doxygen/SafeStack_8cpp_source.html

//===- SafeStack.cpp - Safe Stack Insertion -------------------------------===//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// This pass splits the stack into the safe stack (kept as-is for LLVM backend)

// and the unsafe stack (explicitly allocated and managed through the runtime

// support library).

//

// http://clang.llvm.org/docs/SafeStack.html

//

//===----------------------------------------------------------------------===//


#include "llvm/CodeGen/SafeStack.h"

#include "SafeStackLayout.h"

#include "llvm/ADT/APInt.h"

#include "llvm/ADT/ArrayRef.h"

#include "llvm/ADT/SmallPtrSet.h"

#include "llvm/ADT/SmallVector.h"

#include "llvm/ADT/Statistic.h"

#include "llvm/Analysis/AssumptionCache.h"

#include "llvm/Analysis/BranchProbabilityInfo.h"

#include "llvm/Analysis/DomTreeUpdater.h"

#include "llvm/Analysis/InlineCost.h"

#include "llvm/Analysis/LoopInfo.h"

#include "llvm/Analysis/ScalarEvolution.h"

#include "llvm/Analysis/ScalarEvolutionExpressions.h"

#include "llvm/Analysis/StackLifetime.h"

#include "llvm/Analysis/TargetLibraryInfo.h"

#include "llvm/CodeGen/TargetLowering.h"

#include "llvm/CodeGen/TargetPassConfig.h"

#include "llvm/CodeGen/TargetSubtargetInfo.h"

#include "llvm/IR/Argument.h"

#include "llvm/IR/Attributes.h"

#include "llvm/IR/ConstantRange.h"

#include "llvm/IR/Constants.h"

#include "llvm/IR/DIBuilder.h"

#include "llvm/IR/DataLayout.h"

#include "llvm/IR/DerivedTypes.h"

#include "llvm/IR/Dominators.h"

#include "llvm/IR/Function.h"

#include "llvm/IR/IRBuilder.h"

#include "llvm/IR/InstIterator.h"

#include "llvm/IR/Instruction.h"

#include "llvm/IR/Instructions.h"

#include "llvm/IR/IntrinsicInst.h"

#include "llvm/IR/Intrinsics.h"

#include "llvm/IR/MDBuilder.h"

#include "llvm/IR/Metadata.h"

#include "llvm/IR/Module.h"

#include "llvm/IR/Type.h"

#include "llvm/IR/Use.h"

#include "llvm/IR/Value.h"

#include "llvm/InitializePasses.h"

#include "llvm/Pass.h"

#include "llvm/Support/Casting.h"

#include "llvm/Support/Debug.h"

#include "llvm/Support/ErrorHandling.h"

#include "llvm/Support/raw_ostream.h"

#include "llvm/Target/TargetMachine.h"

#include "llvm/Transforms/Utils/BasicBlockUtils.h"

#include "llvm/Transforms/Utils/Cloning.h"

#include "llvm/Transforms/Utils/Local.h"

#include <algorithm>

#include <cassert>

#include <cstdint>

#include <optional>

#include <string>

#include <utility>


using namespace llvm;

using namespace llvm::safestack;


#define DEBUG_TYPE "safe-stack"


namespace llvm {


STATISTIC(NumFunctions, "Total number of functions");

STATISTIC(NumUnsafeStackFunctions, "Number of functions with unsafe stack");

STATISTIC(NumUnsafeStackRestorePointsFunctions,

          "Number of functions that use setjmp or exceptions");


STATISTIC(NumAllocas, "Total number of allocas");

STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas");

STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas");

STATISTIC(NumUnsafeByValArguments, "Number of unsafe byval arguments");

STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads");


} // namespace llvm


/// Use __safestack_pointer_address even if the platform has a faster way of

/// access safe stack pointer.

static cl::opt<bool>

    SafeStackUsePointerAddress("safestack-use-pointer-address",

                                  cl::init(false), cl::Hidden);


static cl::opt<bool> ClColoring("safe-stack-coloring",

                                cl::desc("enable safe stack coloring"),

                                cl::Hidden, cl::init(true));


namespace {


/// The SafeStack pass splits the stack of each function into the safe

/// stack, which is only accessed through memory safe dereferences (as

/// determined statically), and the unsafe stack, which contains all

/// local variables that are accessed in ways that we can't prove to

/// be safe.

class SafeStack {

  Function &F;

  const TargetLoweringBase &TL;

  const DataLayout &DL;

  DomTreeUpdater *DTU;

  ScalarEvolution &SE;


  Type *StackPtrTy;

  Type *IntPtrTy;

  Type *Int32Ty;


  Value *UnsafeStackPtr = nullptr;


  /// Unsafe stack alignment. Each stack frame must ensure that the stack is

  /// aligned to this value. We need to re-align the unsafe stack if the

  /// alignment of any object on the stack exceeds this value.

  ///

  /// 16 seems like a reasonable upper bound on the alignment of objects that we

  /// might expect to appear on the stack on most common targets.

  static constexpr Align StackAlignment = Align::Constant<16>();


  /// Return the value of the stack canary.

  Value *getStackGuard(IRBuilder<> &IRB, Function &F);


  /// Load stack guard from the frame and check if it has changed.

  void checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,

                       AllocaInst *StackGuardSlot, Value *StackGuard);


  /// Find all static allocas, dynamic allocas, return instructions and

  /// stack restore points (exception unwind blocks and setjmp calls) in the

  /// given function and append them to the respective vectors.

  void findInsts(Function &F, SmallVectorImpl<AllocaInst *> &StaticAllocas,

                 SmallVectorImpl<AllocaInst *> &DynamicAllocas,

                 SmallVectorImpl<Argument *> &ByValArguments,

                 SmallVectorImpl<Instruction *> &Returns,

                 SmallVectorImpl<Instruction *> &StackRestorePoints);


  /// Calculate the allocation size of a given alloca. Returns 0 if the

  /// size can not be statically determined.

  uint64_t getStaticAllocaAllocationSize(const AllocaInst* AI);


  /// Allocate space for all static allocas in \p StaticAllocas,

  /// replace allocas with pointers into the unsafe stack.

  ///

  /// \returns A pointer to the top of the unsafe stack after all unsafe static

  /// allocas are allocated.

  Value *moveStaticAllocasToUnsafeStack(IRBuilder<> &IRB, Function &F,

                                        ArrayRef<AllocaInst *> StaticAllocas,

                                        ArrayRef<Argument *> ByValArguments,

                                        Instruction *BasePointer,

                                        AllocaInst *StackGuardSlot);


  /// Generate code to restore the stack after all stack restore points

  /// in \p StackRestorePoints.

  ///

  /// \returns A local variable in which to maintain the dynamic top of the

  /// unsafe stack if needed.

  AllocaInst *

  createStackRestorePoints(IRBuilder<> &IRB, Function &F,

                           ArrayRef<Instruction *> StackRestorePoints,

                           Value *StaticTop, bool NeedDynamicTop);


  /// Replace all allocas in \p DynamicAllocas with code to allocate

  /// space dynamically on the unsafe stack and store the dynamic unsafe stack

  /// top to \p DynamicTop if non-null.

  void moveDynamicAllocasToUnsafeStack(Function &F, Value *UnsafeStackPtr,

                                       AllocaInst *DynamicTop,

                                       ArrayRef<AllocaInst *> DynamicAllocas);


  bool IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize);


  bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,

                          const Value *AllocaPtr, uint64_t AllocaSize);

  bool IsAccessSafe(Value *Addr, uint64_t Size, const Value *AllocaPtr,

                    uint64_t AllocaSize);


  bool ShouldInlinePointerAddress(CallInst &CI);

  void TryInlinePointerAddress();


public:

  SafeStack(Function &F, const TargetLoweringBase &TL, const DataLayout &DL,

            DomTreeUpdater *DTU, ScalarEvolution &SE)

      : F(F), TL(TL), DL(DL), DTU(DTU), SE(SE),

        StackPtrTy(DL.getAllocaPtrType(F.getContext())),

        IntPtrTy(DL.getIntPtrType(F.getContext())),

        Int32Ty(Type::getInt32Ty(F.getContext())) {}


  // Run the transformation on the associated function.

