1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "bolt/Core/MCPlus.h" 17 #include "bolt/Core/MCPlusBuilder.h" 18 #include "llvm/BinaryFormat/ELF.h" 19 #include "llvm/MC/MCContext.h" 20 #include "llvm/MC/MCFixupKindInfo.h" 21 #include "llvm/MC/MCInst.h" 22 #include "llvm/MC/MCInstBuilder.h" 23 #include "llvm/MC/MCInstrInfo.h" 24 #include "llvm/MC/MCRegister.h" 25 #include "llvm/MC/MCRegisterInfo.h" 26 #include "llvm/Support/CommandLine.h" 27 #include "llvm/Support/DataExtractor.h" 28 #include "llvm/Support/Debug.h" 29 #include "llvm/Support/Errc.h" 30 #include "llvm/Support/ErrorHandling.h" 31 #include "llvm/Support/ErrorOr.h" 32 #include <set> 33 34 #define DEBUG_TYPE "mcplus" 35 36 using namespace llvm; 37 using namespace bolt; 38 39 namespace opts { 40 41 extern cl::OptionCategory BoltOptCategory; 42 43 static cl::opt<bool> X86StripRedundantAddressSize( 44 "x86-strip-redundant-address-size", 45 cl::desc("Remove redundant Address-Size override prefix"), cl::init(true), 46 cl::ZeroOrMore, cl::cat(BoltOptCategory)); 47 48 } // namespace opts 49 50 namespace { 51 52 unsigned getShortBranchOpcode(unsigned Opcode) { 53 switch (Opcode) { 54 default: 55 return Opcode; 56 case X86::JMP_2: return X86::JMP_1; 57 case X86::JMP_4: return X86::JMP_1; 58 case X86::JCC_2: return X86::JCC_1; 59 case X86::JCC_4: return X86::JCC_1; 60 } 61 } 62 63 unsigned getShortArithOpcode(unsigned Opcode) { 64 return X86::getShortOpcodeArith(Opcode); 65 } 66 67 bool isADD(unsigned Opcode) { 68 switch (Opcode) { 69 default: 70 return false; 71 case X86::ADD16i16: 72 case X86::ADD16mi: 73 case X86::ADD16mi8: 74 case X86::ADD16mr: 75 case X86::ADD16ri: 76 case X86::ADD16ri8: 77 case X86::ADD16ri8_DB: 78 case X86::ADD16ri_DB: 79 case X86::ADD16rm: 80 case X86::ADD16rr: 81 case X86::ADD16rr_DB: 82 case X86::ADD16rr_REV: 83 case X86::ADD32i32: 84 case X86::ADD32mi: 85 case X86::ADD32mi8: 86 case X86::ADD32mr: 87 case X86::ADD32ri: 88 case X86::ADD32ri8: 89 case X86::ADD32ri8_DB: 90 case X86::ADD32ri_DB: 91 case X86::ADD32rm: 92 case X86::ADD32rr: 93 case X86::ADD32rr_DB: 94 case X86::ADD32rr_REV: 95 case X86::ADD64i32: 96 case X86::ADD64mi32: 97 case X86::ADD64mi8: 98 case X86::ADD64mr: 99 case X86::ADD64ri32: 100 case X86::ADD64ri32_DB: 101 case X86::ADD64ri8: 102 case X86::ADD64ri8_DB: 103 case X86::ADD64rm: 104 case X86::ADD64rr: 105 case X86::ADD64rr_DB: 106 case X86::ADD64rr_REV: 107 case X86::ADD8i8: 108 case X86::ADD8mi: 109 case X86::ADD8mi8: 110 case X86::ADD8mr: 111 case X86::ADD8ri: 112 case X86::ADD8ri8: 113 case X86::ADD8rm: 114 case X86::ADD8rr: 115 case X86::ADD8rr_REV: 116 return true; 117 } 118 } 119 120 bool isAND(unsigned Opcode) { 121 switch (Opcode) { 122 default: 123 return false; 124 case X86::AND16i16: 125 case X86::AND16mi: 126 case X86::AND16mi8: 127 case X86::AND16mr: 128 case X86::AND16ri: 129 case X86::AND16ri8: 130 case X86::AND16rm: 131 case X86::AND16rr: 132 case X86::AND16rr_REV: 133 case X86::AND32i32: 134 case X86::AND32mi: 135 case X86::AND32mi8: 136 case X86::AND32mr: 137 case X86::AND32ri: 138 case X86::AND32ri8: 139 case X86::AND32rm: 140 case X86::AND32rr: 141 case X86::AND32rr_REV: 142 case X86::AND64i32: 143 case X86::AND64mi32: 144 case X86::AND64mi8: 145 case X86::AND64mr: 146 case X86::AND64ri32: 147 case X86::AND64ri8: 148 case X86::AND64rm: 149 case X86::AND64rr: 150 case X86::AND64rr_REV: 151 case X86::AND8i8: 152 case X86::AND8mi: 153 case X86::AND8mi8: 154 case X86::AND8mr: 155 case X86::AND8ri: 156 case X86::AND8ri8: 157 case X86::AND8rm: 158 case X86::AND8rr: 159 case X86::AND8rr_REV: 160 return true; 161 } 162 } 163 164 bool isCMP(unsigned Opcode) { 165 switch (Opcode) { 166 default: 167 return false; 168 case X86::CMP16i16: 169 case X86::CMP16mi: 170 case X86::CMP16mi8: 171 case X86::CMP16mr: 172 case X86::CMP16ri: 173 case X86::CMP16ri8: 174 case X86::CMP16rm: 175 case X86::CMP16rr: 176 case X86::CMP16rr_REV: 177 case X86::CMP32i32: 178 case X86::CMP32mi: 179 case X86::CMP32mi8: 180 case X86::CMP32mr: 181 case X86::CMP32ri: 182 case X86::CMP32ri8: 183 case X86::CMP32rm: 184 case X86::CMP32rr: 185 case X86::CMP32rr_REV: 186 case X86::CMP64i32: 187 case X86::CMP64mi32: 188 case X86::CMP64mi8: 189 case X86::CMP64mr: 190 case X86::CMP64ri32: 191 case X86::CMP64ri8: 192 case X86::CMP64rm: 193 case X86::CMP64rr: 194 case X86::CMP64rr_REV: 195 case X86::CMP8i8: 196 case X86::CMP8mi: 197 case X86::CMP8mi8: 198 case X86::CMP8mr: 199 case X86::CMP8ri: 200 case X86::CMP8ri8: 201 case X86::CMP8rm: 202 case X86::CMP8rr: 203 case X86::CMP8rr_REV: 204 return true; 205 } 206 } 207 208 bool isSUB(unsigned Opcode) { 209 switch (Opcode) { 210 default: 211 return false; 212 case X86::SUB16i16: 213 case X86::SUB16mi: 214 case X86::SUB16mi8: 215 case X86::SUB16mr: 216 case X86::SUB16ri: 217 case X86::SUB16ri8: 218 case X86::SUB16rm: 219 case X86::SUB16rr: 220 case X86::SUB16rr_REV: 221 case X86::SUB32i32: 222 case X86::SUB32mi: 223 case X86::SUB32mi8: 224 case X86::SUB32mr: 225 case X86::SUB32ri: 226 case X86::SUB32ri8: 227 case X86::SUB32rm: 228 case X86::SUB32rr: 229 case X86::SUB32rr_REV: 230 case X86::SUB64i32: 231 case X86::SUB64mi32: 232 case X86::SUB64mi8: 233 case X86::SUB64mr: 234 case X86::SUB64ri32: 235 case X86::SUB64ri8: 236 case X86::SUB64rm: 237 case X86::SUB64rr: 238 case X86::SUB64rr_REV: 239 case X86::SUB8i8: 240 case X86::SUB8mi: 241 case X86::SUB8mi8: 242 case X86::SUB8mr: 243 case X86::SUB8ri: 244 case X86::SUB8ri8: 245 case X86::SUB8rm: 246 case X86::SUB8rr: 247 case X86::SUB8rr_REV: 248 return true; 249 } 250 } 251 252 bool isTEST(unsigned Opcode) { 253 switch (Opcode) { 254 default: 255 return false; 256 case X86::TEST16i16: 257 case X86::TEST16mi: 258 case X86::TEST16mr: 259 case X86::TEST16ri: 260 case X86::TEST16rr: 261 case X86::TEST32i32: 262 case X86::TEST32mi: 263 case X86::TEST32mr: 264 case X86::TEST32ri: 265 case X86::TEST32rr: 266 case X86::TEST64i32: 267 case X86::TEST64mi32: 268 case X86::TEST64mr: 269 case X86::TEST64ri32: 270 case X86::TEST64rr: 271 case X86::TEST8i8: 272 case X86::TEST8mi: 273 case X86::TEST8mr: 274 case X86::TEST8ri: 275 case X86::TEST8rr: 276 return true; 277 } 278 } 279 280 bool isMOVSX64rm32(const MCInst &Inst) { 281 return Inst.getOpcode() == X86::MOVSX64rm32; 282 } 283 284 class X86MCPlusBuilder : public MCPlusBuilder { 285 public: 286 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 287 const MCRegisterInfo *RegInfo) 288 : MCPlusBuilder(Analysis, Info, RegInfo) {} 289 290 bool isBranch(const MCInst &Inst) const override { 291 return Analysis->isBranch(Inst) && !isTailCall(Inst); 292 } 293 294 bool isUnconditionalBranch(const MCInst &Inst) const override { 295 return Analysis->isUnconditionalBranch(Inst) && !isTailCall(Inst); 296 } 297 298 bool isNoop(const MCInst &Inst) const override { 299 switch (Inst.getOpcode()) { 300 case X86::NOOP: 301 case X86::NOOPL: 302 case X86::NOOPLr: 303 case X86::NOOPQ: 304 case X86::NOOPQr: 305 case X86::NOOPW: 306 case X86::NOOPWr: 307 return true; 308 } 309 return false; 310 } 311 312 unsigned getCondCode(const MCInst &Inst) const override { 313 switch (Inst.getOpcode()) { 314 default: 315 return X86::COND_INVALID; 316 case X86::JCC_1: 317 case X86::JCC_2: 318 case X86::JCC_4: 319 return Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1) 320 .getImm(); 321 } 322 } 323 324 unsigned getInvertedCondCode(unsigned CC) const override { 325 switch (CC) { 326 default: return X86::COND_INVALID; 327 case X86::COND_E: return X86::COND_NE; 328 case X86::COND_NE: return X86::COND_E; 329 case X86::COND_L: return X86::COND_GE; 330 case X86::COND_LE: return X86::COND_G; 331 case X86::COND_G: return X86::COND_LE; 332 case X86::COND_GE: return X86::COND_L; 333 case X86::COND_B: return X86::COND_AE; 334 case X86::COND_BE: return X86::COND_A; 335 case X86::COND_A: return X86::COND_BE; 336 case X86::COND_AE: return X86::COND_B; 337 case X86::COND_S: return X86::COND_NS; 338 case X86::COND_NS: return X86::COND_S; 339 case X86::COND_P: return X86::COND_NP; 340 case X86::COND_NP: return X86::COND_P; 341 case X86::COND_O: return X86::COND_NO; 342 case X86::COND_NO: return X86::COND_O; 343 } 344 } 345 346 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 347 enum DecodedCondCode : uint8_t { 348 DCC_EQUAL = 0x1, 349 DCC_GREATER = 0x2, 350 DCC_LESSER = 0x4, 351 DCC_GREATER_OR_LESSER = 0x6, 352 DCC_UNSIGNED = 0x8, 353 DCC_SIGNED = 0x10, 354 DCC_INVALID = 0x20, 355 }; 356 357 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 358 switch (CC) { 359 default: return DCC_INVALID; 360 case X86::COND_E: return DCC_EQUAL; 361 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 362 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 363 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 364 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 365 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 366 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 367 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 368 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 369 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 370 } 371 }; 372 373 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 374 375 if (DCC & DCC_INVALID) 376 return X86::COND_INVALID; 377 378 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 379 return X86::COND_INVALID; 380 381 switch (DCC) { 382 default: return X86::COND_INVALID; 383 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 384 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 385 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 386 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 387 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 388 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 389 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 390 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 391 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 392 case DCC_EQUAL: return X86::COND_E; 393 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 394 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 395 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 396 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 397 } 398 } 399 400 bool isValidCondCode(unsigned CC) const override { 401 return (CC != X86::COND_INVALID); 402 } 403 404 bool isBreakpoint(const MCInst &Inst) const override { 405 return Inst.getOpcode() == X86::INT3; 406 } 407 408 bool isPrefix(const MCInst &Inst) const override { 409 switch (Inst.getOpcode()) { 410 case X86::LOCK_PREFIX: 411 case X86::REPNE_PREFIX: 412 case X86::REP_PREFIX: 413 return true; 414 } 415 return false; 416 } 417 418 bool isRep(const MCInst &Inst) const override { 419 return Inst.getFlags() == X86::IP_HAS_REPEAT; 420 } 421 422 bool deleteREPPrefix(MCInst &Inst) const override { 423 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 424 Inst.setFlags(0); 425 return true; 426 } 427 return false; 428 } 429 430 // FIXME: For compatibility with old LLVM only! 431 bool isTerminator(const MCInst &Inst) const override { 432 if (Info->get(Inst.getOpcode()).isTerminator()) 433 return true; 434 switch (Inst.getOpcode()) { 435 default: 436 return false; 437 case X86::TRAP: 438 // Opcodes previously known as X86::UD2B 439 case X86::UD1Wm: 440 case X86::UD1Lm: 441 case X86::UD1Qm: 442 case X86::UD1Wr: 443 case X86::UD1Lr: 444 case X86::UD1Qr: 445 return true; 446 } 447 } 448 449 bool isIndirectCall(const MCInst &Inst) const override { 450 return isCall(Inst) && 451 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 452 } 453 454 bool isPop(const MCInst &Inst) const override { 455 return getPopSize(Inst) == 0 ? false : true; 456 } 457 458 bool isTerminateBranch(const MCInst &Inst) const override { 459 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 460 } 461 462 int getPopSize(const MCInst &Inst) const override { 463 switch (Inst.getOpcode()) { 464 case X86::POP16r: 465 case X86::POP16rmm: 466 case X86::POP16rmr: 467 case X86::POPF16: 468 case X86::POPA16: 469 case X86::POPDS16: 470 case X86::POPES16: 471 case X86::POPFS16: 472 case X86::POPGS16: 473 case X86::POPSS16: 474 return 2; 475 case X86::POP32r: 476 case X86::POP32rmm: 477 case X86::POP32rmr: 478 case X86::POPA32: 479 case X86::POPDS32: 480 case X86::POPES32: 481 case X86::POPF32: 482 case X86::POPFS32: 483 case X86::POPGS32: 484 case X86::POPSS32: 485 return 4; 486 case X86::POP64r: 487 case X86::POP64rmm: 488 case X86::POP64rmr: 489 case X86::POPF64: 490 case X86::POPFS64: 491 case X86::POPGS64: 492 return 8; 493 } 494 return 0; 495 } 496 497 bool isPush(const MCInst &Inst) const override { 498 return getPushSize(Inst) == 0 ? false : true; 499 } 500 501 int getPushSize(const MCInst &Inst) const override { 502 switch (Inst.getOpcode()) { 503 case X86::PUSH16i8: 504 case X86::PUSH16r: 505 case X86::PUSH16rmm: 506 case X86::PUSH16rmr: 507 case X86::PUSHA16: 508 case X86::PUSHCS16: 509 case X86::PUSHDS16: 510 case X86::PUSHES16: 511 case X86::PUSHF16: 512 case X86::PUSHFS16: 513 case X86::PUSHGS16: 514 case X86::PUSHSS16: 515 case X86::PUSHi16: 516 return 2; 517 case X86::PUSH32i8: 518 case X86::PUSH32r: 519 case X86::PUSH32rmm: 520 case X86::PUSH32rmr: 521 case X86::PUSHA32: 522 case X86::PUSHCS32: 523 case X86::PUSHDS32: 524 case X86::PUSHES32: 525 case X86::PUSHF32: 526 case X86::PUSHFS32: 527 case X86::PUSHGS32: 528 case X86::PUSHSS32: 529 case X86::PUSHi32: 530 return 4; 531 case X86::PUSH64i32: 532 case X86::PUSH64i8: 533 case X86::PUSH64r: 534 case X86::PUSH64rmm: 535 case X86::PUSH64rmr: 536 case X86::PUSHF64: 537 case X86::PUSHFS64: 538 case X86::PUSHGS64: 539 return 8; 540 } 541 return 0; 542 } 543 544 bool isADD64rr(const MCInst &Inst) const override { 545 return Inst.getOpcode() == X86::ADD64rr; 546 } 547 548 bool isSUB(const MCInst &Inst) const override { 549 return ::isSUB(Inst.getOpcode()); 550 } 551 552 bool isADDri(const MCInst &Inst) const { 553 return Inst.getOpcode() == X86::ADD64ri32 || 554 Inst.getOpcode() == X86::ADD64ri8; 555 } 556 557 bool isLEA64r(const MCInst &Inst) const override { 558 return Inst.getOpcode() == X86::LEA64r; 559 } 560 561 bool isLeave(const MCInst &Inst) const override { 562 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 563 } 564 565 bool isMoveMem2Reg(const MCInst &Inst) const override { 566 switch (Inst.getOpcode()) { 567 case X86::MOV16rm: 568 case X86::MOV32rm: 569 case X86::MOV64rm: 570 return true; 571 } 572 return false; 573 } 574 575 bool isUnsupportedBranch(unsigned Opcode) const override { 576 switch (Opcode) { 577 default: 578 return false; 579 case X86::LOOP: 580 case X86::LOOPE: 581 case X86::LOOPNE: 582 case X86::JECXZ: 583 case X86::JRCXZ: 584 return true; 585 } 586 } 587 588 bool isLoad(const MCInst &Inst) const override { 589 if (isPop(Inst)) 590 return true; 591 592 int MemOpNo = getMemoryOperandNo(Inst); 593 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 594 595 if (MemOpNo == -1) 596 return false; 597 598 return MCII.mayLoad(); 599 } 600 601 bool isStore(const MCInst &Inst) const override { 602 if (isPush(Inst)) 603 return true; 604 605 int MemOpNo = getMemoryOperandNo(Inst); 606 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 607 608 if (MemOpNo == -1) 609 return false; 610 611 return MCII.mayStore(); 612 } 613 614 bool isCleanRegXOR(const MCInst &Inst) const override { 615 switch (Inst.getOpcode()) { 616 case X86::XOR16rr: 617 case X86::XOR32rr: 618 case X86::XOR64rr: 619 break; 620 default: 621 return false; 622 } 623 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 624 } 625 626 bool isPacked(const MCInst &Inst) const override { 627 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 628 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 629 } 630 631 unsigned getTrapFillValue() const override { return 0xCC; } 632 633 struct IndJmpMatcherFrag1 : MCInstMatcher { 634 std::unique_ptr<MCInstMatcher> Base; 635 std::unique_ptr<MCInstMatcher> Scale; 636 std::unique_ptr<MCInstMatcher> Index; 637 std::unique_ptr<MCInstMatcher> Offset; 638 639 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 640 std::unique_ptr<MCInstMatcher> Scale, 641 std::unique_ptr<MCInstMatcher> Index, 642 std::unique_ptr<MCInstMatcher> Offset) 643 : Base(std::move(Base)), Scale(std::move(Scale)), 644 Index(std::move(Index)), Offset(std::move(Offset)) {} 645 646 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 647 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 648 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 649 return false; 650 651 if (CurInst->getOpcode() != X86::JMP64m) 652 return false; 653 654 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 655 if (MemOpNo == -1) 656 return false; 657 658 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 659 return false; 660 if (!Scale->match(MRI, MIB, this->InstrWindow, 661 MemOpNo + X86::AddrScaleAmt)) 662 return false; 663 if (!Index->match(MRI, MIB, this->InstrWindow, 664 MemOpNo + X86::AddrIndexReg)) 665 return false; 666 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 667 return false; 668 return true; 669 } 670 671 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 672 MIB.addAnnotation(*CurInst, Annotation, true); 673 Base->annotate(MIB, Annotation); 674 Scale->annotate(MIB, Annotation); 675 Index->annotate(MIB, Annotation); 676 Offset->annotate(MIB, Annotation); 677 } 678 }; 679 680 std::unique_ptr<MCInstMatcher> 681 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 682 std::unique_ptr<MCInstMatcher> Scale, 683 std::unique_ptr<MCInstMatcher> Index, 684 std::unique_ptr<MCInstMatcher> Offset) const override { 685 return std::unique_ptr<MCInstMatcher>( 686 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 687 std::move(Index), std::move(Offset))); 688 } 689 690 struct IndJmpMatcherFrag2 : MCInstMatcher { 691 std::unique_ptr<MCInstMatcher> Reg; 692 693 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 694 : Reg(std::move(Reg)) {} 695 696 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 697 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 698 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 699 return false; 700 701 if (CurInst->getOpcode() != X86::JMP64r) 702 return false; 703 704 return Reg->match(MRI, MIB, this->InstrWindow, 0); 705 } 706 707 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 708 MIB.addAnnotation(*CurInst, Annotation, true); 709 Reg->annotate(MIB, Annotation); 710 } 711 }; 712 713 std::unique_ptr<MCInstMatcher> 714 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 715 return std::unique_ptr<MCInstMatcher>( 716 new IndJmpMatcherFrag2(std::move(Target))); 717 } 718 719 struct LoadMatcherFrag1 : MCInstMatcher { 720 std::unique_ptr<MCInstMatcher> Base; 721 std::unique_ptr<MCInstMatcher> Scale; 722 std::unique_ptr<MCInstMatcher> Index; 723 std::unique_ptr<MCInstMatcher> Offset; 724 725 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 726 std::unique_ptr<MCInstMatcher> Scale, 727 std::unique_ptr<MCInstMatcher> Index, 728 std::unique_ptr<MCInstMatcher> Offset) 729 : Base(std::move(Base)), Scale(std::move(Scale)), 730 Index(std::move(Index)), Offset(std::move(Offset)) {} 731 732 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 733 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 734 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 735 return false; 736 737 if (CurInst->getOpcode() != X86::MOV64rm && 738 CurInst->getOpcode() != X86::MOVSX64rm32) 739 return false; 740 741 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 742 if (MemOpNo == -1) 743 return false; 744 745 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 746 return false; 747 if (!Scale->match(MRI, MIB, this->InstrWindow, 748 MemOpNo + X86::AddrScaleAmt)) 749 return false; 750 if (!Index->match(MRI, MIB, this->InstrWindow, 751 MemOpNo + X86::AddrIndexReg)) 752 return false; 753 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 754 return false; 755 return true; 756 } 757 758 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 759 MIB.addAnnotation(*CurInst, Annotation, true); 760 Base->annotate(MIB, Annotation); 761 Scale->annotate(MIB, Annotation); 762 Index->annotate(MIB, Annotation); 763 Offset->annotate(MIB, Annotation); 764 } 765 }; 766 767 std::unique_ptr<MCInstMatcher> 768 matchLoad(std::unique_ptr<MCInstMatcher> Base, 769 std::unique_ptr<MCInstMatcher> Scale, 770 std::unique_ptr<MCInstMatcher> Index, 771 std::unique_ptr<MCInstMatcher> Offset) const override { 772 return std::unique_ptr<MCInstMatcher>( 773 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 774 std::move(Index), std::move(Offset))); 775 } 776 777 struct AddMatcher : MCInstMatcher { 778 std::unique_ptr<MCInstMatcher> A; 779 std::unique_ptr<MCInstMatcher> B; 780 781 AddMatcher(std::unique_ptr<MCInstMatcher> A, 782 std::unique_ptr<MCInstMatcher> B) 783 : A(std::move(A)), B(std::move(B)) {} 784 785 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 786 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 787 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 788 return false; 789 790 if (CurInst->getOpcode() == X86::ADD64rr || 791 CurInst->getOpcode() == X86::ADD64rr_DB || 792 CurInst->getOpcode() == X86::ADD64rr_REV) { 793 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 794 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 795 return false; 796 return A->match(MRI, MIB, this->InstrWindow, 2); 797 } 798 799 if (B->match(MRI, MIB, this->InstrWindow, 2)) 800 return true; 801 802 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 803 return false; 804 return A->match(MRI, MIB, this->InstrWindow, 2); 805 } 806 807 return false; 808 } 809 810 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 811 MIB.addAnnotation(*CurInst, Annotation, true); 812 A->annotate(MIB, Annotation); 813 B->annotate(MIB, Annotation); 814 } 815 }; 816 817 virtual std::unique_ptr<MCInstMatcher> 818 matchAdd(std::unique_ptr<MCInstMatcher> A, 819 std::unique_ptr<MCInstMatcher> B) const override { 820 return std::unique_ptr<MCInstMatcher>( 821 new AddMatcher(std::move(A), std::move(B))); 822 } 823 824 struct LEAMatcher : MCInstMatcher { 825 std::unique_ptr<MCInstMatcher> Target; 826 827 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 828 : Target(std::move(Target)) {} 829 830 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 831 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 832 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 833 return false; 834 835 if (CurInst->getOpcode() != X86::LEA64r) 836 return false; 837 838 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 839 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 840 X86::NoRegister || 841 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 842 X86::NoRegister && 843 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 844 return false; 845 846 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 847 } 848 849 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 850 MIB.addAnnotation(*CurInst, Annotation, true); 851 Target->annotate(MIB, Annotation); 852 } 853 }; 854 855 virtual std::unique_ptr<MCInstMatcher> 856 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 857 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 858 } 859 860 bool hasPCRelOperand(const MCInst &Inst) const override { 861 for (const MCOperand &Operand : Inst) 862 if (Operand.isReg() && Operand.getReg() == X86::RIP) 863 return true; 864 return false; 865 } 866 867 int getMemoryOperandNo(const MCInst &Inst) const override { 868 unsigned Opcode = Inst.getOpcode(); 869 const MCInstrDesc &Desc = Info->get(Opcode); 870 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 871 if (MemOpNo >= 0) 872 MemOpNo += X86II::getOperandBias(Desc); 873 return MemOpNo; 874 } 875 876 bool hasEVEXEncoding(const MCInst &Inst) const override { 877 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 878 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 879 } 880 881 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 882 const auto *I = Insts.begin(); 883 while (I != Insts.end() && isPrefix(*I)) 884 ++I; 885 if (I == Insts.end()) 886 return false; 887 888 const MCInst &FirstInst = *I; 889 ++I; 890 while (I != Insts.end() && isPrefix(*I)) 891 ++I; 892 if (I == Insts.end()) 893 return false; 894 const MCInst &SecondInst = *I; 895 896 if (!isConditionalBranch(SecondInst)) 897 return false; 898 // Cannot fuse if the first instruction uses RIP-relative memory. 899 if (hasPCRelOperand(FirstInst)) 900 return false; 901 902 const X86::FirstMacroFusionInstKind CmpKind = 903 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 904 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 905 return false; 906 907 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 908 X86::SecondMacroFusionInstKind BranchKind = 909 X86::classifySecondCondCodeInMacroFusion(CC); 910 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 911 return false; 912 return X86::isMacroFused(CmpKind, BranchKind); 913 } 914 915 bool 916 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 917 int64_t *ScaleImm, unsigned *IndexRegNum, 918 int64_t *DispImm, unsigned *SegmentRegNum, 919 const MCExpr **DispExpr = nullptr) const override { 920 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 921 "one of the input pointers is null"); 922 int MemOpNo = getMemoryOperandNo(Inst); 923 if (MemOpNo < 0) 924 return false; 925 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 926 927 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 928 return false; 929 930 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 931 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 932 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 933 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 934 const MCOperand &Segment = 935 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 936 937 // Make sure it is a well-formed memory operand. 938 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 939 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 940 return false; 941 942 *BaseRegNum = Base.getReg(); 943 *ScaleImm = Scale.getImm(); 944 *IndexRegNum = Index.getReg(); 945 if (Disp.isImm()) { 946 assert(DispImm && "DispImm needs to be set"); 947 *DispImm = Disp.getImm(); 948 if (DispExpr) 949 *DispExpr = nullptr; 950 } else { 951 assert(DispExpr && "DispExpr needs to be set"); 952 *DispExpr = Disp.getExpr(); 953 if (DispImm) 954 *DispImm = 0; 955 } 956 *SegmentRegNum = Segment.getReg(); 957 return true; 958 } 959 960 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 961 uint64_t Address, 962 uint64_t Size) const override { 963 unsigned BaseRegNum; 964 int64_t ScaleValue; 965 unsigned IndexRegNum; 966 int64_t DispValue; 967 unsigned SegRegNum; 968 const MCExpr *DispExpr = nullptr; 969 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 970 &DispValue, &SegRegNum, &DispExpr)) 971 return false; 972 973 // Make sure it's a well-formed addressing we can statically evaluate. 974 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 975 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 976 DispExpr) 977 return false; 978 979 Target = DispValue; 980 if (BaseRegNum == X86::RIP) { 981 assert(Size != 0 && "instruction size required in order to statically " 982 "evaluate RIP-relative address"); 983 Target += Address + Size; 984 } 985 return true; 986 } 987 988 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 989 int MemOpNo = getMemoryOperandNo(Inst); 990 if (MemOpNo < 0) 991 return Inst.end(); 992 return Inst.begin() + (MemOpNo + X86::AddrDisp); 993 } 994 995 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 996 MCOperand *OI = getMemOperandDisp(Inst); 997 if (OI == Inst.end()) 998 return false; 999 *OI = Operand; 1000 return true; 1001 } 1002 1003 /// Get the registers used as function parameters. 1004 /// This function is specific to the x86_64 abi on Linux. 1005 BitVector getRegsUsedAsParams() const override { 1006 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 1007 Regs |= getAliases(X86::RSI); 1008 Regs |= getAliases(X86::RDI); 1009 Regs |= getAliases(X86::RDX); 1010 Regs |= getAliases(X86::RCX); 1011 Regs |= getAliases(X86::R8); 1012 Regs |= getAliases(X86::R9); 1013 return Regs; 1014 } 1015 1016 void getCalleeSavedRegs(BitVector &Regs) const override { 1017 Regs |= getAliases(X86::RBX); 1018 Regs |= getAliases(X86::RBP); 1019 Regs |= getAliases(X86::R12); 1020 Regs |= getAliases(X86::R13); 1021 Regs |= getAliases(X86::R14); 1022 Regs |= getAliases(X86::R15); 1023 } 1024 1025 void getDefaultDefIn(BitVector &Regs) const override { 1026 assert(Regs.size() >= RegInfo->getNumRegs() && 1027 "The size of BitVector is less than RegInfo->getNumRegs()."); 1028 Regs.set(X86::RAX); 1029 Regs.set(X86::RCX); 1030 Regs.set(X86::RDX); 1031 Regs.set(X86::RSI); 1032 Regs.set(X86::RDI); 1033 Regs.set(X86::R8); 1034 Regs.set(X86::R9); 1035 Regs.set(X86::XMM0); 1036 Regs.set(X86::XMM1); 1037 Regs.set(X86::XMM2); 1038 Regs.set(X86::XMM3); 1039 Regs.set(X86::XMM4); 1040 Regs.set(X86::XMM5); 1041 Regs.set(X86::XMM6); 1042 Regs.set(X86::XMM7); 1043 } 1044 1045 void getDefaultLiveOut(BitVector &Regs) const override { 1046 assert(Regs.size() >= RegInfo->getNumRegs() && 1047 "The size of BitVector is less than RegInfo->getNumRegs()."); 1048 Regs |= getAliases(X86::RAX); 1049 Regs |= getAliases(X86::RDX); 1050 Regs |= getAliases(X86::RCX); 1051 Regs |= getAliases(X86::XMM0); 1052 Regs |= getAliases(X86::XMM1); 1053 } 1054 1055 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 1056 if (IncludeAlias) { 1057 Regs |= getAliases(X86::RAX); 1058 Regs |= getAliases(X86::RBX); 1059 Regs |= getAliases(X86::RBP); 1060 Regs |= getAliases(X86::RSI); 1061 Regs |= getAliases(X86::RDI); 1062 Regs |= getAliases(X86::RDX); 1063 Regs |= getAliases(X86::RCX); 1064 Regs |= getAliases(X86::R8); 1065 Regs |= getAliases(X86::R9); 1066 Regs |= getAliases(X86::R10); 1067 Regs |= getAliases(X86::R11); 1068 Regs |= getAliases(X86::R12); 1069 Regs |= getAliases(X86::R13); 1070 Regs |= getAliases(X86::R14); 1071 Regs |= getAliases(X86::R15); 1072 return; 1073 } 1074 Regs.set(X86::RAX); 1075 Regs.set(X86::RBX); 1076 Regs.set(X86::RBP); 1077 Regs.set(X86::RSI); 1078 Regs.set(X86::RDI); 1079 Regs.set(X86::RDX); 1080 Regs.set(X86::RCX); 1081 Regs.set(X86::R8); 1082 Regs.set(X86::R9); 1083 Regs.set(X86::R10); 1084 Regs.set(X86::R11); 1085 Regs.set(X86::R12); 1086 Regs.set(X86::R13); 1087 Regs.set(X86::R14); 1088 Regs.set(X86::R15); 1089 } 1090 1091 void getClassicGPRegs(BitVector &Regs) const override { 1092 Regs |= getAliases(X86::RAX); 1093 Regs |= getAliases(X86::RBX); 1094 Regs |= getAliases(X86::RBP); 1095 Regs |= getAliases(X86::RSI); 1096 Regs |= getAliases(X86::RDI); 1097 Regs |= getAliases(X86::RDX); 1098 Regs |= getAliases(X86::RCX); 1099 } 1100 1101 void getRepRegs(BitVector &Regs) const override { 1102 Regs |= getAliases(X86::RCX); 1103 } 1104 1105 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 1106 switch (Reg) { 1107 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 1108 switch (Size) { 1109 case 8: return X86::RAX; case 4: return X86::EAX; 1110 case 2: return X86::AX; case 1: return X86::AL; 1111 default: