1 //===- bolt/Target/X86/X86MCPlusBuilder.cpp -------------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 // 9 // This file provides X86-specific MCPlus builder. 10 // 11 //===----------------------------------------------------------------------===// 12 13 #include "MCTargetDesc/X86BaseInfo.h" 14 #include "MCTargetDesc/X86InstrRelaxTables.h" 15 #include "MCTargetDesc/X86MCTargetDesc.h" 16 #include "X86MCSymbolizer.h" 17 #include "bolt/Core/MCPlus.h" 18 #include "bolt/Core/MCPlusBuilder.h" 19 #include "llvm/BinaryFormat/ELF.h" 20 #include "llvm/MC/MCContext.h" 21 #include "llvm/MC/MCFixupKindInfo.h" 22 #include "llvm/MC/MCInst.h" 23 #include "llvm/MC/MCInstBuilder.h" 24 #include "llvm/MC/MCInstrInfo.h" 25 #include "llvm/MC/MCRegister.h" 26 #include "llvm/MC/MCRegisterInfo.h" 27 #include "llvm/Support/CommandLine.h" 28 #include "llvm/Support/DataExtractor.h" 29 #include "llvm/Support/Debug.h" 30 #include "llvm/Support/Errc.h" 31 #include "llvm/Support/ErrorHandling.h" 32 #include "llvm/Support/ErrorOr.h" 33 #include <set> 34 35 #define DEBUG_TYPE "mcplus" 36 37 using namespace llvm; 38 using namespace bolt; 39 40 namespace opts { 41 42 extern cl::OptionCategory BoltOptCategory; 43 44 static cl::opt<bool> X86StripRedundantAddressSize( 45 "x86-strip-redundant-address-size", 46 cl::desc("Remove redundant Address-Size override prefix"), cl::init(true), 47 cl::ZeroOrMore, cl::cat(BoltOptCategory)); 48 49 } // namespace opts 50 51 namespace { 52 53 unsigned getShortBranchOpcode(unsigned Opcode) { 54 switch (Opcode) { 55 default: 56 return Opcode; 57 case X86::JMP_2: return X86::JMP_1; 58 case X86::JMP_4: return X86::JMP_1; 59 case X86::JCC_2: return X86::JCC_1; 60 case X86::JCC_4: return X86::JCC_1; 61 } 62 } 63 64 unsigned getShortArithOpcode(unsigned Opcode) { 65 return X86::getShortOpcodeArith(Opcode); 66 } 67 68 bool isMOVSX64rm32(const MCInst &Inst) { 69 return Inst.getOpcode() == X86::MOVSX64rm32; 70 } 71 72 bool isADD64rr(const MCInst &Inst) { return Inst.getOpcode() == X86::ADD64rr; } 73 74 bool isADDri(const MCInst &Inst) { 75 return Inst.getOpcode() == X86::ADD64ri32 || 76 Inst.getOpcode() == X86::ADD64ri8; 77 } 78 79 class X86MCPlusBuilder : public MCPlusBuilder { 80 public: 81 X86MCPlusBuilder(const MCInstrAnalysis *Analysis, const MCInstrInfo *Info, 82 const MCRegisterInfo *RegInfo) 83 : MCPlusBuilder(Analysis, Info, RegInfo) {} 84 85 std::unique_ptr<MCSymbolizer> 86 createTargetSymbolizer(BinaryFunction &Function) const override { 87 return std::make_unique<X86MCSymbolizer>(Function); 88 } 89 90 bool isBranch(const MCInst &Inst) const override { 91 return Analysis->isBranch(Inst) && !isTailCall(Inst); 92 } 93 94 bool isNoop(const MCInst &Inst) const override { 95 return X86::isNOP(Inst.getOpcode()); 96 } 97 98 unsigned getCondCode(const MCInst &Inst) const override { 99 unsigned Opcode = Inst.getOpcode(); 100 if (X86::isJCC(Opcode)) 101 return Inst.getOperand(Info->get(Opcode).NumOperands - 1).getImm(); 102 return X86::COND_INVALID; 103 } 104 105 unsigned getInvertedCondCode(unsigned CC) const override { 106 switch (CC) { 107 default: return X86::COND_INVALID; 108 case X86::COND_E: return X86::COND_NE; 109 case X86::COND_NE: return X86::COND_E; 110 case X86::COND_L: return X86::COND_GE; 111 case X86::COND_LE: return X86::COND_G; 112 case X86::COND_G: return X86::COND_LE; 113 case X86::COND_GE: return X86::COND_L; 114 case X86::COND_B: return X86::COND_AE; 115 case X86::COND_BE: return X86::COND_A; 116 case X86::COND_A: return X86::COND_BE; 117 case X86::COND_AE: return X86::COND_B; 118 case X86::COND_S: return X86::COND_NS; 119 case X86::COND_NS: return X86::COND_S; 120 case X86::COND_P: return X86::COND_NP; 121 case X86::COND_NP: return X86::COND_P; 122 case X86::COND_O: return X86::COND_NO; 123 case X86::COND_NO: return X86::COND_O; 124 } 125 } 126 127 unsigned getCondCodesLogicalOr(unsigned CC1, unsigned CC2) const override { 128 enum DecodedCondCode : uint8_t { 129 DCC_EQUAL = 0x1, 130 DCC_GREATER = 0x2, 131 DCC_LESSER = 0x4, 132 DCC_GREATER_OR_LESSER = 0x6, 133 DCC_UNSIGNED = 0x8, 134 DCC_SIGNED = 0x10, 135 DCC_INVALID = 0x20, 136 }; 137 138 auto decodeCondCode = [&](unsigned CC) -> uint8_t { 139 switch (CC) { 140 default: return DCC_INVALID; 141 case X86::COND_E: return DCC_EQUAL; 142 case X86::COND_NE: return DCC_GREATER | DCC_LESSER; 143 case X86::COND_L: return DCC_LESSER | DCC_SIGNED; 144 case X86::COND_LE: return DCC_EQUAL | DCC_LESSER | DCC_SIGNED; 145 case X86::COND_G: return DCC_GREATER | DCC_SIGNED; 146 case X86::COND_GE: return DCC_GREATER | DCC_EQUAL | DCC_SIGNED; 147 case X86::COND_B: return DCC_LESSER | DCC_UNSIGNED; 148 case X86::COND_BE: return DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED; 149 case X86::COND_A: return DCC_GREATER | DCC_UNSIGNED; 150 case X86::COND_AE: return DCC_GREATER | DCC_EQUAL | DCC_UNSIGNED; 151 } 152 }; 153 154 uint8_t DCC = decodeCondCode(CC1) | decodeCondCode(CC2); 155 156 if (DCC & DCC_INVALID) 157 return X86::COND_INVALID; 158 159 if (DCC & DCC_SIGNED && DCC & DCC_UNSIGNED) 160 return X86::COND_INVALID; 161 162 switch (DCC) { 163 default: return X86::COND_INVALID; 164 case DCC_EQUAL | DCC_LESSER | DCC_SIGNED: return X86::COND_LE; 165 case DCC_EQUAL | DCC_LESSER | DCC_UNSIGNED: return X86::COND_BE; 166 case DCC_EQUAL | DCC_GREATER | DCC_SIGNED: return X86::COND_GE; 167 case DCC_EQUAL | DCC_GREATER | DCC_UNSIGNED: return X86::COND_AE; 168 case DCC_GREATER | DCC_LESSER | DCC_SIGNED: return X86::COND_NE; 169 case DCC_GREATER | DCC_LESSER | DCC_UNSIGNED: return X86::COND_NE; 170 case DCC_GREATER | DCC_LESSER: return X86::COND_NE; 171 case DCC_EQUAL | DCC_SIGNED: return X86::COND_E; 172 case DCC_EQUAL | DCC_UNSIGNED: return X86::COND_E; 173 case DCC_EQUAL: return X86::COND_E; 174 case DCC_LESSER | DCC_SIGNED: return X86::COND_L; 175 case DCC_LESSER | DCC_UNSIGNED: return X86::COND_B; 176 case DCC_GREATER | DCC_SIGNED: return X86::COND_G; 177 case DCC_GREATER | DCC_UNSIGNED: return X86::COND_A; 178 } 179 } 180 181 bool isValidCondCode(unsigned CC) const override { 182 return (CC != X86::COND_INVALID); 183 } 184 185 bool isBreakpoint(const MCInst &Inst) const override { 186 return Inst.getOpcode() == X86::INT3; 187 } 188 189 bool isPrefix(const MCInst &Inst) const override { 190 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 191 return X86II::isPrefix(Desc.TSFlags); 192 } 193 194 bool isRep(const MCInst &Inst) const override { 195 return Inst.getFlags() == X86::IP_HAS_REPEAT; 196 } 197 198 bool deleteREPPrefix(MCInst &Inst) const override { 199 if (Inst.getFlags() == X86::IP_HAS_REPEAT) { 200 Inst.setFlags(0); 201 return true; 202 } 203 return false; 204 } 205 206 // FIXME: For compatibility with old LLVM only! 207 bool isTerminator(const MCInst &Inst) const override { 208 unsigned Opcode = Inst.getOpcode(); 209 return Info->get(Opcode).isTerminator() || X86::isUD1(Opcode) || 210 X86::isUD2(Opcode); 211 } 212 213 bool isIndirectCall(const MCInst &Inst) const override { 214 return isCall(Inst) && 215 ((getMemoryOperandNo(Inst) != -1) || Inst.getOperand(0).isReg()); 216 } 217 218 bool isPop(const MCInst &Inst) const override { 219 return getPopSize(Inst) == 0 ? false : true; 220 } 221 222 bool isTerminateBranch(const MCInst &Inst) const override { 223 return Inst.getOpcode() == X86::ENDBR32 || Inst.getOpcode() == X86::ENDBR64; 224 } 225 226 int getPopSize(const MCInst &Inst) const override { 227 switch (Inst.getOpcode()) { 228 case X86::POP16r: 229 case X86::POP16rmm: 230 case X86::POP16rmr: 231 case X86::POPF16: 232 case X86::POPA16: 233 case X86::POPDS16: 234 case X86::POPES16: 235 case X86::POPFS16: 236 case X86::POPGS16: 237 case X86::POPSS16: 238 return 2; 239 case X86::POP32r: 240 case X86::POP32rmm: 241 case X86::POP32rmr: 242 case X86::POPA32: 243 case X86::POPDS32: 244 case X86::POPES32: 245 case X86::POPF32: 246 case X86::POPFS32: 247 case X86::POPGS32: 248 case X86::POPSS32: 249 return 4; 250 case X86::POP64r: 251 case X86::POP64rmm: 252 case X86::POP64rmr: 253 case X86::POPF64: 254 case X86::POPFS64: 255 case X86::POPGS64: 256 return 8; 257 } 258 return 0; 259 } 260 261 bool isPush(const MCInst &Inst) const override { 262 return getPushSize(Inst) == 0 ? false : true; 263 } 264 265 int getPushSize(const MCInst &Inst) const override { 266 switch (Inst.getOpcode()) { 267 case X86::PUSH16i8: 268 case X86::PUSH16r: 269 case X86::PUSH16rmm: 270 case X86::PUSH16rmr: 271 case X86::PUSHA16: 272 case X86::PUSHCS16: 273 case X86::PUSHDS16: 274 case X86::PUSHES16: 275 case X86::PUSHF16: 276 case X86::PUSHFS16: 277 case X86::PUSHGS16: 278 case X86::PUSHSS16: 279 case X86::PUSHi16: 280 return 2; 281 case X86::PUSH32i8: 282 case X86::PUSH32r: 283 case X86::PUSH32rmm: 284 case X86::PUSH32rmr: 285 case X86::PUSHA32: 286 case X86::PUSHCS32: 287 case X86::PUSHDS32: 288 case X86::PUSHES32: 289 case X86::PUSHF32: 290 case X86::PUSHFS32: 291 case X86::PUSHGS32: 292 case X86::PUSHSS32: 293 case X86::PUSHi32: 294 return 4; 295 case X86::PUSH64i32: 296 case X86::PUSH64i8: 297 case X86::PUSH64r: 298 case X86::PUSH64rmm: 299 case X86::PUSH64rmr: 300 case X86::PUSHF64: 301 case X86::PUSHFS64: 302 case X86::PUSHGS64: 303 return 8; 304 } 305 return 0; 306 } 307 308 bool isSUB(const MCInst &Inst) const override { 309 return X86::isSUB(Inst.getOpcode()); 310 } 311 312 bool isLEA64r(const MCInst &Inst) const override { 313 return Inst.getOpcode() == X86::LEA64r; 314 } 315 316 bool isLeave(const MCInst &Inst) const override { 317 return Inst.getOpcode() == X86::LEAVE || Inst.getOpcode() == X86::LEAVE64; 318 } 319 320 bool isMoveMem2Reg(const MCInst &Inst) const override { 321 switch (Inst.getOpcode()) { 322 case X86::MOV16rm: 323 case X86::MOV32rm: 324 case X86::MOV64rm: 325 return true; 326 } 327 return false; 328 } 329 330 bool isUnsupportedBranch(unsigned Opcode) const override { 331 switch (Opcode) { 332 default: 333 return false; 334 case X86::LOOP: 335 case X86::LOOPE: 336 case X86::LOOPNE: 337 case X86::JECXZ: 338 case X86::JRCXZ: 339 return true; 340 } 341 } 342 343 bool isLoad(const MCInst &Inst) const override { 344 if (isPop(Inst)) 345 return true; 346 347 int MemOpNo = getMemoryOperandNo(Inst); 348 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 349 350 if (MemOpNo == -1) 351 return false; 352 353 return MCII.mayLoad(); 354 } 355 356 bool isStore(const MCInst &Inst) const override { 357 if (isPush(Inst)) 358 return true; 359 360 int MemOpNo = getMemoryOperandNo(Inst); 361 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 362 363 if (MemOpNo == -1) 364 return false; 365 366 return MCII.mayStore(); 367 } 368 369 bool isCleanRegXOR(const MCInst &Inst) const override { 370 switch (Inst.getOpcode()) { 371 case X86::XOR16rr: 372 case X86::XOR32rr: 373 case X86::XOR64rr: 374 break; 375 default: 376 return false; 377 } 378 return (Inst.getOperand(0).getReg() == Inst.getOperand(2).getReg()); 379 } 380 381 bool isPacked(const MCInst &Inst) const override { 382 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 383 return (Desc.TSFlags & X86II::OpPrefixMask) == X86II::PD; 384 } 385 386 unsigned getTrapFillValue() const override { return 0xCC; } 387 388 struct IndJmpMatcherFrag1 : MCInstMatcher { 389 std::unique_ptr<MCInstMatcher> Base; 390 std::unique_ptr<MCInstMatcher> Scale; 391 std::unique_ptr<MCInstMatcher> Index; 392 std::unique_ptr<MCInstMatcher> Offset; 393 394 IndJmpMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 395 std::unique_ptr<MCInstMatcher> Scale, 396 std::unique_ptr<MCInstMatcher> Index, 397 std::unique_ptr<MCInstMatcher> Offset) 398 : Base(std::move(Base)), Scale(std::move(Scale)), 399 Index(std::move(Index)), Offset(std::move(Offset)) {} 400 401 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 402 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 403 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 404 return false; 405 406 if (CurInst->getOpcode() != X86::JMP64m) 407 return false; 408 409 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 410 if (MemOpNo == -1) 411 return false; 412 413 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 414 return false; 415 if (!Scale->match(MRI, MIB, this->InstrWindow, 416 MemOpNo + X86::AddrScaleAmt)) 417 return false; 418 if (!Index->match(MRI, MIB, this->InstrWindow, 419 MemOpNo + X86::AddrIndexReg)) 420 return false; 421 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 422 return false; 423 return true; 424 } 425 426 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 427 MIB.addAnnotation(*CurInst, Annotation, true); 428 Base->annotate(MIB, Annotation); 429 Scale->annotate(MIB, Annotation); 430 Index->annotate(MIB, Annotation); 431 Offset->annotate(MIB, Annotation); 432 } 433 }; 434 435 std::unique_ptr<MCInstMatcher> 436 matchIndJmp(std::unique_ptr<MCInstMatcher> Base, 437 std::unique_ptr<MCInstMatcher> Scale, 438 std::unique_ptr<MCInstMatcher> Index, 439 std::unique_ptr<MCInstMatcher> Offset) const override { 440 return std::unique_ptr<MCInstMatcher>( 441 new IndJmpMatcherFrag1(std::move(Base), std::move(Scale), 442 std::move(Index), std::move(Offset))); 443 } 444 445 struct IndJmpMatcherFrag2 : MCInstMatcher { 446 std::unique_ptr<MCInstMatcher> Reg; 447 448 IndJmpMatcherFrag2(std::unique_ptr<MCInstMatcher> Reg) 449 : Reg(std::move(Reg)) {} 450 451 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 452 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 453 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 454 return false; 455 456 if (CurInst->getOpcode() != X86::JMP64r) 457 return false; 458 459 return Reg->match(MRI, MIB, this->InstrWindow, 0); 460 } 461 462 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 463 MIB.addAnnotation(*CurInst, Annotation, true); 464 Reg->annotate(MIB, Annotation); 465 } 466 }; 467 468 std::unique_ptr<MCInstMatcher> 469 matchIndJmp(std::unique_ptr<MCInstMatcher> Target) const override { 470 return std::unique_ptr<MCInstMatcher>( 471 new IndJmpMatcherFrag2(std::move(Target))); 472 } 473 474 struct LoadMatcherFrag1 : MCInstMatcher { 475 std::unique_ptr<MCInstMatcher> Base; 476 std::unique_ptr<MCInstMatcher> Scale; 477 std::unique_ptr<MCInstMatcher> Index; 478 std::unique_ptr<MCInstMatcher> Offset; 479 480 LoadMatcherFrag1(std::unique_ptr<MCInstMatcher> Base, 481 std::unique_ptr<MCInstMatcher> Scale, 482 std::unique_ptr<MCInstMatcher> Index, 483 std::unique_ptr<MCInstMatcher> Offset) 484 : Base(std::move(Base)), Scale(std::move(Scale)), 485 Index(std::move(Index)), Offset(std::move(Offset)) {} 486 487 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 488 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 489 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 490 return false; 491 492 if (CurInst->getOpcode() != X86::MOV64rm && 493 CurInst->getOpcode() != X86::MOVSX64rm32) 494 return false; 495 496 int MemOpNo = MIB.getMemoryOperandNo(*CurInst); 497 if (MemOpNo == -1) 498 return false; 499 500 if (!Base->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrBaseReg)) 501 return false; 502 if (!Scale->match(MRI, MIB, this->InstrWindow, 503 MemOpNo + X86::AddrScaleAmt)) 504 return false; 505 if (!Index->match(MRI, MIB, this->InstrWindow, 506 MemOpNo + X86::AddrIndexReg)) 507 return false; 508 if (!Offset->match(MRI, MIB, this->InstrWindow, MemOpNo + X86::AddrDisp)) 509 return false; 510 return true; 511 } 512 513 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 514 MIB.addAnnotation(*CurInst, Annotation, true); 