llvm · PanTao2 · Sep 29, 2025 · Oct 29, 2025 · Sep 29, 2025 · Oct 10, 2025
diff --git a/llvm/include/llvm/CodeGen/TargetLowering.h b/llvm/include/llvm/CodeGen/TargetLowering.h
@@ -2134,11 +2134,10 @@ class LLVM_ABI TargetLoweringBase {
   /// getIRStackGuard returns nullptr.
   virtual Value *getSDagStackGuard(const Module &M) const;
 
-  /// If this function returns true, stack protection checks should XOR the
-  /// frame pointer (or whichever pointer is used to address locals) into the
+  /// If this function returns true, stack protection checks should mix the
   /// stack guard value before checking it. getIRStackGuard must return nullptr
   /// if this returns true.
-  virtual bool useStackGuardXorFP() const { return false; }
+  virtual bool useStackGuardMixCookie() const { return false; }
 
   /// If the target has a standard stack protection check function that
   /// performs validation and error handling, returns the function. Otherwise,
@@ -5827,8 +5826,9 @@ class LLVM_ABI TargetLowering : public TargetLoweringBase {
   /// LOAD_STACK_GUARD node when it is lowering Intrinsic::stackprotector.
   virtual bool useLoadStackGuardNode(const Module &M) const { return false; }
 
-  virtual SDValue emitStackGuardXorFP(SelectionDAG &DAG, SDValue Val,
-                                      const SDLoc &DL) const {
+  virtual SDValue emitStackGuardMixCookie(SelectionDAG &DAG, SDValue Val,
+                                          const SDLoc &DL,
+                                          bool FailureBB) const {
     llvm_unreachable("not implemented for this target");
   }
 

diff --git a/llvm/lib/CodeGen/GlobalISel/IRTranslator.cpp b/llvm/lib/CodeGen/GlobalISel/IRTranslator.cpp
@@ -3963,8 +3963,9 @@ bool IRTranslator::emitSPDescriptorParent(StackProtectorDescriptor &SPD,
                       MachineMemOperand::MOLoad | MachineMemOperand::MOVolatile)
           .getReg(0);
 
-  if (TLI->useStackGuardXorFP()) {
-    LLVM_DEBUG(dbgs() << "Stack protector xor'ing with FP not yet implemented");
+  if (TLI->useStackGuardMixCookie()) {
+    LLVM_DEBUG(
+        dbgs() << "Stack protector mix'ing the cookie not yet implemented");
     return false;
   }
 

diff --git a/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp b/llvm/lib/CodeGen/SelectionDAG/SelectionDAGBuilder.cpp
@@ -3128,8 +3128,8 @@ void SelectionDAGBuilder::visitSPDescriptorParent(StackProtectorDescriptor &SPD,
       MachinePointerInfo::getFixedStack(DAG.getMachineFunction(), FI), Align,
       MachineMemOperand::MOVolatile);
 
-  if (TLI.useStackGuardXorFP())
-    GuardVal = TLI.emitStackGuardXorFP(DAG, GuardVal, dl);
+  if (TLI.useStackGuardMixCookie())
+    GuardVal = TLI.emitStackGuardMixCookie(DAG, GuardVal, dl, false);
 
   // If we're using function-based instrumentation, call the guard check
   // function
@@ -3237,8 +3237,8 @@ void SelectionDAGBuilder::visitSPDescriptorFailure(
         MachinePointerInfo::getFixedStack(DAG.getMachineFunction(), FI), Align,
         MachineMemOperand::MOVolatile);
 
-    if (TLI.useStackGuardXorFP())
-      GuardVal = TLI.emitStackGuardXorFP(DAG, GuardVal, dl);
+    if (TLI.useStackGuardMixCookie())
+      GuardVal = TLI.emitStackGuardMixCookie(DAG, GuardVal, dl, true);
 
     // The target provides a guard check function to validate the guard value.
     // Generate a call to that function with the content of the guard slot as
@@ -7428,8 +7428,8 @@ void SelectionDAGBuilder::visitIntrinsicCall(const CallInst &I,
                         MachinePointerInfo(Global, 0), Align,
                         MachineMemOperand::MOVolatile);
     }
-    if (TLI.useStackGuardXorFP())
-      Res = TLI.emitStackGuardXorFP(DAG, Res, sdl);
+    if (TLI.useStackGuardMixCookie())
+      Res = TLI.emitStackGuardMixCookie(DAG, Res, sdl, false);
     DAG.setRoot(Chain);
     setValue(&I, Res);
     return;