llvm_unreachable("Unexpected size"); 1112 } 1113 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 1114 switch (Size) { 1115 case 8: return X86::RBX; case 4: return X86::EBX; 1116 case 2: return X86::BX; case 1: return X86::BL; 1117 default: llvm_unreachable("Unexpected size"); 1118 } 1119 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 1120 switch (Size) { 1121 case 8: return X86::RDX; case 4: return X86::EDX; 1122 case 2: return X86::DX; case 1: return X86::DL; 1123 default: llvm_unreachable("Unexpected size"); 1124 } 1125 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 1126 switch (Size) { 1127 case 8: return X86::RDI; case 4: return X86::EDI; 1128 case 2: return X86::DI; case 1: return X86::DIL; 1129 default: llvm_unreachable("Unexpected size"); 1130 } 1131 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 1132 switch (Size) { 1133 case 8: return X86::RSI; case 4: return X86::ESI; 1134 case 2: return X86::SI; case 1: return X86::SIL; 1135 default: llvm_unreachable("Unexpected size"); 1136 } 1137 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 1138 switch (Size) { 1139 case 8: return X86::RCX; case 4: return X86::ECX; 1140 case 2: return X86::CX; case 1: return X86::CL; 1141 default: llvm_unreachable("Unexpected size"); 1142 } 1143 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 1144 switch (Size) { 1145 case 8: return X86::RSP; case 4: return X86::ESP; 1146 case 2: return X86::SP; case 1: return X86::SPL; 1147 default: llvm_unreachable("Unexpected size"); 1148 } 1149 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 1150 switch (Size) { 1151 case 8: return X86::RBP; case 4: return X86::EBP; 1152 case 2: return X86::BP; case 1: return X86::BPL; 1153 default: llvm_unreachable("Unexpected size"); 1154 } 1155 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 1156 switch (Size) { 1157 case 8: return X86::R8; case 4: return X86::R8D; 1158 case 2: return X86::R8W; case 1: return X86::R8B; 1159 default: llvm_unreachable("Unexpected size"); 1160 } 1161 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 1162 switch (Size) { 1163 case 8: return X86::R9; case 4: return X86::R9D; 1164 case 2: return X86::R9W; case 1: return X86::R9B; 1165 default: llvm_unreachable("Unexpected size"); 1166 } 1167 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 1168 switch (Size) { 1169 case 8: return X86::R10; case 4: return X86::R10D; 1170 case 2: return X86::R10W; case 1: return X86::R10B; 1171 default: llvm_unreachable("Unexpected size"); 1172 } 1173 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 1174 switch (Size) { 1175 case 8: return X86::R11; case 4: return X86::R11D; 1176 case 2: return X86::R11W; case 1: return X86::R11B; 1177 default: llvm_unreachable("Unexpected size"); 1178 } 1179 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 1180 switch (Size) { 1181 case 8: return X86::R12; case 4: return X86::R12D; 1182 case 2: return X86::R12W; case 1: return X86::R12B; 1183 default: llvm_unreachable("Unexpected size"); 1184 } 1185 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 1186 switch (Size) { 1187 case 8: return X86::R13; case 4: return X86::R13D; 1188 case 2: return X86::R13W; case 1: return X86::R13B; 1189 default: llvm_unreachable("Unexpected size"); 1190 } 1191 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 1192 switch (Size) { 1193 case 8: return X86::R14; case 4: return X86::R14D; 1194 case 2: return X86::R14W; case 1: return X86::R14B; 1195 default: llvm_unreachable("Unexpected size"); 1196 } 1197 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 1198 switch (Size) { 1199 case 8: return X86::R15; case 4: return X86::R15D; 1200 case 2: return X86::R15W; case 1: return X86::R15B; 1201 default: llvm_unreachable("Unexpected size"); 1202 } 1203 default: 1204 dbgs() << Reg << " (get alias sized)\n"; 1205 llvm_unreachable("Unexpected reg number"); 1206 break; 1207 } 1208 } 1209 1210 bool isUpper8BitReg(MCPhysReg Reg) const override { 1211 switch (Reg) { 1212 case X86::AH: 1213 case X86::BH: 1214 case X86::CH: 1215 case X86::DH: 1216 return true; 1217 default: 1218 return false; 1219 } 1220 } 1221 1222 bool cannotUseREX(const MCInst &Inst) const override { 1223 switch (Inst.getOpcode()) { 1224 case X86::MOV8mr_NOREX: 1225 case X86::MOV8rm_NOREX: 1226 case X86::MOV8rr_NOREX: 1227 case X86::MOVSX32rm8_NOREX: 1228 case X86::MOVSX32rr8_NOREX: 1229 case X86::MOVZX32rm8_NOREX: 1230 case X86::MOVZX32rr8_NOREX: 1231 case X86::MOV8mr: 1232 case X86::MOV8rm: 1233 case X86::MOV8rr: 1234 case X86::MOVSX32rm8: 1235 case X86::MOVSX32rr8: 1236 case X86::MOVZX32rm8: 1237 case X86::MOVZX32rr8: 1238 case X86::TEST8ri: 1239 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1240 const MCOperand &Operand = Inst.getOperand(I); 1241 if (!Operand.isReg()) 1242 continue; 1243 if (isUpper8BitReg(Operand.getReg())) 1244 return true; 1245 } 1246 LLVM_FALLTHROUGH; 1247 default: 1248 return false; 1249 } 1250 } 1251 1252 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1253 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1254 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1255 bool &IsSimple, bool &IsIndexed) const override { 1256 // Detect simple push/pop cases first 1257 if (int Sz = getPushSize(Inst)) { 1258 IsLoad = false; 1259 IsStore = true; 1260 IsStoreFromReg = true; 1261 StackPtrReg = X86::RSP; 1262 StackOffset = -Sz; 1263 Size = Sz; 1264 IsSimple = true; 1265 if (Inst.getOperand(0).isImm()) 1266 SrcImm = Inst.getOperand(0).getImm(); 1267 else if (Inst.getOperand(0).isReg()) 1268 Reg = Inst.getOperand(0).getReg(); 1269 else 1270 IsSimple = false; 1271 1272 return true; 1273 } 1274 if (int Sz = getPopSize(Inst)) { 1275 IsLoad = true; 1276 IsStore = false; 1277 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1278 IsSimple = false; 1279 } else { 1280 Reg = Inst.getOperand(0).getReg(); 1281 IsSimple = true; 1282 } 1283 StackPtrReg = X86::RSP; 1284 StackOffset = 0; 1285 Size = Sz; 1286 return true; 1287 } 1288 1289 struct InstInfo { 1290 // Size in bytes that Inst loads from memory. 1291 uint8_t DataSize; 1292 bool IsLoad; 1293 bool IsStore; 1294 bool StoreFromReg; 1295 bool Simple; 1296 }; 1297 1298 InstInfo I; 1299 int MemOpNo = getMemoryOperandNo(Inst); 1300 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1301 // If it is not dealing with a memory operand, we discard it 1302 if (MemOpNo == -1 || MCII.isCall()) 1303 return false; 1304 1305 switch (Inst.getOpcode()) { 1306 default: { 1307 uint8_t Sz = 0; 1308 bool IsLoad = MCII.mayLoad(); 1309 bool IsStore = MCII.mayStore(); 1310 // Is it LEA? (deals with memory but is not loading nor storing) 1311 if (!IsLoad && !IsStore) 1312 return false; 1313 1314 // Try to guess data size involved in the load/store by looking at the 1315 // register size. If there's no reg involved, return 0 as size, meaning 1316 // we don't know. 1317 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1318 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1319 continue; 1320 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1321 continue; 1322 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1323 break; 1324 } 1325 I = {Sz, IsLoad, IsStore, false, false}; 1326 break; 1327 } 1328 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1329 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1330 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1331 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1332 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1333 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1334 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1335 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1336 } // end switch (Inst.getOpcode()) 1337 1338 unsigned BaseRegNum; 1339 int64_t ScaleValue; 1340 unsigned IndexRegNum; 1341 int64_t DispValue; 1342 unsigned SegRegNum; 1343 const MCExpr *DispExpr; 1344 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1345 &DispValue, &SegRegNum, &DispExpr)) { 1346 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1347 LLVM_DEBUG(Inst.dump()); 1348 return false; 1349 } 1350 1351 // Make sure it's a stack access 1352 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1353 return false; 1354 1355 IsLoad = I.IsLoad; 1356 IsStore = I.IsStore; 1357 IsStoreFromReg = I.StoreFromReg; 1358 Size = I.DataSize; 1359 IsSimple = I.Simple; 1360 StackPtrReg = BaseRegNum; 1361 StackOffset = DispValue; 1362 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1363 1364 if (!I.Simple) 1365 return true; 1366 1367 // Retrieve related register in simple MOV from/to stack operations. 1368 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1369 if (I.IsLoad) { 1370 MCOperand RegOpnd = Inst.getOperand(0); 1371 assert(RegOpnd.isReg() && "unexpected destination operand"); 1372 Reg = RegOpnd.getReg(); 1373 } else if (I.IsStore) { 1374 MCOperand SrcOpnd = 1375 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1376 if (I.StoreFromReg) { 1377 assert(SrcOpnd.isReg() && "unexpected source operand"); 1378 Reg = SrcOpnd.getReg(); 1379 } else { 1380 assert(SrcOpnd.isImm() && "unexpected source operand"); 1381 SrcImm = SrcOpnd.getImm(); 1382 } 1383 } 1384 1385 return true; 1386 } 1387 1388 void changeToPushOrPop(MCInst &Inst) const override { 1389 assert(!isPush(Inst) && !isPop(Inst)); 1390 1391 struct InstInfo { 1392 // Size in bytes that Inst loads from memory. 1393 uint8_t DataSize; 1394 bool IsLoad; 1395 bool StoreFromReg; 1396 }; 1397 1398 InstInfo I; 1399 switch (Inst.getOpcode()) { 1400 default: { 1401 llvm_unreachable("Unhandled opcode"); 1402 return; 1403 } 1404 case X86::MOV16rm: I = {2, true, false}; break; 1405 case X86::MOV32rm: I = {4, true, false}; break; 1406 case X86::MOV64rm: I = {8, true, false}; break; 1407 case X86::MOV16mr: I = {2, false, true}; break; 1408 case X86::MOV32mr: I = {4, false, true}; break; 1409 case X86::MOV64mr: I = {8, false, true}; break; 1410 case X86::MOV16mi: I = {2, false, false}; break; 1411 case X86::MOV32mi: I = {4, false, false}; break; 1412 } // end switch (Inst.getOpcode()) 1413 1414 unsigned BaseRegNum; 1415 int64_t ScaleValue; 1416 unsigned IndexRegNum; 1417 int64_t DispValue; 1418 unsigned SegRegNum; 1419 const MCExpr *DispExpr; 1420 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1421 &DispValue, &SegRegNum, &DispExpr)) { 1422 llvm_unreachable("Evaluate failed"); 1423 return; 1424 } 1425 // Make sure it's a stack access 1426 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1427 llvm_unreachable("Not a stack access"); 1428 return; 1429 } 1430 1431 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1432 unsigned NewOpcode = 0; 1433 if (I.IsLoad) { 1434 switch (I.DataSize) { 1435 case 2: NewOpcode = X86::POP16r; break; 1436 case 4: NewOpcode = X86::POP32r; break; 1437 case 8: NewOpcode = X86::POP64r; break; 1438 default: 1439 llvm_unreachable("Unexpected size"); 1440 } 1441 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1442 Inst.clear(); 1443 Inst.setOpcode(NewOpcode); 1444 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1445 } else { 1446 MCOperand SrcOpnd = 1447 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1448 if (I.StoreFromReg) { 1449 switch (I.DataSize) { 1450 case 2: NewOpcode = X86::PUSH16r; break; 1451 case 4: NewOpcode = X86::PUSH32r; break; 1452 case 8: NewOpcode = X86::PUSH64r; break; 1453 default: 1454 llvm_unreachable("Unexpected size"); 1455 } 1456 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1457 unsigned RegOpndNum = SrcOpnd.getReg(); 1458 Inst.clear(); 1459 Inst.setOpcode(NewOpcode); 1460 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1461 } else { 1462 switch (I.DataSize) { 1463 case 2: NewOpcode = X86::PUSH16i8; break; 1464 case 4: NewOpcode = X86::PUSH32i8; break; 1465 case 8: NewOpcode = X86::PUSH64i32; break; 1466 default: 1467 llvm_unreachable("Unexpected size"); 1468 } 1469 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1470 int64_t SrcImm = SrcOpnd.getImm(); 1471 Inst.clear(); 1472 Inst.setOpcode(NewOpcode); 1473 Inst.addOperand(MCOperand::createImm(SrcImm)); 1474 } 1475 } 1476 } 1477 1478 bool isStackAdjustment(const MCInst &Inst) const override { 1479 switch (Inst.getOpcode()) { 1480 default: 1481 return false; 1482 case X86::SUB64ri32: 1483 case X86::SUB64ri8: 1484 case X86::ADD64ri32: 1485 case X86::ADD64ri8: 1486 case X86::LEA64r: 1487 break; 1488 } 1489 1490 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1491 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1492 const MCOperand &Operand = Inst.getOperand(I); 1493 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1494 return true; 1495 } 1496 return false; 1497 } 1498 1499 bool evaluateSimple(const MCInst &Inst, int64_t &Output, 1500 std::pair<MCPhysReg, int64_t> Input1, 1501 std::pair<MCPhysReg, int64_t> Input2) const override { 1502 1503 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1504 if (Reg == Input1.first) 1505 return Input1.second; 1506 if (Reg == Input2.first) 1507 return Input2.second; 1508 return make_error_code(errc::result_out_of_range); 1509 }; 1510 1511 switch (Inst.getOpcode()) { 1512 default: 1513 return false; 1514 1515 case X86::AND64ri32: 1516 case X86::AND64ri8: 1517 if (!Inst.getOperand(2).isImm()) 1518 return false; 1519 if (ErrorOr<int64_t> InputVal = 1520 getOperandVal(Inst.getOperand(1).getReg())) 1521 Output = *InputVal & Inst.getOperand(2).getImm(); 1522 else 1523 return false; 1524 break; 1525 case X86::SUB64ri32: 1526 case X86::SUB64ri8: 1527 if (!Inst.getOperand(2).isImm()) 1528 return false; 1529 if (ErrorOr<int64_t> InputVal = 1530 getOperandVal(Inst.getOperand(1).getReg())) 1531 Output = *InputVal - Inst.getOperand(2).getImm(); 1532 else 1533 return false; 1534 break; 1535 case X86::ADD64ri32: 1536 case X86::ADD64ri8: 1537 if (!Inst.getOperand(2).isImm()) 1538 return false; 1539 if (ErrorOr<int64_t> InputVal = 1540 getOperandVal(Inst.getOperand(1).getReg())) 1541 Output = *InputVal + Inst.getOperand(2).getImm(); 1542 else 1543 return false; 1544 break; 1545 case X86::ADD64i32: 1546 if (!Inst.getOperand(0).isImm()) 1547 return false; 1548 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1549 Output = *InputVal + Inst.getOperand(0).getImm(); 1550 else 1551 return false; 1552 break; 1553 1554 case X86::LEA64r: { 1555 unsigned BaseRegNum; 1556 int64_t ScaleValue; 1557 unsigned IndexRegNum; 1558 int64_t DispValue; 1559 unsigned SegRegNum; 1560 const MCExpr *DispExpr = nullptr; 1561 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1562 &IndexRegNum, &DispValue, &SegRegNum, 1563 &DispExpr)) 1564 return false; 1565 1566 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1567 SegRegNum != X86::NoRegister || DispExpr) 1568 return false; 1569 1570 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1571 Output = *InputVal + DispValue; 1572 else 1573 return false; 1574 1575 break; 1576 } 1577 } 1578 return true; 1579 } 1580 1581 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1582 MCPhysReg &To) const override { 1583 switch (Inst.getOpcode()) { 1584 default: 1585 return false; 1586 case X86::LEAVE: 1587 case X86::LEAVE64: 1588 To = getStackPointer(); 1589 From = getFramePointer(); 1590 return true; 1591 case X86::MOV64rr: 1592 To = Inst.getOperand(0).getReg(); 1593 From = Inst.getOperand(1).getReg(); 1594 return true; 1595 } 1596 } 1597 1598 MCPhysReg getStackPointer() const override { return X86::RSP; } 1599 MCPhysReg getFramePointer() const override { return X86::RBP; } 1600 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1601 1602 bool escapesVariable(const MCInst &Inst, 1603 bool HasFramePointer) const override { 1604 int MemOpNo = getMemoryOperandNo(Inst); 1605 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1606 const unsigned NumDefs = MCII.getNumDefs(); 1607 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1608 getAliases(X86::RBP)); 1609 static BitVector SPAliases(getAliases(X86::RSP)); 1610 1611 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1612 // because a lot of harmless prologue code will spill SP to the stack. 