LLVM 18.0.0git
CrossDSOCFI.cpp
Go to the documentation of this file.
1//===-- CrossDSOCFI.cpp - Externalize this module's CFI checks ------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This pass exports all llvm.bitset's found in the module in the form of a
10// __cfi_check function, which can be used to verify cross-DSO call targets.
11//
12//===----------------------------------------------------------------------===//
13
14#include "llvm/Transforms/IPO/CrossDSOCFI.h"
15#include "llvm/ADT/SetVector.h"
16#include "llvm/ADT/Statistic.h"
17#include "llvm/IR/Constants.h"
18#include "llvm/IR/Function.h"
19#include "llvm/IR/GlobalObject.h"
20#include "llvm/IR/IRBuilder.h"
21#include "llvm/IR/Instructions.h"
22#include "llvm/IR/Intrinsics.h"
23#include "llvm/IR/MDBuilder.h"
24#include "llvm/IR/Module.h"
25#include "llvm/TargetParser/Triple.h"
26#include "llvm/Transforms/IPO.h"
27
28using namespace llvm;
29
30#define DEBUG_TYPE "cross-dso-cfi"
31
32STATISTIC(NumTypeIds, "Number of unique type identifiers");
33
34namespace {
35
36struct CrossDSOCFI {
37 MDNode *VeryLikelyWeights;
38
39 ConstantInt *extractNumericTypeId(MDNode *MD);
40 void buildCFICheck(Module &M);
41 bool runOnModule(Module &M);
42};
43
44} // anonymous namespace
45
46/// Extracts a numeric type identifier from an MDNode containing type metadata.
47ConstantInt *CrossDSOCFI::extractNumericTypeId(MDNode *MD) {
48 // This check excludes vtables for classes inside anonymous namespaces.
49 auto TM = dyn_cast<ValueAsMetadata>(MD->getOperand(1));
50 if (!TM)
51 return nullptr;
52 auto C = dyn_cast_or_null<ConstantInt>(TM->getValue());
53 if (!C) return nullptr;
54 // We are looking for i64 constants.
55 if (C->getBitWidth() != 64) return nullptr;
56
57 return C;
58}
59
60/// buildCFICheck - emits __cfi_check for the current module.
61void CrossDSOCFI::buildCFICheck(Module &M) {
62 // FIXME: verify that __cfi_check ends up near the end of the code section,
63 // but before the jump slots created in LowerTypeTests.
64 SetVector<uint64_t> TypeIds;
65 SmallVector<MDNode *, 2> Types;
66 for (GlobalObject &GO : M.global_objects()) {
67 Types.clear();
68 GO.getMetadata(LLVMContext::MD_type, Types);
69 for (MDNode *Type : Types)
70 if (ConstantInt *TypeId = extractNumericTypeId(Type))
71 TypeIds.insert(TypeId->getZExtValue());
72 }
73
74 NamedMDNode *CfiFunctionsMD = M.getNamedMetadata("cfi.functions");
75 if (CfiFunctionsMD) {
76 for (auto *Func : CfiFunctionsMD->operands()) {
77 assert(Func->getNumOperands() >= 2);
78 for (unsigned I = 2; I < Func->getNumOperands(); ++I)
79 if (ConstantInt *TypeId =
80 extractNumericTypeId(cast<MDNode>(Func->getOperand(I).get())))
81 TypeIds.insert(TypeId->getZExtValue());
82 }
83 }
84
85 LLVMContext &Ctx = M.getContext();
86 FunctionCallee C = M.getOrInsertFunction(
87 "__cfi_check", Type::getVoidTy(Ctx), Type::getInt64Ty(Ctx),
88 PointerType::getUnqual(Ctx), PointerType::getUnqual(Ctx));
89 Function *F = cast<Function>(C.getCallee());
90 // Take over the existing function. The frontend emits a weak stub so that the
91 // linker knows about the symbol; this pass replaces the function body.
