[AArch64] Move PAuth codegen down the machine pipeline

To simplify handling PAuth in the machine outliner, introduce a
separate AArch64PointerAuth pass that is executed after both
Prologue/Epilogue Inserter and Machine Outliner passes.

After moving to AArch64PointerAuth, signLR and authenticateLR are
not used outside of their class anymore, so make them private and
simplify accordingly.

The new pass is added via AArch64PassConfig::addPostBBSections(),
so that it can change the code size before branch relaxation occurs.
AArch64BranchTargets is placed there too, so it can take into account
any PACI(A|B)SP instructions and not excessively add BTIs at the start
of functions.

Reviewed By: tmatheson

Differential Revision: https://reviews.llvm.org/D159357

Author: atrosinenko

llvm/lib/Target/AArch64/AArch64.h

@@ -51,6 +51,7 @@ FunctionPass *createAArch64A57FPLoadBalancing();
 FunctionPass *createAArch64A53Fix835769();
 FunctionPass *createFalkorHWPFFixPass();
 FunctionPass *createFalkorMarkStridedAccessesPass();
+FunctionPass *createAArch64PointerAuthPass();
 FunctionPass *createAArch64BranchTargetsPass();
 FunctionPass *createAArch64MIPeepholeOptPass();
 
@@ -74,6 +75,7 @@ ModulePass *createAArch64GlobalsTaggingPass();
 void initializeAArch64A53Fix835769Pass(PassRegistry&);
 void initializeAArch64A57FPLoadBalancingPass(PassRegistry&);
 void initializeAArch64AdvSIMDScalarPass(PassRegistry&);
+void initializeAArch64PointerAuthPass(PassRegistry&);
 void initializeAArch64BranchTargetsPass(PassRegistry&);
 void initializeAArch64CFIFixupPass(PassRegistry&);
 void initializeAArch64CollectLOHPass(PassRegistry &);

llvm/lib/Target/AArch64/AArch64FrameLowering.cpp

@@ -1381,42 +1381,6 @@ static void emitDefineCFAWithFP(MachineFunction &MF, MachineBasicBlock &MBB,
       .setMIFlags(MachineInstr::FrameSetup);
 }
 
-void AArch64FrameLowering::signLR(MachineFunction &MF, MachineBasicBlock &MBB,
-                                  MachineBasicBlock::iterator MBBI,
-                                  bool NeedsWinCFI, bool *HasWinCFI) {
-  const auto &MFnI = *MF.getInfo<AArch64FunctionInfo>();
-  const AArch64Subtarget &Subtarget = MF.getSubtarget<AArch64Subtarget>();
-  const TargetInstrInfo *TII = Subtarget.getInstrInfo();
-  bool EmitCFI = MFnI.needsDwarfUnwindInfo(MF);
-
-  // Debug location must be unknown, see emitPrologue().
-  DebugLoc DL;
-
-  if (MFnI.shouldSignWithBKey()) {
-    BuildMI(MBB, MBBI, DL, TII->get(AArch64::EMITBKEY))
-        .setMIFlag(MachineInstr::FrameSetup);
-  }
-
-  // No SEH opcode for this one; it doesn't materialize into an
-  // instruction on Windows.
-  BuildMI(
-      MBB, MBBI, DL,
-      TII->get(MFnI.shouldSignWithBKey() ? AArch64::PACIBSP : AArch64::PACIASP))
-      .setMIFlag(MachineInstr::FrameSetup);
-
-  if (EmitCFI) {
-    unsigned CFIIndex =
-        MF.addFrameInst(MCCFIInstruction::createNegateRAState(nullptr));
-    BuildMI(MBB, MBBI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
-        .addCFIIndex(CFIIndex)
-        .setMIFlags(MachineInstr::FrameSetup);
-  } else if (NeedsWinCFI) {
-    *HasWinCFI = true;
-    BuildMI(MBB, MBBI, DL, TII->get(AArch64::SEH_PACSignLR))
-        .setMIFlag(MachineInstr::FrameSetup);
-  }
-}
-
 void AArch64FrameLowering::emitPrologue(MachineFunction &MF,
                                         MachineBasicBlock &MBB) const {
   MachineBasicBlock::iterator MBBI = MBB.begin();
@@ -1450,8 +1414,12 @@ void AArch64FrameLowering::emitPrologue(MachineFunction &MF,
     emitShadowCallStackPrologue(*TII, MF, MBB, MBBI, DL, NeedsWinCFI,
                                 MFnI.needsDwarfUnwindInfo(MF));
 
