[clang] [RISCV] Implement shadow stack on shadow stack mode with Zicfiss. (PR #68075)
Yeting Kuo via cfe-commits
cfe-commits at lists.llvm.org
Sun Oct 15 23:20:46 PDT 2023
https://github.com/yetingk updated https://github.com/llvm/llvm-project/pull/68075
>From 91bb1d9884276a37f93515a648aa6ece353fdc70 Mon Sep 17 00:00:00 2001
From: Yeting Kuo <yeting.kuo at sifive.com>
Date: Tue, 12 Sep 2023 12:28:00 +0800
Subject: [PATCH 1/5] [RISCV] Add MC layer support for Zicfiss.
The patch adds the instructions in Zicfiss extension. Zicfiss extension is
to support shadow stack for control flow integrity.
Differential Revision: https://reviews.llvm.org/D152793
---
.../test/Preprocessor/riscv-target-features.c | 9 ++
llvm/docs/RISCVUsage.rst | 3 +
llvm/lib/Support/RISCVISAInfo.cpp | 2 +
.../RISCV/Disassembler/RISCVDisassembler.cpp | 29 +++++
llvm/lib/Target/RISCV/RISCVFeatures.td | 7 ++
llvm/lib/Target/RISCV/RISCVInstrInfo.td | 9 +-
.../lib/Target/RISCV/RISCVInstrInfoZicfiss.td | 86 +++++++++++++++
llvm/lib/Target/RISCV/RISCVRegisterInfo.cpp | 3 +
llvm/lib/Target/RISCV/RISCVRegisterInfo.td | 9 ++
llvm/test/MC/RISCV/attribute-arch.s | 3 +
llvm/test/MC/RISCV/rv32zicfiss-invalid.s | 20 ++++
llvm/test/MC/RISCV/rv32zicfiss-valid.s | 103 ++++++++++++++++++
llvm/test/MC/RISCV/rv64zicfiss-invalid.s | 20 ++++
llvm/test/MC/RISCV/rv64zicfiss-valid.s | 103 ++++++++++++++++++
14 files changed, 402 insertions(+), 4 deletions(-)
create mode 100644 llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td
create mode 100644 llvm/test/MC/RISCV/rv32zicfiss-invalid.s
create mode 100644 llvm/test/MC/RISCV/rv32zicfiss-valid.s
create mode 100644 llvm/test/MC/RISCV/rv64zicfiss-invalid.s
create mode 100644 llvm/test/MC/RISCV/rv64zicfiss-valid.s
diff --git a/clang/test/Preprocessor/riscv-target-features.c b/clang/test/Preprocessor/riscv-target-features.c
index 02b67dc7944ba88..163eba81543ee5b 100644
--- a/clang/test/Preprocessor/riscv-target-features.c
+++ b/clang/test/Preprocessor/riscv-target-features.c
@@ -113,6 +113,7 @@
// CHECK-NOT: __riscv_zfa {{.*$}}
// CHECK-NOT: __riscv_zfbfmin {{.*$}}
// CHECK-NOT: __riscv_zicfilp {{.*$}}
+// CHECK-NOT: __riscv_zicfiss {{.*$}}
// CHECK-NOT: __riscv_zicond {{.*$}}
// CHECK-NOT: __riscv_ztso {{.*$}}
// CHECK-NOT: __riscv_zvbb {{.*$}}
@@ -1220,3 +1221,11 @@
// RUN: -march=rv64i_zve32x_zvkt1p0 -x c -E -dM %s \
// RUN: -o - | FileCheck --check-prefix=CHECK-ZVKT-EXT %s
// CHECK-ZVKT-EXT: __riscv_zvkt 1000000{{$}}
+
+// RUN: %clang -target riscv32 -menable-experimental-extensions \
+// RUN: -march=rv32izicfiss0p3 -x c -E -dM %s \
+// RUN: -o - | FileCheck --check-prefix=CHECK-ZICFISS-EXT %s
+// RUN: %clang -target riscv64 -menable-experimental-extensions \
+// RUN: -march=rv64izicfiss0p3 -x c -E -dM %s \
+// RUN: -o - | FileCheck --check-prefix=CHECK-ZICFISS-EXT %s
+// CHECK-ZICFISS-EXT: __riscv_zicfiss 3000{{$}}
diff --git a/llvm/docs/RISCVUsage.rst b/llvm/docs/RISCVUsage.rst
index 8d12d58738c609a..31c55def0a7694a 100644
--- a/llvm/docs/RISCVUsage.rst
+++ b/llvm/docs/RISCVUsage.rst
@@ -205,6 +205,9 @@ The primary goal of experimental support is to assist in the process of ratifica
``experimental-zicfilp``
LLVM implements the `0.2 draft specification <https://github.com/riscv/riscv-cfi/releases/tag/v0.2.0>`__.
+``experimental-zicfiss``
+ LLVM implements the `0.3.1 draft specification <https://github.com/riscv/riscv-cfi/releases/tag/v0.3.1>`__.
+
``experimental-zicond``
LLVM implements the `1.0-rc1 draft specification <https://github.com/riscv/riscv-zicond/releases/tag/v1.0-rc1>`__.
