doxygen/SafeStack_8cpp_source.html

//===- SafeStack.cpp - Safe Stack Insertion -------------------------------===//

//

// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.

// See https://llvm.org/LICENSE.txt for license information.

// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception

//

//===----------------------------------------------------------------------===//

//

// This pass splits the stack into the safe stack (kept as-is for LLVM backend)

// and the unsafe stack (explicitly allocated and managed through the runtime

// support library).

//

// http://clang.llvm.org/docs/SafeStack.html

//

//===----------------------------------------------------------------------===//


#include "SafeStackLayout.h"

#include "llvm/ADT/APInt.h"

#include "llvm/ADT/ArrayRef.h"

#include "llvm/ADT/SmallPtrSet.h"

#include "llvm/ADT/SmallVector.h"

#include "llvm/ADT/Statistic.h"

#include "llvm/Analysis/AssumptionCache.h"

#include "llvm/Analysis/BranchProbabilityInfo.h"

#include "llvm/Analysis/DomTreeUpdater.h"

#include "llvm/Analysis/InlineCost.h"

#include "llvm/Analysis/LoopInfo.h"

#include "llvm/Analysis/ScalarEvolution.h"

#include "llvm/Analysis/ScalarEvolutionExpressions.h"

#include "llvm/Analysis/StackLifetime.h"

#include "llvm/Analysis/TargetLibraryInfo.h"

#include "llvm/CodeGen/TargetLowering.h"

#include "llvm/CodeGen/TargetPassConfig.h"

#include "llvm/CodeGen/TargetSubtargetInfo.h"

#include "llvm/IR/Argument.h"

#include "llvm/IR/Attributes.h"

#include "llvm/IR/ConstantRange.h"

#include "llvm/IR/Constants.h"

#include "llvm/IR/DIBuilder.h"

#include "llvm/IR/DataLayout.h"

#include "llvm/IR/DerivedTypes.h"

#include "llvm/IR/Dominators.h"

#include "llvm/IR/Function.h"

#include "llvm/IR/IRBuilder.h"

#include "llvm/IR/InstIterator.h"

#include "llvm/IR/Instruction.h"

#include "llvm/IR/Instructions.h"

#include "llvm/IR/IntrinsicInst.h"

#include "llvm/IR/Intrinsics.h"

#include "llvm/IR/MDBuilder.h"

#include "llvm/IR/Metadata.h"

#include "llvm/IR/Module.h"

#include "llvm/IR/Type.h"

#include "llvm/IR/Use.h"

#include "llvm/IR/Value.h"

#include "llvm/InitializePasses.h"

#include "llvm/Pass.h"

#include "llvm/Support/Casting.h"

#include "llvm/Support/Debug.h"

#include "llvm/Support/ErrorHandling.h"

#include "llvm/Support/MathExtras.h"

#include "llvm/Support/raw_ostream.h"

#include "llvm/Target/TargetMachine.h"

#include "llvm/Transforms/Utils/BasicBlockUtils.h"

#include "llvm/Transforms/Utils/Cloning.h"

#include "llvm/Transforms/Utils/Local.h"

#include <algorithm>

#include <cassert>

#include <cstdint>

#include <optional>

#include <string>

#include <utility>


using namespace llvm;

using namespace llvm::safestack;


#define DEBUG_TYPE "safe-stack"


namespace llvm {


STATISTIC(NumFunctions, "Total number of functions");

STATISTIC(NumUnsafeStackFunctions, "Number of functions with unsafe stack");

STATISTIC(NumUnsafeStackRestorePointsFunctions,

          "Number of functions that use setjmp or exceptions");


STATISTIC(NumAllocas, "Total number of allocas");

STATISTIC(NumUnsafeStaticAllocas, "Number of unsafe static allocas");

STATISTIC(NumUnsafeDynamicAllocas, "Number of unsafe dynamic allocas");

STATISTIC(NumUnsafeByValArguments, "Number of unsafe byval arguments");

STATISTIC(NumUnsafeStackRestorePoints, "Number of setjmps and landingpads");


} // namespace llvm


/// Use __safestack_pointer_address even if the platform has a faster way of

/// access safe stack pointer.

static cl::opt<bool>

    SafeStackUsePointerAddress("safestack-use-pointer-address",

                                  cl::init(false), cl::Hidden);


static cl::opt<bool> ClColoring("safe-stack-coloring",

                                cl::desc("enable safe stack coloring"),

                                cl::Hidden, cl::init(true));


namespace {


/// The SafeStack pass splits the stack of each function into the safe

/// stack, which is only accessed through memory safe dereferences (as

/// determined statically), and the unsafe stack, which contains all

/// local variables that are accessed in ways that we can't prove to

/// be safe.

class SafeStack {

  Function &F;

  const TargetLoweringBase &TL;

  const DataLayout &DL;

  DomTreeUpdater *DTU;

  ScalarEvolution &SE;


  Type *StackPtrTy;

  Type *IntPtrTy;

  Type *Int32Ty;

  Type *Int8Ty;


  Value *UnsafeStackPtr = nullptr;


  /// Unsafe stack alignment. Each stack frame must ensure that the stack is

  /// aligned to this value. We need to re-align the unsafe stack if the

  /// alignment of any object on the stack exceeds this value.

  ///

  /// 16 seems like a reasonable upper bound on the alignment of objects that we

  /// might expect to appear on the stack on most common targets.

  static constexpr Align StackAlignment = Align::Constant<16>();


  /// Return the value of the stack canary.

  Value *getStackGuard(IRBuilder<> &IRB, Function &F);


  /// Load stack guard from the frame and check if it has changed.

  void checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,

                       AllocaInst *StackGuardSlot, Value *StackGuard);


  /// Find all static allocas, dynamic allocas, return instructions and

  /// stack restore points (exception unwind blocks and setjmp calls) in the

  /// given function and append them to the respective vectors.

  void findInsts(Function &F, SmallVectorImpl<AllocaInst *> &StaticAllocas,

                 SmallVectorImpl<AllocaInst *> &DynamicAllocas,

                 SmallVectorImpl<Argument *> &ByValArguments,

                 SmallVectorImpl<Instruction *> &Returns,

                 SmallVectorImpl<Instruction *> &StackRestorePoints);


  /// Calculate the allocation size of a given alloca. Returns 0 if the

  /// size can not be statically determined.

  uint64_t getStaticAllocaAllocationSize(const AllocaInst* AI);


  /// Allocate space for all static allocas in \p StaticAllocas,

  /// replace allocas with pointers into the unsafe stack.

  ///

  /// \returns A pointer to the top of the unsafe stack after all unsafe static

  /// allocas are allocated.

  Value *moveStaticAllocasToUnsafeStack(IRBuilder<> &IRB, Function &F,

                                        ArrayRef<AllocaInst *> StaticAllocas,

                                        ArrayRef<Argument *> ByValArguments,

                                        Instruction *BasePointer,

                                        AllocaInst *StackGuardSlot);


  /// Generate code to restore the stack after all stack restore points

  /// in \p StackRestorePoints.

  ///

  /// \returns A local variable in which to maintain the dynamic top of the

  /// unsafe stack if needed.

  AllocaInst *

  createStackRestorePoints(IRBuilder<> &IRB, Function &F,

                           ArrayRef<Instruction *> StackRestorePoints,

                           Value *StaticTop, bool NeedDynamicTop);


  /// Replace all allocas in \p DynamicAllocas with code to allocate

  /// space dynamically on the unsafe stack and store the dynamic unsafe stack

  /// top to \p DynamicTop if non-null.

  void moveDynamicAllocasToUnsafeStack(Function &F, Value *UnsafeStackPtr,

                                       AllocaInst *DynamicTop,

                                       ArrayRef<AllocaInst *> DynamicAllocas);


  bool IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize);


  bool IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,

                          const Value *AllocaPtr, uint64_t AllocaSize);

  bool IsAccessSafe(Value *Addr, uint64_t Size, const Value *AllocaPtr,

                    uint64_t AllocaSize);


  bool ShouldInlinePointerAddress(CallInst &CI);

  void TryInlinePointerAddress();


public:

  SafeStack(Function &F, const TargetLoweringBase &TL, const DataLayout &DL,

            DomTreeUpdater *DTU, ScalarEvolution &SE)

      : F(F), TL(TL), DL(DL), DTU(DTU), SE(SE),

        StackPtrTy(Type::getInt8PtrTy(F.getContext())),

        IntPtrTy(DL.getIntPtrType(F.getContext())),

        Int32Ty(Type::getInt32Ty(F.getContext())),

        Int8Ty(Type::getInt8Ty(F.getContext())) {}


  // Run the transformation on the associated function.