  // Returns whether the function was changed.

  bool run();

};


constexpr Align SafeStack::StackAlignment;


uint64_t SafeStack::getStaticAllocaAllocationSize(const AllocaInst* AI) {

  uint64_t Size = DL.getTypeAllocSize(AI->getAllocatedType());

  if (AI->isArrayAllocation()) {

    auto C = dyn_cast<ConstantInt>(AI->getArraySize());

    if (!C)

      return 0;

    Size *= C->getZExtValue();

  }

  return Size;

}


bool SafeStack::IsAccessSafe(Value *Addr, uint64_t AccessSize,

                             const Value *AllocaPtr, uint64_t AllocaSize) {

  const SCEV *AddrExpr = SE.getSCEV(Addr);

  const auto *Base = dyn_cast<SCEVUnknown>(SE.getPointerBase(AddrExpr));

  if (!Base || Base->getValue() != AllocaPtr) {

    LLVM_DEBUG(

        dbgs() << "[SafeStack] "

               << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")

               << *AllocaPtr << "\n"

               << "SCEV " << *AddrExpr << " not directly based on alloca\n");

    return false;

  }


  const SCEV *Expr = SE.removePointerBase(AddrExpr);

  uint64_t BitWidth = SE.getTypeSizeInBits(Expr->getType());

  ConstantRange AccessStartRange = SE.getUnsignedRange(Expr);

  ConstantRange SizeRange =

      ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AccessSize));

  ConstantRange AccessRange = AccessStartRange.add(SizeRange);

  ConstantRange AllocaRange =

      ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AllocaSize));

  bool Safe = AllocaRange.contains(AccessRange);


  LLVM_DEBUG(

      dbgs() << "[SafeStack] "

             << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")

             << *AllocaPtr << "\n"

             << "            Access " << *Addr << "\n"

             << "            SCEV " << *Expr

             << " U: " << SE.getUnsignedRange(Expr)

             << ", S: " << SE.getSignedRange(Expr) << "\n"

             << "            Range " << AccessRange << "\n"

             << "            AllocaRange " << AllocaRange << "\n"

             << "            " << (Safe ? "safe" : "unsafe") << "\n");


  return Safe;

}


bool SafeStack::IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,

                                   const Value *AllocaPtr,

                                   uint64_t AllocaSize) {

  if (auto MTI = dyn_cast<MemTransferInst>(MI)) {

    if (MTI->getRawSource() != U && MTI->getRawDest() != U)

      return true;

  } else {

    if (MI->getRawDest() != U)

      return true;

  }


  const auto *Len = dyn_cast<ConstantInt>(MI->getLength());

  // Non-constant size => unsafe. FIXME: try SCEV getRange.

  if (!Len) return false;

  return IsAccessSafe(U, Len->getZExtValue(), AllocaPtr, AllocaSize);

}


/// Check whether a given allocation must be put on the safe

/// stack or not. The function analyzes all uses of AI and checks whether it is

/// only accessed in a memory safe way (as decided statically).

bool SafeStack::IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize) {

  // Go through all uses of this alloca and check whether all accesses to the

  // allocated object are statically known to be memory safe and, hence, the

  // object can be placed on the safe stack.

  SmallPtrSet<const Value *, 16> Visited;

  SmallVector<const Value *, 8> WorkList;

  WorkList.push_back(AllocaPtr);


  // A DFS search through all uses of the alloca in bitcasts/PHI/GEPs/etc.

  while (!WorkList.empty()) {

    const Value *V = WorkList.pop_back_val();

    for (const Use &UI : V->uses()) {

      auto I = cast<const Instruction>(UI.getUser());

      assert(V == UI.get());


      switch (I->getOpcode()) {

      case Instruction::Load:

        if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getType()), AllocaPtr,

                          AllocaSize))

          return false;

        break;


      case Instruction::VAArg:

        // "va-arg" from a pointer is safe.

        break;

      case Instruction::Store:

        if (V == I->getOperand(0)) {

          // Stored the pointer - conservatively assume it may be unsafe.

          LLVM_DEBUG(dbgs()

                     << "[SafeStack] Unsafe alloca: " << *AllocaPtr

                     << "\n            store of address: " << *I << "\n");

          return false;

        }


        if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getOperand(0)->getType()),

                          AllocaPtr, AllocaSize))

          return false;

        break;


      case Instruction::Ret:

        // Information leak.

        return false;


      case Instruction::Call:

      case Instruction::Invoke: {

        const CallBase &CS = *cast<CallBase>(I);


        if (I->isLifetimeStartOrEnd())

          continue;


        if (const MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {

          if (!IsMemIntrinsicSafe(MI, UI, AllocaPtr, AllocaSize)) {

            LLVM_DEBUG(dbgs()

                       << "[SafeStack] Unsafe alloca: " << *AllocaPtr

                       << "\n            unsafe memintrinsic: " << *I << "\n");

            return false;

          }

          continue;

        }


        // LLVM 'nocapture' attribute is only set for arguments whose address

        // is not stored, passed around, or used in any other non-trivial way.

        // We assume that passing a pointer to an object as a 'nocapture

        // readnone' argument is safe.

        // FIXME: a more precise solution would require an interprocedural

        // analysis here, which would look at all uses of an argument inside

        // the function being called.

        auto B = CS.arg_begin(), E = CS.arg_end();

        for (const auto *A = B; A != E; ++A)

          if (A->get() == V)

            if (!(CS.doesNotCapture(A - B) && (CS.doesNotAccessMemory(A - B) ||

                                               CS.doesNotAccessMemory()))) {

              LLVM_DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AllocaPtr

                                << "\n            unsafe call: " << *I << "\n");

              return false;

            }

        continue;

      }


      default:

        if (Visited.insert(I).second)

          WorkList.push_back(cast<const Instruction>(I));

      }

    }

  }


  // All uses of the alloca are safe, we can place it on the safe stack.

  return true;

}


Value *SafeStack::getStackGuard(IRBuilder<> &IRB, Function &F) {

  Value *StackGuardVar = TL.getIRStackGuard(IRB);

  Module *M = F.getParent();


  if (!StackGuardVar) {

    TL.insertSSPDeclarations(*M);

    return IRB.CreateIntrinsic(Intrinsic::stackguard, {}, {});

  }


  return IRB.CreateLoad(StackPtrTy, StackGuardVar, "StackGuard");

}


void SafeStack::findInsts(Function &F,

                          SmallVectorImpl<AllocaInst *> &StaticAllocas,

                          SmallVectorImpl<AllocaInst *> &DynamicAllocas,

                          SmallVectorImpl<Argument *> &ByValArguments,

                          SmallVectorImpl<Instruction *> &Returns,

                          SmallVectorImpl<Instruction *> &StackRestorePoints) {

  for (Instruction &I : instructions(&F)) {

    if (auto AI = dyn_cast<AllocaInst>(&I)) {

      ++NumAllocas;


      uint64_t Size = getStaticAllocaAllocationSize(AI);

      if (IsSafeStackAlloca(AI, Size))

        continue;


      if (AI->isStaticAlloca()) {

        ++NumUnsafeStaticAllocas;

        StaticAllocas.push_back(AI);

      } else {

        ++NumUnsafeDynamicAllocas;

        DynamicAllocas.push_back(AI);

      }

    } else if (auto RI = dyn_cast<ReturnInst>(&I)) {

      if (CallInst *CI = I.getParent()->getTerminatingMustTailCall())

        Returns.push_back(CI);

      else

        Returns.push_back(RI);

    } else if (auto CI = dyn_cast<CallInst>(&I)) {

      // setjmps require stack restore.

      if (CI->getCalledFunction() && CI->canReturnTwice())

        StackRestorePoints.push_back(CI);

    } else if (auto LP = dyn_cast<LandingPadInst>(&I)) {

      // Exception landing pads require stack restore.