diff --git a/llvm/lib/Support/RISCVISAInfo.cpp b/llvm/lib/Support/RISCVISAInfo.cpp
index a02c9842e85839a..c414b62c5f31092 100644
--- a/llvm/lib/Support/RISCVISAInfo.cpp
+++ b/llvm/lib/Support/RISCVISAInfo.cpp
@@ -170,6 +170,8 @@ static const RISCVSupportedExtension SupportedExperimentalExtensions[] = {
{"zfbfmin", RISCVExtensionVersion{0, 8}},
{"zicfilp", RISCVExtensionVersion{0, 2}},
+ {"zicfiss", RISCVExtensionVersion{0, 3}},
+
{"zicond", RISCVExtensionVersion{1, 0}},
{"ztso", RISCVExtensionVersion{0, 1}},
diff --git a/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp b/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
index d561d90d3088c1a..14b3122f0fecbdb 100644
--- a/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
+++ b/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
@@ -74,6 +74,17 @@ static DecodeStatus DecodeGPRRegisterClass(MCInst &Inst, uint32_t RegNo,
return MCDisassembler::Success;
}
+static DecodeStatus DecodeGPRRARegisterClass(MCInst &Inst, uint32_t RegNo,
+ uint64_t Address,
+ const MCDisassembler *Decoder) {
+ MCRegister Reg = RISCV::X0 + RegNo;
+ if (Reg != RISCV::X1 && Reg != RISCV::X5)
+ return MCDisassembler::Fail;
+
+ Inst.addOperand(MCOperand::createReg(Reg));
+ return MCDisassembler::Success;
+}
+
static DecodeStatus DecodeFPR16RegisterClass(MCInst &Inst, uint32_t RegNo,
uint64_t Address,
const MCDisassembler *Decoder) {
@@ -370,6 +381,10 @@ static DecodeStatus decodeZcmpRlist(MCInst &Inst, unsigned Imm,
static DecodeStatus decodeZcmpSpimm(MCInst &Inst, unsigned Imm,
uint64_t Address, const void *Decoder);
+static DecodeStatus decodeCSSPushPopchk(MCInst &Inst, uint32_t Insn,
+ uint64_t Address,
+ const MCDisassembler *Decoder);
+
#include "RISCVGenDisassemblerTables.inc"
static DecodeStatus decodeRVCInstrRdRs1ImmZero(MCInst &Inst, uint32_t Insn,
@@ -384,6 +399,16 @@ static DecodeStatus decodeRVCInstrRdRs1ImmZero(MCInst &Inst, uint32_t Insn,
return MCDisassembler::Success;
}
+static DecodeStatus decodeCSSPushPopchk(MCInst &Inst, uint32_t Insn,
+ uint64_t Address,
+ const MCDisassembler *Decoder) {
+ uint32_t Rs1 = fieldFromInstruction(Insn, 7, 5);
+ DecodeStatus Result = DecodeGPRRARegisterClass(Inst, Rs1, Address, Decoder);
+ (void)Result;
+ assert(Result == MCDisassembler::Success && "Invalid register");
+ return MCDisassembler::Success;
+}
+
static DecodeStatus decodeRVCInstrRdSImm(MCInst &Inst, uint32_t Insn,
uint64_t Address,
const MCDisassembler *Decoder) {
@@ -527,6 +552,10 @@ DecodeStatus RISCVDisassembler::getInstruction(MCInst &MI, uint64_t &Size,
"RV32Zdinx table (Double in Integer and rv32)");
TRY_TO_DECODE_FEATURE(RISCV::FeatureStdExtZfinx, DecoderTableRVZfinx32,
"RVZfinx table (Float in Integer)");
+ TRY_TO_DECODE(STI.hasFeature(RISCV::FeatureStdExtZicfiss) &&
+ !STI.hasFeature(RISCV::Feature64Bit),
+ DecoderTableRV32Zicfiss32,
+ "RV32Zicfiss table (Shadow stack and rv32)");
TRY_TO_DECODE_FEATURE(RISCV::FeatureVendorXVentanaCondOps,
DecoderTableXVentana32, "Ventana custom opcode table");
TRY_TO_DECODE_FEATURE(RISCV::FeatureVendorXTHeadBa, DecoderTableXTHeadBa32,
diff --git a/llvm/lib/Target/RISCV/RISCVFeatures.td b/llvm/lib/Target/RISCV/RISCVFeatures.td
index 6381263b37613b3..286320c6c52eb12 100644
--- a/llvm/lib/Target/RISCV/RISCVFeatures.td
+++ b/llvm/lib/Target/RISCV/RISCVFeatures.td
@@ -79,6 +79,13 @@ def HasStdExtZihintntl : Predicate<"Subtarget->hasStdExtZihintntl()">,
AssemblerPredicate<(all_of FeatureStdExtZihintntl),
"'Zihintntl' (Non-Temporal Locality Hints)">;
+def FeatureStdExtZicfiss
+ : SubtargetFeature<"experimental-zicfiss", "HasStdExtZicfiss", "true",
+ "'Zicfiss' (Shadow stack)">;
+def HasStdExtZicfiss : Predicate<"Subtarget->hasStdExtZicfiss()">,
+ AssemblerPredicate<(all_of FeatureStdExtZicfiss),
+ "'Zicfiss' (Shadow stack)">;
+
def FeatureStdExtZifencei
: SubtargetFeature<"zifencei", "HasStdExtZifencei", "true",
"'Zifencei' (fence.i)">;
diff --git a/llvm/lib/Target/RISCV/RISCVInstrInfo.td b/llvm/lib/Target/RISCV/RISCVInstrInfo.td
index 582fe60fd0368e9..e6a8ba1fe2fc17d 100644
--- a/llvm/lib/Target/RISCV/RISCVInstrInfo.td
+++ b/llvm/lib/Target/RISCV/RISCVInstrInfo.td
@@ -1970,14 +1970,15 @@ include "RISCVInstrInfoZk.td"
include "RISCVInstrInfoV.td"
include "RISCVInstrInfoZvk.td"
-// Integer
-include "RISCVInstrInfoZicbo.td"
-include "RISCVInstrInfoZicond.td"
-
// Compressed
include "RISCVInstrInfoC.td"
include "RISCVInstrInfoZc.td"
+// Integer
+include "RISCVInstrInfoZicbo.td"
+include "RISCVInstrInfoZicond.td"
+include "RISCVInstrInfoZicfiss.td"
+
//===----------------------------------------------------------------------===//
// Vendor extensions
//===----------------------------------------------------------------------===//
diff --git a/llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td b/llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td
new file mode 100644
index 000000000000000..f787a260a8ca9da
--- /dev/null
+++ b/llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td
@@ -0,0 +1,86 @@
+//===------ RISCVInstrInfoZicfiss.td - RISC-V Zicfiss -*- tablegen -*------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+//===----------------------------------------------------------------------===//
+// Instruction class templates
+//===----------------------------------------------------------------------===//
+
+class RVC_SSInst<bits<5> rs1val, RegisterClass reg_class, string opcodestr> :
+ RVInst16<(outs), (ins reg_class:$rs1), opcodestr, "$rs1", [], InstFormatOther> {
+ let Inst{15-13} = 0b011;
+ let Inst{12} = 0;
+ let Inst{11-7} = rs1val;
+ let Inst{6-2} = 0b00000;
+ let Inst{1-0} = 0b01;
+ let DecoderMethod = "decodeCSSPushPopchk";
+}
+
+//===----------------------------------------------------------------------===//
+// Instructions
+//===----------------------------------------------------------------------===//
+
+let Uses = [SSP], hasSideEffects = 0, mayLoad = 1, mayStore = 0 in {
+let DecoderNamespace = "RV32Zicfiss", Predicates = [HasStdExtZicfiss, IsRV32] in
+def SSLW : RVInstI<0b100, OPC_SYSTEM, (outs GPRRA:$rd), (ins), "sslw", "$rd"> {
+ let rs1 = 0;
+ let imm12 = 0b100000011100;
+}
+
+let Predicates = [HasStdExtZicfiss, IsRV64] in
+def SSLD : RVInstI<0b100, OPC_SYSTEM, (outs GPRRA:$rd), (ins), "ssld", "$rd"> {
+ let rs1 = 0;
+ let imm12 = 0b100000011100;
