImm(Size)); 2400 return true; 2401 } 2402 2403 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2404 const MCPhysReg &SrcReg, int Size) const override { 2405 unsigned NewOpcode; 2406 switch (Size) { 2407 default: 2408 return false; 2409 case 2: NewOpcode = X86::MOV16mr; break; 2410 case 4: NewOpcode = X86::MOV32mr; break; 2411 case 8: NewOpcode = X86::MOV64mr; break; 2412 } 2413 Inst.setOpcode(NewOpcode); 2414 Inst.clear(); 2415 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2416 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2417 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2418 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2419 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2420 Inst.addOperand(MCOperand::createReg(SrcReg)); 2421 return true; 2422 } 2423 2424 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2425 int Offset, const MCPhysReg &DstReg, 2426 int Size) const override { 2427 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2428 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2429 DstReg, Size); 2430 } 2431 2432 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2433 const MCPhysReg &IndexReg, int64_t Offset, 2434 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2435 const MCPhysReg &DstReg, int Size) const override { 2436 unsigned NewOpcode; 2437 switch (Size) { 2438 default: 2439 return false; 2440 case 2: NewOpcode = X86::MOV16rm; break; 2441 case 4: NewOpcode = X86::MOV32rm; break; 2442 case 8: NewOpcode = X86::MOV64rm; break; 2443 } 2444 Inst.setOpcode(NewOpcode); 2445 Inst.clear(); 2446 Inst.addOperand(MCOperand::createReg(DstReg)); 2447 Inst.addOperand(MCOperand::createReg(BaseReg)); 2448 Inst.addOperand(MCOperand::createImm(Scale)); 2449 Inst.addOperand(MCOperand::createReg(IndexReg)); 2450 if (OffsetExpr) 2451 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2452 else 2453 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2454 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2455 return true; 2456 } 2457 2458 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2459 uint32_t Imm) const override { 2460 Inst.setOpcode(X86::MOV64ri32); 2461 Inst.clear(); 2462 Inst.addOperand(MCOperand::createReg(Dest)); 2463 Inst.addOperand(MCOperand::createImm(Imm)); 2464 } 2465 2466 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2467 MCContext *Ctx) const override { 2468 2469 Inst.setOpcode(X86::LOCK_INC64m); 2470 Inst.clear(); 2471 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2472 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2473 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2474 2475 Inst.addOperand(MCOperand::createExpr( 2476 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2477 *Ctx))); // Displacement 2478 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2479 return true; 2480 } 2481 2482 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2483 const MCOperand &BaseReg, const MCOperand &Scale, 2484 const MCOperand &IndexReg, const MCOperand &Offset, 2485 const MCOperand &TmpReg) const override { 2486 // The code fragment we emit here is: 2487 // 2488 // mov32 (%base, %index, scale), %tmpreg 2489 // ijmp *(%tmpreg) 2490 // 2491 MCInst IJmp; 2492 IJmp.setOpcode(X86::JMP64r); 2493 IJmp.addOperand(TmpReg); 2494 2495 MCInst Load; 2496 Load.setOpcode(X86::MOV32rm); 2497 Load.addOperand(TmpReg); 2498 Load.addOperand(BaseReg); 2499 Load.addOperand(Scale); 2500 Load.addOperand(IndexReg); 2501 Load.addOperand(Offset); 2502 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2503 2504 Insts.push_back(Load); 2505 Insts.push_back(IJmp); 2506 return true; 2507 } 2508 2509 bool createNoop(MCInst &Inst) const override { 2510 Inst.setOpcode(X86::NOOP); 2511 return true; 2512 } 2513 2514 bool createReturn(MCInst &Inst) const override { 2515 Inst.setOpcode(X86::RET64); 2516 return true; 2517 } 2518 2519 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2520 InstructionListType Code; 2521 if (ReturnEnd) 2522 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2523 .addReg(X86::RAX) 2524 .addReg(X86::RDI) 2525 .addImm(1) 2526 .addReg(X86::RDX) 2527 .addImm(0) 2528 .addReg(X86::NoRegister)); 2529 else 2530 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2531 .addReg(X86::RAX) 2532 .addReg(X86::RDI)); 2533 2534 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2535 .addReg(X86::ECX) 2536 .addReg(X86::EDX)); 2537 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2538 2539 return Code; 2540 } 2541 2542 InstructionListType createOneByteMemcpy() const override { 2543 InstructionListType Code; 2544 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2545 .addReg(X86::CL) 2546 .addReg(X86::RSI) 2547 .addImm(0) 2548 .addReg(X86::NoRegister) 2549 .addImm(0) 2550 .addReg(X86::NoRegister)); 2551 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2552 .addReg(X86::RDI) 2553 .addImm(0) 2554 .addReg(X86::NoRegister) 2555 .addImm(0) 2556 .addReg(X86::NoRegister) 2557 .addReg(X86::CL)); 2558 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2559 .addReg(X86::RAX) 2560 .addReg(X86::RDI)); 2561 return Code; 2562 } 2563 2564 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2565 const MCSymbol *Target, 2566 MCContext *Ctx) const override { 2567 InstructionListType Code; 2568 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2569 .addReg(RegNo) 2570 .addImm(Imm)); 2571 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2572 .addExpr(MCSymbolRefExpr::create( 2573 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2574 .addImm(X86::COND_E)); 2575 return Code; 2576 } 2577 2578 Optional<Relocation> 2579 createRelocation(const MCFixup &Fixup, 2580 const MCAsmBackend &MAB) const override { 2581 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2582 2583 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2584 const uint64_t RelOffset = Fixup.getOffset(); 2585 2586 uint64_t RelType; 2587 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2588 switch (FKI.TargetSize) { 2589 default: 2590 return NoneType(); 2591 case 8: RelType = ELF::R_X86_64_PC8; break; 2592 case 16: RelType = ELF::R_X86_64_PC16; break; 2593 case 32: RelType = ELF::R_X86_64_PC32; break; 2594 case 64: RelType = ELF::R_X86_64_PC64; break; 2595 } 2596 } else { 2597 switch (FKI.TargetSize) { 2598 default: 2599 return NoneType(); 2600 case 8: RelType = ELF::R_X86_64_8; break; 2601 case 16: RelType = ELF::R_X86_64_16; break; 2602 case 32: RelType = ELF::R_X86_64_32; break; 2603 case 64: RelType = ELF::R_X86_64_64; break; 2604 } 2605 } 2606 2607 // Extract a symbol and an addend out of the fixup value expression. 2608 // 2609 // Only the following limited expression types are supported: 2610 // Symbol + Addend 2611 // Symbol 2612 uint64_t Addend = 0; 2613 MCSymbol *Symbol = nullptr; 2614 const MCExpr *ValueExpr = Fixup.getValue(); 2615 if (ValueExpr->getKind() == MCExpr::Binary) { 2616 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2617 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2618 "unexpected binary expression"); 2619 const MCExpr *LHS = BinaryExpr->getLHS(); 2620 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2621 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2622 const MCExpr *RHS = BinaryExpr->getRHS(); 2623 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2624 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2625 } else { 2626 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2627 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2628 } 2629 2630 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2631 } 2632 2633 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2634 int64_t Addend, MCContext *Ctx, int64_t &Value, 2635 uint64_t RelType) const override { 2636 unsigned ImmOpNo = -1U; 2637 2638 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2639 ++Index) { 2640 if (Inst.getOperand(Index).isImm()) { 2641 ImmOpNo = Index; 2642 // TODO: this is a bit hacky. It finds the correct operand by 2643 // searching for a specific immediate value. If no value is 2644 // provided it defaults to the last immediate operand found. 2645 // This could lead to unexpected results if the instruction 2646 // has more than one immediate with the same value. 2647 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2648 break; 2649 } 2650 } 2651 2652 if (ImmOpNo == -1U) 2653 return false; 2654 2655 Value = Inst.getOperand(ImmOpNo).getImm(); 2656 2657 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2658 2659 return true; 2660 } 2661 2662 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2663 int64_t Imm) const override { 2664 2665 enum CheckSignExt : uint8_t { 2666 NOCHECK = 0, 2667 CHECK8, 2668 CHECK32, 2669 }; 2670 2671 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2672 struct InstInfo { 2673 // Size in bytes that Inst loads from memory. 2674 uint8_t DataSize; 2675 2676 // True when the target operand has to be duplicated because the opcode 2677 // expects a LHS operand. 2678 bool HasLHS; 2679 2680 // List of checks and corresponding opcodes to be used. We try to use the 2681 // smallest possible immediate value when various sizes are available, 2682 // hence we may need to check whether a larger constant fits in a smaller 2683 // immediate. 2684 CheckList Checks; 2685 }; 2686 2687 InstInfo I; 2688 2689 switch (Inst.getOpcode()) { 2690 default: { 2691 switch (getPushSize(Inst)) { 2692 2693 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2694 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2695 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2696 {CHECK32, X86::PUSH64i32}, 2697 {NOCHECK, Inst.getOpcode()}}}; break; 2698 default: return false; 2699 } 2700 break; 2701 } 2702 2703 // MOV 2704 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2705 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2706 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2707 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2708 {NOCHECK, X86::MOV64ri}}}; break; 2709 2710 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2711 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2712 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2713 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2714 {NOCHECK, X86::MOV64mr}}}; break; 2715 2716 // MOVZX 2717 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2718 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2719 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2720 2721 // CMP 2722 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2723 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2724 {NOCHECK, X86::CMP16ri}}}; break; 2725 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2726 {NOCHECK, X86::CMP32ri}}}; break; 2727 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2728 {CHECK32, X86::CMP64ri32}, 2729 {NOCHECK, X86::CMP64rr}}}; break; 2730 2731 // TEST 2732 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2733 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2734 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2735 