Re: [PATCH] [PR target/96350]Force ENDBR immediate into memory to avoid fake ENDBR opcode.

[Hongtao Liu <crazylht@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 3093 bytes --]

On Tue, Aug 11, 2020 at 5:56 PM Uros Bizjak <ubizjak@gmail.com> wrote:
>
> On Tue, Aug 11, 2020 at 11:36 AM Hongtao Liu <crazylht@gmail.com> wrote:
> >
> > On Tue, Aug 11, 2020 at 4:38 PM Uros Bizjak <ubizjak@gmail.com> wrote:
> > >
> > > On Tue, Aug 11, 2020 at 5:30 AM Hongtao Liu <crazylht@gmail.com> wrote:
> > > >
> > > > Hi:
> > > >   The issue is described in the bugzilla.
> > > >   Bootstrap is ok, regression test for i386/x86-64 backend is ok.
> > > >   Ok for trunk?
> > > >
> > > > ChangeLog
> > > > gcc/
> > > >         PR target/96350
> > > >         * config/i386/i386.c (ix86_legitimate_constant_p): Return
> > > >         false for ENDBR immediate.
> > > >         (ix86_legitimate_address_p): Ditto.
> > > >         * config/i386/predicated.md
> > > >         (x86_64_immediate_operand): Exclude ENDBR immediate.
> > > >         (x86_64_zext_immediate_operand): Ditto.
> > > >         (x86_64_dwzext_immediate_operand): Ditto.
> > > >         (ix86_not_endbr_immediate_operand): New predicate.
> > > >
> > > > gcc/testsuite
> > > >         * gcc.target/i386/endbr_immediate.c: New test.
> > >
> > > +;; Return true if VALUE isn't an ENDBR opcode in immediate field.
> > > +(define_predicate "ix86_not_endbr_immediate_operand"
> > > +  (match_test "1")
> > >
> > > Please reverse the above logic to introduce
> > > ix86_endbr_immediate_operand, that returns true for unwanted
> > > immediate. Something like:
> > >
> > > (define_predicate "ix86_endbr_immediate_operand"
> > >   (match_code "const_int")
> > > ...
> > >
> > > And you will be able to use it like:
> > >
> > > if (ix86_endbr_immediate_operand (x, VOIDmode)
> > >   return false;
> > >
> >
> > Changed.
>
> No, it is not.
>
> +  if ((flag_cf_protection & CF_BRANCH)
> +      && CONST_INT_P (op))
>
> You don't need to check for const ints here.
>
> And please rewrite the body of the function to something like (untested):
>
> {
>   unsigned HOST_WIDE_INT val = TARGET_64BIT ? 0xfa1e0ff3 : 0xfb1e0ff3;
>
>   if (x == val)
>     return 1;
>
>   if (TARGET_64BIT)
>     for (; x >= val; x >>= 8)
>       if (x == val)
>         return 1;
>
>   return 0;
> }
>
> so it will at least *look* like some thoughts have been spent on this.
> I don't plan to review the code where it is obvious from the first
> look that it was thrown together in a hurry. Please get some internal
> company signoff first. Ping me in a week for a review.
>

Sorry for the hurry, i know your time is precious.

> Uros.
> >
> > >    /* Otherwise we handle everything else in the move patterns.  */
> > > -  return true;
> > > +  return ix86_not_endbr_immediate_operand (x, VOIDmode);
> > >  }
> > >
> > > Please handle this in CASE_CONST_SCALAR_INT: part.
> > >
> > > +  if (disp && !ix86_not_endbr_immediate_operand (disp, VOIDmode))
> > > +    return false;
> > >
> > > And this in:
> > >
> > >   /* Validate displacement.  */
> > >   if (disp)
> > >     {
> > >
> >
> > Changed.
>
> A better place for these new special cases is at the beginning of the
> part I referred, not at the end.
>

Yes.

> Uros.

Update patch.

