[llvm-dev] RFC: callee saved register verifier

Sanjoy Das via llvm-dev llvm-dev at lists.llvm.org
Wed Jun 8 12:41:10 PDT 2016 

This is up for review at http://reviews.llvm.org/D21115

On Mon, May 16, 2016 at 5:06 PM, Sanjoy Das
<sanjoy at playingwithpointers.com> wrote:
> Hi Escha,
>
> escha at apple.com wrote:
>>
>> I’ve seen this done in the past without compiler support (for the case of
>> handwritten or JIT’d, etc functions that need checking).
>>
>> It worked something like this:
>>
>> 1. Pass calls to the risky functions through a macro/template or such.
>> 2. In release mode, this turns into a no-op. In debug mode, this sends the
>> calls through a handwritten asm wrapper that sets all the callee-save
>> registers to random values, then calls the function.
>> 3. When the function returns, the wrapper checks the registers are the
>> same, and if they’re not, bails to exit() and prints the invalid registers.
>>
>> This took a few dozen lines of code and worked entirely within the
>> language, so it didn’t need compiler support.
>
>
> That's certainly a design point, but assert in the compiler has some
> advantages:
>
>  - It is more scalable -- I don't have to add the verification code
>    for each new calling convention.  To have LLVM take advantage of a
>    new calling convention, we have to codify knowledge of the calling
>    convention in LLVM anyway, and it is better to re-use the
>    information as much as possible.
>
>  - Since the scheme works directly off of the calling convention as
>    encoded in LLVM, it will catch bugs in the specification on the
>    LLVM side (e.g. marking a function declaration with an incorrect
>    calling convention should fail noisily).
>
> The overarching point is that I'd rather have a single source of truth
> (the calling convention as specified in LLVM) and assert on that.
>
> -- Sanjoy
>
>>
>> —escha
>>
>>> On May 13, 2016, at 4:10 PM, Sanjoy Das via
>>> llvm-dev<llvm-dev at lists.llvm.org>  wrote:
>>>
>>> Hi David,
>>>
>>> David Blaikie wrote:
>>>>
>>>> Yeah, that's sort of what I'd be wondering too.
>>>>
>>>> It seems like if the compiler does the right thing for existing calling
>>>> conventions - I hope our architecture is such that changing the set of
>>>> callee save registers reflects on both sides (both the caller - relying
>>>> on them to be saved, and the caller implementing that guarantee). So I
>>>> wouldn't expect making weird/random calling conventions to be likely to
>>>> have any new/interesting bugs here.
>>>
>>> Yes, so far we've not had any issues with LLVM upholding its side of
>>> the deal when it comes to calling conventions.  Humans tend to be
>>> more prone to making mistakes, unfortunately.  :)
>>>
>>>> But perhaps the architecture doesn't&  can't work that way?
>>>
>>> The intention is to add verification at call-sites that call into a
>>> hand-written stub from LLVM generated code.
>>>
>>> -- Sanjoy
>>> _______________________________________________
>>> LLVM Developers mailing list
>>> llvm-dev at lists.llvm.org
>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>>
>>
>



-- 
Sanjoy Das
http://playingwithpointers.com

More information about the llvm-dev mailing list