Skip to content

[InstCombine] Combine ptrauth constant callee into bundle. #94706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
+126 −0
Open

[InstCombine] Combine ptrauth constant callee into bundle. #94706

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
de79c48
[InstCombine] Combine ptrauth constant callee into bundle.
ahmedbougacha Sep 27, 2021
1d00ba7
Remove now-unnecessary stripPointerCasts.
ahmedbougacha Jun 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3665,6 +3665,34 @@ static IntrinsicInst *findInitTrampoline(Value *Callee) {
return nullptr;
}

Instruction *InstCombinerImpl::foldPtrAuthConstantCallee(CallBase &Call) {
auto *CPA = dyn_cast<ConstantPtrAuth>(Call.getCalledOperand());
if (!CPA)
return nullptr;

auto *CalleeF = dyn_cast<Function>(CPA->getPointer()->stripPointerCasts());
// If the ptrauth constant isn't based on a function pointer, bail out.
if (!CalleeF)
return nullptr;

// Inspect the call ptrauth bundle to check it matches the ptrauth constant.
auto PAB = Call.getOperandBundle(LLVMContext::OB_ptrauth);
if (!PAB)
return nullptr;

auto *Key = cast<ConstantInt>(PAB->Inputs[0]);
Value *Discriminator = PAB->Inputs[1];

// If the bundle doesn't match, this is probably going to fail to auth.
if (!CPA->isKnownCompatibleWith(Key, Discriminator, DL))
return nullptr;

// If the bundle matches the constant, proceed in making this a direct call.
auto *NewCall = CallBase::removeOperandBundle(&Call, LLVMContext::OB_ptrauth);
NewCall->setCalledOperand(CalleeF);
return NewCall;
}

bool InstCombinerImpl::annotateAnyAllocSite(CallBase &Call,
const TargetLibraryInfo *TLI) {
// Note: We only handle cases which can't be driven from generic attributes
Expand Down Expand Up @@ -3812,6 +3840,10 @@ Instruction *InstCombinerImpl::visitCallBase(CallBase &Call) {
if (IntrinsicInst *II = findInitTrampoline(Callee))
return transformCallThroughTrampoline(Call, *II);

// Combine calls to ptrauth constants.
if (Instruction *NewCall = foldPtrAuthConstantCallee(Call))
return NewCall;

if (isa<InlineAsm>(Callee) && !Call.doesNotThrow()) {
InlineAsm *IA = cast<InlineAsm>(Callee);
if (!IA->canThrow()) {
Expand Down
5 changes: 5 additions & 0 deletions llvm/lib/Transforms/InstCombine/InstCombineInternal.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -282,6 +282,11 @@ class LLVM_LIBRARY_VISIBILITY InstCombinerImpl final
Instruction *transformCallThroughTrampoline(CallBase &Call,
IntrinsicInst &Tramp);

/// Try to optimize a call to a ptrauth constant, into its ptrauth bundle:
/// call(ptrauth(f)), ["ptrauth"()] -> call f
/// as long as the key/discriminator are the same in constant and bundle.
Instruction *foldPtrAuthConstantCallee(CallBase &Call);

// Return (a, b) if (LHS, RHS) is known to be (a, b) or (b, a).
// Otherwise, return std::nullopt
// Currently it matches:
Expand Down
89 changes: 89 additions & 0 deletions llvm/test/Transforms/InstCombine/ptrauth-call.ll
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
; RUN: opt < %s -passes=instcombine -S | FileCheck %s

target datalayout = "e-m:o-i64:64-i128:128-n32:64-S128"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is manually specifying datalayout mandatory here or can we omit that?


declare i64 @f(i32)
declare ptr @f2(i32)

define i32 @test_ptrauth_call(i32 %a0) {
; CHECK-LABEL: @test_ptrauth_call(
; CHECK-NEXT: [[V0:%.*]] = call i32 @f(i32 [[A0:%.*]])
; CHECK-NEXT: ret i32 [[V0]]
;
%v0 = call i32 ptrauth(ptr @f, i32 0)(i32 %a0) [ "ptrauth"(i32 0, i64 0) ]
ret i32 %v0
}

define i32 @test_ptrauth_call_disc(i32 %a0) {
; CHECK-LABEL: @test_ptrauth_call_disc(
; CHECK-NEXT: [[V0:%.*]] = call i32 @f(i32 [[A0:%.*]])
; CHECK-NEXT: ret i32 [[V0]]
;
%v0 = call i32 ptrauth(ptr @f, i32 1, i64 5678)(i32 %a0) [ "ptrauth"(i32 1, i64 5678) ]
ret i32 %v0
}