diff --git a/llvm/lib/CodeGen/StackProtector.cpp b/llvm/lib/CodeGen/StackProtector.cpp
@@ -576,7 +576,7 @@ bool InsertStackProtectors(const TargetMachine *TM, Function *F,
   // impossible to emit the check in IR, so the target *must* support stack
   // protection in SDAG.
   bool SupportsSelectionDAGSP =
-      TLI->useStackGuardXorFP() ||
+      TLI->useStackGuardMixCookie() ||
       (EnableSelectionDAGSP && !TM->Options.EnableFastISel);
   AllocaInst *AI = nullptr; // Place on stack that stores the stack guard.
   BasicBlock *FailBB = nullptr;

diff --git a/llvm/lib/Target/AArch64/AArch64ISelLowering.cpp b/llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
@@ -29242,6 +29242,24 @@ bool AArch64TargetLowering::useLoadStackGuardNode(const Module &M) const {
   return true;
 }
 
+bool AArch64TargetLowering::useStackGuardMixCookie() const {
+  // Currently only MSVC CRTs XOR the frame pointer into the stack guard value.
+  return Subtarget->getTargetTriple().isOSMSVCRT() &&
+         !getTargetMachine().Options.EnableGlobalISel;
+}
+
+SDValue AArch64TargetLowering::emitStackGuardMixCookie(SelectionDAG &DAG,
+                                                       SDValue Val,
+                                                       const SDLoc &DL,
+                                                       bool FailureBB) const {
+  if (FailureBB) {
+    return DAG.getNode(
+        ISD::ADD, DL, Val.getValueType(),
+        DAG.getRegister(getStackPointerRegisterToSaveRestore(), MVT::i64), Val);
+  }
+  return Val;
+}
+
 unsigned AArch64TargetLowering::combineRepeatedFPDivisors() const {
   // Combine multiple FDIVs with the same divisor into multiple FMULs by the
   // reciprocal if there are three or more FDIVs.

diff --git a/llvm/lib/Target/AArch64/AArch64ISelLowering.h b/llvm/lib/Target/AArch64/AArch64ISelLowering.h
@@ -363,6 +363,10 @@ class AArch64TargetLowering : public TargetLowering {
   shouldExpandAtomicCmpXchgInIR(AtomicCmpXchgInst *AI) const override;
 
   bool useLoadStackGuardNode(const Module &M) const override;
+  bool useStackGuardMixCookie() const override;
+  SDValue emitStackGuardMixCookie(SelectionDAG &DAG, SDValue Val,
+                                  const SDLoc &DL,
+                                  bool FailureBB) const override;
   TargetLoweringBase::LegalizeTypeAction
   getPreferredVectorAction(MVT VT) const override;
 

diff --git a/llvm/lib/Target/AArch64/AArch64InstrInfo.cpp b/llvm/lib/Target/AArch64/AArch64InstrInfo.cpp
@@ -2497,6 +2497,15 @@ bool AArch64InstrInfo::expandPostRAPseudo(MachineInstr &MI) const {
           .addMemOperand(*MI.memoperands_begin());
     }
   }
+  // To match MSVC
+  if (Subtarget.getTargetTriple().isOSMSVCRT() &&
+      !Subtarget.getTargetLowering()
+           ->getTargetMachine()
+           .Options.EnableGlobalISel) {
+    BuildMI(MBB, MI, DL, get(AArch64::SUBXrr), Reg)
+        .addReg(AArch64::SP)
+        .addReg(Reg, RegState::Kill);
+  }
 
   MBB.erase(MI);
 

diff --git a/llvm/lib/Target/X86/X86ISelLowering.cpp b/llvm/lib/Target/X86/X86ISelLowering.cpp
@@ -2738,13 +2738,14 @@ bool X86TargetLowering::useLoadStackGuardNode(const Module &M) const {
   return Subtarget.isTargetMachO() && Subtarget.is64Bit();
 }
 
-bool X86TargetLowering::useStackGuardXorFP() const {
+bool X86TargetLowering::useStackGuardMixCookie() const {
   // Currently only MSVC CRTs XOR the frame pointer into the stack guard value.
   return Subtarget.getTargetTriple().isOSMSVCRT() && !Subtarget.isTargetMachO();
 }
 