515 Base->annotate(MIB, Annotation); 516 Scale->annotate(MIB, Annotation); 517 Index->annotate(MIB, Annotation); 518 Offset->annotate(MIB, Annotation); 519 } 520 }; 521 522 std::unique_ptr<MCInstMatcher> 523 matchLoad(std::unique_ptr<MCInstMatcher> Base, 524 std::unique_ptr<MCInstMatcher> Scale, 525 std::unique_ptr<MCInstMatcher> Index, 526 std::unique_ptr<MCInstMatcher> Offset) const override { 527 return std::unique_ptr<MCInstMatcher>( 528 new LoadMatcherFrag1(std::move(Base), std::move(Scale), 529 std::move(Index), std::move(Offset))); 530 } 531 532 struct AddMatcher : MCInstMatcher { 533 std::unique_ptr<MCInstMatcher> A; 534 std::unique_ptr<MCInstMatcher> B; 535 536 AddMatcher(std::unique_ptr<MCInstMatcher> A, 537 std::unique_ptr<MCInstMatcher> B) 538 : A(std::move(A)), B(std::move(B)) {} 539 540 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 541 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 542 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 543 return false; 544 545 if (CurInst->getOpcode() == X86::ADD64rr || 546 CurInst->getOpcode() == X86::ADD64rr_DB || 547 CurInst->getOpcode() == X86::ADD64rr_REV) { 548 if (!A->match(MRI, MIB, this->InstrWindow, 1)) { 549 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 550 return false; 551 return A->match(MRI, MIB, this->InstrWindow, 2); 552 } 553 554 if (B->match(MRI, MIB, this->InstrWindow, 2)) 555 return true; 556 557 if (!B->match(MRI, MIB, this->InstrWindow, 1)) 558 return false; 559 return A->match(MRI, MIB, this->InstrWindow, 2); 560 } 561 562 return false; 563 } 564 565 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 566 MIB.addAnnotation(*CurInst, Annotation, true); 567 A->annotate(MIB, Annotation); 568 B->annotate(MIB, Annotation); 569 } 570 }; 571 572 virtual std::unique_ptr<MCInstMatcher> 573 matchAdd(std::unique_ptr<MCInstMatcher> A, 574 std::unique_ptr<MCInstMatcher> B) const override { 575 return std::unique_ptr<MCInstMatcher>( 576 new AddMatcher(std::move(A), std::move(B))); 577 } 578 579 struct LEAMatcher : MCInstMatcher { 580 std::unique_ptr<MCInstMatcher> Target; 581 582 LEAMatcher(std::unique_ptr<MCInstMatcher> Target) 583 : Target(std::move(Target)) {} 584 585 bool match(const MCRegisterInfo &MRI, MCPlusBuilder &MIB, 586 MutableArrayRef<MCInst> InInstrWindow, int OpNum) override { 587 if (!MCInstMatcher::match(MRI, MIB, InInstrWindow, OpNum)) 588 return false; 589 590 if (CurInst->getOpcode() != X86::LEA64r) 591 return false; 592 593 if (CurInst->getOperand(1 + X86::AddrScaleAmt).getImm() != 1 || 594 CurInst->getOperand(1 + X86::AddrIndexReg).getReg() != 595 X86::NoRegister || 596 (CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != 597 X86::NoRegister && 598 CurInst->getOperand(1 + X86::AddrBaseReg).getReg() != X86::RIP)) 599 return false; 600 601 return Target->match(MRI, MIB, this->InstrWindow, 1 + X86::AddrDisp); 602 } 603 604 void annotate(MCPlusBuilder &MIB, StringRef Annotation) override { 605 MIB.addAnnotation(*CurInst, Annotation, true); 606 Target->annotate(MIB, Annotation); 607 } 608 }; 609 610 virtual std::unique_ptr<MCInstMatcher> 611 matchLoadAddr(std::unique_ptr<MCInstMatcher> Target) const override { 612 return std::unique_ptr<MCInstMatcher>(new LEAMatcher(std::move(Target))); 613 } 614 615 bool hasPCRelOperand(const MCInst &Inst) const override { 616 for (const MCOperand &Operand : Inst) 617 if (Operand.isReg() && Operand.getReg() == X86::RIP) 618 return true; 619 return false; 620 } 621 622 int getMemoryOperandNo(const MCInst &Inst) const override { 623 unsigned Opcode = Inst.getOpcode(); 624 const MCInstrDesc &Desc = Info->get(Opcode); 625 int MemOpNo = X86II::getMemoryOperandNo(Desc.TSFlags); 626 if (MemOpNo >= 0) 627 MemOpNo += X86II::getOperandBias(Desc); 628 return MemOpNo; 629 } 630 631 bool hasEVEXEncoding(const MCInst &Inst) const override { 632 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 633 return (Desc.TSFlags & X86II::EncodingMask) == X86II::EVEX; 634 } 635 636 bool isMacroOpFusionPair(ArrayRef<MCInst> Insts) const override { 637 const auto *I = Insts.begin(); 638 while (I != Insts.end() && isPrefix(*I)) 639 ++I; 640 if (I == Insts.end()) 641 return false; 642 643 const MCInst &FirstInst = *I; 644 ++I; 645 while (I != Insts.end() && isPrefix(*I)) 646 ++I; 647 if (I == Insts.end()) 648 return false; 649 const MCInst &SecondInst = *I; 650 651 if (!isConditionalBranch(SecondInst)) 652 return false; 653 // Cannot fuse if the first instruction uses RIP-relative memory. 654 if (hasPCRelOperand(FirstInst)) 655 return false; 656 657 const X86::FirstMacroFusionInstKind CmpKind = 658 X86::classifyFirstOpcodeInMacroFusion(FirstInst.getOpcode()); 659 if (CmpKind == X86::FirstMacroFusionInstKind::Invalid) 660 return false; 661 662 X86::CondCode CC = static_cast<X86::CondCode>(getCondCode(SecondInst)); 663 X86::SecondMacroFusionInstKind BranchKind = 664 X86::classifySecondCondCodeInMacroFusion(CC); 665 if (BranchKind == X86::SecondMacroFusionInstKind::Invalid) 666 return false; 667 return X86::isMacroFused(CmpKind, BranchKind); 668 } 669 670 bool 671 evaluateX86MemoryOperand(const MCInst &Inst, unsigned *BaseRegNum, 672 int64_t *ScaleImm, unsigned *IndexRegNum, 673 int64_t *DispImm, unsigned *SegmentRegNum, 674 const MCExpr **DispExpr = nullptr) const override { 675 assert(BaseRegNum && ScaleImm && IndexRegNum && SegmentRegNum && 676 "one of the input pointers is null"); 677 int MemOpNo = getMemoryOperandNo(Inst); 678 if (MemOpNo < 0) 679 return false; 680 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 681 682 if (MemOpOffset + X86::AddrSegmentReg >= MCPlus::getNumPrimeOperands(Inst)) 683 return false; 684 685 const MCOperand &Base = Inst.getOperand(MemOpOffset + X86::AddrBaseReg); 686 const MCOperand &Scale = Inst.getOperand(MemOpOffset + X86::AddrScaleAmt); 687 const MCOperand &Index = Inst.getOperand(MemOpOffset + X86::AddrIndexReg); 688 const MCOperand &Disp = Inst.getOperand(MemOpOffset + X86::AddrDisp); 689 const MCOperand &Segment = 690 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg); 691 692 // Make sure it is a well-formed memory operand. 693 if (!Base.isReg() || !Scale.isImm() || !Index.isReg() || 694 (!Disp.isImm() && !Disp.isExpr()) || !Segment.isReg()) 695 return false; 696 697 *BaseRegNum = Base.getReg(); 698 *ScaleImm = Scale.getImm(); 699 *IndexRegNum = Index.getReg(); 700 if (Disp.isImm()) { 701 assert(DispImm && "DispImm needs to be set"); 702 *DispImm = Disp.getImm(); 703 if (DispExpr) 704 *DispExpr = nullptr; 705 } else { 706 assert(DispExpr && "DispExpr needs to be set"); 707 *DispExpr = Disp.getExpr(); 708 if (DispImm) 709 *DispImm = 0; 710 } 711 *SegmentRegNum = Segment.getReg(); 712 return true; 713 } 714 715 bool evaluateMemOperandTarget(const MCInst &Inst, uint64_t &Target, 716 uint64_t Address, 717 uint64_t Size) const override { 718 unsigned BaseRegNum; 719 int64_t ScaleValue; 720 unsigned IndexRegNum; 721 int64_t DispValue; 722 unsigned SegRegNum; 723 const MCExpr *DispExpr = nullptr; 724 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 725 &DispValue, &SegRegNum, &DispExpr)) 726 return false; 727 728 // Make sure it's a well-formed addressing we can statically evaluate. 729 if ((BaseRegNum != X86::RIP && BaseRegNum != X86::NoRegister) || 730 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 731 DispExpr) 732 return false; 733 734 Target = DispValue; 735 if (BaseRegNum == X86::RIP) { 736 assert(Size != 0 && "instruction size required in order to statically " 737 "evaluate RIP-relative address"); 738 Target += Address + Size; 739 } 740 return true; 741 } 742 743 MCInst::iterator getMemOperandDisp(MCInst &Inst) const override { 744 int MemOpNo = getMemoryOperandNo(Inst); 745 if (MemOpNo < 0) 746 return Inst.end(); 747 return Inst.begin() + (MemOpNo + X86::AddrDisp); 748 } 749 750 bool replaceMemOperandDisp(MCInst &Inst, MCOperand Operand) const override { 751 MCOperand *OI = getMemOperandDisp(Inst); 752 if (OI == Inst.end()) 753 return false; 754 *OI = Operand; 755 return true; 756 } 757 758 /// Get the registers used as function parameters. 759 /// This function is specific to the x86_64 abi on Linux. 760 BitVector getRegsUsedAsParams() const override { 761 BitVector Regs = BitVector(RegInfo->getNumRegs(), false); 762 Regs |= getAliases(X86::RSI); 763 Regs |= getAliases(X86::RDI); 764 Regs |= getAliases(X86::RDX); 765 Regs |= getAliases(X86::RCX); 766 Regs |= getAliases(X86::R8); 767 Regs |= getAliases(X86::R9); 768 return Regs; 769 } 770 771 void getCalleeSavedRegs(BitVector &Regs) const override { 772 Regs |= getAliases(X86::RBX); 773 Regs |= getAliases(X86::RBP); 774 Regs |= getAliases(X86::R12); 775 Regs |= getAliases(X86::R13); 776 Regs |= getAliases(X86::R14); 777 Regs |= getAliases(X86::R15); 778 } 779 780 void getDefaultDefIn(BitVector &Regs) const override { 781 assert(Regs.size() >= RegInfo->getNumRegs() && 782 "The size of BitVector is less than RegInfo->getNumRegs()."); 783 Regs.set(X86::RAX); 784 Regs.set(X86::RCX); 785 Regs.set(X86::RDX); 786 Regs.set(X86::RSI); 787 Regs.set(X86::RDI); 788 Regs.set(X86::R8); 789 Regs.set(X86::R9); 790 Regs.set(X86::XMM0); 791 Regs.set(X86::XMM1); 792 Regs.set(X86::XMM2); 793 Regs.set(X86::XMM3); 794 Regs.set(X86::XMM4); 795 Regs.set(X86::XMM5); 796 Regs.set(X86::XMM6); 797 Regs.set(X86::XMM7); 798 } 799 800 void getDefaultLiveOut(BitVector &Regs) const override { 801 assert(Regs.size() >= RegInfo->getNumRegs() && 802 "The size of BitVector is less than RegInfo->getNumRegs()."); 803 Regs |= getAliases(X86::RAX); 804 Regs |= getAliases(X86::RDX); 805 Regs |= getAliases(X86::RCX); 806 Regs |= getAliases(X86::XMM0); 807 Regs |= getAliases(X86::XMM1); 808 } 809 810 void getGPRegs(BitVector &Regs, bool IncludeAlias) const override { 811 if (IncludeAlias) { 812 Regs |= getAliases(X86::RAX); 813 Regs |= getAliases(X86::RBX); 814 Regs |= getAliases(X86::RBP); 815 Regs |= getAliases(X86::RSI); 816 Regs |= getAliases(X86::RDI); 817 Regs |= getAliases(X86::RDX); 818 Regs |= getAliases(X86::RCX); 819 Regs |= getAliases(X86::R8); 820 Regs |= getAliases(X86::R9); 821 Regs |= getAliases(X86::R10); 822 Regs |= getAliases(X86::R11); 823 Regs |= getAliases(X86::R12); 824 Regs |= getAliases(X86::R13); 825 Regs |= getAliases(X86::R14); 826 Regs |= getAliases(X86::R15); 827 return; 828 } 829 Regs.set(X86::RAX); 830 Regs.set(X86::RBX); 831 Regs.set(X86::RBP); 832 Regs.set(X86::RSI); 833 Regs.set(X86::RDI); 834 Regs.set(X86::RDX); 835 Regs.set(X86::RCX); 836 Regs.set(X86::R8); 837 Regs.set(X86::R9); 838 Regs.set(X86::R10); 839 Regs.set(X86::R11); 840 Regs.set(X86::R12); 841 Regs.set(X86::R13); 842 Regs.set(X86::R14); 843 Regs.set(X86::R15); 844 } 845 846 void getClassicGPRegs(BitVector &Regs) const override { 847 Regs |= getAliases(X86::RAX); 848 Regs |= getAliases(X86::RBX); 849 Regs |= getAliases(X86::RBP); 850 Regs |= getAliases(X86::RSI); 851 Regs |= getAliases(X86::RDI); 852 Regs |= getAliases(X86::RDX); 853 Regs |= getAliases(X86::RCX); 854 } 855 856 void getRepRegs(BitVector &Regs) const override { 857 Regs |= getAliases(X86::RCX); 858 } 859 860 MCPhysReg getAliasSized(MCPhysReg Reg, uint8_t Size) const override { 861 switch (Reg) { 862 case X86::RAX: case X86::EAX: case X86::AX: case X86::AL: case X86::AH: 863 switch (Size) { 864 case 8: return X86::RAX; case 4: return X86::EAX; 865 case 2: return X86::AX; case 1: return X86::AL; 866 default: llvm_unreachable("Unexpected size"); 867 } 868 case X86::RBX: case X86::EBX: case X86::BX: case X86::BL: case X86::BH: 869 switch (Size) { 870 case 8: return X86::RBX; case 4: return X86::EBX; 871 case 2: return X86::BX; case 1: return X86::BL; 872 default: llvm_unreachable("Unexpected size"); 873 } 874 case X86::RDX: case X86::EDX: case X86::DX: case X86::DL: case X86::DH: 875 switch (Size) { 876 case 8: return X86::RDX; case 4: return X86::EDX; 877 case 2: return X86::DX; case 1: return X86::DL; 878 default: llvm_unreachable("Unexpected size"); 879 } 880 case X86::RDI: case X86::EDI: case X86::DI: case X86::DIL: 881 switch (Size) { 882 case 8: return X86::RDI; case 4: return X86::EDI; 883 case 2: return X86::DI; case 1: return X86::DIL; 884 default: llvm_unreachable("Unexpected size"); 885 } 886 case X86::RSI: case X86::ESI: case X86::SI: case X86::SIL: 887 switch (Size) { 888 case 8: return X86::RSI; case 4: return X86::ESI; 889 case 2: return X86::SI; case 1: return X86::SIL; 890 default: llvm_unreachable("Unexpected size"); 891 } 892 case X86::RCX: case X86::ECX: case X86::CX: case X86::CL: case X86::CH: 893 switch (Size) { 894 case 8: return X86::RCX; case 4: return X86::ECX; 895 case 2: return X86::CX; case 1: return X86::CL; 896 default: llvm_unreachable("Unexpected size"); 897 } 898 case X86::RSP: case X86::ESP: case X86::SP: case X86::SPL: 899 switch (Size) { 900 case 8: return X86::RSP; case 4: return X86::ESP; 901 case 2: return X86::SP; case 1: return X86::SPL; 902 default: llvm_unreachable("Unexpected size"); 903 } 904 case X86::RBP: case X86::EBP: case X86::BP: case X86::BPL: 905 switch (Size) { 906 case 8: return X86::RBP; case 4: return X86::EBP; 907 case 2: return X86::BP; case 1: return X86::BPL; 908 default: llvm_unreachable("Unexpected size"); 909 } 910 case X86::R8: case X86::R8D: case X86::R8W: case X86::R8B: 911 switch (Size) { 912 case 8: return X86::R8; case 4: return X86::R8D; 913 case 2: return X86::R8W; case 1: return X86::R8B; 914 default: llvm_unreachable("Unexpected size"); 915 } 916 case X86::R9: case X86::R9D: case X86::R9W: case X86::R9B: 917 switch (Size) { 918 case 8: return X86::R9; case 4: return X86::R9D; 919 case 2: return X86::R9W; case 1: return X86::R9B; 920 default: llvm_unreachable("Unexpected size"); 921 } 922 case X86::R10: case X86::R10D: case X86::R10W: case X86::R10B: 923 switch (Size) { 924 case 8: return X86::R10; case 4: return X86::R10D; 925 case 2: return X86::R10W; case 1: return X86::R10B; 926 default: llvm_unreachable("Unexpected size"); 927 } 928 case X86::R11: case X86::R11D: case X86::R11W: case X86::R11B: 929 switch (Size) { 930 case 8: return X86::R11; case 4: return X86::R11D; 931 case 2: return X86::R11W; case 1: return X86::R11B; 932 default: llvm_unreachable("Unexpected size"); 933 } 934 case X86::R12: case X86::R12D: case X86::R12W: case X86::R12B: 935 switch (Size) { 936 case 8: return X86::R12; case 4: return X86::R12D; 937 case 2: return X86::R12W; case 1: return X86::R12B; 938 default: llvm_unreachable("Unexpected size"); 939 } 940 case X86::R13: case X86::R13D: case X86::R13W: case X86::R13B: 941 switch (Size) { 942 case 8: return X86::R13; case 4: return X86::R13D; 943 case 2: return X86::R13W; case 1: return X86::R13B; 944 default: llvm_unreachable("Unexpected size"); 945 } 946 case X86::R14: case X86::R14D: case X86::R14W: case X86::R14B: 947 switch (Size) { 948 case 8: return X86::R14; case 4: return X86::R14D; 949 case 2: return X86::R14W; case 1: return X86::R14B; 950 default: llvm_unreachable("Unexpected size"); 951 } 952 case X86::R15: case X86::R15D: case X86::R15W: case X86::R15B: 953 switch (Size) { 954 case 8: return X86::R15; case 4: return X86::R15D; 955 case 2: return X86::R15W; case 1: return X86::R15B; 956 default: llvm_unreachable("Unexpected size"); 957 } 958 default: 959 dbgs() << Reg << " (get alias sized)\n"; 960 llvm_unreachable("Unexpected reg number"); 961 break; 962 } 963 } 964 965 bool isUpper8BitReg(MCPhysReg Reg) const override { 966 switch (Reg) { 967 case X86::AH: 968 case X86::BH: 969 case X86::CH: 970 case X86::DH: 971 return true; 972 default: 973 return false; 974 } 975 } 976 977 bool cannotUseREX(const MCInst &Inst) const override { 978 switch (Inst.getOpcode()) { 979 case X86::MOV8mr_NOREX: 980 case X86::MOV8rm_NOREX: 981 case X86::MOV8rr_NOREX: 982 case X86::MOVSX32rm8_NOREX: 983 case X86::MOVSX32rr8_NOREX: 984 case X86::MOVZX32rm8_NOREX: 985 case X86::MOVZX32rr8_NOREX: 986 case X86::MOV8mr: 987 case X86::MOV8rm: 988 case X86::MOV8rr: 989 case X86::MOVSX32rm8: 990 case X86::MOVSX32rr8: 991 case X86::MOVZX32rm8: 992 case X86::MOVZX32rr8: 993 case X86::TEST8ri: 994 for (const MCOperand &Operand : MCPlus::primeOperands(Inst)) { 995 if (!Operand.isReg()) 996 continue; 997 if (isUpper8BitReg(Operand.getReg())) 998 return true; 999 } 1000 LLVM_FALLTHROUGH; 1001 default: 1002 return false; 1003 } 1004 } 1005 1006 bool isStackAccess(const MCInst &Inst, bool &IsLoad, bool &IsStore, 1007 bool &IsStoreFromReg, MCPhysReg &Reg, int32_t &SrcImm, 1008 uint16_t &StackPtrReg, int64_t &StackOffset, uint8_t &Size, 1009 bool &IsSimple, bool &IsIndexed) const override { 1010 // Detect simple push/pop cases first 1011 if (int Sz = getPushSize(Inst)) { 1012 IsLoad = false; 1013 IsStore = true; 1014 IsStoreFromReg = true; 1015 StackPtrReg = X86::RSP; 1016 StackOffset = -Sz; 1017 Size = Sz; 1018 IsSimple = true; 1019 if (Inst.getOperand(0).isImm()) 1020 SrcImm = Inst.getOperand(0).getImm(); 1021 else if (Inst.getOperand(0).isReg()) 1022 Reg = Inst.getOperand(0).getReg(); 1023 else 1024 IsSimple = false; 1025 1026 return true; 1027 } 1028 if (int Sz = getPopSize(Inst)) { 1029 IsLoad = true; 1030 IsStore = false; 1031 if (Inst.getNumOperands() == 0 || !Inst.getOperand(0).isReg()) { 1032 IsSimple = false; 1033 } else { 1034 Reg = Inst.getOperand(0).getReg(); 1035 IsSimple = true; 1036 } 1037 StackPtrReg = X86::RSP; 1038 StackOffset = 0; 1039 Size = Sz; 1040 return true; 1041 } 1042 1043 struct InstInfo { 1044 // Size in bytes that Inst loads from memory. 