+}
+} // Uses = [SSP], hasSideEffects = 0, mayLoad = 1, mayStore = 0
+
+let Predicates = [HasStdExtZicfiss] in {
+let Uses = [SSP], hasSideEffects = 0, mayLoad = 1, mayStore = 0 in
+def SSPOPCHK : RVInstI<0b100, OPC_SYSTEM, (outs), (ins GPRRA:$rs1), "sspopchk",
+ "$rs1"> {
+ let rd = 0;
+ let imm12 = 0b100000011100;
+} // Uses = [SSP], hasSideEffects = 0, mayLoad = 1, mayStore = 0
+
+let Uses = [SSP], hasSideEffects = 0, mayLoad = 0, mayStore = 0 in {
+def SSINCP : RVInstI<0b100, OPC_SYSTEM, (outs), (ins), "ssincp", ""> {
+ let imm12 = 0b100000011100;
+ let rs1 = 0b00000;
+ let rd = 0b00000;
+}
+
+def SSRDP : RVInstI<0b100, OPC_SYSTEM, (outs GPRNoX0:$rd), (ins), "ssrdp", "$rd"> {
+ let imm12 = 0b100000011101;
+ let rs1 = 0b00000;
+}
+} // Uses = [SSP], hasSideEffects = 0, mayLoad = 0, mayStore = 0
+
+let Uses = [SSP], Defs = [SSP], hasSideEffects = 0, mayLoad = 0, mayStore = 1 in
+def SSPUSH : RVInstR<0b1000001, 0b100, OPC_SYSTEM, (outs), (ins GPRRA:$rs2),
+ "sspush", "$rs2"> {
+ let rd = 0b00000;
+ let rs1 = 0b00000;
+}
+} // Predicates = [HasStdExtZicfiss]
+
+let Predicates = [HasStdExtZicfiss, HasStdExtCOrZca] in {
+let Uses = [SSP], Defs = [SSP], hasSideEffects = 0, mayLoad = 0, mayStore = 1 in
+def C_SSPUSH : RVC_SSInst<0b00001, GPRX1, "c.sspush">;
+
+let Uses = [SSP], Defs = [SSP], hasSideEffects = 0, mayLoad = 0, mayStore = 1 in
+def C_SSPOPCHK : RVC_SSInst<0b00101, GPRX5, "c.sspopchk">;
+} // Predicates = [HasStdExtZicfiss, HasStdExtCOrZca]
+
+let Predicates = [HasStdExtZicfiss, HasStdExtC], Uses = [SSP], Defs = [SSP],
+ hasSideEffects = 0, mayLoad = 0, mayStore = 0 in
+def C_SSINCP : RVInst16<(outs), (ins), "c.ssincp", "", [], InstFormatOther> {
+ let Inst{15-13} = 0b011;
+ let Inst{12} = 0;
+ let Inst{11-7} = 0b00011;
+ let Inst{6-2} = 0b00000;
+ let Inst{1-0} = 0b01;
+}
diff --git a/llvm/lib/Target/RISCV/RISCVRegisterInfo.cpp b/llvm/lib/Target/RISCV/RISCVRegisterInfo.cpp
index 3e44cf4781f643c..7934da40ac4aadc 100644
--- a/llvm/lib/Target/RISCV/RISCVRegisterInfo.cpp
+++ b/llvm/lib/Target/RISCV/RISCVRegisterInfo.cpp
@@ -119,6 +119,9 @@ BitVector RISCVRegisterInfo::getReservedRegs(const MachineFunction &MF) const {
markSuperRegs(Reserved, RISCV::FRM);
markSuperRegs(Reserved, RISCV::FFLAGS);
+ // Shadow stack pointer.
+ markSuperRegs(Reserved, RISCV::SSP);
+
assert(checkAllSuperRegsMarked(Reserved));
return Reserved;
}
diff --git a/llvm/lib/Target/RISCV/RISCVRegisterInfo.td b/llvm/lib/Target/RISCV/RISCVRegisterInfo.td
index 1a6145f92908134..87ad1d5ecd179e9 100644
--- a/llvm/lib/Target/RISCV/RISCVRegisterInfo.td
+++ b/llvm/lib/Target/RISCV/RISCVRegisterInfo.td
@@ -137,6 +137,8 @@ def GPR : GPRRegisterClass<(add (sequence "X%u", 10, 17),
(sequence "X%u", 0, 4))>;
def GPRX0 : GPRRegisterClass<(add X0)>;
+def GPRX1 : GPRRegisterClass<(add X1)>;
+def GPRX5 : GPRRegisterClass<(add X5)>;
def GPRNoX0 : GPRRegisterClass<(sub GPR, X0)>;
@@ -165,6 +167,10 @@ def SP : GPRRegisterClass<(add X2)>;
def SR07 : GPRRegisterClass<(add (sequence "X%u", 8, 9),
(sequence "X%u", 18, 23))>;
+def GPRRA : RegisterClass<"RISCV", [XLenVT], 32, (add X1, X5)> {
+ let RegInfos = XLenRI;
+}
+
// Floating point registers
let RegAltNameIndices = [ABIRegAltName] in {
def F0_H : RISCVReg16<0, "f0", ["ft0"]>, DwarfRegNum<[32]>;
@@ -597,3 +603,6 @@ foreach m = LMULList in {
// Special registers
def FFLAGS : RISCVReg<0, "fflags">;
def FRM : RISCVReg<0, "frm">;
+
+// Shadow Stack register
+def SSP : RISCVReg<0, "ssp">;
diff --git a/llvm/test/MC/RISCV/attribute-arch.s b/llvm/test/MC/RISCV/attribute-arch.s
index bf40eda456edf13..4f201d2afde3164 100644
--- a/llvm/test/MC/RISCV/attribute-arch.s
+++ b/llvm/test/MC/RISCV/attribute-arch.s
@@ -305,3 +305,6 @@
.attribute arch, "rv32i_zicfilp0p2"
# CHECK: attribute 5, "rv32i2p1_zicfilp0p2"
+
+.attribute arch, "rv32i_zicfiss0p3"
+# CHECK: .attribute 5, "rv32i2p1_zicfiss0p3"
diff --git a/llvm/test/MC/RISCV/rv32zicfiss-invalid.s b/llvm/test/MC/RISCV/rv32zicfiss-invalid.s
new file mode 100644
index 000000000000000..6b4959043d0180b
--- /dev/null
+++ b/llvm/test/MC/RISCV/rv32zicfiss-invalid.s
@@ -0,0 +1,20 @@
+# RUN: not llvm-mc %s -triple=riscv32 -mattr=+experimental-zicfiss,+c -riscv-no-aliases -show-encoding \
+# RUN: 2>&1 | FileCheck -check-prefixes=CHECK-ERR %s
+
+# CHECK-ERR: error: invalid operand for instruction
+sslw a0
+
+# CHECK-ERR: error: invalid operand for instruction
+sspopchk a1
+
+# CHECK-ERR: error: invalid operand for instruction
+c.sspush t0
+
+# CHECK-ERR: error: invalid operand for instruction
+c.sspopchk ra
+
+# CHECK-ERR: error: invalid operand for instruction
+sspush a0
+
+# CHECK-ERR: error: invalid operand for instruction
+ssrdp zero
diff --git a/llvm/test/MC/RISCV/rv32zicfiss-valid.s b/llvm/test/MC/RISCV/rv32zicfiss-valid.s
new file mode 100644
index 000000000000000..46a1d3103afac6e
--- /dev/null
+++ b/llvm/test/MC/RISCV/rv32zicfiss-valid.s
@@ -0,0 +1,103 @@
+# RUN: llvm-mc %s -triple=riscv32 -mattr=+experimental-zicfiss,+c -riscv-no-aliases -show-encoding \
+# RUN: | FileCheck -check-prefixes=CHECK-ASM,CHECK-ASM-AND-OBJ %s
+# RUN: llvm-mc -filetype=obj -triple=riscv32 -mattr=+experimental-zicfiss,+c < %s \
+# RUN: | llvm-objdump --mattr=+experimental-zicfiss -M no-aliases -d -r - \
+# RUN: | FileCheck --check-prefix=CHECK-ASM-AND-OBJ %s
+#
+# RUN: not llvm-mc -triple riscv32 -riscv-no-aliases -show-encoding < %s 2>&1 \
+# RUN: | FileCheck -check-prefixes=CHECK-NO-EXT %s
+
+# CHECK-ASM-AND-OBJ: sslw ra
+# CHECK-ASM: encoding: [0xf3,0x40,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sslw x1
+
+# CHECK-ASM-AND-OBJ: sslw ra
+# CHECK-ASM: encoding: [0xf3,0x40,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sslw ra
+
+# CHECK-ASM-AND-OBJ: sslw t0
+# CHECK-ASM: encoding: [0xf3,0x42,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sslw x5
+
+# CHECK-ASM-AND-OBJ: sslw t0
+# CHECK-ASM: encoding: [0xf3,0x42,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sslw t0
+
+# CHECK-ASM-AND-OBJ: sspopchk ra
+# CHECK-ASM: encoding: [0x73,0xc0,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk x1
+
+# CHECK-ASM-AND-OBJ: sspopchk ra
+# CHECK-ASM: encoding: [0x73,0xc0,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk ra
+
+# CHECK-ASM-AND-OBJ: sspopchk t0
+# CHECK-ASM: encoding: [0x73,0xc0,0xc2,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk x5