92 F->deleteBody();
93 F->setAlignment(Align(4096));
94
95 Triple T(M.getTargetTriple());
96 if (T.isARM() || T.isThumb())
97 F->addFnAttr("target-features", "+thumb-mode");
98
99 auto args = F->arg_begin();
100 Value &CallSiteTypeId = *(args++);
101 CallSiteTypeId.setName("CallSiteTypeId");
102 Value &Addr = *(args++);
103 Addr.setName("Addr");
104 Value &CFICheckFailData = *(args++);
105 CFICheckFailData.setName("CFICheckFailData");
106 assert(args == F->arg_end());
107
108 BasicBlock *BB = BasicBlock::Create(Ctx, "entry", F);
109 BasicBlock *ExitBB = BasicBlock::Create(Ctx, "exit", F);
110
111 BasicBlock *TrapBB = BasicBlock::Create(Ctx, "fail", F);
112 IRBuilder<> IRBFail(TrapBB);
113 FunctionCallee CFICheckFailFn = M.getOrInsertFunction(
114 "__cfi_check_fail", Type::getVoidTy(Ctx), PointerType::getUnqual(Ctx),
115 PointerType::getUnqual(Ctx));
116 IRBFail.CreateCall(CFICheckFailFn, {&CFICheckFailData, &Addr});
117 IRBFail.CreateBr(ExitBB);
118
119 IRBuilder<> IRBExit(ExitBB);
120 IRBExit.CreateRetVoid();
121
122 IRBuilder<> IRB(BB);
123 SwitchInst *SI = IRB.CreateSwitch(&CallSiteTypeId, TrapBB, TypeIds.size());
124 for (uint64_t TypeId : TypeIds) {
125 ConstantInt *CaseTypeId = ConstantInt::get(Type::getInt64Ty(Ctx), TypeId);
126 BasicBlock *TestBB = BasicBlock::Create(Ctx, "test", F);
127 IRBuilder<> IRBTest(TestBB);
128 Function *BitsetTestFn = Intrinsic::getDeclaration(&M, Intrinsic::type_test);
129
130 Value *Test = IRBTest.CreateCall(
131 BitsetTestFn, {&Addr, MetadataAsValue::get(
132 Ctx, ConstantAsMetadata::get(CaseTypeId))});
133 BranchInst *BI = IRBTest.CreateCondBr(Test, ExitBB, TrapBB);
134 BI->setMetadata(LLVMContext::MD_prof, VeryLikelyWeights);
135
136 SI->addCase(CaseTypeId, TestBB);
137 ++NumTypeIds;
138 }
139}
140
141bool CrossDSOCFI::runOnModule(Module &M) {
142 VeryLikelyWeights =
143 MDBuilder(M.getContext()).createBranchWeights((1U << 20) - 1, 1);
144 if (M.getModuleFlag("Cross-DSO CFI") == nullptr)
145 return false;
146 buildCFICheck(M);
147 return true;
148}
149
150PreservedAnalyses CrossDSOCFIPass::run(Module &M, ModuleAnalysisManager &AM) {
151 CrossDSOCFI Impl;
152 bool Changed = Impl.runOnModule(M);
153 if (!Changed)
154 return PreservedAnalyses::all();
155 return PreservedAnalyses::none();
156}
Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...
Addr
uint64_t Addr
Definition: ELFObjHandler.cpp:79
F
#define F(x, y, z)
Definition: MD5.cpp:55
I
#define I(x, y, z)
Definition: MD5.cpp:58
Module.h
Module.h This file contains the declarations for the Module class.
args
nvptx lower args
Definition: NVPTXLowerArgs.cpp:146
TM
const char LLVMTargetMachineRef TM
Definition: PassBuilderBindings.cpp:47
assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())
SetVector.h
This file implements a set that has insertion order iteration characteristics.
Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...
STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition: Statistic.h:167
llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: PassManager.h:649
llvm::BasicBlock
LLVM Basic Block Representation.