1045 uint8_t DataSize; 1046 bool IsLoad; 1047 bool IsStore; 1048 bool StoreFromReg; 1049 bool Simple; 1050 }; 1051 1052 InstInfo I; 1053 int MemOpNo = getMemoryOperandNo(Inst); 1054 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1055 // If it is not dealing with a memory operand, we discard it 1056 if (MemOpNo == -1 || MCII.isCall()) 1057 return false; 1058 1059 switch (Inst.getOpcode()) { 1060 default: { 1061 uint8_t Sz = 0; 1062 bool IsLoad = MCII.mayLoad(); 1063 bool IsStore = MCII.mayStore(); 1064 // Is it LEA? (deals with memory but is not loading nor storing) 1065 if (!IsLoad && !IsStore) 1066 return false; 1067 1068 // Try to guess data size involved in the load/store by looking at the 1069 // register size. If there's no reg involved, return 0 as size, meaning 1070 // we don't know. 1071 for (unsigned I = 0, E = MCII.getNumOperands(); I != E; ++I) { 1072 if (MCII.OpInfo[I].OperandType != MCOI::OPERAND_REGISTER) 1073 continue; 1074 if (static_cast<int>(I) >= MemOpNo && I < X86::AddrNumOperands) 1075 continue; 1076 Sz = RegInfo->getRegClass(MCII.OpInfo[I].RegClass).getSizeInBits() / 8; 1077 break; 1078 } 1079 I = {Sz, IsLoad, IsStore, false, false}; 1080 break; 1081 } 1082 case X86::MOV16rm: I = {2, true, false, false, true}; break; 1083 case X86::MOV32rm: I = {4, true, false, false, true}; break; 1084 case X86::MOV64rm: I = {8, true, false, false, true}; break; 1085 case X86::MOV16mr: I = {2, false, true, true, true}; break; 1086 case X86::MOV32mr: I = {4, false, true, true, true}; break; 1087 case X86::MOV64mr: I = {8, false, true, true, true}; break; 1088 case X86::MOV16mi: I = {2, false, true, false, true}; break; 1089 case X86::MOV32mi: I = {4, false, true, false, true}; break; 1090 } // end switch (Inst.getOpcode()) 1091 1092 unsigned BaseRegNum; 1093 int64_t ScaleValue; 1094 unsigned IndexRegNum; 1095 int64_t DispValue; 1096 unsigned SegRegNum; 1097 const MCExpr *DispExpr; 1098 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1099 &DispValue, &SegRegNum, &DispExpr)) { 1100 LLVM_DEBUG(dbgs() << "Evaluate failed on "); 1101 LLVM_DEBUG(Inst.dump()); 1102 return false; 1103 } 1104 1105 // Make sure it's a stack access 1106 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) 1107 return false; 1108 1109 IsLoad = I.IsLoad; 1110 IsStore = I.IsStore; 1111 IsStoreFromReg = I.StoreFromReg; 1112 Size = I.DataSize; 1113 IsSimple = I.Simple; 1114 StackPtrReg = BaseRegNum; 1115 StackOffset = DispValue; 1116 IsIndexed = IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister; 1117 1118 if (!I.Simple) 1119 return true; 1120 1121 // Retrieve related register in simple MOV from/to stack operations. 1122 unsigned MemOpOffset = static_cast<unsigned>(MemOpNo); 1123 if (I.IsLoad) { 1124 MCOperand RegOpnd = Inst.getOperand(0); 1125 assert(RegOpnd.isReg() && "unexpected destination operand"); 1126 Reg = RegOpnd.getReg(); 1127 } else if (I.IsStore) { 1128 MCOperand SrcOpnd = 1129 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1130 if (I.StoreFromReg) { 1131 assert(SrcOpnd.isReg() && "unexpected source operand"); 1132 Reg = SrcOpnd.getReg(); 1133 } else { 1134 assert(SrcOpnd.isImm() && "unexpected source operand"); 1135 SrcImm = SrcOpnd.getImm(); 1136 } 1137 } 1138 1139 return true; 1140 } 1141 1142 void changeToPushOrPop(MCInst &Inst) const override { 1143 assert(!isPush(Inst) && !isPop(Inst)); 1144 1145 struct InstInfo { 1146 // Size in bytes that Inst loads from memory. 1147 uint8_t DataSize; 1148 bool IsLoad; 1149 bool StoreFromReg; 1150 }; 1151 1152 InstInfo I; 1153 switch (Inst.getOpcode()) { 1154 default: { 1155 llvm_unreachable("Unhandled opcode"); 1156 return; 1157 } 1158 case X86::MOV16rm: I = {2, true, false}; break; 1159 case X86::MOV32rm: I = {4, true, false}; break; 1160 case X86::MOV64rm: I = {8, true, false}; break; 1161 case X86::MOV16mr: I = {2, false, true}; break; 1162 case X86::MOV32mr: I = {4, false, true}; break; 1163 case X86::MOV64mr: I = {8, false, true}; break; 1164 case X86::MOV16mi: I = {2, false, false}; break; 1165 case X86::MOV32mi: I = {4, false, false}; break; 1166 } // end switch (Inst.getOpcode()) 1167 1168 unsigned BaseRegNum; 1169 int64_t ScaleValue; 1170 unsigned IndexRegNum; 1171 int64_t DispValue; 1172 unsigned SegRegNum; 1173 const MCExpr *DispExpr; 1174 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, &IndexRegNum, 1175 &DispValue, &SegRegNum, &DispExpr)) { 1176 llvm_unreachable("Evaluate failed"); 1177 return; 1178 } 1179 // Make sure it's a stack access 1180 if (BaseRegNum != X86::RBP && BaseRegNum != X86::RSP) { 1181 llvm_unreachable("Not a stack access"); 1182 return; 1183 } 1184 1185 unsigned MemOpOffset = getMemoryOperandNo(Inst); 1186 unsigned NewOpcode = 0; 1187 if (I.IsLoad) { 1188 switch (I.DataSize) { 1189 case 2: NewOpcode = X86::POP16r; break; 1190 case 4: NewOpcode = X86::POP32r; break; 1191 case 8: NewOpcode = X86::POP64r; break; 1192 default: 1193 llvm_unreachable("Unexpected size"); 1194 } 1195 unsigned RegOpndNum = Inst.getOperand(0).getReg(); 1196 Inst.clear(); 1197 Inst.setOpcode(NewOpcode); 1198 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1199 } else { 1200 MCOperand SrcOpnd = 1201 Inst.getOperand(MemOpOffset + X86::AddrSegmentReg + 1); 1202 if (I.StoreFromReg) { 1203 switch (I.DataSize) { 1204 case 2: NewOpcode = X86::PUSH16r; break; 1205 case 4: NewOpcode = X86::PUSH32r; break; 1206 case 8: NewOpcode = X86::PUSH64r; break; 1207 default: 1208 llvm_unreachable("Unexpected size"); 1209 } 1210 assert(SrcOpnd.isReg() && "Unexpected source operand"); 1211 unsigned RegOpndNum = SrcOpnd.getReg(); 1212 Inst.clear(); 1213 Inst.setOpcode(NewOpcode); 1214 Inst.addOperand(MCOperand::createReg(RegOpndNum)); 1215 } else { 1216 switch (I.DataSize) { 1217 case 2: NewOpcode = X86::PUSH16i8; break; 1218 case 4: NewOpcode = X86::PUSH32i8; break; 1219 case 8: NewOpcode = X86::PUSH64i32; break; 1220 default: 1221 llvm_unreachable("Unexpected size"); 1222 } 1223 assert(SrcOpnd.isImm() && "Unexpected source operand"); 1224 int64_t SrcImm = SrcOpnd.getImm(); 1225 Inst.clear(); 1226 Inst.setOpcode(NewOpcode); 1227 Inst.addOperand(MCOperand::createImm(SrcImm)); 1228 } 1229 } 1230 } 1231 1232 bool isStackAdjustment(const MCInst &Inst) const override { 1233 switch (Inst.getOpcode()) { 1234 default: 1235 return false; 1236 case X86::SUB64ri32: 1237 case X86::SUB64ri8: 1238 case X86::ADD64ri32: 1239 case X86::ADD64ri8: 1240 case X86::LEA64r: 1241 break; 1242 } 1243 1244 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1245 for (int I = 0, E = MCII.getNumDefs(); I != E; ++I) { 1246 const MCOperand &Operand = Inst.getOperand(I); 1247 if (Operand.isReg() && Operand.getReg() == X86::RSP) 1248 return true; 1249 } 1250 return false; 1251 } 1252 1253 bool 1254 evaluateStackOffsetExpr(const MCInst &Inst, int64_t &Output, 1255 std::pair<MCPhysReg, int64_t> Input1, 1256 std::pair<MCPhysReg, int64_t> Input2) const override { 1257 1258 auto getOperandVal = [&](MCPhysReg Reg) -> ErrorOr<int64_t> { 1259 if (Reg == Input1.first) 1260 return Input1.second; 1261 if (Reg == Input2.first) 1262 return Input2.second; 1263 return make_error_code(errc::result_out_of_range); 1264 }; 1265 1266 switch (Inst.getOpcode()) { 1267 default: 1268 return false; 1269 1270 case X86::SUB64ri32: 1271 case X86::SUB64ri8: 1272 if (!Inst.getOperand(2).isImm()) 1273 return false; 1274 if (ErrorOr<int64_t> InputVal = 1275 getOperandVal(Inst.getOperand(1).getReg())) 1276 Output = *InputVal - Inst.getOperand(2).getImm(); 1277 else 1278 return false; 1279 break; 1280 case X86::ADD64ri32: 1281 case X86::ADD64ri8: 1282 if (!Inst.getOperand(2).isImm()) 1283 return false; 1284 if (ErrorOr<int64_t> InputVal = 1285 getOperandVal(Inst.getOperand(1).getReg())) 1286 Output = *InputVal + Inst.getOperand(2).getImm(); 1287 else 1288 return false; 1289 break; 1290 case X86::ADD64i32: 1291 if (!Inst.getOperand(0).isImm()) 1292 return false; 1293 if (ErrorOr<int64_t> InputVal = getOperandVal(X86::RAX)) 1294 Output = *InputVal + Inst.getOperand(0).getImm(); 1295 else 1296 return false; 1297 break; 1298 1299 case X86::LEA64r: { 1300 unsigned BaseRegNum; 1301 int64_t ScaleValue; 1302 unsigned IndexRegNum; 1303 int64_t DispValue; 1304 unsigned SegRegNum; 1305 const MCExpr *DispExpr = nullptr; 1306 if (!evaluateX86MemoryOperand(Inst, &BaseRegNum, &ScaleValue, 1307 &IndexRegNum, &DispValue, &SegRegNum, 1308 &DispExpr)) 1309 return false; 1310 1311 if (BaseRegNum == X86::NoRegister || IndexRegNum != X86::NoRegister || 1312 SegRegNum != X86::NoRegister || DispExpr) 1313 return false; 1314 1315 if (ErrorOr<int64_t> InputVal = getOperandVal(BaseRegNum)) 1316 Output = *InputVal + DispValue; 1317 else 1318 return false; 1319 1320 break; 1321 } 1322 } 1323 return true; 1324 } 1325 1326 bool isRegToRegMove(const MCInst &Inst, MCPhysReg &From, 1327 MCPhysReg &To) const override { 1328 switch (Inst.getOpcode()) { 1329 default: 1330 return false; 1331 case X86::LEAVE: 1332 case X86::LEAVE64: 1333 To = getStackPointer(); 1334 From = getFramePointer(); 1335 return true; 1336 case X86::MOV64rr: 1337 To = Inst.getOperand(0).getReg(); 1338 From = Inst.getOperand(1).getReg(); 1339 return true; 1340 } 1341 } 1342 1343 MCPhysReg getStackPointer() const override { return X86::RSP; } 1344 MCPhysReg getFramePointer() const override { return X86::RBP; } 1345 MCPhysReg getFlagsReg() const override { return X86::EFLAGS; } 1346 1347 bool escapesVariable(const MCInst &Inst, 1348 bool HasFramePointer) const override { 1349 int MemOpNo = getMemoryOperandNo(Inst); 1350 const MCInstrDesc &MCII = Info->get(Inst.getOpcode()); 1351 const unsigned NumDefs = MCII.getNumDefs(); 1352 static BitVector SPBPAliases(BitVector(getAliases(X86::RSP)) |= 1353 getAliases(X86::RBP)); 1354 static BitVector SPAliases(getAliases(X86::RSP)); 1355 1356 // FIXME: PUSH can be technically a leak, but let's ignore this for now 1357 // because a lot of harmless prologue code will spill SP to the stack. 1358 // Unless push is clearly pushing an object address to the stack as 1359 // demonstrated by having a MemOp. 1360 bool IsPush = isPush(Inst); 1361 if (IsPush && MemOpNo == -1) 1362 return false; 1363 1364 // We use this to detect LEA (has memop but does not access mem) 1365 bool AccessMem = MCII.mayLoad() || MCII.mayStore(); 1366 bool DoesLeak = false; 1367 for (int I = 0, E = MCPlus::getNumPrimeOperands(Inst); I != E; ++I) { 1368 // Ignore if SP/BP is used to dereference memory -- that's fine 1369 if (MemOpNo != -1 && !IsPush && AccessMem && I >= MemOpNo && 1370 I <= MemOpNo + 5) 1371 continue; 1372 // Ignore if someone is writing to SP/BP 1373 if (I < static_cast<int>(NumDefs)) 1374 continue; 1375 1376 const MCOperand &Operand = Inst.getOperand(I); 1377 if (HasFramePointer && Operand.isReg() && SPBPAliases[Operand.getReg()]) { 1378 DoesLeak = true; 1379 break; 1380 } 1381 if (!HasFramePointer && Operand.isReg() && SPAliases[Operand.getReg()]) { 1382 DoesLeak = true; 1383 break; 1384 } 1385 } 1386 1387 // If potential leak, check if it is not just writing to itself/sp/bp 1388 if (DoesLeak) { 1389 for (int I = 0, E = NumDefs; I != E; ++I) { 1390 const MCOperand &Operand = Inst.getOperand(I); 1391 if (HasFramePointer && Operand.isReg() && 1392 SPBPAliases[Operand.getReg()]) { 1393 DoesLeak = false; 1394 break; 1395 } 1396 if (!HasFramePointer && Operand.isReg() && 1397 SPAliases[Operand.getReg()]) { 1398 DoesLeak = false; 1399 break; 1400 } 1401 } 1402 } 1403 return DoesLeak; 1404 } 1405 1406 bool addToImm(MCInst &Inst, int64_t &Amt, MCContext *Ctx) const override { 1407 unsigned ImmOpNo = -1U; 1408 int MemOpNo = getMemoryOperandNo(Inst); 1409 if (MemOpNo != -1) 1410 ImmOpNo = MemOpNo + X86::AddrDisp; 1411 else 1412 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 1413 ++Index) 1414 if (Inst.getOperand(Index).isImm()) 1415 ImmOpNo = Index; 1416 if (ImmOpNo == -1U) 1417 return false; 1418 1419 MCOperand &Operand = Inst.getOperand(ImmOpNo); 1420 Amt += Operand.getImm(); 1421 Operand.setImm(Amt); 1422 // Check for the need for relaxation 1423 if (int64_t(Amt) == int64_t(int8_t(Amt))) 1424 return true; 1425 1426 // Relax instruction 1427 switch (Inst.getOpcode()) { 1428 case X86::SUB64ri8: 1429 Inst.setOpcode(X86::SUB64ri32); 1430 break; 1431 case X86::ADD64ri8: 1432 Inst.setOpcode(X86::ADD64ri32); 1433 break; 1434 default: 1435 // No need for relaxation 1436 break; 1437 } 1438 return true; 1439 } 1440 1441 /// TODO: this implementation currently works for the most common opcodes that 1442 /// load from memory. It can be extended to work with memory store opcodes as 1443 /// well as more memory load opcodes. 1444 bool replaceMemOperandWithImm(MCInst &Inst, StringRef ConstantData, 1445 uint64_t Offset) const override { 1446 enum CheckSignExt : uint8_t { 1447 NOCHECK = 0, 1448 CHECK8, 1449 CHECK32, 1450 }; 1451 1452 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 1453 struct InstInfo { 1454 // Size in bytes that Inst loads from memory. 1455 uint8_t DataSize; 1456 1457 // True when the target operand has to be duplicated because the opcode 1458 // expects a LHS operand. 1459 bool HasLHS; 1460 1461 // List of checks and corresponding opcodes to be used. We try to use the 1462 // smallest possible immediate value when various sizes are available, 1463 // hence we may need to check whether a larger constant fits in a smaller 1464 // immediate. 