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2736 {NOCHECK, X86::TEST64rr}}}; break; 2737 2738 // ADD 2739 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2740 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2741 {NOCHECK, X86::ADD16ri}}}; break; 2742 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2743 {NOCHECK, X86::ADD32ri}}}; break; 2744 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2745 {CHECK32, X86::ADD64ri32}, 2746 {NOCHECK, X86::ADD64rr}}}; break; 2747 2748 // SUB 2749 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2750 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2751 {NOCHECK, X86::SUB16ri}}}; break; 2752 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2753 {NOCHECK, X86::SUB32ri}}}; break; 2754 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2755 {CHECK32, X86::SUB64ri32}, 2756 {NOCHECK, X86::SUB64rr}}}; break; 2757 2758 // AND 2759 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2760 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2761 {NOCHECK, X86::AND16ri}}}; break; 2762 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2763 {NOCHECK, X86::AND32ri}}}; break; 2764 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2765 {CHECK32, X86::AND64ri32}, 2766 {NOCHECK, X86::AND64rr}}}; break; 2767 2768 // OR 2769 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2770 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2771 {NOCHECK, X86::OR16ri}}}; break; 2772 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2773 {NOCHECK, X86::OR32ri}}}; break; 2774 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2775 {CHECK32, X86::OR64ri32}, 2776 {NOCHECK, X86::OR64rr}}}; break; 2777 2778 // XOR 2779 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2780 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2781 {NOCHECK, X86::XOR16ri}}}; break; 2782 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 2783 {NOCHECK, X86::XOR32ri}}}; break; 2784 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 2785 {CHECK32, X86::XOR64ri32}, 2786 {NOCHECK, X86::XOR64rr}}}; break; 2787 } 2788 2789 // Compute the new opcode. 2790 unsigned NewOpcode = 0; 2791 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 2792 NewOpcode = Check.second; 2793 if (Check.first == NOCHECK) 2794 break; 2795 if (Check.first == CHECK8 && isInt<8>(Imm)) 2796 break; 2797 if (Check.first == CHECK32 && isInt<32>(Imm)) 2798 break; 2799 } 2800 if (NewOpcode == Inst.getOpcode()) 2801 return false; 2802 2803 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2804 2805 unsigned NumFound = 0; 2806 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 2807 E = InstDesc.getNumOperands(); 2808 Index != E; ++Index) 2809 if (Inst.getOperand(Index).isReg() && 2810 Inst.getOperand(Index).getReg() == Register) 2811 NumFound++; 2812 2813 if (NumFound != 1) 2814 return false; 2815 2816 MCOperand TargetOp = Inst.getOperand(0); 2817 Inst.clear(); 2818 Inst.setOpcode(NewOpcode); 2819 Inst.addOperand(TargetOp); 2820 if (I.HasLHS) 2821 Inst.addOperand(TargetOp); 2822 Inst.addOperand(MCOperand::createImm(Imm)); 2823 2824 return true; 2825 } 2826 2827 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 2828 unsigned ReplaceWith) const override { 2829 2830 // Get the HasLHS value so that iteration can be done 2831 bool HasLHS; 2832 if (X86::isAND(Inst.getOpcode()) || X86::isADD(Inst.getOpcode()) || 2833 X86::isSUB(Inst.getOpcode())) { 2834 HasLHS = true; 2835 } else if (isPop(Inst) || isPush(Inst) || X86::isCMP(Inst.getOpcode()) || 2836 X86::isTEST(Inst.getOpcode())) { 2837 HasLHS = false; 2838 } else { 2839 switch (Inst.getOpcode()) { 2840 case X86::MOV8rr: 2841 case X86::MOV8rm: 2842 case X86::MOV8mr: 2843 case X86::MOV8ri: 2844 case X86::MOV16rr: 2845 case X86::MOV16rm: 2846 case X86::MOV16mr: 2847 case X86::MOV16ri: 2848 case X86::MOV32rr: 2849 case X86::MOV32rm: 2850 case X86::MOV32mr: 2851 case X86::MOV32ri: 2852 case X86::MOV64rr: 2853 case X86::MOV64rm: 2854 case X86::MOV64mr: 2855 case X86::MOV64ri: 2856 case X86::MOVZX16rr8: 2857 case X86::MOVZX32rr8: 2858 case X86::MOVZX32rr16: 2859 case X86::MOVSX32rm8: 2860 case X86::MOVSX32rr8: 2861 case X86::MOVSX64rm32: 2862 case X86::LEA64r: 2863 HasLHS = false; 2864 break; 2865 default: 2866 return false; 2867 } 2868 } 2869 2870 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2871 2872 bool FoundOne = false; 2873 2874 // Iterate only through src operands that arent also dest operands 2875 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 2876 E = InstDesc.getNumOperands(); 2877 Index != E; ++Index) { 2878 BitVector RegAliases = getAliases(ToReplace, true); 2879 if (!Inst.getOperand(Index).isReg() || 2880 !RegAliases.test(Inst.getOperand(Index).getReg())) 2881 continue; 2882 // Resize register if needed 2883 unsigned SizedReplaceWith = getAliasSized( 2884 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 2885 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 2886 Inst.getOperand(Index) = NewOperand; 2887 FoundOne = true; 2888 } 2889 2890 // Return true if at least one operand was replaced 2891 return FoundOne; 2892 } 2893 2894 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 2895 MCContext *Ctx) const override { 2896 Inst.setOpcode(X86::JMP_1); 2897 Inst.addOperand(MCOperand::createExpr( 2898 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 2899 return true; 2900 } 2901 2902 bool createCall(MCInst &Inst, const MCSymbol *Target, 2903 MCContext *Ctx) override { 2904 Inst.setOpcode(X86::CALL64pcrel32); 2905 