1613 // Unless push is clearly pushing an object address to the stack as 1614 // demonstrated by having a MemOp. 1615 bool IsPush = isPush(Inst); 1616 if (IsPush && MemOpNo == -1) 1617 return false; 1618 1619 // We use this to detect LEA (has memop but does not access mem) 1620 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1621 bool DoesLeak = false; 1622 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1623 // Ignore if SP/BP is used to dereference memory -- that's fine 1624 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1625 I <= MemOpNo + 5) 1626 continue; 1627 // Ignore if someone is writing to SP/BP 1628 if (I < static_cast<int>(NumDefs)) 1629 continue; 1630 1631 const MCOperand &Operand = Inst.getOperand(I); 1632 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1633 DoesLeak = true; 1634 break; 1635 } 1636 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1637 DoesLeak = true; 1638 break; 1639 } 1640 } 1641 1642 // If potential leak, check if it is not just writing to itself/sp/bp 1643 if (DoesLeak) { 1644 for (int I = 0, E = NumDefs; I != E; ++I) { 1645 const MCOperand &Operand = Inst.getOperand(I); 1646 if (HasFramePointer && Operand.isReg() && 1647 SPBPAliases[Operand.getReg()]) { 1648 DoesLeak = false; 1649 break; 1650 } 1651 if (!HasFramePointer && Operand.isReg() && 1652 SPAliases[Operand.getReg()]) { 1653 DoesLeak = false; 1654 break; 1655 } 1656 } 1657 } 1658 return DoesLeak; 1659 } 1660 1661 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1662 unsigned ImmOpNo = -1U; 1663 int MemOpNo = getMemoryOperandNo(Inst); 1664 if (MemOpNo != -1) 1665 ImmOpNo = MemOpNo + X86::AddrDisp; 1666 else 1667 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1668 ++Index) 1669 if (Inst.getOperand(Index).isImm()) 1670 ImmOpNo = Index; 1671 if (ImmOpNo == -1U) 1672 return false; 1673 1674 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1675 Amt += Operand.getImm(); 1676 Operand.setImm(Amt); 1677 // Check for the need for relaxation 1678 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1679 return true; 1680 1681 // Relax instruction 1682 switch (Inst.getOpcode()) { 1683 case X86::SUB64ri8: 1684 Inst.setOpcode(X86::SUB64ri32); 1685 break; 1686 case X86::ADD64ri8: 1687 Inst.setOpcode(X86::ADD64ri32); 1688 break; 1689 default: 1690 // No need for relaxation 1691 break; 1692 } 1693 return true; 1694 } 1695 1696 /// TODO: this implementation currently works for the most common opcodes that 1697 /// load from memory. It can be extended to work with memory store opcodes as 1698 /// well as more memory load opcodes. 1699 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1700 uint64_t Offset) const override { 1701 enum CheckSignExt : uint8_t { 1702 NOCHECK = 0, 1703 CHECK8, 1704 CHECK32, 1705 }; 1706 1707 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1708 struct InstInfo { 1709 // Size in bytes that Inst loads from memory. 1710 uint8_t DataSize; 1711 1712 // True when the target operand has to be duplicated because the opcode 1713 // expects a LHS operand. 1714 bool HasLHS; 1715 1716 // List of checks and corresponding opcodes to be used. We try to use the 1717 // smallest possible immediate value when various sizes are available, 1718 // hence we may need to check whether a larger constant fits in a smaller 1719 // immediate. 1720 CheckList Checks; 1721 }; 1722 1723 InstInfo I; 1724 1725 switch (Inst.getOpcode()) { 1726 default: { 1727 switch (getPopSize(Inst)) { 1728 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1729 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1730 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1731 {NOCHECK, X86::MOV64rm}}}; break; 1732 default: return false; 1733 } 1734 break; 1735 } 1736 1737 // MOV 1738 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1739 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1740 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1741 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1742 {NOCHECK, X86::MOV64rm}}}; break; 1743 1744 // MOVZX 1745 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1746 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1747 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1748 1749 // CMP 1750 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1751 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1752 {NOCHECK, X86::CMP16ri}}}; break; 1753 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1754 {NOCHECK, X86::CMP32ri}}}; break; 1755 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1756 {CHECK32, X86::CMP64ri32}, 1757 {NOCHECK, X86::CMP64rm}}}; break; 1758 1759 // TEST 1760 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1761 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1762 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1763 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1764 {NOCHECK, X86::TEST64mr}}}; break; 1765 1766 // ADD 1767 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1768 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1769 {NOCHECK, X86::ADD16ri}}}; break; 1770 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1771 {NOCHECK, X86::ADD32ri}}}; break; 1772 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1773 {CHECK32, X86::ADD64ri32}, 1774 {NOCHECK, X86::ADD64rm}}}; break; 1775 1776 // SUB 1777 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1778 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1779 {NOCHECK, X86::SUB16ri}}}; break; 1780 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1781 {NOCHECK, X86::SUB32ri}}}; break; 1782 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1783 {CHECK32, X86::SUB64ri32}, 1784 {NOCHECK, X86::SUB64rm}}}; break; 1785 1786 // AND 1787 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1788 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1789 {NOCHECK, X86::AND16ri}}}; break; 1790 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1791 {NOCHECK, X86::AND32ri}}}; break; 1792 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1793 {CHECK32, X86::AND64ri32}, 1794 {NOCHECK, X86::AND64rm}}}; break; 1795 1796 // OR 1797 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1798 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1799 {NOCHECK, X86::OR16ri}}}; break; 1800 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1801 {NOCHECK, X86::OR32ri}}}; break; 1802 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1803 {CHECK32, X86::OR64ri32}, 1804 {NOCHECK, X86::OR64rm}}}; break; 1805 1806 // XOR 1807 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1808 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1809 {NOCHECK, X86::XOR16ri}}}; break; 1810 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1811 {NOCHECK, X86::XOR32ri}}}; break; 1812 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1813 {CHECK32, X86::XOR64ri32}, 1814 {NOCHECK, X86::XOR64rm}}}; break; 1815 } 1816 1817 // Compute the immediate value. 1818 assert(Offset + I.DataSize <= ConstantData.size() && 1819 "invalid offset for given constant data"); 1820 int64_t ImmVal = 1821 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1822 1823 // Compute the new opcode. 1824 unsigned NewOpcode = 0; 1825 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1826 NewOpcode = Check.second; 1827 if (Check.first == NOCHECK) 1828 break; 1829 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1830 break; 1831 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1832 break; 1833 } 1834 if (NewOpcode == Inst.getOpcode()) 1835 return false; 1836 1837 // Modify the instruction. 1838 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1839 uint32_t TargetOpNum = 0; 1840 // Test instruction does not follow the regular pattern of putting the 1841 // memory reference of a load (5 MCOperands) last in the list of operands. 1842 // Since it is not modifying the register operand, it is not treated as 1843 // a destination operand and it is not the first operand as it is in the 1844 // other instructions we treat here. 1845 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1846 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1847 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1848 1849 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1850 Inst.clear(); 1851 Inst.setOpcode(NewOpcode); 1852 Inst.addOperand(TargetOp); 1853 if (I.HasLHS) 1854 Inst.addOperand(TargetOp); 1855 Inst.addOperand(ImmOp); 1856 1857 return true; 1858 } 1859 1860 /// TODO: this implementation currently works for the most common opcodes that 1861 /// load from memory. It can be extended to work with memory store opcodes as 1862 /// well as more memory load opcodes. 1863 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1864 unsigned NewOpcode; 1865 1866 switch (Inst.getOpcode()) { 1867 default: { 1868 switch (getPopSize(Inst)) { 1869 case 2: NewOpcode = X86::MOV16rr; break; 1870 case 4: NewOpcode = X86::MOV32rr; break; 1871 case 8: NewOpcode = X86::MOV64rr; break; 1872 default: return false; 1873 } 1874 break; 1875 } 1876 1877 // MOV 1878 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1879 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1880 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1881 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1882 } 1883 1884 // Modify the instruction. 1885 MCOperand RegOp = MCOperand::createReg(RegNum); 1886 MCOperand TargetOp = Inst.getOperand(0); 1887 Inst.clear(); 1888 Inst.setOpcode(NewOpcode); 1889 Inst.addOperand(TargetOp); 1890 Inst.addOperand(RegOp); 1891 1892 return true; 1893 } 1894 1895 bool isRedundantMove(const MCInst &Inst) const override { 1896 switch (Inst.getOpcode()) { 1897 default: 1898 return false; 1899 1900 // MOV 1901 case X86::MOV8rr: 1902 case X86::MOV16rr: 1903 case X86::MOV32rr: 1904 case X86::MOV64rr: 1905 break; 1906 } 1907 1908 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1909 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1910 } 1911 1912 bool requiresAlignedAddress(const MCInst &Inst) const override { 1913 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1914 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1915 const MCOperandInfo &Op = Desc.OpInfo[I]; 1916 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1917 continue; 1918 if (Op.RegClass == X86::VR128RegClassID) 1919 return true; 1920 } 1921 return false; 1922 } 1923 1924 bool convertJmpToTailCall(MCInst &Inst) override { 1925 if (isTailCall(Inst)) 1926 return false; 1927 1928 int NewOpcode; 1929 switch (Inst.getOpcode()) { 1930 default: 1931 return false; 1932 case X86::JMP_1: 1933 case X86::JMP_2: 1934 case X86::JMP_4: 1935 NewOpcode = X86::JMP_4; 1936 break; 1937 case X86::JMP16m: 1938 case X86::JMP32m: 1939 case X86::JMP64m: 1940 NewOpcode = X86::JMP32m; 1941 break; 1942 case X86::JMP16r: 1943 case X86::JMP32r: 1944 case X86::JMP64r: 1945 NewOpcode = X86::JMP32r; 1946 break; 1947 } 1948 1949 Inst.setOpcode(NewOpcode); 1950 setTailCall(Inst); 1951 return true; 1952 } 1953 1954 bool convertTailCallToJmp(MCInst &Inst) override { 1955 int NewOpcode; 1956 switch (Inst.getOpcode()) { 1957 default: 1958 return false; 1959 case X86::JMP_4: 1960 NewOpcode = X86::JMP_1; 1961 break; 1962 case X86::JMP32m: 1963 NewOpcode = X86::JMP64m; 1964 break; 1965 case X86::JMP32r: 1966 NewOpcode = X86::JMP64r; 1967 break; 1968 } 1969 1970 Inst.setOpcode(NewOpcode); 1971 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1972 clearOffset(Inst); 1973 return true; 1974 } 1975 1976 bool convertTailCallToCall(MCInst &Inst) override { 1977 int NewOpcode; 1978 switch (Inst.getOpcode()) { 1979 default: 1980 return false; 1981 case X86::JMP_4: 1982 NewOpcode = X86::CALL64pcrel32; 1983 break; 1984 case X86::JMP32m: 1985 NewOpcode = X86::CALL64m; 1986 break; 1987 case X86::JMP32r: 1988 NewOpcode = X86::CALL64r; 1989 break; 1990 } 1991 1992 Inst.setOpcode(NewOpcode); 1993 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1994 return true; 1995 } 1996 1997 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1998 MCContext *Ctx) override { 1999 bool IsTailCall = isTailCall(Inst); 2000 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 2001 (Inst.getOpcode() == X86::JMP_4 && IsTailCall)) && 2002 "64-bit direct (tail) call instruction expected"); 2003 const auto NewOpcode = 2004 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 2005 Inst.setOpcode(NewOpcode); 2006 2007 // Replace the first operand and preserve auxiliary operands of 2008 // the instruction. 2009 Inst.erase(Inst.begin()); 2010 Inst.insert(Inst.begin(), 2011 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2012 Inst.insert(Inst.begin(), 2013 MCOperand::createExpr( // Displacement 2014 MCSymbolRefExpr::create(TargetLocation, 2015 MCSymbolRefExpr::VK_None, *Ctx))); 2016 Inst.insert(Inst.begin(), 2017 MCOperand::createReg(X86::NoRegister)); // IndexReg 2018 Inst.insert(Inst.begin(), 2019 MCOperand::createImm(1)); // ScaleAmt 2020 Inst.insert(Inst.begin(), 2021 MCOperand::createReg(X86::RIP)); // BaseReg 2022 2023 return true; 2024 } 2025 2026 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 2027 bool IsTailCall = isTailCall(Inst); 2028 if (IsTailCall) 2029 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2030 if (Inst.getOpcode() == X86::CALL64m || 2031 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 2032 Inst.setOpcode(X86::MOV64rm); 2033 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2034 return; 2035 } 2036 if (Inst.getOpcode() == X86::CALL64r || 2037 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 2038 Inst.setOpcode(X86::MOV64rr); 2039 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 2040 return; 2041 } 2042 LLVM_DEBUG(Inst.dump()); 2043 llvm_unreachable("not implemented"); 2044 } 2045 2046 bool shortenInstruction(MCInst &Inst, 2047 const MCSubtargetInfo &STI) const override { 2048 unsigned OldOpcode = Inst.getOpcode(); 2049 unsigned NewOpcode = OldOpcode; 2050 2051 int MemOpNo = getMemoryOperandNo(Inst); 2052 2053 // Check and remove redundant Address-Size override prefix. 