| blob | b9dc9c10cbbc5a08df52be70fbeba36da39d2996 |
1 /* tc-i386-ginsn.c -- Ginsn generation for the x86-64 ISA
3 Copyright (C) 2024 Free Software Foundation, Inc.
5 This file is part of GAS.
7 GAS is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the license, or
10 (at your option) any later version.
12 GAS is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; see the file COPYING3. If not,
19 see <http://www.gnu.org/licenses/>. */
21 /* This file contains the implementation of the ginsn creation for x86-64
22 instructions. */
24 /* DWARF register number for EFLAGS. Used for pushf/popf insns. */
25 #define GINSN_DW2_REGNUM_EFLAGS 49
26 /* DWARF register number for RSI. Used as dummy value when RegIP/RegIZ. */
27 #define GINSN_DW2_REGNUM_RSI_DUMMY 4
29 /* Identify the callee-saved registers in System V AMD64 ABI. */
31 bool
33 {
41 }
43 /* Check whether an instruction prefix which affects operation size
44 accompanies. For insns in the legacy space, setting REX.W takes precedence
45 over the operand-size prefix (66H) when both are used.
47 The current users of this API are in the handlers for PUSH, POP or other
48 instructions which affect the stack pointer implicitly: the operation size
49 (16, 32, or 64 bits) determines the amount by which the stack pointer is
50 incremented / decremented (2, 4 or 8). */
52 static bool
54 {
56 }
58 /* Get the DWARF register number for the given register entry.
59 For specific byte/word/dword register accesses like al, cl, ah, ch, r8d,
60 r20w etc., we need to identify the DWARF register number for the
61 corresponding 8-byte GPR.
63 This function is a hack - it relies on relative ordering of reg entries in
64 the i386_regtab. FIXME - it will be good to allow a more direct way to get
65 this information. */
67 static unsigned int
69 {
73 /* ginsn creation is available for AMD64 abi only ATM. Other flag_code
74 are not expected. */
77 /* Watch out for RegIP, RegIZ. These are expected to appear only with
78 base/index addressing modes. Although creating inaccurate data
79 dependencies, using a dummy value (lets say volatile register rsi) will
80 not hurt SCFI. TBD_GINSN_GEN_NOT_SCFI. */
87 {
89 /* For al, cl, dl, bl, bump over to axl, cxl, dxl, bxl respectively by
90 adding 8. */
93 /* For ah, ch, dh, bh, bump over to axl, cxl, dxl, bxl respectively by
94 adding 4. */
96 else
97 {
98 /* The code relies on the relative ordering of the reg entries in
99 i386_regtab. There are 32 register entries between axl-r31b,
100 ax-r31w etc. The assertions here ensures the code does not
101 recurse indefinitely. */
107 }
110 }
112 /* Sanity check - failure may indicate state corruption, bad ginsn or
113 perhaps the i386-reg table and the current function got out of sync. */
117 }
121 {
135 /* op %reg, symbol or even other cases where destination involves indirect
136 access are unnecessary for SCFI correctness. TBD_GINSN_GEN_NOT_SCFI. */
140 /* Skip detection of 8/16/32-bit op size; 'add/sub reg, reg/mem' ops always
141 make the dest reg untraceable for SCFI. */
143 /* op reg, reg/mem. */
145 /* Of interest only when second opnd is not memory. */
147 {
154 }
157 }
161 {
177 /* op symbol, %reg. */
181 /* Skip detection of 8/16/32-bit op size; 'add/sub reg/mem, reg' ops always
182 make the dest reg untraceable for SCFI. */
184 /* op reg/mem, %reg. */
188 {
195 }
197 {
207 }
210 }
214 {
215 offsetT src_imm;
226 /* FIXME - create ginsn where dest is REG_SP / REG_FP only ? */
227 /* Map for insn.tm.extension_opcode
228 000 ADD 100 AND
229 001 OR 101 SUB
230 010 ADC 110 XOR
231 011 SBB 111 CMP */
233 /* add/sub/and imm, %reg only at this time for SCFI.