1465 CheckList Checks; 1466 }; 1467 1468 InstInfo I; 1469 1470 switch (Inst.getOpcode()) { 1471 default: { 1472 switch (getPopSize(Inst)) { 1473 case 2: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1474 case 4: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1475 case 8: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1476 {NOCHECK, X86::MOV64rm}}}; break; 1477 default: return false; 1478 } 1479 break; 1480 } 1481 1482 // MOV 1483 case X86::MOV8rm: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 1484 case X86::MOV16rm: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 1485 case X86::MOV32rm: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 1486 case X86::MOV64rm: I = {8, false, {{CHECK32, X86::MOV64ri32}, 1487 {NOCHECK, X86::MOV64rm}}}; break; 1488 1489 // MOVZX 1490 case X86::MOVZX16rm8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 1491 case X86::MOVZX32rm8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 1492 case X86::MOVZX32rm16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 1493 1494 // CMP 1495 case X86::CMP8rm: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 1496 case X86::CMP16rm: I = {2, false, {{CHECK8, X86::CMP16ri8}, 1497 {NOCHECK, X86::CMP16ri}}}; break; 1498 case X86::CMP32rm: I = {4, false, {{CHECK8, X86::CMP32ri8}, 1499 {NOCHECK, X86::CMP32ri}}}; break; 1500 case X86::CMP64rm: I = {8, false, {{CHECK8, X86::CMP64ri8}, 1501 {CHECK32, X86::CMP64ri32}, 1502 {NOCHECK, X86::CMP64rm}}}; break; 1503 1504 // TEST 1505 case X86::TEST8mr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 1506 case X86::TEST16mr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 1507 case X86::TEST32mr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 1508 case X86::TEST64mr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 1509 {NOCHECK, X86::TEST64mr}}}; break; 1510 1511 // ADD 1512 case X86::ADD8rm: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 1513 case X86::ADD16rm: I = {2, true, {{CHECK8, X86::ADD16ri8}, 1514 {NOCHECK, X86::ADD16ri}}}; break; 1515 case X86::ADD32rm: I = {4, true, {{CHECK8, X86::ADD32ri8}, 1516 {NOCHECK, X86::ADD32ri}}}; break; 1517 case X86::ADD64rm: I = {8, true, {{CHECK8, X86::ADD64ri8}, 1518 {CHECK32, X86::ADD64ri32}, 1519 {NOCHECK, X86::ADD64rm}}}; break; 1520 1521 // SUB 1522 case X86::SUB8rm: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 1523 case X86::SUB16rm: I = {2, true, {{CHECK8, X86::SUB16ri8}, 1524 {NOCHECK, X86::SUB16ri}}}; break; 1525 case X86::SUB32rm: I = {4, true, {{CHECK8, X86::SUB32ri8}, 1526 {NOCHECK, X86::SUB32ri}}}; break; 1527 case X86::SUB64rm: I = {8, true, {{CHECK8, X86::SUB64ri8}, 1528 {CHECK32, X86::SUB64ri32}, 1529 {NOCHECK, X86::SUB64rm}}}; break; 1530 1531 // AND 1532 case X86::AND8rm: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 1533 case X86::AND16rm: I = {2, true, {{CHECK8, X86::AND16ri8}, 1534 {NOCHECK, X86::AND16ri}}}; break; 1535 case X86::AND32rm: I = {4, true, {{CHECK8, X86::AND32ri8}, 1536 {NOCHECK, X86::AND32ri}}}; break; 1537 case X86::AND64rm: I = {8, true, {{CHECK8, X86::AND64ri8}, 1538 {CHECK32, X86::AND64ri32}, 1539 {NOCHECK, X86::AND64rm}}}; break; 1540 1541 // OR 1542 case X86::OR8rm: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 1543 case X86::OR16rm: I = {2, true, {{CHECK8, X86::OR16ri8}, 1544 {NOCHECK, X86::OR16ri}}}; break; 1545 case X86::OR32rm: I = {4, true, {{CHECK8, X86::OR32ri8}, 1546 {NOCHECK, X86::OR32ri}}}; break; 1547 case X86::OR64rm: I = {8, true, {{CHECK8, X86::OR64ri8}, 1548 {CHECK32, X86::OR64ri32}, 1549 {NOCHECK, X86::OR64rm}}}; break; 1550 1551 // XOR 1552 case X86::XOR8rm: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 1553 case X86::XOR16rm: I = {2, true, {{CHECK8, X86::XOR16ri8}, 1554 {NOCHECK, X86::XOR16ri}}}; break; 1555 case X86::XOR32rm: I = {4, true, {{CHECK8, X86::XOR32ri8}, 1556 {NOCHECK, X86::XOR32ri}}}; break; 1557 case X86::XOR64rm: I = {8, true, {{CHECK8, X86::XOR64ri8}, 1558 {CHECK32, X86::XOR64ri32}, 1559 {NOCHECK, X86::XOR64rm}}}; break; 1560 } 1561 1562 // Compute the immediate value. 1563 assert(Offset + I.DataSize <= ConstantData.size() && 1564 "invalid offset for given constant data"); 1565 int64_t ImmVal = 1566 DataExtractor(ConstantData, true, 8).getSigned(&Offset, I.DataSize); 1567 1568 // Compute the new opcode. 1569 unsigned NewOpcode = 0; 1570 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 1571 NewOpcode = Check.second; 1572 if (Check.first == NOCHECK) 1573 break; 1574 if (Check.first == CHECK8 && isInt<8>(ImmVal)) 1575 break; 1576 if (Check.first == CHECK32 && isInt<32>(ImmVal)) 1577 break; 1578 } 1579 if (NewOpcode == Inst.getOpcode()) 1580 return false; 1581 1582 // Modify the instruction. 1583 MCOperand ImmOp = MCOperand::createImm(ImmVal); 1584 uint32_t TargetOpNum = 0; 1585 // Test instruction does not follow the regular pattern of putting the 1586 // memory reference of a load (5 MCOperands) last in the list of operands. 1587 // Since it is not modifying the register operand, it is not treated as 1588 // a destination operand and it is not the first operand as it is in the 1589 // other instructions we treat here. 1590 if (NewOpcode == X86::TEST8ri || NewOpcode == X86::TEST16ri || 1591 NewOpcode == X86::TEST32ri || NewOpcode == X86::TEST64ri32) 1592 TargetOpNum = getMemoryOperandNo(Inst) + X86::AddrNumOperands; 1593 1594 MCOperand TargetOp = Inst.getOperand(TargetOpNum); 1595 Inst.clear(); 1596 Inst.setOpcode(NewOpcode); 1597 Inst.addOperand(TargetOp); 1598 if (I.HasLHS) 1599 Inst.addOperand(TargetOp); 1600 Inst.addOperand(ImmOp); 1601 1602 return true; 1603 } 1604 1605 /// TODO: this implementation currently works for the most common opcodes that 1606 /// load from memory. It can be extended to work with memory store opcodes as 1607 /// well as more memory load opcodes. 1608 bool replaceMemOperandWithReg(MCInst &Inst, MCPhysReg RegNum) const override { 1609 unsigned NewOpcode; 1610 1611 switch (Inst.getOpcode()) { 1612 default: { 1613 switch (getPopSize(Inst)) { 1614 case 2: NewOpcode = X86::MOV16rr; break; 1615 case 4: NewOpcode = X86::MOV32rr; break; 1616 case 8: NewOpcode = X86::MOV64rr; break; 1617 default: return false; 1618 } 1619 break; 1620 } 1621 1622 // MOV 1623 case X86::MOV8rm: NewOpcode = X86::MOV8rr; break; 1624 case X86::MOV16rm: NewOpcode = X86::MOV16rr; break; 1625 case X86::MOV32rm: NewOpcode = X86::MOV32rr; break; 1626 case X86::MOV64rm: NewOpcode = X86::MOV64rr; break; 1627 } 1628 1629 // Modify the instruction. 1630 MCOperand RegOp = MCOperand::createReg(RegNum); 1631 MCOperand TargetOp = Inst.getOperand(0); 1632 Inst.clear(); 1633 Inst.setOpcode(NewOpcode); 1634 Inst.addOperand(TargetOp); 1635 Inst.addOperand(RegOp); 1636 1637 return true; 1638 } 1639 1640 bool isRedundantMove(const MCInst &Inst) const override { 1641 switch (Inst.getOpcode()) { 1642 default: 1643 return false; 1644 1645 // MOV 1646 case X86::MOV8rr: 1647 case X86::MOV16rr: 1648 case X86::MOV32rr: 1649 case X86::MOV64rr: 1650 break; 1651 } 1652 1653 assert(Inst.getOperand(0).isReg() && Inst.getOperand(1).isReg()); 1654 return Inst.getOperand(0).getReg() == Inst.getOperand(1).getReg(); 1655 } 1656 1657 bool requiresAlignedAddress(const MCInst &Inst) const override { 1658 const MCInstrDesc &Desc = Info->get(Inst.getOpcode()); 1659 for (unsigned int I = 0; I < Desc.getNumOperands(); ++I) { 1660 const MCOperandInfo &Op = Desc.OpInfo[I]; 1661 if (Op.OperandType != MCOI::OPERAND_REGISTER) 1662 continue; 1663 if (Op.RegClass == X86::VR128RegClassID) 1664 return true; 1665 } 1666 return false; 1667 } 1668 1669 bool convertJmpToTailCall(MCInst &Inst) override { 1670 if (isTailCall(Inst)) 1671 return false; 1672 1673 int NewOpcode; 1674 switch (Inst.getOpcode()) { 1675 default: 1676 return false; 1677 case X86::JMP_1: 1678 case X86::JMP_2: 1679 case X86::JMP_4: 1680 NewOpcode = X86::JMP_4; 1681 break; 1682 case X86::JMP16m: 1683 case X86::JMP32m: 1684 case X86::JMP64m: 1685 NewOpcode = X86::JMP32m; 1686 break; 1687 case X86::JMP16r: 1688 case X86::JMP32r: 1689 case X86::JMP64r: 1690 NewOpcode = X86::JMP32r; 1691 break; 1692 } 1693 1694 Inst.setOpcode(NewOpcode); 1695 setTailCall(Inst); 1696 return true; 1697 } 1698 1699 bool convertTailCallToJmp(MCInst &Inst) override { 1700 int NewOpcode; 1701 switch (Inst.getOpcode()) { 1702 default: 1703 return false; 1704 case X86::JMP_4: 1705 NewOpcode = X86::JMP_1; 1706 break; 1707 case X86::JMP32m: 1708 NewOpcode = X86::JMP64m; 1709 break; 1710 case X86::JMP32r: 1711 NewOpcode = X86::JMP64r; 1712 break; 1713 } 1714 1715 Inst.setOpcode(NewOpcode); 1716 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1717 clearOffset(Inst); 1718 return true; 1719 } 1720 1721 bool convertTailCallToCall(MCInst &Inst) override { 1722 int NewOpcode; 1723 switch (Inst.getOpcode()) { 1724 default: 1725 return false; 1726 case X86::JMP_4: 1727 NewOpcode = X86::CALL64pcrel32; 1728 break; 1729 case X86::JMP32m: 1730 NewOpcode = X86::CALL64m; 1731 break; 1732 case X86::JMP32r: 1733 NewOpcode = X86::CALL64r; 1734 break; 1735 } 1736 1737 Inst.setOpcode(NewOpcode); 1738 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1739 return true; 1740 } 1741 1742 bool convertCallToIndirectCall(MCInst &Inst, const MCSymbol *TargetLocation, 1743 MCContext *Ctx) override { 1744 assert((Inst.getOpcode() == X86::CALL64pcrel32 || 1745 (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst))) && 1746 "64-bit direct (tail) call instruction expected"); 1747 const auto NewOpcode = 1748 (Inst.getOpcode() == X86::CALL64pcrel32) ? X86::CALL64m : X86::JMP32m; 1749 Inst.setOpcode(NewOpcode); 1750 1751 // Replace the first operand and preserve auxiliary operands of 1752 // the instruction. 1753 Inst.erase(Inst.begin()); 1754 Inst.insert(Inst.begin(), 1755 MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 1756 Inst.insert(Inst.begin(), 1757 MCOperand::createExpr( // Displacement 1758 MCSymbolRefExpr::create(TargetLocation, 1759 MCSymbolRefExpr::VK_None, *Ctx))); 1760 Inst.insert(Inst.begin(), 1761 MCOperand::createReg(X86::NoRegister)); // IndexReg 1762 Inst.insert(Inst.begin(), 1763 MCOperand::createImm(1)); // ScaleAmt 1764 Inst.insert(Inst.begin(), 1765 MCOperand::createReg(X86::RIP)); // BaseReg 1766 1767 return true; 1768 } 1769 1770 void convertIndirectCallToLoad(MCInst &Inst, MCPhysReg Reg) override { 1771 bool IsTailCall = isTailCall(Inst); 1772 if (IsTailCall) 1773 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1774 if (Inst.getOpcode() == X86::CALL64m || 1775 (Inst.getOpcode() == X86::JMP32m && IsTailCall)) { 1776 Inst.setOpcode(X86::MOV64rm); 1777 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1778 return; 1779 } 1780 if (Inst.getOpcode() == X86::CALL64r || 1781 (Inst.getOpcode() == X86::JMP32r && IsTailCall)) { 1782 Inst.setOpcode(X86::MOV64rr); 1783 Inst.insert(Inst.begin(), MCOperand::createReg(Reg)); 1784 return; 1785 } 1786 LLVM_DEBUG(Inst.dump()); 1787 llvm_unreachable("not implemented"); 1788 } 1789 1790 bool shortenInstruction(MCInst &Inst, 1791 const MCSubtargetInfo &STI) const override { 1792 unsigned OldOpcode = Inst.getOpcode(); 1793 unsigned NewOpcode = OldOpcode; 1794 1795 int MemOpNo = getMemoryOperandNo(Inst); 1796 1797 // Check and remove redundant Address-Size override prefix. 1798 if (opts::X86StripRedundantAddressSize) { 1799 uint64_t TSFlags = Info->get(OldOpcode).TSFlags; 1800 unsigned Flags = Inst.getFlags(); 1801 1802 if (!X86_MC::needsAddressSizeOverride(Inst, STI, MemOpNo, TSFlags) && 1803 Flags & X86::IP_HAS_AD_SIZE) 1804 Inst.setFlags(Flags ^ X86::IP_HAS_AD_SIZE); 1805 } 1806 1807 // Check and remove EIZ/RIZ. These cases represent ambiguous cases where 1808 // SIB byte is present, but no index is used and modrm alone should have 1809 // been enough. Converting to NoRegister effectively removes the SIB byte. 1810 if (MemOpNo >= 0) { 1811 MCOperand &IndexOp = 1812 Inst.getOperand(static_cast<unsigned>(MemOpNo) + X86::AddrIndexReg); 1813 if (IndexOp.getReg() == X86::EIZ || IndexOp.getReg() == X86::RIZ) 1814 IndexOp = MCOperand::createReg(X86::NoRegister); 1815 } 1816 1817 if (isBranch(Inst)) { 1818 NewOpcode = getShortBranchOpcode(OldOpcode); 1819 } else if (OldOpcode == X86::MOV64ri) { 1820 if (Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1821 const int64_t Imm = 1822 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1823 if (int64_t(Imm) == int64_t(int32_t(Imm))) 1824 NewOpcode = X86::MOV64ri32; 1825 } 1826 } else { 1827 // If it's arithmetic instruction check if signed operand fits in 1 byte. 1828 const unsigned ShortOpcode = getShortArithOpcode(OldOpcode); 1829 if (ShortOpcode != OldOpcode && 1830 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).isImm()) { 1831 int64_t Imm = 1832 Inst.getOperand(MCPlus::getNumPrimeOperands(Inst) - 1).getImm(); 1833 if (int64_t(Imm) == int64_t(int8_t(Imm))) 1834 NewOpcode = ShortOpcode; 1835 } 1836 } 1837 1838 if (NewOpcode == OldOpcode) 1839 return false; 1840 1841 Inst.setOpcode(NewOpcode); 1842 return true; 1843 } 1844 1845 bool 1846 convertMoveToConditionalMove(MCInst &Inst, unsigned CC, bool AllowStackMemOp, 1847 bool AllowBasePtrStackMemOp) const override { 1848 // - Register-register moves are OK 1849 // - Stores are filtered out by opcode (no store CMOV) 1850 // - Non-stack loads are prohibited (generally unsafe) 1851 // - Stack loads are OK if AllowStackMemOp is true 1852 // - Stack loads with RBP are OK if AllowBasePtrStackMemOp is true 1853 if (isLoad(Inst)) { 1854 // If stack memory operands are not allowed, no loads are allowed 1855 if (!AllowStackMemOp) 1856 return false; 1857 1858 // If stack memory operands are allowed, check if it's a load from stack 1859 bool IsLoad, IsStore, IsStoreFromReg, IsSimple, IsIndexed; 1860 MCPhysReg Reg; 1861 int32_t SrcImm; 1862 uint16_t StackPtrReg; 1863 int64_t StackOffset; 1864 uint8_t Size; 1865 bool IsStackAccess = 1866 isStackAccess(Inst, IsLoad, IsStore, IsStoreFromReg, Reg, SrcImm, 1867 StackPtrReg, StackOffset, Size, IsSimple, IsIndexed); 1868 // Prohibit non-stack-based loads 1869 if (!IsStackAccess) 1870 return false; 1871 // If stack memory operands are allowed, check if it's RBP-based 1872 if (!AllowBasePtrStackMemOp && 1873 RegInfo->isSubRegisterEq(X86::RBP, StackPtrReg)) 1874 return false; 1875 } 1876 1877 unsigned NewOpcode = 0; 1878 switch (Inst.getOpcode()) { 1879 case X86::MOV16rr: 1880 NewOpcode = X86::CMOV16rr; 1881 break; 1882 case X86::MOV16rm: 1883 NewOpcode = X86::CMOV16rm; 1884 break; 1885 case X86::MOV32rr: 1886 NewOpcode = X86::CMOV32rr; 1887 break; 1888 case X86::MOV32rm: 1889 NewOpcode = X86::CMOV32rm; 1890 break; 1891 case X86::MOV64rr: 1892 NewOpcode = X86::CMOV64rr; 1893 break; 1894 case X86::MOV64rm: 1895 NewOpcode = X86::CMOV64rm; 1896 break; 1897 default: 1898 return false; 1899 } 1900 Inst.setOpcode(NewOpcode); 1901 // Insert CC at the end of prime operands, before annotations 1902 Inst.insert(Inst.begin() + MCPlus::getNumPrimeOperands(Inst), 1903 MCOperand::createImm(CC)); 1904 // CMOV is a 3-operand MCInst, so duplicate the destination as src1 1905 Inst.insert(Inst.begin(), Inst.getOperand(0)); 1906 return true; 1907 } 1908 1909 bool lowerTailCall(MCInst &Inst) override { 1910 if (Inst.getOpcode() == X86::JMP_4 && isTailCall(Inst)) { 1911 Inst.setOpcode(X86::JMP_1); 1912 removeAnnotation(Inst, MCPlus::MCAnnotation::kTailCall); 1913 return true; 1914 } 1915 return false; 1916 } 1917 1918 const MCSymbol *getTargetSymbol(const MCInst &Inst, 1919 unsigned OpNum = 0) const override { 1920 if (OpNum >= MCPlus::getNumPrimeOperands(Inst)) 1921 return nullptr; 1922 1923 const MCOperand &Op = Inst.getOperand(OpNum); 1924 if (!Op.isExpr()) 1925 return nullptr; 1926 1927 auto *SymExpr = dyn_cast<MCSymbolRefExpr>(Op.getExpr()); 1928 if (!SymExpr || SymExpr->getKind() != MCSymbolRefExpr::VK_None) 1929 return nullptr; 1930 1931 return &SymExpr->getSymbol(); 1932 } 1933 1934 // This is the same as the base class, but since we are overriding one of 1935 // getTargetSymbol's signatures above, we need to override all of them. 1936 const MCSymbol *getTargetSymbol(const MCExpr *Expr) const override { 1937 return &cast<const MCSymbolRefExpr>(Expr)->getSymbol(); 1938 } 1939 1940 bool analyzeBranch(InstructionIterator Begin, InstructionIterator End, 1941 const MCSymbol *&TBB, const MCSymbol *&FBB, 1942 MCInst *&CondBranch, 1943 MCInst *&UncondBranch) const override { 1944 auto I = End; 1945 1946 // Bottom-up analysis 1947 while (I != Begin) { 1948 --I; 1949 1950 // Ignore nops and CFIs 1951 if (isPseudo(*I)) 1952 continue; 1953 1954 // Stop when we find the first non-terminator 1955 if (!isTerminator(*I)) 1956 break; 1957 1958 if (!isBranch(*I)) 1959 break; 1960 1961 // Handle unconditional branches. 