Inst.addOperand(MCOperand::createExpr( 2906 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2907 return true; 2908 } 2909 2910 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 2911 MCContext *Ctx) override { 2912 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 2913 } 2914 2915 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 2916 MCContext *Ctx) override { 2917 Seq.clear(); 2918 Seq.emplace_back(); 2919 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 2920 } 2921 2922 bool createTrap(MCInst &Inst) const override { 2923 Inst.clear(); 2924 Inst.setOpcode(X86::TRAP); 2925 return true; 2926 } 2927 2928 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 2929 MCContext *Ctx) const override { 2930 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 2931 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 2932 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 2933 Inst.getOperand(0) = MCOperand::createExpr( 2934 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2935 return true; 2936 } 2937 2938 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 2939 unsigned CC) const override { 2940 if (CC == X86::COND_INVALID) 2941 return false; 2942 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 2943 Inst.getOperand(0) = MCOperand::createExpr( 2944 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2945 return true; 2946 } 2947 2948 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 2949 switch (CC) { 2950 default: return X86::COND_INVALID; 2951 2952 case X86::COND_E: return X86::COND_E; 2953 case X86::COND_NE: return X86::COND_E; 2954 2955 case X86::COND_L: return X86::COND_L; 2956 case X86::COND_GE: return X86::COND_L; 2957 2958 case X86::COND_LE: return X86::COND_G; 2959 case X86::COND_G: return X86::COND_G; 2960 2961 case X86::COND_B: return X86::COND_B; 2962 case X86::COND_AE: return X86::COND_B; 2963 2964 case X86::COND_BE: return X86::COND_A; 2965 case X86::COND_A: return X86::COND_A; 2966 2967 case X86::COND_S: return X86::COND_S; 2968 case X86::COND_NS: return X86::COND_S; 2969 2970 case X86::COND_P: return X86::COND_P; 2971 case X86::COND_NP: return X86::COND_P; 2972 2973 case X86::COND_O: return X86::COND_O; 2974 case X86::COND_NO: return X86::COND_O; 2975 } 2976 } 2977 2978 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 2979 MCContext *Ctx) const override { 2980 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 2981 "Invalid instruction"); 2982 Inst.getOperand(0) = MCOperand::createExpr( 2983 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2984 return true; 2985 } 2986 2987 MCPhysReg getX86R11() const override { return X86::R11; } 2988 2989 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 2990 // FIXME: this should depend on the calling convention. 2991 switch (ArgNo) { 2992 case 0: return X86::RDI; 2993 case 1: return X86::RSI; 2994 case 2: return X86::RDX; 2995 case 3: return X86::RCX; 2996 case 4: return X86::R8; 2997 case 5: return X86::R9; 2998 default: return getNoRegister(); 2999 } 3000 } 3001 3002 void createPause(MCInst &Inst) const override { 3003 Inst.clear(); 3004 Inst.setOpcode(X86::PAUSE); 3005 } 3006 3007 void createLfence(MCInst &Inst) const override { 3008 Inst.clear(); 3009 Inst.setOpcode(X86::LFENCE); 3010 } 3011 3012 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3013 bool IsTailCall) override { 3014 Inst.clear(); 3015 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3016 Inst.addOperand(MCOperand::createExpr( 3017 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3018 if (IsTailCall) 3019 setTailCall(Inst); 3020 return true; 3021 } 3022 3023 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3024 MCContext *Ctx, bool IsTailCall) override { 3025 Seq.clear(); 3026 MCInst Inst; 3027 Inst.setOpcode(X86::JMP_1); 3028 Inst.addOperand(MCOperand::createExpr( 3029 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3030 if (IsTailCall) 3031 setTailCall(Inst); 3032 Seq.emplace_back(Inst); 3033 } 3034 3035 bool isConditionalMove(const MCInst &Inst) const override { 3036 unsigned OpCode = Inst.getOpcode(); 3037 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3038 OpCode == X86::CMOV64rr); 3039 } 3040 3041 bool isBranchOnMem(const MCInst &Inst) const override { 3042 unsigned OpCode = Inst.getOpcode(); 3043 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3044 OpCode == X86::JMP64m) 3045 return true; 3046 3047 return false; 3048 } 3049 3050 bool isBranchOnReg(const MCInst &Inst) const override { 3051 unsigned OpCode = Inst.getOpcode(); 3052 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3053 OpCode == X86::JMP64r) 3054 return true; 3055 3056 return false; 3057 } 3058 3059 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3060 unsigned Size) const override { 3061 Inst.clear(); 3062 unsigned NewOpcode = 0; 3063 if (Reg == X86::EFLAGS) { 3064 switch (Size) { 3065 case 2: NewOpcode = X86::PUSHF16; break; 3066 case 4: NewOpcode = X86::PUSHF32; break; 3067 case 8: NewOpcode = X86::PUSHF64; break; 3068 default: 3069 llvm_unreachable("Unexpected size"); 3070 } 3071 Inst.setOpcode(NewOpcode); 3072 return; 3073 } 3074 switch (Size) { 3075 case 2: NewOpcode = X86::PUSH16r; break; 3076 case 4: NewOpcode = X86::PUSH32r; break; 3077 case 8: NewOpcode = X86::PUSH64r; break; 3078 default: 3079 llvm_unreachable("Unexpected size"); 3080 } 3081 Inst.setOpcode(NewOpcode); 3082 Inst.addOperand(MCOperand::createReg(Reg)); 3083 } 3084 3085 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3086 unsigned Size) const override { 3087 Inst.clear(); 3088 unsigned NewOpcode = 0; 3089 if (Reg == X86::EFLAGS) { 3090 switch (Size) { 3091 case 2: NewOpcode = X86::POPF16; break; 3092 case 4: NewOpcode = X86::POPF32; break; 3093 case 8: NewOpcode = X86::POPF64; break; 3094 default: 3095 llvm_unreachable("Unexpected size"); 3096 } 3097 Inst.setOpcode(NewOpcode); 3098 return; 3099 } 3100 switch (Size) { 3101 case 2: NewOpcode = X86::POP16r; break; 3102 case 4: NewOpcode = X86::POP32r; break; 3103 case 8: NewOpcode = X86::POP64r; break; 3104 default: 3105 llvm_unreachable("Unexpected size"); 3106 } 3107 Inst.setOpcode(NewOpcode); 3108 Inst.addOperand(MCOperand::createReg(Reg)); 3109 } 3110 3111 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3112 return createPushRegister(Inst, X86::EFLAGS, Size); 3113 } 3114 3115 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3116 return createPopRegister(Inst, X86::EFLAGS, Size); 3117 } 3118 3119 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3120 unsigned Size) const { 3121 unsigned int Opcode; 3122 switch (Size) { 3123 case 1: Opcode = X86::ADD8ri; break; 3124 case 2: Opcode = X86::ADD16ri; break; 3125 case 4: Opcode = X86::ADD32ri; break; 3126 default: 3127 llvm_unreachable("Unexpected size"); 3128 } 3129 Inst.setOpcode(Opcode); 3130 Inst.clear(); 3131 Inst.addOperand(MCOperand::createReg(Reg)); 3132 Inst.addOperand(MCOperand::createReg(Reg)); 3133 Inst.addOperand(MCOperand::createImm(Value)); 3134 } 3135 3136 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3137 unsigned Size) const { 3138 unsigned int Opcode; 3139 switch (Size) { 3140 case 1: Opcode = X86::MOV8ri; break; 3141 case 2: Opcode = X86::MOV16ri; break; 3142 case 4: Opcode = X86::MOV32ri; break; 3143 case 8: Opcode = X86::MOV64ri; break; 3144 default: 3145 llvm_unreachable("Unexpected size"); 3146 } 3147 Inst.setOpcode(Opcode); 3148 Inst.clear(); 3149 Inst.addOperand(MCOperand::createReg(Reg)); 3150 Inst.addOperand(MCOperand::createImm(0)); 3151 } 3152 3153 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3154 Inst.setOpcode(X86::SETCCr); 3155 Inst.clear(); 3156 Inst.addOperand(MCOperand::createReg(Reg)); 3157 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3158 } 3159 3160 void createX86Lahf(MCInst &Inst) const { 3161 Inst.setOpcode(X86::LAHF); 3162 Inst.clear(); 3163 } 3164 3165 void createX86Sahf(MCInst &Inst) const { 3166 Inst.setOpcode(X86::SAHF); 3167 Inst.clear(); 3168 } 3169 3170 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3171 MCContext *Ctx, bool IsLeaf) const override { 3172 unsigned int I = 0; 3173 3174 Instrs.resize(IsLeaf ? 13 : 11); 3175 // Don't clobber application red zone (ABI dependent) 3176 if (IsLeaf) 3177 createStackPointerIncrement(Instrs[I++], 128, 3178 /*NoFlagsClobber=*/true); 3179 3180 // Performance improvements based on the optimization discussed at 3181 // https://reviews.llvm.org/D6629 3182 // LAHF/SAHF are used instead of PUSHF/POPF 3183 // PUSHF 3184 createPushRegister(Instrs[I++], X86::RAX, 8); 3185 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3186 createX86Lahf(Instrs[I++]); 3187 createPushRegister(Instrs[I++], X86::RAX, 8); 3188 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3189 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3190 // LOCK INC 3191 createIncMemory(Instrs[I++], Target, Ctx); 3192 // POPF 3193 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3194 createPopRegister(Instrs[I++], X86::RAX, 8); 3195 createX86Sahf(Instrs[I++]); 3196 createPopRegister(Instrs[I++], X86::RAX, 8); 3197 3198 if (IsLeaf) 3199 createStackPointerDecrement(Instrs[I], 128, 3200 /*NoFlagsClobber=*/true); 3201 } 3202 3203 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3204 int64_t Disp) const { 3205 Inst.setOpcode(X86::XCHG64rm); 3206 Inst.addOperand(MCOperand::createReg(Source)); 3207 Inst.addOperand(MCOperand::createReg(Source)); 3208 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3209 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3210 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3211 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3212 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3213 } 3214 3215 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3216 int64_t Disp) const { 3217 Inst.setOpcode(X86::JMP64m); 3218 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3219 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3220 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3221 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3222 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3223 } 3224 3225 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3226 bool TailCall, 3227 MCSymbol *HandlerFuncAddr, 3228 int CallSiteID, 3229 MCContext *Ctx) override { 3230 // Check if the target address expression used in the original indirect call 3231 // uses the stack pointer, which we are going to clobber. 3232 static BitVector SPAliases(getAliases(X86::RSP)); 3233 bool UsesSP = false; 3234 // Skip defs. 3235 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3236 E = MCPlus::getNumPrimeOperands(CallInst); 3237 I != E; ++I) { 3238 const MCOperand &Operand = CallInst.getOperand(I); 3239 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3240 UsesSP = true; 3241 break; 3242 } 3243 } 3244 3245 InstructionListType Insts; 3246 MCPhysReg TempReg = getIntArgRegister(0); 3247 // Code sequence used to enter indirect call instrumentation helper: 3248 // push %rdi 3249 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3250 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3251 // sub $8, %rsp ;; restore correct stack value 3252 // push %rdi 3253 // movq $CallSiteID, %rdi 3254 // push %rdi 3255 // callq/jmp HandlerFuncAddr 3256 Insts.emplace_back(); 3257 createPushRegister(Insts.back(), TempReg, 8); 3258 if (UsesSP) { // Only adjust SP if we really need to 3259 Insts.emplace_back(); 3260 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3261 } 3262 Insts.emplace_back(CallInst); 3263 // Insts.back() and CallInst now share the same annotation instruction. 