2054 if (opts::X86StripRedundantAddressSize) { 2055 uint64_t TSFlags = Info->get(OldOpcode).TSFlags; 2056 unsigned Flags = Inst.getFlags(); 2057 2058 if (!X86_MC::needsAddressSizeOverride(Inst, STI, MemOpNo, TSFlags) && 2059 Flags & X86::IP_HAS_AD_SIZE) 2060 Inst.setFlags(Flags ^ X86::IP_HAS_AD_SIZE); 2061 } 2062 2063 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where 2064 // SIB byte is present, but no index is used and modrm alone should have 2065 // been enough. Converting to NoRegister effectively removes the SIB byte. 2066 if (MemOpNo >= 0) { 2067 MCOperand &IndexOp = 2068 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 2069 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 2070 IndexOp = MCOperand::createReg(X86::NoRegister); 2071 } 2072 2073 if (isBranch(Inst)) { 2074 NewOpcode = getShortBranchOpcode(OldOpcode); 2075 } else if (OldOpcode == X86::MOV64ri) { 2076 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2077 const int64_t Imm = 2078 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2079 if (int64_t(Imm) == int64_t(int32_t(Imm))) 2080 NewOpcode = X86::MOV64ri32; 2081 } 2082 } else { 2083 // If it's arithmetic instruction check if signed operand fits in 1 byte. 2084 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 2085 if (ShortOpcode != OldOpcode && 2086 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 2087 int64_t Imm = 2088 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 2089 if (int64_t(Imm) == int64_t(int8_t(Imm))) 2090 NewOpcode = ShortOpcode; 2091 } 2092 } 2093 2094 if (NewOpcode == OldOpcode) 2095 return false; 2096 2097 Inst.setOpcode(NewOpcode); 2098 return true; 2099 } 2100 2101 bool 2102 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 2103 bool AllowBasePtrStackMemOp) const override { 2104 // - Register-register moves are OK 2105 // - Stores are filtered out by opcode (no store CMOV) 2106 // - Non-stack loads are prohibited (generally unsafe) 2107 // - Stack loads are OK if AllowStackMemOp is true 2108 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 2109 if (isLoad(Inst)) { 2110 // If stack memory operands are not allowed, no loads are allowed 2111 if (!AllowStackMemOp) 2112 return false; 2113 2114 // If stack memory operands are allowed, check if it's a load from stack 2115 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 2116 MCPhysReg Reg; 2117 int32_t SrcImm; 2118 uint16_t StackPtrReg; 2119 int64_t StackOffset; 2120 uint8_t Size; 2121 bool IsStackAccess = 2122 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 2123 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 2124 // Prohibit non-stack-based loads 2125 if (!IsStackAccess) 2126 return false; 2127 // If stack memory operands are allowed, check if it's RBP-based 2128 if (!AllowBasePtrStackMemOp && 2129 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 2130 return false; 2131 } 2132 2133 unsigned NewOpcode = 0; 2134 switch (Inst.getOpcode()) { 2135 case X86::MOV16rr: 2136 NewOpcode = X86::CMOV16rr; 2137 break; 2138 case X86::MOV16rm: 2139 NewOpcode = X86::CMOV16rm; 2140 break; 2141 case X86::MOV32rr: 2142 NewOpcode = X86::CMOV32rr; 2143 break; 2144 case X86::MOV32rm: 2145 NewOpcode = X86::CMOV32rm; 2146 break; 2147 case X86::MOV64rr: 2148 NewOpcode = X86::CMOV64rr; 2149 break; 2150 case X86::MOV64rm: 2151 NewOpcode = X86::CMOV64rm; 2152 break; 2153 default: 2154 return false; 2155 } 2156 Inst.setOpcode(NewOpcode); 2157 // Insert CC at the end of prime operands, before annotations 2158 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 2159 MCOperand::createImm(CC)); 2160 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 2161 Inst.insert(Inst.begin(), Inst.getOperand(0)); 2162 return true; 2163 } 2164 2165 bool lowerTailCall(MCInst &Inst) override { 2166 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 2167 Inst.setOpcode(X86::JMP_1); 2168 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 2169 return true; 2170 } 2171 return false; 2172 } 2173 2174 const MCSymbol *getTargetSymbol(const MCInst &Inst, 2175 unsigned OpNum = 0) const override { 2176 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 2177 return nullptr; 2178 2179 const MCOperand &Op = Inst.getOperand(OpNum); 2180 if (!Op.isExpr()) 2181 return nullptr; 2182 2183 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 2184 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 2185 return nullptr; 2186 2187 return &SymExpr->getSymbol(); 2188 } 2189 2190 // This is the same as the base class, but since we are overriding one of 2191 // getTargetSymbol's signatures above, we need to override all of them. 2192 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 2193 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 2194 } 2195 2196 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 2197 const MCSymbol *&TBB, const MCSymbol *&FBB, 2198 MCInst *&CondBranch, 2199 MCInst *&UncondBranch) const override { 2200 auto I = End; 2201 2202 // Bottom-up analysis 2203 while (I != Begin) { 2204 --I; 2205 2206 // Ignore nops and CFIs 2207 if (isPseudo(*I)) 2208 continue; 2209 2210 // Stop when we find the first non-terminator 2211 if (!isTerminator(*I)) 2212 break; 2213 2214 if (!isBranch(*I)) 2215 break; 2216 2217 // Handle unconditional branches. 2218 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 2219 I->getOpcode() == X86::JMP_4) && 2220 !isTailCall(*I)) { 2221 // If any code was seen after this unconditional branch, we've seen 2222 // unreachable code. Ignore them. 2223 CondBranch = nullptr; 2224 UncondBranch = &*I; 2225 const MCSymbol *Sym = getTargetSymbol(*I); 2226 assert(Sym != nullptr && 2227 "Couldn't extract BB symbol from jump operand"); 2228 TBB = Sym; 2229 continue; 2230 } 2231 2232 // Handle conditional branches and ignore indirect branches 2233 if (!isUnsupportedBranch(I->getOpcode()) && 2234 getCondCode(*I) == X86::COND_INVALID) { 2235 // Indirect branch 2236 return false; 2237 } 2238 2239 if (CondBranch == nullptr) { 2240 const MCSymbol *TargetBB = getTargetSymbol(*I); 2241 if (TargetBB == nullptr) { 2242 // Unrecognized branch target 2243 return false; 2244 } 2245 FBB = TBB; 2246 TBB = TargetBB; 2247 CondBranch = &*I; 2248 continue; 2249 } 2250 2251 llvm_unreachable("multiple conditional branches in one BB"); 2252 } 2253 return true; 2254 } 2255 2256 template <typename Itr> 2257 std::pair<IndirectBranchType, MCInst *> 2258 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2259 // Analyze PIC-style jump table code template: 2260 // 2261 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2262 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2263 // add %r2, %r1 2264 // jmp *%r1 2265 // 2266 // (with any irrelevant instructions in-between) 2267 // 2268 // When we call this helper we've already determined %r1 and %r2, and 2269 // reverse instruction iterator \p II is pointing to the ADD instruction. 2270 // 2271 // PIC jump table looks like following: 2272 // 2273 // JT: ---------- 2274 // E1:| L1 - JT | 2275 // |----------| 2276 // E2:| L2 - JT | 2277 // |----------| 2278 // | | 2279 // ...... 2280 // En:| Ln - JT | 2281 // ---------- 2282 // 2283 // Where L1, L2, ..., Ln represent labels in the function. 2284 // 2285 // The actual relocations in the table will be of the form: 2286 // 2287 // Ln - JT 2288 // = (Ln - En) + (En - JT) 2289 // = R_X86_64_PC32(Ln) + En - JT 2290 // = R_X86_64_PC32(Ln + offsetof(En)) 2291 // 2292 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2293 MCInst *MemLocInstr = nullptr; 2294 const MCInst *MovInstr = nullptr; 2295 while (++II != IE) { 2296 MCInst &Instr = *II; 2297 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2298 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2299 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2300 // Ignore instructions that don't affect R1, R2 registers. 2301 continue; 2302 } 2303 if (!MovInstr) { 2304 // Expect to see MOV instruction. 2305 if (!isMOVSX64rm32(Instr)) { 2306 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2307 break; 2308 } 2309 2310 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2311 // If it sets %r1 - rename the registers so we have to only check 2312 // a single form. 2313 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2314 if (MovDestReg != R2) 2315 std::swap(R1, R2); 2316 if (MovDestReg != R2) { 2317 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2318 break; 2319 } 2320 2321 // Verify operands for MOV. 2322 unsigned BaseRegNum; 2323 int64_t ScaleValue; 2324 unsigned IndexRegNum; 2325 int64_t DispValue; 2326 unsigned SegRegNum; 2327 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2328 &IndexRegNum, &DispValue, &SegRegNum)) 2329 break; 2330 if (BaseRegNum != R1 || ScaleValue != 4 || 2331 IndexRegNum == X86::NoRegister || DispValue != 0 || 2332 SegRegNum != X86::NoRegister) 2333 break; 2334 MovInstr = &Instr; 2335 } else { 2336 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2337 continue; 2338 if (!isLEA64r(Instr)) { 2339 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2340 break; 2341 } 2342 if (Instr.getOperand(0).getReg() != R1) { 2343 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2344 break; 2345 } 2346 2347 // Verify operands for LEA. 2348 unsigned BaseRegNum; 2349 int64_t ScaleValue; 2350 unsigned IndexRegNum; 2351 const MCExpr *DispExpr = nullptr; 2352 int64_t DispValue; 2353 unsigned SegRegNum; 2354 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2355 &IndexRegNum, &DispValue, &SegRegNum, 2356 &DispExpr)) 2357 break; 2358 if (BaseRegNum != RegInfo->getProgramCounter() || 2359 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2360 DispExpr == nullptr) 2361 break; 2362 MemLocInstr = &Instr; 2363 break; 2364 } 2365 } 2366 2367 if (!MemLocInstr) 2368 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2369 2370 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2371 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2372 MemLocInstr); 2373 } 2374 2375 IndirectBranchType analyzeIndirectBranch( 2376 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2377 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2378 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2379 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2380 // Try to find a (base) memory location from where the address for 2381 // the indirect branch is loaded. For X86-64 the memory will be specified 2382 // in the following format: 2383 // 2384 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2385 // 2386 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2387 // the contents of the memory are presumably an array of pointers to code. 2388 // 2389 // Normal jump table: 2390 // 2391 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2392 // 2393 // or 2394 // 2395 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2396 // ... 2397 // jmp %r1 2398 // 2399 // We handle PIC-style jump tables separately. 2400 // 2401 MemLocInstrOut = nullptr; 2402 BaseRegNumOut = X86::NoRegister; 2403 IndexRegNumOut = X86::NoRegister; 2404 DispValueOut = 0; 2405 DispExprOut = nullptr; 2406 2407 std::reverse_iterator<InstructionIterator> II(End); 2408 std::reverse_iterator<InstructionIterator> IE(Begin); 2409 2410 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2411 2412 // An instruction referencing memory used by jump instruction (directly or 2413 // via register). This location could be an array of function pointers 2414 // in case of indirect tail call, or a jump table. 2415 MCInst *MemLocInstr = nullptr; 2416 2417 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2418 // If the indirect jump is on register - try to detect if the 2419 // register value is loaded from a memory location. 2420 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2421 const unsigned R1 = Instruction.getOperand(0).getReg(); 2422 // Check if one of the previous instructions defines the jump-on register. 2423 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2424 MCInst &PrevInstr = *PrevII; 2425 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2426 2427 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2428 continue; 2429 2430 if (isMoveMem2Reg(PrevInstr)) { 2431 MemLocInstr = &PrevInstr; 2432 break; 2433 } 2434 if (isADD64rr(PrevInstr)) { 2435 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2436 if (R1 == R2) 2437 return IndirectBranchType::UNKNOWN; 2438 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2439 break; 2440 } 2441 return IndirectBranchType::UNKNOWN; 2442 } 2443 if (!MemLocInstr) { 2444 // No definition seen for the register in this function so far. Could be 2445 // an input parameter - which means it is an external code reference. 2446 // It also could be that the definition happens to be in the code that 2447 // we haven't processed yet. Since we have to be conservative, return 2448 // as UNKNOWN case. 2449 return IndirectBranchType::UNKNOWN; 2450 } 2451 } else { 2452 MemLocInstr = &Instruction; 2453 } 2454 2455 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2456 2457 // Analyze the memory location. 2458 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2459 int64_t ScaleValue, DispValue; 2460 const MCExpr *DispExpr; 2461 2462 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2463 &IndexRegNum, &DispValue, &SegRegNum, 2464 &DispExpr)) 2465 return IndirectBranchType::UNKNOWN; 2466 2467 BaseRegNumOut = BaseRegNum; 2468 IndexRegNumOut = IndexRegNum; 2469 DispValueOut = DispValue; 2470 DispExprOut = DispExpr; 2471 2472 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2473 SegRegNum != X86::NoRegister) 2474 return IndirectBranchType::UNKNOWN; 2475 2476 if (MemLocInstr == &Instruction && 2477 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2478 MemLocInstrOut = MemLocInstr; 2479 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2480 } 2481 2482 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2483 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2484 return IndirectBranchType::UNKNOWN; 2485 2486 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2487 ScaleValue != PtrSize) 2488 return IndirectBranchType::UNKNOWN; 2489 2490 MemLocInstrOut = MemLocInstr; 2491 2492 return Type; 2493 } 2494 2495 /// Analyze a callsite to see if it could be a virtual method call. This only 2496 /// checks to see if the overall pattern is satisfied, it does not guarantee 2497 /// that the callsite is a true virtual method call. 2498 /// The format of virtual method calls that are recognized is one of the 2499 /// following: 2500 /// 2501 /// Form 1: (found in debug code) 2502 /// add METHOD_OFFSET, %VtableReg 2503 /// mov (%VtableReg), %MethodReg 2504 /// ... 2505 /// call or jmp *%MethodReg 2506 /// 2507 /// Form 2: 2508 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2509 /// ... 2510 /// call or jmp *%MethodReg 2511 /// 2512 /// Form 3: 2513 /// ... 2514 /// call or jmp *METHOD_OFFSET(%VtableReg) 2515 /// 2516 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2517 InstructionIterator ForwardEnd, 2518 std::vector<MCInst *> &MethodFetchInsns, 2519 unsigned &VtableRegNum, unsigned &MethodRegNum, 2520 uint64_t &MethodOffset) const override { 2521 VtableRegNum = X86::NoRegister; 2522 MethodRegNum = X86::NoRegister; 2523 MethodOffset = 0; 2524 2525 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2526 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2527 2528 MCInst &CallInst = *Itr++; 2529 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2530 2531 unsigned BaseReg, IndexReg, SegmentReg; 2532 int64_t Scale, Disp; 2533 const MCExpr *DispExpr; 2534 2535 // The call can just be jmp offset(reg) 2536 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2537 &SegmentReg, &DispExpr)) { 2538 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2539 BaseReg != X86::NoRegister) { 2540 MethodRegNum = BaseReg; 2541 if (Scale == 1 && IndexReg == X86::NoRegister && 2542 SegmentReg == X86::NoRegister) { 2543 VtableRegNum = MethodRegNum; 2544 MethodOffset = Disp; 2545 MethodFetchInsns.push_back(&CallInst); 2546 return true; 2547 } 2548 } 2549 return false; 2550 } 2551 if (CallInst.getOperand(0).isReg()) 2552 MethodRegNum = CallInst.getOperand(0).getReg(); 2553 else 2554 return false; 2555 2556 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2557 VtableRegNum = X86::NoRegister; 2558 MethodRegNum = X86::NoRegister; 2559 return false; 2560 } 2561 2562 // find load from vtable, this may or may not include the method offset 2563 while (Itr != End) { 2564 MCInst &CurInst = *Itr++; 2565 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2566 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2567 if (isLoad(CurInst) && 2568 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2569 &Disp, &SegmentReg, &DispExpr)) { 2570 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2571 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2572 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2573 BaseReg != X86::RIP) { 2574 VtableRegNum = BaseReg; 2575 MethodOffset = Disp; 2576 MethodFetchInsns.push_back(&CurInst); 2577 if (MethodOffset != 0) 2578 return true; 2579 break; 2580 } 2581 } 2582 return false; 2583 } 2584 } 2585 2586 if (!VtableRegNum) 2587 return false; 2588 2589 // look for any adds affecting the method register. 