[PATCH] D149099: [RISCV] Make SCS prologue interrupt safe on RISC-V

Paul Kirth via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Mon Apr 24 14:20:41 PDT 2023 

paulkirth created this revision.
paulkirth added reviewers: craig.topper, jrtc27, mcgrathr, phosek, asb.
Herald added subscribers: jobnoorman, luke, VincentWu, vkmr, frasercrmck, evandro, luismarques, apazos, sameer.abuasal, s.egerton, Jim, benna, psnobl, jocewei, PkmX, the_o, brucehoult, MartinMosbeck, rogfer01, edward-jones, zzheng, shiva0217, kito-cheng, niosHD, sabuasal, simoncook, johnrusso, rbar, hiraditya, arichardson.
Herald added a project: All.
paulkirth requested review of this revision.
Herald added subscribers: llvm-commits, pcwang-thead, eopXD, MaskRay.
Herald added a project: LLVM.

Prior to this patch the SCS prologue used the following instruction
sequence.

  s[w|d]  ra, 0(gp)
  addi    gp, gp, [4|8]

The problem with this sequence is that an interrupt occurring between the
store and the increment could clobber the value just written to the SCS.

https://reviews.llvm.org/D84414#inline-813203 pointed out a similar
issues that could have affected the epilogue.

This patch changes the instruction sequence in the prologue to:

  addi    gp, gp, [4|8]
  s[w|d]  ra, -[4|8](gp)

The downside to this is that there is now a data dependency between the
add and the store.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D149099

Files:
  llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
  llvm/test/CodeGen/RISCV/shadowcallstack.ll


Index: llvm/test/CodeGen/RISCV/shadowcallstack.ll
===================================================================
--- llvm/test/CodeGen/RISCV/shadowcallstack.ll
+++ llvm/test/CodeGen/RISCV/shadowcallstack.ll
@@ -34,8 +34,8 @@
 define i32 @f3() shadowcallstack {
 ; RV32-LABEL: f3:
 ; RV32:       # %bb.0:
-; RV32-NEXT:    sw ra, 0(gp)
 ; RV32-NEXT:    addi gp, gp, 4
+; RV32-NEXT:    sw ra, -4(gp)
 ; RV32-NEXT:    .cfi_escape 0x16, 0x03, 0x02, 0x73, 0x7c #
 ; RV32-NEXT:    addi sp, sp, -16
 ; RV32-NEXT:    .cfi_def_cfa_offset 16
@@ -51,8 +51,8 @@
 ;
 ; RV64-LABEL: f3:
 ; RV64:       # %bb.0:
-; RV64-NEXT:    sd ra, 0(gp)
 ; RV64-NEXT:    addi gp, gp, 8
+; RV64-NEXT:    sd ra, -8(gp)
 ; RV64-NEXT:    .cfi_escape 0x16, 0x03, 0x02, 0x73, 0x78 #
 ; RV64-NEXT:    addi sp, sp, -16
 ; RV64-NEXT:    .cfi_def_cfa_offset 16
@@ -73,8 +73,8 @@
 define i32 @f4() shadowcallstack {
 ; RV32-LABEL: f4:
 ; RV32:       # %bb.0:
-; RV32-NEXT:    sw ra, 0(gp)
 ; RV32-NEXT:    addi gp, gp, 4
+; RV32-NEXT:    sw ra, -4(gp)
 ; RV32-NEXT:    .cfi_escape 0x16, 0x03, 0x02, 0x73, 0x7c #
 ; RV32-NEXT:    addi sp, sp, -16
 ; RV32-NEXT:    .cfi_def_cfa_offset 16
@@ -108,8 +108,8 @@
 ;
 ; RV64-LABEL: f4:
 ; RV64:       # %bb.0:
-; RV64-NEXT:    sd ra, 0(gp)
 ; RV64-NEXT:    addi gp, gp, 8
+; RV64-NEXT:    sd ra, -8(gp)
 ; RV64-NEXT:    .cfi_escape 0x16, 0x03, 0x02, 0x73, 0x78 #
 ; RV64-NEXT:    addi sp, sp, -32
 ; RV64-NEXT:    .cfi_def_cfa_offset 32
@@ -153,8 +153,8 @@
 define i32 @f5() shadowcallstack nounwind {
 ; RV32-LABEL: f5:
 ; RV32:       # %bb.0:
-; RV32-NEXT:    sw ra, 0(gp)
 ; RV32-NEXT:    addi gp, gp, 4
+; RV32-NEXT:    sw ra, -4(gp)
 ; RV32-NEXT:    addi sp, sp, -16
 ; RV32-NEXT:    sw ra, 12(sp) # 4-byte Folded Spill
 ; RV32-NEXT:    call bar at plt
@@ -166,8 +166,8 @@
 ;
 ; RV64-LABEL: f5:
 ; RV64:       # %bb.0:
-; RV64-NEXT:    sd ra, 0(gp)
 ; RV64-NEXT:    addi gp, gp, 8
+; RV64-NEXT:    sd ra, -8(gp)
 ; RV64-NEXT:    addi sp, sp, -16
 ; RV64-NEXT:    sd ra, 8(sp) # 8-byte Folded Spill
 ; RV64-NEXT:    call bar at plt
Index: llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
===================================================================
--- llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
+++ llvm/lib/Target/RISCV/RISCVFrameLowering.cpp
@@ -52,18 +52,18 @@
   bool IsRV64 = STI.hasFeature(RISCV::Feature64Bit);
   int64_t SlotSize = STI.getXLen() / 8;
   // Store return address to shadow call stack
-  // s[w|d]  ra, 0(gp)
   // addi    gp, gp, [4|8]
-  BuildMI(MBB, MI, DL, TII->get(IsRV64 ? RISCV::SD : RISCV::SW))
-      .addReg(RAReg)
-      .addReg(SCSPReg)
-      .addImm(0)
-      .setMIFlag(MachineInstr::FrameSetup);
+  // s[w|d]  ra, -[4|8](gp)
   BuildMI(MBB, MI, DL, TII->get(RISCV::ADDI))
       .addReg(SCSPReg, RegState::Define)
       .addReg(SCSPReg)
       .addImm(SlotSize)
       .setMIFlag(MachineInstr::FrameSetup);
+  BuildMI(MBB, MI, DL, TII->get(IsRV64 ? RISCV::SD : RISCV::SW))
+      .addReg(RAReg)
+      .addReg(SCSPReg)
+      .addImm(-SlotSize)
+      .setMIFlag(MachineInstr::FrameSetup);
 
   // Emit a CFI instruction that causes SlotSize to be subtracted from the value
   // of the shadow stack pointer when unwinding past this frame.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D149099.516530.patch
Type: text/x-patch
Size: 3190 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20230424/4bb89d52/attachment.bin>

More information about the llvm-commits mailing list