3264 // Strip it from Insts.back(), only preserving tail call annotation. 3265 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3266 convertIndirectCallToLoad(Insts.back(), TempReg); 3267 if (UsesSP) { 3268 Insts.emplace_back(); 3269 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3270 } 3271 Insts.emplace_back(); 3272 createPushRegister(Insts.back(), TempReg, 8); 3273 Insts.emplace_back(); 3274 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3275 Insts.emplace_back(); 3276 createPushRegister(Insts.back(), TempReg, 8); 3277 Insts.emplace_back(); 3278 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3279 /*TailCall=*/TailCall); 3280 // Carry over metadata 3281 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3282 E = CallInst.getNumOperands(); 3283 I != E; ++I) 3284 Insts.back().addOperand(CallInst.getOperand(I)); 3285 3286 return Insts; 3287 } 3288 3289 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3290 const MCPhysReg TempReg = getIntArgRegister(0); 3291 // We just need to undo the sequence created for every ind call in 3292 // instrumentIndirectTarget(), which can be accomplished minimally with: 3293 // popfq 3294 // pop %rdi 3295 // add $16, %rsp 3296 // xchg (%rsp), %rdi 3297 // jmp *-8(%rsp) 3298 InstructionListType Insts(5); 3299 createPopFlags(Insts[0], 8); 3300 createPopRegister(Insts[1], TempReg, 8); 3301 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3302 createSwap(Insts[3], TempReg, X86::RSP, 0); 3303 createIndirectBranch(Insts[4], X86::RSP, -8); 3304 return Insts; 3305 } 3306 3307 InstructionListType 3308 createInstrumentedIndTailCallHandlerExitBB() const override { 3309 const MCPhysReg TempReg = getIntArgRegister(0); 3310 // Same thing as above, but for tail calls 3311 // popfq 3312 // add $16, %rsp 3313 // pop %rdi 3314 // jmp *-16(%rsp) 3315 InstructionListType Insts(4); 3316 createPopFlags(Insts[0], 8); 3317 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3318 createPopRegister(Insts[2], TempReg, 8); 3319 createIndirectBranch(Insts[3], X86::RSP, -16); 3320 return Insts; 3321 } 3322 3323 InstructionListType 3324 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3325 const MCSymbol *IndCallHandler, 3326 MCContext *Ctx) override { 3327 const MCPhysReg TempReg = getIntArgRegister(0); 3328 // Code sequence used to check whether InstrTampoline was initialized 3329 // and call it if so, returns via IndCallHandler. 3330 // pushfq 3331 // mov InstrTrampoline,%rdi 3332 // cmp $0x0,%rdi 3333 // je IndCallHandler 3334 // callq *%rdi 3335 // jmpq IndCallHandler 3336 InstructionListType Insts; 3337 Insts.emplace_back(); 3338 createPushFlags(Insts.back(), 8); 3339 Insts.emplace_back(); 3340 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3341 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3342 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3343 Insts.emplace_back(); 3344 Insts.back().setOpcode(X86::CALL64r); 3345 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3346 Insts.emplace_back(); 3347 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3348 return Insts; 3349 } 3350 3351 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3352 InstructionListType Insts(2); 3353 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3354 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3355 createReturn(Insts[1]); 3356 return Insts; 3357 } 3358 3359 InstructionListType 3360 createInstrLocationsGetter(MCContext *Ctx) const override { 3361 InstructionListType Insts(2); 3362 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3363 createLea(Insts[0], Locs, X86::EAX, Ctx); 3364 createReturn(Insts[1]); 3365 return Insts; 3366 } 3367 3368 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3369 InstructionListType Insts(2); 3370 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3371 createLea(Insts[0], Locs, X86::EAX, Ctx); 3372 createReturn(Insts[1]); 3373 return Insts; 3374 } 3375 3376 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3377 InstructionListType Insts(2); 3378 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3379 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3380 createReturn(Insts[1]); 3381 return Insts; 3382 } 3383 3384 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3385 MCContext *Ctx) const override { 3386 InstructionListType Insts(1); 3387 createUncondBranch(Insts[0], TgtSym, Ctx); 3388 return Insts; 3389 } 3390 3391 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3392 InstructionListType Insts(1); 3393 createReturn(Insts[0]); 3394 return Insts; 3395 } 3396 3397 BlocksVectorTy indirectCallPromotion( 3398 const MCInst &CallInst, 3399 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3400 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3401 const std::vector<MCInst *> &MethodFetchInsns, 3402 const bool MinimizeCodeSize, MCContext *Ctx) override { 3403 const bool IsTailCall = isTailCall(CallInst); 3404 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3405 BlocksVectorTy Results; 3406 3407 // Label for the current code block. 