1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "bolt/Core/MCPlus.h" 17 #include "bolt/Core/MCPlusBuilder.h" 18 #include "llvm/BinaryFormat/ELF.h" 19 #include "llvm/MC/MCContext.h" 20 #include "llvm/MC/MCFixupKindInfo.h" 21 #include "llvm/MC/MCInst.h" 22 #include "llvm/MC/MCInstBuilder.h" 23 #include "llvm/MC/MCInstrInfo.h" 24 #include "llvm/MC/MCRegister.h" 25 #include "llvm/MC/MCRegisterInfo.h" 26 #include "llvm/Support/CommandLine.h" 27 #include "llvm/Support/DataExtractor.h" 28 #include "llvm/Support/Debug.h" 29 #include "llvm/Support/Errc.h" 30 #include "llvm/Support/ErrorHandling.h" 31 #include "llvm/Support/ErrorOr.h" 32 #include <set> 33 34 #define DEBUG_TYPE "mcplus" 35 36 using namespace llvm; 37 using namespace bolt; 38 39 namespace opts { 40 41 extern cl::OptionCategory BoltOptCategory; 42 43 static cl::opt<bool> X86StripRedundantAddressSize( 44 "x86-strip-redundant-address-size", 45 cl::desc("Remove redundant Address-Size override prefix"), cl::init(true), 46 cl::ZeroOrMore, cl::cat(BoltOptCategory)); 47 48 } // namespace opts 49 50 namespace { 51 52 unsigned getShortBranchOpcode(unsigned Opcode) { 53 switch (Opcode) { 54 default: 55 return Opcode; 56 case X86::JMP_2: return X86::JMP_1; 57 case X86::JMP_4: return X86::JMP_1; 58 case X86::JCC_2: return X86::JCC_1; 59 case X86::JCC_4: return X86::JCC_1; 60 } 61 } 62 63 unsigned getShortArithOpcode(unsigned Opcode) { 64 return X86::getShortOpcodeArith(Opcode); 65 } 66 67 bool isMOVSX64rm32(const MCInst &Inst) { 68 return Inst.getOpcode() == X86::MOVSX64rm32; 69 } 70 71 bool isADD64rr(const MCInst &Inst) { return Inst.getOpcode() == X86::ADD64rr; } 72 73 bool isADDri(const MCInst &Inst) { 74 return Inst.getOpcode() == X86::ADD64ri32 || 75 Inst.getOpcode() == X86::ADD64ri8; 76 } 77 78 class X86MCPlusBuilder : public MCPlusBuilder { 79 public: 80 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 81 const MCRegisterInfo *RegInfo) 82 : MCPlusBuilder(Analysis, Info, RegInfo) {} 83 84 bool isBranch(const MCInst &Inst) const override { 85 return Analysis->isBranch(Inst) && !isTailCall(Inst); 86 } 87 88 bool isNoop(const MCInst &Inst) const override { 89 return X86::isNOP(Inst.getOpcode()); 90 } 91 92 unsigned getCondCode(const MCInst &Inst) const override { 93 unsigned Opcode = Inst.getOpcode(); 94 if (X86::isJCC(Opcode)) 95 return Inst.getOperand(Info->get(Opcode).NumOperands - 1).getImm(); 96 return X86::COND_INVALID; 97 } 98 99 unsigned getInvertedCondCode(unsigned CC) const override { 100 switch (CC) { 101 default: return X86::COND_INVALID; 102 case X86::COND_E: return X86::COND_NE; 103 case X86::COND_NE: return X86::COND_E; 104 case X86::COND_L: return X86::COND_GE; 105 case X86::COND_LE: return X86::COND_G; 106 case X86::COND_G: return X86::COND_LE; 107 case X86::COND_GE: return X86::COND_L; 108 case X86::COND_B: return X86::COND_AE; 109 case X86::COND_BE: return X86::COND_A; 110 case X86::COND_A: return X86::COND_BE; 111 case X86::COND_AE: return X86::COND_B; 112 case X86::COND_S: return X86::COND_NS; 113 case X86::COND_NS: return X86::COND_S; 114 case X86::COND_P: return X86::COND_NP; 115 case X86::COND_NP: return X86::COND_P; 116 case X86::COND_O: return X86::COND_NO; 117 case X86::COND_NO: return X86::COND_O; 118 } 119 } 120 121 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 122 enum DecodedCondCode : uint8_t { 123 DCC_EQUAL = 0x1, 124 DCC_GREATER = 0x2, 125 DCC_LESSER = 0x4, 126 DCC_GREATER_OR_LESSER = 0x6, 127 DCC_UNSIGNED = 0x8, 128 DCC_SIGNED = 0x10, 129 DCC_INVALID = 0x20, 130 }; 131 132 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 133 switch (CC) { 134 default: return DCC_INVALID; 135 case X86::COND_E: return DCC_EQUAL; 136 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 137 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 138 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 139 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 140 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 141 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 142 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 143 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 144 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 145 } 146 }; 147 148 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 149 150 if (DCC & DCC_INVALID) 151 return X86::COND_INVALID; 152 153 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 154 return X86::COND_INVALID; 155 156 switch (DCC) { 157 default: return X86::COND_INVALID; 158 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 159 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 160 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 161 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 162 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 163 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 164 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 165 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 166 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 167 case DCC_EQUAL: return X86::COND_E; 168 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 169 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 170 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 171 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 172 } 173 } 174 175 bool isValidCondCode(unsigned CC) const override { 176 return (CC != X86::COND_INVALID); 177 } 178 179 bool isBreakpoint(const MCInst &Inst) const override { 180 return Inst.getOpcode() == X86::INT3; 181 } 182 183 bool isPrefix(const MCInst &Inst) const override { 184 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 185 return X86II::isPrefix(Desc.TSFlags); 186 } 187 188 bool isRep(const MCInst &Inst) const override { 189 return Inst.getFlags() == X86::IP_HAS_REPEAT; 190 } 191 192 bool deleteREPPrefix(MCInst &Inst) const override { 193 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 194 Inst.setFlags(0); 195 return true; 196 } 197 return false; 198 } 199 200 // FIXME: For compatibility with old LLVM only! 201 bool isTerminator(const MCInst &Inst) const override { 202 unsigned Opcode = Inst.getOpcode(); 203 return Info->get(Opcode).isTerminator() || X86::isUD1(Opcode) || 204 X86::isUD2(Opcode); 205 } 206 207 bool isIndirectCall(const MCInst &Inst) const override { 208 return isCall(Inst) && 209 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 210 } 211 212 bool isPop(const MCInst &Inst) const override { 213 return getPopSize(Inst) == 0 ? false : true; 214 } 215 216 bool isTerminateBranch(const MCInst &Inst) const override { 217 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 218 } 219 220 int getPopSize(const MCInst &Inst) const override { 221 switch (Inst.getOpcode()) { 222 case X86::POP16r: 223 case X86::POP16rmm: 224 case X86::POP16rmr: 225 case X86::POPF16: 226 case X86::POPA16: 227 case X86::POPDS16: 228 case X86::POPES16: 229 case X86::POPFS16: 230 case X86::POPGS16: 231 case X86::POPSS16: 232 return 2; 233 case X86::POP32r: 234 case X86::POP32rmm: 235 case X86::POP32rmr: 236 case X86::POPA32: 237 case X86::POPDS32: 238 case X86::POPES32: 239 case X86::POPF32: 240 case X86::POPFS32: 241 case X86::POPGS32: 242 case X86::POPSS32: 243 return 4; 244 case X86::POP64r: 245 case X86::POP64rmm: 246 case X86::POP64rmr: 247 case X86::POPF64: 248 case X86::POPFS64: 249 case X86::POPGS64: 250 return 8; 251 } 252 return 0; 253 } 254 255 bool isPush(const MCInst &Inst) const override { 256 return getPushSize(Inst) == 0 ? false : true; 257 } 258 259 int getPushSize(const MCInst &Inst) const override { 260 switch (Inst.getOpcode()) { 261 case X86::PUSH16i8: 262 case X86::PUSH16r: 263 case X86::PUSH16rmm: 264 case X86::PUSH16rmr: 265 case X86::PUSHA16: 266 case X86::PUSHCS16: 267 case X86::PUSHDS16: 268 case X86::PUSHES16: 269 case X86::PUSHF16: 270 case X86::PUSHFS16: 271 case X86::PUSHGS16: 272 case X86::PUSHSS16: 273 case X86::PUSHi16: 274 return 2; 275 case X86::PUSH32i8: 276 case X86::PUSH32r: 277 case X86::PUSH32rmm: 278 case X86::PUSH32rmr: 279 case X86::PUSHA32: 280 case X86::PUSHCS32: 281 case X86::PUSHDS32: 282 case X86::PUSHES32: 283 case X86::PUSHF32: 284 case X86::PUSHFS32: 285 case X86::PUSHGS32: 286 case X86::PUSHSS32: 287 case X86::PUSHi32: 288 return 4; 289 case X86::PUSH64i32: 290 case X86::PUSH64i8: 291 case X86::PUSH64r: 292 case X86::PUSH64rmm: 293 case X86::PUSH64rmr: 294 case X86::PUSHF64: 295 case X86::PUSHFS64: 296 case X86::PUSHGS64: 297 return 8; 298 } 299 return 0; 300 } 301 302 bool isSUB(const MCInst &Inst) const override { 303 return X86::isSUB(Inst.getOpcode()); 304 } 305 306 bool isLEA64r(const MCInst &Inst) const override { 307 return Inst.getOpcode() == X86::LEA64r; 308 } 309 310 bool isLeave(const MCInst &Inst) const override { 311 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 312 } 313 314 bool isMoveMem2Reg(const MCInst &Inst) const override { 315 switch (Inst.getOpcode()) { 316 case X86::MOV16rm: 317 case X86::MOV32rm: 318 case X86::MOV64rm: 319 return true; 320 } 321 return false; 322 } 323 324 bool isUnsupportedBranch(unsigned Opcode) const override { 325 switch (Opcode) { 326 default: 327 return false; 328 case X86::LOOP: 329 case X86::LOOPE: 330 case X86::LOOPNE: 331 case X86::JECXZ: 332 case X86::JRCXZ: 333 return true; 334 } 335 } 336 337 bool isLoad(const MCInst &Inst) const override { 338 if (isPop(Inst)) 339 return true; 340 341 int MemOpNo = getMemoryOperandNo(Inst); 342 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 343 344 if (MemOpNo == -1) 345 return false; 346 347 return MCII.mayLoad(); 348 } 349 350 bool isStore(const MCInst &Inst) const override { 351 if (isPush(Inst)) 352 return true; 353 354 int MemOpNo = getMemoryOperandNo(Inst); 355 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 356 357 if (MemOpNo == -1) 358 return false; 359 360 return MCII.mayStore(); 361 } 362 363 bool isCleanRegXOR(const MCInst &Inst) const override { 364 switch (Inst.getOpcode()) { 365 case X86::XOR16rr: 366 case X86::XOR32rr: 367 case X86::XOR64rr: 368 break; 369 default: 370 return false; 371 } 372 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 373 } 374 375 bool isPacked(const MCInst &Inst) const override { 376 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 377 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 378 } 379 380 unsigned getTrapFillValue() const override { return 0xCC; } 381 382 struct IndJmpMatcherFrag1 : MCInstMatcher { 383 std::unique_ptr<MCInstMatcher> Base; 384 std::unique_ptr<MCInstMatcher> Scale; 385 std::unique_ptr<MCInstMatcher> Index; 386 std::unique_ptr<MCInstMatcher> Offset; 387 388 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 389 std::unique_ptr<MCInstMatcher> Scale, 390 std::unique_ptr<MCInstMatcher> Index, 391 std::unique_ptr<MCInstMatcher> Offset) 392 : Base(std::move(Base)), Scale(std::move(Scale)), 393 Index(std::move(Index)), Offset(std::move(Offset)) {} 394 395 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 396 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 397 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 398 return false; 399 400 if (CurInst->getOpcode() != X86::JMP64m) 401 return false; 402 403 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 404 if (MemOpNo == -1) 405 return false; 406 407 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 408 return false; 409 if (!Scale->match(MRI, MIB, this->InstrWindow, 410 MemOpNo + X86::AddrScaleAmt)) 411 return false; 412 if (!Index->match(MRI, MIB, this->InstrWindow, 413 MemOpNo + X86::AddrIndexReg)) 414 return false; 415 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 416 return false; 417 return true; 418 } 419 420 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 421 MIB.addAnnotation(*CurInst, Annotation, true); 422 Base->annotate(MIB, Annotation); 423 Scale->annotate(MIB, Annotation); 424 Index->annotate(MIB, Annotation); 425 Offset->annotate(MIB, Annotation); 426 } 427 }; 428 429 std::unique_ptr<MCInstMatcher> 430 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 431 std::unique_ptr<MCInstMatcher> Scale, 432 std::unique_ptr<MCInstMatcher> Index, 433 std::unique_ptr<MCInstMatcher> Offset) const override { 434 return std::unique_ptr<MCInstMatcher>( 435 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 436 std::move(Index), std::move(Offset))); 437 } 438 439 struct IndJmpMatcherFrag2 : MCInstMatcher { 440 std::unique_ptr<MCInstMatcher> Reg; 441 442 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 443 : Reg(std::move(Reg)) {} 444 445 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 446 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 447 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 448 return false; 449 450 if (CurInst->getOpcode() != X86::JMP64r) 451 return false; 452 453 return Reg->match(MRI, MIB, this->InstrWindow, 0); 454 } 455 456 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 457 MIB.addAnnotation(*CurInst, Annotation, true); 458 Reg->annotate(MIB, Annotation); 459 } 460 }; 461 462 std::unique_ptr<MCInstMatcher> 463 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 464 return std::unique_ptr<MCInstMatcher>( 465 new IndJmpMatcherFrag2(std::move(Target))); 466 } 467 468 struct LoadMatcherFrag1 : MCInstMatcher { 469 std::unique_ptr<MCInstMatcher> Base; 470 std::unique_ptr<MCInstMatcher> Scale; 471 std::unique_ptr<MCInstMatcher> Index; 472 std::unique_ptr<MCInstMatcher> Offset; 473 474 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 475 std::unique_ptr<MCInstMatcher> Scale, 476 std::unique_ptr<MCInstMatcher> Index, 477 std::unique_ptr<MCInstMatcher> Offset) 478 : Base(std::move(Base)), Scale(std::move(Scale)), 479 Index(std::move(Index)), Offset(std::move(Offset)) {} 480 481 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 482 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 483 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 484 return false; 485 486 if (CurInst->getOpcode() != X86::MOV64rm && 487 CurInst->getOpcode() != X86::MOVSX64rm32) 488 return false; 489 490 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 491 if (MemOpNo == -1) 492 return false; 493 494 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 495 return false; 496 if (!Scale->match(MRI, MIB, this->InstrWindow, 497 MemOpNo + X86::AddrScaleAmt)) 498 return false; 499 if (!Index->match(MRI, MIB, this->InstrWindow, 500 MemOpNo + X86::AddrIndexReg)) 501 return false; 502 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 503 return false; 504 return true; 505 } 506 507 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 508 MIB.addAnnotation(*CurInst, Annotation, true); 509 Base->annotate(MIB, Annotation); 510 Scale->annotate(MIB, Annotation); 511 Index->annotate(MIB, Annotation); 512 Offset->annotate(MIB, Annotation); 513 } 514 }; 515 516 std::unique_ptr<MCInstMatcher> 517 matchLoad(std::unique_ptr<MCInstMatcher> Base, 