[libc-commits] [libc] [libc] fortify jmp buffer for x86-64 (PR #112769)
Schrodinger ZHU Yifan via libc-commits
libc-commits at lists.llvm.org
Fri Oct 18 11:24:12 PDT 2024
SchrodingerZhu wrote:
Some performance data.
```
Iterations: 100
Instructions: 5500
Total Cycles: 2475
Total uOps: 6300
Dispatch Width: 6
uOps Per Cycle: 2.55
IPC: 2.22
Block RThroughput: 24.0
Cycles with backend pressure increase [ 28.53% ]
Throughput Bottlenecks:
Resource Pressure [ 27.88% ]
- Zn4ALU1 [ 27.88% ]
Data Dependencies: [ 28.48% ]
- Register Dependencies [ 28.48% ]
- Memory Dependencies [ 0.00% ]
Critical sequence based on the simulation:
Instruction Dependency Information
0. movq _ZN22__llvm_libc_20_0_0_git6jmpbuf10value_maskE(%rip), %rcx
1. movq _ZN22__llvm_libc_20_0_0_git6jmpbuf15checksum_cookieE(%rip), %rdx
2. movq (%rdi), %rax
3. movq %rax, %rbx
4. xorq %rcx, %rbx
5. mulq %rdx
6. xorq %rax, %rdx
7. rolq $13, %rdx
+----< 8. movq 8(%rdi), %rax
| 9. movq %rax, %rbp
| 10. xorq %rcx, %rbp
+----> 11. mulq %rdx ## REGISTER dependency: %rax
+----> 12. xorq %rax, %rdx ## REGISTER dependency: %rax
+----> 13. rolq $13, %rdx ## REGISTER dependency: %rdx
14. movq 16(%rdi), %rax
15. movq %rax, %r12
16. xorq %rcx, %r12
17. mulq %rdx
18. xorq %rax, %rdx
19. rolq $13, %rdx
20. movq 24(%rdi), %rax
21. movq %rax, %r13
22. xorq %rcx, %r13
23. mulq %rdx
24. xorq %rax, %rdx
25. rolq $13, %rdx
26. movq 32(%rdi), %rax
27. movq %rax, %r14
28. xorq %rcx, %r14
29. mulq %rdx
30. xorq %rax, %rdx
31. rolq $13, %rdx
32. movq 40(%rdi), %rax
33. movq %rax, %r15
34. xorq %rcx, %r15
35. mulq %rdx
36. xorq %rax, %rdx
37. rolq $13, %rdx
38. movq 48(%rdi), %rax
39. movq %rax, %rsp
40. xorq %rcx, %rsp
41. mulq %rdx
42. xorq %rax, %rdx
43. rolq $13, %rdx
44. movq 56(%rdi), %rax
45. xorq %rax, %rcx
46. mulq %rdx
47. xorq %rax, %rdx
48. rolq $13, %rdx
49. cmpq 64(%rdi), %rdx
50. jne __libc_jmpbuf_corruption
51. cmpl $1, %esi
52. adcl $0, %esi
53. movq %rsi, %rax
54. jmpq *%rcx
Instruction Info:
[1]: #uOps
[2]: Latency
[3]: RThroughput
[4]: MayLoad
[5]: MayStore
[6]: HasSideEffects (U)
[1] [2] [3] [4] [5] [6] Instructions:
1 5 0.33 * movq _ZN22__llvm_libc_20_0_0_git6jmpbuf10value_maskE(%rip), %rcx
1 5 0.33 * movq _ZN22__llvm_libc_20_0_0_git6jmpbuf15checksum_cookieE(%rip), %rdx
1 5 0.33 * movq (%rdi), %rax
1 0 0.17 movq %rax, %rbx
1 1 0.25 xorq %rcx, %rbx
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * movq 8(%rdi), %rax
1 0 0.17 movq %rax, %rbp
1 1 0.25 xorq %rcx, %rbp
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * movq 16(%rdi), %rax
1 0 0.17 movq %rax, %r12
1 1 0.25 xorq %rcx, %r12
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * movq 24(%rdi), %rax
1 0 0.17 movq %rax, %r13
1 1 0.25 xorq %rcx, %r13
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * movq 32(%rdi), %rax
1 0 0.17 movq %rax, %r14
1 1 0.25 xorq %rcx, %r14
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * movq 40(%rdi), %rax
1 0 0.17 movq %rax, %r15
1 1 0.25 xorq %rcx, %r15