-  if (MFnI.shouldSignReturnAddress(MF))
-    signLR(MF, MBB, MBBI, NeedsWinCFI, &HasWinCFI);
+  if (MFnI.shouldSignReturnAddress(MF)) {
+    BuildMI(MBB, MBBI, DL, TII->get(AArch64::PAUTH_PROLOGUE))
+        .setMIFlag(MachineInstr::FrameSetup);
+    if (NeedsWinCFI)
+      HasWinCFI = true; // AArch64PointerAuth pass will insert SEH_PACSignLR
+  }
 
   if (EmitCFI && MFnI.isMTETagged()) {
     BuildMI(MBB, MBBI, DL, TII->get(AArch64::EMITMTETAGGED))
@@ -1911,54 +1879,6 @@ void AArch64FrameLowering::emitPrologue(MachineFunction &MF,
   }
 }
 
-void AArch64FrameLowering::authenticateLR(MachineFunction &MF,
-                                          MachineBasicBlock &MBB,
-                                          bool NeedsWinCFI, bool *HasWinCFI) {
-  const auto &MFI = *MF.getInfo<AArch64FunctionInfo>();
-  const AArch64Subtarget &Subtarget = MF.getSubtarget<AArch64Subtarget>();
-  const TargetInstrInfo *TII = Subtarget.getInstrInfo();
-  bool EmitAsyncCFI = MFI.needsAsyncDwarfUnwindInfo(MF);
-
-  MachineBasicBlock::iterator MBBI = MBB.getFirstTerminator();
-  DebugLoc DL;
-  if (MBBI != MBB.end())
-    DL = MBBI->getDebugLoc();
-
-  // The AUTIASP instruction assembles to a hint instruction before v8.3a so
-  // this instruction can safely used for any v8a architecture.
-  // From v8.3a onwards there are optimised authenticate LR and return
-  // instructions, namely RETA{A,B}, that can be used instead. In this case the
-  // DW_CFA_AARCH64_negate_ra_state can't be emitted.
-  bool TerminatorIsCombinable =
-      MBBI != MBB.end() && (MBBI->getOpcode() == AArch64::RET_ReallyLR ||
-                            MBBI->getOpcode() == AArch64::RET);
-  if (Subtarget.hasPAuth() && TerminatorIsCombinable && !NeedsWinCFI &&
-      !MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack)) {
-    BuildMI(MBB, MBBI, DL,
-            TII->get(MFI.shouldSignWithBKey() ? AArch64::RETAB : AArch64::RETAA))
-        .copyImplicitOps(*MBBI);
-    MBB.erase(MBBI);
-  } else {
-    BuildMI(
-        MBB, MBBI, DL,
-        TII->get(MFI.shouldSignWithBKey() ? AArch64::AUTIBSP : AArch64::AUTIASP))
-        .setMIFlag(MachineInstr::FrameDestroy);
-
-    if (EmitAsyncCFI) {
-      unsigned CFIIndex =
-          MF.addFrameInst(MCCFIInstruction::createNegateRAState(nullptr));
-      BuildMI(MBB, MBBI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
-          .addCFIIndex(CFIIndex)
-          .setMIFlags(MachineInstr::FrameDestroy);
-    }
-    if (NeedsWinCFI) {
-      *HasWinCFI = true;
-      BuildMI(MBB, MBBI, DL, TII->get(AArch64::SEH_PACSignLR))
-          .setMIFlag(MachineInstr::FrameDestroy);
-    }
-  }
-}
-
 static bool isFuncletReturnInstr(const MachineInstr &MI) {
   switch (MI.getOpcode()) {
   default:
@@ -1990,8 +1910,13 @@ void AArch64FrameLowering::emitEpilogue(MachineFunction &MF,
   MachineBasicBlock::iterator EpilogStartI = MBB.end();
 
