[AArch64][v8.5A] Don't create BR instructions in outliner when BTI enabled

When branch target identification is enabled, we can only do indirect
tail-calls through x16 or x17. This means that the outliner can't
transform a BLR instruction at the end of an outlined region into a BR.

Differential revision: https://reviews.llvm.org/D52869

llvm-svn: 343969
This commit is contained in:
Oliver Stannard 2018-10-08 14:12:08 +00:00
parent 886a23647c
commit db32f39ce4
2 changed files with 53 additions and 1 deletions

View File

@ -5084,6 +5084,13 @@ AArch64InstrInfo::getOutliningCandidateInfo(
unsigned FrameID = MachineOutlinerDefault;
unsigned NumBytesToCreateFrame = 4;
bool HasBTI =
std::any_of(RepeatedSequenceLocs.begin(), RepeatedSequenceLocs.end(),
[](outliner::Candidate &C) {
return C.getMF()->getFunction().hasFnAttribute(
"branch-target-enforcement");
});
// If the last instruction in any candidate is a terminator, then we should
// tail call all of the candidates.
if (RepeatedSequenceLocs[0].back()->isTerminator()) {
@ -5092,7 +5099,8 @@ AArch64InstrInfo::getOutliningCandidateInfo(
SetCandidateCallInfo(MachineOutlinerTailCall, 4);
}
else if (LastInstrOpcode == AArch64::BL || LastInstrOpcode == AArch64::BLR) {
else if (LastInstrOpcode == AArch64::BL ||
(LastInstrOpcode == AArch64::BLR && !HasBTI)) {
// FIXME: Do we need to check if the code after this uses the value of LR?
FrameID = MachineOutlinerThunk;
NumBytesToCreateFrame = 0;

View File

@ -0,0 +1,44 @@
# RUN: llc -mtriple=aarch64--- -run-pass=prologepilog -run-pass=machine-outliner -verify-machineinstrs %s -o - | FileCheck %s
# AArch64 Branch Target Enforcement treats the BR and BLR indirect branch
# instructions differently. The BLR instruction can only target a BTI C
# instruction, and the BR instruction can only target a BTI J instruction. We
# always start indirectly-called functions with BTI C, so the outliner must not
# transform a BLR instruction into a BR instruction.
# There is an exception to this: BR X16 and BR X17 can also target a BTI C
# instruction. We make of this for general tail-calls (tested elsewhere), but
# don't currently make use of this in the outliner.
# CHECK-NOT: OUTLINED_FUNCTION_
--- |
@g = hidden local_unnamed_addr global i32 0, align 4
define hidden void @bar(void ()* nocapture %f) "branch-target-enforcement" {
entry:
ret void
}
declare void @foo()
...
---
name: bar
tracksRegLiveness: true
body: |
bb.0.entry:
liveins: $x20, $x21, $lr, $x19
HINT 34
STRWui renamable $w21, renamable $x20, target-flags(aarch64-pageoff, aarch64-nc) @g :: (store 4 into @g)
BLR renamable $x19, csr_aarch64_aapcs, implicit-def dead $lr, implicit $sp, implicit-def $sp
STRWui renamable $w21, renamable $x20, target-flags(aarch64-pageoff, aarch64-nc) @g :: (store 4 into @g)
BLR renamable $x19, csr_aarch64_aapcs, implicit-def dead $lr, implicit $sp, implicit-def $sp
STRWui killed renamable $w21, killed renamable $x20, target-flags(aarch64-pageoff, aarch64-nc) @g :: (store 4 into @g)
BLR killed renamable $x19, csr_aarch64_aapcs, implicit-def dead $lr, implicit $sp, implicit-def $sp
TCRETURNdi @foo, 0, csr_aarch64_aapcs, implicit $sp
...