  // Returns whether the function was changed.

  bool run();

};


constexpr Align SafeStack::StackAlignment;


uint64_t SafeStack::getStaticAllocaAllocationSize(const AllocaInst* AI) {

  uint64_t Size = DL.getTypeAllocSize(AI->getAllocatedType());

  if (AI->isArrayAllocation()) {

    auto C = dyn_cast<ConstantInt>(AI->getArraySize());

    if (!C)

      return 0;

    Size *= C->getZExtValue();

  }

  return Size;

}


bool SafeStack::IsAccessSafe(Value *Addr, uint64_t AccessSize,

                             const Value *AllocaPtr, uint64_t AllocaSize) {

  const SCEV *AddrExpr = SE.getSCEV(Addr);

  const auto *Base = dyn_cast<SCEVUnknown>(SE.getPointerBase(AddrExpr));

  if (!Base || Base->getValue() != AllocaPtr) {

    LLVM_DEBUG(

        dbgs() << "[SafeStack] "

               << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")

               << *AllocaPtr << "\n"

               << "SCEV " << *AddrExpr << " not directly based on alloca\n");

    return false;

  }


  const SCEV *Expr = SE.removePointerBase(AddrExpr);

  uint64_t BitWidth = SE.getTypeSizeInBits(Expr->getType());

  ConstantRange AccessStartRange = SE.getUnsignedRange(Expr);

  ConstantRange SizeRange =

      ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AccessSize));

  ConstantRange AccessRange = AccessStartRange.add(SizeRange);

  ConstantRange AllocaRange =

      ConstantRange(APInt(BitWidth, 0), APInt(BitWidth, AllocaSize));

  bool Safe = AllocaRange.contains(AccessRange);


  LLVM_DEBUG(

      dbgs() << "[SafeStack] "

             << (isa<AllocaInst>(AllocaPtr) ? "Alloca " : "ByValArgument ")

             << *AllocaPtr << "\n"

             << "            Access " << *Addr << "\n"

             << "            SCEV " << *Expr

             << " U: " << SE.getUnsignedRange(Expr)

             << ", S: " << SE.getSignedRange(Expr) << "\n"

             << "            Range " << AccessRange << "\n"

             << "            AllocaRange " << AllocaRange << "\n"

             << "            " << (Safe ? "safe" : "unsafe") << "\n");


  return Safe;

}


bool SafeStack::IsMemIntrinsicSafe(const MemIntrinsic *MI, const Use &U,

                                   const Value *AllocaPtr,

                                   uint64_t AllocaSize) {

  if (auto MTI = dyn_cast<MemTransferInst>(MI)) {

    if (MTI->getRawSource() != U && MTI->getRawDest() != U)

      return true;

  } else {

    if (MI->getRawDest() != U)

      return true;

  }


  const auto *Len = dyn_cast<ConstantInt>(MI->getLength());

  // Non-constant size => unsafe. FIXME: try SCEV getRange.

  if (!Len) return false;

  return IsAccessSafe(U, Len->getZExtValue(), AllocaPtr, AllocaSize);

}


/// Check whether a given allocation must be put on the safe

/// stack or not. The function analyzes all uses of AI and checks whether it is

/// only accessed in a memory safe way (as decided statically).

bool SafeStack::IsSafeStackAlloca(const Value *AllocaPtr, uint64_t AllocaSize) {

  // Go through all uses of this alloca and check whether all accesses to the

  // allocated object are statically known to be memory safe and, hence, the

  // object can be placed on the safe stack.

  SmallPtrSet<const Value *, 16> Visited;

  SmallVector<const Value *, 8> WorkList;

  WorkList.push_back(AllocaPtr);


  // A DFS search through all uses of the alloca in bitcasts/PHI/GEPs/etc.

  while (!WorkList.empty()) {

    const Value *V = WorkList.pop_back_val();

    for (const Use &UI : V->uses()) {

      auto I = cast<const Instruction>(UI.getUser());

      assert(V == UI.get());


      switch (I->getOpcode()) {

      case Instruction::Load:

        if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getType()), AllocaPtr,

                          AllocaSize))

          return false;

        break;


      case Instruction::VAArg:

        // "va-arg" from a pointer is safe.

        break;

      case Instruction::Store:

        if (V == I->getOperand(0)) {

          // Stored the pointer - conservatively assume it may be unsafe.

          LLVM_DEBUG(dbgs()

                     << "[SafeStack] Unsafe alloca: " << *AllocaPtr

                     << "\n            store of address: " << *I << "\n");

          return false;

        }


        if (!IsAccessSafe(UI, DL.getTypeStoreSize(I->getOperand(0)->getType()),

                          AllocaPtr, AllocaSize))

          return false;

        break;


      case Instruction::Ret:

        // Information leak.

        return false;


      case Instruction::Call:

      case Instruction::Invoke: {

        const CallBase &CS = *cast<CallBase>(I);


        if (I->isLifetimeStartOrEnd())

          continue;


        if (const MemIntrinsic *MI = dyn_cast<MemIntrinsic>(I)) {

          if (!IsMemIntrinsicSafe(MI, UI, AllocaPtr, AllocaSize)) {

            LLVM_DEBUG(dbgs()

                       << "[SafeStack] Unsafe alloca: " << *AllocaPtr

                       << "\n            unsafe memintrinsic: " << *I << "\n");

            return false;

          }

          continue;

        }


        // LLVM 'nocapture' attribute is only set for arguments whose address

        // is not stored, passed around, or used in any other non-trivial way.

        // We assume that passing a pointer to an object as a 'nocapture

        // readnone' argument is safe.

        // FIXME: a more precise solution would require an interprocedural

        // analysis here, which would look at all uses of an argument inside

        // the function being called.

        auto B = CS.arg_begin(), E = CS.arg_end();

        for (const auto *A = B; A != E; ++A)

          if (A->get() == V)

            if (!(CS.doesNotCapture(A - B) && (CS.doesNotAccessMemory(A - B) ||

                                               CS.doesNotAccessMemory()))) {

              LLVM_DEBUG(dbgs() << "[SafeStack] Unsafe alloca: " << *AllocaPtr

                                << "\n            unsafe call: " << *I << "\n");

              return false;

            }

        continue;

      }


      default:

        if (Visited.insert(I).second)

          WorkList.push_back(cast<const Instruction>(I));

      }

    }

  }


  // All uses of the alloca are safe, we can place it on the safe stack.

  return true;

}


Value *SafeStack::getStackGuard(IRBuilder<> &IRB, Function &F) {

  Value *StackGuardVar = TL.getIRStackGuard(IRB);

  Module *M = F.getParent();


  if (!StackGuardVar) {

    TL.insertSSPDeclarations(*M);

    return IRB.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackguard));

  }


  return IRB.CreateLoad(StackPtrTy, StackGuardVar, "StackGuard");

}


void SafeStack::findInsts(Function &F,

                          SmallVectorImpl<AllocaInst *> &StaticAllocas,

                          SmallVectorImpl<AllocaInst *> &DynamicAllocas,

                          SmallVectorImpl<Argument *> &ByValArguments,

                          SmallVectorImpl<Instruction *> &Returns,

                          SmallVectorImpl<Instruction *> &StackRestorePoints) {

  for (Instruction &I : instructions(&F)) {

    if (auto AI = dyn_cast<AllocaInst>(&I)) {

      ++NumAllocas;


      uint64_t Size = getStaticAllocaAllocationSize(AI);

      if (IsSafeStackAlloca(AI, Size))

        continue;


      if (AI->isStaticAlloca()) {

        ++NumUnsafeStaticAllocas;

        StaticAllocas.push_back(AI);

      } else {

        ++NumUnsafeDynamicAllocas;

        DynamicAllocas.push_back(AI);

      }

    } else if (auto RI = dyn_cast<ReturnInst>(&I)) {

      if (CallInst *CI = I.getParent()->getTerminatingMustTailCall())

        Returns.push_back(CI);

      else

        Returns.push_back(RI);

    } else if (auto CI = dyn_cast<CallInst>(&I)) {

      // setjmps require stack restore.

      if (CI->getCalledFunction() && CI->canReturnTwice())

        StackRestorePoints.push_back(CI);

    } else if (auto LP = dyn_cast<LandingPadInst>(&I)) {

      // Exception landing pads require stack restore.