   auto FinishingTouches = make_scope_exit([&]() {
-    if (AFI->shouldSignReturnAddress(MF))
-      authenticateLR(MF, MBB, NeedsWinCFI, &HasWinCFI);
+    if (AFI->shouldSignReturnAddress(MF)) {
+      BuildMI(MBB, MBB.getFirstTerminator(), DL,
+              TII->get(AArch64::PAUTH_EPILOGUE))
+          .setMIFlag(MachineInstr::FrameDestroy);
+      if (NeedsWinCFI)
+        HasWinCFI = true; // AArch64PointerAuth pass will insert SEH_PACSignLR
+    }
     if (needsShadowCallStackPrologueEpilogue(MF))
       emitShadowCallStackEpilogue(*TII, MF, MBB, MBB.getFirstTerminator(), DL);
     if (EmitCFI)

llvm/lib/Target/AArch64/AArch64FrameLowering.h

@@ -30,13 +30,6 @@ class AArch64FrameLowering : public TargetFrameLowering {
   eliminateCallFramePseudoInstr(MachineFunction &MF, MachineBasicBlock &MBB,
                                 MachineBasicBlock::iterator I) const override;
 
-  static void signLR(MachineFunction &MF, MachineBasicBlock &MBB,
-                     MachineBasicBlock::iterator MBBI, bool NeedsWinCFI,
-                     bool *HasWinCFI);
-
-  static void authenticateLR(MachineFunction &MF, MachineBasicBlock &MBB,
-                             bool NeedsWinCFI, bool *HasWinCFI);
-
   /// emitProlog/emitEpilog - These methods insert prolog and epilog code into
   /// the function.
   void emitPrologue(MachineFunction &MF, MachineBasicBlock &MBB) const override;

llvm/lib/Target/AArch64/AArch64InstrInfo.cpp

@@ -7963,6 +7963,8 @@ AArch64InstrInfo::getOutliningTypeImpl(MachineBasicBlock::iterator &MIT,
   case AArch64::RETAA:
   case AArch64::RETAB:
   case AArch64::EMITBKEY:
+  case AArch64::PAUTH_PROLOGUE:
+  case AArch64::PAUTH_EPILOGUE:
     return outliner::InstrType::Illegal;
   }
 
@@ -8114,15 +8116,16 @@ void AArch64InstrInfo::fixupPostOutline(MachineBasicBlock &MBB) const {
 }
 
 static void signOutlinedFunction(MachineFunction &MF, MachineBasicBlock &MBB,
+                                 const AArch64InstrInfo *TII,
                                  bool ShouldSignReturnAddr) {
   if (!ShouldSignReturnAddr)
     return;
 
-  AArch64FrameLowering::signLR(MF, MBB, MBB.begin(),
-                               /*NeedsWinCFI=*/false, /*HasWinCFI=*/nullptr);
-
-  AArch64FrameLowering::authenticateLR(MF, MBB, /*NeedsWinCFI=*/false,
-                                       /*HasWinCFI=*/nullptr);
+  BuildMI(MBB, MBB.begin(), DebugLoc(), TII->get(AArch64::PAUTH_PROLOGUE))
+      .setMIFlag(MachineInstr::FrameSetup);
+  BuildMI(MBB, MBB.getFirstInstrTerminator(), DebugLoc(),
+          TII->get(AArch64::PAUTH_EPILOGUE))
+      .setMIFlag(MachineInstr::FrameDestroy);
 }
 
 void AArch64InstrInfo::buildOutlinedFrame(
@@ -8227,7 +8230,7 @@ void AArch64InstrInfo::buildOutlinedFrame(
   // If this is a tail call outlined function, then there's already a return.
   if (OF.FrameConstructionID == MachineOutlinerTailCall ||
       OF.FrameConstructionID == MachineOutlinerThunk) {
-    signOutlinedFunction(MF, MBB, ShouldSignReturnAddr);
+    signOutlinedFunction(MF, MBB, this, ShouldSignReturnAddr);
     return;
   }
 
@@ -8241,7 +8244,7 @@ void AArch64InstrInfo::buildOutlinedFrame(
                           .addReg(AArch64::LR);
   MBB.insert(MBB.end(), ret);
 
-  signOutlinedFunction(MF, MBB, ShouldSignReturnAddr);
+  signOutlinedFunction(MF, MBB, this, ShouldSignReturnAddr);
 