518 std::unique_ptr<MCInstMatcher> Scale, 519 std::unique_ptr<MCInstMatcher> Index, 520 std::unique_ptr<MCInstMatcher> Offset) const override { 521 return std::unique_ptr<MCInstMatcher>( 522 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 523 std::move(Index), std::move(Offset))); 524 } 525 526 struct AddMatcher : MCInstMatcher { 527 std::unique_ptr<MCInstMatcher> A; 528 std::unique_ptr<MCInstMatcher> B; 529 530 AddMatcher(std::unique_ptr<MCInstMatcher> A, 531 std::unique_ptr<MCInstMatcher> B) 532 : A(std::move(A)), B(std::move(B)) {} 533 534 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 535 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 536 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 537 return false; 538 539 if (CurInst->getOpcode() == X86::ADD64rr || 540 CurInst->getOpcode() == X86::ADD64rr_DB || 541 CurInst->getOpcode() == X86::ADD64rr_REV) { 542 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 543 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 544 return false; 545 return A->match(MRI, MIB, this->InstrWindow, 2); 546 } 547 548 if (B->match(MRI, MIB, this->InstrWindow, 2)) 549 return true; 550 551 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 552 return false; 553 return A->match(MRI, MIB, this->InstrWindow, 2); 554 } 555 556 return false; 557 } 558 559 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 560 MIB.addAnnotation(*CurInst, Annotation, true); 561 A->annotate(MIB, Annotation); 562 B->annotate(MIB, Annotation); 563 } 564 }; 565 566 virtual std::unique_ptr<MCInstMatcher> 567 matchAdd(std::unique_ptr<MCInstMatcher> A, 568 std::unique_ptr<MCInstMatcher> B) const override { 569 return std::unique_ptr<MCInstMatcher>( 570 new AddMatcher(std::move(A), std::move(B))); 571 } 572 573 struct LEAMatcher : MCInstMatcher { 574 std::unique_ptr<MCInstMatcher> Target; 575 576 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 577 : Target(std::move(Target)) {} 578 579 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 580 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 581 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 582 return false; 583 584 if (CurInst->getOpcode() != X86::LEA64r) 585 return false; 586 587 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 588 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 589 X86::NoRegister || 590 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 591 X86::NoRegister && 592 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 593 return false; 594 595 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 596 } 597 598 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 599 MIB.addAnnotation(*CurInst, Annotation, true); 600 Target->annotate(MIB, Annotation); 601 } 602 }; 603 604 virtual std::unique_ptr<MCInstMatcher> 605 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 606 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 607 } 608 609 bool hasPCRelOperand(const MCInst &Inst) const override { 610 for (const MCOperand &Operand : Inst) 611 if (Operand.isReg() && Operand.getReg() == X86::RIP) 612 return true; 613 return false; 614 } 615 616 int getMemoryOperandNo(const MCInst &Inst) const override { 617 unsigned Opcode = Inst.getOpcode(); 618 const MCInstrDesc &Desc = Info->get(Opcode); 619 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 620 if (MemOpNo >= 0) 621 MemOpNo += X86II::getOperandBias(Desc); 622 return MemOpNo; 623 } 624 625 bool hasEVEXEncoding(const MCInst &Inst) const override { 626 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 627 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 628 } 629 630 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 631 const auto *I = Insts.begin(); 632 while (I != Insts.end() && isPrefix(*I)) 633 ++I; 634 if (I == Insts.end()) 635 return false; 636 637 const MCInst &FirstInst = *I; 638 ++I; 639 while (I != Insts.end() && isPrefix(*I)) 640 ++I; 641 if (I == Insts.end()) 642 return false; 643 const MCInst &SecondInst = *I; 644 645 if (!isConditionalBranch(SecondInst)) 646 return false; 647 // Cannot fuse if the first instruction uses RIP-relative memory. 648 if (hasPCRelOperand(FirstInst)) 649 return false; 650 651 const X86::FirstMacroFusionInstKind CmpKind = 652 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 653 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 654 return false; 655 656 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 657 X86::SecondMacroFusionInstKind BranchKind = 658 X86::classifySecondCondCodeInMacroFusion(CC); 659 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 660 return false; 661 return X86::isMacroFused(CmpKind, BranchKind); 662 } 663 664 bool 665 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 666 int64_t *ScaleImm, unsigned *IndexRegNum, 667 int64_t *DispImm, unsigned *SegmentRegNum, 668 const MCExpr **DispExpr = nullptr) const override { 669 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 670 "one of the input pointers is null"); 671 int MemOpNo = getMemoryOperandNo(Inst); 672 if (MemOpNo < 0) 673 return false; 674 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 675 676 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 677 return false; 678 679 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 680 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 681 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 682 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 683 const MCOperand &Segment = 684 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 685 686 // Make sure it is a well-formed memory operand. 687 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 688 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 689 return false; 690 691 *BaseRegNum = Base.getReg(); 692 *ScaleImm = Scale.getImm(); 693 *IndexRegNum = Index.getReg(); 694 if (Disp.isImm()) { 695 assert(DispImm && "DispImm needs to be set"); 696 *DispImm = Disp.getImm(); 697 if (DispExpr) 698 *DispExpr = nullptr; 699 } else { 700 assert(DispExpr && "DispExpr needs to be set"); 701 *DispExpr = Disp.getExpr(); 702 if (DispImm) 703 *DispImm = 0; 704 } 705 *SegmentRegNum = Segment.getReg(); 706 return true; 707 } 708 709 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 710 uint64_t Address, 711 uint64_t Size) const override { 712 unsigned BaseRegNum; 713 int64_t ScaleValue; 714 unsigned IndexRegNum; 715 int64_t DispValue; 716 unsigned SegRegNum; 717 const MCExpr *DispExpr = nullptr; 718 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 719 &DispValue, &SegRegNum, &DispExpr)) 720 return false; 721 722 // Make sure it's a well-formed addressing we can statically evaluate. 723 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 724 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 725 DispExpr) 726 return false; 727 728 Target = DispValue; 729 if (BaseRegNum == X86::RIP) { 730 assert(Size != 0 && "instruction size required in order to statically " 731 "evaluate RIP-relative address"); 732 Target += Address + Size; 733 } 734 return true; 735 } 736 737 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 738 int MemOpNo = getMemoryOperandNo(Inst); 739 if (MemOpNo < 0) 740 return Inst.end(); 741 return Inst.begin() + (MemOpNo + X86::AddrDisp); 742 } 743 744 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 745 MCOperand *OI = getMemOperandDisp(Inst); 746 if (OI == Inst.end()) 747 return false; 748 *OI = Operand; 749 return true; 750 } 751 752 /// Get the registers used as function parameters. 753 /// This function is specific to the x86_64 abi on Linux. 754 BitVector getRegsUsedAsParams() const override { 755 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 756 Regs |= getAliases(X86::RSI); 757 Regs |= getAliases(X86::RDI); 758 Regs |= getAliases(X86::RDX); 759 Regs |= getAliases(X86::RCX); 760 Regs |= getAliases(X86::R8); 761 Regs |= getAliases(X86::R9); 762 return Regs; 763 } 764 765 void getCalleeSavedRegs(BitVector &Regs) const override { 766 Regs |= getAliases(X86::RBX); 767 Regs |= getAliases(X86::RBP); 768 Regs |= getAliases(X86::R12); 769 Regs |= getAliases(X86::R13); 770 Regs |= getAliases(X86::R14); 771 Regs |= getAliases(X86::R15); 772 } 773 774 void getDefaultDefIn(BitVector &Regs) const override { 775 assert(Regs.size() >= RegInfo->getNumRegs() && 776 "The size of BitVector is less than RegInfo->getNumRegs()."); 777 Regs.set(X86::RAX); 778 Regs.set(X86::RCX); 779 Regs.set(X86::RDX); 780 Regs.set(X86::RSI); 781 Regs.set(X86::RDI); 782 Regs.set(X86::R8); 783 Regs.set(X86::R9); 784 Regs.set(X86::XMM0); 785 Regs.set(X86::XMM1); 786 Regs.set(X86::XMM2); 787 Regs.set(X86::XMM3); 788 Regs.set(X86::XMM4); 789 Regs.set(X86::XMM5); 790 Regs.set(X86::XMM6); 791 Regs.set(X86::XMM7); 792 } 793 794 void getDefaultLiveOut(BitVector &Regs) const override { 795 assert(Regs.size() >= RegInfo->getNumRegs() && 796 "The size of BitVector is less than RegInfo->getNumRegs()."); 797 Regs |= getAliases(X86::RAX); 798 Regs |= getAliases(X86::RDX); 799 Regs |= getAliases(X86::RCX); 800 Regs |= getAliases(X86::XMM0); 801 Regs |= getAliases(X86::XMM1); 802 } 803 804 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 805 if (IncludeAlias) { 806 Regs |= getAliases(X86::RAX); 807 Regs |= getAliases(X86::RBX); 808 Regs |= getAliases(X86::RBP); 809 Regs |= getAliases(X86::RSI); 810 Regs |= getAliases(X86::RDI); 811 Regs |= getAliases(X86::RDX); 812 Regs |= getAliases(X86::RCX); 813 Regs |= getAliases(X86::R8); 814 Regs |= getAliases(X86::R9); 815 Regs |= getAliases(X86::R10); 816 Regs |= getAliases(X86::R11); 817 Regs |= getAliases(X86::R12); 818 Regs |= getAliases(X86::R13); 819 Regs |= getAliases(X86::R14); 820 Regs |= getAliases(X86::R15); 821 return; 822 } 823 Regs.set(X86::RAX); 824 Regs.set(X86::RBX); 825 Regs.set(X86::RBP); 826 Regs.set(X86::RSI); 827 Regs.set(X86::RDI); 828 Regs.set(X86::RDX); 829 Regs.set(X86::RCX); 830 Regs.set(X86::R8); 831 Regs.set(X86::R9); 832 Regs.set(X86::R10); 833 Regs.set(X86::R11); 834 Regs.set(X86::R12); 835 Regs.set(X86::R13); 836 Regs.set(X86::R14); 837 Regs.set(X86::R15); 838 } 839 840 void getClassicGPRegs(BitVector &Regs) const override { 841 Regs |= getAliases(X86::RAX); 842 Regs |= getAliases(X86::RBX); 843 Regs |= getAliases(X86::RBP); 844 Regs |= getAliases(X86::RSI); 845 Regs |= getAliases(X86::RDI); 846 Regs |= getAliases(X86::RDX); 847 Regs |= getAliases(X86::RCX); 848 } 849 850 void getRepRegs(BitVector &Regs) const override { 851 Regs |= getAliases(X86::RCX); 852 } 853 854 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 855 switch (Reg) { 856 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 857 switch (Size) { 858 case 8: return X86::RAX; case 4: return X86::EAX; 859 case 2: return X86::AX; case 1: return X86::AL; 860 default: llvm_unreachable("Unexpected size"); 861 } 862 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 863 switch (Size) { 864 case 8: return X86::RBX; case 4: return X86::EBX; 865 case 2: return X86::BX; case 1: return X86::BL; 866 default: llvm_unreachable("Unexpected size"); 867 } 868 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 869 switch (Size) { 870 case 8: return X86::RDX; case 4: return X86::EDX; 871 case 2: return X86::DX; case 1: return X86::DL; 872 default: llvm_unreachable("Unexpected size"); 873 } 874 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 875 switch (Size) { 876 case 8: return X86::RDI; case 4: return X86::EDI; 877 case 2: return X86::DI; case 1: return X86::DIL; 878 default: llvm_unreachable("Unexpected size"); 879 } 880 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 881 switch (Size) { 882 case 8: return X86::RSI; case 4: return X86::ESI; 883 case 2: return X86::SI; case 1: return X86::SIL; 884 default: llvm_unreachable("Unexpected size"); 885 } 886 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 887 switch (Size) { 888 case 8: return X86::RCX; case 4: return X86::ECX; 889 case 2: return X86::CX; case 1: return X86::CL; 890 default: llvm_unreachable("Unexpected size"); 891 } 892 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 893 switch (Size) { 894 case 8: return X86::RSP; case 4: return X86::ESP; 895 case 2: return X86::SP; case 1: return X86::SPL; 896 default: llvm_unreachable("Unexpected size"); 897 } 898 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 899 switch (Size) { 900 case 8: return X86::RBP; case 4: return X86::EBP; 901 case 2: return X86::BP; case 1: return X86::BPL; 902 default: llvm_unreachable("Unexpected size"); 903 } 904 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 905 switch (Size) { 906 case 8: return X86::R8; case 4: return X86::R8D; 907 case 2: return X86::R8W; case 1: return X86::R8B; 908 default: llvm_unreachable("Unexpected size"); 909 } 910 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 911 switch (Size) { 912 case 8: return X86::R9; case 4: return X86::R9D; 913 case 2: return X86::R9W; case 1: return X86::R9B; 914 default: llvm_unreachable("Unexpected size"); 915 } 916 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 917 switch (Size) { 918 case 8: return X86::R10; case 4: return X86::R10D; 919 case 2: return X86::R10W; case 1: return X86::R10B; 920 default: llvm_unreachable("Unexpected size"); 921 } 922 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 923 switch (Size) { 924 case 8: return X86::R11; case 4: return X86::R11D; 925 case 2: return X86::R11W; case 1: return X86::R11B; 926 default: llvm_unreachable("Unexpected size"); 927 } 928 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 929 switch (Size) { 930 case 8: return X86::R12; case 4: return X86::R12D; 931 case 2: return X86::R12W; case 1: return X86::R12B; 932 default: llvm_unreachable("Unexpected size"); 933 } 934 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 935 switch (Size) { 936 case 8: return X86::R13; case 4: return X86::R13D; 937 case 2: return X86::R13W; case 1: return X86::R13B; 938 default: llvm_unreachable("Unexpected size"); 939 } 940 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 941 switch (Size) { 942 case 8: return X86::R14; case 4: return X86::R14D; 943 case 2: return X86::R14W; case 1: return X86::R14B; 944 default: llvm_unreachable("Unexpected size"); 945 } 946 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 947 switch (Size) { 948 case 8: return X86::R15; case 4: return X86::R15D; 949 case 2: return X86::R15W; case 1: return X86::R15B; 950 default: llvm_unreachable("Unexpected size"); 951 } 952 default: 953 dbgs() << Reg << " (get alias sized)\n"; 954 llvm_unreachable("Unexpected reg number"); 955 break; 956 } 957 } 958 959 bool isUpper8BitReg(MCPhysReg Reg) const override { 960 switch (Reg) { 961 case X86::AH: 962 case X86::BH: 963 case X86::CH: 964 case X86::DH: 965 return true; 966 default: 967 return false; 968 } 969 } 970 971 bool cannotUseREX(const MCInst &Inst) const override { 972 switch (Inst.getOpcode()) { 973 case X86::MOV8mr_NOREX: 974 case X86::MOV8rm_NOREX: 975 case X86::MOV8rr_NOREX: 976 case X86::MOVSX32rm8_NOREX: 977 case X86::MOVSX32rr8_NOREX: 978 case X86::MOVZX32rm8_NOREX: 979 case X86::MOVZX32rr8_NOREX: 980 case X86::MOV8mr: 981 case X86::MOV8rm: 982 case X86::MOV8rr: 983 case X86::MOVSX32rm8: 984 case X86::MOVSX32rr8: 985 case X86::MOVZX32rm8: 986 case X86::MOVZX32rr8: 987 case X86::TEST8ri: 988 for (const MCOperand &Operand : MCPlus::primeOperands(Inst)) { 989 if (!Operand.isReg()) 990 continue; 991 if (isUpper8BitReg(Operand.getReg())) 992 return true; 993 } 994 LLVM_FALLTHROUGH; 995 default: 996 return false; 997 } 998 } 999 1000 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1001 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1002 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1003 bool &IsSimple, bool &IsIndexed) const override { 1004 // Detect simple push/pop cases first 1005 if (int Sz = getPushSize(Inst)) { 1006 IsLoad = false; 1007 IsStore = true; 1008 IsStoreFromReg = true; 1009 StackPtrReg = X86::RSP; 1010 StackOffset = -Sz; 1011 Size = Sz; 1012 IsSimple = true; 1013 if (Inst.getOperand(0).isImm()) 1014 SrcImm = Inst.getOperand(0).getImm(); 1015 else if (Inst.getOperand(0).isReg()) 1016 Reg = Inst.getOperand(0).getReg(); 1017 else 1018 IsSimple = false; 1019 1020 return true; 1021 } 1022 if (int Sz = getPopSize(Inst)) { 1023 IsLoad = true; 1024 IsStore = false; 1025 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1026 IsSimple = false; 1027 } else { 1028 Reg = Inst.getOperand(0).getReg(); 1029 IsSimple = true; 1030 } 1031 StackPtrReg = X86::RSP; 1032 StackOffset = 0; 1033 Size = Sz; 1034 return true; 1035 } 1036 1037 struct InstInfo { 1038 // Size in bytes that Inst loads from memory. 