234 Although all three ('and', 'or' , 'xor') make the destination reg
235 untraceable, 'and' op is handled but not 'or' / 'xor' because we will look
236 into supporting the DRAP pattern at some point. Other opcodes ('adc',
237 'sbb' and 'cmp') are not generated here either. The ginsn representation
238 does not have support for the latter three opcodes; GINSN_TYPE_OTHER may
239 be added for these after x86_ginsn_unhandled () invocation if the
240 destination register is REG_SP or REG_FP. */
247 else
250 /* TBD_GINSN_REPRESENTATION_LIMIT: There is no representation for when a
251 symbol is used as an operand, like so:
252 addq $simd_cmp_op+8, %rdx
253 Skip generating any ginsn for this. */
258 /* addq $1, symbol
259 addq $1, -16(%rbp)
260 These are not of interest for SCFI. Also, TBD_GINSN_GEN_NOT_SCFI. */
264 /* 8/16/32-bit op size makes the destination reg untraceable for SCFI.
265 Deal with this via the x86_ginsn_unhandled () code path. */
271 /* The second operand may be a register or indirect access. For SCFI, only
272 the case when the second opnd is a register is interesting. Revisit this
273 if generating ginsns for a different gen mode TBD_GINSN_GEN_NOT_SCFI. */
275 {
277 /* For ginsn, keep the imm as second src operand. */
284 }
287 }
289 /* Create ginsn(s) for MOV operations.
291 The generated ginsns corresponding to mov with indirect access to memory
292 (src or dest) suffer with loss of information: when both index and base
293 registers are at play, only base register gets conveyed in ginsn. Note
294 this TBD_GINSN_GEN_NOT_SCFI. */
298 {
310 /* mov %reg, symbol or mov symbol, %reg.
311 Not of interest for SCFI. Also, TBD_GINSN_GEN_NOT_SCFI. */
315 /* 8/16/32-bit op size makes the destination reg untraceable for SCFI.
316 Handle mov reg, reg only. mov to or from a memory operand will make
317 dest reg, when present, untraceable, irrespective of the op size. */
323 {
324 /* mov disp(%reg), %reg. */
326 {
331 }
332 else
336 }
338 {
339 /* mov %reg, disp(%reg). */
342 {
347 }
348 else
350 }
361 }
363 /* Generate appropriate ginsn for lea.
365 Unhandled sub-cases (marked with TBD_GINSN_GEN_NOT_SCFI) also suffer with
366 some loss of information in the final ginsn chosen eventually (type
367 GINSN_TYPE_OTHER). But this is fine for now for GINSN_GEN_SCFI generation
368 mode. */
372 {
377 offsetT index_scale;
382 {
383 /* lea disp(%base), %dst or lea disp(,%index,imm), %dst.
384 Either index_reg or base_reg exists, but not both. Further, as per
385 above, the case when just %index exists but is equal to RegIZ is
386 excluded. If not excluded, a GINSN_TYPE_MOV of %rsi
387 (GINSN_DW2_REGNUM_RSI_DUMMY) to %dst will be generated by this block.
388 Such a mov ginsn is imprecise; so, exclude now and generate
389 GINSN_TYPE_OTHER instead later via the x86_ginsn_unhandled ().
390 Excluding other cases is required due to
391 TBD_GINSN_REPRESENTATION_LIMIT. */
398 /* It makes sense to represent a scale factor of 1 precisely here
399 (i.e., not using GINSN_TYPE_OTHER, but rather similar to the
400 base-without-index case). A non-zero scale factor is still OK if
401 the index reg is zero reg.
402 However, skip from here the case when disp has a symbol instead.
403 TBD_GINSN_REPRESENTATION_LIMIT. */
406 {
411 /* Generate an ADD ginsn. */
416 else
417 /* Generate a MOV ginsn. */
423 }
424 }
425 /* Skip handling other cases here,
426 - when (i.index_reg && i.base_reg) is true,
427 e.g., lea disp(%base,%index,imm), %dst
428 We do not have a ginsn representation for multiply.
429 - or, when (!i.index_reg && !i.base_reg) is true,
430 e.g., lea symbol, %dst
431 Not a frequent pattern. If %dst is a register of interest, the user is
432 likely to use a MOV op anyway.
433 Deal with these via the x86_ginsn_unhandled () code path to generate
434 GINSN_TYPE_OTHER when necessary. TBD_GINSN_GEN_NOT_SCFI. */
437 }
441 {
452 {
458 }
459 else
460 {
461 /* A non-zero addend in jump/JCC target makes control-flow tracking
462 difficult. Skip SCFI for now. */
466 }
469 }
473 {
482 /* Other cases are not expected. */
486 /* 0xFF /4 (jmp r/m). */
489 /* 0xFF /2 (call r/m). */
493 {
498 }
500 {
501 /* Handle jump/call near, absolute indirect, address.