+
+# CHECK-ASM-AND-OBJ: sspopchk t0
+# CHECK-ASM: encoding: [0x73,0xc0,0xc2,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk t0
+
+# CHECK-ASM-AND-OBJ: ssincp
+# CHECK-ASM: encoding: [0x73,0x40,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssincp
+
+# CHECK-ASM-AND-OBJ: sspush ra
+# CHECK-ASM: encoding: [0x73,0x40,0x10,0x82]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush x1
+
+# CHECK-ASM-AND-OBJ: sspush ra
+# CHECK-ASM: encoding: [0x73,0x40,0x10,0x82]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush ra
+
+# check-asm-and-obj: sspush t0
+# check-asm: encoding: [0x73,0x40,0x50,0x82]
+# check-no-ext: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush x5
+
+# check-asm-and-obj: sspush t0
+# check-asm: encoding: [0x73,0x40,0x50,0x82]
+# check-no-ext: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush t0
+
+# CHECK-ASM-AND-OBJ: ssrdp ra
+# CHECK-ASM: encoding: [0xf3,0x40,0xd0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssrdp ra
+
+# CHECK-ASM-AND-OBJ: c.sspush ra
+# CHECK-ASM: encoding: [0x81,0x60]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspush x1
+
+# CHECK-ASM-AND-OBJ: c.sspush ra
+# CHECK-ASM: encoding: [0x81,0x60]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspush ra
+
+# CHECK-ASM-AND-OBJ: c.sspopchk t0
+# CHECK-ASM: encoding: [0x81,0x62]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspopchk x5
+
+# CHECK-ASM-AND-OBJ: c.sspopchk t0
+# CHECK-ASM: encoding: [0x81,0x62]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspopchk t0
+
+# CHECK-ASM-AND-OBJ: c.ssincp
+# CHECK-ASM: encoding: [0x81,0x61]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions), 'Zicfiss' (Shadow stack)
+c.ssincp
diff --git a/llvm/test/MC/RISCV/rv64zicfiss-invalid.s b/llvm/test/MC/RISCV/rv64zicfiss-invalid.s
new file mode 100644
index 000000000000000..aef5e17e33aff9e
--- /dev/null
+++ b/llvm/test/MC/RISCV/rv64zicfiss-invalid.s
@@ -0,0 +1,20 @@
+# RUN: not llvm-mc %s -triple=riscv64 -mattr=+experimental-zicfiss,+c -riscv-no-aliases -show-encoding \
+# RUN: 2>&1 | FileCheck -check-prefixes=CHECK-ERR %s
+
+# CHECK-ERR: error: invalid operand for instruction
+ssld a0
+
+# CHECK-ERR: error: invalid operand for instruction
+sspopchk a1
+
+# CHECK-ERR: error: invalid operand for instruction
+c.sspush t0
+
+# CHECK-ERR: error: invalid operand for instruction
+c.sspopchk ra
+
+# CHECK-ERR: error: invalid operand for instruction
+sspush a0
+
+# CHECK-ERR: error: invalid operand for instruction
+ssrdp zero
diff --git a/llvm/test/MC/RISCV/rv64zicfiss-valid.s b/llvm/test/MC/RISCV/rv64zicfiss-valid.s
new file mode 100644
index 000000000000000..8bba15cc3b22bec
--- /dev/null
+++ b/llvm/test/MC/RISCV/rv64zicfiss-valid.s
@@ -0,0 +1,103 @@
+# RUN: llvm-mc %s -triple=riscv64 -mattr=+experimental-zicfiss,+c -riscv-no-aliases -show-encoding \
+# RUN: | FileCheck -check-prefixes=CHECK-ASM,CHECK-ASM-AND-OBJ %s
+# RUN: llvm-mc -filetype=obj -triple=riscv64 -mattr=+experimental-zicfiss,+c < %s \
+# RUN: | llvm-objdump --mattr=+experimental-zicfiss -M no-aliases -d -r - \
+# RUN: | FileCheck --check-prefix=CHECK-ASM-AND-OBJ %s
+#
+# RUN: not llvm-mc -triple riscv64 -riscv-no-aliases -show-encoding < %s 2>&1 \
+# RUN: | FileCheck -check-prefixes=CHECK-NO-EXT %s
+
+# CHECK-ASM-AND-OBJ: ssld ra
+# CHECK-ASM: encoding: [0xf3,0x40,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssld x1
+
+# CHECK-ASM-AND-OBJ: ssld ra
+# CHECK-ASM: encoding: [0xf3,0x40,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssld ra
+
+# CHECK-ASM-AND-OBJ: ssld t0
+# CHECK-ASM: encoding: [0xf3,0x42,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssld x5
+
+# CHECK-ASM-AND-OBJ: ssld t0
+# CHECK-ASM: encoding: [0xf3,0x42,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssld t0
+
+# CHECK-ASM-AND-OBJ: sspopchk ra
+# CHECK-ASM: encoding: [0x73,0xc0,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk x1
+
+# CHECK-ASM-AND-OBJ: sspopchk ra
+# CHECK-ASM: encoding: [0x73,0xc0,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk ra
+
+# CHECK-ASM-AND-OBJ: sspopchk t0
+# CHECK-ASM: encoding: [0x73,0xc0,0xc2,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk x5
+
+# CHECK-ASM-AND-OBJ: sspopchk t0
+# CHECK-ASM: encoding: [0x73,0xc0,0xc2,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspopchk t0
+
+# CHECK-ASM-AND-OBJ: ssincp
+# CHECK-ASM: encoding: [0x73,0x40,0xc0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssincp
+
+# CHECK-ASM-AND-OBJ: sspush ra
+# CHECK-ASM: encoding: [0x73,0x40,0x10,0x82]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush x1
+
+# CHECK-ASM-AND-OBJ: sspush ra
+# CHECK-ASM: encoding: [0x73,0x40,0x10,0x82]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush ra
+
+# check-asm-and-obj: sspush t0
+# check-asm: encoding: [0x73,0x40,0x50,0x82]
+# check-no-ext: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush x5
+
+# check-asm-and-obj: sspush t0
+# check-asm: encoding: [0x73,0x40,0x50,0x82]
+# check-no-ext: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+sspush t0
+
+# CHECK-ASM-AND-OBJ: ssrdp ra
+# CHECK-ASM: encoding: [0xf3,0x40,0xd0,0x81]
+# CHECK-NO-EXT: error: instruction requires the following: 'Zicfiss' (Shadow stack)
+ssrdp ra
+
+# CHECK-ASM-AND-OBJ: c.sspush ra
+# CHECK-ASM: encoding: [0x81,0x60]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspush x1
+
+# CHECK-ASM-AND-OBJ: c.sspush ra
+# CHECK-ASM: encoding: [0x81,0x60]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspush ra
+
+# CHECK-ASM-AND-OBJ: c.sspopchk t0
+# CHECK-ASM: encoding: [0x81,0x62]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspopchk x5
+
+# CHECK-ASM-AND-OBJ: c.sspopchk t0
+# CHECK-ASM: encoding: [0x81,0x62]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions) or 'Zca' (part of the C extension, excluding compressed floating point loads/stores), 'Zicfiss' (Shadow stack)
+c.sspopchk t0
+
+# CHECK-ASM-AND-OBJ: c.ssincp
+# CHECK-ASM: encoding: [0x81,0x61]
+# CHECK-NO-EXT: error: instruction requires the following: 'C' (Compressed Instructions), 'Zicfiss' (Shadow stack)
+c.ssincp
>From bf86b1fb0b97523f2257580f116a811e79371011 Mon Sep 17 00:00:00 2001
From: Yeting Kuo <yeting.kuo at sifive.com>
Date: Tue, 3 Oct 2023 15:51:18 +0800
Subject: [PATCH 2/5] [RISCV] Rename GPRRA to GPRX1X5.