      StackRestorePoints.push_back(LP);

    } else if (auto II = dyn_cast<IntrinsicInst>(&I)) {

      if (II->getIntrinsicID() == Intrinsic::gcroot)

        report_fatal_error(

            "gcroot intrinsic not compatible with safestack attribute");

    }

  }

  for (Argument &Arg : F.args()) {

    if (!Arg.hasByValAttr())

      continue;

    uint64_t Size = DL.getTypeStoreSize(Arg.getParamByValType());

    if (IsSafeStackAlloca(&Arg, Size))

      continue;


    ++NumUnsafeByValArguments;

    ByValArguments.push_back(&Arg);

  }

}


AllocaInst *

SafeStack::createStackRestorePoints(IRBuilder<> &IRB, Function &F,

                                    ArrayRef<Instruction *> StackRestorePoints,

                                    Value *StaticTop, bool NeedDynamicTop) {

  assert(StaticTop && "The stack top isn't set.");


  if (StackRestorePoints.empty())

    return nullptr;


  // We need the current value of the shadow stack pointer to restore

  // after longjmp or exception catching.


  // FIXME: On some platforms this could be handled by the longjmp/exception

  // runtime itself.


  AllocaInst *DynamicTop = nullptr;

  if (NeedDynamicTop) {

    // If we also have dynamic alloca's, the stack pointer value changes

    // throughout the function. For now we store it in an alloca.

    DynamicTop = IRB.CreateAlloca(StackPtrTy, /*ArraySize=*/nullptr,

                                  "unsafe_stack_dynamic_ptr");

    IRB.CreateStore(StaticTop, DynamicTop);

  }


  // Restore current stack pointer after longjmp/exception catch.

  for (Instruction *I : StackRestorePoints) {

    ++NumUnsafeStackRestorePoints;


    IRB.SetInsertPoint(I->getNextNode());

    Value *CurrentTop =

        DynamicTop ? IRB.CreateLoad(StackPtrTy, DynamicTop) : StaticTop;

    IRB.CreateStore(CurrentTop, UnsafeStackPtr);

  }


  return DynamicTop;

}


void SafeStack::checkStackGuard(IRBuilder<> &IRB, Function &F, Instruction &RI,

                                AllocaInst *StackGuardSlot, Value *StackGuard) {

  Value *V = IRB.CreateLoad(StackPtrTy, StackGuardSlot);

  Value *Cmp = IRB.CreateICmpNE(StackGuard, V);


  auto SuccessProb = BranchProbabilityInfo::getBranchProbStackProtector(true);

  auto FailureProb = BranchProbabilityInfo::getBranchProbStackProtector(false);

  MDNode *Weights = MDBuilder(F.getContext())

                        .createBranchWeights(SuccessProb.getNumerator(),

                                             FailureProb.getNumerator());

  Instruction *CheckTerm =

      SplitBlockAndInsertIfThen(Cmp, &RI, /* Unreachable */ true, Weights, DTU);

  IRBuilder<> IRBFail(CheckTerm);

  // FIXME: respect -fsanitize-trap / -ftrap-function here?

  FunctionCallee StackChkFail =

      F.getParent()->getOrInsertFunction("__stack_chk_fail", IRB.getVoidTy());

  IRBFail.CreateCall(StackChkFail, {});

}


/// We explicitly compute and set the unsafe stack layout for all unsafe

/// static alloca instructions. We save the unsafe "base pointer" in the

/// prologue into a local variable and restore it in the epilogue.

Value *SafeStack::moveStaticAllocasToUnsafeStack(

    IRBuilder<> &IRB, Function &F, ArrayRef<AllocaInst *> StaticAllocas,

    ArrayRef<Argument *> ByValArguments, Instruction *BasePointer,

    AllocaInst *StackGuardSlot) {

  if (StaticAllocas.empty() && ByValArguments.empty())

    return BasePointer;


  DIBuilder DIB(*F.getParent());


  StackLifetime SSC(F, StaticAllocas, StackLifetime::LivenessType::May);

  static const StackLifetime::LiveRange NoColoringRange(1, true);

  if (ClColoring)

    SSC.run();


  for (const auto *I : SSC.getMarkers()) {

    auto *Op = dyn_cast<Instruction>(I->getOperand(1));

    const_cast<IntrinsicInst *>(I)->eraseFromParent();

    // Remove the operand bitcast, too, if it has no more uses left.

    if (Op && Op->use_empty())

      Op->eraseFromParent();

  }


  // Unsafe stack always grows down.

  StackLayout SSL(StackAlignment);

  if (StackGuardSlot) {

    Type *Ty = StackGuardSlot->getAllocatedType();

    Align Align = std::max(DL.getPrefTypeAlign(Ty), StackGuardSlot->getAlign());

    SSL.addObject(StackGuardSlot, getStaticAllocaAllocationSize(StackGuardSlot),

                  Align, SSC.getFullLiveRange());

  }


  for (Argument *Arg : ByValArguments) {

    Type *Ty = Arg->getParamByValType();

    uint64_t Size = DL.getTypeStoreSize(Ty);

    if (Size == 0)

      Size = 1; // Don't create zero-sized stack objects.


    // Ensure the object is properly aligned.

    Align Align = DL.getPrefTypeAlign(Ty);

    if (auto A = Arg->getParamAlign())

      Align = std::max(Align, *A);

    SSL.addObject(Arg, Size, Align, SSC.getFullLiveRange());

  }


  for (AllocaInst *AI : StaticAllocas) {

    Type *Ty = AI->getAllocatedType();

    uint64_t Size = getStaticAllocaAllocationSize(AI);

    if (Size == 0)

      Size = 1; // Don't create zero-sized stack objects.


    // Ensure the object is properly aligned.

    Align Align = std::max(DL.getPrefTypeAlign(Ty), AI->getAlign());


    SSL.addObject(AI, Size, Align,

                  ClColoring ? SSC.getLiveRange(AI) : NoColoringRange);

  }


  SSL.computeLayout();

  Align FrameAlignment = SSL.getFrameAlignment();


  // FIXME: tell SSL that we start at a less-then-MaxAlignment aligned location

  // (AlignmentSkew).

  if (FrameAlignment > StackAlignment) {

    // Re-align the base pointer according to the max requested alignment.

    IRB.SetInsertPoint(BasePointer->getNextNode());

    BasePointer = cast<Instruction>(IRB.CreateIntToPtr(

        IRB.CreateAnd(

            IRB.CreatePtrToInt(BasePointer, IntPtrTy),

            ConstantInt::get(IntPtrTy, ~(FrameAlignment.value() - 1))),

        StackPtrTy));

  }


  IRB.SetInsertPoint(BasePointer->getNextNode());


  if (StackGuardSlot) {

    unsigned Offset = SSL.getObjectOffset(StackGuardSlot);

    Value *Off = IRB.CreateGEP(Int8Ty, BasePointer, // BasePointer is i8*

                               ConstantInt::get(Int32Ty, -Offset));

    Value *NewAI =

        IRB.CreateBitCast(Off, StackGuardSlot->getType(), "StackGuardSlot");


    // Replace alloc with the new location.