502 E.g., jmp/call *imm(%rN), jmp/call *sym(,%rN,imm)
503 or jmp/call *sym(%rN) etc. */
505 /* Generate a ginsn, even if it is with TBD_GINSN_INFO_LOSS. Otherwise,
506 the user gets the impression of missing functionality due to this
507 being a COFI and alerted for via the x86_ginsn_unhandled () workflow
508 as unhandled operation (which can be misleading for users).
510 Indirect branches make the code block ineligible for SCFI; Hence, an
511 approximate ginsn will not affect SCFI correctness:
512 - Use dummy register if no base or index
513 - Skip symbol information, if any.
514 Note this case of TBD_GINSN_GEN_NOT_SCFI. */
515 dw2_regnum = (mem_reg
521 }
524 }
528 {
532 /* In 64-bit mode, the default stack update size is 8 bytes. */
537 /* For non-zero size operands, bail out as untraceable for SCFI. */
540 {
543 }
545 /* Check if this is a 16-bit op. */
549 /* If the nesting level is 0, the processor pushes the frame pointer from
550 the BP/EBP/RBP register onto the stack, copies the current stack
551 pointer from the SP/ESP/RSP register into the BP/EBP/RBP register, and
552 loads the SP/ESP/RSP register with the current stack-pointer value
553 minus the value in the size operand. */
571 }
575 {
579 /* In 64-bit mode, the default stack update size is 8 bytes. */
582 /* Check if this is a 16-bit op. */
586 /* The 'leave' instruction copies the contents of the RBP register
587 into the RSP register to release all stack space allocated to the
588 procedure. */
593 /* Then it restores the old value of the RBP register from the stack. */
607 }
609 /* Check if an instruction is whitelisted.
611 Some instructions may appear with REG_SP or REG_FP as destination, because
612 which they are deemed 'interesting' for SCFI. Whitelist them here if they
613 do not affect SCFI correctness. */
615 static bool
617 {
622 {
628 /* cmp imm, reg/rem. */
639 /* cmp imm/reg/mem, reg/rem. */
647 /* test imm/reg/mem, reg/mem. */
655 }
658 }
660 #define X86_GINSN_UNHANDLED_NONE 0
661 #define X86_GINSN_UNHANDLED_DEST_REG 1
662 #define X86_GINSN_UNHANDLED_CFG 2
663 #define X86_GINSN_UNHANDLED_STACKOP 3
664 #define X86_GINSN_UNHANDLED_UNEXPECTED 4
666 /* Check the input insn for its impact on the correctness of the synthesized
667 CFI. Returns an error code to the caller. */
669 static int
671 {
676 /* Keep an eye out for instructions affecting control flow. */
679 /* Also, for any instructions involving an implicit update to the stack
680 pointer. */
683 /* Finally, also check if the missed instructions are affecting REG_SP or
684 REG_FP. The destination operand is the last at all stages of assembly
685 (due to following AT&T syntax layout in the internal representation). In
686 case of Intel syntax input, this still remains true as swap_operands ()
687 is done by now.
688 PS: These checks do not involve index / base reg, as indirect memory
689 accesses via REG_SP or REG_FP do not affect SCFI correctness.
690 (Also note these instructions are candidates for other ginsn generation
691 modes in future. TBD_GINSN_GEN_NOT_SCFI.) */
694 {
697 {
701 }
702 else
703 /* Something unexpected. Indicate to caller. */
705 }
708 }
710 /* Generate one or more generic GAS instructions, a.k.a, ginsns for the current
711 machine instruction.
713 Returns the head of linked list of ginsn(s) added, if success; Returns NULL
714 if failure.
716 The input ginsn_gen_mode GMODE determines the set of minimal necessary
717 ginsns necessary for correctness of any passes applicable for that mode.
718 For supporting the GINSN_GEN_SCFI generation mode, following is the list of
719 machine instructions that must be translated into the corresponding ginsns
720 to ensure correctness of SCFI:
721 - All instructions affecting the two registers that could potentially
722 be used as the base register for CFA tracking. For SCFI, the base
723 register for CFA tracking is limited to REG_SP and REG_FP only for
724 now.