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * movq 48(%rdi), %rax
1 0 0.17 movq %rax, %rsp
1 1 0.25 xorq %rcx, %rsp
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * movq 56(%rdi), %rax
1 1 0.25 xorq %rax, %rcx
2 3 3.00 mulq %rdx
1 1 0.25 xorq %rax, %rdx
1 1 0.50 rolq $13, %rdx
1 5 0.33 * cmpq 64(%rdi), %rdx
1 1 0.50 jne __libc_jmpbuf_corruption
1 1 0.25 cmpl $1, %esi
1 1 1.00 adcl $0, %esi
1 0 0.17 movq %rsi, %rax
1 1 0.50 jmpq *%rcx
Resources:
[0] - Zn4AGU0
[1] - Zn4AGU1
[2] - Zn4AGU2
[3] - Zn4ALU0
[4] - Zn4ALU1
[5] - Zn4ALU2
[6] - Zn4ALU3
[7] - Zn4BRU1
[8] - Zn4FP0
[9] - Zn4FP1
[10] - Zn4FP2
[11] - Zn4FP3
[12.0] - Zn4FP45
[12.1] - Zn4FP45
[13] - Zn4FPSt
[14.0] - Zn4LSU
[14.1] - Zn4LSU
[14.2] - Zn4LSU
[15.0] - Zn4Load
[15.1] - Zn4Load
[15.2] - Zn4Load
[16.0] - Zn4Store
[16.1] - Zn4Store
Resource pressure per iteration:
[0] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12.0] [12.1] [13] [14.0] [14.1] [14.2] [15.0] [15.1] [15.2] [16.0] [16.1]
3.66 3.67 3.67 10.96 24.53 9.52 8.99 2.00 - - - - - - - 3.66 3.67 3.67 3.66 3.67 3.67 - -
Resource pressure by instruction:
[0] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12.0] [12.1] [13] [14.0] [14.1] [14.2] [15.0] [15.1] [15.2] [16.0] [16.1] Instructions:
0.33 0.33 0.34 - - - - - - - - - - - - 0.33 0.33 0.34 0.33 0.33 0.34 - - movq _ZN22__llvm_libc_20_0_0_git6jmpbuf10value_maskE(%rip), %rcx
0.33 0.34 0.33 - - - - - - - - - - - - 0.33 0.34 0.33 0.33 0.34 0.33 - - movq _ZN22__llvm_libc_20_0_0_git6jmpbuf15checksum_cookieE(%rip), %rdx
0.34 0.33 0.33 - - - - - - - - - - - - 0.34 0.33 0.33 0.34 0.33 0.33 - - movq (%rdi), %rax
- - - - - - - - - - - - - - - - - - - - - - - movq %rax, %rbx
- - - 0.02 - - 0.98 - - - - - - - - - - - - - - - - xorq %rcx, %rbx
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - 0.98 - - 0.02 - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - - 1.00 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.33 0.33 0.34 - - - - - - - - - - - - 0.33 0.33 0.34 0.33 0.33 0.34 - - movq 8(%rdi), %rax
- - - - - - - - - - - - - - - - - - - - - - - movq %rax, %rbp
- - - 0.97 - 0.01 0.02 - - - - - - - - - - - - - - - - xorq %rcx, %rbp
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - 0.02 - 0.01 0.97 - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - - 1.00 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.33 0.34 0.33 - - - - - - - - - - - - 0.33 0.34 0.33 0.33 0.34 0.33 - - movq 16(%rdi), %rax
- - - - - - - - - - - - - - - - - - - - - - - movq %rax, %r12
- - - 0.50 - 0.48 0.02 - - - - - - - - - - - - - - - - xorq %rcx, %r12
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - 0.99 - 0.01 - - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - - 1.00 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.34 0.33 0.33 - - - - - - - - - - - - 0.34 0.33 0.33 0.34 0.33 0.33 - - movq 24(%rdi), %rax
- - - - - - - - - - - - - - - - - - - - - - - movq %rax, %r13
- - - 0.51 0.01 - 0.48 - - - - - - - - - - - - - - - - xorq %rcx, %r13