    StackGuardSlot->replaceAllUsesWith(NewAI);

    StackGuardSlot->eraseFromParent();

  }


  for (Argument *Arg : ByValArguments) {

    unsigned Offset = SSL.getObjectOffset(Arg);

    MaybeAlign Align(SSL.getObjectAlignment(Arg));

    Type *Ty = Arg->getParamByValType();


    uint64_t Size = DL.getTypeStoreSize(Ty);

    if (Size == 0)

      Size = 1; // Don't create zero-sized stack objects.


    Value *Off = IRB.CreateGEP(Int8Ty, BasePointer, // BasePointer is i8*

                               ConstantInt::get(Int32Ty, -Offset));

    Value *NewArg = IRB.CreateBitCast(Off, Arg->getType(),

                                     Arg->getName() + ".unsafe-byval");


    // Replace alloc with the new location.

    replaceDbgDeclare(Arg, BasePointer, DIB, DIExpression::ApplyOffset,

                      -Offset);

    Arg->replaceAllUsesWith(NewArg);

    IRB.SetInsertPoint(cast<Instruction>(NewArg)->getNextNode());

    IRB.CreateMemCpy(Off, Align, Arg, Arg->getParamAlign(), Size);

  }


  // Allocate space for every unsafe static AllocaInst on the unsafe stack.

  for (AllocaInst *AI : StaticAllocas) {

    IRB.SetInsertPoint(AI);

    unsigned Offset = SSL.getObjectOffset(AI);


    replaceDbgDeclare(AI, BasePointer, DIB, DIExpression::ApplyOffset, -Offset);

    replaceDbgValueForAlloca(AI, BasePointer, DIB, -Offset);


    // Replace uses of the alloca with the new location.

    // Insert address calculation close to each use to work around PR27844.

    std::string Name = std::string(AI->getName()) + ".unsafe";

    while (!AI->use_empty()) {

      Use &U = *AI->use_begin();

      Instruction *User = cast<Instruction>(U.getUser());


      Instruction *InsertBefore;

      if (auto *PHI = dyn_cast<PHINode>(User))

        InsertBefore = PHI->getIncomingBlock(U)->getTerminator();

      else

        InsertBefore = User;


      IRBuilder<> IRBUser(InsertBefore);

      Value *Off = IRBUser.CreateGEP(Int8Ty, BasePointer, // BasePointer is i8*

                                     ConstantInt::get(Int32Ty, -Offset));

      Value *Replacement = IRBUser.CreateBitCast(Off, AI->getType(), Name);


      if (auto *PHI = dyn_cast<PHINode>(User))

        // PHI nodes may have multiple incoming edges from the same BB (why??),

        // all must be updated at once with the same incoming value.

        PHI->setIncomingValueForBlock(PHI->getIncomingBlock(U), Replacement);

      else

        U.set(Replacement);

    }


    AI->eraseFromParent();

  }


  // Re-align BasePointer so that our callees would see it aligned as

  // expected.

  // FIXME: no need to update BasePointer in leaf functions.

  unsigned FrameSize = alignTo(SSL.getFrameSize(), StackAlignment);


  MDBuilder MDB(F.getContext());

  SmallVector<Metadata *, 2> Data;

  Data.push_back(MDB.createString("unsafe-stack-size"));

  Data.push_back(MDB.createConstant(ConstantInt::get(Int32Ty, FrameSize)));

  MDNode *MD = MDTuple::get(F.getContext(), Data);

  F.setMetadata(LLVMContext::MD_annotation, MD);


  // Update shadow stack pointer in the function epilogue.

  IRB.SetInsertPoint(BasePointer->getNextNode());


  Value *StaticTop =

      IRB.CreateGEP(Int8Ty, BasePointer, ConstantInt::get(Int32Ty, -FrameSize),

                    "unsafe_stack_static_top");

  IRB.CreateStore(StaticTop, UnsafeStackPtr);

  return StaticTop;

}


void SafeStack::moveDynamicAllocasToUnsafeStack(

    Function &F, Value *UnsafeStackPtr, AllocaInst *DynamicTop,

    ArrayRef<AllocaInst *> DynamicAllocas) {

  DIBuilder DIB(*F.getParent());


  for (AllocaInst *AI : DynamicAllocas) {

    IRBuilder<> IRB(AI);


    // Compute the new SP value (after AI).

    Value *ArraySize = AI->getArraySize();

    if (ArraySize->getType() != IntPtrTy)

      ArraySize = IRB.CreateIntCast(ArraySize, IntPtrTy, false);


    Type *Ty = AI->getAllocatedType();

    uint64_t TySize = DL.getTypeAllocSize(Ty);

    Value *Size = IRB.CreateMul(ArraySize, ConstantInt::get(IntPtrTy, TySize));


    Value *SP = IRB.CreatePtrToInt(IRB.CreateLoad(StackPtrTy, UnsafeStackPtr),

                                   IntPtrTy);

    SP = IRB.CreateSub(SP, Size);


    // Align the SP value to satisfy the AllocaInst, type and stack alignments.

    auto Align = std::max(std::max(DL.getPrefTypeAlign(Ty), AI->getAlign()),

                          StackAlignment);


    Value *NewTop = IRB.CreateIntToPtr(

        IRB.CreateAnd(SP,

                      ConstantInt::get(IntPtrTy, ~uint64_t(Align.value() - 1))),

        StackPtrTy);


    // Save the stack pointer.

    IRB.CreateStore(NewTop, UnsafeStackPtr);

    if (DynamicTop)

      IRB.CreateStore(NewTop, DynamicTop);


    Value *NewAI = IRB.CreatePointerCast(NewTop, AI->getType());

    if (AI->hasName() && isa<Instruction>(NewAI))

      NewAI->takeName(AI);


    replaceDbgDeclare(AI, NewAI, DIB, DIExpression::ApplyOffset, 0);

    AI->replaceAllUsesWith(NewAI);

    AI->eraseFromParent();

  }


  if (!DynamicAllocas.empty()) {

    // Now go through the instructions again, replacing stacksave/stackrestore.

    for (Instruction &I : llvm::make_early_inc_range(instructions(&F))) {

      auto *II = dyn_cast<IntrinsicInst>(&I);

      if (!II)

        continue;


      if (II->getIntrinsicID() == Intrinsic::stacksave) {

        IRBuilder<> IRB(II);

        Instruction *LI = IRB.CreateLoad(StackPtrTy, UnsafeStackPtr);

        LI->takeName(II);

        II->replaceAllUsesWith(LI);

        II->eraseFromParent();

      } else if (II->getIntrinsicID() == Intrinsic::stackrestore) {

        IRBuilder<> IRB(II);

        Instruction *SI = IRB.CreateStore(II->getArgOperand(0), UnsafeStackPtr);

        SI->takeName(II);

        assert(II->use_empty());

        II->eraseFromParent();

      }

    }

  }

}


bool SafeStack::ShouldInlinePointerAddress(CallInst &CI) {

  Function *Callee = CI.getCalledFunction();

  if (CI.hasFnAttr(Attribute::AlwaysInline) &&

      isInlineViable(*Callee).isSuccess())

    return true;

  if (Callee->isInterposable() || Callee->hasFnAttribute(Attribute::NoInline) ||

      CI.isNoInline())

    return false;

  return true;

}


void SafeStack::TryInlinePointerAddress() {

  auto *CI = dyn_cast<CallInst>(UnsafeStackPtr);

  if (!CI)

    return;


  if(F.hasOptNone())

    return;


  Function *Callee = CI->getCalledFunction();

  if (!Callee || Callee->isDeclaration())

    return;


  if (!ShouldInlinePointerAddress(*CI))

    return;


  InlineFunctionInfo IFI;

  InlineFunction(*CI, IFI);

}


bool SafeStack::run() {

  assert(F.hasFnAttribute(Attribute::SafeStack) &&

         "Can't run SafeStack on a function without the attribute");

  assert(!F.isDeclaration() && "Can't run SafeStack on a function declaration");


  ++NumFunctions;


  SmallVector<AllocaInst *, 16> StaticAllocas;

  SmallVector<AllocaInst *, 4> DynamicAllocas;

  SmallVector<Argument *, 4> ByValArguments;

  SmallVector<Instruction *, 4> Returns;


  // Collect all points where stack gets unwound and needs to be restored

  // This is only necessary because the runtime (setjmp and unwind code) is

  // not aware of the unsafe stack and won't unwind/restore it properly.