1039 uint8_t DataSize; 1040 bool IsLoad; 1041 bool IsStore; 1042 bool StoreFromReg; 1043 bool Simple; 1044 }; 1045 1046 InstInfo I; 1047 int MemOpNo = getMemoryOperandNo(Inst); 1048 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1049 // If it is not dealing with a memory operand, we discard it 1050 if (MemOpNo == -1 || MCII.isCall()) 1051 return false; 1052 1053 switch (Inst.getOpcode()) { 1054 default: { 1055 uint8_t Sz = 0; 1056 bool IsLoad = MCII.mayLoad(); 1057 bool IsStore = MCII.mayStore(); 1058 // Is it LEA? (deals with memory but is not loading nor storing) 1059 if (!IsLoad && !IsStore) 1060 return false; 1061 1062 // Try to guess data size involved in the load/store by looking at the 1063 // register size. If there's no reg involved, return 0 as size, meaning 1064 // we don't know. 1065 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1066 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1067 continue; 1068 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1069 continue; 1070 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1071 break; 1072 } 1073 I = {Sz, IsLoad, IsStore, false, false}; 1074 break; 1075 } 1076 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1077 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1078 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1079 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1080 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1081 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1082 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1083 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1084 } // end switch (Inst.getOpcode()) 1085 1086 unsigned BaseRegNum; 1087 int64_t ScaleValue; 1088 unsigned IndexRegNum; 1089 int64_t DispValue; 1090 unsigned SegRegNum; 1091 const MCExpr *DispExpr; 1092 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1093 &DispValue, &SegRegNum, &DispExpr)) { 1094 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1095 LLVM_DEBUG(Inst.dump()); 1096 return false; 1097 } 1098 1099 // Make sure it's a stack access 1100 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1101 return false; 1102 1103 IsLoad = I.IsLoad; 1104 IsStore = I.IsStore; 1105 IsStoreFromReg = I.StoreFromReg; 1106 Size = I.DataSize; 1107 IsSimple = I.Simple; 1108 StackPtrReg = BaseRegNum; 1109 StackOffset = DispValue; 1110 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1111 1112 if (!I.Simple) 1113 return true; 1114 1115 // Retrieve related register in simple MOV from/to stack operations. 1116 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1117 if (I.IsLoad) { 1118 MCOperand RegOpnd = Inst.getOperand(0); 1119 assert(RegOpnd.isReg() && "unexpected destination operand"); 1120 Reg = RegOpnd.getReg(); 1121 } else if (I.IsStore) { 1122 MCOperand SrcOpnd = 1123 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1124 if (I.StoreFromReg) { 1125 assert(SrcOpnd.isReg() && "unexpected source operand"); 1126 Reg = SrcOpnd.getReg(); 1127 } else { 1128 assert(SrcOpnd.isImm() && "unexpected source operand"); 1129 SrcImm = SrcOpnd.getImm(); 1130 } 1131 } 1132 1133 return true; 1134 } 1135 1136 void changeToPushOrPop(MCInst &Inst) const override { 1137 assert(!isPush(Inst) && !isPop(Inst)); 1138 1139 struct InstInfo { 1140 // Size in bytes that Inst loads from memory. 1141 uint8_t DataSize; 1142 bool IsLoad; 1143 bool StoreFromReg; 1144 }; 1145 1146 InstInfo I; 1147 switch (Inst.getOpcode()) { 1148 default: { 1149 llvm_unreachable("Unhandled opcode"); 1150 return; 1151 } 1152 case X86::MOV16rm: I = {2, true, false}; break; 1153 case X86::MOV32rm: I = {4, true, false}; break; 1154 case X86::MOV64rm: I = {8, true, false}; break; 1155 case X86::MOV16mr: I = {2, false, true}; break; 1156 case X86::MOV32mr: I = {4, false, true}; break; 1157 case X86::MOV64mr: I = {8, false, true}; break; 1158 case X86::MOV16mi: I = {2, false, false}; break; 1159 case X86::MOV32mi: I = {4, false, false}; break; 1160 } // end switch (Inst.getOpcode()) 1161 1162 unsigned BaseRegNum; 1163 int64_t ScaleValue; 1164 unsigned IndexRegNum; 1165 int64_t DispValue; 1166 unsigned SegRegNum; 1167 const MCExpr *DispExpr; 1168 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1169 &DispValue, &SegRegNum, &DispExpr)) { 1170 llvm_unreachable("Evaluate failed"); 1171 return; 1172 } 1173 // Make sure it's a stack access 1174 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1175 llvm_unreachable("Not a stack access"); 1176 return; 1177 } 1178 1179 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1180 unsigned NewOpcode = 0; 1181 if (I.IsLoad) { 1182 switch (I.DataSize) { 1183 case 2: NewOpcode = X86::POP16r; break; 1184 case 4: NewOpcode = X86::POP32r; break; 1185 case 8: NewOpcode = X86::POP64r; break; 1186 default: 1187 llvm_unreachable("Unexpected size"); 1188 } 1189 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1190 Inst.clear(); 1191 Inst.setOpcode(NewOpcode); 1192 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1193 } else { 1194 MCOperand SrcOpnd = 1195 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1196 if (I.StoreFromReg) { 1197 switch (I.DataSize) { 1198 case 2: NewOpcode = X86::PUSH16r; break; 1199 case 4: NewOpcode = X86::PUSH32r; break; 1200 case 8: NewOpcode = X86::PUSH64r; break; 1201 default: 1202 llvm_unreachable("Unexpected size"); 1203 } 1204 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1205 unsigned RegOpndNum = SrcOpnd.getReg(); 1206 Inst.clear(); 1207 Inst.setOpcode(NewOpcode); 1208 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1209 } else { 1210 switch (I.DataSize) { 1211 case 2: NewOpcode = X86::PUSH16i8; break; 1212 case 4: NewOpcode = X86::PUSH32i8; break; 1213 case 8: NewOpcode = X86::PUSH64i32; break; 1214 default: 1215 llvm_unreachable("Unexpected size"); 1216 } 1217 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1218 int64_t SrcImm = SrcOpnd.getImm(); 1219 Inst.clear(); 1220 Inst.setOpcode(NewOpcode); 1221 Inst.addOperand(MCOperand::createImm(SrcImm)); 1222 } 1223 } 1224 } 1225 1226 bool isStackAdjustment(const MCInst &Inst) const override { 1227 switch (Inst.getOpcode()) { 1228 default: 1229 return false; 1230 case X86::SUB64ri32: 1231 case X86::SUB64ri8: 1232 case X86::ADD64ri32: 1233 case X86::ADD64ri8: 1234 case X86::LEA64r: 1235 break; 1236 } 1237 1238 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1239 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1240 const MCOperand &Operand = Inst.getOperand(I); 1241 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1242 return true; 1243 } 1244 return false; 1245 } 1246 1247 bool evaluateSimple(const MCInst &Inst, int64_t &Output, 1248 std::pair<MCPhysReg, int64_t> Input1, 1249 std::pair<MCPhysReg, int64_t> Input2) const override { 1250 1251 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1252 if (Reg == Input1.first) 1253 return Input1.second; 1254 if (Reg == Input2.first) 1255 return Input2.second; 1256 return make_error_code(errc::result_out_of_range); 1257 }; 1258 1259 switch (Inst.getOpcode()) { 1260 default: 1261 return false; 1262 1263 case X86::AND64ri32: 1264 case X86::AND64ri8: 1265 if (!Inst.getOperand(2).isImm()) 1266 return false; 1267 if (ErrorOr<int64_t> InputVal = 1268 getOperandVal(Inst.getOperand(1).getReg())) 1269 Output = *InputVal & Inst.getOperand(2).getImm(); 1270 else 1271 return false; 1272 break; 1273 case X86::SUB64ri32: 1274 case X86::SUB64ri8: 1275 if (!Inst.getOperand(2).isImm()) 1276 return false; 1277 if (ErrorOr<int64_t> InputVal = 1278 getOperandVal(Inst.getOperand(1).getReg())) 1279 Output = *InputVal - Inst.getOperand(2).getImm(); 1280 else 1281 return false; 1282 break; 1283 case X86::ADD64ri32: 1284 case X86::ADD64ri8: 1285 if (!Inst.getOperand(2).isImm()) 1286 return false; 1287 if (ErrorOr<int64_t> InputVal = 1288 getOperandVal(Inst.getOperand(1).getReg())) 1289 Output = *InputVal + Inst.getOperand(2).getImm(); 1290 else 1291 return false; 1292 break; 1293 case X86::ADD64i32: 1294 if (!Inst.getOperand(0).isImm()) 1295 return false; 1296 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1297 Output = *InputVal + Inst.getOperand(0).getImm(); 1298 else 1299 return false; 1300 break; 1301 1302 case X86::LEA64r: { 1303 unsigned BaseRegNum; 1304 int64_t ScaleValue; 1305 unsigned IndexRegNum; 1306 int64_t DispValue; 1307 unsigned SegRegNum; 1308 const MCExpr *DispExpr = nullptr; 1309 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1310 &IndexRegNum, &DispValue, &SegRegNum, 1311 &DispExpr)) 1312 return false; 1313 1314 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1315 SegRegNum != X86::NoRegister || DispExpr) 1316 return false; 1317 1318 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1319 Output = *InputVal + DispValue; 1320 else 1321 return false; 1322 1323 break; 1324 } 1325 } 1326 return true; 1327 } 1328 1329 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1330 MCPhysReg &To) const override { 1331 switch (Inst.getOpcode()) { 1332 default: 1333 return false; 1334 case X86::LEAVE: 1335 case X86::LEAVE64: 1336 To = getStackPointer(); 1337 From = getFramePointer(); 1338 return true; 1339 case X86::MOV64rr: 1340 To = Inst.getOperand(0).getReg(); 1341 From = Inst.getOperand(1).getReg(); 1342 return true; 1343 } 1344 } 1345 1346 MCPhysReg getStackPointer() const override { return X86::RSP; } 1347 MCPhysReg getFramePointer() const override { return X86::RBP; } 1348 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1349 1350 bool escapesVariable(const MCInst &Inst, 1351 bool HasFramePointer) const override { 1352 int MemOpNo = getMemoryOperandNo(Inst); 1353 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1354 const unsigned NumDefs = MCII.getNumDefs(); 1355 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1356 getAliases(X86::RBP)); 1357 static BitVector SPAliases(getAliases(X86::RSP)); 1358 1359 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1360 // because a lot of harmless prologue code will spill SP to the stack. 1361 // Unless push is clearly pushing an object address to the stack as 1362 // demonstrated by having a MemOp. 1363 bool IsPush = isPush(Inst); 1364 if (IsPush && MemOpNo == -1) 1365 return false; 1366 1367 // We use this to detect LEA (has memop but does not access mem) 1368 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1369 bool DoesLeak = false; 1370 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1371 // Ignore if SP/BP is used to dereference memory -- that's fine 1372 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1373 I <= MemOpNo + 5) 1374 continue; 1375 // Ignore if someone is writing to SP/BP 1376 if (I < static_cast<int>(NumDefs)) 1377 continue; 1378 1379 const MCOperand &Operand = Inst.getOperand(I); 1380 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1381 DoesLeak = true; 1382 break; 1383 } 1384 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1385 DoesLeak = true; 1386 break; 1387 } 1388 } 1389 1390 // If potential leak, check if it is not just writing to itself/sp/bp 1391 if (DoesLeak) { 1392 for (int I = 0, E = NumDefs; I != E; ++I) { 1393 const MCOperand &Operand = Inst.getOperand(I); 1394 if (HasFramePointer && Operand.isReg() && 1395 SPBPAliases[Operand.getReg()]) { 1396 DoesLeak = false; 1397 break; 1398 } 1399 if (!HasFramePointer && Operand.isReg() && 1400 SPAliases[Operand.getReg()]) { 1401 DoesLeak = false; 1402 break; 1403 } 1404 } 1405 } 1406 return DoesLeak; 1407 } 1408 1409 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1410 unsigned ImmOpNo = -1U; 1411 int MemOpNo = getMemoryOperandNo(Inst); 1412 if (MemOpNo != -1) 1413 ImmOpNo = MemOpNo + X86::AddrDisp; 1414 else 1415 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1416 ++Index) 1417 if (Inst.getOperand(Index).isImm()) 1418 ImmOpNo = Index; 1419 if (ImmOpNo == -1U) 1420 return false; 1421 1422 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1423 Amt += Operand.getImm(); 1424 Operand.setImm(Amt); 1425 // Check for the need for relaxation 1426 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1427 return true; 1428 1429 // Relax instruction 1430 switch (Inst.getOpcode()) { 1431 case X86::SUB64ri8: 1432 Inst.setOpcode(X86::SUB64ri32); 1433 break; 1434 case X86::ADD64ri8: 1435 Inst.setOpcode(X86::ADD64ri32); 1436 break; 1437 default: 1438 // No need for relaxation 1439 break; 1440 } 1441 return true; 1442 } 1443 1444 /// TODO: this implementation currently works for the most common opcodes that 1445 /// load from memory. It can be extended to work with memory store opcodes as 1446 /// well as more memory load opcodes. 1447 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1448 uint64_t Offset) const override { 1449 enum CheckSignExt : uint8_t { 1450 NOCHECK = 0, 1451 CHECK8, 1452 CHECK32, 1453 }; 1454 1455 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1456 struct InstInfo { 1457 // Size in bytes that Inst loads from memory. 1458 uint8_t DataSize; 1459 1460 // True when the target operand has to be duplicated because the opcode 1461 // expects a LHS operand. 