doxygen/CrossDSOCFI_8cpp_source.html

//===-- CrossDSOCFI.cpp - Externalize this module's CFI checks ------------===//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// This pass exports all llvm.bitset's found in the module in the form of a

// __cfi_check function, which can be used to verify cross-DSO call targets.

//

//===----------------------------------------------------------------------===//


#include "llvm/Transforms/IPO/CrossDSOCFI.h"

#include "llvm/ADT/SetVector.h"

#include "llvm/ADT/Statistic.h"

#include "llvm/IR/Constants.h"

#include "llvm/IR/Function.h"

#include "llvm/IR/GlobalObject.h"

#include "llvm/IR/IRBuilder.h"

#include "llvm/IR/Instructions.h"

#include "llvm/IR/Intrinsics.h"

#include "llvm/IR/MDBuilder.h"

#include "llvm/IR/Module.h"

#include "llvm/TargetParser/Triple.h"

#include "llvm/Transforms/IPO.h"


using namespace llvm;


#define DEBUG_TYPE "cross-dso-cfi"


STATISTIC(NumTypeIds, "Number of unique type identifiers");


namespace {


struct CrossDSOCFI {

  MDNode *VeryLikelyWeights;


  ConstantInt *extractNumericTypeId(MDNode *MD);

  void buildCFICheck(Module &M);

  bool runOnModule(Module &M);

};


} // anonymous namespace


/// Extracts a numeric type identifier from an MDNode containing type metadata.

ConstantInt *CrossDSOCFI::extractNumericTypeId(MDNode *MD) {

  // This check excludes vtables for classes inside anonymous namespaces.

  auto TM = dyn_cast<ValueAsMetadata>(MD->getOperand(1));

  if (!TM)

    return nullptr;

  auto C = dyn_cast_or_null<ConstantInt>(TM->getValue());

  if (!C) return nullptr;

  // We are looking for i64 constants.

  if (C->getBitWidth() != 64) return nullptr;


  return C;

}


/// buildCFICheck - emits __cfi_check for the current module.

void CrossDSOCFI::buildCFICheck(Module &M) {

  // FIXME: verify that __cfi_check ends up near the end of the code section,

  // but before the jump slots created in LowerTypeTests.

  SetVector<uint64_t> TypeIds;

  SmallVector<MDNode *, 2> Types;

  for (GlobalObject &GO : M.global_objects()) {

    Types.clear();

    GO.getMetadata(LLVMContext::MD_type, Types);

    for (MDNode *Type : Types)

      if (ConstantInt *TypeId = extractNumericTypeId(Type))

        TypeIds.insert(TypeId->getZExtValue());

  }


  NamedMDNode *CfiFunctionsMD = M.getNamedMetadata("cfi.functions");

  if (CfiFunctionsMD) {

    for (auto *Func : CfiFunctionsMD->operands()) {

      assert(Func->getNumOperands() >= 2);

      for (unsigned I = 2; I < Func->getNumOperands(); ++I)

        if (ConstantInt *TypeId =

                extractNumericTypeId(cast<MDNode>(Func->getOperand(I).get())))

          TypeIds.insert(TypeId->getZExtValue());

    }

  }


  LLVMContext &Ctx = M.getContext();

  FunctionCallee C = M.getOrInsertFunction(

      "__cfi_check", Type::getVoidTy(Ctx), Type::getInt64Ty(Ctx),

      Type::getInt8PtrTy(Ctx), Type::getInt8PtrTy(Ctx));

  Function *F = cast<Function>(C.getCallee());

  // Take over the existing function. The frontend emits a weak stub so that the

  // linker knows about the symbol; this pass replaces the function body.

  F->deleteBody();

  F->setAlignment(Align(4096));


  Triple T(M.getTargetTriple());

  if (T.isARM() || T.isThumb())

    F->addFnAttr("target-features", "+thumb-mode");


  auto args = F->arg_begin();

  Value &CallSiteTypeId = *(args++);

  CallSiteTypeId.setName("CallSiteTypeId");

  Value &Addr = *(args++);

  Addr.setName("Addr");

  Value &CFICheckFailData = *(args++);

  CFICheckFailData.setName("CFICheckFailData");

  assert(args == F->arg_end());


  BasicBlock *BB = BasicBlock::Create(Ctx, "entry", F);

  BasicBlock *ExitBB = BasicBlock::Create(Ctx, "exit", F);


  BasicBlock *TrapBB = BasicBlock::Create(Ctx, "fail", F);

  IRBuilder<> IRBFail(TrapBB);

  FunctionCallee CFICheckFailFn =

      M.getOrInsertFunction("__cfi_check_fail", Type::getVoidTy(Ctx),

                            Type::getInt8PtrTy(Ctx), Type::getInt8PtrTy(Ctx));

  IRBFail.CreateCall(CFICheckFailFn, {&CFICheckFailData, &Addr});

  IRBFail.CreateBr(ExitBB);


  IRBuilder<> IRBExit(ExitBB);

  IRBExit.CreateRetVoid();


  IRBuilder<> IRB(BB);

  SwitchInst *SI = IRB.CreateSwitch(&CallSiteTypeId, TrapBB, TypeIds.size());

  for (uint64_t TypeId : TypeIds) {

    ConstantInt *CaseTypeId = ConstantInt::get(Type::getInt64Ty(Ctx), TypeId);

    BasicBlock *TestBB = BasicBlock::Create(Ctx, "test", F);

    IRBuilder<> IRBTest(TestBB);

    Function *BitsetTestFn = Intrinsic::getDeclaration(&M, Intrinsic::type_test);


    Value *Test = IRBTest.CreateCall(

        BitsetTestFn, {&Addr, MetadataAsValue::get(

                                  Ctx, ConstantAsMetadata::get(CaseTypeId))});