3408 MCSymbol *NextTarget = nullptr; 3409 3410 // The join block which contains all the instructions following CallInst. 3411 // MergeBlock remains null if CallInst is a tail call. 3412 MCSymbol *MergeBlock = nullptr; 3413 3414 unsigned FuncAddrReg = X86::R10; 3415 3416 const bool LoadElim = !VtableSyms.empty(); 3417 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3418 "There must be a vtable entry for every method " 3419 "in the targets vector."); 3420 3421 if (MinimizeCodeSize && !LoadElim) { 3422 std::set<unsigned> UsedRegs; 3423 3424 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3425 const MCOperand &Op = CallInst.getOperand(I); 3426 if (Op.isReg()) 3427 UsedRegs.insert(Op.getReg()); 3428 } 3429 3430 if (UsedRegs.count(X86::R10) == 0) 3431 FuncAddrReg = X86::R10; 3432 else if (UsedRegs.count(X86::R11) == 0) 3433 FuncAddrReg = X86::R11; 3434 else 3435 return Results; 3436 } 3437 3438 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3439 assert(MergeBlock); 3440 NewCall.push_back(CallInst); 3441 MCInst &Merge = NewCall.back(); 3442 Merge.clear(); 3443 createUncondBranch(Merge, MergeBlock, Ctx); 3444 }; 3445 3446 for (unsigned int i = 0; i < Targets.size(); ++i) { 3447 Results.emplace_back(NextTarget, InstructionListType()); 3448 InstructionListType *NewCall = &Results.back().second; 3449 3450 if (MinimizeCodeSize && !LoadElim) { 3451 // Load the call target into FuncAddrReg. 3452 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3453 MCInst &Target = NewCall->back(); 3454 Target.clear(); 3455 Target.setOpcode(X86::MOV64ri32); 3456 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3457 if (Targets[i].first) { 3458 // Is this OK? 3459 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3460 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3461 } else { 3462 const uint64_t Addr = Targets[i].second; 3463 // Immediate address is out of sign extended 32 bit range. 3464 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3465 return BlocksVectorTy(); 3466 3467 Target.addOperand(MCOperand::createImm(Addr)); 3468 } 3469 3470 // Compare current call target to a specific address. 3471 NewCall->push_back(CallInst); 3472 MCInst &Compare = NewCall->back(); 3473 Compare.clear(); 3474 if (isBranchOnReg(CallInst)) 3475 Compare.setOpcode(X86::CMP64rr); 3476 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3477 Compare.setOpcode(X86::CMP64ri32); 3478 else 3479 Compare.setOpcode(X86::CMP64rm); 3480 3481 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3482 3483 // TODO: Would be preferable to only load this value once. 3484 for (unsigned i = 0; 3485 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3486 if (!CallInst.getOperand(i).isInst()) 3487 Compare.addOperand(CallInst.getOperand(i)); 3488 } else { 3489 // Compare current call target to a specific address. 3490 NewCall->push_back(CallInst); 3491 MCInst &Compare = NewCall->back(); 3492 Compare.clear(); 3493 if (isBranchOnReg(CallInst)) 3494 Compare.setOpcode(X86::CMP64ri32); 3495 else 3496 Compare.setOpcode(X86::CMP64mi32); 3497 3498 // Original call address. 3499 for (unsigned i = 0; 3500 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3501 if (!CallInst.getOperand(i).isInst()) 3502 Compare.addOperand(CallInst.getOperand(i)); 3503 3504 // Target address. 3505 if (Targets[i].first || LoadElim) { 3506 const MCSymbol *Sym = 3507 LoadElim ? VtableSyms[i].first : Targets[i].first; 3508 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3509 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3510 if (Addend) 3511 Expr = MCBinaryExpr::createAdd( 3512 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3513 Compare.addOperand(MCOperand::createExpr(Expr)); 3514 } else { 3515 const uint64_t Addr = Targets[i].second; 3516 // Immediate address is out of sign extended 32 bit range. 3517 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3518 return BlocksVectorTy(); 3519 3520 Compare.addOperand(MCOperand::createImm(Addr)); 3521 } 3522 } 3523 3524 // jump to next target compare. 3525 NextTarget = 3526 Ctx->createNamedTempSymbol(); // generate label for the next block 3527 NewCall->push_back(CallInst); 3528 3529 if (IsJumpTable) { 3530 MCInst &Je = NewCall->back(); 3531 3532 // Jump to next compare if target addresses don't match. 3533 Je.clear(); 3534 Je.setOpcode(X86::JCC_1); 3535 if (Targets[i].first) 3536 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3537 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3538 else 3539 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3540 3541 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3542 assert(!isInvoke(CallInst)); 3543 } else { 3544 MCInst &Jne = NewCall->back(); 3545 3546 // Jump to next compare if target addresses don't match. 3547 Jne.clear(); 3548 Jne.setOpcode(X86::JCC_1); 3549 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3550 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3551 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3552 3553 // Call specific target directly. 