1962 if ((I->getOpcode() == X86::JMP_1 || I->getOpcode() == X86::JMP_2 || 1963 I->getOpcode() == X86::JMP_4) && 1964 !isTailCall(*I)) { 1965 // If any code was seen after this unconditional branch, we've seen 1966 // unreachable code. Ignore them. 1967 CondBranch = nullptr; 1968 UncondBranch = &*I; 1969 const MCSymbol *Sym = getTargetSymbol(*I); 1970 assert(Sym != nullptr && 1971 "Couldn't extract BB symbol from jump operand"); 1972 TBB = Sym; 1973 continue; 1974 } 1975 1976 // Handle conditional branches and ignore indirect branches 1977 if (!isUnsupportedBranch(I->getOpcode()) && 1978 getCondCode(*I) == X86::COND_INVALID) { 1979 // Indirect branch 1980 return false; 1981 } 1982 1983 if (CondBranch == nullptr) { 1984 const MCSymbol *TargetBB = getTargetSymbol(*I); 1985 if (TargetBB == nullptr) { 1986 // Unrecognized branch target 1987 return false; 1988 } 1989 FBB = TBB; 1990 TBB = TargetBB; 1991 CondBranch = &*I; 1992 continue; 1993 } 1994 1995 llvm_unreachable("multiple conditional branches in one BB"); 1996 } 1997 return true; 1998 } 1999 2000 template <typename Itr> 2001 std::pair<IndirectBranchType, MCInst *> 2002 analyzePICJumpTable(Itr II, Itr IE, MCPhysReg R1, MCPhysReg R2) const { 2003 // Analyze PIC-style jump table code template: 2004 // 2005 // lea PIC_JUMP_TABLE(%rip), {%r1|%r2} <- MemLocInstr 2006 // mov ({%r1|%r2}, %index, 4), {%r2|%r1} 2007 // add %r2, %r1 2008 // jmp *%r1 2009 // 2010 // (with any irrelevant instructions in-between) 2011 // 2012 // When we call this helper we've already determined %r1 and %r2, and 2013 // reverse instruction iterator \p II is pointing to the ADD instruction. 2014 // 2015 // PIC jump table looks like following: 2016 // 2017 // JT: ---------- 2018 // E1:| L1 - JT | 2019 // |----------| 2020 // E2:| L2 - JT | 2021 // |----------| 2022 // | | 2023 // ...... 2024 // En:| Ln - JT | 2025 // ---------- 2026 // 2027 // Where L1, L2, ..., Ln represent labels in the function. 2028 // 2029 // The actual relocations in the table will be of the form: 2030 // 2031 // Ln - JT 2032 // = (Ln - En) + (En - JT) 2033 // = R_X86_64_PC32(Ln) + En - JT 2034 // = R_X86_64_PC32(Ln + offsetof(En)) 2035 // 2036 LLVM_DEBUG(dbgs() << "Checking for PIC jump table\n"); 2037 MCInst *MemLocInstr = nullptr; 2038 const MCInst *MovInstr = nullptr; 2039 while (++II != IE) { 2040 MCInst &Instr = *II; 2041 const MCInstrDesc &InstrDesc = Info->get(Instr.getOpcode()); 2042 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo) && 2043 !InstrDesc.hasDefOfPhysReg(Instr, R2, *RegInfo)) { 2044 // Ignore instructions that don't affect R1, R2 registers. 2045 continue; 2046 } 2047 if (!MovInstr) { 2048 // Expect to see MOV instruction. 2049 if (!isMOVSX64rm32(Instr)) { 2050 LLVM_DEBUG(dbgs() << "MOV instruction expected.\n"); 2051 break; 2052 } 2053 2054 // Check if it's setting %r1 or %r2. In canonical form it sets %r2. 2055 // If it sets %r1 - rename the registers so we have to only check 2056 // a single form. 2057 unsigned MovDestReg = Instr.getOperand(0).getReg(); 2058 if (MovDestReg != R2) 2059 std::swap(R1, R2); 2060 if (MovDestReg != R2) { 2061 LLVM_DEBUG(dbgs() << "MOV instruction expected to set %r2\n"); 2062 break; 2063 } 2064 2065 // Verify operands for MOV. 2066 unsigned BaseRegNum; 2067 int64_t ScaleValue; 2068 unsigned IndexRegNum; 2069 int64_t DispValue; 2070 unsigned SegRegNum; 2071 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2072 &IndexRegNum, &DispValue, &SegRegNum)) 2073 break; 2074 if (BaseRegNum != R1 || ScaleValue != 4 || 2075 IndexRegNum == X86::NoRegister || DispValue != 0 || 2076 SegRegNum != X86::NoRegister) 2077 break; 2078 MovInstr = &Instr; 2079 } else { 2080 if (!InstrDesc.hasDefOfPhysReg(Instr, R1, *RegInfo)) 2081 continue; 2082 if (!isLEA64r(Instr)) { 2083 LLVM_DEBUG(dbgs() << "LEA instruction expected\n"); 2084 break; 2085 } 2086 if (Instr.getOperand(0).getReg() != R1) { 2087 LLVM_DEBUG(dbgs() << "LEA instruction expected to set %r1\n"); 2088 break; 2089 } 2090 2091 // Verify operands for LEA. 2092 unsigned BaseRegNum; 2093 int64_t ScaleValue; 2094 unsigned IndexRegNum; 2095 const MCExpr *DispExpr = nullptr; 2096 int64_t DispValue; 2097 unsigned SegRegNum; 2098 if (!evaluateX86MemoryOperand(Instr, &BaseRegNum, &ScaleValue, 2099 &IndexRegNum, &DispValue, &SegRegNum, 2100 &DispExpr)) 2101 break; 2102 if (BaseRegNum != RegInfo->getProgramCounter() || 2103 IndexRegNum != X86::NoRegister || SegRegNum != X86::NoRegister || 2104 DispExpr == nullptr) 2105 break; 2106 MemLocInstr = &Instr; 2107 break; 2108 } 2109 } 2110 2111 if (!MemLocInstr) 2112 return std::make_pair(IndirectBranchType::UNKNOWN, nullptr); 2113 2114 LLVM_DEBUG(dbgs() << "checking potential PIC jump table\n"); 2115 return std::make_pair(IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE, 2116 MemLocInstr); 2117 } 2118 2119 IndirectBranchType analyzeIndirectBranch( 2120 MCInst &Instruction, InstructionIterator Begin, InstructionIterator End, 2121 const unsigned PtrSize, MCInst *&MemLocInstrOut, unsigned &BaseRegNumOut, 2122 unsigned &IndexRegNumOut, int64_t &DispValueOut, 2123 const MCExpr *&DispExprOut, MCInst *&PCRelBaseOut) const override { 2124 // Try to find a (base) memory location from where the address for 2125 // the indirect branch is loaded. For X86-64 the memory will be specified 2126 // in the following format: 2127 // 2128 // {%rip}/{%basereg} + Imm + IndexReg * Scale 2129 // 2130 // We are interested in the cases where Scale == sizeof(uintptr_t) and 2131 // the contents of the memory are presumably an array of pointers to code. 2132 // 2133 // Normal jump table: 2134 // 2135 // jmp *(JUMP_TABLE, %index, Scale) <- MemLocInstr 2136 // 2137 // or 2138 // 2139 // mov (JUMP_TABLE, %index, Scale), %r1 <- MemLocInstr 2140 // ... 2141 // jmp %r1 2142 // 2143 // We handle PIC-style jump tables separately. 2144 // 2145 MemLocInstrOut = nullptr; 2146 BaseRegNumOut = X86::NoRegister; 2147 IndexRegNumOut = X86::NoRegister; 2148 DispValueOut = 0; 2149 DispExprOut = nullptr; 2150 2151 std::reverse_iterator<InstructionIterator> II(End); 2152 std::reverse_iterator<InstructionIterator> IE(Begin); 2153 2154 IndirectBranchType Type = IndirectBranchType::UNKNOWN; 2155 2156 // An instruction referencing memory used by jump instruction (directly or 2157 // via register). This location could be an array of function pointers 2158 // in case of indirect tail call, or a jump table. 2159 MCInst *MemLocInstr = nullptr; 2160 2161 if (MCPlus::getNumPrimeOperands(Instruction) == 1) { 2162 // If the indirect jump is on register - try to detect if the 2163 // register value is loaded from a memory location. 2164 assert(Instruction.getOperand(0).isReg() && "register operand expected"); 2165 const unsigned R1 = Instruction.getOperand(0).getReg(); 2166 // Check if one of the previous instructions defines the jump-on register. 2167 for (auto PrevII = II; PrevII != IE; ++PrevII) { 2168 MCInst &PrevInstr = *PrevII; 2169 const MCInstrDesc &PrevInstrDesc = Info->get(PrevInstr.getOpcode()); 2170 2171 if (!PrevInstrDesc.hasDefOfPhysReg(PrevInstr, R1, *RegInfo)) 2172 continue; 2173 2174 if (isMoveMem2Reg(PrevInstr)) { 2175 MemLocInstr = &PrevInstr; 2176 break; 2177 } 2178 if (isADD64rr(PrevInstr)) { 2179 unsigned R2 = PrevInstr.getOperand(2).getReg(); 2180 if (R1 == R2) 2181 return IndirectBranchType::UNKNOWN; 2182 std::tie(Type, MemLocInstr) = analyzePICJumpTable(PrevII, IE, R1, R2); 2183 break; 2184 } 2185 return IndirectBranchType::UNKNOWN; 2186 } 2187 if (!MemLocInstr) { 2188 // No definition seen for the register in this function so far. Could be 2189 // an input parameter - which means it is an external code reference. 2190 // It also could be that the definition happens to be in the code that 2191 // we haven't processed yet. Since we have to be conservative, return 2192 // as UNKNOWN case. 2193 return IndirectBranchType::UNKNOWN; 2194 } 2195 } else { 2196 MemLocInstr = &Instruction; 2197 } 2198 2199 const MCRegister RIPRegister = RegInfo->getProgramCounter(); 2200 2201 // Analyze the memory location. 2202 unsigned BaseRegNum, IndexRegNum, SegRegNum; 2203 int64_t ScaleValue, DispValue; 2204 const MCExpr *DispExpr; 2205 2206 if (!evaluateX86MemoryOperand(*MemLocInstr, &BaseRegNum, &ScaleValue, 2207 &IndexRegNum, &DispValue, &SegRegNum, 2208 &DispExpr)) 2209 return IndirectBranchType::UNKNOWN; 2210 2211 BaseRegNumOut = BaseRegNum; 2212 IndexRegNumOut = IndexRegNum; 2213 DispValueOut = DispValue; 2214 DispExprOut = DispExpr; 2215 2216 if ((BaseRegNum != X86::NoRegister && BaseRegNum != RIPRegister) || 2217 SegRegNum != X86::NoRegister) 2218 return IndirectBranchType::UNKNOWN; 2219 2220 if (MemLocInstr == &Instruction && 2221 (!ScaleValue || IndexRegNum == X86::NoRegister)) { 2222 MemLocInstrOut = MemLocInstr; 2223 return IndirectBranchType::POSSIBLE_FIXED_BRANCH; 2224 } 2225 2226 if (Type == IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2227 (ScaleValue != 1 || BaseRegNum != RIPRegister)) 2228 return IndirectBranchType::UNKNOWN; 2229 2230 if (Type != IndirectBranchType::POSSIBLE_PIC_JUMP_TABLE && 2231 ScaleValue != PtrSize) 2232 return IndirectBranchType::UNKNOWN; 2233 2234 MemLocInstrOut = MemLocInstr; 2235 2236 return Type; 2237 } 2238 2239 /// Analyze a callsite to see if it could be a virtual method call. This only 2240 /// checks to see if the overall pattern is satisfied, it does not guarantee 2241 /// that the callsite is a true virtual method call. 2242 /// The format of virtual method calls that are recognized is one of the 2243 /// following: 2244 /// 2245 /// Form 1: (found in debug code) 2246 /// add METHOD_OFFSET, %VtableReg 2247 /// mov (%VtableReg), %MethodReg 2248 /// ... 2249 /// call or jmp *%MethodReg 2250 /// 2251 /// Form 2: 2252 /// mov METHOD_OFFSET(%VtableReg), %MethodReg 2253 /// ... 2254 /// call or jmp *%MethodReg 2255 /// 2256 /// Form 3: 2257 /// ... 2258 /// call or jmp *METHOD_OFFSET(%VtableReg) 2259 /// 2260 bool analyzeVirtualMethodCall(InstructionIterator ForwardBegin, 2261 InstructionIterator ForwardEnd, 2262 std::vector<MCInst *> &MethodFetchInsns, 2263 unsigned &VtableRegNum, unsigned &MethodRegNum, 2264 uint64_t &MethodOffset) const override { 2265 VtableRegNum = X86::NoRegister; 2266 MethodRegNum = X86::NoRegister; 2267 MethodOffset = 0; 2268 2269 std::reverse_iterator<InstructionIterator> Itr(ForwardEnd); 2270 std::reverse_iterator<InstructionIterator> End(ForwardBegin); 2271 2272 MCInst &CallInst = *Itr++; 2273 assert(isIndirectBranch(CallInst) || isCall(CallInst)); 2274 2275 unsigned BaseReg, IndexReg, SegmentReg; 2276 int64_t Scale, Disp; 2277 const MCExpr *DispExpr; 2278 2279 // The call can just be jmp offset(reg) 2280 if (evaluateX86MemoryOperand(CallInst, &BaseReg, &Scale, &IndexReg, &Disp, 2281 &SegmentReg, &DispExpr)) { 2282 if (!DispExpr && BaseReg != X86::RIP && BaseReg != X86::RBP && 2283 BaseReg != X86::NoRegister) { 2284 MethodRegNum = BaseReg; 2285 if (Scale == 1 && IndexReg == X86::NoRegister && 2286 SegmentReg == X86::NoRegister) { 2287 VtableRegNum = MethodRegNum; 2288 MethodOffset = Disp; 2289 MethodFetchInsns.push_back(&CallInst); 2290 return true; 2291 } 2292 } 2293 return false; 2294 } 2295 if (CallInst.getOperand(0).isReg()) 2296 MethodRegNum = CallInst.getOperand(0).getReg(); 2297 else 2298 return false; 2299 2300 if (MethodRegNum == X86::RIP || MethodRegNum == X86::RBP) { 2301 VtableRegNum = X86::NoRegister; 2302 MethodRegNum = X86::NoRegister; 2303 return false; 2304 } 2305 2306 // find load from vtable, this may or may not include the method offset 2307 while (Itr != End) { 2308 MCInst &CurInst = *Itr++; 2309 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2310 if (Desc.hasDefOfPhysReg(CurInst, MethodRegNum, *RegInfo)) { 2311 if (isLoad(CurInst) && 2312 evaluateX86MemoryOperand(CurInst, &BaseReg, &Scale, &IndexReg, 2313 &Disp, &SegmentReg, &DispExpr)) { 2314 if (!DispExpr && Scale == 1 && BaseReg != X86::RIP && 2315 BaseReg != X86::RBP && BaseReg != X86::NoRegister && 2316 IndexReg == X86::NoRegister && SegmentReg == X86::NoRegister && 2317 BaseReg != X86::RIP) { 2318 VtableRegNum = BaseReg; 2319 MethodOffset = Disp; 2320 MethodFetchInsns.push_back(&CurInst); 2321 if (MethodOffset != 0) 2322 return true; 2323 break; 2324 } 2325 } 2326 return false; 2327 } 2328 } 2329 2330 if (!VtableRegNum) 2331 return false; 2332 2333 // look for any adds affecting the method register. 