Thanks to visit codestin.com
Credit goes to llvm.org

LLVM 22.0.0git
KCFI.cpp
Go to the documentation of this file.
1//===-- KCFI.cpp - Generic KCFI operand bundle lowering ---------*- C++ -*-===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This pass emits generic KCFI indirect call checks for targets that don't
10// support lowering KCFI operand bundles in the back-end.
11//
12//===----------------------------------------------------------------------===//
13
14#include "llvm/Transforms/Instrumentation/KCFI.h"
15#include "llvm/ADT/Statistic.h"
16#include "llvm/IR/Constants.h"
17#include "llvm/IR/DiagnosticInfo.h"
18#include "llvm/IR/DiagnosticPrinter.h"
19#include "llvm/IR/Function.h"
20#include "llvm/IR/IRBuilder.h"
21#include "llvm/IR/InstIterator.h"
22#include "llvm/IR/Instructions.h"
23#include "llvm/IR/Intrinsics.h"
24#include "llvm/IR/MDBuilder.h"
25#include "llvm/IR/Module.h"
26#include "llvm/Target/TargetMachine.h"
27#include "llvm/Transforms/Utils/BasicBlockUtils.h"
28
29using namespace llvm;
30
31#define DEBUG_TYPE "kcfi"
32
33STATISTIC(NumKCFIChecks, "Number of kcfi operands transformed into checks");
34
35namespace {
36class DiagnosticInfoKCFI : public DiagnosticInfo {
37 const Twine &Msg;
38
39public:
40 DiagnosticInfoKCFI(const Twine &DiagMsg LLVM_LIFETIME_BOUND,
41 DiagnosticSeverity Severity = DS_Error)
42 : DiagnosticInfo(DK_Linker, Severity), Msg(DiagMsg) {}
43 void print(DiagnosticPrinter &DP) const override { DP << Msg; }
44};
45} // namespace
46
47PreservedAnalyses KCFIPass::run(Function &F, FunctionAnalysisManager &AM) {
48 Module &M = *F.getParent();
49 if (!M.getModuleFlag("kcfi"))
50 return PreservedAnalyses::all();
51
52 // Find call instructions with KCFI operand bundles.
53 SmallVector<CallInst *> KCFICalls;
54 for (Instruction &I : instructions(F)) {
55 if (auto *CI = dyn_cast<CallInst>(&I))
56 if (CI->getOperandBundle(LLVMContext::OB_kcfi))
57 KCFICalls.push_back(CI);
58 }
59
60 if (KCFICalls.empty())
61 return PreservedAnalyses::all();
62
63 LLVMContext &Ctx = M.getContext();
64 // patchable-function-prefix emits nops between the KCFI type identifier
65 // and the function start. As we don't know the size of the emitted nops,
66 // don't allow this attribute with generic lowering.
67 if (F.hasFnAttribute("patchable-function-prefix"))
68 Ctx.diagnose(
69 DiagnosticInfoKCFI("-fpatchable-function-entry=N,M, where M>0 is not "
70 "compatible with -fsanitize=kcfi on this target"));
71
72 IntegerType *Int32Ty = Type::getInt32Ty(Ctx);
73 MDNode *VeryUnlikelyWeights = MDBuilder(Ctx).createUnlikelyBranchWeights();
74 Triple T(M.getTargetTriple());
75
76 for (CallInst *CI : KCFICalls) {
77 // Get the expected hash value.
78 const uint32_t ExpectedHash =
79 cast<ConstantInt>(CI->getOperandBundle(LLVMContext::OB_kcfi)->Inputs[0])
80 ->getZExtValue();
81
82 // Drop the KCFI operand bundle.
83 CallBase *Call = CallBase::removeOperandBundle(CI, LLVMContext::OB_kcfi,
84 CI->getIterator());
85 assert(Call != CI);
86 Call->copyMetadata(*CI);
87 CI->replaceAllUsesWith(Call);
88 CI->eraseFromParent();
89
90 if (!Call->isIndirectCall())
91 continue;
92
93 // Emit a check and trap if the target hash doesn't match.
94 IRBuilder<> Builder(Call);
95 Value *FuncPtr = Call->getCalledOperand();
96 // ARM uses the least significant bit of the function pointer to select
97 // between ARM and Thumb modes for the callee. Instructions are always
98 // at least 16-bit aligned, so clear the LSB before we compute the hash
99 // location.
