[RISCV] Use software-guarded jump in the trampoline code

Author: jaidTw

llvm/lib/Target/RISCV/RISCVISelLowering.cpp

@@ -8366,18 +8366,17 @@ SDValue RISCVTargetLowering::lowerINIT_TRAMPOLINE(SDValue Op,
   // Offset with branch control flow protection enabled:
   //      0: lpad    <imm20>
   //      4: auipc   t3, 0
-  //      8: ld      t0, 28(t3)
+  //      8: ld      t2, 28(t3)
   //     12: ld      t3, 20(t3)
-  //     16: lui     t2, <imm20>
-  //     20: jalr    t0
-  //     24: <StaticChainOffset>
-  //     32: <FunctionAddressOffset>
-  //     40:
+  //     16: jalr    t2
+  //     20: <StaticChainOffset>
+  //     28: <FunctionAddressOffset>
+  //     36:
 
   const bool HasCFBranch =
       Subtarget.hasStdExtZicfilp() &&
       DAG.getMMI()->getModule()->getModuleFlag("cf-protection-branch");
-  const unsigned StaticChainIdx = HasCFBranch ? 6 : 4;
+  const unsigned StaticChainIdx = HasCFBranch ? 5 : 4;
   const unsigned StaticChainOffset = StaticChainIdx * 4;
   const unsigned FunctionAddressOffset = StaticChainOffset + 8;
 
@@ -8392,7 +8391,7 @@ SDValue RISCVTargetLowering::lowerINIT_TRAMPOLINE(SDValue Op,
   };
 
   SDValue OutChains[6];
-  SDValue OutChainsLPAD[8];
+  SDValue OutChainsLPAD[7];
   if (HasCFBranch)
     assert(std::size(OutChainsLPAD) == StaticChainIdx + 2);
   else
@@ -8431,11 +8430,11 @@ SDValue RISCVTargetLowering::lowerINIT_TRAMPOLINE(SDValue Op,
          // auipc t3, 0
          // Loads the current PC into t3.
          GetEncoding(MCInstBuilder(RISCV::AUIPC).addReg(RISCV::X28).addImm(0)),
-         // ld t0, (FunctionAddressOffset - 4)(t3)
-         // Loads the function address into t0. Note that we are using offsets
+         // ld t2, (FunctionAddressOffset - 4)(t3)
+         // Loads the function address into t2. Note that we are using offsets
          // pc-relative to the SECOND instruction of the trampoline.
          GetEncoding(MCInstBuilder(RISCV::LD)
-                         .addReg(RISCV::X5)
+                         .addReg(RISCV::X7)
                          .addReg(RISCV::X28)
                          .addImm(FunctionAddressOffset - 4)),
          // ld t3, (StaticChainOffset - 4)(t3)
@@ -8444,14 +8443,11 @@ SDValue RISCVTargetLowering::lowerINIT_TRAMPOLINE(SDValue Op,
                          .addReg(RISCV::X28)
                          .addReg(RISCV::X28)
                          .addImm(StaticChainOffset - 4)),
-         // lui t2, <imm20>
-         // Setup the landing pad value.
-         GetEncoding(MCInstBuilder(RISCV::LUI).addReg(RISCV::X7).addImm(0)),
-         // jalr t0
-         // Jump to the function.
+         // jalr t2
+         // Software-guarded jump to the function.
          GetEncoding(MCInstBuilder(RISCV::JALR)
                          .addReg(RISCV::X0)
-                         .addReg(RISCV::X5)
+                         .addReg(RISCV::X7)
                          .addImm(0))});
   }
 