  // To work around this problem without changing the runtime, we insert

  // instrumentation to restore the unsafe stack pointer when necessary.

  SmallVector<Instruction *, 4> StackRestorePoints;


  // Find all static and dynamic alloca instructions that must be moved to the

  // unsafe stack, all return instructions and stack restore points.

  findInsts(F, StaticAllocas, DynamicAllocas, ByValArguments, Returns,

            StackRestorePoints);


  if (StaticAllocas.empty() && DynamicAllocas.empty() &&

      ByValArguments.empty() && StackRestorePoints.empty())

    return false; // Nothing to do in this function.


  if (!StaticAllocas.empty() || !DynamicAllocas.empty() ||

      !ByValArguments.empty())

    ++NumUnsafeStackFunctions; // This function has the unsafe stack.


  if (!StackRestorePoints.empty())

    ++NumUnsafeStackRestorePointsFunctions;


  IRBuilder<> IRB(&F.front(), F.begin()->getFirstInsertionPt());

  // Calls must always have a debug location, or else inlining breaks. So

  // we explicitly set a artificial debug location here.

  if (DISubprogram *SP = F.getSubprogram())

    IRB.SetCurrentDebugLocation(

        DILocation::get(SP->getContext(), SP->getScopeLine(), 0, SP));

  if (SafeStackUsePointerAddress) {

    FunctionCallee Fn = F.getParent()->getOrInsertFunction(

        "__safestack_pointer_address", StackPtrTy->getPointerTo(0));

    UnsafeStackPtr = IRB.CreateCall(Fn);

  } else {

    UnsafeStackPtr = TL.getSafeStackPointerLocation(IRB);

  }


  // Load the current stack pointer (we'll also use it as a base pointer).

  // FIXME: use a dedicated register for it ?

  Instruction *BasePointer =

      IRB.CreateLoad(StackPtrTy, UnsafeStackPtr, false, "unsafe_stack_ptr");

  assert(BasePointer->getType() == StackPtrTy);


  AllocaInst *StackGuardSlot = nullptr;

  // FIXME: implement weaker forms of stack protector.

  if (F.hasFnAttribute(Attribute::StackProtect) ||

      F.hasFnAttribute(Attribute::StackProtectStrong) ||

      F.hasFnAttribute(Attribute::StackProtectReq)) {

    Value *StackGuard = getStackGuard(IRB, F);

    StackGuardSlot = IRB.CreateAlloca(StackPtrTy, nullptr);

    IRB.CreateStore(StackGuard, StackGuardSlot);


    for (Instruction *RI : Returns) {

      IRBuilder<> IRBRet(RI);

      checkStackGuard(IRBRet, F, *RI, StackGuardSlot, StackGuard);

    }

  }


  // The top of the unsafe stack after all unsafe static allocas are

  // allocated.

  Value *StaticTop = moveStaticAllocasToUnsafeStack(

      IRB, F, StaticAllocas, ByValArguments, BasePointer, StackGuardSlot);


  // Safe stack object that stores the current unsafe stack top. It is updated

  // as unsafe dynamic (non-constant-sized) allocas are allocated and freed.

  // This is only needed if we need to restore stack pointer after longjmp

  // or exceptions, and we have dynamic allocations.

  // FIXME: a better alternative might be to store the unsafe stack pointer

  // before setjmp / invoke instructions.

  AllocaInst *DynamicTop = createStackRestorePoints(

      IRB, F, StackRestorePoints, StaticTop, !DynamicAllocas.empty());


  // Handle dynamic allocas.

  moveDynamicAllocasToUnsafeStack(F, UnsafeStackPtr, DynamicTop,

                                  DynamicAllocas);


  // Restore the unsafe stack pointer before each return.

  for (Instruction *RI : Returns) {

    IRB.SetInsertPoint(RI);

    IRB.CreateStore(BasePointer, UnsafeStackPtr);

  }


  TryInlinePointerAddress();


  LLVM_DEBUG(dbgs() << "[SafeStack]     safestack applied\n");

  return true;

}


class SafeStackLegacyPass : public FunctionPass {

  const TargetMachine *TM = nullptr;


public:

  static char ID; // Pass identification, replacement for typeid..


  SafeStackLegacyPass() : FunctionPass(ID) {

    initializeSafeStackLegacyPassPass(*PassRegistry::getPassRegistry());

  }


  void getAnalysisUsage(AnalysisUsage &AU) const override {

    AU.addRequired<TargetPassConfig>();

    AU.addRequired<TargetLibraryInfoWrapperPass>();

    AU.addRequired<AssumptionCacheTracker>();

    AU.addPreserved<DominatorTreeWrapperPass>();

  }


  bool runOnFunction(Function &F) override {

    LLVM_DEBUG(dbgs() << "[SafeStack] Function: " << F.getName() << "\n");


    if (!F.hasFnAttribute(Attribute::SafeStack)) {

      LLVM_DEBUG(dbgs() << "[SafeStack]     safestack is not requested"

                           " for this function\n");

      return false;

    }


    if (F.isDeclaration()) {

      LLVM_DEBUG(dbgs() << "[SafeStack]     function definition"

                           " is not available\n");

      return false;

    }


    TM = &getAnalysis<TargetPassConfig>().getTM<TargetMachine>();

    auto *TL = TM->getSubtargetImpl(F)->getTargetLowering();

    if (!TL)

      report_fatal_error("TargetLowering instance is required");


    auto *DL = &F.getParent()->getDataLayout();

    auto &TLI = getAnalysis<TargetLibraryInfoWrapperPass>().getTLI(F);

    auto &ACT = getAnalysis<AssumptionCacheTracker>().getAssumptionCache(F);


    // Compute DT and LI only for functions that have the attribute.

    // This is only useful because the legacy pass manager doesn't let us

    // compute analyzes lazily.


    DominatorTree *DT;

    bool ShouldPreserveDominatorTree;

    std::optional<DominatorTree> LazilyComputedDomTree;


    // Do we already have a DominatorTree avaliable from the previous pass?

    // Note that we should *NOT* require it, to avoid the case where we end up

    // not needing it, but the legacy PM would have computed it for us anyways.

    if (auto *DTWP = getAnalysisIfAvailable<DominatorTreeWrapperPass>()) {

      DT = &DTWP->getDomTree();

      ShouldPreserveDominatorTree = true;

    } else {

      // Otherwise, we need to compute it.

      LazilyComputedDomTree.emplace(F);

      DT = &*LazilyComputedDomTree;

      ShouldPreserveDominatorTree = false;

    }


    // Likewise, lazily compute loop info.

    LoopInfo LI(*DT);


    DomTreeUpdater DTU(DT, DomTreeUpdater::UpdateStrategy::Lazy);


    ScalarEvolution SE(F, TLI, ACT, *DT, LI);


    return SafeStack(F, *TL, *DL, ShouldPreserveDominatorTree ? &DTU : nullptr,

                     SE)

        .run();

  }

};


} // end anonymous namespace


char SafeStackLegacyPass::ID = 0;


INITIALIZE_PASS_BEGIN(SafeStackLegacyPass, DEBUG_TYPE,

                      "Safe Stack instrumentation pass", false, false)

INITIALIZE_PASS_DEPENDENCY(TargetPassConfig)

INITIALIZE_PASS_DEPENDENCY(DominatorTreeWrapperPass)

INITIALIZE_PASS_END(SafeStackLegacyPass, DEBUG_TYPE,

                    "Safe Stack instrumentation pass", false, false)


FunctionPass *llvm::createSafeStackPass() { return new SafeStackLegacyPass(); }

DL
MachineBasicBlock MachineBasicBlock::iterator DebugLoc DL
Definition: AArch64SLSHardening.cpp:76

Callee
amdgpu Simplify well known AMD library false FunctionCallee Callee
Definition: AMDGPULibCalls.cpp:187

Arg
amdgpu Simplify well known AMD library false FunctionCallee Value * Arg
Definition: AMDGPULibCalls.cpp:187

PHI
Rewrite undef for PHI
Definition: AMDGPURewriteUndefForPHI.cpp:101

APInt.h
This file implements a class to represent arbitrary precision integral constant values and operations...