1462 bool HasLHS; 1463 1464 // List of checks and corresponding opcodes to be used. We try to use the 1465 // smallest possible immediate value when various sizes are available, 1466 // hence we may need to check whether a larger constant fits in a smaller 1467 // immediate. 1468 CheckList Checks; 1469 }; 1470 1471 InstInfo I; 1472 1473 switch (Inst.getOpcode()) { 1474 default: { 1475 switch (getPopSize(Inst)) { 1476 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1477 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1478 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1479 {NOCHECK, X86::MOV64rm}}}; break; 1480 default: return false; 1481 } 1482 break; 1483 } 1484 1485 // MOV 1486 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1487 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1488 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1489 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1490 {NOCHECK, X86::MOV64rm}}}; break; 1491 1492 // MOVZX 1493 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1494 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1495 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1496 1497 // CMP 1498 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1499 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1500 {NOCHECK, X86::CMP16ri}}}; break; 1501 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1502 {NOCHECK, X86::CMP32ri}}}; break; 1503 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1504 {CHECK32, X86::CMP64ri32}, 1505 {NOCHECK, X86::CMP64rm}}}; break; 1506 1507 // TEST 1508 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1509 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1510 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1511 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1512 {NOCHECK, X86::TEST64mr}}}; break; 1513 1514 // ADD 1515 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1516 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1517 {NOCHECK, X86::ADD16ri}}}; break; 1518 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1519 {NOCHECK, X86::ADD32ri}}}; break; 1520 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1521 {CHECK32, X86::ADD64ri32}, 1522 {NOCHECK, X86::ADD64rm}}}; break; 1523 1524 // SUB 1525 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1526 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1527 {NOCHECK, X86::SUB16ri}}}; break; 1528 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1529 {NOCHECK, X86::SUB32ri}}}; break; 1530 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1531 {CHECK32, X86::SUB64ri32}, 1532 {NOCHECK, X86::SUB64rm}}}; break; 1533 1534 // AND 1535 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1536 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1537 {NOCHECK, X86::AND16ri}}}; break; 1538 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1539 {NOCHECK, X86::AND32ri}}}; break; 1540 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1541 {CHECK32, X86::AND64ri32}, 1542 {NOCHECK, X86::AND64rm}}}; break; 1543 1544 // OR 1545 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1546 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1547 {NOCHECK, X86::OR16ri}}}; break; 1548 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1549 {NOCHECK, X86::OR32ri}}}; break; 1550 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1551 {CHECK32, X86::OR64ri32}, 1552 {NOCHECK, X86::OR64rm}}}; break; 1553 1554 // XOR 1555 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1556 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1557 {NOCHECK, X86::XOR16ri}}}; break; 1558 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1559 {NOCHECK, X86::XOR32ri}}}; break; 1560 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1561 {CHECK32, X86::XOR64ri32}, 1562 {NOCHECK, X86::XOR64rm}}}; break; 1563 } 1564 1565 // Compute the immediate value. 1566 assert(Offset + I.DataSize <= ConstantData.size() && 1567 "invalid offset for given constant data"); 1568 int64_t ImmVal = 1569 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1570 1571 // Compute the new opcode. 1572 unsigned NewOpcode = 0; 1573 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1574 NewOpcode = Check.second; 1575 if (Check.first == NOCHECK) 1576 break; 1577 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1578 break; 1579 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1580 break; 1581 } 1582 if (NewOpcode == Inst.getOpcode()) 1583 return false; 1584 1585 // Modify the instruction. 1586 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1587 uint32_t TargetOpNum = 0; 1588 // Test instruction does not follow the regular pattern of putting the 1589 // memory reference of a load (5 MCOperands) last in the list of operands. 1590 // Since it is not modifying the register operand, it is not treated as 1591 // a destination operand and it is not the first operand as it is in the 1592 // other instructions we treat here. 1593 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1594 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1595 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1596 1597 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1598 Inst.clear(); 1599 Inst.setOpcode(NewOpcode); 1600 Inst.addOperand(TargetOp); 1601 if (I.HasLHS) 1602 Inst.addOperand(TargetOp); 1603 Inst.addOperand(ImmOp); 1604 1605 return true; 1606 } 1607 1608 /// TODO: this implementation currently works for the most common opcodes that 1609 /// load from memory. It can be extended to work with memory store opcodes as 1610 /// well as more memory load opcodes. 1611 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1612 unsigned NewOpcode; 1613 1614 switch (Inst.getOpcode()) { 1615 default: { 1616 switch (getPopSize(Inst)) { 1617 case 2: NewOpcode = X86::MOV16rr; break; 1618 case 4: NewOpcode = X86::MOV32rr; break; 1619 case 8: NewOpcode = X86::MOV64rr; break; 1620 default: return false; 1621 } 1622 break; 1623 } 1624 1625 // MOV 1626 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1627 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1628 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1629 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1630 } 1631 1632 // Modify the instruction. 1633 MCOperand RegOp = MCOperand::createReg(RegNum); 1634 MCOperand TargetOp = Inst.getOperand(0); 1635 Inst.clear(); 1636 Inst.setOpcode(NewOpcode); 1637 Inst.addOperand(TargetOp); 1638 Inst.addOperand(RegOp); 1639 1640 return true; 1641 } 1642 1643 bool isRedundantMove(const MCInst &Inst) const override { 1644 switch (Inst.getOpcode()) { 1645 default: 1646 return false; 1647 1648 // MOV 1649 case X86::MOV8rr: 1650 case X86::MOV16rr: 1651 case X86::MOV32rr: 1652 case X86::MOV64rr: 1653 break; 1654 } 1655 1656 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1657 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1658 } 1659 1660 bool requiresAlignedAddress(const MCInst &Inst) const override { 1661 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1662 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1663 const MCOperandInfo &Op = Desc.OpInfo[I]; 1664 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1665 continue; 1666 if (Op.RegClass == X86::VR128RegClassID) 1667 return true; 1668 } 1669 return false; 1670 } 1671 1672 bool convertJmpToTailCall(MCInst &Inst) override { 1673 if (isTailCall(Inst)) 1674 return false; 1675 1676 int NewOpcode; 1677 switch (Inst.getOpcode()) { 1678 default: 1679 return false; 1680 case X86::JMP_1: 1681 case X86::JMP_2: 1682 case X86::JMP_4: 1683 NewOpcode = X86::JMP_4; 1684 break; 1685 case X86::JMP16m: 1686 case X86::JMP32m: 1687 case X86::JMP64m: 1688 NewOpcode = X86::JMP32m; 1689 break; 1690 case X86::JMP16r: 1691 case X86::JMP32r: 1692 case X86::JMP64r: 1693 NewOpcode = X86::JMP32r; 1694 break; 1695 } 1696 1697 Inst.setOpcode(NewOpcode); 1698 setTailCall(Inst); 1699 return true; 1700 } 1701 1702 bool convertTailCallToJmp(MCInst &Inst) override { 1703 int NewOpcode; 1704 switch (Inst.getOpcode()) { 1705 default: 1706 return false; 1707 case X86::JMP_4: 1708 NewOpcode = X86::JMP_1; 1709 break; 1710 case X86::JMP32m: 1711 NewOpcode = X86::JMP64m; 1712 break; 1713 case X86::JMP32r: 1714 NewOpcode = X86::JMP64r; 1715 break; 1716 } 1717 1718 Inst.setOpcode(NewOpcode); 1719 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1720 clearOffset(Inst); 1721 return true; 1722 } 1723 1724 bool convertTailCallToCall(MCInst &Inst) override { 1725 int NewOpcode; 1726 switch (Inst.getOpcode()) { 1727 default: 1728 return false; 1729 case X86::JMP_4: 1730 NewOpcode = X86::CALL64pcrel32; 1731 break; 1732 case X86::JMP32m: 1733 NewOpcode = X86::CALL64m; 1734 break; 1735 case X86::JMP32r: 1736 NewOpcode = X86::CALL64r; 1737 break; 1738 } 1739 1740 Inst.setOpcode(NewOpcode); 1741 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1742 return true; 1743 } 1744 1745 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1746 MCContext *Ctx) override { 1747 bool IsTailCall = isTailCall(Inst); 1748 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 1749 (Inst.getOpcode() == X86::JMP_4 && IsTailCall)) && 1750 "64-bit direct (tail) call instruction expected"); 1751 const auto NewOpcode = 1752 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 1753 Inst.setOpcode(NewOpcode); 1754 1755 // Replace the first operand and preserve auxiliary operands of 1756 // the instruction. 1757 Inst.erase(Inst.begin()); 1758 Inst.insert(Inst.begin(), 1759 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 1760 Inst.insert(Inst.begin(), 1761 MCOperand::createExpr( // Displacement 1762 MCSymbolRefExpr::create(TargetLocation, 1763 MCSymbolRefExpr::VK_None, *Ctx))); 1764 Inst.insert(Inst.begin(), 1765 MCOperand::createReg(X86::NoRegister)); // IndexReg 1766 Inst.insert(Inst.begin(), 1767 MCOperand::createImm(1)); // ScaleAmt 1768 Inst.insert(Inst.begin(), 1769 MCOperand::createReg(X86::RIP)); // BaseReg 1770 1771 return true; 1772 } 1773 1774 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 1775 bool IsTailCall = isTailCall(Inst); 1776 if (IsTailCall) 1777 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1778 if (Inst.getOpcode() == X86::CALL64m || 1779 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 1780 Inst.setOpcode(X86::MOV64rm); 1781 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1782 return; 1783 } 1784 if (Inst.getOpcode() == X86::CALL64r || 1785 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 1786 Inst.setOpcode(X86::MOV64rr); 1787 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1788 return; 1789 } 1790 LLVM_DEBUG(Inst.dump()); 1791 llvm_unreachable("not implemented"); 1792 } 1793 1794 bool shortenInstruction(MCInst &Inst, 1795 const MCSubtargetInfo &STI) const override { 1796 unsigned OldOpcode = Inst.getOpcode(); 1797 unsigned NewOpcode = OldOpcode; 1798 1799 int MemOpNo = getMemoryOperandNo(Inst); 1800 1801 // Check and remove redundant Address-Size override prefix. 1802 if (opts::X86StripRedundantAddressSize) { 1803 uint64_t TSFlags = Info->get(OldOpcode).TSFlags; 1804 unsigned Flags = Inst.getFlags(); 1805 1806 if (!X86_MC::needsAddressSizeOverride(Inst, STI, MemOpNo, TSFlags) && 1807 Flags & X86::IP_HAS_AD_SIZE) 1808 Inst.setFlags(Flags ^ X86::IP_HAS_AD_SIZE); 1809 } 1810 1811 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where 1812 // SIB byte is present, but no index is used and modrm alone should have 1813 // been enough. Converting to NoRegister effectively removes the SIB byte. 1814 if (MemOpNo >= 0) { 1815 MCOperand &IndexOp = 1816 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 1817 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 1818 IndexOp = MCOperand::createReg(X86::NoRegister); 1819 } 1820 1821 if (isBranch(Inst)) { 1822 NewOpcode = getShortBranchOpcode(OldOpcode); 1823 } else if (OldOpcode == X86::MOV64ri) { 1824 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1825 const int64_t Imm = 1826 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1827 if (int64_t(Imm) == int64_t(int32_t(Imm))) 1828 NewOpcode = X86::MOV64ri32; 1829 } 1830 } else { 1831 // If it's arithmetic instruction check if signed operand fits in 1 byte. 1832 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 1833 if (ShortOpcode != OldOpcode && 1834 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1835 int64_t Imm = 1836 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1837 if (int64_t(Imm) == int64_t(int8_t(Imm))) 1838 NewOpcode = ShortOpcode; 1839 } 1840 } 1841 1842 if (NewOpcode == OldOpcode) 1843 return false; 1844 1845 Inst.setOpcode(NewOpcode); 1846 return true; 1847 } 1848 1849 bool 1850 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 1851 bool AllowBasePtrStackMemOp) const override { 1852 // - Register-register moves are OK 1853 // - Stores are filtered out by opcode (no store CMOV) 1854 // - Non-stack loads are prohibited (generally unsafe) 1855 // - Stack loads are OK if AllowStackMemOp is true 1856 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 1857 if (isLoad(Inst)) { 1858 // If stack memory operands are not allowed, no loads are allowed 1859 if (!AllowStackMemOp) 1860 return false; 1861 1862 // If stack memory operands are allowed, check if it's a load from stack 1863 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 1864 MCPhysReg Reg; 1865 int32_t SrcImm; 1866 uint16_t StackPtrReg; 1867 int64_t StackOffset; 1868 uint8_t Size; 1869 bool IsStackAccess = 1870 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 1871 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 1872 // Prohibit non-stack-based loads 1873 if (!IsStackAccess) 1874 return false; 1875 // If stack memory operands are allowed, check if it's RBP-based 1876 if (!AllowBasePtrStackMemOp && 1877 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 1878 return false; 1879 } 1880 1881 unsigned NewOpcode = 0; 1882 switch (Inst.getOpcode()) { 1883 case X86::MOV16rr: 1884 NewOpcode = X86::CMOV16rr; 1885 break; 1886 case X86::MOV16rm: 1887 NewOpcode = X86::CMOV16rm; 1888 break; 1889 case X86::MOV32rr: 1890 NewOpcode = X86::CMOV32rr; 1891 break; 1892 case X86::MOV32rm: 1893 NewOpcode = X86::CMOV32rm; 1894 break; 1895 case X86::MOV64rr: 1896 NewOpcode = X86::CMOV64rr; 1897 break; 1898 case X86::MOV64rm: 1899 NewOpcode = X86::CMOV64rm; 1900 break; 1901 default: 1902 return false; 1903 } 1904 Inst.setOpcode(NewOpcode); 1905 // Insert CC at the end of prime operands, before annotations 1906 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 1907 MCOperand::createImm(CC)); 1908 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 1909 Inst.insert(Inst.begin(), Inst.getOperand(0)); 1910 return true; 1911 } 1912 1913 bool lowerTailCall(MCInst &Inst) override { 1914 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 1915 Inst.setOpcode(X86::JMP_1); 1916 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1917 return true; 1918 } 1919 return false; 1920 } 1921 1922 const MCSymbol *getTargetSymbol(const MCInst &Inst, 1923 unsigned OpNum = 0) const override { 1924 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 1925 return nullptr; 1926 1927 const MCOperand &Op = Inst.getOperand(OpNum); 1928 if (!Op.isExpr()) 1929 return nullptr; 1930 1931 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 1932 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 1933 return nullptr; 1934 1935 return &SymExpr->getSymbol(); 1936 } 1937 1938 // This is the same as the base class, but since we are overriding one of 1939 // getTargetSymbol's signatures above, we need to override all of them. 1940 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 1941 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 1942 } 1943 1944 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 1945 const MCSymbol *&TBB, const MCSymbol *&FBB, 1946 MCInst *&CondBranch, 1947 MCInst *&UncondBranch) const override { 1948 auto I = End; 1949 1950 // Bottom-up analysis 1951 while (I != Begin) { 1952 --I; 1953 1954 // Ignore nops and CFIs 1955 if (isPseudo(*I)) 1956 continue; 1957 1958 // Stop when we find the first non-terminator 1959 if (!isTerminator(*I)) 1960 break; 1961 1962 if (!isBranch(*I)) 1963 break; 1964 1965 // Handle unconditional branches. 