Definition: BasicBlock.h:60
llvm::BasicBlock::Create
static BasicBlock * Create(LLVMContext &Context, const Twine &Name="", Function *Parent=nullptr, BasicBlock *InsertBefore=nullptr)
Creates a new BasicBlock.
Definition: BasicBlock.h:206
llvm::BranchInst
Conditional or Unconditional Branch instruction.
Definition: Instructions.h:3153
llvm::ConstantAsMetadata::get
static ConstantAsMetadata * get(Constant *C)
Definition: Metadata.h:506
llvm::ConstantInt
This is the shared class of boolean and integer constants.
Definition: Constants.h:79
llvm::ConstantInt::get
static Constant * get(Type *Ty, uint64_t V, bool IsSigned=false)
If Ty is a vector type, return a Constant with a splat of the given value.
Definition: Constants.cpp:888
llvm::CrossDSOCFIPass::run
PreservedAnalyses run(Module &M, ModuleAnalysisManager &AM)
Definition: CrossDSOCFI.cpp:150
llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:168
llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition: IRBuilder.h:2639
llvm::Instruction::setMetadata
void setMetadata(unsigned KindID, MDNode *Node)
Set the metadata of the specified kind to the specified node.
Definition: Metadata.cpp:1586
llvm::LLVMContext
This is an important class for using LLVM in a threaded context.
Definition: LLVMContext.h:67
llvm::MDBuilder::createBranchWeights
MDNode * createBranchWeights(uint32_t TrueWeight, uint32_t FalseWeight)
Return metadata containing two branch weights.
Definition: MDBuilder.cpp:37
llvm::MDNode
Metadata node.
Definition: Metadata.h:1037
llvm::MDNode::getOperand
const MDOperand & getOperand(unsigned I) const
Definition: Metadata.h:1391
llvm::MetadataAsValue::get
static MetadataAsValue * get(LLVMContext &Context, Metadata *MD)
Definition: Metadata.cpp:103
llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65
llvm::NamedMDNode
A tuple of MDNodes.
Definition: Metadata.h:1692
llvm::NamedMDNode::operands
iterator_range< op_iterator > operands()
Definition: Metadata.h:1788
llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: PassManager.h:172
llvm::PreservedAnalyses::none
static PreservedAnalyses none()
Convenience factory function for the empty preserved set.
Definition: PassManager.h:175
llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition: PassManager.h:178
llvm::SetVector
A vector that has set insertion semantics.
Definition: SetVector.h:57
llvm::SetVector::size
size_type size() const
Determine the number of elements in the SetVector.
Definition: SetVector.h:98
llvm::SetVector::insert
bool insert(const value_type &X)
Insert a new element into the SetVector.
Definition: SetVector.h:162
llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1200
llvm::SwitchInst
Multiway switch.
Definition: Instructions.h:3297
llvm::Triple
Triple - Helper class for working with autoconf configuration names.
Definition: Triple.h:44
llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45
llvm::Type::getVoidTy
static Type * getVoidTy(LLVMContext &C)
llvm::Type::getInt64Ty
static IntegerType * getInt64Ty(LLVMContext &C)
llvm::Value
LLVM Value Representation.
Definition: Value.h:74
llvm::Value::setName
void setName(const Twine &Name)
Change the name of the value.
Definition: Value.cpp:377
uint64_t
llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition: CallingConv.h:34
llvm::Intrinsic::getDeclaration
Function * getDeclaration(Module *M, ID id, ArrayRef< Type * > Tys=std::nullopt)
Create or insert an LLVM Function declaration for an intrinsic, and return it.
Definition: Function.cpp:1444
llvm::rdf::Func
NodeAddr< FuncNode * > Func
Definition: RDFGraph.h:393
llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18
llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition: Alignment.h:39
Generated on Wed Dec 6 2023 19:15:44 for LLVM by doxygen 1.9.6