2590 while (Itr != End) { 2591 MCInst &CurInst = *Itr++; 2592 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2593 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2594 if (isADDri(CurInst)) { 2595 assert(!MethodOffset); 2596 MethodOffset = CurInst.getOperand(2).getImm(); 2597 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2598 break; 2599 } 2600 } 2601 } 2602 2603 return true; 2604 } 2605 2606 bool createStackPointerIncrement(MCInst &Inst, int Size, 2607 bool NoFlagsClobber) const override { 2608 if (NoFlagsClobber) { 2609 Inst.setOpcode(X86::LEA64r); 2610 Inst.clear(); 2611 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2612 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2613 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2614 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2615 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2616 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2617 return true; 2618 } 2619 Inst.setOpcode(X86::SUB64ri8); 2620 Inst.clear(); 2621 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2622 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2623 Inst.addOperand(MCOperand::createImm(Size)); 2624 return true; 2625 } 2626 2627 bool createStackPointerDecrement(MCInst &Inst, int Size, 2628 bool NoFlagsClobber) const override { 2629 if (NoFlagsClobber) { 2630 Inst.setOpcode(X86::LEA64r); 2631 Inst.clear(); 2632 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2633 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2634 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2635 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2636 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2637 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2638 return true; 2639 } 2640 Inst.setOpcode(X86::ADD64ri8); 2641 Inst.clear(); 2642 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2643 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2644 Inst.addOperand(MCOperand::createImm(Size)); 2645 return true; 2646 } 2647 2648 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2649 const MCPhysReg &SrcReg, int Size) const override { 2650 unsigned NewOpcode; 2651 switch (Size) { 2652 default: 2653 return false; 2654 case 2: NewOpcode = X86::MOV16mr; break; 2655 case 4: NewOpcode = X86::MOV32mr; break; 2656 case 8: NewOpcode = X86::MOV64mr; break; 2657 } 2658 Inst.setOpcode(NewOpcode); 2659 Inst.clear(); 2660 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2661 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2662 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2663 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2664 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2665 Inst.addOperand(MCOperand::createReg(SrcReg)); 2666 return true; 2667 } 2668 2669 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2670 int Offset, const MCPhysReg &DstReg, 2671 int Size) const override { 2672 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2673 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2674 DstReg, Size); 2675 } 2676 2677 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2678 const MCPhysReg &IndexReg, int64_t Offset, 2679 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2680 const MCPhysReg &DstReg, int Size) const override { 2681 unsigned NewOpcode; 2682 switch (Size) { 2683 default: 2684 return false; 2685 case 2: NewOpcode = X86::MOV16rm; break; 2686 case 4: NewOpcode = X86::MOV32rm; break; 2687 case 8: NewOpcode = X86::MOV64rm; break; 2688 } 2689 Inst.setOpcode(NewOpcode); 2690 Inst.clear(); 2691 Inst.addOperand(MCOperand::createReg(DstReg)); 2692 Inst.addOperand(MCOperand::createReg(BaseReg)); 2693 Inst.addOperand(MCOperand::createImm(Scale)); 2694 Inst.addOperand(MCOperand::createReg(IndexReg)); 2695 if (OffsetExpr) 2696 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2697 else 2698 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2699 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2700 return true; 2701 } 2702 2703 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2704 uint32_t Imm) const override { 2705 Inst.setOpcode(X86::MOV64ri32); 2706 Inst.clear(); 2707 Inst.addOperand(MCOperand::createReg(Dest)); 2708 Inst.addOperand(MCOperand::createImm(Imm)); 2709 } 2710 2711 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2712 MCContext *Ctx) const override { 2713 2714 Inst.setOpcode(X86::LOCK_INC64m); 2715 Inst.clear(); 2716 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2717 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2718 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2719 2720 Inst.addOperand(MCOperand::createExpr( 2721 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2722 *Ctx))); // Displacement 2723 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2724 return true; 2725 } 2726 2727 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2728 const MCOperand &BaseReg, const MCOperand &Scale, 2729 const MCOperand &IndexReg, const MCOperand &Offset, 2730 const MCOperand &TmpReg) const override { 2731 // The code fragment we emit here is: 2732 // 2733 // mov32 (%base, %index, scale), %tmpreg 2734 // ijmp *(%tmpreg) 2735 // 2736 MCInst IJmp; 2737 IJmp.setOpcode(X86::JMP64r); 2738 IJmp.addOperand(TmpReg); 2739 2740 MCInst Load; 2741 Load.setOpcode(X86::MOV32rm); 2742 Load.addOperand(TmpReg); 2743 Load.addOperand(BaseReg); 2744 Load.addOperand(Scale); 2745 Load.addOperand(IndexReg); 2746 Load.addOperand(Offset); 2747 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2748 2749 Insts.push_back(Load); 2750 Insts.push_back(IJmp); 2751 return true; 2752 } 2753 2754 bool createNoop(MCInst &Inst) const override { 2755 Inst.setOpcode(X86::NOOP); 2756 return true; 2757 } 2758 2759 bool createReturn(MCInst &Inst) const override { 2760 Inst.setOpcode(X86::RET64); 2761 return true; 2762 } 2763 2764 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2765 InstructionListType Code; 2766 if (ReturnEnd) 2767 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2768 .addReg(X86::RAX) 2769 .addReg(X86::RDI) 2770 .addImm(1) 2771 .addReg(X86::RDX) 2772 .addImm(0) 2773 .addReg(X86::NoRegister)); 2774 else 2775 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2776 .addReg(X86::RAX) 2777 .addReg(X86::RDI)); 2778 2779 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2780 .addReg(X86::ECX) 2781 .addReg(X86::EDX)); 2782 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2783 2784 return Code; 2785 } 2786 2787 InstructionListType createOneByteMemcpy() const override { 2788 InstructionListType Code; 2789 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2790 .addReg(X86::CL) 2791 .addReg(X86::RSI) 2792 .addImm(0) 2793 .addReg(X86::NoRegister) 2794 .addImm(0) 2795 .addReg(X86::NoRegister)); 2796 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2797 .addReg(X86::RDI) 2798 .addImm(0) 2799 .addReg(X86::NoRegister) 2800 .addImm(0) 2801 .addReg(X86::NoRegister) 2802 .addReg(X86::CL)); 2803 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2804 .addReg(X86::RAX) 2805 .addReg(X86::RDI)); 2806 return Code; 2807 } 2808 2809 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2810 const MCSymbol *Target, 2811 MCContext *Ctx) const override { 2812 InstructionListType Code; 2813 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2814 .addReg(RegNo) 2815 .addImm(Imm)); 2816 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2817 .addExpr(MCSymbolRefExpr::create( 2818 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2819 .addImm(X86::COND_E)); 2820 return Code; 2821 } 2822 2823 Optional<Relocation> 2824 createRelocation(const MCFixup &Fixup, 2825 const MCAsmBackend &MAB) const override { 2826 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2827 2828 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2829 const uint64_t RelOffset = Fixup.getOffset(); 2830 2831 uint64_t RelType; 2832 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2833 switch (FKI.TargetSize) { 2834 default: 2835 return NoneType(); 2836 case 8: RelType = ELF::R_X86_64_PC8; break; 2837 case 16: RelType = ELF::R_X86_64_PC16; break; 2838 case 32: RelType = ELF::R_X86_64_PC32; break; 2839 case 64: RelType = ELF::R_X86_64_PC64; break; 2840 } 2841 } else { 2842 switch (FKI.TargetSize) { 2843 default: 2844 return NoneType(); 2845 case 8: RelType = ELF::R_X86_64_8; break; 2846 case 16: RelType = ELF::R_X86_64_16; break; 2847 case 32: RelType = ELF::R_X86_64_32; break; 2848 case 64: RelType = ELF::R_X86_64_64; break; 2849 } 2850 } 2851 2852 // Extract a symbol and an addend out of the fixup value expression. 2853 // 2854 // Only the following limited expression types are supported: 2855 // Symbol + Addend 2856 // Symbol 2857 uint64_t Addend = 0; 2858 MCSymbol *Symbol = nullptr; 2859 const MCExpr *ValueExpr = Fixup.getValue(); 2860 if (ValueExpr->getKind() == MCExpr::Binary) { 2861 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2862 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2863 "unexpected binary expression"); 2864 const MCExpr *LHS = BinaryExpr->getLHS(); 2865 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2866 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2867 const MCExpr *RHS = BinaryExpr->getRHS(); 2868 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2869 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2870 } else { 2871 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2872 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2873 } 2874 2875 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2876 } 2877 2878 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2879 int64_t Addend, MCContext *Ctx, int64_t &Value, 2880 uint64_t RelType) const override { 2881 unsigned ImmOpNo = -1U; 2882 2883 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2884 ++Index) { 2885 if (Inst.getOperand(Index).isImm()) { 2886 ImmOpNo = Index; 2887 // TODO: this is a bit hacky. It finds the correct operand by 2888 // searching for a specific immediate value. If no value is 2889 // provided it defaults to the last immediate operand found. 2890 // This could lead to unexpected results if the instruction 2891 // has more than one immediate with the same value. 2892 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2893 break; 2894 } 2895 } 2896 2897 if (ImmOpNo == -1U) 2898 return false; 2899 2900 Value = Inst.getOperand(ImmOpNo).getImm(); 2901 2902 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2903 2904 return true; 2905 } 2906 2907 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2908 int64_t Imm) const override { 2909 2910 enum CheckSignExt : uint8_t { 2911 NOCHECK = 0, 2912 CHECK8, 2913 CHECK32, 2914 }; 2915 2916 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2917 struct InstInfo { 2918 // Size in bytes that Inst loads from memory. 2919 uint8_t DataSize; 2920 2921 // True when the target operand has to be duplicated because the opcode 2922 // expects a LHS operand. 2923 bool HasLHS; 2924 2925 // List of checks and corresponding opcodes to be used. We try to use the 2926 // smallest possible immediate value when various sizes are available, 2927 // hence we may need to check whether a larger constant fits in a smaller 2928 // immediate. 2929 CheckList Checks; 2930 }; 2931 2932 InstInfo I; 2933 2934 switch (Inst.getOpcode()) { 2935 default: { 2936 switch (getPushSize(Inst)) { 2937 2938 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2939 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2940 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2941 {CHECK32, X86::PUSH64i32}, 2942 {NOCHECK, Inst.getOpcode()}}}; break; 2943 default: return false; 2944 } 2945 break; 2946 } 2947 2948 // MOV 2949 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2950 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2951 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2952 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2953 {NOCHECK, X86::MOV64ri}}}; break; 2954 2955 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2956 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2957 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2958 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2959 {NOCHECK, X86::MOV64mr}}}; break; 2960 2961 // MOVZX 2962 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2963 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2964 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2965 2966 // CMP 2967 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2968 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2969 {NOCHECK, X86::CMP16ri}}}; break; 2970 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2971 {NOCHECK, X86::CMP32ri}}}; break; 2972 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2973 {CHECK32, X86::CMP64ri32}, 2974 {NOCHECK, X86::CMP64rr}}}; break; 2975 2976 // TEST 2977 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2978 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2979 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2980 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2981 {NOCHECK, X86::TEST64rr}}}; break; 2982 2983 // ADD 2984 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2985 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2986 {NOCHECK, X86::ADD16ri}}}; break; 2987 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2988 {NOCHECK, X86::ADD32ri}}}; break; 2989 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2990 {CHECK32, X86::ADD64ri32}, 2991 {NOCHECK, X86::ADD64rr}}}; break; 2992 2993 // SUB 2994 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2995 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2996 {NOCHECK, X86::SUB16ri}}}; break; 2997 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2998 {NOCHECK, X86::SUB32ri}}}; break; 2999 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 3000 {CHECK32, X86::SUB64ri32}, 3001 {NOCHECK, X86::SUB64rr}}}; break; 3002 3003 // AND 3004 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 3005 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 3006 {NOCHECK, X86::AND16ri}}}; break; 3007 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 3008 {NOCHECK, X86::AND32ri}}}; break; 3009 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 3010 {CHECK32, X86::AND64ri32}, 3011 {NOCHECK, X86::AND64rr}}}; break; 3012 3013 // OR 3014 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 3015 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 3016 {NOCHECK, X86::OR16ri}}}; break; 3017 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 3018 {NOCHECK, X86::OR32ri}}}; break; 3019 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 3020 {CHECK32, X86::OR64ri32}, 3021 {NOCHECK, X86::OR64rr}}}; break; 3022 3023 // XOR 3024 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 3025 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 3026 {NOCHECK, X86::XOR16ri}}}; break; 3027 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 3028 {NOCHECK, X86::XOR32ri}}}; break; 3029 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 3030 {CHECK32, X86::XOR64ri32}, 3031 {NOCHECK, X86::XOR64rr}}}; break; 3032 } 3033 3034 // Compute the new opcode. 