1//===----- X86AvoidTrailingCall.cpp - Insert int3 after trailing calls ----===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// The Windows x64 unwinder decodes the instruction stream during unwinding.
10// The unwinder decodes forward from the current PC to detect epilogue code
11// patterns.
12//
13// First, this means that there must be an instruction after every
14// call instruction for the unwinder to decode. LLVM must maintain the invariant
15// that the last instruction of a function or funclet is not a call, or the
16// unwinder may decode into the next function. Similarly, a call may not
17// immediately precede an epilogue code pattern. As of this writing, the
18// SEH_Epilogue pseudo instruction takes care of that.
19//
20// Second, all non-tail call jump targets must be within the *half-open*
21// interval of the bounds of the function. The unwinder distinguishes between
22// internal jump instructions and tail calls in an epilogue sequence by checking
23// the jump target against the function bounds from the .pdata section. This
24// means that the last regular MBB of an LLVM function must not be empty if
25// there are regular jumps targeting it.
26//
27// This pass upholds these invariants by ensuring that blocks at the end of a
28// function or funclet are a) not empty and b) do not end in a CALL instruction.
29//
30// Unwinder implementation for reference:
31// https://github.com/dotnet/coreclr/blob/a9f3fc16483eecfc47fb79c362811d870be02249/src/unwinder/amd64/unwinder_amd64.cpp#L1015
32//
33//===----------------------------------------------------------------------===//
34
35#include "X86.h"
36#include "X86InstrInfo.h"
37#include "X86Subtarget.h"
38#include "llvm/CodeGen/MachineFunctionPass.h"
39#include "llvm/CodeGen/MachineInstrBuilder.h"
40#include "llvm/IR/Analysis.h"
41#include "llvm/IR/PassManager.h"
42
43#define AVOIDCALL_DESC "X86 avoid trailing call pass"
44#define AVOIDCALL_NAME "x86-avoid-trailing-call"
45
46#define DEBUG_TYPE AVOIDCALL_NAME
47
48using namespace llvm;
49
50namespace {
51class X86AvoidTrailingCallLegacyPass : public MachineFunctionPass {
52public:
53 X86AvoidTrailingCallLegacyPass() : MachineFunctionPass(ID) {}
54
55 bool runOnMachineFunction(MachineFunction &MF) override;
56
57 static char ID;
58
59private:
60 StringRef getPassName() const override { return AVOIDCALL_DESC; }
61};
62} // end anonymous namespace
63
64char X86AvoidTrailingCallLegacyPass::ID = 0;
65
66FunctionPass *llvm::createX86AvoidTrailingCallLegacyPass() {
67 return new X86AvoidTrailingCallLegacyPass();
68}
69
70INITIALIZE_PASS(X86AvoidTrailingCallLegacyPass, AVOIDCALL_NAME, AVOIDCALL_DESC,
71 false, false)
72
73// A real instruction is a non-meta, non-pseudo instruction. Some pseudos
74// expand to nothing, and some expand to code. This logic conservatively assumes
75// they might expand to nothing.
76static bool isCallOrRealInstruction(MachineInstr &MI) {
77 return MI.isCall() || (!MI.isPseudo() && !MI.isMetaInstruction());
78}
79
80// Return true if this is a call instruction, but not a tail call.
81static bool isCallInstruction(const MachineInstr &MI) {
82 return MI.isCall() && !MI.isReturn();
83}
84
85bool UpdatedOnX86AvoidTrailingCallPass(MachineFunction &MF) {
86 const X86Subtarget &STI = MF.getSubtarget<X86Subtarget>();
87 const X86InstrInfo &TII = *STI.getInstrInfo();
88 assert(STI.isTargetWin64() && "pass only runs on Win64");
89
90 // We don't need to worry about any of the invariants described above if there
91 // is no unwind info (CFI).
92 if (!MF.hasWinCFI())
93 return false;
94
95 // FIXME: Perhaps this pass should also replace SEH_Epilogue by inserting nops
96 // before epilogues.
97
98 bool Changed = false;
99 for (MachineBasicBlock &MBB : MF) {
100 // Look for basic blocks that precede funclet entries or are at the end of
101 // the function.
102 MachineBasicBlock *NextMBB = MBB.getNextNode();
103 if (NextMBB && !NextMBB->isEHFuncletEntry())
104 continue;
105
106 // Find the last real instruction in this block.
107 auto LastRealInstr = llvm::find_if(Range: reverse(C&: MBB), P: isCallOrRealInstruction);
108
109 // If the block is empty or the last real instruction is a call instruction,
110 // insert an int3. If there is a call instruction, insert the int3 between
111 // the call and any labels or other meta instructions. If the block is
112 // empty, insert at block end.
113 bool IsEmpty = LastRealInstr == MBB.rend();
114 bool IsCall = !IsEmpty && isCallInstruction(MI: *LastRealInstr);
115 if (IsEmpty || IsCall) {
116 LLVM_DEBUG({
117 if (IsCall) {
118 dbgs() << "inserting int3 after trailing call instruction:\n";
119 LastRealInstr->dump();
120 dbgs() << '\n';
121 } else {
122 dbgs() << "inserting int3 in trailing empty MBB:\n";
123 MBB.dump();
124 }
125 });
126
127 MachineBasicBlock::iterator MBBI = MBB.end();
128 DebugLoc DL;
129 if (IsCall) {
130 MBBI = std::next(x: LastRealInstr.getReverse());
131 DL = LastRealInstr->getDebugLoc();
132 }
133 BuildMI(BB&: MBB, I: MBBI, MIMD: DL, MCID: TII.get(Opcode: X86::INT3));
134 Changed = true;
135 }
136 }
137
138 return Changed;
139}
140
141bool X86AvoidTrailingCallLegacyPass::runOnMachineFunction(MachineFunction &MF) {
142 return UpdatedOnX86AvoidTrailingCallPass(MF);
143}
144
145PreservedAnalyses
146X86AvoidTrailingCallPass::run(MachineFunction &MF,
147 MachineFunctionAnalysisManager &MFAM) {
148 bool Changed = UpdatedOnX86AvoidTrailingCallPass(MF);
149 if (!Changed)
150 return PreservedAnalyses::all();
151
152 return getMachineFunctionPassPreservedAnalyses().preserveSet<CFGAnalyses>();
153}
154