      StackRestorePoints.push_back(LP);

    } else if (auto II = dyn_cast<IntrinsicInst>(&I)) {

      if (II->getIntrinsicID() == Intrinsic::gcroot)

        report_fatal_error(

            "gcroot intrinsic not compatible with safestack attribute");

    }

  }

  for (Argument &Arg : F.args()) {

    if (!Arg.hasByValAttr())

      continue;

    uint64_t Size = DL.getTypeStoreSize(Arg.getParamByValType());

    if (IsSafeStackAlloca(&Arg, Size))

      continue;


    ++NumUnsafeByValArguments;

    ByValArguments.push_back(&Arg);

  }

}


AllocaInst *

SafeStack::createStackRestorePoints(IRBuilder<> &IRB, Function &F,

                                    ArrayRef<Instruction *> StackRestorePoints,

                                    Value *StaticTop, bool NeedDynamicTop) {

  assert(StaticTop && "The stack top isn't set.");


  if (StackRestorePoints.empty())

    return nullptr;


  // We need the current value of the shadow stack pointer to restore

  // after longjmp or exception catching.


  // FIXME: On some platforms this could be handled by the longjmp/exception

  // runtime itself.


  AllocaInst *DynamicTop = nullptr;

  if (NeedDynamicTop) {

    // If we also have dynamic alloca's, the stack pointer value changes

    // throughout the function. For now we store it in an alloca.

    DynamicTop = IRB.CreateAlloca(StackPtrTy, /*ArraySize=*/nullptr,

                                  "unsafe_stack_dynamic_ptr");

    IRB.CreateStore(StaticTop, DynamicTop);

  }


  // Restore current stack pointer after longjmp/exception catch.

  for (Instruction *I : StackRestorePoints) {

    ++NumUnsafeStackRestorePoints;


    IRB.SetInsertPoint(I->getNextNode());

    Value *CurrentTop =

        DynamicTop ? IRB.CreateLoad(StackPtrTy, DynamicTop) : StaticTop;

    IRB.CreateStore(CurrentTop, UnsafeStackPtr);

  }


  return DynamicTop;

}


void SafeStack::checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,

                                AllocaInst *StackGuardSlot, Value *StackGuard) {

  Value *V = IRB.CreateLoad(StackPtrTy, StackGuardSlot);

  Value *Cmp = IRB.CreateICmpNE(StackGuard, V);


  auto SuccessProb = BranchProbabilityInfo::getBranchProbStackProtector(true);

  auto FailureProb = BranchProbabilityInfo::getBranchProbStackProtector(false);

  MDNode *Weights = MDBuilder(F.getContext())

                        .createBranchWeights(SuccessProb.getNumerator(),

                                             FailureProb.getNumerator());

  Instruction *CheckTerm =

      SplitBlockAndInsertIfThen(Cmp, &RI, /* Unreachable */ true, Weights, DTU);

  IRBuilder<> IRBFail(CheckTerm);

  // FIXME: respect -fsanitize-trap / -ftrap-function here?

  FunctionCallee StackChkFail =

      F.getParent()->getOrInsertFunction("__stack_chk_fail", IRB.getVoidTy());

  IRBFail.CreateCall(StackChkFail, {});

}


/// We explicitly compute and set the unsafe stack layout for all unsafe

/// static alloca instructions. We save the unsafe "base pointer" in the

/// prologue into a local variable and restore it in the epilogue.

Value *SafeStack::moveStaticAllocasToUnsafeStack(

    IRBuilder<> &IRB, Function &F, ArrayRef<AllocaInst *> StaticAllocas,

    ArrayRef<Argument *> ByValArguments, Instruction *BasePointer,

    AllocaInst *StackGuardSlot) {

  if (StaticAllocas.empty() && ByValArguments.empty())

    return BasePointer;


  DIBuilder DIB(*F.getParent());


  StackLifetime SSC(F, StaticAllocas, StackLifetime::LivenessType::May);

  static const StackLifetime::LiveRange NoColoringRange(1, true);

  if (ClColoring)

    SSC.run();


  for (const auto *I : SSC.getMarkers()) {

    auto *Op = dyn_cast<Instruction>(I->getOperand(1));

    const_cast<IntrinsicInst *>(I)->eraseFromParent();

    // Remove the operand bitcast, too, if it has no more uses left.

    if (Op && Op->use_empty())

      Op->eraseFromParent();

  }


  // Unsafe stack always grows down.

  StackLayout SSL(StackAlignment);

  if (StackGuardSlot) {

    Type *Ty = StackGuardSlot->getAllocatedType();

    Align Align = std::max(DL.getPrefTypeAlign(Ty), StackGuardSlot->getAlign());

    SSL.addObject(StackGuardSlot, getStaticAllocaAllocationSize(StackGuardSlot),

                  Align, SSC.getFullLiveRange());

  }


  for (Argument *Arg : ByValArguments) {

    Type *Ty = Arg->getParamByValType();

    uint64_t Size = DL.getTypeStoreSize(Ty);

    if (Size == 0)

      Size = 1; // Don't create zero-sized stack objects.


    // Ensure the object is properly aligned.

    Align Align = DL.getPrefTypeAlign(Ty);

    if (auto A = Arg->getParamAlign())

      Align = std::max(Align, *A);

    SSL.addObject(Arg, Size, Align, SSC.getFullLiveRange());

  }


  for (AllocaInst *AI : StaticAllocas) {

    Type *Ty = AI->getAllocatedType();

    uint64_t Size = getStaticAllocaAllocationSize(AI);

    if (Size == 0)

      Size = 1; // Don't create zero-sized stack objects.


    // Ensure the object is properly aligned.

    Align Align = std::max(DL.getPrefTypeAlign(Ty), AI->getAlign());


    SSL.addObject(AI, Size, Align,

                  ClColoring ? SSC.getLiveRange(AI) : NoColoringRange);

  }


  SSL.computeLayout();

  Align FrameAlignment = SSL.getFrameAlignment();


  // FIXME: tell SSL that we start at a less-then-MaxAlignment aligned location

  // (AlignmentSkew).

  if (FrameAlignment > StackAlignment) {

    // Re-align the base pointer according to the max requested alignment.

    IRB.SetInsertPoint(BasePointer->getNextNode());

    BasePointer = cast<Instruction>(IRB.CreateIntToPtr(

        IRB.CreateAnd(

            IRB.CreatePtrToInt(BasePointer, IntPtrTy),

            ConstantInt::get(IntPtrTy, ~(FrameAlignment.value() - 1))),

        StackPtrTy));

  }


  IRB.SetInsertPoint(BasePointer->getNextNode());


  if (StackGuardSlot) {

    unsigned Offset = SSL.getObjectOffset(StackGuardSlot);

    Value *Off =

        IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));

    Value *NewAI =

        IRB.CreateBitCast(Off, StackGuardSlot->getType(), "StackGuardSlot");


    // Replace alloc with the new location.

    StackGuardSlot->replaceAllUsesWith(NewAI);

    StackGuardSlot->eraseFromParent();

  }


  for (Argument *Arg : ByValArguments) {

    unsigned Offset = SSL.getObjectOffset(Arg);

    MaybeAlign Align(SSL.getObjectAlignment(Arg));

    Type *Ty = Arg->getParamByValType();


    uint64_t Size = DL.getTypeStoreSize(Ty);

    if (Size == 0)

      Size = 1; // Don't create zero-sized stack objects.