3035 unsigned NewOpcode = 0; 3036 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 3037 NewOpcode = Check.second; 3038 if (Check.first == NOCHECK) 3039 break; 3040 if (Check.first == CHECK8 && isInt<8>(Imm)) 3041 break; 3042 if (Check.first == CHECK32 && isInt<32>(Imm)) 3043 break; 3044 } 3045 if (NewOpcode == Inst.getOpcode()) 3046 return false; 3047 3048 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3049 3050 unsigned NumFound = 0; 3051 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 3052 E = InstDesc.getNumOperands(); 3053 Index != E; ++Index) 3054 if (Inst.getOperand(Index).isReg() && 3055 Inst.getOperand(Index).getReg() == Register) 3056 NumFound++; 3057 3058 if (NumFound != 1) 3059 return false; 3060 3061 MCOperand TargetOp = Inst.getOperand(0); 3062 Inst.clear(); 3063 Inst.setOpcode(NewOpcode); 3064 Inst.addOperand(TargetOp); 3065 if (I.HasLHS) 3066 Inst.addOperand(TargetOp); 3067 Inst.addOperand(MCOperand::createImm(Imm)); 3068 3069 return true; 3070 } 3071 3072 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 3073 unsigned ReplaceWith) const override { 3074 3075 // Get the HasLHS value so that iteration can be done 3076 bool HasLHS; 3077 if (isAND(Inst.getOpcode()) || isADD(Inst.getOpcode()) || isSUB(Inst)) { 3078 HasLHS = true; 3079 } else if (isPop(Inst) || isPush(Inst) || isCMP(Inst.getOpcode()) || 3080 isTEST(Inst.getOpcode())) { 3081 HasLHS = false; 3082 } else { 3083 switch (Inst.getOpcode()) { 3084 case X86::MOV8rr: 3085 case X86::MOV8rm: 3086 case X86::MOV8mr: 3087 case X86::MOV8ri: 3088 case X86::MOV16rr: 3089 case X86::MOV16rm: 3090 case X86::MOV16mr: 3091 case X86::MOV16ri: 3092 case X86::MOV32rr: 3093 case X86::MOV32rm: 3094 case X86::MOV32mr: 3095 case X86::MOV32ri: 3096 case X86::MOV64rr: 3097 case X86::MOV64rm: 3098 case X86::MOV64mr: 3099 case X86::MOV64ri: 3100 case X86::MOVZX16rr8: 3101 case X86::MOVZX32rr8: 3102 case X86::MOVZX32rr16: 3103 case X86::MOVSX32rm8: 3104 case X86::MOVSX32rr8: 3105 case X86::MOVSX64rm32: 3106 case X86::LEA64r: 3107 HasLHS = false; 3108 break; 3109 default: 3110 return false; 3111 } 3112 } 3113 3114 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 3115 3116 bool FoundOne = false; 3117 3118 // Iterate only through src operands that arent also dest operands 3119 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 3120 E = InstDesc.getNumOperands(); 3121 Index != E; ++Index) { 3122 BitVector RegAliases = getAliases(ToReplace, true); 3123 if (!Inst.getOperand(Index).isReg() || 3124 !RegAliases.test(Inst.getOperand(Index).getReg())) 3125 continue; 3126 // Resize register if needed 3127 unsigned SizedReplaceWith = getAliasSized( 3128 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 3129 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 3130 Inst.getOperand(Index) = NewOperand; 3131 FoundOne = true; 3132 } 3133 3134 // Return true if at least one operand was replaced 3135 return FoundOne; 3136 } 3137 3138 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 3139 MCContext *Ctx) const override { 3140 Inst.setOpcode(X86::JMP_1); 3141 Inst.addOperand(MCOperand::createExpr( 3142 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 3143 return true; 3144 } 3145 3146 bool createCall(MCInst &Inst, const MCSymbol *Target, 3147 MCContext *Ctx) override { 3148 Inst.setOpcode(X86::CALL64pcrel32); 3149 Inst.addOperand(MCOperand::createExpr( 3150 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3151 return true; 3152 } 3153 3154 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 3155 MCContext *Ctx) override { 3156 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 3157 } 3158 3159 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 3160 MCContext *Ctx) override { 3161 Seq.clear(); 3162 Seq.emplace_back(); 3163 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 3164 } 3165 3166 bool createTrap(MCInst &Inst) const override { 3167 Inst.clear(); 3168 Inst.setOpcode(X86::TRAP); 3169 return true; 3170 } 3171 3172 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 3173 MCContext *Ctx) const override { 3174 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 3175 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 3176 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 3177 Inst.getOperand(0) = MCOperand::createExpr( 3178 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3179 return true; 3180 } 3181 3182 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 3183 unsigned CC) const override { 3184 if (CC == X86::COND_INVALID) 3185 return false; 3186 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 3187 Inst.getOperand(0) = MCOperand::createExpr( 3188 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3189 return true; 3190 } 3191 3192 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 3193 switch (CC) { 3194 default: return X86::COND_INVALID; 3195 3196 case X86::COND_E: return X86::COND_E; 3197 case X86::COND_NE: return X86::COND_E; 3198 3199 case X86::COND_L: return X86::COND_L; 3200 case X86::COND_GE: return X86::COND_L; 3201 3202 case X86::COND_LE: return X86::COND_G; 3203 case X86::COND_G: return X86::COND_G; 3204 3205 case X86::COND_B: return X86::COND_B; 3206 case X86::COND_AE: return X86::COND_B; 3207 3208 case X86::COND_BE: return X86::COND_A; 3209 case X86::COND_A: return X86::COND_A; 3210 3211 case X86::COND_S: return X86::COND_S; 3212 case X86::COND_NS: return X86::COND_S; 3213 3214 case X86::COND_P: return X86::COND_P; 3215 case X86::COND_NP: return X86::COND_P; 3216 3217 case X86::COND_O: return X86::COND_O; 3218 case X86::COND_NO: return X86::COND_O; 3219 } 3220 } 3221 3222 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 3223 MCContext *Ctx) const override { 3224 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 3225 "Invalid instruction"); 3226 Inst.getOperand(0) = MCOperand::createExpr( 3227 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 3228 return true; 3229 } 3230 3231 MCPhysReg getX86R11() const override { return X86::R11; } 3232 3233 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 3234 // FIXME: this should depend on the calling convention. 3235 switch (ArgNo) { 3236 case 0: return X86::RDI; 3237 case 1: return X86::RSI; 3238 case 2: return X86::RDX; 3239 case 3: return X86::RCX; 3240 case 4: return X86::R8; 3241 case 5: return X86::R9; 3242 default: return getNoRegister(); 3243 } 3244 } 3245 3246 void createPause(MCInst &Inst) const override { 3247 Inst.clear(); 3248 Inst.setOpcode(X86::PAUSE); 3249 } 3250 3251 void createLfence(MCInst &Inst) const override { 3252 Inst.clear(); 3253 Inst.setOpcode(X86::LFENCE); 3254 } 3255 3256 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3257 bool IsTailCall) override { 3258 Inst.clear(); 3259 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3260 Inst.addOperand(MCOperand::createExpr( 3261 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3262 if (IsTailCall) 3263 setTailCall(Inst); 3264 return true; 3265 } 3266 3267 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3268 MCContext *Ctx, bool IsTailCall) override { 3269 Seq.clear(); 3270 MCInst Inst; 3271 Inst.setOpcode(X86::JMP_1); 3272 Inst.addOperand(MCOperand::createExpr( 3273 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3274 if (IsTailCall) 3275 setTailCall(Inst); 3276 Seq.emplace_back(Inst); 3277 } 3278 3279 bool isConditionalMove(const MCInst &Inst) const override { 3280 unsigned OpCode = Inst.getOpcode(); 3281 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3282 OpCode == X86::CMOV64rr); 3283 } 3284 3285 bool isBranchOnMem(const MCInst &Inst) const override { 3286 unsigned OpCode = Inst.getOpcode(); 3287 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3288 OpCode == X86::JMP64m) 3289 return true; 3290 3291 return false; 3292 } 3293 3294 bool isBranchOnReg(const MCInst &Inst) const override { 3295 unsigned OpCode = Inst.getOpcode(); 3296 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3297 OpCode == X86::JMP64r) 3298 return true; 3299 3300 return false; 3301 } 3302 3303 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3304 unsigned Size) const override { 3305 Inst.clear(); 3306 unsigned NewOpcode = 0; 3307 if (Reg == X86::EFLAGS) { 3308 switch (Size) { 3309 case 2: NewOpcode = X86::PUSHF16; break; 3310 case 4: NewOpcode = X86::PUSHF32; break; 3311 case 8: NewOpcode = X86::PUSHF64; break; 3312 default: 3313 llvm_unreachable("Unexpected size"); 3314 } 3315 Inst.setOpcode(NewOpcode); 3316 return; 3317 } 3318 switch (Size) { 3319 case 2: NewOpcode = X86::PUSH16r; break; 3320 case 4: NewOpcode = X86::PUSH32r; break; 3321 case 8: NewOpcode = X86::PUSH64r; break; 3322 default: 3323 llvm_unreachable("Unexpected size"); 3324 } 3325 Inst.setOpcode(NewOpcode); 3326 Inst.addOperand(MCOperand::createReg(Reg)); 3327 } 3328 3329 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3330 unsigned Size) const override { 3331 Inst.clear(); 3332 unsigned NewOpcode = 0; 3333 if (Reg == X86::EFLAGS) { 3334 switch (Size) { 3335 case 2: NewOpcode = X86::POPF16; break; 3336 case 4: NewOpcode = X86::POPF32; break; 3337 case 8: NewOpcode = X86::POPF64; break; 3338 default: 3339 llvm_unreachable("Unexpected size"); 3340 } 3341 Inst.setOpcode(NewOpcode); 3342 return; 3343 } 3344 switch (Size) { 3345 case 2: NewOpcode = X86::POP16r; break; 3346 case 4: NewOpcode = X86::POP32r; break; 3347 case 8: NewOpcode = X86::POP64r; break; 3348 default: 3349 llvm_unreachable("Unexpected size"); 3350 } 3351 Inst.setOpcode(NewOpcode); 3352 Inst.addOperand(MCOperand::createReg(Reg)); 3353 } 3354 3355 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3356 return createPushRegister(Inst, X86::EFLAGS, Size); 3357 } 3358 3359 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3360 return createPopRegister(Inst, X86::EFLAGS, Size); 3361 } 3362 3363 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3364 unsigned Size) const { 3365 unsigned int Opcode; 3366 switch (Size) { 3367 case 1: Opcode = X86::ADD8ri; break; 3368 case 2: Opcode = X86::ADD16ri; break; 3369 case 4: Opcode = X86::ADD32ri; break; 3370 default: 3371 llvm_unreachable("Unexpected size"); 3372 } 3373 Inst.setOpcode(Opcode); 3374 Inst.clear(); 3375 Inst.addOperand(MCOperand::createReg(Reg)); 3376 Inst.addOperand(MCOperand::createReg(Reg)); 3377 Inst.addOperand(MCOperand::createImm(Value)); 3378 } 3379 3380 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3381 unsigned Size) const { 3382 unsigned int Opcode; 3383 switch (Size) { 3384 case 1: Opcode = X86::MOV8ri; break; 3385 case 2: Opcode = X86::MOV16ri; break; 3386 case 4: Opcode = X86::MOV32ri; break; 3387 case 8: Opcode = X86::MOV64ri; break; 3388 default: 3389 llvm_unreachable("Unexpected size"); 3390 } 3391 Inst.setOpcode(Opcode); 3392 Inst.clear(); 3393 Inst.addOperand(MCOperand::createReg(Reg)); 3394 Inst.addOperand(MCOperand::createImm(0)); 3395 } 3396 3397 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3398 Inst.setOpcode(X86::SETCCr); 3399 Inst.clear(); 3400 Inst.addOperand(MCOperand::createReg(Reg)); 3401 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3402 } 3403 3404 void createX86Lahf(MCInst &Inst) const { 3405 Inst.setOpcode(X86::LAHF); 3406 Inst.clear(); 3407 } 3408 3409 void createX86Sahf(MCInst &Inst) const { 3410 Inst.setOpcode(X86::SAHF); 3411 Inst.clear(); 3412 } 3413 3414 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3415 MCContext *Ctx, bool IsLeaf) const override { 3416 unsigned int I = 0; 3417 3418 Instrs.resize(IsLeaf ? 13 : 11); 3419 // Don't clobber application red zone (ABI dependent) 3420 if (IsLeaf) 3421 createStackPointerIncrement(Instrs[I++], 128, 3422 /*NoFlagsClobber=*/true); 3423 3424 // Performance improvements based on the optimization discussed at 3425 // https://reviews.llvm.org/D6629 3426 // LAHF/SAHF are used instead of PUSHF/POPF 3427 // PUSHF 3428 createPushRegister(Instrs[I++], X86::RAX, 8); 3429 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3430 createX86Lahf(Instrs[I++]); 3431 createPushRegister(Instrs[I++], X86::RAX, 8); 3432 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3433 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3434 // LOCK INC 3435 createIncMemory(Instrs[I++], Target, Ctx); 3436 // POPF 3437 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3438 createPopRegister(Instrs[I++], X86::RAX, 8); 3439 createX86Sahf(Instrs[I++]); 3440 createPopRegister(Instrs[I++], X86::RAX, 8); 3441 3442 if (IsLeaf) 3443 createStackPointerDecrement(Instrs[I], 128, 3444 /*NoFlagsClobber=*/true); 3445 } 3446 3447 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3448 int64_t Disp) const { 3449 Inst.setOpcode(X86::XCHG64rm); 3450 Inst.addOperand(MCOperand::createReg(Source)); 3451 Inst.addOperand(MCOperand::createReg(Source)); 3452 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3453 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3454 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3455 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3456 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3457 } 3458 3459 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3460 int64_t Disp) const { 3461 Inst.setOpcode(X86::JMP64m); 3462 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3463 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3464 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3465 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3466 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3467 } 3468 3469 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3470 bool TailCall, 3471 MCSymbol *HandlerFuncAddr, 3472 int CallSiteID, 3473 MCContext *Ctx) override { 3474 // Check if the target address expression used in the original indirect call 3475 // uses the stack pointer, which we are going to clobber. 3476 static BitVector SPAliases(getAliases(X86::RSP)); 3477 bool UsesSP = false; 3478 // Skip defs. 3479 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3480 E = MCPlus::getNumPrimeOperands(CallInst); 3481 I != E; ++I) { 3482 const MCOperand &Operand = CallInst.getOperand(I); 3483 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3484 UsesSP = true; 3485 break; 3486 } 3487 } 3488 3489 InstructionListType Insts; 3490 MCPhysReg TempReg = getIntArgRegister(0); 3491 // Code sequence used to enter indirect call instrumentation helper: 3492 // push %rdi 3493 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3494 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3495 // sub $8, %rsp ;; restore correct stack value 3496 // push %rdi 3497 // movq $CallSiteID, %rdi 3498 // push %rdi 3499 // callq/jmp HandlerFuncAddr 3500 Insts.emplace_back(); 3501 createPushRegister(Insts.back(), TempReg, 8); 3502 if (UsesSP) { // Only adjust SP if we really need to 3503 Insts.emplace_back(); 3504 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3505 } 3506 Insts.emplace_back(CallInst); 3507 // Insts.back() and CallInst now share the same annotation instruction. 3508 // Strip it from Insts.back(), only preserving tail call annotation. 