-- 
BR,
Hongtao

[-- Attachment #2: 0001-Force-ENDBR-immediate-into-memory_v3.patch --]
[-- Type: text/x-patch, Size: 6385 bytes --]

From d89dfb93e54dd3a9717fdb4d3f58cccf93b15072 Mon Sep 17 00:00:00 2001
From: liuhongt <hongtao.liu@intel.com>
Date: Tue, 4 Aug 2020 10:00:13 +0800
Subject: [PATCH] Force ENDBR immediate into memory.

gcc/
	PR target/96350
	* config/i386/i386.c (ix86_legitimate_constant_p): Return
	false for ENDBR immediate.
	(ix86_legitimate_address_p): Ditto.
	* config/i386/predicated.md
	(x86_64_immediate_operand): Exclude ENDBR immediate.
	(x86_64_zext_immediate_operand): Ditto.
	(x86_64_dwzext_immediate_operand): Ditto.
	(ix86_endbr_immediate_operand): New predicate.

gcc/testsuite
	* gcc.target/i386/endbr_immediate.c: New test.
---
 gcc/config/i386/i386.c                        |   6 +
 gcc/config/i386/predicates.md                 |  30 +++
 .../gcc.target/i386/endbr_immediate.c         | 198 ++++++++++++++++++
 3 files changed, 234 insertions(+)
 create mode 100644 gcc/testsuite/gcc.target/i386/endbr_immediate.c

diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
index 8ea6a4d7ea7..ea92626e08e 100644
--- a/gcc/config/i386/i386.c
+++ b/gcc/config/i386/i386.c
@@ -10056,6 +10056,9 @@ ix86_legitimate_constant_p (machine_mode mode, rtx x)
       break;
 
     CASE_CONST_SCALAR_INT:
+      if (ix86_endbr_immediate_operand (x, VOIDmode))
+	return false;
+
       switch (mode)
 	{
 	case E_TImode:
@@ -10449,6 +10452,9 @@ ix86_legitimate_address_p (machine_mode, rtx addr, bool strict)
   /* Validate displacement.  */
   if (disp)
     {
+      if (ix86_endbr_immediate_operand (disp, VOIDmode))
+	return false;
+
       if (GET_CODE (disp) == CONST
 	  && GET_CODE (XEXP (disp, 0)) == UNSPEC
 	  && XINT (XEXP (disp, 0), 1) != UNSPEC_MACHOPIC_OFFSET)
diff --git a/gcc/config/i386/predicates.md b/gcc/config/i386/predicates.md
index 07e69d555c0..25d63bdb940 100644
--- a/gcc/config/i386/predicates.md
+++ b/gcc/config/i386/predicates.md
@@ -130,10 +130,35 @@
 (define_predicate "symbol_operand"
   (match_code "symbol_ref"))
 
+;; Return true if VALUE is an ENDBR opcode in immediate field.
+(define_predicate "ix86_endbr_immediate_operand"
+  (match_code "const_int")
+{
+  if (flag_cf_protection & CF_BRANCH)
+     {
+       unsigned HOST_WIDE_INT imm = INTVAL (op);
+       unsigned HOST_WIDE_INT val = TARGET_64BIT ? 0xfa1e0ff3 : 0xfb1e0ff3;
+
+       if (imm == val)
+	 return 1;
+
+       /* NB: Encoding is byte based.  */
+       if (TARGET_64BIT)
+	 for (; imm >= val; imm >>= 8)
+	   if (imm == val)
+	     return 1;
+      }
+
+  return 0;
+})
+
 ;; Return true if VALUE can be stored in a sign extended immediate field.
 (define_predicate "x86_64_immediate_operand"
   (match_code "const_int,symbol_ref,label_ref,const")
 {
+  if (ix86_endbr_immediate_operand (op, VOIDmode))
+    return false;
+
   if (!TARGET_64BIT)
     return immediate_operand (op, mode);
 