    BranchInst *BI = IRBTest.CreateCondBr(Test, ExitBB, TrapBB);

    BI->setMetadata(LLVMContext::MD_prof, VeryLikelyWeights);


    SI->addCase(CaseTypeId, TestBB);

    ++NumTypeIds;

  }

}


bool CrossDSOCFI::runOnModule(Module &M) {

  VeryLikelyWeights =

    MDBuilder(M.getContext()).createBranchWeights((1U << 20) - 1, 1);

  if (M.getModuleFlag("Cross-DSO CFI") == nullptr)

    return false;

  buildCFICheck(M);

  return true;

}


PreservedAnalyses CrossDSOCFIPass::run(Module &M, ModuleAnalysisManager &AM) {

  CrossDSOCFI Impl;

  bool Changed = Impl.runOnModule(M);

  if (!Changed)

    return PreservedAnalyses::all();

  return PreservedAnalyses::none();

}

Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...

CrossDSOCFI.h

Addr
uint64_t Addr
Definition: ELFObjHandler.cpp:79

Function.h

GlobalObject.h

IPO.h

IRBuilder.h

Instructions.h

Intrinsics.h

F
#define F(x, y, z)
Definition: MD5.cpp:55

I
#define I(x, y, z)
Definition: MD5.cpp:58

MDBuilder.h

Module.h
Module.h This file contains the declarations for the Module class.

args
nvptx lower args
Definition: NVPTXLowerArgs.cpp:146

TM
const char LLVMTargetMachineRef TM
Definition: PassBuilderBindings.cpp:47

SI
@ SI
Definition: SIInstrInfo.cpp:8136

assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())

SetVector.h
This file implements a set that has insertion order iteration characteristics.

Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...

STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition: Statistic.h:167

Triple.h

T

llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: PassManager.h:620

llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:56

llvm::BasicBlock::Create
static BasicBlock * Create(LLVMContext &Context, const Twine &Name="", Function *Parent=nullptr, BasicBlock *InsertBefore=nullptr)
Creates a new BasicBlock.
Definition: BasicBlock.h:105

llvm::BranchInst
Conditional or Unconditional Branch instruction.
Definition: Instructions.h:3170

llvm::ConstantAsMetadata::get
static ConstantAsMetadata * get(Constant *C)
Definition: Metadata.h:419

llvm::ConstantInt
This is the shared class of boolean and integer constants.
Definition: Constants.h:78

llvm::ConstantInt::get
static Constant * get(Type *Ty, uint64_t V, bool IsSigned=false)
If Ty is a vector type, return a Constant with a splat of the given value.
Definition: Constants.cpp:888

llvm::CrossDSOCFIPass::run
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition: CrossDSOCFI.cpp:150

llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:165

llvm::Function
Definition: Function.h:60

llvm::GlobalObject
Definition: GlobalObject.h:27

llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition: IRBuilder.h:2570

llvm::Instruction::setMetadata
void setMetadata(unsigned KindID, MDNode *Node)
Set the metadata of the specified kind to the specified node.
Definition: Metadata.cpp:1521

llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:67

llvm::MDBuilder
Definition: MDBuilder.h:36

llvm::MDBuilder::createBranchWeights
MDNode * createBranchWeights(uint32_t TrueWeight, uint32_t FalseWeight)
Return metadata containing two branch weights.
Definition: MDBuilder.cpp:37

llvm::MDNode
Metadata node.
Definition: Metadata.h:950

llvm::MDNode::getOperand
const MDOperand & getOperand(unsigned I) const
Definition: Metadata.h:1303

llvm::MetadataAsValue::get
static MetadataAsValue * get(LLVMContext &Context, Metadata *MD)
Definition: Metadata.cpp:102

llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65

llvm::NamedMDNode
A tuple of MDNodes.
Definition: Metadata.h:1604

llvm::NamedMDNode::operands
iterator_range< op_iterator > operands()
Definition: Metadata.h:1700

llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: PassManager.h:152

llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition: PassManager.h:155

llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition: PassManager.h:158

llvm::SetVector
A vector that has set insertion semantics.
Definition: SetVector.h:51

llvm::SetVector::size
size_type size() const
Determine the number of elements in the SetVector.
Definition: SetVector.h:88

llvm::SetVector::insert
bool insert(const value_type &X)
Insert a new element into the SetVector.
Definition: SetVector.h:152

llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1200

llvm::SwitchInst
Multiway switch.
Definition: Instructions.h:3314

llvm::Triple
Triple - Helper class for working with autoconf configuration names.
Definition: Triple.h:44

llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45

llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)

llvm::Type::getInt8PtrTy
static PointerType * getInt8PtrTy(LLVMContext &C, unsigned AS=0)

llvm::Type::getInt64Ty
static IntegerType * getInt64Ty(LLVMContext &C)

llvm::Value
LLVM Value Representation.
Definition: Value.h:74

llvm::Value::setName
void setName(const Twine &Name)
Change the name of the value.
Definition: Value.cpp:378

uint64_t

llvm::ARM::ProfileKind::M
@ M

llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition: CallingConv.h:34

llvm::Intrinsic::getDeclaration
Function * getDeclaration(Module *M, ID id, ArrayRef< Type * > Tys=std::nullopt)
Create or insert an LLVM Function declaration for an intrinsic, and return it.
Definition: Function.cpp:1465

llvm::ifs::IFSSymbolType::Func
@ Func

llvm::logicalview::LVCompareKind::Types
@ Types

llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18

llvm::PGSOQueryType::Test
@ Test

llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition: Alignment.h:39