-SDValue X86TargetLowering::emitStackGuardXorFP(SelectionDAG &DAG, SDValue Val,
-                                               const SDLoc &DL) const {
+SDValue X86TargetLowering::emitStackGuardMixCookie(SelectionDAG &DAG,
+                                                   SDValue Val, const SDLoc &DL,
+                                                   bool FailureBB) const {
   EVT PtrTy = getPointerTy(DAG.getDataLayout());
   unsigned XorOp = Subtarget.is64Bit() ? X86::XOR64_FP : X86::XOR32_FP;
   MachineSDNode *Node = DAG.getMachineNode(XorOp, DL, PtrTy, Val);

diff --git a/llvm/lib/Target/X86/X86ISelLowering.h b/llvm/lib/Target/X86/X86ISelLowering.h
@@ -1590,11 +1590,11 @@ namespace llvm {
     Value *getIRStackGuard(IRBuilderBase &IRB) const override;
 
     bool useLoadStackGuardNode(const Module &M) const override;
-    bool useStackGuardXorFP() const override;
+    bool useStackGuardMixCookie() const override;
     void insertSSPDeclarations(Module &M) const override;
-    SDValue emitStackGuardXorFP(SelectionDAG &DAG, SDValue Val,
-                                const SDLoc &DL) const override;
-
+    SDValue emitStackGuardMixCookie(SelectionDAG &DAG, SDValue Val,
+                                    const SDLoc &DL,
+                                    bool FailureBB) const override;
 
     /// Return true if the target stores SafeStack pointer at a fixed offset in
     /// some non-standard address space, and populates the address space and

diff --git a/llvm/test/CodeGen/AArch64/arm64ec-indirect-call.ll b/llvm/test/CodeGen/AArch64/arm64ec-indirect-call.ll
@@ -32,6 +32,7 @@ define void @stackguard(ptr %g) sspreq {
 ; CHECK-NEXT:     adrp    x8, __security_cookie
 ; CHECK-NEXT:     ldr     x10, [sp, #8]
 ; CHECK-NEXT:     ldr     x8, [x8, :lo12:__security_cookie]
+; CHECK-NEXT:     sub     x8, sp, x8
 ; CHECK-NEXT:     cmp     x8, x10
 ; CHECK-NEXT:     b.ne    .LBB1_2
 ; CHECK-NEXT: // %bb.1:

diff --git a/llvm/test/CodeGen/AArch64/mingw-refptr.ll b/llvm/test/CodeGen/AArch64/mingw-refptr.ll
@@ -1,6 +1,6 @@
 ; NOTE: Assertions have been autogenerated by utils/update_llc_test_checks.py UTC_ARGS: --version 5
 ; RUN: llc < %s -mtriple=aarch64-w64-mingw32 | FileCheck %s --check-prefixes=CHECK,CHECK-SD
-; RUN: llc < %s -mtriple=aarch64-w64-mingw32 -global-isel | FileCheck %s --check-prefixes=CHECK,CHECK-GI
+; RUN: llc < %s -mtriple=aarch64-w64-mingw32 -global-isel | FileCheck %s --check-prefixes=CHECK-GI
 