1966 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 1967 I->getOpcode() == X86::JMP_4) && 1968 !isTailCall(*I)) { 1969 // If any code was seen after this unconditional branch, we've seen 1970 // unreachable code. Ignore them. 1971 CondBranch = nullptr; 1972 UncondBranch = &*I; 1973 const MCSymbol *Sym = getTargetSymbol(*I); 1974 assert(Sym != nullptr && 1975 "Couldn't extract BB symbol from jump operand"); 1976 TBB = Sym; 1977 continue; 1978 } 1979 1980 // Handle conditional branches and ignore indirect branches 1981 if (!isUnsupportedBranch(I->getOpcode()) && 1982 getCondCode(*I) == X86::COND_INVALID) { 1983 // Indirect branch 1984 return false; 1985 } 1986 1987 if (CondBranch == nullptr) { 1988 const MCSymbol *TargetBB = getTargetSymbol(*I); 1989 if (TargetBB == nullptr) { 1990 // Unrecognized branch target 1991 return false; 1992 } 1993 FBB = TBB; 1994 TBB = TargetBB; 1995 CondBranch = &*I; 1996 continue; 1997 } 1998 1999 llvm_unreachable("multiple conditional branches in one BB"); 2000 } 2001 return true; 2002 } 2003 2004 template <typename Itr> 2005 std::pair<IndirectBranchType, MCInst *> 2006 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2007 // Analyze PIC-style jump table code template: 2008 // 2009 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2010 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2011 // add %r2, %r1 2012 // jmp *%r1 2013 // 2014 // (with any irrelevant instructions in-between) 2015 // 2016 // When we call this helper we've already determined %r1 and %r2, and 2017 // reverse instruction iterator \p II is pointing to the ADD instruction. 2018 // 2019 // PIC jump table looks like following: 2020 // 2021 // JT: ---------- 2022 // E1:| L1 - JT | 2023 // |----------| 2024 // E2:| L2 - JT | 2025 // |----------| 2026 // | | 2027 // ...... 2028 // En:| Ln - JT | 2029 // ---------- 2030 // 2031 // Where L1, L2, ..., Ln represent labels in the function. 2032 // 2033 // The actual relocations in the table will be of the form: 2034 // 2035 // Ln - JT 2036 // = (Ln - En) + (En - JT) 2037 // = R_X86_64_PC32(Ln) + En - JT 2038 // = R_X86_64_PC32(Ln + offsetof(En)) 2039 // 2040 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2041 MCInst *MemLocInstr = nullptr; 2042 const MCInst *MovInstr = nullptr; 2043 while (++II != IE) { 2044 MCInst &Instr = *II; 2045 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2046 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2047 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2048 // Ignore instructions that don't affect R1, R2 registers. 2049 continue; 2050 } 2051 if (!MovInstr) { 2052 // Expect to see MOV instruction. 2053 if (!isMOVSX64rm32(Instr)) { 2054 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2055 break; 2056 } 2057 2058 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2059 // If it sets %r1 - rename the registers so we have to only check 2060 // a single form. 2061 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2062 if (MovDestReg != R2) 2063 std::swap(R1, R2); 2064 if (MovDestReg != R2) { 2065 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2066 break; 2067 } 2068 2069 // Verify operands for MOV. 2070 unsigned BaseRegNum; 2071 int64_t ScaleValue; 2072 unsigned IndexRegNum; 2073 int64_t DispValue; 2074 unsigned SegRegNum; 2075 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2076 &IndexRegNum, &DispValue, &SegRegNum)) 2077 break; 2078 if (BaseRegNum != R1 || ScaleValue != 4 || 2079 IndexRegNum == X86::NoRegister || DispValue != 0 || 2080 SegRegNum != X86::NoRegister) 2081 break; 2082 MovInstr = &Instr; 2083 } else { 2084 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2085 continue; 2086 if (!isLEA64r(Instr)) { 2087 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2088 break; 2089 } 2090 if (Instr.getOperand(0).getReg() != R1) { 2091 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2092 break; 2093 } 2094 2095 // Verify operands for LEA. 2096 unsigned BaseRegNum; 2097 int64_t ScaleValue; 2098 unsigned IndexRegNum; 2099 const MCExpr *DispExpr = nullptr; 2100 int64_t DispValue; 2101 unsigned SegRegNum; 2102 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2103 &IndexRegNum, &DispValue, &SegRegNum, 2104 &DispExpr)) 2105 break; 2106 if (BaseRegNum != RegInfo->getProgramCounter() || 2107 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2108 DispExpr == nullptr) 2109 break; 2110 MemLocInstr = &Instr; 2111 break; 2112 } 2113 } 2114 2115 if (!MemLocInstr) 2116 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2117 2118 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2119 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2120 MemLocInstr); 2121 } 2122 2123 IndirectBranchType analyzeIndirectBranch( 2124 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2125 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2126 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2127 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2128 // Try to find a (base) memory location from where the address for 2129 // the indirect branch is loaded. For X86-64 the memory will be specified 2130 // in the following format: 2131 // 2132 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2133 // 2134 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2135 // the contents of the memory are presumably an array of pointers to code. 2136 // 2137 // Normal jump table: 2138 // 2139 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2140 // 2141 // or 2142 // 2143 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2144 // ... 2145 // jmp %r1 2146 // 2147 // We handle PIC-style jump tables separately. 2148 // 2149 MemLocInstrOut = nullptr; 2150 BaseRegNumOut = X86::NoRegister; 2151 IndexRegNumOut = X86::NoRegister; 2152 DispValueOut = 0; 2153 DispExprOut = nullptr; 2154 2155 std::reverse_iterator<InstructionIterator> II(End); 2156 std::reverse_iterator<InstructionIterator> IE(Begin); 2157 2158 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2159 2160 // An instruction referencing memory used by jump instruction (directly or 2161 // via register). This location could be an array of function pointers 2162 // in case of indirect tail call, or a jump table. 2163 MCInst *MemLocInstr = nullptr; 2164 2165 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2166 // If the indirect jump is on register - try to detect if the 2167 // register value is loaded from a memory location. 2168 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2169 const unsigned R1 = Instruction.getOperand(0).getReg(); 2170 // Check if one of the previous instructions defines the jump-on register. 2171 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2172 MCInst &PrevInstr = *PrevII; 2173 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2174 2175 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2176 continue; 2177 2178 if (isMoveMem2Reg(PrevInstr)) { 2179 MemLocInstr = &PrevInstr; 2180 break; 2181 } 2182 if (isADD64rr(PrevInstr)) { 2183 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2184 if (R1 == R2) 2185 return IndirectBranchType::UNKNOWN; 2186 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2187 break; 2188 } 2189 return IndirectBranchType::UNKNOWN; 2190 } 2191 if (!MemLocInstr) { 2192 // No definition seen for the register in this function so far. Could be 2193 // an input parameter - which means it is an external code reference. 2194 // It also could be that the definition happens to be in the code that 2195 // we haven't processed yet. Since we have to be conservative, return 2196 // as UNKNOWN case. 2197 return IndirectBranchType::UNKNOWN; 2198 } 2199 } else { 2200 MemLocInstr = &Instruction; 2201 } 2202 2203 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2204 2205 // Analyze the memory location. 2206 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2207 int64_t ScaleValue, DispValue; 2208 const MCExpr *DispExpr; 2209 2210 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2211 &IndexRegNum, &DispValue, &SegRegNum, 2212 &DispExpr)) 2213 return IndirectBranchType::UNKNOWN; 2214 2215 BaseRegNumOut = BaseRegNum; 2216 IndexRegNumOut = IndexRegNum; 2217 DispValueOut = DispValue; 2218 DispExprOut = DispExpr; 2219 2220 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2221 SegRegNum != X86::NoRegister) 2222 return IndirectBranchType::UNKNOWN; 2223 2224 if (MemLocInstr == &Instruction && 2225 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2226 MemLocInstrOut = MemLocInstr; 2227 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2228 } 2229 2230 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2231 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2232 return IndirectBranchType::UNKNOWN; 2233 2234 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2235 ScaleValue != PtrSize) 2236 return IndirectBranchType::UNKNOWN; 2237 2238 MemLocInstrOut = MemLocInstr; 2239 2240 return Type; 2241 } 2242 2243 /// Analyze a callsite to see if it could be a virtual method call. This only 2244 /// checks to see if the overall pattern is satisfied, it does not guarantee 2245 /// that the callsite is a true virtual method call. 2246 /// The format of virtual method calls that are recognized is one of the 2247 /// following: 2248 /// 2249 /// Form 1: (found in debug code) 2250 /// add METHOD_OFFSET, %VtableReg 2251 /// mov (%VtableReg), %MethodReg 2252 /// ... 2253 /// call or jmp *%MethodReg 2254 /// 2255 /// Form 2: 2256 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2257 /// ... 2258 /// call or jmp *%MethodReg 2259 /// 2260 /// Form 3: 2261 /// ... 2262 /// call or jmp *METHOD_OFFSET(%VtableReg) 2263 /// 2264 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2265 InstructionIterator ForwardEnd, 2266 std::vector<MCInst *> &MethodFetchInsns, 2267 unsigned &VtableRegNum, unsigned &MethodRegNum, 2268 uint64_t &MethodOffset) const override { 2269 VtableRegNum = X86::NoRegister; 2270 MethodRegNum = X86::NoRegister; 2271 MethodOffset = 0; 2272 2273 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2274 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2275 2276 MCInst &CallInst = *Itr++; 2277 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2278 2279 unsigned BaseReg, IndexReg, SegmentReg; 2280 int64_t Scale, Disp; 2281 const MCExpr *DispExpr; 2282 2283 // The call can just be jmp offset(reg) 2284 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2285 &SegmentReg, &DispExpr)) { 2286 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2287 BaseReg != X86::NoRegister) { 2288 MethodRegNum = BaseReg; 2289 if (Scale == 1 && IndexReg == X86::NoRegister && 2290 SegmentReg == X86::NoRegister) { 2291 VtableRegNum = MethodRegNum; 2292 MethodOffset = Disp; 2293 MethodFetchInsns.push_back(&CallInst); 2294 return true; 2295 } 2296 } 2297 return false; 2298 } 2299 if (CallInst.getOperand(0).isReg()) 2300 MethodRegNum = CallInst.getOperand(0).getReg(); 2301 else 2302 return false; 2303 2304 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2305 VtableRegNum = X86::NoRegister; 2306 MethodRegNum = X86::NoRegister; 2307 return false; 2308 } 2309 2310 // find load from vtable, this may or may not include the method offset 2311 while (Itr != End) { 2312 MCInst &CurInst = *Itr++; 2313 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2314 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2315 if (isLoad(CurInst) && 2316 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2317 &Disp, &SegmentReg, &DispExpr)) { 2318 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2319 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2320 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2321 BaseReg != X86::RIP) { 2322 VtableRegNum = BaseReg; 2323 MethodOffset = Disp; 2324 MethodFetchInsns.push_back(&CurInst); 2325 if (MethodOffset != 0) 2326 return true; 2327 break; 2328 } 2329 } 2330 return false; 2331 } 2332 } 2333 2334 if (!VtableRegNum) 2335 return false; 2336 2337 // look for any adds affecting the method register. 