---
llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp | 8 ++++----
llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td | 8 ++++----
llvm/lib/Target/RISCV/RISCVRegisterInfo.td | 2 +-
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp b/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
index 14b3122f0fecbdb..9f088b6f3bf6492 100644
--- a/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
+++ b/llvm/lib/Target/RISCV/Disassembler/RISCVDisassembler.cpp
@@ -74,9 +74,9 @@ static DecodeStatus DecodeGPRRegisterClass(MCInst &Inst, uint32_t RegNo,
return MCDisassembler::Success;
}
-static DecodeStatus DecodeGPRRARegisterClass(MCInst &Inst, uint32_t RegNo,
- uint64_t Address,
- const MCDisassembler *Decoder) {
+static DecodeStatus DecodeGPRX1X5RegisterClass(MCInst &Inst, uint32_t RegNo,
+ uint64_t Address,
+ const MCDisassembler *Decoder) {
MCRegister Reg = RISCV::X0 + RegNo;
if (Reg != RISCV::X1 && Reg != RISCV::X5)
return MCDisassembler::Fail;
@@ -403,7 +403,7 @@ static DecodeStatus decodeCSSPushPopchk(MCInst &Inst, uint32_t Insn,
uint64_t Address,
const MCDisassembler *Decoder) {
uint32_t Rs1 = fieldFromInstruction(Insn, 7, 5);
- DecodeStatus Result = DecodeGPRRARegisterClass(Inst, Rs1, Address, Decoder);
+ DecodeStatus Result = DecodeGPRX1X5RegisterClass(Inst, Rs1, Address, Decoder);
(void)Result;
assert(Result == MCDisassembler::Success && "Invalid register");
return MCDisassembler::Success;
diff --git a/llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td b/llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td
index f787a260a8ca9da..95864664e43f2ae 100644
--- a/llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td
+++ b/llvm/lib/Target/RISCV/RISCVInstrInfoZicfiss.td
@@ -26,13 +26,13 @@ class RVC_SSInst<bits<5> rs1val, RegisterClass reg_class, string opcodestr> :
let Uses = [SSP], hasSideEffects = 0, mayLoad = 1, mayStore = 0 in {
let DecoderNamespace = "RV32Zicfiss", Predicates = [HasStdExtZicfiss, IsRV32] in
-def SSLW : RVInstI<0b100, OPC_SYSTEM, (outs GPRRA:$rd), (ins), "sslw", "$rd"> {
+def SSLW : RVInstI<0b100, OPC_SYSTEM, (outs GPRX1X5:$rd), (ins), "sslw", "$rd"> {
let rs1 = 0;
let imm12 = 0b100000011100;
}
let Predicates = [HasStdExtZicfiss, IsRV64] in
-def SSLD : RVInstI<0b100, OPC_SYSTEM, (outs GPRRA:$rd), (ins), "ssld", "$rd"> {
+def SSLD : RVInstI<0b100, OPC_SYSTEM, (outs GPRX1X5:$rd), (ins), "ssld", "$rd"> {
let rs1 = 0;
let imm12 = 0b100000011100;
}
@@ -40,7 +40,7 @@ def SSLD : RVInstI<0b100, OPC_SYSTEM, (outs GPRRA:$rd), (ins), "ssld", "$rd"> {
let Predicates = [HasStdExtZicfiss] in {
let Uses = [SSP], hasSideEffects = 0, mayLoad = 1, mayStore = 0 in
-def SSPOPCHK : RVInstI<0b100, OPC_SYSTEM, (outs), (ins GPRRA:$rs1), "sspopchk",
+def SSPOPCHK : RVInstI<0b100, OPC_SYSTEM, (outs), (ins GPRX1X5:$rs1), "sspopchk",
"$rs1"> {
let rd = 0;
let imm12 = 0b100000011100;
@@ -60,7 +60,7 @@ def SSRDP : RVInstI<0b100, OPC_SYSTEM, (outs GPRNoX0:$rd), (ins), "ssrdp", "$rd"
} // Uses = [SSP], hasSideEffects = 0, mayLoad = 0, mayStore = 0
let Uses = [SSP], Defs = [SSP], hasSideEffects = 0, mayLoad = 0, mayStore = 1 in
-def SSPUSH : RVInstR<0b1000001, 0b100, OPC_SYSTEM, (outs), (ins GPRRA:$rs2),
+def SSPUSH : RVInstR<0b1000001, 0b100, OPC_SYSTEM, (outs), (ins GPRX1X5:$rs2),
"sspush", "$rs2"> {
let rd = 0b00000;
let rs1 = 0b00000;
diff --git a/llvm/lib/Target/RISCV/RISCVRegisterInfo.td b/llvm/lib/Target/RISCV/RISCVRegisterInfo.td
index 87ad1d5ecd179e9..5a6ad940398cac1 100644
--- a/llvm/lib/Target/RISCV/RISCVRegisterInfo.td
+++ b/llvm/lib/Target/RISCV/RISCVRegisterInfo.td
@@ -167,7 +167,7 @@ def SP : GPRRegisterClass<(add X2)>;
def SR07 : GPRRegisterClass<(add (sequence "X%u", 8, 9),
(sequence "X%u", 18, 23))>;
-def GPRRA : RegisterClass<"RISCV", [XLenVT], 32, (add X1, X5)> {
+def GPRX1X5 : RegisterClass<"RISCV", [XLenVT], 32, (add X1, X5)> {
let RegInfos = XLenRI;
}
>From 5a3421da8163eacfc8fe3ece25177f38bfe868c8 Mon Sep 17 00:00:00 2001
From: Yeting Kuo <yeting.kuo at sifive.com>
Date: Tue, 3 Oct 2023 16:08:06 +0800
Subject: [PATCH 3/5] [RISCV] Implement shadow stack on shadow stack mode with
Zicfiss.