3554 Results.emplace_back(Ctx->createNamedTempSymbol(), 3555 InstructionListType()); 3556 NewCall = &Results.back().second; 3557 NewCall->push_back(CallInst); 3558 MCInst &CallOrJmp = NewCall->back(); 3559 3560 CallOrJmp.clear(); 3561 3562 if (MinimizeCodeSize && !LoadElim) { 3563 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3564 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3565 } else { 3566 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3567 3568 if (Targets[i].first) 3569 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3570 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3571 else 3572 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3573 } 3574 if (IsTailCall) 3575 setTailCall(CallOrJmp); 3576 3577 if (CallOrJmp.getOpcode() == X86::CALL64r || 3578 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3579 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3580 // Annotated as duplicated call 3581 setOffset(CallOrJmp, *Offset); 3582 } 3583 3584 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3585 // Copy over any EH or GNU args size information from the original 3586 // call. 3587 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3588 if (EHInfo) 3589 addEHInfo(CallOrJmp, *EHInfo); 3590 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3591 if (GnuArgsSize >= 0) 3592 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3593 } 3594 3595 if (!IsTailCall) { 3596 // The fallthrough block for the most common target should be 3597 // the merge block. 3598 if (i == 0) { 3599 // Fallthrough to merge block. 3600 MergeBlock = Ctx->createNamedTempSymbol(); 3601 } else { 3602 // Insert jump to the merge block if we are not doing a fallthrough. 3603 jumpToMergeBlock(*NewCall); 3604 } 3605 } 3606 } 3607 } 3608 3609 // Cold call block. 3610 Results.emplace_back(NextTarget, InstructionListType()); 3611 InstructionListType &NewCall = Results.back().second; 3612 for (const MCInst *Inst : MethodFetchInsns) 3613 if (Inst != &CallInst) 3614 NewCall.push_back(*Inst); 3615 NewCall.push_back(CallInst); 3616 3617 // Jump to merge block from cold call block 3618 if (!IsTailCall && !IsJumpTable) { 3619 jumpToMergeBlock(NewCall); 3620 3621 // Record merge block 3622 Results.emplace_back(MergeBlock, InstructionListType()); 3623 } 3624 3625 return Results; 3626 } 3627 3628 BlocksVectorTy jumpTablePromotion( 3629 const MCInst &IJmpInst, 3630 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3631 const std::vector<MCInst *> &TargetFetchInsns, 3632 MCContext *Ctx) const override { 3633 assert(getJumpTable(IJmpInst) != 0); 3634 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3635 if (IndexReg == 0) 3636 return BlocksVectorTy(); 3637 3638 BlocksVectorTy Results; 3639 3640 // Label for the current code block. 3641 MCSymbol *NextTarget = nullptr; 3642 3643 for (unsigned int i = 0; i < Targets.size(); ++i) { 3644 Results.emplace_back(NextTarget, InstructionListType()); 3645 InstructionListType *CurBB = &Results.back().second; 3646 3647 // Compare current index to a specific index. 3648 CurBB->emplace_back(MCInst()); 3649 MCInst &CompareInst = CurBB->back(); 3650 CompareInst.setLoc(IJmpInst.getLoc()); 3651 CompareInst.setOpcode(X86::CMP64ri32); 3652 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3653 3654 const uint64_t CaseIdx = Targets[i].second; 3655 // Immediate address is out of sign extended 32 bit range. 3656 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3657 return BlocksVectorTy(); 3658 3659 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3660 shortenInstruction(CompareInst, *Ctx->getSubtargetInfo()); 3661 3662 // jump to next target compare. 3663 NextTarget = 3664 Ctx->createNamedTempSymbol(); // generate label for the next block 3665 CurBB->push_back(MCInst()); 3666 3667 MCInst &JEInst = CurBB->back(); 3668 JEInst.setLoc(IJmpInst.getLoc()); 3669 3670 // Jump to target if indices match 3671 JEInst.setOpcode(X86::JCC_1); 3672 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3673 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3674 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3675 } 3676 3677 // Cold call block. 3678 Results.emplace_back(NextTarget, InstructionListType()); 3679 InstructionListType &CurBB = Results.back().second; 3680 for (const MCInst *Inst : TargetFetchInsns) 3681 if (Inst != &IJmpInst) 3682 CurBB.push_back(*Inst); 3683 3684 CurBB.push_back(IJmpInst); 3685 3686 return Results; 3687 } 3688 3689 private: 3690 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3691 MCContext *Ctx) const { 3692 Inst.setOpcode(X86::MOV64rm); 3693 Inst.addOperand(MCOperand::createReg(Reg)); 3694 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3695 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3696 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3697 Inst.addOperand(MCOperand::createExpr( 3698 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3699 *Ctx))); // Displacement 3700 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3701 3702 return true; 3703 } 3704 3705 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3706 MCContext *Ctx) const { 3707 Inst.setOpcode(X86::LEA64r); 3708 Inst.addOperand(MCOperand::createReg(Reg)); 3709 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3710 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3711 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3712 Inst.addOperand(MCOperand::createExpr( 3713 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3714 *Ctx))); // Displacement 3715 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3716 return true; 3717 } 3718 }; 3719 3720 } // namespace 3721 3722 namespace llvm { 3723 namespace bolt { 3724 3725 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3726 const MCInstrInfo *Info, 3727 const MCRegisterInfo *RegInfo) { 3728 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3729 } 3730 3731 } // namespace bolt 3732 } // namespace llvm 3733