2338 while (Itr != End) { 2339 MCInst &CurInst = *Itr++; 2340 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2341 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2342 if (isADDri(CurInst)) { 2343 assert(!MethodOffset); 2344 MethodOffset = CurInst.getOperand(2).getImm(); 2345 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2346 break; 2347 } 2348 } 2349 } 2350 2351 return true; 2352 } 2353 2354 bool createStackPointerIncrement(MCInst &Inst, int Size, 2355 bool NoFlagsClobber) const override { 2356 if (NoFlagsClobber) { 2357 Inst.setOpcode(X86::LEA64r); 2358 Inst.clear(); 2359 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2360 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2361 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2362 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2363 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2364 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2365 return true; 2366 } 2367 Inst.setOpcode(X86::SUB64ri8); 2368 Inst.clear(); 2369 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2370 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2371 Inst.addOperand(MCOperand::createImm(Size)); 2372 return true; 2373 } 2374 2375 bool createStackPointerDecrement(MCInst &Inst, int Size, 2376 bool NoFlagsClobber) const override { 2377 if (NoFlagsClobber) { 2378 Inst.setOpcode(X86::LEA64r); 2379 Inst.clear(); 2380 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2381 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2382 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2383 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2384 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2385 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2386 return true; 2387 } 2388 Inst.setOpcode(X86::ADD64ri8); 2389 Inst.clear(); 2390 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2391 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2392 Inst.addOperand(MCOperand::createImm(Size)); 2393 return true; 2394 } 2395 2396 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2397 const MCPhysReg &SrcReg, int Size) const override { 2398 unsigned NewOpcode; 2399 switch (Size) { 2400 default: 2401 return false; 2402 case 2: NewOpcode = X86::MOV16mr; break; 2403 case 4: NewOpcode = X86::MOV32mr; break; 2404 case 8: NewOpcode = X86::MOV64mr; break; 2405 } 2406 Inst.setOpcode(NewOpcode); 2407 Inst.clear(); 2408 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2409 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2410 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2411 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2412 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2413 Inst.addOperand(MCOperand::createReg(SrcReg)); 2414 return true; 2415 } 2416 2417 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2418 int Offset, const MCPhysReg &DstReg, 2419 int Size) const override { 2420 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2421 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2422 DstReg, Size); 2423 } 2424 2425 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2426 const MCPhysReg &IndexReg, int64_t Offset, 2427 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2428 const MCPhysReg &DstReg, int Size) const override { 2429 unsigned NewOpcode; 2430 switch (Size) { 2431 default: 2432 return false; 2433 case 2: NewOpcode = X86::MOV16rm; break; 2434 case 4: NewOpcode = X86::MOV32rm; break; 2435 case 8: NewOpcode = X86::MOV64rm; break; 2436 } 2437 Inst.setOpcode(NewOpcode); 2438 Inst.clear(); 2439 Inst.addOperand(MCOperand::createReg(DstReg)); 2440 Inst.addOperand(MCOperand::createReg(BaseReg)); 2441 Inst.addOperand(MCOperand::createImm(Scale)); 2442 Inst.addOperand(MCOperand::createReg(IndexReg)); 2443 if (OffsetExpr) 2444 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2445 else 2446 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2447 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2448 return true; 2449 } 2450 2451 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2452 uint32_t Imm) const override { 2453 Inst.setOpcode(X86::MOV64ri32); 2454 Inst.clear(); 2455 Inst.addOperand(MCOperand::createReg(Dest)); 2456 Inst.addOperand(MCOperand::createImm(Imm)); 2457 } 2458 2459 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2460 MCContext *Ctx) const override { 2461 2462 Inst.setOpcode(X86::LOCK_INC64m); 2463 Inst.clear(); 2464 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2465 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2466 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2467 2468 Inst.addOperand(MCOperand::createExpr( 2469 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2470 *Ctx))); // Displacement 2471 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2472 return true; 2473 } 2474 2475 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2476 const MCOperand &BaseReg, const MCOperand &Scale, 2477 const MCOperand &IndexReg, const MCOperand &Offset, 2478 const MCOperand &TmpReg) const override { 2479 // The code fragment we emit here is: 2480 // 2481 // mov32 (%base, %index, scale), %tmpreg 2482 // ijmp *(%tmpreg) 2483 // 2484 MCInst IJmp; 2485 IJmp.setOpcode(X86::JMP64r); 2486 IJmp.addOperand(TmpReg); 2487 2488 MCInst Load; 2489 Load.setOpcode(X86::MOV32rm); 2490 Load.addOperand(TmpReg); 2491 Load.addOperand(BaseReg); 2492 Load.addOperand(Scale); 2493 Load.addOperand(IndexReg); 2494 Load.addOperand(Offset); 2495 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2496 2497 Insts.push_back(Load); 2498 Insts.push_back(IJmp); 2499 return true; 2500 } 2501 2502 bool createNoop(MCInst &Inst) const override { 2503 Inst.setOpcode(X86::NOOP); 2504 return true; 2505 } 2506 2507 bool createReturn(MCInst &Inst) const override { 2508 Inst.setOpcode(X86::RET64); 2509 return true; 2510 } 2511 2512 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2513 InstructionListType Code; 2514 if (ReturnEnd) 2515 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2516 .addReg(X86::RAX) 2517 .addReg(X86::RDI) 2518 .addImm(1) 2519 .addReg(X86::RDX) 2520 .addImm(0) 2521 .addReg(X86::NoRegister)); 2522 else 2523 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2524 .addReg(X86::RAX) 2525 .addReg(X86::RDI)); 2526 2527 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2528 .addReg(X86::ECX) 2529 .addReg(X86::EDX)); 2530 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2531 2532 return Code; 2533 } 2534 2535 InstructionListType createOneByteMemcpy() const override { 2536 InstructionListType Code; 2537 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2538 .addReg(X86::CL) 2539 .addReg(X86::RSI) 2540 .addImm(0) 2541 .addReg(X86::NoRegister) 2542 .addImm(0) 2543 .addReg(X86::NoRegister)); 2544 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2545 .addReg(X86::RDI) 2546 .addImm(0) 2547 .addReg(X86::NoRegister) 2548 .addImm(0) 2549 .addReg(X86::NoRegister) 2550 .addReg(X86::CL)); 2551 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2552 .addReg(X86::RAX) 2553 .addReg(X86::RDI)); 2554 return Code; 2555 } 2556 2557 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2558 const MCSymbol *Target, 2559 MCContext *Ctx) const override { 2560 InstructionListType Code; 2561 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2562 .addReg(RegNo) 2563 .addImm(Imm)); 2564 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2565 .addExpr(MCSymbolRefExpr::create( 2566 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2567 .addImm(X86::COND_E)); 2568 return Code; 2569 } 2570 2571 Optional<Relocation> 2572 createRelocation(const MCFixup &Fixup, 2573 const MCAsmBackend &MAB) const override { 2574 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2575 2576 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2577 const uint64_t RelOffset = Fixup.getOffset(); 2578 2579 uint64_t RelType; 2580 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2581 switch (FKI.TargetSize) { 2582 default: 2583 return NoneType(); 2584 case 8: RelType = ELF::R_X86_64_PC8; break; 2585 case 16: RelType = ELF::R_X86_64_PC16; break; 2586 case 32: RelType = ELF::R_X86_64_PC32; break; 2587 case 64: RelType = ELF::R_X86_64_PC64; break; 2588 } 2589 } else { 2590 switch (FKI.TargetSize) { 2591 default: 2592 return NoneType(); 2593 case 8: RelType = ELF::R_X86_64_8; break; 2594 case 16: RelType = ELF::R_X86_64_16; break; 2595 case 32: RelType = ELF::R_X86_64_32; break; 2596 case 64: RelType = ELF::R_X86_64_64; break; 2597 } 2598 } 2599 2600 // Extract a symbol and an addend out of the fixup value expression. 2601 // 2602 // Only the following limited expression types are supported: 2603 // Symbol + Addend 2604 // Symbol 2605 uint64_t Addend = 0; 2606 MCSymbol *Symbol = nullptr; 2607 const MCExpr *ValueExpr = Fixup.getValue(); 2608 if (ValueExpr->getKind() == MCExpr::Binary) { 2609 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2610 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2611 "unexpected binary expression"); 2612 const MCExpr *LHS = BinaryExpr->getLHS(); 2613 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2614 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2615 const MCExpr *RHS = BinaryExpr->getRHS(); 2616 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2617 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2618 } else { 2619 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2620 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2621 } 2622 2623 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2624 } 2625 2626 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2627 int64_t Addend, MCContext *Ctx, int64_t &Value, 2628 uint64_t RelType) const override { 2629 unsigned ImmOpNo = -1U; 2630 2631 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2632 ++Index) { 2633 if (Inst.getOperand(Index).isImm()) { 2634 ImmOpNo = Index; 2635 // TODO: this is a bit hacky. It finds the correct operand by 2636 // searching for a specific immediate value. If no value is 2637 // provided it defaults to the last immediate operand found. 2638 // This could lead to unexpected results if the instruction 2639 // has more than one immediate with the same value. 2640 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2641 break; 2642 } 2643 } 2644 2645 if (ImmOpNo == -1U) 2646 return false; 2647 2648 Value = Inst.getOperand(ImmOpNo).getImm(); 2649 2650 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2651 2652 return true; 2653 } 2654 2655 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2656 int64_t Imm) const override { 2657 2658 enum CheckSignExt : uint8_t { 2659 NOCHECK = 0, 2660 CHECK8, 2661 CHECK32, 2662 }; 2663 2664 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2665 struct InstInfo { 2666 // Size in bytes that Inst loads from memory. 2667 uint8_t DataSize; 2668 2669 // True when the target operand has to be duplicated because the opcode 2670 // expects a LHS operand. 2671 bool HasLHS; 2672 2673 // List of checks and corresponding opcodes to be used. We try to use the 2674 // smallest possible immediate value when various sizes are available, 2675 // hence we may need to check whether a larger constant fits in a smaller 2676 // immediate. 2677 CheckList Checks; 2678 }; 2679 2680 InstInfo I; 2681 2682 switch (Inst.getOpcode()) { 2683 default: { 2684 switch (getPushSize(Inst)) { 2685 2686 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2687 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2688 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2689 {CHECK32, X86::PUSH64i32}, 2690 {NOCHECK, Inst.getOpcode()}}}; break; 2691 default: return false; 2692 } 2693 break; 2694 } 2695 2696 // MOV 2697 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2698 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2699 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2700 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2701 {NOCHECK, X86::MOV64ri}}}; break; 2702 2703 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2704 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2705 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2706 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2707 {NOCHECK, X86::MOV64mr}}}; break; 2708 2709 // MOVZX 2710 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2711 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2712 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2713 2714 // CMP 2715 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2716 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2717 {NOCHECK, X86::CMP16ri}}}; break; 2718 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2719 {NOCHECK, X86::CMP32ri}}}; break; 2720 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2721 {CHECK32, X86::CMP64ri32}, 2722 {NOCHECK, X86::CMP64rr}}}; break; 2723 2724 // TEST 2725 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2726 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2727 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2728 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2729 {NOCHECK, X86::TEST64rr}}}; break; 2730 2731 // ADD 2732 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2733 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2734 {NOCHECK, X86::ADD16ri}}}; break; 2735 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2736 {NOCHECK, X86::ADD32ri}}}; break; 2737 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2738 {CHECK32, X86::ADD64ri32}, 2739 {NOCHECK, X86::ADD64rr}}}; break; 2740 2741 // SUB 2742 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2743 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2744 {NOCHECK, X86::SUB16ri}}}; break; 2745 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2746 {NOCHECK, X86::SUB32ri}}}; break; 2747 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2748 {CHECK32, X86::SUB64ri32}, 2749 {NOCHECK, X86::SUB64rr}}}; break; 2750 2751 // AND 2752 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2753 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2754 {NOCHECK, X86::AND16ri}}}; break; 2755 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2756 {NOCHECK, X86::AND32ri}}}; break; 2757 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2758 {CHECK32, X86::AND64ri32}, 2759 {NOCHECK, X86::AND64rr}}}; break; 2760 2761 // OR 2762 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2763 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2764 {NOCHECK, X86::OR16ri}}}; break; 2765 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2766 {NOCHECK, X86::OR32ri}}}; break; 2767 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2768 {CHECK32, X86::OR64ri32}, 2769 {NOCHECK, X86::OR64rr}}}; break; 2770 2771 // XOR 2772 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2773 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2774 {NOCHECK, X86::XOR16ri}}}; break; 2775 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 2776 {NOCHECK, X86::XOR32ri}}}; break; 2777 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 2778 {CHECK32, X86::XOR64ri32}, 2779 {NOCHECK, X86::XOR64rr}}}; break; 2780 } 2781 2782 // Compute the new opcode. 