    Value *Off =

        IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));

    Value *NewArg = IRB.CreateBitCast(Off, Arg->getType(),

                                      Arg->getName() + ".unsafe-byval");


    // Replace alloc with the new location.

    replaceDbgDeclare(Arg, BasePointer, DIB, DIExpression::ApplyOffset,

                      -Offset);

    Arg->replaceAllUsesWith(NewArg);

    IRB.SetInsertPoint(cast<Instruction>(NewArg)->getNextNode());

    IRB.CreateMemCpy(Off, Align, Arg, Arg->getParamAlign(), Size);

  }


  // Allocate space for every unsafe static AllocaInst on the unsafe stack.

  for (AllocaInst *AI : StaticAllocas) {

    IRB.SetInsertPoint(AI);

    unsigned Offset = SSL.getObjectOffset(AI);


    replaceDbgDeclare(AI, BasePointer, DIB, DIExpression::ApplyOffset, -Offset);

    replaceDbgValueForAlloca(AI, BasePointer, DIB, -Offset);


    // Replace uses of the alloca with the new location.

    // Insert address calculation close to each use to work around PR27844.

    std::string Name = std::string(AI->getName()) + ".unsafe";

    while (!AI->use_empty()) {

      Use &U = *AI->use_begin();

      Instruction *User = cast<Instruction>(U.getUser());


      Instruction *InsertBefore;

      if (auto *PHI = dyn_cast<PHINode>(User))

        InsertBefore = PHI->getIncomingBlock(U)->getTerminator();

      else

        InsertBefore = User;


      IRBuilder<> IRBUser(InsertBefore);

      Value *Off =

          IRBUser.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -Offset));

      Value *Replacement =

          IRBUser.CreateAddrSpaceCast(Off, AI->getType(), Name);


      if (auto *PHI = dyn_cast<PHINode>(User))

        // PHI nodes may have multiple incoming edges from the same BB (why??),

        // all must be updated at once with the same incoming value.

        PHI->setIncomingValueForBlock(PHI->getIncomingBlock(U), Replacement);

      else

        U.set(Replacement);

    }


    AI->eraseFromParent();

  }


  // Re-align BasePointer so that our callees would see it aligned as

  // expected.

  // FIXME: no need to update BasePointer in leaf functions.

  unsigned FrameSize = alignTo(SSL.getFrameSize(), StackAlignment);


  MDBuilder MDB(F.getContext());

  SmallVector<Metadata *, 2> Data;

  Data.push_back(MDB.createString("unsafe-stack-size"));

  Data.push_back(MDB.createConstant(ConstantInt::get(Int32Ty, FrameSize)));

  MDNode *MD = MDTuple::get(F.getContext(), Data);

  F.setMetadata(LLVMContext::MD_annotation, MD);


  // Update shadow stack pointer in the function epilogue.

  IRB.SetInsertPoint(BasePointer->getNextNode());


  Value *StaticTop =

      IRB.CreatePtrAdd(BasePointer, ConstantInt::get(Int32Ty, -FrameSize),

                       "unsafe_stack_static_top");

  IRB.CreateStore(StaticTop, UnsafeStackPtr);

  return StaticTop;

}


void SafeStack::moveDynamicAllocasToUnsafeStack(

    Function &F, Value *UnsafeStackPtr, AllocaInst *DynamicTop,

    ArrayRef<AllocaInst *> DynamicAllocas) {

  DIBuilder DIB(*F.getParent());


  for (AllocaInst *AI : DynamicAllocas) {

    IRBuilder<> IRB(AI);


    // Compute the new SP value (after AI).

    Value *ArraySize = AI->getArraySize();

    if (ArraySize->getType() != IntPtrTy)

      ArraySize = IRB.CreateIntCast(ArraySize, IntPtrTy, false);


    Type *Ty = AI->getAllocatedType();

    uint64_t TySize = DL.getTypeAllocSize(Ty);

    Value *Size = IRB.CreateMul(ArraySize, ConstantInt::get(IntPtrTy, TySize));


    Value *SP = IRB.CreatePtrToInt(IRB.CreateLoad(StackPtrTy, UnsafeStackPtr),

                                   IntPtrTy);

    SP = IRB.CreateSub(SP, Size);


    // Align the SP value to satisfy the AllocaInst, type and stack alignments.

    auto Align = std::max(std::max(DL.getPrefTypeAlign(Ty), AI->getAlign()),

                          StackAlignment);


    Value *NewTop = IRB.CreateIntToPtr(

        IRB.CreateAnd(SP,

                      ConstantInt::get(IntPtrTy, ~uint64_t(Align.value() - 1))),

        StackPtrTy);


    // Save the stack pointer.

    IRB.CreateStore(NewTop, UnsafeStackPtr);

    if (DynamicTop)

      IRB.CreateStore(NewTop, DynamicTop);


    Value *NewAI = IRB.CreatePointerCast(NewTop, AI->getType());

    if (AI->hasName() && isa<Instruction>(NewAI))

      NewAI->takeName(AI);


    replaceDbgDeclare(AI, NewAI, DIB, DIExpression::ApplyOffset, 0);

    AI->replaceAllUsesWith(NewAI);

    AI->eraseFromParent();

  }


  if (!DynamicAllocas.empty()) {

    // Now go through the instructions again, replacing stacksave/stackrestore.

    for (Instruction &I : llvm::make_early_inc_range(instructions(&F))) {

      auto *II = dyn_cast<IntrinsicInst>(&I);

      if (!II)

        continue;


      if (II->getIntrinsicID() == Intrinsic::stacksave) {

        IRBuilder<> IRB(II);

        Instruction *LI = IRB.CreateLoad(StackPtrTy, UnsafeStackPtr);

        LI->takeName(II);

        II->replaceAllUsesWith(LI);

        II->eraseFromParent();

      } else if (II->getIntrinsicID() == Intrinsic::stackrestore) {

        IRBuilder<> IRB(II);

        Instruction *SI = IRB.CreateStore(II->getArgOperand(0), UnsafeStackPtr);

        SI->takeName(II);

        assert(II->use_empty());

        II->eraseFromParent();

      }

    }

  }

}


bool SafeStack::ShouldInlinePointerAddress(CallInst &CI) {

  Function *Callee = CI.getCalledFunction();

  if (CI.hasFnAttr(Attribute::AlwaysInline) &&

      isInlineViable(*Callee).isSuccess())

    return true;

  if (Callee->isInterposable() || Callee->hasFnAttribute(Attribute::NoInline) ||

      CI.isNoInline())

    return false;

  return true;

}


void SafeStack::TryInlinePointerAddress() {

  auto *CI = dyn_cast<CallInst>(UnsafeStackPtr);

  if (!CI)

    return;


  if(F.hasOptNone())

    return;


  Function *Callee = CI->getCalledFunction();

  if (!Callee || Callee->isDeclaration())

    return;


  if (!ShouldInlinePointerAddress(*CI))

    return;


  InlineFunctionInfo IFI;

  InlineFunction(*CI, IFI);

}


bool SafeStack::run() {

  assert(F.hasFnAttribute(Attribute::SafeStack) &&

         "Can't run SafeStack on a function without the attribute");

  assert(!F.isDeclaration() && "Can't run SafeStack on a function declaration");


  ++NumFunctions;


  SmallVector<AllocaInst *, 16> StaticAllocas;

  SmallVector<AllocaInst *, 4> DynamicAllocas;

  SmallVector<Argument *, 4> ByValArguments;

  SmallVector<Instruction *, 4> Returns;


  // Collect all points where stack gets unwound and needs to be restored

  // This is only necessary because the runtime (setjmp and unwind code) is

  // not aware of the unsafe stack and won't unwind/restore it properly.

  // To work around this problem without changing the runtime, we insert

  // instrumentation to restore the unsafe stack pointer when necessary.