Argument.h

ArrayRef.h

AssumptionCache.h

Attributes.h
This file contains the simple types necessary to represent the attributes associated with functions a...

BasicBlockUtils.h

BranchProbabilityInfo.h

B
static GCRegistry::Add< OcamlGC > B("ocaml", "ocaml 3.10-compatible GC")

A
static GCRegistry::Add< ErlangGC > A("erlang", "erlang-compatible garbage collector")

E
static GCRegistry::Add< CoreCLRGC > E("coreclr", "CoreCLR-compatible GC")

Casting.h

Cloning.h

ConstantRange.h

Constants.h
This file contains the declarations for the subclasses of Constant, which represent the different fla...

DIBuilder.h

DataLayout.h

Debug.h

LLVM_DEBUG
#define LLVM_DEBUG(X)
Definition: Debug.h:101

DerivedTypes.h

DomTreeUpdater.h

Dominators.h

Addr
uint64_t Addr
Definition: ELFObjHandler.cpp:79

Name
std::string Name
Definition: ELFObjHandler.cpp:77

Size
uint64_t Size
Definition: ELFObjHandler.cpp:81

Function.h

IRBuilder.h

MI
IRTranslator LLVM IR MI
Definition: IRTranslator.cpp:109

Instruction.h

InitializePasses.h

InlineCost.h

InstIterator.h

Instructions.h

IntrinsicInst.h

Intrinsics.h

LoopInfo.h

F
#define F(x, y, z)
Definition: MD5.cpp:55

I
#define I(x, y, z)
Definition: MD5.cpp:58

MDBuilder.h

MathExtras.h

Metadata.h
This file contains the declarations for metadata subclasses.

Module.h
Module.h This file contains the declarations for the Module class.

instructions
print must be executed print the must be executed context for all instructions
Definition: MustExecute.cpp:362

Int32Ty
IntegerType * Int32Ty
Definition: NVVMIntrRange.cpp:67

TM
const char LLVMTargetMachineRef TM
Definition: PassBuilderBindings.cpp:47

INITIALIZE_PASS_DEPENDENCY
#define INITIALIZE_PASS_DEPENDENCY(depName)
Definition: PassSupport.h:55

INITIALIZE_PASS_END
#define INITIALIZE_PASS_END(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:59

INITIALIZE_PASS_BEGIN
#define INITIALIZE_PASS_BEGIN(passName, arg, name, cfg, analysis)
Definition: PassSupport.h:52

Pass.h

SI
@ SI
Definition: SIInstrInfo.cpp:7993

assert
assert(ImpDefSCC.getReg()==AMDGPU::SCC &&ImpDefSCC.isDef())

SafeStackLayout.h

SafeStackUsePointerAddress
static cl::opt< bool > SafeStackUsePointerAddress("safestack-use-pointer-address", cl::init(false), cl::Hidden)
Use __safestack_pointer_address even if the platform has a faster way of access safe stack pointer.

ClColoring
static cl::opt< bool > ClColoring("safe-stack-coloring", cl::desc("enable safe stack coloring"), cl::Hidden, cl::init(true))

DEBUG_TYPE
#define DEBUG_TYPE
Definition: SafeStack.cpp:77

pass
Safe Stack instrumentation pass
Definition: SafeStack.cpp:937

ScalarEvolutionExpressions.h

ScalarEvolution.h

SmallPtrSet.h
This file defines the SmallPtrSet class.

SmallVector.h
This file defines the SmallVector class.

StackLifetime.h

getStackGuard
static Value * getStackGuard(const TargetLoweringBase *TLI, Module *M, IRBuilder<> &B, bool *SupportsSelectionDAGSP=nullptr)
Create a stack guard loading and populate whether SelectionDAG SSP is supported.
Definition: StackProtector.cpp:389

Statistic.h
This file defines the 'Statistic' class, which is designed to be an easy way to expose various metric...

STATISTIC
#define STATISTIC(VARNAME, DESC)
Definition: Statistic.h:167

TargetLibraryInfo.h

TargetLowering.h
This file describes how to lower LLVM code to machine code.

TargetPassConfig.h
Target-Independent Code Generator Pass Configuration Options pass.

TargetSubtargetInfo.h

Local.h

Type.h

Use.h
This defines the Use class.

Value.h

instrumentation
xray instrumentation
Definition: XRayInstrumentation.cpp:267

llvm::APInt
Class for arbitrary precision integers.
Definition: APInt.h:75

llvm::AllocaInst
an instruction to allocate memory on the stack
Definition: Instructions.h:58

llvm::AllocaInst::isStaticAlloca
bool isStaticAlloca() const
Return true if this alloca is in the entry block of the function and is a constant size.
Definition: Instructions.cpp:1517

llvm::AllocaInst::getAlign
Align getAlign() const
Return the alignment of the memory that is being allocated by the instruction.
Definition: Instructions.h:125

llvm::AllocaInst::getType
PointerType * getType() const
Overload to return most specific pointer type.
Definition: Instructions.h:100

llvm::AllocaInst::getAllocatedType
Type * getAllocatedType() const
Return the type that is being allocated by the instruction.
Definition: Instructions.h:118

llvm::AllocaInst::isArrayAllocation
bool isArrayAllocation() const
Return true if there is an allocation size parameter to the allocation instruction that is not 1.
Definition: Instructions.cpp:1508

llvm::AllocaInst::getArraySize
const Value * getArraySize() const
Get the number of elements allocated.
Definition: Instructions.h:96

llvm::AnalysisUsage
Represent the analysis usage information of a pass.
Definition: PassAnalysisSupport.h:47

llvm::AnalysisUsage::addRequired
AnalysisUsage & addRequired()
Definition: PassAnalysisSupport.h:75

llvm::AnalysisUsage::addPreserved
AnalysisUsage & addPreserved()
Add the specified Pass class to the set of analyses preserved by this pass.
Definition: PassAnalysisSupport.h:98

llvm::Argument
This class represents an incoming formal argument to a Function.
Definition: Argument.h:28

llvm::ArrayRef
ArrayRef - Represent a constant reference to an array (0 or more elements consecutively in memory),...
Definition: ArrayRef.h:41

llvm::ArrayRef::empty
bool empty() const
empty - Check if the array is empty.
Definition: ArrayRef.h:158

llvm::AssumptionCacheTracker
An immutable pass that tracks lazily created AssumptionCache objects.
Definition: AssumptionCache.h:202

llvm::BranchProbabilityInfo::getBranchProbStackProtector
static BranchProbability getBranchProbStackProtector(bool IsLikely)
Definition: BranchProbabilityInfo.h:192

llvm::CallBase
Base class for all callable instructions (InvokeInst and CallInst) Holds everything related to callin...
Definition: InstrTypes.h:1184

llvm::CallBase::doesNotCapture
bool doesNotCapture(unsigned OpNo) const
Determine whether this data operand is not captured.
Definition: InstrTypes.h:1683

llvm::CallBase::getCalledFunction
Function * getCalledFunction() const
Returns the function called, or null if this is an indirect function invocation or the function signa...
Definition: InstrTypes.h:1406

llvm::CallBase::doesNotAccessMemory
bool doesNotAccessMemory(unsigned OpNo) const
Definition: InstrTypes.h:1724

llvm::CallBase::hasFnAttr
bool hasFnAttr(Attribute::AttrKind Kind) const
Determine whether this call has the given attribute.
Definition: InstrTypes.h:1493

llvm::CallBase::arg_begin
User::op_iterator arg_begin()
Return the iterator pointing to the beginning of the argument list.
Definition: InstrTypes.h:1326

llvm::CallBase::isNoInline
bool isNoInline() const
Return true if the call should not be inlined.
Definition: InstrTypes.h:1867

llvm::CallBase::arg_end
User::op_iterator arg_end()
Return the iterator pointing to the end of the argument list.
Definition: InstrTypes.h:1332