2783 unsigned NewOpcode = 0; 2784 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 2785 NewOpcode = Check.second; 2786 if (Check.first == NOCHECK) 2787 break; 2788 if (Check.first == CHECK8 && isInt<8>(Imm)) 2789 break; 2790 if (Check.first == CHECK32 && isInt<32>(Imm)) 2791 break; 2792 } 2793 if (NewOpcode == Inst.getOpcode()) 2794 return false; 2795 2796 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2797 2798 unsigned NumFound = 0; 2799 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 2800 E = InstDesc.getNumOperands(); 2801 Index != E; ++Index) 2802 if (Inst.getOperand(Index).isReg() && 2803 Inst.getOperand(Index).getReg() == Register) 2804 NumFound++; 2805 2806 if (NumFound != 1) 2807 return false; 2808 2809 MCOperand TargetOp = Inst.getOperand(0); 2810 Inst.clear(); 2811 Inst.setOpcode(NewOpcode); 2812 Inst.addOperand(TargetOp); 2813 if (I.HasLHS) 2814 Inst.addOperand(TargetOp); 2815 Inst.addOperand(MCOperand::createImm(Imm)); 2816 2817 return true; 2818 } 2819 2820 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 2821 unsigned ReplaceWith) const override { 2822 2823 // Get the HasLHS value so that iteration can be done 2824 bool HasLHS; 2825 if (X86::isAND(Inst.getOpcode()) || X86::isADD(Inst.getOpcode()) || 2826 X86::isSUB(Inst.getOpcode())) { 2827 HasLHS = true; 2828 } else if (isPop(Inst) || isPush(Inst) || X86::isCMP(Inst.getOpcode()) || 2829 X86::isTEST(Inst.getOpcode())) { 2830 HasLHS = false; 2831 } else { 2832 switch (Inst.getOpcode()) { 2833 case X86::MOV8rr: 2834 case X86::MOV8rm: 2835 case X86::MOV8mr: 2836 case X86::MOV8ri: 2837 case X86::MOV16rr: 2838 case X86::MOV16rm: 2839 case X86::MOV16mr: 2840 case X86::MOV16ri: 2841 case X86::MOV32rr: 2842 case X86::MOV32rm: 2843 case X86::MOV32mr: 2844 case X86::MOV32ri: 2845 case X86::MOV64rr: 2846 case X86::MOV64rm: 2847 case X86::MOV64mr: 2848 case X86::MOV64ri: 2849 case X86::MOVZX16rr8: 2850 case X86::MOVZX32rr8: 2851 case X86::MOVZX32rr16: 2852 case X86::MOVSX32rm8: 2853 case X86::MOVSX32rr8: 2854 case X86::MOVSX64rm32: 2855 case X86::LEA64r: 2856 HasLHS = false; 2857 break; 2858 default: 2859 return false; 2860 } 2861 } 2862 2863 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2864 2865 bool FoundOne = false; 2866 2867 // Iterate only through src operands that arent also dest operands 2868 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 2869 E = InstDesc.getNumOperands(); 2870 Index != E; ++Index) { 2871 BitVector RegAliases = getAliases(ToReplace, true); 2872 if (!Inst.getOperand(Index).isReg() || 2873 !RegAliases.test(Inst.getOperand(Index).getReg())) 2874 continue; 2875 // Resize register if needed 2876 unsigned SizedReplaceWith = getAliasSized( 2877 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 2878 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 2879 Inst.getOperand(Index) = NewOperand; 2880 FoundOne = true; 2881 } 2882 2883 // Return true if at least one operand was replaced 2884 return FoundOne; 2885 } 2886 2887 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 2888 MCContext *Ctx) const override { 2889 Inst.setOpcode(X86::JMP_1); 2890 Inst.addOperand(MCOperand::createExpr( 2891 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 2892 return true; 2893 } 2894 2895 bool createCall(MCInst &Inst, const MCSymbol *Target, 2896 MCContext *Ctx) override { 2897 Inst.setOpcode(X86::CALL64pcrel32); 2898 Inst.addOperand(MCOperand::createExpr( 2899 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2900 return true; 2901 } 2902 2903 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 2904 MCContext *Ctx) override { 2905 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 2906 } 2907 2908 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 2909 MCContext *Ctx) override { 2910 Seq.clear(); 2911 Seq.emplace_back(); 2912 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 2913 } 2914 2915 bool createTrap(MCInst &Inst) const override { 2916 Inst.clear(); 2917 Inst.setOpcode(X86::TRAP); 2918 return true; 2919 } 2920 2921 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 2922 MCContext *Ctx) const override { 2923 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 2924 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 2925 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 2926 Inst.getOperand(0) = MCOperand::createExpr( 2927 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2928 return true; 2929 } 2930 2931 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 2932 unsigned CC) const override { 2933 if (CC == X86::COND_INVALID) 2934 return false; 2935 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 2936 Inst.getOperand(0) = MCOperand::createExpr( 2937 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2938 return true; 2939 } 2940 2941 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 2942 switch (CC) { 2943 default: return X86::COND_INVALID; 2944 2945 case X86::COND_E: return X86::COND_E; 2946 case X86::COND_NE: return X86::COND_E; 2947 2948 case X86::COND_L: return X86::COND_L; 2949 case X86::COND_GE: return X86::COND_L; 2950 2951 case X86::COND_LE: return X86::COND_G; 2952 case X86::COND_G: return X86::COND_G; 2953 2954 case X86::COND_B: return X86::COND_B; 2955 case X86::COND_AE: return X86::COND_B; 2956 2957 case X86::COND_BE: return X86::COND_A; 2958 case X86::COND_A: return X86::COND_A; 2959 2960 case X86::COND_S: return X86::COND_S; 2961 case X86::COND_NS: return X86::COND_S; 2962 2963 case X86::COND_P: return X86::COND_P; 2964 case X86::COND_NP: return X86::COND_P; 2965 2966 case X86::COND_O: return X86::COND_O; 2967 case X86::COND_NO: return X86::COND_O; 2968 } 2969 } 2970 2971 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 2972 MCContext *Ctx) const override { 2973 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 2974 "Invalid instruction"); 2975 Inst.getOperand(0) = MCOperand::createExpr( 2976 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2977 return true; 2978 } 2979 2980 MCPhysReg getX86R11() const override { return X86::R11; } 2981 2982 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 2983 // FIXME: this should depend on the calling convention. 2984 switch (ArgNo) { 2985 case 0: return X86::RDI; 2986 case 1: return X86::RSI; 2987 case 2: return X86::RDX; 2988 case 3: return X86::RCX; 2989 case 4: return X86::R8; 2990 case 5: return X86::R9; 2991 default: return getNoRegister(); 2992 } 2993 } 2994 2995 void createPause(MCInst &Inst) const override { 2996 Inst.clear(); 2997 Inst.setOpcode(X86::PAUSE); 2998 } 2999 3000 void createLfence(MCInst &Inst) const override { 3001 Inst.clear(); 3002 Inst.setOpcode(X86::LFENCE); 3003 } 3004 3005 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3006 bool IsTailCall) override { 3007 Inst.clear(); 3008 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3009 Inst.addOperand(MCOperand::createExpr( 3010 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3011 if (IsTailCall) 3012 setTailCall(Inst); 3013 return true; 3014 } 3015 3016 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3017 MCContext *Ctx, bool IsTailCall) override { 3018 Seq.clear(); 3019 MCInst Inst; 3020 Inst.setOpcode(X86::JMP_1); 3021 Inst.addOperand(MCOperand::createExpr( 3022 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3023 if (IsTailCall) 3024 setTailCall(Inst); 3025 Seq.emplace_back(Inst); 3026 } 3027 3028 bool isConditionalMove(const MCInst &Inst) const override { 3029 unsigned OpCode = Inst.getOpcode(); 3030 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3031 OpCode == X86::CMOV64rr); 3032 } 3033 3034 bool isBranchOnMem(const MCInst &Inst) const override { 3035 unsigned OpCode = Inst.getOpcode(); 3036 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3037 OpCode == X86::JMP64m) 3038 return true; 3039 3040 return false; 3041 } 3042 3043 bool isBranchOnReg(const MCInst &Inst) const override { 3044 unsigned OpCode = Inst.getOpcode(); 3045 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3046 OpCode == X86::JMP64r) 3047 return true; 3048 3049 return false; 3050 } 3051 3052 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3053 unsigned Size) const override { 3054 Inst.clear(); 3055 unsigned NewOpcode = 0; 3056 if (Reg == X86::EFLAGS) { 3057 switch (Size) { 3058 case 2: NewOpcode = X86::PUSHF16; break; 3059 case 4: NewOpcode = X86::PUSHF32; break; 3060 case 8: NewOpcode = X86::PUSHF64; break; 3061 default: 3062 llvm_unreachable("Unexpected size"); 3063 } 3064 Inst.setOpcode(NewOpcode); 3065 return; 3066 } 3067 switch (Size) { 3068 case 2: NewOpcode = X86::PUSH16r; break; 3069 case 4: NewOpcode = X86::PUSH32r; break; 3070 case 8: NewOpcode = X86::PUSH64r; break; 3071 default: 3072 llvm_unreachable("Unexpected size"); 3073 } 3074 Inst.setOpcode(NewOpcode); 3075 Inst.addOperand(MCOperand::createReg(Reg)); 3076 } 3077 3078 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3079 unsigned Size) const override { 3080 Inst.clear(); 3081 unsigned NewOpcode = 0; 3082 if (Reg == X86::EFLAGS) { 3083 switch (Size) { 3084 case 2: NewOpcode = X86::POPF16; break; 3085 case 4: NewOpcode = X86::POPF32; break; 3086 case 8: NewOpcode = X86::POPF64; break; 3087 default: 3088 llvm_unreachable("Unexpected size"); 3089 } 3090 Inst.setOpcode(NewOpcode); 3091 return; 3092 } 3093 switch (Size) { 3094 case 2: NewOpcode = X86::POP16r; break; 3095 case 4: NewOpcode = X86::POP32r; break; 3096 case 8: NewOpcode = X86::POP64r; break; 3097 default: 3098 llvm_unreachable("Unexpected size"); 3099 } 3100 Inst.setOpcode(NewOpcode); 3101 Inst.addOperand(MCOperand::createReg(Reg)); 3102 } 3103 3104 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3105 return createPushRegister(Inst, X86::EFLAGS, Size); 3106 } 3107 3108 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3109 return createPopRegister(Inst, X86::EFLAGS, Size); 3110 } 3111 3112 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3113 unsigned Size) const { 3114 unsigned int Opcode; 3115 switch (Size) { 3116 case 1: Opcode = X86::ADD8ri; break; 3117 case 2: Opcode = X86::ADD16ri; break; 3118 case 4: Opcode = X86::ADD32ri; break; 3119 default: 3120 llvm_unreachable("Unexpected size"); 3121 } 3122 Inst.setOpcode(Opcode); 3123 Inst.clear(); 3124 Inst.addOperand(MCOperand::createReg(Reg)); 3125 Inst.addOperand(MCOperand::createReg(Reg)); 3126 Inst.addOperand(MCOperand::createImm(Value)); 3127 } 3128 3129 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3130 unsigned Size) const { 3131 unsigned int Opcode; 3132 switch (Size) { 3133 case 1: Opcode = X86::MOV8ri; break; 3134 case 2: Opcode = X86::MOV16ri; break; 3135 case 4: Opcode = X86::MOV32ri; break; 3136 case 8: Opcode = X86::MOV64ri; break; 3137 default: 3138 llvm_unreachable("Unexpected size"); 3139 } 3140 Inst.setOpcode(Opcode); 3141 Inst.clear(); 3142 Inst.addOperand(MCOperand::createReg(Reg)); 3143 Inst.addOperand(MCOperand::createImm(0)); 3144 } 3145 3146 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3147 Inst.setOpcode(X86::SETCCr); 3148 Inst.clear(); 3149 Inst.addOperand(MCOperand::createReg(Reg)); 3150 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3151 } 3152 3153 void createX86Lahf(MCInst &Inst) const { 3154 Inst.setOpcode(X86::LAHF); 3155 Inst.clear(); 3156 } 3157 3158 void createX86Sahf(MCInst &Inst) const { 3159 Inst.setOpcode(X86::SAHF); 3160 Inst.clear(); 3161 } 3162 3163 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3164 MCContext *Ctx, bool IsLeaf) const override { 3165 unsigned int I = 0; 3166 3167 Instrs.resize(IsLeaf ? 13 : 11); 3168 // Don't clobber application red zone (ABI dependent) 3169 if (IsLeaf) 3170 createStackPointerIncrement(Instrs[I++], 128, 3171 /*NoFlagsClobber=*/true); 3172 3173 // Performance improvements based on the optimization discussed at 3174 // https://reviews.llvm.org/D6629 3175 // LAHF/SAHF are used instead of PUSHF/POPF 3176 // PUSHF 3177 createPushRegister(Instrs[I++], X86::RAX, 8); 3178 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3179 createX86Lahf(Instrs[I++]); 3180 createPushRegister(Instrs[I++], X86::RAX, 8); 3181 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3182 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3183 // LOCK INC 3184 createIncMemory(Instrs[I++], Target, Ctx); 3185 // POPF 3186 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3187 createPopRegister(Instrs[I++], X86::RAX, 8); 3188 createX86Sahf(Instrs[I++]); 3189 createPopRegister(Instrs[I++], X86::RAX, 8); 3190 3191 if (IsLeaf) 3192 createStackPointerDecrement(Instrs[I], 128, 3193 /*NoFlagsClobber=*/true); 3194 } 3195 3196 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3197 int64_t Disp) const { 3198 Inst.setOpcode(X86::XCHG64rm); 3199 Inst.addOperand(MCOperand::createReg(Source)); 3200 Inst.addOperand(MCOperand::createReg(Source)); 3201 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3202 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3203 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3204 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3205 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3206 } 3207 3208 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3209 int64_t Disp) const { 3210 Inst.setOpcode(X86::JMP64m); 3211 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3212 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3213 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3214 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3215 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3216 } 3217 3218 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3219 bool TailCall, 3220 MCSymbol *HandlerFuncAddr, 3221 int CallSiteID, 3222 MCContext *Ctx) override { 3223 // Check if the target address expression used in the original indirect call 3224 // uses the stack pointer, which we are going to clobber. 3225 static BitVector SPAliases(getAliases(X86::RSP)); 3226 bool UsesSP = false; 3227 // Skip defs. 3228 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3229 E = MCPlus::getNumPrimeOperands(CallInst); 3230 I != E; ++I) { 3231 const MCOperand &Operand = CallInst.getOperand(I); 3232 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3233 UsesSP = true; 3234 break; 3235 } 3236 } 3237 3238 InstructionListType Insts; 3239 MCPhysReg TempReg = getIntArgRegister(0); 3240 // Code sequence used to enter indirect call instrumentation helper: 3241 // push %rdi 3242 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3243 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3244 // sub $8, %rsp ;; restore correct stack value 3245 // push %rdi 3246 // movq $CallSiteID, %rdi 3247 // push %rdi 3248 // callq/jmp HandlerFuncAddr 3249 Insts.emplace_back(); 3250 createPushRegister(Insts.back(), TempReg, 8); 3251 if (UsesSP) { // Only adjust SP if we really need to 3252 Insts.emplace_back(); 3253 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3254 } 3255 Insts.emplace_back(CallInst); 3256 // Insts.back() and CallInst now share the same annotation instruction. 3257 // Strip it from Insts.back(), only preserving tail call annotation. 