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - 0.01 0.48 0.01 0.50 - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - - 1.00 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.33 0.34 0.33 - - - - - - - - - - - - 0.33 0.34 0.33 0.33 0.34 0.33 - - movq 32(%rdi), %rax
- - - - - - - - - - - - - - - - - - - - - - - movq %rax, %r14
- - - 0.01 - 0.01 0.98 - - - - - - - - - - - - - - - - xorq %rcx, %r14
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - 0.48 - 0.01 0.51 - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - 0.01 0.99 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.34 0.33 0.33 - - - - - - - - - - - - 0.34 0.33 0.33 0.34 0.33 0.33 - - movq 40(%rdi), %rax
- - - - - - - - - - - - - - - - - - - - - - - movq %rax, %r15
- - - 0.01 - 0.01 0.98 - - - - - - - - - - - - - - - - xorq %rcx, %r15
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - 0.50 0.01 0.48 0.01 - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - 0.01 0.99 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.33 0.33 0.34 - - - - - - - - - - - - 0.33 0.33 0.34 0.33 0.33 0.34 - - movq 48(%rdi), %rax
- - - - - - - - - - - - - - - - - - - - - - - movq %rax, %rsp
- - - 0.01 - 0.49 0.50 - - - - - - - - - - - - - - - - xorq %rcx, %rsp
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - - - 0.01 0.99 - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - - 1.00 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.33 0.34 0.33 - - - - - - - - - - - - 0.33 0.34 0.33 0.33 0.34 0.33 - - movq 56(%rdi), %rax
- - - - 0.01 0.01 0.98 - - - - - - - - - - - - - - - - xorq %rax, %rcx
- - - - 3.00 - - - - - - - - - - - - - - - - - - mulq %rdx
- - - 0.50 - - 0.50 - - - - - - - - - - - - - - - - xorq %rax, %rdx
- - - - - 1.00 - - - - - - - - - - - - - - - - - rolq $13, %rdx
0.33 0.33 0.34 0.50 - - 0.50 - - - - - - - - 0.33 0.33 0.34 0.33 0.33 0.34 - - cmpq 64(%rdi), %rdx
- - - - - - - 1.00 - - - - - - - - - - - - - - - jne __libc_jmpbuf_corruption
- - - 0.99 - - 0.01 - - - - - - - - - - - - - - - - cmpl $1, %esi
- - - 3.96 - - 0.04 - - - - - - - - - - - - - - - - adcl $0, %esi
- - - - - - - - - - - - - - - - - - - - - - - movq %rsi, %rax
- - - - - - - 1.00 - - - - - - - - - - - - - - - jmpq *%rcx
```
Without fortification:
```
Iterations: 100
Instructions: 1100
Total Cycles: 274
Total uOps: 1100
Dispatch Width: 6
uOps Per Cycle: 4.01
IPC: 4.01
Block RThroughput: 2.7
Cycles with backend pressure increase [ 90.88% ]
Throughput Bottlenecks:
Resource Pressure [ 90.88% ]
- Zn4AGU0 [ 90.88% ]
- Zn4AGU1 [ 90.88% ]
- Zn4AGU2 [ 90.88% ]
- Zn4ALU0 [ 11.68% ]
- Zn4BRU1 [ 11.68% ]
- Zn4LSU [ 90.88% ]
- Zn4Load [ 90.88% ]
Data Dependencies: [ 44.16% ]
- Register Dependencies [ 44.16% ]
- Memory Dependencies [ 0.00% ]
Critical sequence based on the simulation:
Instruction Dependency Information
+----< 5. movq 40(%rdi), %r15
|
| < loop carried >
|
+----> 0. movq (%rdi), %rbx ## RESOURCE interference: Zn4LSU [ probability: 99% ]
+----> 1. movq 8(%rdi), %rbp ## RESOURCE interference: Zn4LSU [ probability: 99% ]