There are two shadow stack implements with Zicfiss in [spec] now.
In Shadow stack mode, programs still store the return address to regular address.
In Control stack mode, programs only store the return address to shadow stack.
This patch only supports the shadow stack mode.
[spec]: https://github.com/riscv/riscv-cfi/blob/main/cfi_backward.adoc#push-to-and-pop-from-the-shadow-stack
---
llvm/lib/Target/RISCV/RISCVFrameLowering.cpp | 14 +-
llvm/test/CodeGen/RISCV/shadowcallstack.ll | 130 +++++++++++++++++++
2 files changed, 142 insertions(+), 2 deletions(-)
diff --git a/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp b/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
index add933250f8473d..3ff335bb7304773 100644
--- a/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
+++ b/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
@@ -51,9 +51,14 @@ static void emitSCSPrologue(MachineFunction &MF, MachineBasicBlock &MBB,
CSI, [&](CalleeSavedInfo &CSR) { return CSR.getReg() == RAReg; }))
return;
+ const RISCVInstrInfo *TII = STI.getInstrInfo();
+ if (STI.hasFeature(RISCV::FeatureStdExtZicfiss)) {
+ BuildMI(MBB, MI, DL, TII->get(RISCV::SSPUSH)).addReg(RAReg);
+ return;
+ }
+
Register SCSPReg = RISCVABI::getSCSPReg();
- const RISCVInstrInfo *TII = STI.getInstrInfo();
bool IsRV64 = STI.hasFeature(RISCV::Feature64Bit);
int64_t SlotSize = STI.getXLen() / 8;
// Store return address to shadow call stack
@@ -106,9 +111,14 @@ static void emitSCSEpilogue(MachineFunction &MF, MachineBasicBlock &MBB,
CSI, [&](CalleeSavedInfo &CSR) { return CSR.getReg() == RAReg; }))
return;
+ const RISCVInstrInfo *TII = STI.getInstrInfo();
+ if (STI.hasFeature(RISCV::FeatureStdExtZicfiss)) {
+ BuildMI(MBB, MI, DL, TII->get(RISCV::SSPOPCHK)).addReg(RAReg);
+ return;
+ }
+
Register SCSPReg = RISCVABI::getSCSPReg();
- const RISCVInstrInfo *TII = STI.getInstrInfo();
bool IsRV64 = STI.hasFeature(RISCV::Feature64Bit);
int64_t SlotSize = STI.getXLen() / 8;
// Load return address from shadow call stack
diff --git a/llvm/test/CodeGen/RISCV/shadowcallstack.ll b/llvm/test/CodeGen/RISCV/shadowcallstack.ll
index fee067ee3ad141c..8fbe7ed9ca07663 100644
--- a/llvm/test/CodeGen/RISCV/shadowcallstack.ll
+++ b/llvm/test/CodeGen/RISCV/shadowcallstack.ll
@@ -3,6 +3,10 @@
; RUN: | FileCheck %s --check-prefix=RV32
; RUN: llc -mtriple=riscv64 -verify-machineinstrs < %s \
; RUN: | FileCheck %s --check-prefix=RV64
+; RUN: llc -mtriple=riscv32 -mattr=+experimental-zicfiss -verify-machineinstrs < %s \
+; RUN: | FileCheck %s --check-prefix=RV32-ZICFISS
+; RUN: llc -mtriple=riscv64 -mattr=+experimental-zicfiss -verify-machineinstrs < %s \
+; RUN: | FileCheck %s --check-prefix=RV64-ZICFISS
define void @f1() shadowcallstack {
; RV32-LABEL: f1:
@@ -12,6 +16,14 @@ define void @f1() shadowcallstack {
; RV64-LABEL: f1:
; RV64: # %bb.0:
; RV64-NEXT: ret
+;
+; RV32-ZICFISS-LABEL: f1:
+; RV32-ZICFISS: # %bb.0:
+; RV32-ZICFISS-NEXT: ret
+;
+; RV64-ZICFISS-LABEL: f1:
+; RV64-ZICFISS: # %bb.0:
+; RV64-ZICFISS-NEXT: ret
ret void
}
@@ -25,6 +37,14 @@ define void @f2() shadowcallstack {
; RV64-LABEL: f2:
; RV64: # %bb.0:
; RV64-NEXT: tail foo at plt
+;
+; RV32-ZICFISS-LABEL: f2:
+; RV32-ZICFISS: # %bb.0:
+; RV32-ZICFISS-NEXT: tail foo at plt
+;
+; RV64-ZICFISS-LABEL: f2:
+; RV64-ZICFISS: # %bb.0:
+; RV64-ZICFISS-NEXT: tail foo at plt
tail call void @foo()
ret void
}
@@ -65,6 +85,32 @@ define i32 @f3() shadowcallstack {
; RV64-NEXT: addi gp, gp, -8
; RV64-NEXT: .cfi_restore gp
; RV64-NEXT: ret
+;
+; RV32-ZICFISS-LABEL: f3:
+; RV32-ZICFISS: # %bb.0:
+; RV32-ZICFISS-NEXT: sspush ra
+; RV32-ZICFISS-NEXT: addi sp, sp, -16
+; RV32-ZICFISS-NEXT: .cfi_def_cfa_offset 16
+; RV32-ZICFISS-NEXT: sw ra, 12(sp) # 4-byte Folded Spill
+; RV32-ZICFISS-NEXT: .cfi_offset ra, -4
+; RV32-ZICFISS-NEXT: call bar at plt
+; RV32-ZICFISS-NEXT: lw ra, 12(sp) # 4-byte Folded Reload
+; RV32-ZICFISS-NEXT: addi sp, sp, 16
+; RV32-ZICFISS-NEXT: sspopchk ra
+; RV32-ZICFISS-NEXT: ret
+;
+; RV64-ZICFISS-LABEL: f3:
+; RV64-ZICFISS: # %bb.0:
+; RV64-ZICFISS-NEXT: sspush ra
+; RV64-ZICFISS-NEXT: addi sp, sp, -16
+; RV64-ZICFISS-NEXT: .cfi_def_cfa_offset 16
+; RV64-ZICFISS-NEXT: sd ra, 8(sp) # 8-byte Folded Spill
+; RV64-ZICFISS-NEXT: .cfi_offset ra, -8
+; RV64-ZICFISS-NEXT: call bar at plt
+; RV64-ZICFISS-NEXT: ld ra, 8(sp) # 8-byte Folded Reload
+; RV64-ZICFISS-NEXT: addi sp, sp, 16
+; RV64-ZICFISS-NEXT: sspopchk ra
+; RV64-ZICFISS-NEXT: ret
%res = call i32 @bar()
%res1 = add i32 %res, 1
ret i32 %res
@@ -140,6 +186,68 @@ define i32 @f4() shadowcallstack {
; RV64-NEXT: addi gp, gp, -8
; RV64-NEXT: .cfi_restore gp
; RV64-NEXT: ret
+;
+; RV32-ZICFISS-LABEL: f4:
+; RV32-ZICFISS: # %bb.0:
+; RV32-ZICFISS-NEXT: sspush ra
+; RV32-ZICFISS-NEXT: addi sp, sp, -16