llvm::CallInst
This class represents a function call, abstracting a target machine's calling convention.
Definition: Instructions.h:1485

llvm::ConstantInt::get
static Constant * get(Type *Ty, uint64_t V, bool IsSigned=false)
If Ty is a vector type, return a Constant with a splat of the given value.
Definition: Constants.cpp:887

llvm::ConstantRange
This class represents a range of values.
Definition: ConstantRange.h:47

llvm::ConstantRange::add
ConstantRange add(const ConstantRange &Other) const
Return a new range representing the possible values resulting from an addition of a value in this ran...
Definition: ConstantRange.cpp:986

llvm::ConstantRange::contains
bool contains(const APInt &Val) const
Return true if the specified value is in the set.
Definition: ConstantRange.cpp:446

llvm::DIBuilder
Definition: DIBuilder.h:42

llvm::DIExpression::ApplyOffset
@ ApplyOffset
Definition: DebugInfoMetadata.h:2870

llvm::DISubprogram
Subprogram description.
Definition: DebugInfoMetadata.h:1851

llvm::DataLayout
A parsed version of the target data layout string in and methods for querying it.
Definition: DataLayout.h:114

llvm::DomTreeUpdater
Definition: DomTreeUpdater.h:28

llvm::DominatorTreeWrapperPass
Legacy analysis pass which computes a DominatorTree.
Definition: Dominators.h:314

llvm::DominatorTree
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree.
Definition: Dominators.h:166

llvm::FunctionCallee
A handy container for a FunctionType+Callee-pointer pair, which can be passed around as a single enti...
Definition: DerivedTypes.h:165

llvm::FunctionPass
FunctionPass class - This class is used to implement most global optimizations.
Definition: Pass.h:308

llvm::FunctionPass::runOnFunction
virtual bool runOnFunction(Function &F)=0
runOnFunction - Virtual method overriden by subclasses to do the per-function processing of the pass.

llvm::Function
Definition: Function.h:60

llvm::IRBuilderBase::CreateAlloca
AllocaInst * CreateAlloca(Type *Ty, unsigned AddrSpace, Value *ArraySize=nullptr, const Twine &Name="")
Definition: IRBuilder.h:1688

llvm::IRBuilderBase::CreatePointerCast
Value * CreatePointerCast(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2054

llvm::IRBuilderBase::CreateIntToPtr
Value * CreateIntToPtr(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2003

llvm::IRBuilderBase::SetCurrentDebugLocation
void SetCurrentDebugLocation(DebugLoc L)
Set location information used by debugging information.
Definition: IRBuilder.h:212

llvm::IRBuilderBase::CreateICmpNE
Value * CreateICmpNE(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:2126

llvm::IRBuilderBase::CreateSub
Value * CreateSub(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition: IRBuilder.h:1259

llvm::IRBuilderBase::CreateBitCast
Value * CreateBitCast(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:2008

llvm::IRBuilderBase::CreateLoad
LoadInst * CreateLoad(Type *Ty, Value *Ptr, const char *Name)
Provided to resolve 'CreateLoad(Ty, Ptr, "...")' correctly, instead of converting the string to 'bool...
Definition: IRBuilder.h:1705

llvm::IRBuilderBase::CreateAnd
Value * CreateAnd(Value *LHS, Value *RHS, const Twine &Name="")
Definition: IRBuilder.h:1390

llvm::IRBuilderBase::CreateStore
StoreInst * CreateStore(Value *Val, Value *Ptr, bool isVolatile=false)
Definition: IRBuilder.h:1718

llvm::IRBuilderBase::CreatePtrToInt
Value * CreatePtrToInt(Value *V, Type *DestTy, const Twine &Name="")
Definition: IRBuilder.h:1998

llvm::IRBuilderBase::CreateIntCast
Value * CreateIntCast(Value *V, Type *DestTy, bool isSigned, const Twine &Name="")
Definition: IRBuilder.h:2077

llvm::IRBuilderBase::SetInsertPoint
void SetInsertPoint(BasicBlock *TheBB)
This specifies that created instructions should be appended to the end of the specified block.
Definition: IRBuilder.h:180

llvm::IRBuilderBase::getVoidTy
Type * getVoidTy()
Fetch the type representing void.
Definition: IRBuilder.h:550

llvm::IRBuilderBase::CreateCall
CallInst * CreateCall(FunctionType *FTy, Value *Callee, ArrayRef< Value * > Args=std::nullopt, const Twine &Name="", MDNode *FPMathTag=nullptr)
Definition: IRBuilder.h:2293

llvm::IRBuilderBase::CreateGEP
Value * CreateGEP(Type *Ty, Value *Ptr, ArrayRef< Value * > IdxList, const Twine &Name="", bool IsInBounds=false)
Definition: IRBuilder.h:1781

llvm::IRBuilderBase::CreateMemCpy
CallInst * CreateMemCpy(Value *Dst, MaybeAlign DstAlign, Value *Src, MaybeAlign SrcAlign, uint64_t Size, bool isVolatile=false, MDNode *TBAATag=nullptr, MDNode *TBAAStructTag=nullptr, MDNode *ScopeTag=nullptr, MDNode *NoAliasTag=nullptr)
Create and insert a memcpy between the specified pointers.
Definition: IRBuilder.h:628

llvm::IRBuilderBase::CreateMul
Value * CreateMul(Value *LHS, Value *RHS, const Twine &Name="", bool HasNUW=false, bool HasNSW=false)
Definition: IRBuilder.h:1276

llvm::IRBuilder
This provides a uniform API for creating instructions and inserting them into a basic block: either a...
Definition: IRBuilder.h:2550

llvm::InlineFunctionInfo
This class captures the data input to the InlineFunction call, and records the auxiliary results prod...
Definition: Cloning.h:203

llvm::InlineResult::isSuccess
bool isSuccess() const
Definition: InlineCost.h:188

llvm::Instruction
Definition: Instruction.h:42

llvm::Instruction::eraseFromParent
SymbolTableList< Instruction >::iterator eraseFromParent()
This method unlinks 'this' from the containing basic block and deletes it.
Definition: Instruction.cpp:82

llvm::IntrinsicInst
A wrapper class for inspecting calls to intrinsic functions.
Definition: IntrinsicInst.h:47

llvm::LoopInfo
Definition: LoopInfo.h:1108

llvm::MDBuilder
Definition: MDBuilder.h:36

llvm::MDBuilder::createBranchWeights
MDNode * createBranchWeights(uint32_t TrueWeight, uint32_t FalseWeight)
Return metadata containing two branch weights.
Definition: MDBuilder.cpp:37

llvm::MDNode
Metadata node.
Definition: Metadata.h:943

llvm::MDTuple::get
static MDTuple * get(LLVMContext &Context, ArrayRef< Metadata * > MDs)
Definition: Metadata.h:1356

llvm::MemIntrinsic
This is the common base class for memset/memcpy/memmove.
Definition: IntrinsicInst.h:1048

llvm::Module
A Module instance is used to store all the information related to an LLVM module.
Definition: Module.h:65

llvm::PassRegistry::getPassRegistry
static PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
Definition: PassRegistry.cpp:24

llvm::Pass::getAnalysisUsage
virtual void getAnalysisUsage(AnalysisUsage &) const
getAnalysisUsage - This function should be overriden by passes that need analysis information to do t...
Definition: Pass.cpp:98

llvm::SCEV
This class represents an analyzed expression in the program.
Definition: ScalarEvolution.h:75

llvm::SCEV::getType
Type * getType() const
Return the LLVM type of this SCEV expression.
Definition: ScalarEvolution.cpp:401

llvm::ScalarEvolution
The main scalar evolution driver.
Definition: ScalarEvolution.h:452

llvm::SmallPtrSetImpl::insert
std::pair< iterator, bool > insert(PtrType Ptr)
Inserts Ptr if and only if there is no element in the container equal to Ptr.
Definition: SmallPtrSet.h:365

llvm::SmallPtrSet
SmallPtrSet - This class implements a set which is optimized for holding SmallSize or less elements.
Definition: SmallPtrSet.h:450