2334 while (Itr != End) { 2335 MCInst &CurInst = *Itr++; 2336 const MCInstrDesc &Desc = Info->get(CurInst.getOpcode()); 2337 if (Desc.hasDefOfPhysReg(CurInst, VtableRegNum, *RegInfo)) { 2338 if (isADDri(CurInst)) { 2339 assert(!MethodOffset); 2340 MethodOffset = CurInst.getOperand(2).getImm(); 2341 MethodFetchInsns.insert(MethodFetchInsns.begin(), &CurInst); 2342 break; 2343 } 2344 } 2345 } 2346 2347 return true; 2348 } 2349 2350 bool createStackPointerIncrement(MCInst &Inst, int Size, 2351 bool NoFlagsClobber) const override { 2352 if (NoFlagsClobber) { 2353 Inst.setOpcode(X86::LEA64r); 2354 Inst.clear(); 2355 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2356 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2357 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2358 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2359 Inst.addOperand(MCOperand::createImm(-Size)); // Displacement 2360 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2361 return true; 2362 } 2363 Inst.setOpcode(X86::SUB64ri8); 2364 Inst.clear(); 2365 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2366 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2367 Inst.addOperand(MCOperand::createImm(Size)); 2368 return true; 2369 } 2370 2371 bool createStackPointerDecrement(MCInst &Inst, int Size, 2372 bool NoFlagsClobber) const override { 2373 if (NoFlagsClobber) { 2374 Inst.setOpcode(X86::LEA64r); 2375 Inst.clear(); 2376 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2377 Inst.addOperand(MCOperand::createReg(X86::RSP)); // BaseReg 2378 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2379 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2380 Inst.addOperand(MCOperand::createImm(Size)); // Displacement 2381 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2382 return true; 2383 } 2384 Inst.setOpcode(X86::ADD64ri8); 2385 Inst.clear(); 2386 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2387 Inst.addOperand(MCOperand::createReg(X86::RSP)); 2388 Inst.addOperand(MCOperand::createImm(Size)); 2389 return true; 2390 } 2391 2392 bool createSaveToStack(MCInst &Inst, const MCPhysReg &StackReg, int Offset, 2393 const MCPhysReg &SrcReg, int Size) const override { 2394 unsigned NewOpcode; 2395 switch (Size) { 2396 default: 2397 return false; 2398 case 2: NewOpcode = X86::MOV16mr; break; 2399 case 4: NewOpcode = X86::MOV32mr; break; 2400 case 8: NewOpcode = X86::MOV64mr; break; 2401 } 2402 Inst.setOpcode(NewOpcode); 2403 Inst.clear(); 2404 Inst.addOperand(MCOperand::createReg(StackReg)); // BaseReg 2405 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2406 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2407 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2408 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2409 Inst.addOperand(MCOperand::createReg(SrcReg)); 2410 return true; 2411 } 2412 2413 bool createRestoreFromStack(MCInst &Inst, const MCPhysReg &StackReg, 2414 int Offset, const MCPhysReg &DstReg, 2415 int Size) const override { 2416 return createLoad(Inst, StackReg, /*Scale=*/1, /*IndexReg=*/X86::NoRegister, 2417 Offset, nullptr, /*AddrSegmentReg=*/X86::NoRegister, 2418 DstReg, Size); 2419 } 2420 2421 bool createLoad(MCInst &Inst, const MCPhysReg &BaseReg, int64_t Scale, 2422 const MCPhysReg &IndexReg, int64_t Offset, 2423 const MCExpr *OffsetExpr, const MCPhysReg &AddrSegmentReg, 2424 const MCPhysReg &DstReg, int Size) const override { 2425 unsigned NewOpcode; 2426 switch (Size) { 2427 default: 2428 return false; 2429 case 2: NewOpcode = X86::MOV16rm; break; 2430 case 4: NewOpcode = X86::MOV32rm; break; 2431 case 8: NewOpcode = X86::MOV64rm; break; 2432 } 2433 Inst.setOpcode(NewOpcode); 2434 Inst.clear(); 2435 Inst.addOperand(MCOperand::createReg(DstReg)); 2436 Inst.addOperand(MCOperand::createReg(BaseReg)); 2437 Inst.addOperand(MCOperand::createImm(Scale)); 2438 Inst.addOperand(MCOperand::createReg(IndexReg)); 2439 if (OffsetExpr) 2440 Inst.addOperand(MCOperand::createExpr(OffsetExpr)); // Displacement 2441 else 2442 Inst.addOperand(MCOperand::createImm(Offset)); // Displacement 2443 Inst.addOperand(MCOperand::createReg(AddrSegmentReg)); // AddrSegmentReg 2444 return true; 2445 } 2446 2447 void createLoadImmediate(MCInst &Inst, const MCPhysReg Dest, 2448 uint32_t Imm) const override { 2449 Inst.setOpcode(X86::MOV64ri32); 2450 Inst.clear(); 2451 Inst.addOperand(MCOperand::createReg(Dest)); 2452 Inst.addOperand(MCOperand::createImm(Imm)); 2453 } 2454 2455 bool createIncMemory(MCInst &Inst, const MCSymbol *Target, 2456 MCContext *Ctx) const override { 2457 2458 Inst.setOpcode(X86::LOCK_INC64m); 2459 Inst.clear(); 2460 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 2461 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 2462 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 2463 2464 Inst.addOperand(MCOperand::createExpr( 2465 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, 2466 *Ctx))); // Displacement 2467 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 2468 return true; 2469 } 2470 2471 bool createIJmp32Frag(SmallVectorImpl<MCInst> &Insts, 2472 const MCOperand &BaseReg, const MCOperand &Scale, 2473 const MCOperand &IndexReg, const MCOperand &Offset, 2474 const MCOperand &TmpReg) const override { 2475 // The code fragment we emit here is: 2476 // 2477 // mov32 (%base, %index, scale), %tmpreg 2478 // ijmp *(%tmpreg) 2479 // 2480 MCInst IJmp; 2481 IJmp.setOpcode(X86::JMP64r); 2482 IJmp.addOperand(TmpReg); 2483 2484 MCInst Load; 2485 Load.setOpcode(X86::MOV32rm); 2486 Load.addOperand(TmpReg); 2487 Load.addOperand(BaseReg); 2488 Load.addOperand(Scale); 2489 Load.addOperand(IndexReg); 2490 Load.addOperand(Offset); 2491 Load.addOperand(MCOperand::createReg(X86::NoRegister)); 2492 2493 Insts.push_back(Load); 2494 Insts.push_back(IJmp); 2495 return true; 2496 } 2497 2498 bool createNoop(MCInst &Inst) const override { 2499 Inst.setOpcode(X86::NOOP); 2500 return true; 2501 } 2502 2503 bool createReturn(MCInst &Inst) const override { 2504 Inst.setOpcode(X86::RET64); 2505 return true; 2506 } 2507 2508 InstructionListType createInlineMemcpy(bool ReturnEnd) const override { 2509 InstructionListType Code; 2510 if (ReturnEnd) 2511 Code.emplace_back(MCInstBuilder(X86::LEA64r) 2512 .addReg(X86::RAX) 2513 .addReg(X86::RDI) 2514 .addImm(1) 2515 .addReg(X86::RDX) 2516 .addImm(0) 2517 .addReg(X86::NoRegister)); 2518 else 2519 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2520 .addReg(X86::RAX) 2521 .addReg(X86::RDI)); 2522 2523 Code.emplace_back(MCInstBuilder(X86::MOV32rr) 2524 .addReg(X86::ECX) 2525 .addReg(X86::EDX)); 2526 Code.emplace_back(MCInstBuilder(X86::REP_MOVSB_64)); 2527 2528 return Code; 2529 } 2530 2531 InstructionListType createOneByteMemcpy() const override { 2532 InstructionListType Code; 2533 Code.emplace_back(MCInstBuilder(X86::MOV8rm) 2534 .addReg(X86::CL) 2535 .addReg(X86::RSI) 2536 .addImm(0) 2537 .addReg(X86::NoRegister) 2538 .addImm(0) 2539 .addReg(X86::NoRegister)); 2540 Code.emplace_back(MCInstBuilder(X86::MOV8mr) 2541 .addReg(X86::RDI) 2542 .addImm(0) 2543 .addReg(X86::NoRegister) 2544 .addImm(0) 2545 .addReg(X86::NoRegister) 2546 .addReg(X86::CL)); 2547 Code.emplace_back(MCInstBuilder(X86::MOV64rr) 2548 .addReg(X86::RAX) 2549 .addReg(X86::RDI)); 2550 return Code; 2551 } 2552 2553 InstructionListType createCmpJE(MCPhysReg RegNo, int64_t Imm, 2554 const MCSymbol *Target, 2555 MCContext *Ctx) const override { 2556 InstructionListType Code; 2557 Code.emplace_back(MCInstBuilder(X86::CMP64ri8) 2558 .addReg(RegNo) 2559 .addImm(Imm)); 2560 Code.emplace_back(MCInstBuilder(X86::JCC_1) 2561 .addExpr(MCSymbolRefExpr::create( 2562 Target, MCSymbolRefExpr::VK_None, *Ctx)) 2563 .addImm(X86::COND_E)); 2564 return Code; 2565 } 2566 2567 Optional<Relocation> 2568 createRelocation(const MCFixup &Fixup, 2569 const MCAsmBackend &MAB) const override { 2570 const MCFixupKindInfo &FKI = MAB.getFixupKindInfo(Fixup.getKind()); 2571 2572 assert(FKI.TargetOffset == 0 && "0-bit relocation offset expected"); 2573 const uint64_t RelOffset = Fixup.getOffset(); 2574 2575 uint64_t RelType; 2576 if (FKI.Flags & MCFixupKindInfo::FKF_IsPCRel) { 2577 switch (FKI.TargetSize) { 2578 default: 2579 return NoneType(); 2580 case 8: RelType = ELF::R_X86_64_PC8; break; 2581 case 16: RelType = ELF::R_X86_64_PC16; break; 2582 case 32: RelType = ELF::R_X86_64_PC32; break; 2583 case 64: RelType = ELF::R_X86_64_PC64; break; 2584 } 2585 } else { 2586 switch (FKI.TargetSize) { 2587 default: 2588 return NoneType(); 2589 case 8: RelType = ELF::R_X86_64_8; break; 2590 case 16: RelType = ELF::R_X86_64_16; break; 2591 case 32: RelType = ELF::R_X86_64_32; break; 2592 case 64: RelType = ELF::R_X86_64_64; break; 2593 } 2594 } 2595 2596 // Extract a symbol and an addend out of the fixup value expression. 2597 // 2598 // Only the following limited expression types are supported: 2599 // Symbol + Addend 2600 // Symbol 2601 uint64_t Addend = 0; 2602 MCSymbol *Symbol = nullptr; 2603 const MCExpr *ValueExpr = Fixup.getValue(); 2604 if (ValueExpr->getKind() == MCExpr::Binary) { 2605 const auto *BinaryExpr = cast<MCBinaryExpr>(ValueExpr); 2606 assert(BinaryExpr->getOpcode() == MCBinaryExpr::Add && 2607 "unexpected binary expression"); 2608 const MCExpr *LHS = BinaryExpr->getLHS(); 2609 assert(LHS->getKind() == MCExpr::SymbolRef && "unexpected LHS"); 2610 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(LHS)); 2611 const MCExpr *RHS = BinaryExpr->getRHS(); 2612 assert(RHS->getKind() == MCExpr::Constant && "unexpected RHS"); 2613 Addend = cast<MCConstantExpr>(RHS)->getValue(); 2614 } else { 2615 assert(ValueExpr->getKind() == MCExpr::SymbolRef && "unexpected value"); 2616 Symbol = const_cast<MCSymbol *>(this->getTargetSymbol(ValueExpr)); 2617 } 2618 2619 return Relocation({RelOffset, Symbol, RelType, Addend, 0}); 2620 } 2621 2622 bool replaceImmWithSymbolRef(MCInst &Inst, const MCSymbol *Symbol, 2623 int64_t Addend, MCContext *Ctx, int64_t &Value, 2624 uint64_t RelType) const override { 2625 unsigned ImmOpNo = -1U; 2626 2627 for (unsigned Index = 0; Index < MCPlus::getNumPrimeOperands(Inst); 2628 ++Index) { 2629 if (Inst.getOperand(Index).isImm()) { 2630 ImmOpNo = Index; 2631 // TODO: this is a bit hacky. It finds the correct operand by 2632 // searching for a specific immediate value. If no value is 2633 // provided it defaults to the last immediate operand found. 2634 // This could lead to unexpected results if the instruction 2635 // has more than one immediate with the same value. 2636 if (Inst.getOperand(ImmOpNo).getImm() == Value) 2637 break; 2638 } 2639 } 2640 2641 if (ImmOpNo == -1U) 2642 return false; 2643 2644 Value = Inst.getOperand(ImmOpNo).getImm(); 2645 2646 setOperandToSymbolRef(Inst, ImmOpNo, Symbol, Addend, Ctx, RelType); 2647 2648 return true; 2649 } 2650 2651 bool replaceRegWithImm(MCInst &Inst, unsigned Register, 2652 int64_t Imm) const override { 2653 2654 enum CheckSignExt : uint8_t { 2655 NOCHECK = 0, 2656 CHECK8, 2657 CHECK32, 2658 }; 2659 2660 using CheckList = std::vector<std::pair<CheckSignExt, unsigned>>; 2661 struct InstInfo { 2662 // Size in bytes that Inst loads from memory. 2663 uint8_t DataSize; 2664 2665 // True when the target operand has to be duplicated because the opcode 2666 // expects a LHS operand. 2667 bool HasLHS; 2668 2669 // List of checks and corresponding opcodes to be used. We try to use the 2670 // smallest possible immediate value when various sizes are available, 2671 // hence we may need to check whether a larger constant fits in a smaller 2672 // immediate. 2673 CheckList Checks; 2674 }; 2675 2676 InstInfo I; 2677 2678 switch (Inst.getOpcode()) { 2679 default: { 2680 switch (getPushSize(Inst)) { 2681 2682 case 2: I = {2, false, {{CHECK8, X86::PUSH16i8}, {NOCHECK, X86::PUSHi16}}}; break; 2683 case 4: I = {4, false, {{CHECK8, X86::PUSH32i8}, {NOCHECK, X86::PUSHi32}}}; break; 2684 case 8: I = {8, false, {{CHECK8, X86::PUSH64i8}, 2685 {CHECK32, X86::PUSH64i32}, 2686 {NOCHECK, Inst.getOpcode()}}}; break; 2687 default: return false; 2688 } 2689 break; 2690 } 2691 2692 // MOV 2693 case X86::MOV8rr: I = {1, false, {{NOCHECK, X86::MOV8ri}}}; break; 2694 case X86::MOV16rr: I = {2, false, {{NOCHECK, X86::MOV16ri}}}; break; 2695 case X86::MOV32rr: I = {4, false, {{NOCHECK, X86::MOV32ri}}}; break; 2696 case X86::MOV64rr: I = {8, false, {{CHECK32, X86::MOV64ri32}, 2697 {NOCHECK, X86::MOV64ri}}}; break; 2698 2699 case X86::MOV8mr: I = {1, false, {{NOCHECK, X86::MOV8mi}}}; break; 2700 case X86::MOV16mr: I = {2, false, {{NOCHECK, X86::MOV16mi}}}; break; 2701 case X86::MOV32mr: I = {4, false, {{NOCHECK, X86::MOV32mi}}}; break; 2702 case X86::MOV64mr: I = {8, false, {{CHECK32, X86::MOV64mi32}, 2703 {NOCHECK, X86::MOV64mr}}}; break; 2704 2705 // MOVZX 2706 case X86::MOVZX16rr8: I = {1, false, {{NOCHECK, X86::MOV16ri}}}; break; 2707 case X86::MOVZX32rr8: I = {1, false, {{NOCHECK, X86::MOV32ri}}}; break; 2708 case X86::MOVZX32rr16: I = {2, false, {{NOCHECK, X86::MOV32ri}}}; break; 2709 2710 // CMP 2711 case X86::CMP8rr: I = {1, false, {{NOCHECK, X86::CMP8ri}}}; break; 2712 case X86::CMP16rr: I = {2, false, {{CHECK8, X86::CMP16ri8}, 2713 {NOCHECK, X86::CMP16ri}}}; break; 2714 case X86::CMP32rr: I = {4, false, {{CHECK8, X86::CMP32ri8}, 2715 {NOCHECK, X86::CMP32ri}}}; break; 2716 case X86::CMP64rr: I = {8, false, {{CHECK8, X86::CMP64ri8}, 2717 {CHECK32, X86::CMP64ri32}, 2718 {NOCHECK, X86::CMP64rr}}}; break; 2719 2720 // TEST 2721 case X86::TEST8rr: I = {1, false, {{NOCHECK, X86::TEST8ri}}}; break; 2722 case X86::TEST16rr: I = {2, false, {{NOCHECK, X86::TEST16ri}}}; break; 2723 case X86::TEST32rr: I = {4, false, {{NOCHECK, X86::TEST32ri}}}; break; 2724 case X86::TEST64rr: I = {8, false, {{CHECK32, X86::TEST64ri32}, 2725 {NOCHECK, X86::TEST64rr}}}; break; 2726 2727 // ADD 2728 case X86::ADD8rr: I = {1, true, {{NOCHECK, X86::ADD8ri}}}; break; 2729 case X86::ADD16rr: I = {2, true, {{CHECK8, X86::ADD16ri8}, 2730 {NOCHECK, X86::ADD16ri}}}; break; 2731 case X86::ADD32rr: I = {4, true, {{CHECK8, X86::ADD32ri8}, 2732 {NOCHECK, X86::ADD32ri}}}; break; 2733 case X86::ADD64rr: I = {8, true, {{CHECK8, X86::ADD64ri8}, 2734 {CHECK32, X86::ADD64ri32}, 2735 {NOCHECK, X86::ADD64rr}}}; break; 2736 2737 // SUB 2738 case X86::SUB8rr: I = {1, true, {{NOCHECK, X86::SUB8ri}}}; break; 2739 case X86::SUB16rr: I = {2, true, {{CHECK8, X86::SUB16ri8}, 2740 {NOCHECK, X86::SUB16ri}}}; break; 2741 case X86::SUB32rr: I = {4, true, {{CHECK8, X86::SUB32ri8}, 2742 {NOCHECK, X86::SUB32ri}}}; break; 2743 case X86::SUB64rr: I = {8, true, {{CHECK8, X86::SUB64ri8}, 2744 {CHECK32, X86::SUB64ri32}, 2745 {NOCHECK, X86::SUB64rr}}}; break; 2746 2747 // AND 2748 case X86::AND8rr: I = {1, true, {{NOCHECK, X86::AND8ri}}}; break; 2749 case X86::AND16rr: I = {2, true, {{CHECK8, X86::AND16ri8}, 2750 {NOCHECK, X86::AND16ri}}}; break; 2751 case X86::AND32rr: I = {4, true, {{CHECK8, X86::AND32ri8}, 2752 {NOCHECK, X86::AND32ri}}}; break; 2753 case X86::AND64rr: I = {8, true, {{CHECK8, X86::AND64ri8}, 2754 {CHECK32, X86::AND64ri32}, 2755 {NOCHECK, X86::AND64rr}}}; break; 2756 2757 // OR 2758 case X86::OR8rr: I = {1, true, {{NOCHECK, X86::OR8ri}}}; break; 2759 case X86::OR16rr: I = {2, true, {{CHECK8, X86::OR16ri8}, 2760 {NOCHECK, X86::OR16ri}}}; break; 2761 case X86::OR32rr: I = {4, true, {{CHECK8, X86::OR32ri8}, 2762 {NOCHECK, X86::OR32ri}}}; break; 2763 case X86::OR64rr: I = {8, true, {{CHECK8, X86::OR64ri8}, 2764 {CHECK32, X86::OR64ri32}, 2765 {NOCHECK, X86::OR64rr}}}; break; 2766 2767 // XOR 2768 case X86::XOR8rr: I = {1, true, {{NOCHECK, X86::XOR8ri}}}; break; 2769 case X86::XOR16rr: I = {2, true, {{CHECK8, X86::XOR16ri8}, 2770 {NOCHECK, X86::XOR16ri}}}; break; 2771 case X86::XOR32rr: I = {4, true, {{CHECK8, X86::XOR32ri8}, 2772 {NOCHECK, X86::XOR32ri}}}; break; 2773 case X86::XOR64rr: I = {8, true, {{CHECK8, X86::XOR64ri8}, 2774 {CHECK32, X86::XOR64ri32}, 2775 {NOCHECK, X86::XOR64rr}}}; break; 2776 } 2777 2778 // Compute the new opcode. 2779 unsigned NewOpcode = 0; 2780 for (const std::pair<CheckSignExt, unsigned> &Check : I.Checks) { 2781 NewOpcode = Check.second; 2782 if (Check.first == NOCHECK) 2783 break; 2784 if (Check.first == CHECK8 && isInt<8>(Imm)) 2785 break; 2786 if (Check.first == CHECK32 && isInt<32>(Imm)) 2787 break; 2788 } 2789 if (NewOpcode == Inst.getOpcode()) 2790 return false; 2791 2792 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2793 2794 unsigned NumFound = 0; 2795 for (unsigned Index = InstDesc.getNumDefs() + (I.HasLHS ? 