[llvm-dev] Figuring out return address of a call
Mathias Payer via llvm-dev
llvm-dev at lists.llvm.org
Sat Mar 4 13:06:07 PST 2017
Hi Sanjoy,
Thanks for the quick reply, that's very helpful.
> What are you actually trying to do with this RPC information?
I'm working on an optimized/fast shadow stack to protect against ROP
attacks. Most of the instrumentation could be done in the backend but
some of the analysis needs to be done at the midend.
I feared someone would point me towards intrinsics. I'll try to either
abuse the patchpoints as you suggested (from a first glance it looks
feasible) or split my pass into two stages where I store some
information in the midend and then inject the code directly in the
backend to get around this "moving addresses" problem (which is likely
the cleaner approach). I'll have to explore what works better.
> Btw, there is no guarantee that the store of %RAX will be the only
> instruction between callbBlock and postBlock -- I know the mid level
> optimizer is conservative around blocks whose address has been taken,
> but at the very least the register allocator can emit arbitrary spills
> / fills there.
Yes, I tried to come up with a simple example. If the function returns a
struct there's a whole bunch of spilling going on :)
Thanks again,
Mathias
> [1]: http://llvm.org/docs/StackMaps.html#llvm-experimental-patchpoint-intrinsic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170304/6d3b2c4a/attachment.sig>
More information about the llvm-dev
mailing list