llvm::SmallVectorBase::empty
bool empty() const
Definition: SmallVector.h:94

llvm::SmallVectorImpl
This class consists of common code factored out of the SmallVector class to reduce code duplication b...
Definition: SmallVector.h:577

llvm::SmallVectorImpl::pop_back_val
T pop_back_val()
Definition: SmallVector.h:677

llvm::SmallVectorTemplateBase::push_back
void push_back(const T &Elt)
Definition: SmallVector.h:416

llvm::SmallVector
This is a 'vector' (really, a variable-sized array), optimized for the case when the array is small.
Definition: SmallVector.h:1200

llvm::StackLifetime::LiveRange
This class represents a set of interesting instructions where an alloca is live.
Definition: StackLifetime.h:63

llvm::StackLifetime
Compute live ranges of allocas.
Definition: StackLifetime.h:37

llvm::TargetLibraryInfoWrapperPass
Definition: TargetLibraryInfo.h:565

llvm::TargetLoweringBase
This base class for TargetLowering contains the SelectionDAG-independent parts that can be used from ...
Definition: TargetLowering.h:192

llvm::TargetMachine
Primary interface to the complete machine description for the target machine.
Definition: TargetMachine.h:78

llvm::TargetPassConfig
Target-Independent Code Generator Pass Configuration Options.
Definition: TargetPassConfig.h:84

llvm::Type
The instances of the Type class are immutable: once they are created, they are never changed.
Definition: Type.h:45

llvm::Use
A Use represents the edge between a Value definition and its users.
Definition: Use.h:43

llvm::Use::set
void set(Value *Val)
Definition: Value.h:865

llvm::Use::getUser
User * getUser() const
Returns the User that contains this Use.
Definition: Use.h:72

llvm::User
Definition: User.h:44

llvm::Value
LLVM Value Representation.
Definition: Value.h:74

llvm::Value::getType
Type * getType() const
All values are typed, get the type of this value.
Definition: Value.h:255

llvm::Value::replaceAllUsesWith
void replaceAllUsesWith(Value *V)
Change all uses of this to point to a new Value.
Definition: Value.cpp:532

llvm::Value::use_begin
use_iterator use_begin()
Definition: Value.h:360

llvm::Value::use_empty
bool use_empty() const
Definition: Value.h:344

llvm::Value::getContext
LLVMContext & getContext() const
All values hold a context through their type.
Definition: Value.cpp:994

llvm::Value::uses
iterator_range< use_iterator > uses()
Definition: Value.h:376

llvm::Value::hasName
bool hasName() const
Definition: Value.h:261

llvm::Value::getName
StringRef getName() const
Return a constant reference to the value's name.
Definition: Value.cpp:308

llvm::Value::takeName
void takeName(Value *V)
Transfer the name from V to this value.
Definition: Value.cpp:381

llvm::cl::opt
Definition: CommandLine.h:1412

llvm::ilist_node_with_parent::getNextNode
NodeTy * getNextNode()
Get the next node, or nullptr for the list tail.
Definition: ilist_node.h:289

llvm::safestack::StackLayout
Compute the layout of an unsafe stack frame.
Definition: SafeStackLayout.h:24

uint64_t

unsigned

ErrorHandling.h

TargetMachine.h

false
Definition: StackSlotColoring.cpp:141

llvm::AMDGPU::IsaInfo::TargetIDSetting::Off
@ Off

llvm::AMDGPU::SendMsg::Op
Op
Definition: SIDefines.h:354

llvm::ARM::ProfileKind::M
@ M

llvm::CallingConv::ID
unsigned ID
LLVM IR allows to use arbitrary numbers as calling convention identifiers.
Definition: CallingConv.h:24

llvm::CallingConv::C
@ C
The default llvm calling convention, compatible with C.
Definition: CallingConv.h:34

llvm::Intrinsic::getDeclaration
Function * getDeclaration(Module *M, ID id, ArrayRef< Type * > Tys=std::nullopt)
Create or insert an LLVM Function declaration for an intrinsic, and return it.
Definition: Function.cpp:1502

llvm::X86::FirstMacroFusionInstKind::Cmp
@ Cmp

llvm::cl::Hidden
@ Hidden
Definition: CommandLine.h:138

llvm::cl::init
initializer< Ty > init(const Ty &Val)
Definition: CommandLine.h:445

llvm::dxil::PointerTypeAnalysis::run
PointerTypeMap run(const Module &M)
Compute the PointerTypeMap for the module M.
Definition: PointerTypeAnalysis.cpp:189

llvm::omp::RTLDependInfoFields::Len
@ Len

llvm::safestack
Definition: SafeStackLayout.h:21

llvm::sampleprof::Base
@ Base
Definition: Discriminator.h:58

llvm
This is an optimization pass for GlobalISel generic memory operations.
Definition: AddressRanges.h:18

llvm::Offset
@ Offset
Definition: DWP.cpp:406

llvm::createSafeStackPass
FunctionPass * createSafeStackPass()
This pass splits the stack into a safe stack and an unsafe stack to protect against stack-based overf...
Definition: SafeStack.cpp:939

llvm::make_early_inc_range
iterator_range< early_inc_iterator_impl< detail::IterOfRange< RangeT > > > make_early_inc_range(RangeT &&Range)
Make a range that does early increment to allow mutation of the underlying range without disrupting i...
Definition: STLExtras.h:721

llvm::isInlineViable
InlineResult isInlineViable(Function &Callee)
Minimal filter to detect invalid constructs for inlining.
Definition: InlineCost.cpp:3005

llvm::dbgs
raw_ostream & dbgs()
dbgs() - This returns a reference to a raw_ostream for debugging messages.
Definition: Debug.cpp:163

llvm::report_fatal_error
void report_fatal_error(Error Err, bool gen_crash_diag=true)
Report a serious error, calling any installed error handler.
Definition: Error.cpp:145

llvm::alignTo
uint64_t alignTo(uint64_t Size, Align A)
Returns a multiple of A needed to store Size bytes.
Definition: Alignment.h:155

llvm::initializeSafeStackLegacyPassPass
void initializeSafeStackLegacyPassPass(PassRegistry &)

llvm::InlineFunction
InlineResult InlineFunction(CallBase &CB, InlineFunctionInfo &IFI, bool MergeAttributes=false, AAResults *CalleeAAR=nullptr, bool InsertLifetime=true, Function *ForwardVarArgsTo=nullptr)
This function inlines the called function into the basic block of the caller.
Definition: InlineFunction.cpp:2008

llvm::replaceDbgValueForAlloca
void replaceDbgValueForAlloca(AllocaInst *AI, Value *NewAllocaAddress, DIBuilder &Builder, int Offset=0)
Replaces multiple llvm.dbg.value instructions when the alloca it describes is replaced with a new val...
Definition: Local.cpp:1808

llvm::BitWidth
constexpr unsigned BitWidth
Definition: BitmaskEnum.h:147

llvm::SplitBlockAndInsertIfThen
Instruction * SplitBlockAndInsertIfThen(Value *Cond, Instruction *SplitBefore, bool Unreachable, MDNode *BranchWeights, DominatorTree *DT, LoopInfo *LI=nullptr, BasicBlock *ThenBlock=nullptr)
Split the containing block at the specified instruction - everything before SplitBefore stays in the ...
Definition: BasicBlockUtils.cpp:1542

llvm::Data
@ Data
Definition: SIMachineScheduler.h:55

llvm::replaceDbgDeclare
bool replaceDbgDeclare(Value *Address, Value *NewAddress, DIBuilder &Builder, uint8_t DIExprFlags, int Offset)
Replaces llvm.dbg.declare instruction when the address it describes is replaced with a new value.
Definition: Local.cpp:1767

raw_ostream.h

llvm::Align
This struct is a compact representation of a valid (non-zero power of two) alignment.
Definition: Alignment.h:39

llvm::Align::value
uint64_t value() const
This is a hole in the type system and should not be abused.
Definition: Alignment.h:85

llvm::MaybeAlign
This struct is a compact representation of a valid (power of two) or undefined (0) alignment.
Definition: Alignment.h:117

llvm::cl::desc
Definition: CommandLine.h:411