llvm/test/CodeGen/RISCV/rv64-trampoline-cfi.ll

@@ -17,25 +17,27 @@ define i64 @test0(i64 %n, ptr %p) nounwind {
 ; RV64-NEXT:    sd a0, 0(sp) # 8-byte Folded Spill
 ; RV64-NEXT:    lui a0, %hi(f)
 ; RV64-NEXT:    addi a0, a0, %lo(f)
-; RV64-NEXT:    sd a0, 48(sp)
-; RV64-NEXT:    sd a1, 40(sp)
-; RV64-NEXT:    li a0, 951
-; RV64-NEXT:    sw a0, 32(sp)
+; RV64-NEXT:    sw a0, 44(sp)
+; RV64-NEXT:    srli a0, a0, 32
+; RV64-NEXT:    sw a0, 48(sp)
+; RV64-NEXT:    sw a1, 36(sp)
+; RV64-NEXT:    srli a0, a1, 32
+; RV64-NEXT:    sw a0, 40(sp)
 ; RV64-NEXT:    li a0, 23
 ; RV64-NEXT:    sw a0, 16(sp)
-; RV64-NEXT:    lui a0, 40
+; RV64-NEXT:    lui a0, 56
 ; RV64-NEXT:    addiw a0, a0, 103
-; RV64-NEXT:    sw a0, 36(sp)
-; RV64-NEXT:    lui a0, 5348
+; RV64-NEXT:    sw a0, 32(sp)
+; RV64-NEXT:    lui a0, 4324
 ; RV64-NEXT:    addiw a0, a0, -509
 ; RV64-NEXT:    sw a0, 28(sp)
-; RV64-NEXT:    lui a0, 7395
-; RV64-NEXT:    addiw a0, a0, 643
+; RV64-NEXT:    lui a0, 6371
+; RV64-NEXT:    addiw a0, a0, 899
 ; RV64-NEXT:    sw a0, 24(sp)
 ; RV64-NEXT:    lui a0, 1
 ; RV64-NEXT:    addiw a0, a0, -489
 ; RV64-NEXT:    sw a0, 20(sp)
-; RV64-NEXT:    addi a1, sp, 40
+; RV64-NEXT:    addi a1, sp, 36
 ; RV64-NEXT:    addi a0, sp, 16
 ; RV64-NEXT:    sd a0, 8(sp) # 8-byte Folded Spill
 ; RV64-NEXT:    call __clear_cache
@@ -54,25 +56,27 @@ define i64 @test0(i64 %n, ptr %p) nounwind {
 ; RV64-LINUX-NEXT:    sd a0, 0(sp) # 8-byte Folded Spill
 ; RV64-LINUX-NEXT:    lui a0, %hi(f)
 ; RV64-LINUX-NEXT:    addi a0, a0, %lo(f)
-; RV64-LINUX-NEXT:    sd a0, 48(sp)
-; RV64-LINUX-NEXT:    sd a1, 40(sp)
-; RV64-LINUX-NEXT:    li a0, 951
-; RV64-LINUX-NEXT:    sw a0, 32(sp)
+; RV64-LINUX-NEXT:    sw a0, 44(sp)
+; RV64-LINUX-NEXT:    srli a0, a0, 32
+; RV64-LINUX-NEXT:    sw a0, 48(sp)
+; RV64-LINUX-NEXT:    sw a1, 36(sp)
+; RV64-LINUX-NEXT:    srli a0, a1, 32
+; RV64-LINUX-NEXT:    sw a0, 40(sp)
 ; RV64-LINUX-NEXT:    li a0, 23
 ; RV64-LINUX-NEXT:    sw a0, 16(sp)
-; RV64-LINUX-NEXT:    lui a0, 40
+; RV64-LINUX-NEXT:    lui a0, 56
 ; RV64-LINUX-NEXT:    addiw a0, a0, 103
-; RV64-LINUX-NEXT:    sw a0, 36(sp)
-; RV64-LINUX-NEXT:    lui a0, 5348
+; RV64-LINUX-NEXT:    sw a0, 32(sp)
+; RV64-LINUX-NEXT:    lui a0, 4324
 ; RV64-LINUX-NEXT:    addiw a0, a0, -509
 ; RV64-LINUX-NEXT:    sw a0, 28(sp)
-; RV64-LINUX-NEXT:    lui a0, 7395
-; RV64-LINUX-NEXT:    addiw a0, a0, 643
+; RV64-LINUX-NEXT:    lui a0, 6371
+; RV64-LINUX-NEXT:    addiw a0, a0, 899
 ; RV64-LINUX-NEXT:    sw a0, 24(sp)
 ; RV64-LINUX-NEXT:    lui a0, 1
 ; RV64-LINUX-NEXT:    addiw a0, a0, -489
 ; RV64-LINUX-NEXT:    sw a0, 20(sp)
-; RV64-LINUX-NEXT:    addi a1, sp, 40
+; RV64-LINUX-NEXT:    addi a1, sp, 36
 ; RV64-LINUX-NEXT:    addi a0, sp, 16
 ; RV64-LINUX-NEXT:    sd a0, 8(sp) # 8-byte Folded Spill
 ; RV64-LINUX-NEXT:    li a2, 0
@@ -83,7 +87,7 @@ define i64 @test0(i64 %n, ptr %p) nounwind {
 ; RV64-LINUX-NEXT:    ld ra, 56(sp) # 8-byte Folded Reload
 ; RV64-LINUX-NEXT:    addi sp, sp, 64
 ; RV64-LINUX-NEXT:    ret
-  %alloca = alloca [40 x i8], align 8
+  %alloca = alloca [36 x i8], align 8
   call void @llvm.init.trampoline(ptr %alloca, ptr @f, ptr %p)
   %tramp = call ptr @llvm.adjust.trampoline(ptr %alloca)
   %ret = call i64 %tramp(i64 %n)