@f_addr_disc.ref = constant ptr ptrauth(ptr @f, i32 1, i64 0, ptr @f_addr_disc.ref)

define i32 @test_ptrauth_call_addr_disc(i32 %a0) {
; CHECK-LABEL: @test_ptrauth_call_addr_disc(
; CHECK-NEXT: [[V0:%.*]] = call i32 @f(i32 [[A0:%.*]])
; CHECK-NEXT: ret i32 [[V0]]
;
%v0 = call i32 ptrauth(ptr @f, i32 1, i64 0, ptr @f_addr_disc.ref)(i32 %a0) [ "ptrauth"(i32 1, i64 ptrtoint (ptr @f_addr_disc.ref to i64)) ]
ret i32 %v0
}

@f_both_disc.ref = constant ptr ptrauth(ptr @f, i32 1, i64 1234, ptr @f_both_disc.ref)

define i32 @test_ptrauth_call_blend(i32 %a0) {
; CHECK-LABEL: @test_ptrauth_call_blend(
; CHECK-NEXT: [[V0:%.*]] = call i32 @f(i32 [[A0:%.*]])
; CHECK-NEXT: ret i32 [[V0]]
;
%v = call i64 @llvm.ptrauth.blend(i64 ptrtoint (ptr @f_both_disc.ref to i64), i64 1234)
%v0 = call i32 ptrauth(ptr @f, i32 1, i64 1234, ptr @f_both_disc.ref)(i32 %a0) [ "ptrauth"(i32 1, i64 %v) ]
ret i32 %v0
}

define i64 @test_ptrauth_call_cast(i32 %a0) {
; CHECK-LABEL: @test_ptrauth_call_cast(
; CHECK-NEXT: [[V0:%.*]] = call ptr @f2(i32 [[A0:%.*]])
; CHECK-NEXT: [[TMP1:%.*]] = ptrtoint ptr [[V0]] to i64
; CHECK-NEXT: ret i64 [[TMP1]]
;
%v0 = call i64 ptrauth(ptr @f2, i32 0)(i32 %a0) [ "ptrauth"(i32 0, i64 0) ]
ret i64 %v0
}

define i32 @test_ptrauth_call_mismatch_key(i32 %a0) {
; CHECK-LABEL: @test_ptrauth_call_mismatch_key(
; CHECK-NEXT: [[V0:%.*]] = call i32 ptrauth (ptr @f, i32 1, i64 5678)(i32 [[A0:%.*]]) [ "ptrauth"(i32 0, i64 5678) ]
; CHECK-NEXT: ret i32 [[V0]]
;
%v0 = call i32 ptrauth(ptr @f, i32 1, i64 5678)(i32 %a0) [ "ptrauth"(i32 0, i64 5678) ]
ret i32 %v0
}

define i32 @test_ptrauth_call_mismatch_disc(i32 %a0) {
; CHECK-LABEL: @test_ptrauth_call_mismatch_disc(
; CHECK-NEXT: [[V0:%.*]] = call i32 ptrauth (ptr @f, i32 1, i64 5678)(i32 [[A0:%.*]]) [ "ptrauth"(i32 1, i64 0) ]
; CHECK-NEXT: ret i32 [[V0]]
;
%v0 = call i32 ptrauth(ptr @f, i32 1, i64 5678)(i32 %a0) [ "ptrauth"(i32 1, i64 0) ]
ret i32 %v0
}

define i32 @test_ptrauth_call_mismatch_blend(i32 %a0) {
Copy link
Contributor

@kovdan01 kovdan01 Jun 17, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would probably be nice to have one more test for mismatched blended address discriminator. Now, the address part is the same, and the 16-bit extra discrimination mismatches. It's probably worth testing that when extra discriminators match but address discriminators don't, we also fail.

I'm OK with both adding tests as a part of this PR and submitting a follow-up patch with missing tests if adding them now is too time-consuming or there are other issues preventing that.

; CHECK-LABEL: @test_ptrauth_call_mismatch_blend(
; CHECK-NEXT: [[V:%.*]] = call i64 @llvm.ptrauth.blend(i64 ptrtoint (ptr @f_both_disc.ref to i64), i64 0)
; CHECK-NEXT: [[V0:%.*]] = call i32 ptrauth (ptr @f, i32 1, i64 1234, ptr @f_both_disc.ref)(i32 [[A0:%.*]]) [ "ptrauth"(i32 1, i64 [[V]]) ]
; CHECK-NEXT: ret i32 [[V0]]
;
%v = call i64 @llvm.ptrauth.blend(i64 ptrtoint (ptr @f_both_disc.ref to i64), i64 0)
%v0 = call i32 ptrauth(ptr @f, i32 1, i64 1234, ptr @f_both_disc.ref)(i32 %a0) [ "ptrauth"(i32 1, i64 %v) ]
ret i32 %v0
}

declare i64 @llvm.ptrauth.blend(i64, i64)
Loading