+----> 2. movq 16(%rdi), %r12 ## RESOURCE interference: Zn4LSU [ probability: 99% ]
+----> 3. movq 24(%rdi), %r13 ## RESOURCE interference: Zn4LSU [ probability: 100% ]
+----> 4. movq 32(%rdi), %r14 ## RESOURCE interference: Zn4LSU [ probability: 100% ]
+----> 5. movq 40(%rdi), %r15 ## RESOURCE interference: Zn4LSU [ probability: 100% ]
+----> 6. movq 48(%rdi), %rsp ## RESOURCE interference: Zn4LSU [ probability: 100% ]
| 7. cmpl $1, %esi
| 8. adcl $0, %esi
| 9. movq %rsi, %rax
+----> 10. jmpq *56(%rdi) ## RESOURCE interference: Zn4LSU [ probability: 100% ]
|
| < loop carried >
|
+----> 2. movq 16(%rdi), %r12 ## RESOURCE interference: Zn4LSU [ probability: 99% ]
Instruction Info:
[1]: #uOps
[2]: Latency
[3]: RThroughput
[4]: MayLoad
[5]: MayStore
[6]: HasSideEffects (U)
[1] [2] [3] [4] [5] [6] Instructions:
1 5 0.33 * movq (%rdi), %rbx
1 5 0.33 * movq 8(%rdi), %rbp
1 5 0.33 * movq 16(%rdi), %r12
1 5 0.33 * movq 24(%rdi), %r13
1 5 0.33 * movq 32(%rdi), %r14
1 5 0.33 * movq 40(%rdi), %r15
1 5 0.33 * movq 48(%rdi), %rsp
1 1 0.25 cmpl $1, %esi
1 1 1.00 adcl $0, %esi
1 0 0.17 movq %rsi, %rax
1 5 0.50 * jmpq *56(%rdi)
Resources:
[0] - Zn4AGU0
[1] - Zn4AGU1
[2] - Zn4AGU2
[3] - Zn4ALU0
[4] - Zn4ALU1
[5] - Zn4ALU2
[6] - Zn4ALU3
[7] - Zn4BRU1
[8] - Zn4FP0
[9] - Zn4FP1
[10] - Zn4FP2
[11] - Zn4FP3
[12.0] - Zn4FP45
[12.1] - Zn4FP45
[13] - Zn4FPSt
[14.0] - Zn4LSU
[14.1] - Zn4LSU
[14.2] - Zn4LSU
[15.0] - Zn4Load
[15.1] - Zn4Load
[15.2] - Zn4Load
[16.0] - Zn4Store
[16.1] - Zn4Store
Resource pressure per iteration:
[0] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12.0] [12.1] [13] [14.0] [14.1] [14.2] [15.0] [15.1] [15.2] [16.0] [16.1]
2.66 2.67 2.67 1.16 1.28 1.52 1.32 0.72 - - - - - - - 2.66 2.67 2.67 2.66 2.67 2.67 - -
Resource pressure by instruction:
[0] [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12.0] [12.1] [13] [14.0] [14.1] [14.2] [15.0] [15.1] [15.2] [16.0] [16.1] Instructions:
0.33 0.33 0.34 - - - - - - - - - - - - 0.33 0.33 0.34 0.33 0.33 0.34 - - movq (%rdi), %rbx
0.33 0.34 0.33 - - - - - - - - - - - - 0.33 0.34 0.33 0.33 0.34 0.33 - - movq 8(%rdi), %rbp
0.34 0.33 0.33 - - - - - - - - - - - - 0.34 0.33 0.33 0.34 0.33 0.33 - - movq 16(%rdi), %r12
0.33 0.33 0.34 - - - - - - - - - - - - 0.33 0.33 0.34 0.33 0.33 0.34 - - movq 24(%rdi), %r13
0.33 0.34 0.33 - - - - - - - - - - - - 0.33 0.34 0.33 0.33 0.34 0.33 - - movq 32(%rdi), %r14
0.34 0.33 0.33 - - - - - - - - - - - - 0.34 0.33 0.33 0.34 0.33 0.33 - - movq 40(%rdi), %r15
0.33 0.33 0.34 - - - - - - - - - - - - 0.33 0.33 0.34 0.33 0.33 0.34 - - movq 48(%rdi), %rsp
- - - 0.12 0.32 0.24 0.32 - - - - - - - - - - - - - - - - cmpl $1, %esi
- - - 0.76 0.96 1.28 1.00 - - - - - - - - - - - - - - - - adcl $0, %esi
- - - - - - - - - - - - - - - - - - - - - - - movq %rsi, %rax
0.33 0.34 0.33 0.28 - - - 0.72 - - - - - - - 0.33 0.34 0.33 0.33 0.34 0.33 - - jmpq *56(%rdi)
```
https://github.com/llvm/llvm-project/pull/112769
More information about the libc-commits
mailing list