@@ -260,6 +285,9 @@
 (define_predicate "x86_64_zext_immediate_operand"
   (match_code "const_int,symbol_ref,label_ref,const")
 {
+  if (ix86_endbr_immediate_operand (op, VOIDmode))
+    return false;
+
   switch (GET_CODE (op))
     {
     case CONST_INT:
@@ -374,6 +402,8 @@
 (define_predicate "x86_64_dwzext_immediate_operand"
   (match_code "const_int,const_wide_int")
 {
+  if (ix86_endbr_immediate_operand (op, VOIDmode))
+    return false;
   switch (GET_CODE (op))
     {
     case CONST_INT:
diff --git a/gcc/testsuite/gcc.target/i386/endbr_immediate.c b/gcc/testsuite/gcc.target/i386/endbr_immediate.c
new file mode 100644
index 00000000000..3015512aa0e
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/endbr_immediate.c
@@ -0,0 +1,198 @@
+/* PR target/96350 */
+/* { dg-do compile } */
+/* { dg-options "-fcf-protection -O2" } */
+/* { dg-final { scan-assembler-not "$-81915917" { target { ia32 } } } } */
+/* { dg-final { scan-assembler-not "$-98693133" { target { ! ia32 } } } } *
+/* { dg-final { scan-assembler-not "$-423883778574778368" { target { ! ia32 } } } } */
+/* { dg-final { scan-assembler "\[ \t\]*-81915917" { target { ia32 } } } } */
+/* { dg-final { scan-assembler "\[ \t\]*-98693133" { target { ! ia32 } } } } */
+/* { dg-final { scan-assembler "\[ \t\]*-423883778574778368" { target { ! ia32 } } } } */
+
+
+#ifdef __x86_64__
+#define ENDBR_IMMEDIATE 0xfa1e0ff3
+#define EXTEND_ENDBR_IMMEDIATE 0xfa1e0ff300000000
+#else
+#define ENDBR_IMMEDIATE 0xfb1e0ff3
+#define EXTEND_ENDBR_IMMEDIATE 0xfffb1e0ff300
+#endif
+
+int
+foo (int a)
+{
+  return a + ENDBR_IMMEDIATE;
+}
+
+int
+foo2 (int a)
+{
+  return a - ENDBR_IMMEDIATE;
+}
+
+int
+foo3 (int a)
+{
+  return a * ENDBR_IMMEDIATE;
+}
+
+int
+foo4 (int a)
+{
+  return a | ENDBR_IMMEDIATE;
+}
+
+int
+foo5 (int a)
+{
+  return a ^ ENDBR_IMMEDIATE;
+}
+
+int
+foo6 (int a)
+{
+  return a & ENDBR_IMMEDIATE;
+}
+
+int
+foo7 (int a)
+{
+  return a > ENDBR_IMMEDIATE;
+}
+
+int
+foo8 (int a)
+{
+  return ENDBR_IMMEDIATE;
+}
+
+int
+foo9 (int* p)
+{
+  return *(p + ENDBR_IMMEDIATE);
+}
+
+int
+foo10 (int* p)
+{
+  return *(int*) ENDBR_IMMEDIATE;
+}
+
+long long
+foo11 (long long a)
+{
+  return a + EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo12 (long long a)
+{
+  return a - EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo13 (long long a)
+{
+  return a * EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo14 (long long a)
+{
+  return a | EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo15 (long long a)
+{
+  return a ^ EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo16 (long long a)
+{
+  return a & EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo17 (long long a)
+{
+  return a > EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo18 (long long a)
+{
+  return EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo19 (long long* p)
+{
+  return *(p + EXTEND_ENDBR_IMMEDIATE);
+}
+
+long long
+foo20 (long long* p)
+{
+  return *(long long*) EXTEND_ENDBR_IMMEDIATE;
+}
+
+long long
+foo21 (int a)
+{
+  return a + ENDBR_IMMEDIATE;
+}
+
+long long
+foo22 (int a)
+{
+  return a - ENDBR_IMMEDIATE;
+}
+
+long long
+foo23 (long long a)
+{
+  return a * ENDBR_IMMEDIATE;
+}
+
+long long
+foo24 (int a)
+{
+  return a | ENDBR_IMMEDIATE;
+}
+
+long long
+foo25 (int a)
+{
+  return a ^ ENDBR_IMMEDIATE;
+}
+
+long long
+foo26 (int a)
+{
+  return a & ENDBR_IMMEDIATE;
+}
+
+long long
+foo27 (int a)
+{
+  return a > ENDBR_IMMEDIATE;
+}
+
+long long
+foo28 (int a)
+{
+  return ENDBR_IMMEDIATE;
+}
+
+long long
+foo29 (int* p)
+{
+  return *(p + ENDBR_IMMEDIATE);
+}
+
+long long
+foo30 (int* p)
+{
+  return *(long long*) ENDBR_IMMEDIATE;
+}
-- 
2.18.1