[llvm] r278659 - [Thumb] Validate branch target for CBZ/CBNZ instructions.

Mon Aug 15 11:14:16 PDT 2016

This is now firing on code in brotli (a compression library):
http://crbug.com/637864

How can we avoid this error? Shouldn't LLVM be responsible for relaxing
this into some other code sequence?

On Mon, Aug 15, 2016 at 12:57 AM, Prakhar Bahuguna via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

> Author: prakhar
> Date: Mon Aug 15 02:57:44 2016
> New Revision: 278659
>
> URL: http://llvm.org/viewvc/llvm-project?rev=278659&view=rev
> Log:
> [Thumb] Validate branch target for CBZ/CBNZ instructions.
>
> Summary:
> The assembler currently does not check the branch target for CBZ/CBNZ
> instructions, which only permit branching forwards with a positive offset.
> This
> adds validation for the branch target to ensure negative PC-relative
> offsets are
> not encoded into the instruction, whether specified as a literal or as an
> assembler symbol.
>
> Reviewers: rengolin, t.p.northover
>
> Subscribers: llvm-commits, rengolin
>
> Differential Revision: https://reviews.llvm.org/D23312
>
> Added:
>     llvm/trunk/test/MC/ARM/thumb-cb-negative-offsets.s
> Modified:
>     llvm/trunk/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
>     llvm/trunk/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp
>     llvm/trunk/test/MC/ARM/thumb-diagnostics.s
>
> Modified: llvm/trunk/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Target/
> ARM/AsmParser/ARMAsmParser.cpp?rev=278659&r1=278658&r2=278659&view=diff
> ============================================================
> ==================
> --- llvm/trunk/lib/Target/ARM/AsmParser/ARMAsmParser.cpp (original)
> +++ llvm/trunk/lib/Target/ARM/AsmParser/ARMAsmParser.cpp Mon Aug 15
> 02:57:44 2016
> @@ -6684,6 +6684,12 @@ bool ARMAsmParser::validateInstruction(M
>        return Error(Operands[Op]->getStartLoc(), "branch target out of
> range");
>      break;
>    }
> +  case ARM::tCBZ:
> +  case ARM::tCBNZ: {
> +    if (!static_cast<ARMOperand &>(*Operands[2]).isUnsignedOffset<6,
> 1>())
> +      return Error(Operands[2]->getStartLoc(), "branch target out of
> range");
> +    break;
> +  }
>    case ARM::MOVi16:
>    case ARM::t2MOVi16:
>    case ARM::t2MOVTi16:
>
> Modified: llvm/trunk/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Target/
> ARM/MCTargetDesc/ARMAsmBackend.cpp?rev=278659&
> r1=278658&r2=278659&view=diff
> ============================================================
> ==================
> --- llvm/trunk/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp (original)
> +++ llvm/trunk/lib/Target/ARM/MCTargetDesc/ARMAsmBackend.cpp Mon Aug 15
> 02:57:44 2016
> @@ -578,6 +578,11 @@ unsigned ARMAsmBackend::adjustFixupValue
>      // Offset by 4, and don't encode the low two bits.
>      return ((Value - 4) >> 2) & 0xff;
>    case ARM::fixup_arm_thumb_cb: {
> +    // CB instructions can only branch to offsets in [0, 126] in
> multiples of 2
> +    if (Ctx && ((int64_t)Value < 0 || Value > 0x3e || Value & 1)) {
> +      Ctx->reportError(Fixup.getLoc(), "out of range pc-relative fixup
> value");
> +      return 0;
> +    }
>      // Offset by 4 and don't encode the lower bit, which is always 0.
>      // FIXME: diagnose if no Thumb2
>      uint32_t Binary = (Value - 4) >> 1;
>
> Added: llvm/trunk/test/MC/ARM/thumb-cb-negative-offsets.s
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/MC/
> ARM/thumb-cb-negative-offsets.s?rev=278659&view=auto
> ============================================================
> ==================
> --- llvm/trunk/test/MC/ARM/thumb-cb-negative-offsets.s (added)
> +++ llvm/trunk/test/MC/ARM/thumb-cb-negative-offsets.s Mon Aug 15
> 02:57:44 2016
> @@ -0,0 +1,19 @@
> +@ RUN: not llvm-mc -triple thumbv7m-none-eabi      -filetype=obj -o
> /dev/null %s 2>&1 | FileCheck %s
> +@ RUN: not llvm-mc -triple thumbv8m.base-none-eabi -filetype=obj -o
> /dev/null %s 2>&1 | FileCheck %s
> +
> +label0:
> +  .word 4
> +
> +@ CHECK: out of range pc-relative fixup value
> +  cbz r0, label0
> +@ CHECK: out of range pc-relative fixup value
> +  cbnz r0, label0
> +
> +@ CHECK: out of range pc-relative fixup value
> +  cbz r0, label1
> +@ CHECK: out of range pc-relative fixup value
> +  cbnz r0, label1
> +
> +  .space 1000
> +label1:
> +  .word 4
>
> Modified: llvm/trunk/test/MC/ARM/thumb-diagnostics.s
> URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/test/MC/
> ARM/thumb-diagnostics.s?rev=278659&r1=278658&r2=278659&view=diff
> ============================================================
> ==================
> --- llvm/trunk/test/MC/ARM/thumb-diagnostics.s (original)
> +++ llvm/trunk/test/MC/ARM/thumb-diagnostics.s Mon Aug 15 02:57:44 2016
> @@ -235,6 +235,23 @@ error: invalid operand for instruction
>  @ CHECK-ERRORS: error: branch target out of range
>
>  @-----------------------------------------------------------
> -------------------
> +@ CBZ/CBNZ - out of range immediates for branches
> + at ----------------------------------------------------------
> --------------------
> +
> +        cbz    r0, #-2
> +        cbz    r0, #0
> +        cbz    r0, #17
> +        cbnz   r0, #126
> +        cbnz   r0, #128
> +
> +@ CHECK-ERRORS-V7M: error: branch target out of range
> +@ CHECK-ERRORS-V7M: error: invalid operand for instruction
> +@ CHECK-ERRORS-V7M: error: branch target out of range
> +@ CHECK-ERRORS-V8: error: branch target out of range
> +@ CHECK-ERRORS-V8: error: invalid operand for instruction
> +@ CHECK-ERRORS-V8: error: branch target out of range
> +
> + at ----------------------------------------------------------
> --------------------
>  @ SEV/WFE/WFI/YIELD - are not supported pre v6M or v6T2
>  @-----------------------------------------------------------
> -------------------
>          sev
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160815/8fed4278/attachment.html>