  SmallVector<Instruction *, 4> StackRestorePoints;


  // Find all static and dynamic alloca instructions that must be moved to the

  // unsafe stack, all return instructions and stack restore points.

  findInsts(F, StaticAllocas, DynamicAllocas, ByValArguments, Returns,

            StackRestorePoints);


  if (StaticAllocas.empty() && DynamicAllocas.empty() &&

      ByValArguments.empty() && StackRestorePoints.empty())

    return false; // Nothing to do in this function.


  if (!StaticAllocas.empty() || !DynamicAllocas.empty() ||

      !ByValArguments.empty())

    ++NumUnsafeStackFunctions; // This function has the unsafe stack.


  if (!StackRestorePoints.empty())

    ++NumUnsafeStackRestorePointsFunctions;


  IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt());

  // Calls must always have a debug location, or else inlining breaks. So

  // we explicitly set a artificial debug location here.

  if (DISubprogram *SP = F.getSubprogram())

    IRB.SetCurrentDebugLocation(

        DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP));

  if (SafeStackUsePointerAddress) {

    FunctionCallee Fn = F.getParent()->getOrInsertFunction(

        "__safestack_pointer_address", IRB.getPtrTy(0));

    UnsafeStackPtr = IRB.CreateCall(Fn);

  } else {

    UnsafeStackPtr = TL.getSafeStackPointerLocation(IRB);

  }


  // Load the current stack pointer (we'll also use it as a base pointer).

  // FIXME: use a dedicated register for it ?

  Instruction *BasePointer =

      IRB.CreateLoad(StackPtrTy, UnsafeStackPtr, false, "unsafe_stack_ptr");

  assert(BasePointer->getType() == StackPtrTy);


  AllocaInst *StackGuardSlot = nullptr;

  // FIXME: implement weaker forms of stack protector.

  if (F.hasFnAttribute(Attribute::StackProtect) ||

      F.hasFnAttribute(Attribute::StackProtectStrong) ||

      F.hasFnAttribute(Attribute::StackProtectReq)) {

    Value *StackGuard = getStackGuard(IRB, F);

    StackGuardSlot = IRB.CreateAlloca(StackPtrTy, nullptr);

    IRB.CreateStore(StackGuard, StackGuardSlot);


    for (Instruction *RI : Returns) {

      IRBuilder<> IRBRet(RI);

      checkStackGuard(IRBRet, F, *RI, StackGuardSlot, StackGuard);

    }

  }


  // The top of the unsafe stack after all unsafe static allocas are

  // allocated.

  Value *StaticTop = moveStaticAllocasToUnsafeStack(

      IRB, F, StaticAllocas, ByValArguments, BasePointer, StackGuardSlot);


  // Safe stack object that stores the current unsafe stack top. It is updated

  // as unsafe dynamic (non-constant-sized) allocas are allocated and freed.

  // This is only needed if we need to restore stack pointer after longjmp

  // or exceptions, and we have dynamic allocations.

  // FIXME: a better alternative might be to store the unsafe stack pointer

  // before setjmp / invoke instructions.

  AllocaInst *DynamicTop = createStackRestorePoints(

      IRB, F, StackRestorePoints, StaticTop, !DynamicAllocas.empty());


  // Handle dynamic allocas.

  moveDynamicAllocasToUnsafeStack(F, UnsafeStackPtr, DynamicTop,

                                  DynamicAllocas);


  // Restore the unsafe stack pointer before each return.

  for (Instruction *RI : Returns) {

    IRB.SetInsertPoint(RI);

    IRB.CreateStore(BasePointer, UnsafeStackPtr);

  }


  TryInlinePointerAddress();


  LLVM_DEBUG(dbgs() << "[SafeStack]     safestack applied\n");

  return true;

}


class SafeStackLegacyPass : public FunctionPass {

  const TargetMachine *TM = nullptr;


public:

  static char ID; // Pass identification, replacement for typeid..


  SafeStackLegacyPass() : FunctionPass(ID) {

    initializeSafeStackLegacyPassPass(*PassRegistry::getPassRegistry());

  }


  void getAnalysisUsage(AnalysisUsage &AU) const override {

    AU.addRequired<TargetPassConfig>();

    AU.addRequired<TargetLibraryInfoWrapperPass>();

    AU.addRequired<AssumptionCacheTracker>();

    AU.addPreserved<DominatorTreeWrapperPass>();

  }


  bool runOnFunction(Function &F) override {

    LLVM_DEBUG(dbgs() << "[SafeStack] Function: " << F.getName() << "\n");


    if (!F.hasFnAttribute(Attribute::SafeStack)) {

      LLVM_DEBUG(dbgs() << "[SafeStack]     safestack is not requested"

                           " for this function\n");

      return false;

    }


    if (F.isDeclaration()) {

      LLVM_DEBUG(dbgs() << "[SafeStack]     function definition"

                           " is not available\n");

      return false;

    }


    TM = &getAnalysis<TargetPassConfig>().getTM<TargetMachine>();

    auto *TL = TM->getSubtargetImpl(F)->getTargetLowering();

    if (!TL)

      report_fatal_error("TargetLowering instance is required");


    auto *DL = &F.getDataLayout();

    auto &TLI = getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);

    auto &ACT = getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);


    // Compute DT and LI only for functions that have the attribute.

    // This is only useful because the legacy pass manager doesn't let us

    // compute analyzes lazily.


    DominatorTree *DT;

    bool ShouldPreserveDominatorTree;

    std::optional<DominatorTree> LazilyComputedDomTree;


    // Do we already have a DominatorTree available from the previous pass?

    // Note that we should *NOT* require it, to avoid the case where we end up

    // not needing it, but the legacy PM would have computed it for us anyways.

    if (auto *DTWP = getAnalysisIfAvailable<DominatorTreeWrapperPass>()) {

      DT = &DTWP->getDomTree();

      ShouldPreserveDominatorTree = true;

    } else {

      // Otherwise, we need to compute it.

      LazilyComputedDomTree.emplace(F);

      DT = &*LazilyComputedDomTree;

      ShouldPreserveDominatorTree = false;

    }


    // Likewise, lazily compute loop info.

    LoopInfo LI(*DT);


    DomTreeUpdater DTU(DT, DomTreeUpdater::UpdateStrategy::Lazy);


    ScalarEvolution SE(F, TLI, ACT, *DT, LI);


    return SafeStack(F, *TL, *DL, ShouldPreserveDominatorTree ? &DTU : nullptr,

                     SE)

        .run();

  }

};


} // end anonymous namespace


PreservedAnalyses SafeStackPass::run(Function &F,

                                     FunctionAnalysisManager &FAM) {

  LLVM_DEBUG(dbgs() << "[SafeStack] Function: " << F.getName() << "\n");


  if (!F.hasFnAttribute(Attribute::SafeStack)) {

    LLVM_DEBUG(dbgs() << "[SafeStack]     safestack is not requested"

                         " for this function\n");

    return PreservedAnalyses::all();

  }


  if (F.isDeclaration()) {

    LLVM_DEBUG(dbgs() << "[SafeStack]     function definition"

                         " is not available\n");

    return PreservedAnalyses::all();

  }


  auto *TL = TM->getSubtargetImpl(F)->getTargetLowering();

  if (!TL)

    report_fatal_error("TargetLowering instance is required");


  auto &DL = F.getDataLayout();


  // preserve DominatorTree

  auto &DT = FAM.getResult<DominatorTreeAnalysis>(F);

  auto &SE = FAM.getResult<ScalarEvolutionAnalysis>(F);

  DomTreeUpdater DTU(DT, DomTreeUpdater::UpdateStrategy::Lazy);


  bool Changed = SafeStack(F, *TL, DL, &DTU, SE).run();


  if (!Changed)

    return PreservedAnalyses::all();

  PreservedAnalyses PA;

  PA.preserve<DominatorTreeAnalysis>();

  return PA;

}


char SafeStackLegacyPass::ID = 0;


INITIALIZE_PASS_BEGIN(SafeStackLegacyPass, DEBUG_TYPE,

                      "Safe Stack instrumentation pass", false, false)

INITIALIZE_PASS_DEPENDENCY(TargetPassConfig)

INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)

INITIALIZE_PASS_END(SafeStackLegacyPass, DEBUG_TYPE,

                    "Safe Stack instrumentation pass", false, false)


FunctionPass *llvm::createSafeStackPass() { return new SafeStackLegacyPass(); }

PHI
Rewrite undef for PHI
Definition: AMDGPURewriteUndefForPHI.cpp:100

APInt.h
This file implements a class to represent arbitrary precision integral constant values and operations...

DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: ARMSLSHardening.cpp:73

ArrayRef.h

getNextNode
VarLocInsertPt getNextNode(const DbgRecord *DVR)
Definition: AssignmentTrackingAnalysis.cpp:1497

AssumptionCache.h

instructions
Expand Atomic instructions
Definition: AtomicExpandPass.cpp:172

Attributes.h
This file contains the simple types necessary to represent the attributes associated with functions a...

BasicBlockUtils.h

BranchProbabilityInfo.h

B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")

A
static GCRegistry::Add< ErlangGC > A("erlang", "erlang-compatible garbage collector")

Casting.h

Cloning.h

ConstantRange.h

Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...

DIBuilder.h

DataLayout.h

Debug.h

LLVM_DEBUG
#define LLVM_DEBUG(...)
Definition: Debug.h:106

DerivedTypes.h

DomTreeUpdater.h

Dominators.h

Addr
uint64_t Addr
Definition: ELFObjHandler.cpp:79

Name
std::string Name
Definition: ELFObjHandler.cpp:77

Size
uint64_t Size
Definition: ELFObjHandler.cpp:81

DEBUG_TYPE
#define DEBUG_TYPE
Definition: GenericCycleImpl.h:31

pass
global merge Global merge function pass
Definition: GlobalMergeFunctions.cpp:623

IRBuilder.h

MI
IRTranslator LLVM IR MI
Definition: IRTranslator.cpp:112

Argument.h

Function.h

Instruction.h

IntrinsicInst.h

Module.h
Module.h This file contains the declarations for the Module class.

Type.h

Use.h
This defines the Use class.

Value.h

InitializePasses.h

InlineCost.h

InstIterator.h

Instructions.h

Intrinsics.h

LoopInfo.h

F
#define F(x, y, z)
Definition: MD5.cpp:55

I
#define I(x, y, z)
Definition: MD5.cpp:58

MDBuilder.h

Metadata.h
This file contains the declarations for metadata subclasses.

II
uint64_t IntrinsicInst * II
Definition: NVVMIntrRange.cpp:51

FAM
FunctionAnalysisManager FAM
Definition: PassBuilderBindings.cpp:61

INITIALIZE_PASS_DEPENDENCY
#define INITIALIZE_PASS_DEPENDENCY(depName)
Definition: PassSupport.h:55

INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:57

INITIALIZE_PASS_BEGIN
#define INITIALIZE_PASS_BEGIN(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:52

Pass.h

assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())

SafeStackLayout.h

SafeStackUsePointerAddress
static cl::opt< bool > SafeStackUsePointerAddress("safestack-use-pointer-address", cl::init(false), cl::Hidden)
Use __safestack_pointer_address even if the platform has a faster way of access safe stack pointer.

ClColoring
static cl::opt< bool > ClColoring("safe-stack-coloring", cl::desc("enable safe stack coloring"), cl::Hidden, cl::init(true))

SafeStack.h

ScalarEvolutionExpressions.h

ScalarEvolution.h

SmallPtrSet.h
This file defines the SmallPtrSet class.

SmallVector.h
This file defines the SmallVector class.

StackLifetime.h

getStackGuard
static Value * getStackGuard(const TargetLoweringBase *TLI, Module *M, IRBuilder<> &B, bool *SupportsSelectionDAGSP=nullptr)
Create a stack guard loading and populate whether SelectionDAG SSP is supported.
Definition: StackProtector.cpp:500

Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...

STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition: Statistic.h:166

TargetLibraryInfo.h

TargetLowering.h
This file describes how to lower LLVM code to machine code.

TargetPassConfig.h
Target-Independent Code Generator Pass Configuration Options pass.

TargetSubtargetInfo.h

Local.h

instrumentation
xray instrumentation
Definition: XRayInstrumentation.cpp:280

llvm::APInt
Class for arbitrary precision integers.
Definition: APInt.h:78

llvm::AllocaInst
an instruction to allocate memory on the stack
Definition: Instructions.h:63

llvm::AllocaInst::isStaticAlloca
bool isStaticAlloca() const
Return true if this alloca is in the entry block of the function and is a constant size.
Definition: Instructions.cpp:1234

llvm::AllocaInst::getAlign
Align getAlign() const
Return the alignment of the memory that is being allocated by the instruction.
Definition: Instructions.h:124

llvm::AllocaInst::getType
PointerType * getType() const
Overload to return most specific pointer type.
Definition: Instructions.h:99

llvm::AllocaInst::getAllocatedType
Type * getAllocatedType() const
Return the type that is being allocated by the instruction.
Definition: Instructions.h:117

llvm::AllocaInst::isArrayAllocation
bool isArrayAllocation() const
Return true if there is an allocation size parameter to the allocation instruction that is not 1.
Definition: Instructions.cpp:1225

llvm::AllocaInst::getArraySize
const Value * getArraySize() const
Get the number of elements allocated.
Definition: Instructions.h:95

llvm::AnalysisManager
A container for analyses that lazily runs them and caches their results.
Definition: PassManager.h:253

llvm::AnalysisManager::getResult
PassT::Result & getResult(IRUnitT &IR, ExtraArgTs... ExtraArgs)
Get the result of an analysis pass for a given IR unit.
Definition: PassManager.h:410

llvm::AnalysisUsage
Represent the analysis usage information of a pass.
Definition: PassAnalysisSupport.h:47

llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition: PassAnalysisSupport.h:75

llvm::AnalysisUsage::addPreserved
AnalysisUsage & addPreserved()
Add the specified Pass class to the set of analyses preserved by this pass.
Definition: PassAnalysisSupport.h:98

llvm::Argument
This class represents an incoming formal argument to a Function.
Definition: Argument.h:31

llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition: ArrayRef.h:41

llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition: ArrayRef.h:163

llvm::AssumptionCacheTracker
An immutable pass that tracks lazily created AssumptionCache objects.
Definition: AssumptionCache.h:204

llvm::BranchProbabilityInfo::getBranchProbStackProtector
static BranchProbability getBranchProbStackProtector(bool IsLikely)
Definition: BranchProbabilityInfo.h:201

llvm::CallBase
Base class for all callable instructions (InvokeInst and CallInst) Holds everything related to callin...
Definition: InstrTypes.h:1112

llvm::CallBase::doesNotCapture
bool doesNotCapture(unsigned OpNo) const
Determine whether this data operand is not captured.
Definition: InstrTypes.h:1669

llvm::CallBase::getCalledFunction
Function * getCalledFunction() const
Returns the function called, or null if this is an indirect function invocation or the function signa...
Definition: InstrTypes.h:1341

llvm::CallBase::doesNotAccessMemory
bool doesNotAccessMemory(unsigned OpNo) const
Definition: InstrTypes.h:1715

llvm::CallBase::hasFnAttr
bool hasFnAttr(Attribute::AttrKind Kind) const
Determine whether this call has the given attribute.
Definition: InstrTypes.h:1451

llvm::CallBase::arg_begin
User::op_iterator arg_begin()
Return the iterator pointing to the beginning of the argument list.
Definition: InstrTypes.h:1261

llvm::CallBase::isNoInline
bool isNoInline() const
Return true if the call should not be inlined.
Definition: InstrTypes.h:1884

