[llvm-dev] what are the rules about ssp function attributes?
Andrew Kelley via llvm-dev
llvm-dev at lists.llvm.org
Wed Dec 16 19:59:01 PST 2020
On 12/16/20 4:06 PM, Fāng-ruì Sòng wrote:
> LangRef needs to be clarified. Sent https://reviews.llvm.org/D93422
>
Thanks for the improved docs!
> The behavior change was due to https://reviews.llvm.org/D91816 . How
> does Zig end up merging the attributes
> while the inliner blocks such inlining?
Here is the zig code in question:
fn llshl(r: []Limb, a: []const Limb, shift: usize) void {
@setRuntimeSafety(debug_safety);
...
r[dst_i] = carry | @call(.{ .modifier = .always_inline },
math.shr, .{
...
So we have an "always inline" call from a function which has runtime
safety disabled. Currently, having runtime safety off for a function
means that it does not get "sspstrong" attribute.
In this particular code snippet the ideal behavior from zig's
perspective would be if LLVM allowed the always_inline without the ssp
attribute, and then did the thing that the new docs mention:
> If a function with
> the ``sspstrong`` attribute is inlined into a function with the
> ``ssp`` attribute, the attribute in the caller will upgrade to
> ``sspstrong``.
Otherwise, Zig will need to keep track of callees and then recursively
figure out whether an inline call prevents omitting stack protection
attributes. Doable, but repeating the work the LLVM pass is already doing.
> If a caller without ssp inlines a callee with ssp:
> the caller may alter %gs for its own purposes
> and will break the %gs usage in the callee.
> (This one is required by the Linux kernel).
Wait a minute though, I don't understand why this needs to be the case.
If a caller without ssp inlines a callee with it, then it seems to me
that it should remove the ssp attribute from the callee at the callsite.
The %gs/Linux thing makes it sound like ssp is an ABI guarantee rather
than a safety mechanism.
I suppose "always inline" should be implemented by zig itself before
generating LLVM IR, and then it will get to decide how inlining works.
Anyway, thanks for your time and for the information.
Andrew
>
> If a ssp caller inlines a callee without ssp:
> This one is a bit unclear to me why it needs to have such semantics,
> probably because
> the callee expresses an intention (no ssp) and the caller should respect it.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20201216/f54f4a1c/attachment.sig>
More information about the llvm-dev
mailing list