1 : 0), 2796 E = InstDesc.getNumOperands(); 2797 Index != E; ++Index) 2798 if (Inst.getOperand(Index).isReg() && 2799 Inst.getOperand(Index).getReg() == Register) 2800 NumFound++; 2801 2802 if (NumFound != 1) 2803 return false; 2804 2805 MCOperand TargetOp = Inst.getOperand(0); 2806 Inst.clear(); 2807 Inst.setOpcode(NewOpcode); 2808 Inst.addOperand(TargetOp); 2809 if (I.HasLHS) 2810 Inst.addOperand(TargetOp); 2811 Inst.addOperand(MCOperand::createImm(Imm)); 2812 2813 return true; 2814 } 2815 2816 bool replaceRegWithReg(MCInst &Inst, unsigned ToReplace, 2817 unsigned ReplaceWith) const override { 2818 2819 // Get the HasLHS value so that iteration can be done 2820 bool HasLHS; 2821 if (X86::isAND(Inst.getOpcode()) || X86::isADD(Inst.getOpcode()) || 2822 X86::isSUB(Inst.getOpcode())) { 2823 HasLHS = true; 2824 } else if (isPop(Inst) || isPush(Inst) || X86::isCMP(Inst.getOpcode()) || 2825 X86::isTEST(Inst.getOpcode())) { 2826 HasLHS = false; 2827 } else { 2828 switch (Inst.getOpcode()) { 2829 case X86::MOV8rr: 2830 case X86::MOV8rm: 2831 case X86::MOV8mr: 2832 case X86::MOV8ri: 2833 case X86::MOV16rr: 2834 case X86::MOV16rm: 2835 case X86::MOV16mr: 2836 case X86::MOV16ri: 2837 case X86::MOV32rr: 2838 case X86::MOV32rm: 2839 case X86::MOV32mr: 2840 case X86::MOV32ri: 2841 case X86::MOV64rr: 2842 case X86::MOV64rm: 2843 case X86::MOV64mr: 2844 case X86::MOV64ri: 2845 case X86::MOVZX16rr8: 2846 case X86::MOVZX32rr8: 2847 case X86::MOVZX32rr16: 2848 case X86::MOVSX32rm8: 2849 case X86::MOVSX32rr8: 2850 case X86::MOVSX64rm32: 2851 case X86::LEA64r: 2852 HasLHS = false; 2853 break; 2854 default: 2855 return false; 2856 } 2857 } 2858 2859 const MCInstrDesc &InstDesc = Info->get(Inst.getOpcode()); 2860 2861 bool FoundOne = false; 2862 2863 // Iterate only through src operands that arent also dest operands 2864 for (unsigned Index = InstDesc.getNumDefs() + (HasLHS ? 1 : 0), 2865 E = InstDesc.getNumOperands(); 2866 Index != E; ++Index) { 2867 BitVector RegAliases = getAliases(ToReplace, true); 2868 if (!Inst.getOperand(Index).isReg() || 2869 !RegAliases.test(Inst.getOperand(Index).getReg())) 2870 continue; 2871 // Resize register if needed 2872 unsigned SizedReplaceWith = getAliasSized( 2873 ReplaceWith, getRegSize(Inst.getOperand(Index).getReg())); 2874 MCOperand NewOperand = MCOperand::createReg(SizedReplaceWith); 2875 Inst.getOperand(Index) = NewOperand; 2876 FoundOne = true; 2877 } 2878 2879 // Return true if at least one operand was replaced 2880 return FoundOne; 2881 } 2882 2883 bool createUncondBranch(MCInst &Inst, const MCSymbol *TBB, 2884 MCContext *Ctx) const override { 2885 Inst.setOpcode(X86::JMP_1); 2886 Inst.addOperand(MCOperand::createExpr( 2887 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx))); 2888 return true; 2889 } 2890 2891 bool createCall(MCInst &Inst, const MCSymbol *Target, 2892 MCContext *Ctx) override { 2893 Inst.setOpcode(X86::CALL64pcrel32); 2894 Inst.addOperand(MCOperand::createExpr( 2895 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 2896 return true; 2897 } 2898 2899 bool createTailCall(MCInst &Inst, const MCSymbol *Target, 2900 MCContext *Ctx) override { 2901 return createDirectCall(Inst, Target, Ctx, /*IsTailCall*/ true); 2902 } 2903 2904 void createLongTailCall(InstructionListType &Seq, const MCSymbol *Target, 2905 MCContext *Ctx) override { 2906 Seq.clear(); 2907 Seq.emplace_back(); 2908 createDirectCall(Seq.back(), Target, Ctx, /*IsTailCall*/ true); 2909 } 2910 2911 bool createTrap(MCInst &Inst) const override { 2912 Inst.clear(); 2913 Inst.setOpcode(X86::TRAP); 2914 return true; 2915 } 2916 2917 bool reverseBranchCondition(MCInst &Inst, const MCSymbol *TBB, 2918 MCContext *Ctx) const override { 2919 unsigned InvCC = getInvertedCondCode(getCondCode(Inst)); 2920 assert(InvCC != X86::COND_INVALID && "invalid branch instruction"); 2921 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(InvCC); 2922 Inst.getOperand(0) = MCOperand::createExpr( 2923 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2924 return true; 2925 } 2926 2927 bool replaceBranchCondition(MCInst &Inst, const MCSymbol *TBB, MCContext *Ctx, 2928 unsigned CC) const override { 2929 if (CC == X86::COND_INVALID) 2930 return false; 2931 Inst.getOperand(Info->get(Inst.getOpcode()).NumOperands - 1).setImm(CC); 2932 Inst.getOperand(0) = MCOperand::createExpr( 2933 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2934 return true; 2935 } 2936 2937 unsigned getCanonicalBranchCondCode(unsigned CC) const override { 2938 switch (CC) { 2939 default: return X86::COND_INVALID; 2940 2941 case X86::COND_E: return X86::COND_E; 2942 case X86::COND_NE: return X86::COND_E; 2943 2944 case X86::COND_L: return X86::COND_L; 2945 case X86::COND_GE: return X86::COND_L; 2946 2947 case X86::COND_LE: return X86::COND_G; 2948 case X86::COND_G: return X86::COND_G; 2949 2950 case X86::COND_B: return X86::COND_B; 2951 case X86::COND_AE: return X86::COND_B; 2952 2953 case X86::COND_BE: return X86::COND_A; 2954 case X86::COND_A: return X86::COND_A; 2955 2956 case X86::COND_S: return X86::COND_S; 2957 case X86::COND_NS: return X86::COND_S; 2958 2959 case X86::COND_P: return X86::COND_P; 2960 case X86::COND_NP: return X86::COND_P; 2961 2962 case X86::COND_O: return X86::COND_O; 2963 case X86::COND_NO: return X86::COND_O; 2964 } 2965 } 2966 2967 bool replaceBranchTarget(MCInst &Inst, const MCSymbol *TBB, 2968 MCContext *Ctx) const override { 2969 assert((isCall(Inst) || isBranch(Inst)) && !isIndirectBranch(Inst) && 2970 "Invalid instruction"); 2971 Inst.getOperand(0) = MCOperand::createExpr( 2972 MCSymbolRefExpr::create(TBB, MCSymbolRefExpr::VK_None, *Ctx)); 2973 return true; 2974 } 2975 2976 MCPhysReg getX86R11() const override { return X86::R11; } 2977 2978 MCPhysReg getIntArgRegister(unsigned ArgNo) const override { 2979 // FIXME: this should depend on the calling convention. 2980 switch (ArgNo) { 2981 case 0: return X86::RDI; 2982 case 1: return X86::RSI; 2983 case 2: return X86::RDX; 2984 case 3: return X86::RCX; 2985 case 4: return X86::R8; 2986 case 5: return X86::R9; 2987 default: return getNoRegister(); 2988 } 2989 } 2990 2991 void createPause(MCInst &Inst) const override { 2992 Inst.clear(); 2993 Inst.setOpcode(X86::PAUSE); 2994 } 2995 2996 void createLfence(MCInst &Inst) const override { 2997 Inst.clear(); 2998 Inst.setOpcode(X86::LFENCE); 2999 } 3000 3001 bool createDirectCall(MCInst &Inst, const MCSymbol *Target, MCContext *Ctx, 3002 bool IsTailCall) override { 3003 Inst.clear(); 3004 Inst.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3005 Inst.addOperand(MCOperand::createExpr( 3006 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3007 if (IsTailCall) 3008 setTailCall(Inst); 3009 return true; 3010 } 3011 3012 void createShortJmp(InstructionListType &Seq, const MCSymbol *Target, 3013 MCContext *Ctx, bool IsTailCall) override { 3014 Seq.clear(); 3015 MCInst Inst; 3016 Inst.setOpcode(X86::JMP_1); 3017 Inst.addOperand(MCOperand::createExpr( 3018 MCSymbolRefExpr::create(Target, MCSymbolRefExpr::VK_None, *Ctx))); 3019 if (IsTailCall) 3020 setTailCall(Inst); 3021 Seq.emplace_back(Inst); 3022 } 3023 3024 bool isConditionalMove(const MCInst &Inst) const override { 3025 unsigned OpCode = Inst.getOpcode(); 3026 return (OpCode == X86::CMOV16rr || OpCode == X86::CMOV32rr || 3027 OpCode == X86::CMOV64rr); 3028 } 3029 3030 bool isBranchOnMem(const MCInst &Inst) const override { 3031 unsigned OpCode = Inst.getOpcode(); 3032 if (OpCode == X86::CALL64m || (OpCode == X86::JMP32m && isTailCall(Inst)) || 3033 OpCode == X86::JMP64m) 3034 return true; 3035 3036 return false; 3037 } 3038 3039 bool isBranchOnReg(const MCInst &Inst) const override { 3040 unsigned OpCode = Inst.getOpcode(); 3041 if (OpCode == X86::CALL64r || (OpCode == X86::JMP32r && isTailCall(Inst)) || 3042 OpCode == X86::JMP64r) 3043 return true; 3044 3045 return false; 3046 } 3047 3048 void createPushRegister(MCInst &Inst, MCPhysReg Reg, 3049 unsigned Size) const override { 3050 Inst.clear(); 3051 unsigned NewOpcode = 0; 3052 if (Reg == X86::EFLAGS) { 3053 switch (Size) { 3054 case 2: NewOpcode = X86::PUSHF16; break; 3055 case 4: NewOpcode = X86::PUSHF32; break; 3056 case 8: NewOpcode = X86::PUSHF64; break; 3057 default: 3058 llvm_unreachable("Unexpected size"); 3059 } 3060 Inst.setOpcode(NewOpcode); 3061 return; 3062 } 3063 switch (Size) { 3064 case 2: NewOpcode = X86::PUSH16r; break; 3065 case 4: NewOpcode = X86::PUSH32r; break; 3066 case 8: NewOpcode = X86::PUSH64r; break; 3067 default: 3068 llvm_unreachable("Unexpected size"); 3069 } 3070 Inst.setOpcode(NewOpcode); 3071 Inst.addOperand(MCOperand::createReg(Reg)); 3072 } 3073 3074 void createPopRegister(MCInst &Inst, MCPhysReg Reg, 3075 unsigned Size) const override { 3076 Inst.clear(); 3077 unsigned NewOpcode = 0; 3078 if (Reg == X86::EFLAGS) { 3079 switch (Size) { 3080 case 2: NewOpcode = X86::POPF16; break; 3081 case 4: NewOpcode = X86::POPF32; break; 3082 case 8: NewOpcode = X86::POPF64; break; 3083 default: 3084 llvm_unreachable("Unexpected size"); 3085 } 3086 Inst.setOpcode(NewOpcode); 3087 return; 3088 } 3089 switch (Size) { 3090 case 2: NewOpcode = X86::POP16r; break; 3091 case 4: NewOpcode = X86::POP32r; break; 3092 case 8: NewOpcode = X86::POP64r; break; 3093 default: 3094 llvm_unreachable("Unexpected size"); 3095 } 3096 Inst.setOpcode(NewOpcode); 3097 Inst.addOperand(MCOperand::createReg(Reg)); 3098 } 3099 3100 void createPushFlags(MCInst &Inst, unsigned Size) const override { 3101 return createPushRegister(Inst, X86::EFLAGS, Size); 3102 } 3103 3104 void createPopFlags(MCInst &Inst, unsigned Size) const override { 3105 return createPopRegister(Inst, X86::EFLAGS, Size); 3106 } 3107 3108 void createAddRegImm(MCInst &Inst, MCPhysReg Reg, int64_t Value, 3109 unsigned Size) const { 3110 unsigned int Opcode; 3111 switch (Size) { 3112 case 1: Opcode = X86::ADD8ri; break; 3113 case 2: Opcode = X86::ADD16ri; break; 3114 case 4: Opcode = X86::ADD32ri; break; 3115 default: 3116 llvm_unreachable("Unexpected size"); 3117 } 3118 Inst.setOpcode(Opcode); 3119 Inst.clear(); 3120 Inst.addOperand(MCOperand::createReg(Reg)); 3121 Inst.addOperand(MCOperand::createReg(Reg)); 3122 Inst.addOperand(MCOperand::createImm(Value)); 3123 } 3124 3125 void createClearRegWithNoEFlagsUpdate(MCInst &Inst, MCPhysReg Reg, 3126 unsigned Size) const { 3127 unsigned int Opcode; 3128 switch (Size) { 3129 case 1: Opcode = X86::MOV8ri; break; 3130 case 2: Opcode = X86::MOV16ri; break; 3131 case 4: Opcode = X86::MOV32ri; break; 3132 case 8: Opcode = X86::MOV64ri; break; 3133 default: 3134 llvm_unreachable("Unexpected size"); 3135 } 3136 Inst.setOpcode(Opcode); 3137 Inst.clear(); 3138 Inst.addOperand(MCOperand::createReg(Reg)); 3139 Inst.addOperand(MCOperand::createImm(0)); 3140 } 3141 3142 void createX86SaveOVFlagToRegister(MCInst &Inst, MCPhysReg Reg) const { 3143 Inst.setOpcode(X86::SETCCr); 3144 Inst.clear(); 3145 Inst.addOperand(MCOperand::createReg(Reg)); 3146 Inst.addOperand(MCOperand::createImm(X86::COND_O)); 3147 } 3148 3149 void createX86Lahf(MCInst &Inst) const { 3150 Inst.setOpcode(X86::LAHF); 3151 Inst.clear(); 3152 } 3153 3154 void createX86Sahf(MCInst &Inst) const { 3155 Inst.setOpcode(X86::SAHF); 3156 Inst.clear(); 3157 } 3158 3159 void createInstrIncMemory(InstructionListType &Instrs, const MCSymbol *Target, 3160 MCContext *Ctx, bool IsLeaf) const override { 3161 unsigned int I = 0; 3162 3163 Instrs.resize(IsLeaf ? 13 : 11); 3164 // Don't clobber application red zone (ABI dependent) 3165 if (IsLeaf) 3166 createStackPointerIncrement(Instrs[I++], 128, 3167 /*NoFlagsClobber=*/true); 3168 3169 // Performance improvements based on the optimization discussed at 3170 // https://reviews.llvm.org/D6629 3171 // LAHF/SAHF are used instead of PUSHF/POPF 3172 // PUSHF 3173 createPushRegister(Instrs[I++], X86::RAX, 8); 3174 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3175 createX86Lahf(Instrs[I++]); 3176 createPushRegister(Instrs[I++], X86::RAX, 8); 3177 createClearRegWithNoEFlagsUpdate(Instrs[I++], X86::RAX, 8); 3178 createX86SaveOVFlagToRegister(Instrs[I++], X86::AL); 3179 // LOCK INC 3180 createIncMemory(Instrs[I++], Target, Ctx); 3181 // POPF 3182 createAddRegImm(Instrs[I++], X86::AL, 127, 1); 3183 createPopRegister(Instrs[I++], X86::RAX, 8); 3184 createX86Sahf(Instrs[I++]); 3185 createPopRegister(Instrs[I++], X86::RAX, 8); 3186 3187 if (IsLeaf) 3188 createStackPointerDecrement(Instrs[I], 128, 3189 /*NoFlagsClobber=*/true); 3190 } 3191 3192 void createSwap(MCInst &Inst, MCPhysReg Source, MCPhysReg MemBaseReg, 3193 int64_t Disp) const { 3194 Inst.setOpcode(X86::XCHG64rm); 3195 Inst.addOperand(MCOperand::createReg(Source)); 3196 Inst.addOperand(MCOperand::createReg(Source)); 3197 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3198 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3199 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3200 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3201 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3202 } 3203 3204 void createIndirectBranch(MCInst &Inst, MCPhysReg MemBaseReg, 3205 int64_t Disp) const { 3206 Inst.setOpcode(X86::JMP64m); 3207 Inst.addOperand(MCOperand::createReg(MemBaseReg)); // BaseReg 3208 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3209 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3210 Inst.addOperand(MCOperand::createImm(Disp)); // Displacement 3211 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3212 } 3213 3214 InstructionListType createInstrumentedIndirectCall(const MCInst &CallInst, 3215 bool TailCall, 3216 MCSymbol *HandlerFuncAddr, 3217 int CallSiteID, 3218 MCContext *Ctx) override { 3219 // Check if the target address expression used in the original indirect call 3220 // uses the stack pointer, which we are going to clobber. 3221 static BitVector SPAliases(getAliases(X86::RSP)); 3222 bool UsesSP = false; 3223 // Skip defs. 3224 for (unsigned I = Info->get(CallInst.getOpcode()).getNumDefs(), 3225 E = MCPlus::getNumPrimeOperands(CallInst); 3226 I != E; ++I) { 3227 const MCOperand &Operand = CallInst.getOperand(I); 3228 if (Operand.isReg() && SPAliases[Operand.getReg()]) { 3229 UsesSP = true; 3230 break; 3231 } 3232 } 3233 3234 InstructionListType Insts; 3235 MCPhysReg TempReg = getIntArgRegister(0); 3236 // Code sequence used to enter indirect call instrumentation helper: 3237 // push %rdi 3238 // add $8, %rsp ;; $rsp may be used in target, so fix it to prev val 3239 // movq target, %rdi ;; via convertIndirectCallTargetToLoad 3240 // sub $8, %rsp ;; restore correct stack value 3241 // push %rdi 3242 // movq $CallSiteID, %rdi 3243 // push %rdi 3244 // callq/jmp HandlerFuncAddr 3245 Insts.emplace_back(); 3246 createPushRegister(Insts.back(), TempReg, 8); 3247 if (UsesSP) { // Only adjust SP if we really need to 3248 Insts.emplace_back(); 3249 createStackPointerDecrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3250 } 3251 Insts.emplace_back(CallInst); 3252 // Insts.back() and CallInst now share the same annotation instruction. 3253 // Strip it from Insts.back(), only preserving tail call annotation. 