llvm::CallBase::arg_end
User::op_iterator arg_end()
Return the iterator pointing to the end of the argument list.
Definition: InstrTypes.h:1267

llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition: Instructions.h:1479

llvm::ConstantRange
This class represents a range of values.
Definition: ConstantRange.h:47

llvm::ConstantRange::add
ConstantRange add(const ConstantRange &Other) const
Return a new range representing the possible values resulting from an addition of a value in this ran...
Definition: ConstantRange.cpp:1067

llvm::ConstantRange::contains
bool contains(const APInt &Val) const
Return true if the specified value is in the set.
Definition: ConstantRange.cpp:507

llvm::DIBuilder
Definition: DIBuilder.h:45

llvm::DIExpression::ApplyOffset
@ ApplyOffset
Definition: DebugInfoMetadata.h:3044

llvm::DISubprogram
Subprogram description.
Definition: DebugInfoMetadata.h:1710

llvm::DWARFExpression::Operation
This class represents an Operation in the Expression.
Definition: DWARFExpression.h:32

llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition: DataLayout.h:63

llvm::DomTreeUpdater
Definition: DomTreeUpdater.h:30

llvm::DominatorTreeAnalysis
Analysis pass which computes a DominatorTree.
Definition: Dominators.h:279

llvm::DominatorTreeWrapperPass
Legacy analysis pass which computes a DominatorTree.
Definition: Dominators.h:317

llvm::DominatorTree
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree.
Definition: Dominators.h:162

llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:170

llvm::FunctionPass
FunctionPass class - This class is used to implement most global optimizations.
Definition: Pass.h:310

llvm::FunctionPass::runOnFunction
virtual bool runOnFunction(Function &F)=0
runOnFunction - Virtual method overriden by subclasses to do the per-function processing of the pass.

llvm::Function
Definition: Function.h:63

llvm::IRBuilderBase::CreateAlloca
AllocaInst * CreateAlloca(Type *Ty, unsigned AddrSpace, Value *ArraySize=nullptr, const Twine &Name="")
Definition: IRBuilder.h:1781

llvm::IRBuilderBase::CreatePointerCast
Value * CreatePointerCast(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2199

llvm::IRBuilderBase::CreateIntToPtr
Value * CreateIntToPtr(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2147

llvm::IRBuilderBase::CreatePtrAdd
Value * CreatePtrAdd(Value *Ptr, Value *Offset, const Twine &Name="", GEPNoWrapFlags NW=GEPNoWrapFlags::none())
Definition: IRBuilder.h:1987

llvm::IRBuilderBase::SetCurrentDebugLocation
void SetCurrentDebugLocation(DebugLoc L)
Set location information used by debugging information.
Definition: IRBuilder.h:239

llvm::IRBuilderBase::CreateICmpNE
Value * CreateICmpNE(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:2274

llvm::IRBuilderBase::CreateIntrinsic
CallInst * CreateIntrinsic(Intrinsic::ID ID, ArrayRef< Type * > Types, ArrayRef< Value * > Args, FMFSource FMFSource={}, const Twine &Name="")
Create a call to intrinsic ID with Args, mangled using Types.
Definition: IRBuilder.cpp:900

llvm::IRBuilderBase::CreateSub
Value * CreateSub(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition: IRBuilder.h:1387

llvm::IRBuilderBase::CreateBitCast
Value * CreateBitCast(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2152

llvm::IRBuilderBase::CreateLoad
LoadInst * CreateLoad(Type *Ty, Value *Ptr, const char *Name)
Provided to resolve 'CreateLoad(Ty, Ptr, "...")' correctly, instead of converting the string to 'bool...
Definition: IRBuilder.h:1798

llvm::IRBuilderBase::CreateAnd
Value * CreateAnd(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:1518

llvm::IRBuilderBase::CreateStore
StoreInst * CreateStore(Value *Val, Value *Ptr, bool isVolatile=false)
Definition: IRBuilder.h:1811

llvm::IRBuilderBase::CreatePtrToInt
Value * CreatePtrToInt(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2142

llvm::IRBuilderBase::CreateCall
CallInst * CreateCall(FunctionType *FTy, Value *Callee, ArrayRef< Value * > Args={}, const Twine &Name="", MDNode *FPMathTag=nullptr)
Definition: IRBuilder.h:2449

llvm::IRBuilderBase::getPtrTy
PointerType * getPtrTy(unsigned AddrSpace=0)
Fetch the type representing a pointer.
Definition: IRBuilder.h:588

llvm::IRBuilderBase::CreateIntCast
Value * CreateIntCast(Value *V, Type *DestTy, bool isSigned, const Twine &Name="")
Definition: IRBuilder.h:2225

llvm::IRBuilderBase::SetInsertPoint
void SetInsertPoint(BasicBlock *TheBB)
This specifies that created instructions should be appended to the end of the specified block.
Definition: IRBuilder.h:199

llvm::IRBuilderBase::getVoidTy
Type * getVoidTy()
Fetch the type representing void.
Definition: IRBuilder.h:583

llvm::IRBuilderBase::CreateMemCpy
CallInst * CreateMemCpy(Value *Dst, MaybeAlign DstAlign, Value *Src, MaybeAlign SrcAlign, uint64_t Size, bool isVolatile=false, MDNode *TBAATag=nullptr, MDNode *TBAAStructTag=nullptr, MDNode *ScopeTag=nullptr, MDNode *NoAliasTag=nullptr)
Create and insert a memcpy between the specified pointers.
Definition: IRBuilder.h:677

llvm::IRBuilderBase::CreateMul
Value * CreateMul(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition: IRBuilder.h:1404

llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition: IRBuilder.h:2705

llvm::InlineFunctionInfo
This class captures the data input to the InlineFunction call, and records the auxiliary results prod...
Definition: Cloning.h:255

llvm::InlineResult::isSuccess
bool isSuccess() const
Definition: InlineCost.h:188

llvm::Instruction
Definition: Instruction.h:68

llvm::Instruction::eraseFromParent
InstListType::iterator eraseFromParent()
This method unlinks 'this' from the containing basic block and deletes it.
Definition: Instruction.cpp:94

llvm::IntrinsicInst
A wrapper class for inspecting calls to intrinsic functions.
Definition: IntrinsicInst.h:48

llvm::LoopInfo
Definition: LoopInfo.h:407

llvm::MDBuilder
Definition: MDBuilder.h:36

llvm::MDBuilder::createBranchWeights
MDNode * createBranchWeights(uint32_t TrueWeight, uint32_t FalseWeight, bool IsExpected=false)
Return metadata containing two branch weights.
Definition: MDBuilder.cpp:37

llvm::MDNode
Metadata node.
Definition: Metadata.h:1073

llvm::MDTuple::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition: Metadata.h:1506

llvm::MemIntrinsic
This is the common base class for memset/memcpy/memmove.
Definition: IntrinsicInst.h:1205

llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65

llvm::PassRegistry::getPassRegistry
static PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition: PassRegistry.cpp:24

llvm::Pass::getAnalysisUsage
virtual void getAnalysisUsage(AnalysisUsage &) const
getAnalysisUsage - This function should be overriden by passes that need analysis information to do t...
Definition: Pass.cpp:98

llvm::PreservedAnalyses
A set of analyses that are preserved following a run of a transformation pass.
Definition: Analysis.h:111

llvm::PreservedAnalyses::all
static PreservedAnalyses all()
Construct a special preserved set that preserves all passes.
Definition: Analysis.h:117

llvm::PreservedAnalyses::preserve
void preserve()
Mark an analysis as preserved.
Definition: Analysis.h:131

llvm::SCEV
This class represents an analyzed expression in the program.
Definition: ScalarEvolution.h:71

llvm::SCEV::getType
Type * getType() const
Return the LLVM type of this SCEV expression.
Definition: ScalarEvolution.cpp:386