   FI->setOutliningStyle("Function");
 

llvm/lib/Target/AArch64/AArch64InstrInfo.td

@@ -1477,6 +1477,15 @@ def : InstAlias<"autia1716", (AUTIA1716), 0>;
 def : InstAlias<"autib1716", (AUTIB1716), 0>;
 def : InstAlias<"xpaclri", (XPACLRI), 0>;
 
+// Pseudos
+
+// Insertion point of LR signing code.
+def PAUTH_PROLOGUE : Pseudo<(outs), (ins), []>, Sched<[]>;
+// Insertion point of LR authentication code.
+// The RET terminator of the containing machine basic block may be replaced
+// with a combined RETA(A|B) instruction when rewriting this Pseudo.
+def PAUTH_EPILOGUE : Pseudo<(outs), (ins), []>, Sched<[]>;
+
 // These pointer authentication instructions require armv8.3a
 let Predicates = [HasPAuth] in {
 

llvm/lib/Target/AArch64/AArch64PointerAuth.cpp

@@ -0,0 +1,170 @@
+//===-- AArch64PointerAuth.cpp -- Harden code using PAuth ------------------==//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+
+#include "AArch64.h"
+#include "AArch64MachineFunctionInfo.h"
+#include "AArch64Subtarget.h"
+#include "llvm/CodeGen/MachineBasicBlock.h"
+#include "llvm/CodeGen/MachineInstrBuilder.h"
+#include "llvm/CodeGen/MachineModuleInfo.h"
+
+using namespace llvm;
+
+#define AARCH64_POINTER_AUTH_NAME "AArch64 Pointer Authentication"
+
+namespace {
+
+class AArch64PointerAuth : public MachineFunctionPass {
+public:
+  static char ID;
+
+  AArch64PointerAuth() : MachineFunctionPass(ID) {}
+
+  bool runOnMachineFunction(MachineFunction &MF) override;
+
+  StringRef getPassName() const override { return AARCH64_POINTER_AUTH_NAME; }
+
+private:
+  const AArch64Subtarget *Subtarget = nullptr;
+  const AArch64InstrInfo *TII = nullptr;
+
+  void signLR(MachineFunction &MF, MachineBasicBlock::iterator MBBI) const;
+
+  void authenticateLR(MachineFunction &MF,
+                      MachineBasicBlock::iterator MBBI) const;
+};
+
+} // end anonymous namespace
+
+INITIALIZE_PASS(AArch64PointerAuth, "aarch64-ptrauth",
+                AARCH64_POINTER_AUTH_NAME, false, false)
+
+FunctionPass *llvm::createAArch64PointerAuthPass() {
+  return new AArch64PointerAuth();
+}
+
+char AArch64PointerAuth::ID = 0;
+
+void AArch64PointerAuth::signLR(MachineFunction &MF,
+                                MachineBasicBlock::iterator MBBI) const {
+  const AArch64FunctionInfo *MFnI = MF.getInfo<AArch64FunctionInfo>();
+  bool UseBKey = MFnI->shouldSignWithBKey();
+  bool EmitCFI = MFnI->needsDwarfUnwindInfo(MF);
+  bool NeedsWinCFI = MF.hasWinCFI();
+
+  MachineBasicBlock &MBB = *MBBI->getParent();
+
+  // Debug location must be unknown, see AArch64FrameLowering::emitPrologue.
+  DebugLoc DL;
+
+  if (UseBKey) {
+    BuildMI(MBB, MBBI, DL, TII->get(AArch64::EMITBKEY))
+        .setMIFlag(MachineInstr::FrameSetup);
+  }
+
+  // No SEH opcode for this one; it doesn't materialize into an
+  // instruction on Windows.
+  BuildMI(MBB, MBBI, DL,
+          TII->get(UseBKey ? AArch64::PACIBSP : AArch64::PACIASP))
+      .setMIFlag(MachineInstr::FrameSetup);
+
+  if (EmitCFI) {
+    unsigned CFIIndex =
+        MF.addFrameInst(MCCFIInstruction::createNegateRAState(nullptr));
+    BuildMI(MBB, MBBI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
+        .addCFIIndex(CFIIndex)
+        .setMIFlags(MachineInstr::FrameSetup);
+  } else if (NeedsWinCFI) {