3254 stripAnnotations(Insts.back(), /*KeepTC=*/true); 3255 convertIndirectCallToLoad(Insts.back(), TempReg); 3256 if (UsesSP) { 3257 Insts.emplace_back(); 3258 createStackPointerIncrement(Insts.back(), 8, /*NoFlagsClobber=*/false); 3259 } 3260 Insts.emplace_back(); 3261 createPushRegister(Insts.back(), TempReg, 8); 3262 Insts.emplace_back(); 3263 createLoadImmediate(Insts.back(), TempReg, CallSiteID); 3264 Insts.emplace_back(); 3265 createPushRegister(Insts.back(), TempReg, 8); 3266 Insts.emplace_back(); 3267 createDirectCall(Insts.back(), HandlerFuncAddr, Ctx, 3268 /*TailCall=*/TailCall); 3269 // Carry over metadata 3270 for (int I = MCPlus::getNumPrimeOperands(CallInst), 3271 E = CallInst.getNumOperands(); 3272 I != E; ++I) 3273 Insts.back().addOperand(CallInst.getOperand(I)); 3274 3275 return Insts; 3276 } 3277 3278 InstructionListType createInstrumentedIndCallHandlerExitBB() const override { 3279 const MCPhysReg TempReg = getIntArgRegister(0); 3280 // We just need to undo the sequence created for every ind call in 3281 // instrumentIndirectTarget(), which can be accomplished minimally with: 3282 // popfq 3283 // pop %rdi 3284 // add $16, %rsp 3285 // xchg (%rsp), %rdi 3286 // jmp *-8(%rsp) 3287 InstructionListType Insts(5); 3288 createPopFlags(Insts[0], 8); 3289 createPopRegister(Insts[1], TempReg, 8); 3290 createStackPointerDecrement(Insts[2], 16, /*NoFlagsClobber=*/false); 3291 createSwap(Insts[3], TempReg, X86::RSP, 0); 3292 createIndirectBranch(Insts[4], X86::RSP, -8); 3293 return Insts; 3294 } 3295 3296 InstructionListType 3297 createInstrumentedIndTailCallHandlerExitBB() const override { 3298 const MCPhysReg TempReg = getIntArgRegister(0); 3299 // Same thing as above, but for tail calls 3300 // popfq 3301 // add $16, %rsp 3302 // pop %rdi 3303 // jmp *-16(%rsp) 3304 InstructionListType Insts(4); 3305 createPopFlags(Insts[0], 8); 3306 createStackPointerDecrement(Insts[1], 16, /*NoFlagsClobber=*/false); 3307 createPopRegister(Insts[2], TempReg, 8); 3308 createIndirectBranch(Insts[3], X86::RSP, -16); 3309 return Insts; 3310 } 3311 3312 InstructionListType 3313 createInstrumentedIndCallHandlerEntryBB(const MCSymbol *InstrTrampoline, 3314 const MCSymbol *IndCallHandler, 3315 MCContext *Ctx) override { 3316 const MCPhysReg TempReg = getIntArgRegister(0); 3317 // Code sequence used to check whether InstrTampoline was initialized 3318 // and call it if so, returns via IndCallHandler. 3319 // pushfq 3320 // mov InstrTrampoline,%rdi 3321 // cmp $0x0,%rdi 3322 // je IndCallHandler 3323 // callq *%rdi 3324 // jmpq IndCallHandler 3325 InstructionListType Insts; 3326 Insts.emplace_back(); 3327 createPushFlags(Insts.back(), 8); 3328 Insts.emplace_back(); 3329 createMove(Insts.back(), InstrTrampoline, TempReg, Ctx); 3330 InstructionListType cmpJmp = createCmpJE(TempReg, 0, IndCallHandler, Ctx); 3331 Insts.insert(Insts.end(), cmpJmp.begin(), cmpJmp.end()); 3332 Insts.emplace_back(); 3333 Insts.back().setOpcode(X86::CALL64r); 3334 Insts.back().addOperand(MCOperand::createReg(TempReg)); 3335 Insts.emplace_back(); 3336 createDirectCall(Insts.back(), IndCallHandler, Ctx, /*IsTailCall*/ true); 3337 return Insts; 3338 } 3339 3340 InstructionListType createNumCountersGetter(MCContext *Ctx) const override { 3341 InstructionListType Insts(2); 3342 MCSymbol *NumLocs = Ctx->getOrCreateSymbol("__bolt_num_counters"); 3343 createMove(Insts[0], NumLocs, X86::EAX, Ctx); 3344 createReturn(Insts[1]); 3345 return Insts; 3346 } 3347 3348 InstructionListType 3349 createInstrLocationsGetter(MCContext *Ctx) const override { 3350 InstructionListType Insts(2); 3351 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_locations"); 3352 createLea(Insts[0], Locs, X86::EAX, Ctx); 3353 createReturn(Insts[1]); 3354 return Insts; 3355 } 3356 3357 InstructionListType createInstrTablesGetter(MCContext *Ctx) const override { 3358 InstructionListType Insts(2); 3359 MCSymbol *Locs = Ctx->getOrCreateSymbol("__bolt_instr_tables"); 3360 createLea(Insts[0], Locs, X86::EAX, Ctx); 3361 createReturn(Insts[1]); 3362 return Insts; 3363 } 3364 3365 InstructionListType createInstrNumFuncsGetter(MCContext *Ctx) const override { 3366 InstructionListType Insts(2); 3367 MCSymbol *NumFuncs = Ctx->getOrCreateSymbol("__bolt_instr_num_funcs"); 3368 createMove(Insts[0], NumFuncs, X86::EAX, Ctx); 3369 createReturn(Insts[1]); 3370 return Insts; 3371 } 3372 3373 InstructionListType createSymbolTrampoline(const MCSymbol *TgtSym, 3374 MCContext *Ctx) const override { 3375 InstructionListType Insts(1); 3376 createUncondBranch(Insts[0], TgtSym, Ctx); 3377 return Insts; 3378 } 3379 3380 InstructionListType createDummyReturnFunction(MCContext *Ctx) const override { 3381 InstructionListType Insts(1); 3382 createReturn(Insts[0]); 3383 return Insts; 3384 } 3385 3386 BlocksVectorTy indirectCallPromotion( 3387 const MCInst &CallInst, 3388 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3389 const std::vector<std::pair<MCSymbol *, uint64_t>> &VtableSyms, 3390 const std::vector<MCInst *> &MethodFetchInsns, 3391 const bool MinimizeCodeSize, MCContext *Ctx) override { 3392 const bool IsTailCall = isTailCall(CallInst); 3393 const bool IsJumpTable = getJumpTable(CallInst) != 0; 3394 BlocksVectorTy Results; 3395 3396 // Label for the current code block. 3397 MCSymbol *NextTarget = nullptr; 3398 3399 // The join block which contains all the instructions following CallInst. 3400 // MergeBlock remains null if CallInst is a tail call. 3401 MCSymbol *MergeBlock = nullptr; 3402 3403 unsigned FuncAddrReg = X86::R10; 3404 3405 const bool LoadElim = !VtableSyms.empty(); 3406 assert((!LoadElim || VtableSyms.size() == Targets.size()) && 3407 "There must be a vtable entry for every method " 3408 "in the targets vector."); 3409 3410 if (MinimizeCodeSize && !LoadElim) { 3411 std::set<unsigned> UsedRegs; 3412 3413 for (unsigned int I = 0; I < MCPlus::getNumPrimeOperands(CallInst); ++I) { 3414 const MCOperand &Op = CallInst.getOperand(I); 3415 if (Op.isReg()) 3416 UsedRegs.insert(Op.getReg()); 3417 } 3418 3419 if (UsedRegs.count(X86::R10) == 0) 3420 FuncAddrReg = X86::R10; 3421 else if (UsedRegs.count(X86::R11) == 0) 3422 FuncAddrReg = X86::R11; 3423 else 3424 return Results; 3425 } 3426 3427 const auto jumpToMergeBlock = [&](InstructionListType &NewCall) { 3428 assert(MergeBlock); 3429 NewCall.push_back(CallInst); 3430 MCInst &Merge = NewCall.back(); 3431 Merge.clear(); 3432 createUncondBranch(Merge, MergeBlock, Ctx); 3433 }; 3434 3435 for (unsigned int i = 0; i < Targets.size(); ++i) { 3436 Results.emplace_back(NextTarget, InstructionListType()); 3437 InstructionListType *NewCall = &Results.back().second; 3438 3439 if (MinimizeCodeSize && !LoadElim) { 3440 // Load the call target into FuncAddrReg. 3441 NewCall->push_back(CallInst); // Copy CallInst in order to get SMLoc 3442 MCInst &Target = NewCall->back(); 3443 Target.clear(); 3444 Target.setOpcode(X86::MOV64ri32); 3445 Target.addOperand(MCOperand::createReg(FuncAddrReg)); 3446 if (Targets[i].first) { 3447 // Is this OK? 3448 Target.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3449 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3450 } else { 3451 const uint64_t Addr = Targets[i].second; 3452 // Immediate address is out of sign extended 32 bit range. 3453 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3454 return BlocksVectorTy(); 3455 3456 Target.addOperand(MCOperand::createImm(Addr)); 3457 } 3458 3459 // Compare current call target to a specific address. 3460 NewCall->push_back(CallInst); 3461 MCInst &Compare = NewCall->back(); 3462 Compare.clear(); 3463 if (isBranchOnReg(CallInst)) 3464 Compare.setOpcode(X86::CMP64rr); 3465 else if (CallInst.getOpcode() == X86::CALL64pcrel32) 3466 Compare.setOpcode(X86::CMP64ri32); 3467 else 3468 Compare.setOpcode(X86::CMP64rm); 3469 3470 Compare.addOperand(MCOperand::createReg(FuncAddrReg)); 3471 3472 // TODO: Would be preferable to only load this value once. 3473 for (unsigned i = 0; 3474 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3475 if (!CallInst.getOperand(i).isInst()) 3476 Compare.addOperand(CallInst.getOperand(i)); 3477 } else { 3478 // Compare current call target to a specific address. 3479 NewCall->push_back(CallInst); 3480 MCInst &Compare = NewCall->back(); 3481 Compare.clear(); 3482 if (isBranchOnReg(CallInst)) 3483 Compare.setOpcode(X86::CMP64ri32); 3484 else 3485 Compare.setOpcode(X86::CMP64mi32); 3486 3487 // Original call address. 3488 for (unsigned i = 0; 3489 i < Info->get(CallInst.getOpcode()).getNumOperands(); ++i) 3490 if (!CallInst.getOperand(i).isInst()) 3491 Compare.addOperand(CallInst.getOperand(i)); 3492 3493 // Target address. 3494 if (Targets[i].first || LoadElim) { 3495 const MCSymbol *Sym = 3496 LoadElim ? VtableSyms[i].first : Targets[i].first; 3497 const uint64_t Addend = LoadElim ? VtableSyms[i].second : 0; 3498 const MCExpr *Expr = MCSymbolRefExpr::create(Sym, *Ctx); 3499 if (Addend) 3500 Expr = MCBinaryExpr::createAdd( 3501 Expr, MCConstantExpr::create(Addend, *Ctx), *Ctx); 3502 Compare.addOperand(MCOperand::createExpr(Expr)); 3503 } else { 3504 const uint64_t Addr = Targets[i].second; 3505 // Immediate address is out of sign extended 32 bit range. 3506 if (int64_t(Addr) != int64_t(int32_t(Addr))) 3507 return BlocksVectorTy(); 3508 3509 Compare.addOperand(MCOperand::createImm(Addr)); 3510 } 3511 } 3512 3513 // jump to next target compare. 3514 NextTarget = 3515 Ctx->createNamedTempSymbol(); // generate label for the next block 3516 NewCall->push_back(CallInst); 3517 3518 if (IsJumpTable) { 3519 MCInst &Je = NewCall->back(); 3520 3521 // Jump to next compare if target addresses don't match. 3522 Je.clear(); 3523 Je.setOpcode(X86::JCC_1); 3524 if (Targets[i].first) 3525 Je.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3526 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3527 else 3528 Je.addOperand(MCOperand::createImm(Targets[i].second)); 3529 3530 Je.addOperand(MCOperand::createImm(X86::COND_E)); 3531 assert(!isInvoke(CallInst)); 3532 } else { 3533 MCInst &Jne = NewCall->back(); 3534 3535 // Jump to next compare if target addresses don't match. 3536 Jne.clear(); 3537 Jne.setOpcode(X86::JCC_1); 3538 Jne.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3539 NextTarget, MCSymbolRefExpr::VK_None, *Ctx))); 3540 Jne.addOperand(MCOperand::createImm(X86::COND_NE)); 3541 3542 // Call specific target directly. 3543 Results.emplace_back(Ctx->createNamedTempSymbol(), 3544 InstructionListType()); 3545 NewCall = &Results.back().second; 3546 NewCall->push_back(CallInst); 3547 MCInst &CallOrJmp = NewCall->back(); 3548 3549 CallOrJmp.clear(); 3550 3551 if (MinimizeCodeSize && !LoadElim) { 3552 CallOrJmp.setOpcode(IsTailCall ? X86::JMP32r : X86::CALL64r); 3553 CallOrJmp.addOperand(MCOperand::createReg(FuncAddrReg)); 3554 } else { 3555 CallOrJmp.setOpcode(IsTailCall ? X86::JMP_4 : X86::CALL64pcrel32); 3556 3557 if (Targets[i].first) 3558 CallOrJmp.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3559 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3560 else 3561 CallOrJmp.addOperand(MCOperand::createImm(Targets[i].second)); 3562 } 3563 if (IsTailCall) 3564 setTailCall(CallOrJmp); 3565 3566 if (CallOrJmp.getOpcode() == X86::CALL64r || 3567 CallOrJmp.getOpcode() == X86::CALL64pcrel32) { 3568 if (Optional<uint32_t> Offset = getOffset(CallInst)) 3569 // Annotated as duplicated call 3570 setOffset(CallOrJmp, *Offset); 3571 } 3572 3573 if (isInvoke(CallInst) && !isInvoke(CallOrJmp)) { 3574 // Copy over any EH or GNU args size information from the original 3575 // call. 3576 Optional<MCPlus::MCLandingPad> EHInfo = getEHInfo(CallInst); 3577 if (EHInfo) 3578 addEHInfo(CallOrJmp, *EHInfo); 3579 int64_t GnuArgsSize = getGnuArgsSize(CallInst); 3580 if (GnuArgsSize >= 0) 3581 addGnuArgsSize(CallOrJmp, GnuArgsSize); 3582 } 3583 3584 if (!IsTailCall) { 3585 // The fallthrough block for the most common target should be 3586 // the merge block. 3587 if (i == 0) { 3588 // Fallthrough to merge block. 3589 MergeBlock = Ctx->createNamedTempSymbol(); 3590 } else { 3591 // Insert jump to the merge block if we are not doing a fallthrough. 3592 jumpToMergeBlock(*NewCall); 3593 } 3594 } 3595 } 3596 } 3597 3598 // Cold call block. 3599 Results.emplace_back(NextTarget, InstructionListType()); 3600 InstructionListType &NewCall = Results.back().second; 3601 for (const MCInst *Inst : MethodFetchInsns) 3602 if (Inst != &CallInst) 3603 NewCall.push_back(*Inst); 3604 NewCall.push_back(CallInst); 3605 3606 // Jump to merge block from cold call block 3607 if (!IsTailCall && !IsJumpTable) { 3608 jumpToMergeBlock(NewCall); 3609 3610 // Record merge block 3611 Results.emplace_back(MergeBlock, InstructionListType()); 3612 } 3613 3614 return Results; 3615 } 3616 3617 BlocksVectorTy jumpTablePromotion( 3618 const MCInst &IJmpInst, 3619 const std::vector<std::pair<MCSymbol *, uint64_t>> &Targets, 3620 const std::vector<MCInst *> &TargetFetchInsns, 3621 MCContext *Ctx) const override { 3622 assert(getJumpTable(IJmpInst) != 0); 3623 uint16_t IndexReg = getAnnotationAs<uint16_t>(IJmpInst, "JTIndexReg"); 3624 if (IndexReg == 0) 3625 return BlocksVectorTy(); 3626 3627 BlocksVectorTy Results; 3628 3629 // Label for the current code block. 3630 MCSymbol *NextTarget = nullptr; 3631 3632 for (unsigned int i = 0; i < Targets.size(); ++i) { 3633 Results.emplace_back(NextTarget, InstructionListType()); 3634 InstructionListType *CurBB = &Results.back().second; 3635 3636 // Compare current index to a specific index. 3637 CurBB->emplace_back(MCInst()); 3638 MCInst &CompareInst = CurBB->back(); 3639 CompareInst.setLoc(IJmpInst.getLoc()); 3640 CompareInst.setOpcode(X86::CMP64ri32); 3641 CompareInst.addOperand(MCOperand::createReg(IndexReg)); 3642 3643 const uint64_t CaseIdx = Targets[i].second; 3644 // Immediate address is out of sign extended 32 bit range. 3645 if (int64_t(CaseIdx) != int64_t(int32_t(CaseIdx))) 3646 return BlocksVectorTy(); 3647 3648 CompareInst.addOperand(MCOperand::createImm(CaseIdx)); 3649 shortenInstruction(CompareInst, *Ctx->getSubtargetInfo()); 3650 3651 // jump to next target compare. 3652 NextTarget = 3653 Ctx->createNamedTempSymbol(); // generate label for the next block 3654 CurBB->push_back(MCInst()); 3655 3656 MCInst &JEInst = CurBB->back(); 3657 JEInst.setLoc(IJmpInst.getLoc()); 3658 3659 // Jump to target if indices match 3660 JEInst.setOpcode(X86::JCC_1); 3661 JEInst.addOperand(MCOperand::createExpr(MCSymbolRefExpr::create( 3662 Targets[i].first, MCSymbolRefExpr::VK_None, *Ctx))); 3663 JEInst.addOperand(MCOperand::createImm(X86::COND_E)); 3664 } 3665 3666 // Cold call block. 3667 Results.emplace_back(NextTarget, InstructionListType()); 3668 InstructionListType &CurBB = Results.back().second; 3669 for (const MCInst *Inst : TargetFetchInsns) 3670 if (Inst != &IJmpInst) 3671 CurBB.push_back(*Inst); 3672 3673 CurBB.push_back(IJmpInst); 3674 3675 return Results; 3676 } 3677 3678 private: 3679 bool createMove(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3680 MCContext *Ctx) const { 3681 Inst.setOpcode(X86::MOV64rm); 3682 Inst.addOperand(MCOperand::createReg(Reg)); 3683 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3684 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3685 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3686 Inst.addOperand(MCOperand::createExpr( 3687 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3688 *Ctx))); // Displacement 3689 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3690 3691 return true; 3692 } 3693 3694 bool createLea(MCInst &Inst, const MCSymbol *Src, unsigned Reg, 3695 MCContext *Ctx) const { 3696 Inst.setOpcode(X86::LEA64r); 3697 Inst.addOperand(MCOperand::createReg(Reg)); 3698 Inst.addOperand(MCOperand::createReg(X86::RIP)); // BaseReg 3699 Inst.addOperand(MCOperand::createImm(1)); // ScaleAmt 3700 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // IndexReg 3701 Inst.addOperand(MCOperand::createExpr( 3702 MCSymbolRefExpr::create(Src, MCSymbolRefExpr::VK_None, 3703 *Ctx))); // Displacement 3704 Inst.addOperand(MCOperand::createReg(X86::NoRegister)); // AddrSegmentReg 3705 return true; 3706 } 3707 }; 3708 3709 } // namespace 3710 3711 namespace llvm { 3712 namespace bolt { 3713 3714 MCPlusBuilder *createX86MCPlusBuilder(const MCInstrAnalysis *Analysis, 3715 const MCInstrInfo *Info, 3716 const MCRegisterInfo *RegInfo) { 3717 return new X86MCPlusBuilder(Analysis, Info, RegInfo); 3718 } 3719 3720 } // namespace bolt 3721 } // namespace llvm 3722