llvm::SafeStackPass::run
PreservedAnalyses run(Function &F, FunctionAnalysisManager &FAM)
Definition: SafeStack.cpp:929

llvm::ScalarEvolutionAnalysis
Analysis pass that exposes the ScalarEvolution for a function.
Definition: ScalarEvolution.h:2320

llvm::ScalarEvolution
The main scalar evolution driver.
Definition: ScalarEvolution.h:447

llvm::SmallPtrSetImpl::insert
std::pair< iterator, bool > insert(PtrType Ptr)
Inserts Ptr if and only if there is no element in the container equal to Ptr.
Definition: SmallPtrSet.h:384

llvm::SmallPtrSet
SmallPtrSet - This class implements a set which is optimized for holding SmallSize or less elements.
Definition: SmallPtrSet.h:519

llvm::SmallVectorBase::empty
bool empty() const
Definition: SmallVector.h:81

llvm::SmallVectorImpl
This class consists of common code factored out of the SmallVector class to reduce code duplication b...
Definition: SmallVector.h:573

llvm::SmallVectorImpl::pop_back_val
T pop_back_val()
Definition: SmallVector.h:673

llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition: SmallVector.h:413

llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1196

llvm::StackLifetime::LiveRange
This class represents a set of interesting instructions where an alloca is live.
Definition: StackLifetime.h:63

llvm::StackLifetime
Compute live ranges of allocas.
Definition: StackLifetime.h:37

llvm::TargetLibraryInfoWrapperPass
Definition: TargetLibraryInfo.h:639

llvm::TargetLoweringBase
This base class for TargetLowering contains the SelectionDAG-independent parts that can be used from ...
Definition: TargetLowering.h:195

llvm::TargetMachine
Primary interface to the complete machine description for the target machine.
Definition: TargetMachine.h:77

llvm::TargetPassConfig
Target-Independent Code Generator Pass Configuration Options.
Definition: TargetPassConfig.h:85

llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45

llvm::Use
A Use represents the edge between a Value definition and its users.
Definition: Use.h:43

llvm::User
Definition: User.h:44

llvm::Value
LLVM Value Representation.
Definition: Value.h:74

llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:255

llvm::Value::replaceAllUsesWith
void replaceAllUsesWith(Value *V)
Change all uses of this to point to a new Value.
Definition: Value.cpp:534

llvm::Value::use_begin
use_iterator use_begin()
Definition: Value.h:360

llvm::Value::use_empty
bool use_empty() const
Definition: Value.h:344

llvm::Value::getContext
LLVMContext & getContext() const
All values hold a context through their type.
Definition: Value.cpp:1075

llvm::Value::hasName
bool hasName() const
Definition: Value.h:261

llvm::Value::getName
StringRef getName() const
Return a constant reference to the value's name.
Definition: Value.cpp:309

llvm::Value::takeName
void takeName(Value *V)
Transfer the name from V to this value.
Definition: Value.cpp:383

llvm::cl::opt
Definition: CommandLine.h:1423

llvm::ilist_node_with_parent::getNextNode
NodeTy * getNextNode()
Get the next node, or nullptr for the list tail.
Definition: ilist_node.h:353

llvm::safestack::StackLayout
Compute the layout of an unsafe stack frame.
Definition: SafeStackLayout.h:25

uint64_t

unsigned

ErrorHandling.h

TargetMachine.h

false
Definition: StackSlotColoring.cpp:193

llvm::AMDGPU::IsaInfo::TargetIDSetting::Off
@ Off

llvm::ARM::ProfileKind::M
@ M

llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition: CallingConv.h:34

llvm::CallingConv::ID
unsigned ID
LLVM IR allows to use arbitrary numbers as calling convention identifiers.
Definition: CallingConv.h:24

llvm::M68k::MemAddrModeKind::U
@ U

llvm::M68k::MemAddrModeKind::V
@ V

llvm::SIEncodingFamily::SI
@ SI
Definition: SIDefines.h:36

llvm::SystemZISD::TM
@ TM
Definition: SystemZISelLowering.h:66

llvm::X86::FirstMacroFusionInstKind::Cmp
@ Cmp

llvm::cl::Hidden
@ Hidden
Definition: CommandLine.h:137

llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition: CommandLine.h:443

llvm::dxil::PointerTypeAnalysis::run
PointerTypeMap run(const Module &M)
Compute the PointerTypeMap for the module M.
Definition: PointerTypeAnalysis.cpp:191

llvm::omp::RTLDependInfoFields::Len
@ Len

llvm::pdb::PDB_SymType::Callee
@ Callee

llvm::safestack
Definition: SafeStackLayout.h:22

llvm::sampleprof::Base
@ Base
Definition: Discriminator.h:58

llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18

llvm::Offset
@ Offset
Definition: DWP.cpp:480

llvm::createSafeStackPass
FunctionPass * createSafeStackPass()
This pass splits the stack into a safe stack and an unsafe stack to protect against stack-based overf...
Definition: SafeStack.cpp:974

llvm::make_early_inc_range
iterator_range< early_inc_iterator_impl< detail::IterOfRange< RangeT > > > make_early_inc_range(RangeT &&Range)
Make a range that does early increment to allow mutation of the underlying range without disrupting i...
Definition: STLExtras.h:657

llvm::isInlineViable
InlineResult isInlineViable(Function &Callee)
Minimal filter to detect invalid constructs for inlining.
Definition: InlineCost.cpp:3130

llvm::dbgs
raw_ostream & dbgs()
dbgs() - This returns a reference to a raw_ostream for debugging messages.
Definition: Debug.cpp:163

llvm::report_fatal_error
void report_fatal_error(Error Err, bool gen_crash_diag=true)
Report a serious error, calling any installed error handler.
Definition: Error.cpp:167

llvm::alignTo
uint64_t alignTo(uint64_t Size, Align A)
Returns a multiple of A needed to store Size bytes.
Definition: Alignment.h:155

llvm::initializeSafeStackLegacyPassPass
void initializeSafeStackLegacyPassPass(PassRegistry &)

llvm::InlineFunction
InlineResult InlineFunction(CallBase &CB, InlineFunctionInfo &IFI, bool MergeAttributes=false, AAResults *CalleeAAR=nullptr, bool InsertLifetime=true, Function *ForwardVarArgsTo=nullptr)
This function inlines the called function into the basic block of the caller.
Definition: InlineFunction.cpp:2459

llvm::replaceDbgValueForAlloca
void replaceDbgValueForAlloca(AllocaInst *AI, Value *NewAllocaAddress, DIBuilder &Builder, int Offset=0)
Replaces multiple llvm.dbg.value instructions when the alloca it describes is replaced with a new val...
Definition: Local.cpp:2253

llvm::BitWidth
constexpr unsigned BitWidth
Definition: BitmaskEnum.h:217

llvm::SplitBlockAndInsertIfThen
Instruction * SplitBlockAndInsertIfThen(Value *Cond, BasicBlock::iterator SplitBefore, bool Unreachable, MDNode *BranchWeights=nullptr, DomTreeUpdater *DTU=nullptr, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition: BasicBlockUtils.cpp:1609

llvm::replaceDbgDeclare
bool replaceDbgDeclare(Value *Address, Value *NewAddress, DIBuilder &Builder, uint8_t DIExprFlags, int Offset)
Replaces llvm.dbg.declare instruction when the address it describes is replaced with a new value.
Definition: Local.cpp:2204

raw_ostream.h

llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition: Alignment.h:39

llvm::Align::value
uint64_t value() const
This is a hole in the type system and should not be abused.
Definition: Alignment.h:85

llvm::MaybeAlign
This struct is a compact representation of a valid (power of two) or undefined (0) alignment.
Definition: Alignment.h:117

llvm::cl::desc
Definition: CommandLine.h:409