3258 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3259 convertIndirectCallToLoad(Insts.back(), TempReg); 3260 if (UsesSP) { 3261 Insts.emplace_back(); 3262 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3263 } 3264 Insts.emplace_back(); 3265 createPushRegister(Insts.back(), TempReg, 8); 3266 Insts.emplace_back(); 3267 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3268 Insts.emplace_back(); 3269 createPushRegister(Insts.back(), TempReg, 8); 3270 Insts.emplace_back(); 3271 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3272 /*TailCall=*/TailCall); 3273 // Carry over metadata 3274 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3275 E = CallInst.getNumOperands(); 3276 I != E; ++I) 3277 Insts.back().addOperand(CallInst.getOperand(I)); 3278 3279 return Insts; 3280 } 3281 3282 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3283 const MCPhysReg TempReg = getIntArgRegister(0); 3284 // We just need to undo the sequence created for every ind call in 3285 // instrumentIndirectTarget(), which can be accomplished minimally with: 3286 // popfq 3287 // pop %rdi 3288 // add $16, %rsp 3289 // xchg (%rsp), %rdi 3290 // jmp *-8(%rsp) 3291 InstructionListType Insts(5); 3292 createPopFlags(Insts[0], 8); 3293 createPopRegister(Insts[1], TempReg, 8); 3294 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3295 createSwap(Insts[3], TempReg, X86::RSP, 0); 3296 createIndirectBranch(Insts[4], X86::RSP, -8); 3297 return Insts; 3298 } 3299 3300 InstructionListType 3301 createInstrumentedIndTailCallHandlerExitBB() const override { 3302 const MCPhysReg TempReg = getIntArgRegister(0); 3303 // Same thing as above, but for tail calls 3304 // popfq 3305 // add $16, %rsp 3306 // pop %rdi 3307 // jmp *-16(%rsp) 3308 InstructionListType Insts(4); 3309 createPopFlags(Insts[0], 8); 3310 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3311 createPopRegister(Insts[2], TempReg, 8); 3312 createIndirectBranch(Insts[3], X86::RSP, -16); 3313 return Insts; 3314 } 3315 3316 InstructionListType 3317 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3318 const MCSymbol *IndCallHandler, 3319 MCContext *Ctx) override { 3320 const MCPhysReg TempReg = getIntArgRegister(0); 3321 // Code sequence used to check whether InstrTampoline was initialized 3322 // and call it if so, returns via IndCallHandler. 3323 // pushfq 3324 // mov InstrTrampoline,%rdi 3325 // cmp $0x0,%rdi 3326 // je IndCallHandler 3327 // callq *%rdi 3328 // jmpq IndCallHandler 3329 InstructionListType Insts; 3330 Insts.emplace_back(); 3331 createPushFlags(Insts.back(), 8); 3332 Insts.emplace_back(); 3333 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3334 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3335 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3336 Insts.emplace_back(); 3337 Insts.back().setOpcode(X86::CALL64r); 3338 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3339 Insts.emplace_back(); 3340 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3341 return Insts; 3342 } 3343 3344 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3345 InstructionListType Insts(2); 3346 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3347 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3348 createReturn(Insts[1]); 3349 return Insts; 3350 } 3351 3352 InstructionListType 3353 createInstrLocationsGetter(MCContext *Ctx) const override { 3354 InstructionListType Insts(2); 3355 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3356 createLea(Insts[0], Locs, X86::EAX, Ctx); 3357 createReturn(Insts[1]); 3358 return Insts; 3359 } 3360 3361 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3362 InstructionListType Insts(2); 3363 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3364 createLea(Insts[0], Locs, X86::EAX, Ctx); 3365 createReturn(Insts[1]); 3366 return Insts; 3367 } 3368 3369 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3370 InstructionListType Insts(2); 3371 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3372 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3373 createReturn(Insts[1]); 3374 return Insts; 3375 } 3376 3377 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3378 MCContext *Ctx) const override { 3379 InstructionListType Insts(1); 3380 createUncondBranch(Insts[0], TgtSym, Ctx); 3381 return Insts; 3382 } 3383 3384 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3385 InstructionListType Insts(1); 3386 createReturn(Insts[0]); 3387 return Insts; 3388 } 3389 3390 BlocksVectorTy indirectCallPromotion( 3391 const MCInst &CallInst, 3392 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3393 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3394 const std::vector<MCInst *> &MethodFetchInsns, 3395 const bool MinimizeCodeSize, MCContext *Ctx) override { 3396 const bool IsTailCall = isTailCall(CallInst); 3397 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3398 BlocksVectorTy Results; 3399 3400 // Label for the current code block. 3401 MCSymbol *NextTarget = nullptr; 3402 3403 // The join block which contains all the instructions following CallInst. 3404 // MergeBlock remains null if CallInst is a tail call. 3405 MCSymbol *MergeBlock = nullptr; 3406 3407 unsigned FuncAddrReg = X86::R10; 3408 3409 const bool LoadElim = !VtableSyms.empty(); 3410 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3411 "There must be a vtable entry for every method " 3412 "in the targets vector."); 3413 3414 if (MinimizeCodeSize && !LoadElim) { 3415 std::set<unsigned> UsedRegs; 3416 3417 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3418 const MCOperand &Op = CallInst.getOperand(I); 3419 if (Op.isReg()) 3420 UsedRegs.insert(Op.getReg()); 3421 } 3422 3423 if (UsedRegs.count(X86::R10) == 0) 3424 FuncAddrReg = X86::R10; 3425 else if (UsedRegs.count(X86::R11) == 0) 3426 FuncAddrReg = X86::R11; 3427 else 3428 return Results; 3429 } 3430 3431 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3432 assert(MergeBlock); 3433 NewCall.push_back(CallInst); 3434 MCInst &Merge = NewCall.back(); 3435 Merge.clear(); 3436 createUncondBranch(Merge, MergeBlock, Ctx); 3437 }; 3438 3439 for (unsigned int i = 0; i < Targets.size(); ++i) { 3440 Results.emplace_back(NextTarget, InstructionListType()); 3441 InstructionListType *NewCall = &Results.back().second; 3442 3443 if (MinimizeCodeSize && !LoadElim) { 3444 // Load the call target into FuncAddrReg. 3445 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3446 MCInst &Target = NewCall->back(); 3447 Target.clear(); 3448 Target.setOpcode(X86::MOV64ri32); 3449 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3450 if (Targets[i].first) { 3451 // Is this OK? 3452 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3453 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3454 } else { 3455 const uint64_t Addr = Targets[i].second; 3456 // Immediate address is out of sign extended 32 bit range. 3457 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3458 return BlocksVectorTy(); 3459 3460 Target.addOperand(MCOperand::createImm(Addr)); 3461 } 3462 3463 // Compare current call target to a specific address. 3464 NewCall->push_back(CallInst); 3465 MCInst &Compare = NewCall->back(); 3466 Compare.clear(); 3467 if (isBranchOnReg(CallInst)) 3468 Compare.setOpcode(X86::CMP64rr); 3469 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3470 Compare.setOpcode(X86::CMP64ri32); 3471 else 3472 Compare.setOpcode(X86::CMP64rm); 3473 3474 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3475 3476 // TODO: Would be preferable to only load this value once. 3477 for (unsigned i = 0; 3478 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3479 if (!CallInst.getOperand(i).isInst()) 3480 Compare.addOperand(CallInst.getOperand(i)); 3481 } else { 3482 // Compare current call target to a specific address. 3483 NewCall->push_back(CallInst); 3484 MCInst &Compare = NewCall->back(); 3485 Compare.clear(); 3486 if (isBranchOnReg(CallInst)) 3487 Compare.setOpcode(X86::CMP64ri32); 3488 else 3489 Compare.setOpcode(X86::CMP64mi32); 3490 3491 // Original call address. 3492 for (unsigned i = 0; 3493 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3494 if (!CallInst.getOperand(i).isInst()) 3495 Compare.addOperand(CallInst.getOperand(i)); 3496 3497 // Target address. 3498 if (Targets[i].first || LoadElim) { 3499 const MCSymbol *Sym = 3500 LoadElim ? VtableSyms[i].first : Targets[i].first; 3501 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3502 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3503 if (Addend) 3504 Expr = MCBinaryExpr::createAdd( 3505 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3506 Compare.addOperand(MCOperand::createExpr(Expr)); 3507 } else { 3508 const uint64_t Addr = Targets[i].second; 3509 // Immediate address is out of sign extended 32 bit range. 3510 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3511 return BlocksVectorTy(); 3512 3513 Compare.addOperand(MCOperand::createImm(Addr)); 3514 } 3515 } 3516 3517 // jump to next target compare. 3518 NextTarget = 3519 Ctx->createNamedTempSymbol(); // generate label for the next block 3520 NewCall->push_back(CallInst); 3521 3522 if (IsJumpTable) { 3523 MCInst &Je = NewCall->back(); 3524 3525 // Jump to next compare if target addresses don't match. 3526 Je.clear(); 3527 Je.setOpcode(X86::JCC_1); 3528 if (Targets[i].first) 3529 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3530 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3531 else 3532 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3533 3534 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3535 assert(!isInvoke(CallInst)); 3536 } else { 3537 MCInst &Jne = NewCall->back(); 3538 3539 // Jump to next compare if target addresses don't match. 3540 Jne.clear(); 3541 Jne.setOpcode(X86::JCC_1); 3542 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3543 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3544 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3545 3546 // Call specific target directly. 3547 Results.emplace_back(Ctx->createNamedTempSymbol(), 3548 InstructionListType()); 3549 NewCall = &Results.back().second; 3550 NewCall->push_back(CallInst); 3551 MCInst &CallOrJmp = NewCall->back(); 3552 3553 CallOrJmp.clear(); 3554 3555 if (MinimizeCodeSize && !LoadElim) { 3556 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3557 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3558 } else { 3559 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3560 3561 if (Targets[i].first) 3562 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3563 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3564 else 3565 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3566 } 3567 if (IsTailCall) 3568 setTailCall(CallOrJmp); 3569 3570 if (CallOrJmp.getOpcode() == X86::CALL64r || 3571 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3572 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3573 // Annotated as duplicated call 3574 setOffset(CallOrJmp, *Offset); 3575 } 3576 3577 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3578 // Copy over any EH or GNU args size information from the original 3579 // call. 3580 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3581 if (EHInfo) 3582 addEHInfo(CallOrJmp, *EHInfo); 3583 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3584 if (GnuArgsSize >= 0) 3585 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3586 } 3587 3588 if (!IsTailCall) { 3589 // The fallthrough block for the most common target should be 3590 // the merge block. 3591 if (i == 0) { 3592 // Fallthrough to merge block. 3593 MergeBlock = Ctx->createNamedTempSymbol(); 3594 } else { 3595 // Insert jump to the merge block if we are not doing a fallthrough. 3596 jumpToMergeBlock(*NewCall); 3597 } 3598 } 3599 } 3600 } 3601 3602 // Cold call block. 3603 Results.emplace_back(NextTarget, InstructionListType()); 3604 InstructionListType &NewCall = Results.back().second; 3605 for (const MCInst *Inst : MethodFetchInsns) 3606 if (Inst != &CallInst) 3607 NewCall.push_back(*Inst); 3608 NewCall.push_back(CallInst); 3609 3610 // Jump to merge block from cold call block 3611 if (!IsTailCall && !IsJumpTable) { 3612 jumpToMergeBlock(NewCall); 3613 3614 // Record merge block 3615 Results.emplace_back(MergeBlock, InstructionListType()); 3616 } 3617 3618 return Results; 3619 } 3620 3621 BlocksVectorTy jumpTablePromotion( 3622 const MCInst &IJmpInst, 3623 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3624 const std::vector<MCInst *> &TargetFetchInsns, 3625 MCContext *Ctx) const override { 3626 assert(getJumpTable(IJmpInst) != 0); 3627 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3628 if (IndexReg == 0) 3629 return BlocksVectorTy(); 3630 3631 BlocksVectorTy Results; 3632 3633 // Label for the current code block. 3634 MCSymbol *NextTarget = nullptr; 3635 3636 for (unsigned int i = 0; i < Targets.size(); ++i) { 3637 Results.emplace_back(NextTarget, InstructionListType()); 3638 InstructionListType *CurBB = &Results.back().second; 3639 3640 // Compare current index to a specific index. 3641 CurBB->emplace_back(MCInst()); 3642 MCInst &CompareInst = CurBB->back(); 3643 CompareInst.setLoc(IJmpInst.getLoc()); 3644 CompareInst.setOpcode(X86::CMP64ri32); 3645 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3646 3647 const uint64_t CaseIdx = Targets[i].second; 3648 // Immediate address is out of sign extended 32 bit range. 3649 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3650 return BlocksVectorTy(); 3651 3652 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3653 shortenInstruction(CompareInst, *Ctx->getSubtargetInfo()); 3654 3655 // jump to next target compare. 3656 NextTarget = 3657 Ctx->createNamedTempSymbol(); // generate label for the next block 3658 CurBB->push_back(MCInst()); 3659 3660 MCInst &JEInst = CurBB->back(); 3661 JEInst.setLoc(IJmpInst.getLoc()); 3662 3663 // Jump to target if indices match 3664 JEInst.setOpcode(X86::JCC_1); 3665 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3666 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3667 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3668 } 3669 3670 // Cold call block. 3671 Results.emplace_back(NextTarget, InstructionListType()); 3672 InstructionListType &CurBB = Results.back().second; 3673 for (const MCInst *Inst : TargetFetchInsns) 3674 if (Inst != &IJmpInst) 3675 CurBB.push_back(*Inst); 3676 3677 CurBB.push_back(IJmpInst); 3678 3679 return Results; 3680 } 3681 3682 private: 3683 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3684 MCContext *Ctx) const { 3685 Inst.setOpcode(X86::MOV64rm); 3686 Inst.addOperand(MCOperand::createReg(Reg)); 3687 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3688 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3689 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3690 Inst.addOperand(MCOperand::createExpr( 3691 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3692 *Ctx))); // Displacement 3693 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3694 3695 return true; 3696 } 3697 3698 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3699 MCContext *Ctx) const { 3700 Inst.setOpcode(X86::LEA64r); 3701 Inst.addOperand(MCOperand::createReg(Reg)); 3702 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3703 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3704 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3705 Inst.addOperand(MCOperand::createExpr( 3706 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3707 *Ctx))); // Displacement 3708 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3709 return true; 3710 } 3711 }; 3712 3713 } // namespace 3714 3715 namespace llvm { 3716 namespace bolt { 3717 3718 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3719 const MCInstrInfo *Info, 3720 const MCRegisterInfo *RegInfo) { 3721 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3722 } 3723 3724 } // namespace bolt 3725 } // namespace llvm 3726