100 if (T.isARM() || T.isThumb()) {
101 FuncPtr = Builder.CreateIntToPtr(
102 Builder.CreateAnd(Builder.CreatePtrToInt(FuncPtr, Int32Ty),
103 ConstantInt::get(Int32Ty, -2)),
104 FuncPtr->getType());
105 }
106 Value *HashPtr = Builder.CreateConstInBoundsGEP1_32(Int32Ty, FuncPtr, -1);
107 Value *Test = Builder.CreateICmpNE(Builder.CreateLoad(Int32Ty, HashPtr),
108 ConstantInt::get(Int32Ty, ExpectedHash));
109 Instruction *ThenTerm =
110 SplitBlockAndInsertIfThen(Test, Call, false, VeryUnlikelyWeights);
111 Builder.SetInsertPoint(ThenTerm);
112 Builder.CreateIntrinsic(Intrinsic::debugtrap, {});
113 ++NumKCFIChecks;
114 }
115
116 return PreservedAnalyses::none();
117}
assert
assert(UImm &&(UImm !=~static_cast< T >(0)) &&"Invalid immediate!")
instructions
Expand Atomic instructions
Definition AtomicExpandPass.cpp:183
LLVM_LIFETIME_BOUND
#define LLVM_LIFETIME_BOUND
Definition Compiler.h:435
Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...
Module.h
Module.h This file contains the declarations for the Module class.
F
#define F(x, y, z)
Definition MD5.cpp:55
I
#define I(x, y, z)
Definition MD5.cpp:58
T
#define T
Definition Mips16ISelLowering.cpp:353
Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...
STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition Statistic.h:171
llvm::CallBase
Base class for all callable instructions (InvokeInst and CallInst) Holds everything related to callin...
Definition InstrTypes.h:1116
llvm::CallBase::removeOperandBundle
static LLVM_ABI CallBase * removeOperandBundle(CallBase *CB, uint32_t ID, InsertPosition InsertPt=nullptr)
Create a clone of CB with operand bundle ID removed.
Definition Instructions.cpp:600
llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition Instructions.h:1510
llvm::DiagnosticInfo
This is the base abstract class for diagnostic reporting in the backend.
Definition DiagnosticInfo.h:115
llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition IRBuilder.h:2780
llvm::IntegerType
Class to represent integer types.
Definition DerivedTypes.h:42
llvm::KCFIPass::run
LLVM_ABI PreservedAnalyses run(Function &F, FunctionAnalysisManager &AM)
Definition KCFI.cpp:47
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition LLVMContext.h:68
llvm::LLVMContext::diagnose
LLVM_ABI void diagnose(const DiagnosticInfo &DI)
Report a message to the currently installed diagnostic handler.
Definition LLVMContext.cpp:245
llvm::MDBuilder::createUnlikelyBranchWeights
LLVM_ABI MDNode * createUnlikelyBranchWeights()
Return metadata containing two branch weights, with significant bias towards false destination.
Definition MDBuilder.cpp:48
llvm::MDNode
Metadata node.
Definition Metadata.h:1077
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition Module.h:67
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition Analysis.h:112
llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition Analysis.h:115
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition Analysis.h:118
llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition SmallVector.h:413
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition SmallVector.h:1196
llvm::Triple
Triple - Helper class for working with autoconf configuration names.
Definition Triple.h:47
llvm::Twine
Twine - A lightweight data structure for efficiently representing the concatenation of temporary valu...
Definition Twine.h:82
llvm::Type::getInt32Ty
static LLVM_ABI IntegerType * getInt32Ty(LLVMContext &C)
Definition Type.cpp:297
llvm::Value
LLVM Value Representation.
Definition Value.h:75
llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition Value.h:256
uint32_t
Call
CallInst * Call
Definition ObjCARCOpts.cpp:2360
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition AddressRanges.h:18
llvm::print
Printable print(const GCNRegPressure &RP, const GCNSubtarget *ST=nullptr, unsigned DynamicVGPRBlockSize=0)
Definition GCNRegPressure.cpp:237
llvm::dyn_cast
decltype(auto) dyn_cast(const From &Val)
dyn_cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:649
llvm::Int32Ty
FunctionAddr VTableAddr uintptr_t uintptr_t Int32Ty
Definition InstrProf.h:296
llvm::DiagnosticSeverity
DiagnosticSeverity
Defines the different supported severity of a diagnostic.
Definition DiagnosticInfo.h:51
llvm::cast
decltype(auto) cast(const From &Val)
cast<X> - Return the argument parameter cast to the specified type.
Definition Casting.h:565
llvm::SplitBlockAndInsertIfThen
LLVM_ABI Instruction * SplitBlockAndInsertIfThen(Value *Cond, BasicBlock::iterator SplitBefore, bool Unreachable, MDNode *BranchWeights=nullptr, DomTreeUpdater *DTU=nullptr, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition BasicBlockUtils.cpp:1486
llvm::FunctionAnalysisManager
AnalysisManager< Function > FunctionAnalysisManager
Convenience typedef for the Function analysis manager.
Definition PassManager.h:564
Generated on for LLVM by doxygen 1.14.0