3509 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3510 convertIndirectCallToLoad(Insts.back(), TempReg); 3511 if (UsesSP) { 3512 Insts.emplace_back(); 3513 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3514 } 3515 Insts.emplace_back(); 3516 createPushRegister(Insts.back(), TempReg, 8); 3517 Insts.emplace_back(); 3518 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3519 Insts.emplace_back(); 3520 createPushRegister(Insts.back(), TempReg, 8); 3521 Insts.emplace_back(); 3522 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3523 /*TailCall=*/TailCall); 3524 // Carry over metadata 3525 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3526 E = CallInst.getNumOperands(); 3527 I != E; ++I) 3528 Insts.back().addOperand(CallInst.getOperand(I)); 3529 3530 return Insts; 3531 } 3532 3533 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3534 const MCPhysReg TempReg = getIntArgRegister(0); 3535 // We just need to undo the sequence created for every ind call in 3536 // instrumentIndirectTarget(), which can be accomplished minimally with: 3537 // popfq 3538 // pop %rdi 3539 // add $16, %rsp 3540 // xchg (%rsp), %rdi 3541 // jmp *-8(%rsp) 3542 InstructionListType Insts(5); 3543 createPopFlags(Insts[0], 8); 3544 createPopRegister(Insts[1], TempReg, 8); 3545 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3546 createSwap(Insts[3], TempReg, X86::RSP, 0); 3547 createIndirectBranch(Insts[4], X86::RSP, -8); 3548 return Insts; 3549 } 3550 3551 InstructionListType 3552 createInstrumentedIndTailCallHandlerExitBB() const override { 3553 const MCPhysReg TempReg = getIntArgRegister(0); 3554 // Same thing as above, but for tail calls 3555 // popfq 3556 // add $16, %rsp 3557 // pop %rdi 3558 // jmp *-16(%rsp) 3559 InstructionListType Insts(4); 3560 createPopFlags(Insts[0], 8); 3561 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3562 createPopRegister(Insts[2], TempReg, 8); 3563 createIndirectBranch(Insts[3], X86::RSP, -16); 3564 return Insts; 3565 } 3566 3567 InstructionListType 3568 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3569 const MCSymbol *IndCallHandler, 3570 MCContext *Ctx) override { 3571 const MCPhysReg TempReg = getIntArgRegister(0); 3572 // Code sequence used to check whether InstrTampoline was initialized 3573 // and call it if so, returns via IndCallHandler. 3574 // pushfq 3575 // mov InstrTrampoline,%rdi 3576 // cmp $0x0,%rdi 3577 // je IndCallHandler 3578 // callq *%rdi 3579 // jmpq IndCallHandler 3580 InstructionListType Insts; 3581 Insts.emplace_back(); 3582 createPushFlags(Insts.back(), 8); 3583 Insts.emplace_back(); 3584 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3585 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3586 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3587 Insts.emplace_back(); 3588 Insts.back().setOpcode(X86::CALL64r); 3589 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3590 Insts.emplace_back(); 3591 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3592 return Insts; 3593 } 3594 3595 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3596 InstructionListType Insts(2); 3597 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3598 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3599 createReturn(Insts[1]); 3600 return Insts; 3601 } 3602 3603 InstructionListType 3604 createInstrLocationsGetter(MCContext *Ctx) const override { 3605 InstructionListType Insts(2); 3606 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3607 createLea(Insts[0], Locs, X86::EAX, Ctx); 3608 createReturn(Insts[1]); 3609 return Insts; 3610 } 3611 3612 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3613 InstructionListType Insts(2); 3614 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3615 createLea(Insts[0], Locs, X86::EAX, Ctx); 3616 createReturn(Insts[1]); 3617 return Insts; 3618 } 3619 3620 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3621 InstructionListType Insts(2); 3622 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3623 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3624 createReturn(Insts[1]); 3625 return Insts; 3626 } 3627 3628 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3629 MCContext *Ctx) const override { 3630 InstructionListType Insts(1); 3631 createUncondBranch(Insts[0], TgtSym, Ctx); 3632 return Insts; 3633 } 3634 3635 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3636 InstructionListType Insts(1); 3637 createReturn(Insts[0]); 3638 return Insts; 3639 } 3640 3641 BlocksVectorTy indirectCallPromotion( 3642 const MCInst &CallInst, 3643 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3644 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3645 const std::vector<MCInst *> &MethodFetchInsns, 3646 const bool MinimizeCodeSize, MCContext *Ctx) override { 3647 const bool IsTailCall = isTailCall(CallInst); 3648 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3649 BlocksVectorTy Results; 3650 3651 // Label for the current code block. 3652 MCSymbol *NextTarget = nullptr; 3653 3654 // The join block which contains all the instructions following CallInst. 3655 // MergeBlock remains null if CallInst is a tail call. 3656 MCSymbol *MergeBlock = nullptr; 3657 3658 unsigned FuncAddrReg = X86::R10; 3659 3660 const bool LoadElim = !VtableSyms.empty(); 3661 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3662 "There must be a vtable entry for every method " 3663 "in the targets vector."); 3664 3665 if (MinimizeCodeSize && !LoadElim) { 3666 std::set<unsigned> UsedRegs; 3667 3668 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3669 const MCOperand &Op = CallInst.getOperand(I); 3670 if (Op.isReg()) 3671 UsedRegs.insert(Op.getReg()); 3672 } 3673 3674 if (UsedRegs.count(X86::R10) == 0) 3675 FuncAddrReg = X86::R10; 3676 else if (UsedRegs.count(X86::R11) == 0) 3677 FuncAddrReg = X86::R11; 3678 else 3679 return Results; 3680 } 3681 3682 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3683 assert(MergeBlock); 3684 NewCall.push_back(CallInst); 3685 MCInst &Merge = NewCall.back(); 3686 Merge.clear(); 3687 createUncondBranch(Merge, MergeBlock, Ctx); 3688 }; 3689 3690 for (unsigned int i = 0; i < Targets.size(); ++i) { 3691 Results.emplace_back(NextTarget, InstructionListType()); 3692 InstructionListType *NewCall = &Results.back().second; 3693 3694 if (MinimizeCodeSize && !LoadElim) { 3695 // Load the call target into FuncAddrReg. 3696 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3697 MCInst &Target = NewCall->back(); 3698 Target.clear(); 3699 Target.setOpcode(X86::MOV64ri32); 3700 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3701 if (Targets[i].first) { 3702 // Is this OK? 3703 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3704 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3705 } else { 3706 const uint64_t Addr = Targets[i].second; 3707 // Immediate address is out of sign extended 32 bit range. 3708 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3709 return BlocksVectorTy(); 3710 3711 Target.addOperand(MCOperand::createImm(Addr)); 3712 } 3713 3714 // Compare current call target to a specific address. 3715 NewCall->push_back(CallInst); 3716 MCInst &Compare = NewCall->back(); 3717 Compare.clear(); 3718 if (isBranchOnReg(CallInst)) 3719 Compare.setOpcode(X86::CMP64rr); 3720 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3721 Compare.setOpcode(X86::CMP64ri32); 3722 else 3723 Compare.setOpcode(X86::CMP64rm); 3724 3725 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3726 3727 // TODO: Would be preferable to only load this value once. 3728 for (unsigned i = 0; 3729 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3730 if (!CallInst.getOperand(i).isInst()) 3731 Compare.addOperand(CallInst.getOperand(i)); 3732 } else { 3733 // Compare current call target to a specific address. 3734 NewCall->push_back(CallInst); 3735 MCInst &Compare = NewCall->back(); 3736 Compare.clear(); 3737 if (isBranchOnReg(CallInst)) 3738 Compare.setOpcode(X86::CMP64ri32); 3739 else 3740 Compare.setOpcode(X86::CMP64mi32); 3741 3742 // Original call address. 3743 for (unsigned i = 0; 3744 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3745 if (!CallInst.getOperand(i).isInst()) 3746 Compare.addOperand(CallInst.getOperand(i)); 3747 3748 // Target address. 3749 if (Targets[i].first || LoadElim) { 3750 const MCSymbol *Sym = 3751 LoadElim ? VtableSyms[i].first : Targets[i].first; 3752 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3753 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3754 if (Addend) 3755 Expr = MCBinaryExpr::createAdd( 3756 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3757 Compare.addOperand(MCOperand::createExpr(Expr)); 3758 } else { 3759 const uint64_t Addr = Targets[i].second; 3760 // Immediate address is out of sign extended 32 bit range. 3761 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3762 return BlocksVectorTy(); 3763 3764 Compare.addOperand(MCOperand::createImm(Addr)); 3765 } 3766 } 3767 3768 // jump to next target compare. 3769 NextTarget = 3770 Ctx->createNamedTempSymbol(); // generate label for the next block 3771 NewCall->push_back(CallInst); 3772 3773 if (IsJumpTable) { 3774 MCInst &Je = NewCall->back(); 3775 3776 // Jump to next compare if target addresses don't match. 3777 Je.clear(); 3778 Je.setOpcode(X86::JCC_1); 3779 if (Targets[i].first) 3780 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3781 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3782 else 3783 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3784 3785 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3786 assert(!isInvoke(CallInst)); 3787 } else { 3788 MCInst &Jne = NewCall->back(); 3789 3790 // Jump to next compare if target addresses don't match. 3791 Jne.clear(); 3792 Jne.setOpcode(X86::JCC_1); 3793 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3794 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3795 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3796 3797 // Call specific target directly. 3798 Results.emplace_back(Ctx->createNamedTempSymbol(), 3799 InstructionListType()); 3800 NewCall = &Results.back().second; 3801 NewCall->push_back(CallInst); 3802 MCInst &CallOrJmp = NewCall->back(); 3803 3804 CallOrJmp.clear(); 3805 3806 if (MinimizeCodeSize && !LoadElim) { 3807 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3808 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3809 } else { 3810 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3811 3812 if (Targets[i].first) 3813 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3814 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3815 else 3816 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3817 } 3818 if (IsTailCall) 3819 setTailCall(CallOrJmp); 3820 3821 if (CallOrJmp.getOpcode() == X86::CALL64r || 3822 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3823 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3824 // Annotated as duplicated call 3825 setOffset(CallOrJmp, *Offset); 3826 } 3827 3828 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3829 // Copy over any EH or GNU args size information from the original 3830 // call. 3831 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3832 if (EHInfo) 3833 addEHInfo(CallOrJmp, *EHInfo); 3834 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3835 if (GnuArgsSize >= 0) 3836 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3837 } 3838 3839 if (!IsTailCall) { 3840 // The fallthrough block for the most common target should be 3841 // the merge block. 3842 if (i == 0) { 3843 // Fallthrough to merge block. 3844 MergeBlock = Ctx->createNamedTempSymbol(); 3845 } else { 3846 // Insert jump to the merge block if we are not doing a fallthrough. 3847 jumpToMergeBlock(*NewCall); 3848 } 3849 } 3850 } 3851 } 3852 3853 // Cold call block. 3854 Results.emplace_back(NextTarget, InstructionListType()); 3855 InstructionListType &NewCall = Results.back().second; 3856 for (const MCInst *Inst : MethodFetchInsns) 3857 if (Inst != &CallInst) 3858 NewCall.push_back(*Inst); 3859 NewCall.push_back(CallInst); 3860 3861 // Jump to merge block from cold call block 3862 if (!IsTailCall && !IsJumpTable) { 3863 jumpToMergeBlock(NewCall); 3864 3865 // Record merge block 3866 Results.emplace_back(MergeBlock, InstructionListType()); 3867 } 3868 3869 return Results; 3870 } 3871 3872 BlocksVectorTy jumpTablePromotion( 3873 const MCInst &IJmpInst, 3874 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3875 const std::vector<MCInst *> &TargetFetchInsns, 3876 MCContext *Ctx) const override { 3877 assert(getJumpTable(IJmpInst) != 0); 3878 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3879 if (IndexReg == 0) 3880 return BlocksVectorTy(); 3881 3882 BlocksVectorTy Results; 3883 3884 // Label for the current code block. 3885 MCSymbol *NextTarget = nullptr; 3886 3887 for (unsigned int i = 0; i < Targets.size(); ++i) { 3888 Results.emplace_back(NextTarget, InstructionListType()); 3889 InstructionListType *CurBB = &Results.back().second; 3890 3891 // Compare current index to a specific index. 3892 CurBB->emplace_back(MCInst()); 3893 MCInst &CompareInst = CurBB->back(); 3894 CompareInst.setLoc(IJmpInst.getLoc()); 3895 CompareInst.setOpcode(X86::CMP64ri32); 3896 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3897 3898 const uint64_t CaseIdx = Targets[i].second; 3899 // Immediate address is out of sign extended 32 bit range. 3900 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3901 return BlocksVectorTy(); 3902 3903 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3904 shortenInstruction(CompareInst, *Ctx->getSubtargetInfo()); 3905 3906 // jump to next target compare. 3907 NextTarget = 3908 Ctx->createNamedTempSymbol(); // generate label for the next block 3909 CurBB->push_back(MCInst()); 3910 3911 MCInst &JEInst = CurBB->back(); 3912 JEInst.setLoc(IJmpInst.getLoc()); 3913 3914 // Jump to target if indices match 3915 JEInst.setOpcode(X86::JCC_1); 3916 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3917 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3918 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3919 } 3920 3921 // Cold call block. 3922 Results.emplace_back(NextTarget, InstructionListType()); 3923 InstructionListType &CurBB = Results.back().second; 3924 for (const MCInst *Inst : TargetFetchInsns) 3925 if (Inst != &IJmpInst) 3926 CurBB.push_back(*Inst); 3927 3928 CurBB.push_back(IJmpInst); 3929 3930 return Results; 3931 } 3932 3933 private: 3934 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3935 MCContext *Ctx) const { 3936 Inst.setOpcode(X86::MOV64rm); 3937 Inst.addOperand(MCOperand::createReg(Reg)); 3938 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3939 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3940 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3941 Inst.addOperand(MCOperand::createExpr( 3942 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3943 *Ctx))); // Displacement 3944 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3945 3946 return true; 3947 } 3948 3949 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3950 MCContext *Ctx) const { 3951 Inst.setOpcode(X86::LEA64r); 3952 Inst.addOperand(MCOperand::createReg(Reg)); 3953 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3954 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3955 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3956 Inst.addOperand(MCOperand::createExpr( 3957 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3958 *Ctx))); // Displacement 3959 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3960 return true; 3961 } 3962 }; 3963 3964 } // namespace 3965 3966 namespace llvm { 3967 namespace bolt { 3968 3969 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3970 const MCInstrInfo *Info, 3971 const MCRegisterInfo *RegInfo) { 3972 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3973 } 3974 3975 } // namespace bolt 3976 } // namespace llvm 3977