+    BuildMI(MBB, MBBI, DL, TII->get(AArch64::SEH_PACSignLR))
+        .setMIFlag(MachineInstr::FrameSetup);
+  }
+}
+
+void AArch64PointerAuth::authenticateLR(
+    MachineFunction &MF, MachineBasicBlock::iterator MBBI) const {
+  const AArch64FunctionInfo *MFnI = MF.getInfo<AArch64FunctionInfo>();
+  bool UseBKey = MFnI->shouldSignWithBKey();
+  bool EmitAsyncCFI = MFnI->needsAsyncDwarfUnwindInfo(MF);
+  bool NeedsWinCFI = MF.hasWinCFI();
+
+  MachineBasicBlock &MBB = *MBBI->getParent();
+  DebugLoc DL = MBBI->getDebugLoc();
+  // MBBI points to a PAUTH_EPILOGUE instruction to be replaced and
+  // TI points to a terminator instruction that may or may not be combined.
+  // Note that inserting new instructions "before MBBI" and "before TI" is
+  // not the same because if ShadowCallStack is enabled, its instructions
+  // are placed between MBBI and TI.
+  MachineBasicBlock::iterator TI = MBB.getFirstInstrTerminator();
+
+  // The AUTIASP instruction assembles to a hint instruction before v8.3a so
+  // this instruction can safely used for any v8a architecture.
+  // From v8.3a onwards there are optimised authenticate LR and return
+  // instructions, namely RETA{A,B}, that can be used instead. In this case the
+  // DW_CFA_AARCH64_negate_ra_state can't be emitted.
+  bool TerminatorIsCombinable =
+      TI != MBB.end() && TI->getOpcode() == AArch64::RET;
+  if (Subtarget->hasPAuth() && TerminatorIsCombinable && !NeedsWinCFI &&
+      !MF.getFunction().hasFnAttribute(Attribute::ShadowCallStack)) {
+    unsigned CombinedRetOpcode = UseBKey ? AArch64::RETAB : AArch64::RETAA;
+    BuildMI(MBB, TI, DL, TII->get(CombinedRetOpcode)).copyImplicitOps(*TI);
+    MBB.erase(TI);
+  } else {
+    unsigned AutOpcode = UseBKey ? AArch64::AUTIBSP : AArch64::AUTIASP;
+    BuildMI(MBB, MBBI, DL, TII->get(AutOpcode))
+        .setMIFlag(MachineInstr::FrameDestroy);
+
+    if (EmitAsyncCFI) {
+      unsigned CFIIndex =
+          MF.addFrameInst(MCCFIInstruction::createNegateRAState(nullptr));
+      BuildMI(MBB, MBBI, DL, TII->get(TargetOpcode::CFI_INSTRUCTION))
+          .addCFIIndex(CFIIndex)
+          .setMIFlags(MachineInstr::FrameDestroy);
+    }
+    if (NeedsWinCFI) {
+      BuildMI(MBB, MBBI, DL, TII->get(AArch64::SEH_PACSignLR))
+          .setMIFlag(MachineInstr::FrameDestroy);
+    }
+  }
+}
+
+bool AArch64PointerAuth::runOnMachineFunction(MachineFunction &MF) {
+  if (!MF.getInfo<AArch64FunctionInfo>()->shouldSignReturnAddress(true))
+    return false;
+
+  Subtarget = &MF.getSubtarget<AArch64Subtarget>();
+  TII = Subtarget->getInstrInfo();
+
+  SmallVector<MachineBasicBlock::iterator> DeletedInstrs;
+  bool Modified = false;
+
+  for (auto &MBB : MF) {
+    for (auto &MI : MBB) {
+      auto It = MI.getIterator();
+      switch (MI.getOpcode()) {
+      default:
+        // do nothing
+        break;
+      case AArch64::PAUTH_PROLOGUE:
+        signLR(MF, It);
+        DeletedInstrs.push_back(It);
+        Modified = true;
+        break;
+      case AArch64::PAUTH_EPILOGUE:
+        authenticateLR(MF, It);
+        DeletedInstrs.push_back(It);
+        Modified = true;
+        break;
+      }
+    }
+  }
+
+  for (auto MI : DeletedInstrs)
+    MI->eraseFromParent();
+
+  return Modified;
+}