+; RV32-ZICFISS-NEXT: .cfi_def_cfa_offset 16
+; RV32-ZICFISS-NEXT: sw ra, 12(sp) # 4-byte Folded Spill
+; RV32-ZICFISS-NEXT: sw s0, 8(sp) # 4-byte Folded Spill
+; RV32-ZICFISS-NEXT: sw s1, 4(sp) # 4-byte Folded Spill
+; RV32-ZICFISS-NEXT: sw s2, 0(sp) # 4-byte Folded Spill
+; RV32-ZICFISS-NEXT: .cfi_offset ra, -4
+; RV32-ZICFISS-NEXT: .cfi_offset s0, -8
+; RV32-ZICFISS-NEXT: .cfi_offset s1, -12
+; RV32-ZICFISS-NEXT: .cfi_offset s2, -16
+; RV32-ZICFISS-NEXT: call bar at plt
+; RV32-ZICFISS-NEXT: mv s0, a0
+; RV32-ZICFISS-NEXT: call bar at plt
+; RV32-ZICFISS-NEXT: mv s1, a0
+; RV32-ZICFISS-NEXT: call bar at plt
+; RV32-ZICFISS-NEXT: mv s2, a0
+; RV32-ZICFISS-NEXT: call bar at plt
+; RV32-ZICFISS-NEXT: add s0, s0, s1
+; RV32-ZICFISS-NEXT: add a0, s2, a0
+; RV32-ZICFISS-NEXT: add a0, s0, a0
+; RV32-ZICFISS-NEXT: lw ra, 12(sp) # 4-byte Folded Reload
+; RV32-ZICFISS-NEXT: lw s0, 8(sp) # 4-byte Folded Reload
+; RV32-ZICFISS-NEXT: lw s1, 4(sp) # 4-byte Folded Reload
+; RV32-ZICFISS-NEXT: lw s2, 0(sp) # 4-byte Folded Reload
+; RV32-ZICFISS-NEXT: addi sp, sp, 16
+; RV32-ZICFISS-NEXT: sspopchk ra
+; RV32-ZICFISS-NEXT: ret
+;
+; RV64-ZICFISS-LABEL: f4:
+; RV64-ZICFISS: # %bb.0:
+; RV64-ZICFISS-NEXT: sspush ra
+; RV64-ZICFISS-NEXT: addi sp, sp, -32
+; RV64-ZICFISS-NEXT: .cfi_def_cfa_offset 32
+; RV64-ZICFISS-NEXT: sd ra, 24(sp) # 8-byte Folded Spill
+; RV64-ZICFISS-NEXT: sd s0, 16(sp) # 8-byte Folded Spill
+; RV64-ZICFISS-NEXT: sd s1, 8(sp) # 8-byte Folded Spill
+; RV64-ZICFISS-NEXT: sd s2, 0(sp) # 8-byte Folded Spill
+; RV64-ZICFISS-NEXT: .cfi_offset ra, -8
+; RV64-ZICFISS-NEXT: .cfi_offset s0, -16
+; RV64-ZICFISS-NEXT: .cfi_offset s1, -24
+; RV64-ZICFISS-NEXT: .cfi_offset s2, -32
+; RV64-ZICFISS-NEXT: call bar at plt
+; RV64-ZICFISS-NEXT: mv s0, a0
+; RV64-ZICFISS-NEXT: call bar at plt
+; RV64-ZICFISS-NEXT: mv s1, a0
+; RV64-ZICFISS-NEXT: call bar at plt
+; RV64-ZICFISS-NEXT: mv s2, a0
+; RV64-ZICFISS-NEXT: call bar at plt
+; RV64-ZICFISS-NEXT: add s0, s0, s1
+; RV64-ZICFISS-NEXT: add a0, s2, a0
+; RV64-ZICFISS-NEXT: addw a0, s0, a0
+; RV64-ZICFISS-NEXT: ld ra, 24(sp) # 8-byte Folded Reload
+; RV64-ZICFISS-NEXT: ld s0, 16(sp) # 8-byte Folded Reload
+; RV64-ZICFISS-NEXT: ld s1, 8(sp) # 8-byte Folded Reload
+; RV64-ZICFISS-NEXT: ld s2, 0(sp) # 8-byte Folded Reload
+; RV64-ZICFISS-NEXT: addi sp, sp, 32
+; RV64-ZICFISS-NEXT: sspopchk ra
+; RV64-ZICFISS-NEXT: ret
%res1 = call i32 @bar()
%res2 = call i32 @bar()
%res3 = call i32 @bar()
@@ -176,6 +284,28 @@ define i32 @f5() shadowcallstack nounwind {
; RV64-NEXT: ld ra, -8(gp)
; RV64-NEXT: addi gp, gp, -8
; RV64-NEXT: ret
+;
+; RV32-ZICFISS-LABEL: f5:
+; RV32-ZICFISS: # %bb.0:
+; RV32-ZICFISS-NEXT: sspush ra
+; RV32-ZICFISS-NEXT: addi sp, sp, -16
+; RV32-ZICFISS-NEXT: sw ra, 12(sp) # 4-byte Folded Spill
+; RV32-ZICFISS-NEXT: call bar at plt
+; RV32-ZICFISS-NEXT: lw ra, 12(sp) # 4-byte Folded Reload
+; RV32-ZICFISS-NEXT: addi sp, sp, 16
+; RV32-ZICFISS-NEXT: sspopchk ra
+; RV32-ZICFISS-NEXT: ret
+;
+; RV64-ZICFISS-LABEL: f5:
+; RV64-ZICFISS: # %bb.0:
+; RV64-ZICFISS-NEXT: sspush ra
+; RV64-ZICFISS-NEXT: addi sp, sp, -16
+; RV64-ZICFISS-NEXT: sd ra, 8(sp) # 8-byte Folded Spill
+; RV64-ZICFISS-NEXT: call bar at plt
+; RV64-ZICFISS-NEXT: ld ra, 8(sp) # 8-byte Folded Reload
+; RV64-ZICFISS-NEXT: addi sp, sp, 16
+; RV64-ZICFISS-NEXT: sspopchk ra
+; RV64-ZICFISS-NEXT: ret
%res = call i32 @bar()
%res1 = add i32 %res, 1
ret i32 %res
>From e32fc6cfb624d2ee90dc5b1da2c2e505f9920ac0 Mon Sep 17 00:00:00 2001
From: Yeting Kuo <yeting.kuo at sifive.com>
Date: Thu, 12 Oct 2023 22:32:34 -0700
Subject: [PATCH 4/5] [ShadowCallStack][RISCV] Update shadow stack doc.
---
clang/docs/ShadowCallStack.rst | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/clang/docs/ShadowCallStack.rst b/clang/docs/ShadowCallStack.rst
index 04c04d259d7dc6f..0785d2fe637926f 100644
--- a/clang/docs/ShadowCallStack.rst
+++ b/clang/docs/ShadowCallStack.rst
@@ -57,11 +57,11 @@ compiled application or the operating system. Integrating the runtime into
the operating system should be preferred since otherwise all thread creation
and destruction would need to be intercepted by the application.
-The instrumentation makes use of the platform register ``x18`` on AArch64 and
-``x3`` (``gp``) on RISC-V. For simplicity we will refer to this as the
-``SCSReg``. On some platforms, ``SCSReg`` is reserved, and on others, it is
-designated as a scratch register. This generally means that any code that may
-run on the same thread as code compiled with ShadowCallStack must either target
+The instrumentation makes use of the platform register ``x18`` on AArch64,
+``x3`` (``gp``) on RISC-V without `Zicfiss`_ and ``ssp`` on RISCV with `Zicfiss`_.