725 - All change of flow instructions: conditional and unconditional branches,
726 call and return from functions.
727 - All instructions that can potentially be a register save / restore
728 operation.
729 - All instructions that perform stack manipulation implicitly: the CALL,
730 RET, PUSH, POP, ENTER, and LEAVE instructions.
732 The function currently supports GINSN_GEN_SCFI ginsn generation mode only.
733 To support other generation modes will require work on this target-specific
734 process of creation of ginsns:
735 - Some of such places are tagged with TBD_GINSN_GEN_NOT_SCFI to serve as
736 possible starting points.
737 - Also note that ginsn representation may need enhancements. Specifically,
738 note some TBD_GINSN_INFO_LOSS and TBD_GINSN_REPRESENTATION_LIMIT markers.
739 */
743 {
750 /* In 64-bit mode, the default stack update size is 8 bytes. */
753 /* Currently supports generation of selected ginsns, sufficient for
754 the use-case of SCFI only. */
760 /* Until it is clear how to handle APX NDD and other new opcodes, disallow
761 them from SCFI. */
764 {
766 opcode);
768 }
771 {
773 /* Add opcodes 0x0/0x2 and sub opcodes 0x28/0x2a (with opcode_space
774 SPACE_BASE) are 8-bit ops. While they are relevant for SCFI
775 correctness, skip handling them here and use the x86_ginsn_unhandled
776 code path to generate GINSN_TYPE_OTHER when necessary. */
794 /* push fs / push gs have opcode_space == SPACE_0F. */
798 /* Check if operation size is 16-bit. */
815 /* pop fs / pop gs have opcode_space == SPACE_0F. */
819 /* Check if operation size is 16-bit. */
837 /* push reg. */
839 /* Check if operation size is 16-bit. */
857 /* pop reg. */
863 /* Check if operation size is 16-bit. */
878 /* Check if operation size is 16-bit. */
881 /* Skip getting the value of imm from machine instruction
882 because this is not important for SCFI. */
895 /* PS: Opcodes 0x80 ... 0x8f with opcode_space SPACE_0F are present
896 only after relaxation. They do not need to be handled for ginsn
897 creation. */
924 /* lea disp(%base,%index,imm), %dst. */
931 /* pop to reg/mem. */
933 {
935 /* Use dummy register if no base or index. Unlike other opcodes,
936 ginsns must be generated as this affect stack pointer. */
937 dw2_regnum = (mem_reg
940 }
941 else
947 /* Check if operation size is 16-bit. */
961 /* pushf / pushfq. */
962 /* Check if operation size is 16-bit. */
970 /* FIXME - hardcode the actual DWARF reg number value. As for SCFI
971 correctness, although this behaves simply a placeholder value; its
972 just clearer if the value is correct. */
984 /* popf / popfq. */
985 /* Check if operation size is 16-bit. */
988 /* FIXME - hardcode the actual DWARF reg number value. As for SCFI
989 correctness, although this behaves simply a placeholder value; its
990 just clearer if the value is correct. */
1007 /* push from reg/mem. */
1009 {
1010 /* Check if operation size is 16-bit. */
1019 {
1021 /* Use dummy register if no base or index. Unlike other opcodes,
1022 ginsns must be generated as this affect stack pointer. */
1023 dw2_regnum = (mem_reg
1026 }
1027 else
1034 }
1043 /* Near ret. */
1051 /* enter. */
1058 /* leave. */
1073 /* PS: SCFI machinery does not care about which func is being
1074 called. OK to skip that info. */
1080 /* PS: opcode 0xe9 appears only after relaxation. Skip here. */
1082 /* If opcode_space != SPACE_BASE, this is not a jmp insn. Skip it
1083 for GINSN_GEN_SCFI. */
1086 /* Unconditional jmp. */
1092 /* TBD_GINSN_GEN_NOT_SCFI: Skip all other opcodes uninteresting for
1093 GINSN_GEN_SCFI mode. */
1095 }
1098 {
1099 /* For all unhandled insns that are not whitelisted, check that they do
1100 not impact SCFI correctness. */
1103 {
1107 /* Not all writes to REG_FP are harmful in context of SCFI. Simply
1108 generate a GINSN_TYPE_OTHER with destination set to the
1109 appropriate register. The SCFI machinery will bail out if this
1110 ginsn affects SCFI correctness. */
1124 opcode);
1129 }
1130 }
1133 }