+For simplicity we will refer to this as the ``SCSReg``. On some platforms,
+``SCSReg`` is reserved, and on others, it is designated as a scratch register.
+This generally means that any code that may run on the same thread as code compiled with ShadowCallStack must either target
one of the platforms whose ABI reserves ``SCSReg`` (currently Android, Darwin,
Fuchsia and Windows) or be compiled with a flag to reserve that register (e.g.,
``-ffixed-x18``). If absolutely necessary, code compiled without reserving the
@@ -70,6 +70,7 @@ saving the register value temporarily on the stack (`example in Android`_) but
this should be done with care since it risks leaking the shadow call stack
address.
+.. _`Zicfiss`: https://github.com/riscv/riscv-cfi/blob/main/cfi_backward.adoc
.. _`example in Android`: https://android-review.googlesource.com/c/platform/frameworks/base/+/803717
Because it requires a dedicated register, the ShadowCallStack feature is
@@ -151,9 +152,10 @@ Usage
To enable ShadowCallStack, just pass the ``-fsanitize=shadow-call-stack`` flag
to both compile and link command lines. On aarch64, you also need to pass
-``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V, ``x3``
-(``gp``) is always reserved. It is, however, important to disable GP relaxation
-in the linker. This can be done with the ``--no-relax-gp`` flag in GNU ld.
+``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V without
+`Zicfiss`_, ``x3`` (``gp``) is always reserved. It is, however, important to
+disable GP relaxation in the linker. This can be done with the ``--no-relax-gp``
+flag in GNU ld.
Low-level API
-------------
>From 45c048c4013ea70e26d20eea6f2c481a7b5eae50 Mon Sep 17 00:00:00 2001
From: Yeting Kuo <yeting.kuo at sifive.com>
Date: Mon, 16 Oct 2023 14:11:18 +0800
Subject: [PATCH 5/5] [RISCV] Add option to enable hardware shadow stack.
---
clang/docs/ShadowCallStack.rst | 7 ++++---
llvm/lib/Target/RISCV/RISCVFrameLowering.cpp | 13 +++++++++++--
llvm/test/CodeGen/RISCV/shadowcallstack.ll | 4 ++--
3 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/clang/docs/ShadowCallStack.rst b/clang/docs/ShadowCallStack.rst
index 0785d2fe637926f..8f9699a2a45d8d5 100644
--- a/clang/docs/ShadowCallStack.rst
+++ b/clang/docs/ShadowCallStack.rst
@@ -58,7 +58,8 @@ the operating system should be preferred since otherwise all thread creation
and destruction would need to be intercepted by the application.
The instrumentation makes use of the platform register ``x18`` on AArch64,
-``x3`` (``gp``) on RISC-V without `Zicfiss`_ and ``ssp`` on RISCV with `Zicfiss`_.
+``x3`` (``gp``) on RISC-V with software shadow stack and ``ssp`` on RISC-V with
+hardware shadow stack, which needs `Zicfiss`_ and ``-mllvm -riscv-hardware-shadow-stack``.
For simplicity we will refer to this as the ``SCSReg``. On some platforms,
``SCSReg`` is reserved, and on others, it is designated as a scratch register.
This generally means that any code that may run on the same thread as code compiled with ShadowCallStack must either target
@@ -152,8 +153,8 @@ Usage
To enable ShadowCallStack, just pass the ``-fsanitize=shadow-call-stack`` flag
to both compile and link command lines. On aarch64, you also need to pass
-``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V without
-`Zicfiss`_, ``x3`` (``gp``) is always reserved. It is, however, important to
+``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V with software
+shadow stack, ``x3`` (``gp``) is always reserved. It is, however, important to
disable GP relaxation in the linker. This can be done with the ``--no-relax-gp``
flag in GNU ld.
diff --git a/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp b/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
index 3ff335bb7304773..1a0c1ffe05974c8 100644
--- a/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
+++ b/llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
@@ -27,6 +27,11 @@
using namespace llvm;
+static cl::opt<bool>
+ HardwareShadowStack("riscv-hardware-shadow-stack", cl::init(false),
+ cl::Hidden,
+ cl::desc("Enable hardware shadow stack with Zicfiss."));
+
static const Register AllPopRegs[] = {
RISCV::X1, RISCV::X8, RISCV::X9, RISCV::X18, RISCV::X19,
RISCV::X20, RISCV::X21, RISCV::X22, RISCV::X23, RISCV::X24,
@@ -52,7 +57,9 @@ static void emitSCSPrologue(MachineFunction &MF, MachineBasicBlock &MBB,
return;
const RISCVInstrInfo *TII = STI.getInstrInfo();
- if (STI.hasFeature(RISCV::FeatureStdExtZicfiss)) {
+ if (HardwareShadowStack) {
+ if (!STI.hasFeature(RISCV::FeatureStdExtZicfiss))
+ report_fatal_error("Hardware shadow stack needs Zicfiss to be enabled");
BuildMI(MBB, MI, DL, TII->get(RISCV::SSPUSH)).addReg(RAReg);
return;
}
@@ -112,7 +119,9 @@ static void emitSCSEpilogue(MachineFunction &MF, MachineBasicBlock &MBB,
return;
const RISCVInstrInfo *TII = STI.getInstrInfo();
- if (STI.hasFeature(RISCV::FeatureStdExtZicfiss)) {
+ if (HardwareShadowStack) {
+ if (!STI.hasFeature(RISCV::FeatureStdExtZicfiss))
+ report_fatal_error("Hardware shadow stack needs Zicfiss to be enabled");
BuildMI(MBB, MI, DL, TII->get(RISCV::SSPOPCHK)).addReg(RAReg);
return;
}
diff --git a/llvm/test/CodeGen/RISCV/shadowcallstack.ll b/llvm/test/CodeGen/RISCV/shadowcallstack.ll
index 8fbe7ed9ca07663..82c6d50aaa7de6e 100644
--- a/llvm/test/CodeGen/RISCV/shadowcallstack.ll
+++ b/llvm/test/CodeGen/RISCV/shadowcallstack.ll
@@ -3,9 +3,9 @@
; RUN: | FileCheck %s --check-prefix=RV32
; RUN: llc -mtriple=riscv64 -verify-machineinstrs < %s \
; RUN: | FileCheck %s --check-prefix=RV64
-; RUN: llc -mtriple=riscv32 -mattr=+experimental-zicfiss -verify-machineinstrs < %s \
+; RUN: llc -mtriple=riscv32 -mattr=+experimental-zicfiss -riscv-hardware-shadow-stack -verify-machineinstrs < %s \
; RUN: | FileCheck %s --check-prefix=RV32-ZICFISS
-; RUN: llc -mtriple=riscv64 -mattr=+experimental-zicfiss -verify-machineinstrs < %s \
+; RUN: llc -mtriple=riscv64 -mattr=+experimental-zicfiss -riscv-hardware-shadow-stack -verify-machineinstrs < %s \
; RUN: | FileCheck %s --check-prefix=RV64-ZICFISS
define void @f1() shadowcallstack {
More information about the cfe-commits
mailing list