 @var = external local_unnamed_addr global i32, align 4
 @dsolocalvar = external dso_local local_unnamed_addr global i32, align 4
@@ -15,6 +15,13 @@ define dso_local i32 @getVar() {
 ; CHECK-NEXT:    ldr x8, [x8, :lo12:.refptr.var]
 ; CHECK-NEXT:    ldr w0, [x8]
 ; CHECK-NEXT:    ret
+;
+; CHECK-GI-LABEL: getVar:
+; CHECK-GI:       // %bb.0: // %entry
+; CHECK-GI-NEXT:    adrp x8, .refptr.var
+; CHECK-GI-NEXT:    ldr x8, [x8, :lo12:.refptr.var]
+; CHECK-GI-NEXT:    ldr w0, [x8]
+; CHECK-GI-NEXT:    ret
 entry:
   %0 = load i32, ptr @var, align 4
   ret i32 %0
@@ -26,6 +33,12 @@ define dso_local i32 @getDsoLocalVar() {
 ; CHECK-NEXT:    adrp x8, dsolocalvar
 ; CHECK-NEXT:    ldr w0, [x8, :lo12:dsolocalvar]
 ; CHECK-NEXT:    ret
+;
+; CHECK-GI-LABEL: getDsoLocalVar:
+; CHECK-GI:       // %bb.0: // %entry
+; CHECK-GI-NEXT:    adrp x8, dsolocalvar
+; CHECK-GI-NEXT:    ldr w0, [x8, :lo12:dsolocalvar]
+; CHECK-GI-NEXT:    ret
 entry:
   %0 = load i32, ptr @dsolocalvar, align 4
   ret i32 %0
@@ -37,6 +50,12 @@ define dso_local i32 @getLocalVar() {
 ; CHECK-NEXT:    adrp x8, localvar
 ; CHECK-NEXT:    ldr w0, [x8, :lo12:localvar]
 ; CHECK-NEXT:    ret
+;
+; CHECK-GI-LABEL: getLocalVar:
+; CHECK-GI:       // %bb.0: // %entry
+; CHECK-GI-NEXT:    adrp x8, localvar
+; CHECK-GI-NEXT:    ldr w0, [x8, :lo12:localvar]
+; CHECK-GI-NEXT:    ret
 entry:
   %0 = load i32, ptr @localvar, align 4
   ret i32 %0
@@ -48,6 +67,12 @@ define dso_local i32 @getLocalCommon() {
 ; CHECK-NEXT:    adrp x8, localcommon
 ; CHECK-NEXT:    ldr w0, [x8, :lo12:localcommon]
 ; CHECK-NEXT:    ret
+;
+; CHECK-GI-LABEL: getLocalCommon:
+; CHECK-GI:       // %bb.0: // %entry
+; CHECK-GI-NEXT:    adrp x8, localcommon
+; CHECK-GI-NEXT:    ldr w0, [x8, :lo12:localcommon]
+; CHECK-GI-NEXT:    ret
 entry:
   %0 = load i32, ptr @localcommon, align 4
   ret i32 %0
@@ -60,6 +85,13 @@ define dso_local i32 @getExtVar() {
 ; CHECK-NEXT:    ldr x8, [x8, :lo12:__imp_extvar]
 ; CHECK-NEXT:    ldr w0, [x8]
 ; CHECK-NEXT:    ret
+;
+; CHECK-GI-LABEL: getExtVar:
+; CHECK-GI:       // %bb.0: // %entry
+; CHECK-GI-NEXT:    adrp x8, __imp_extvar
+; CHECK-GI-NEXT:    ldr x8, [x8, :lo12:__imp_extvar]
+; CHECK-GI-NEXT:    ldr w0, [x8]
+; CHECK-GI-NEXT:    ret
 entry:
   %0 = load i32, ptr @extvar, align 4
   ret i32 %0
@@ -69,6 +101,10 @@ define dso_local void @callFunc() {
 ; CHECK-LABEL: callFunc:
 ; CHECK:       // %bb.0: // %entry
 ; CHECK-NEXT:    b otherFunc
+;
+; CHECK-GI-LABEL: callFunc:
+; CHECK-GI:       // %bb.0: // %entry
+; CHECK-GI-NEXT:    b otherFunc
 entry:
   tail call void @otherFunc()
   ret void
@@ -89,12 +125,14 @@ define dso_local void @sspFunc() #0 {
 ; CHECK-NEXT:    add x0, sp, #7
 ; CHECK-NEXT:    ldr x8, [x8, :lo12:.refptr.__stack_chk_guard]
 ; CHECK-NEXT:    ldr x8, [x8]
+; CHECK-NEXT:    sub x8, sp, x8
 ; CHECK-NEXT:    str x8, [sp, #8]
 ; CHECK-NEXT:    bl ptrUser
 ; CHECK-NEXT:    adrp x8, .refptr.__stack_chk_guard
 ; CHECK-NEXT:    ldr x8, [x8, :lo12:.refptr.__stack_chk_guard]
 ; CHECK-NEXT:    ldr x9, [sp, #8]
 ; CHECK-NEXT:    ldr x8, [x8]
+; CHECK-NEXT:    sub x8, sp, x8
 ; CHECK-NEXT:    cmp x8, x9
 ; CHECK-NEXT:    b.ne .LBB6_2
 ; CHECK-NEXT:  // %bb.1: // %entry
@@ -110,6 +148,40 @@ define dso_local void @sspFunc() #0 {
 ; CHECK-NEXT:    brk #0x1
 ; CHECK-NEXT:    .seh_endfunclet
 ; CHECK-NEXT:    .seh_endproc
+;
+; CHECK-GI-LABEL: sspFunc:
+; CHECK-GI:       .seh_proc sspFunc
+; CHECK-GI-NEXT:  // %bb.0: // %entry
+; CHECK-GI-NEXT:    sub sp, sp, #32
+; CHECK-GI-NEXT:    .seh_stackalloc 32
+; CHECK-GI-NEXT:    str x30, [sp, #16] // 8-byte Spill
+; CHECK-GI-NEXT:    .seh_save_reg x30, 16
+; CHECK-GI-NEXT:    .seh_endprologue
+; CHECK-GI-NEXT:    adrp x8, .refptr.__stack_chk_guard
+; CHECK-GI-NEXT:    add x0, sp, #7
+; CHECK-GI-NEXT:    ldr x8, [x8, :lo12:.refptr.__stack_chk_guard]
+; CHECK-GI-NEXT:    ldr x8, [x8]
+; CHECK-GI-NEXT:    str x8, [sp, #8]
+; CHECK-GI-NEXT:    bl ptrUser
+; CHECK-GI-NEXT:    adrp x8, .refptr.__stack_chk_guard
+; CHECK-GI-NEXT:    ldr x8, [x8, :lo12:.refptr.__stack_chk_guard]
+; CHECK-GI-NEXT:    ldr x9, [sp, #8]
+; CHECK-GI-NEXT:    ldr x8, [x8]
+; CHECK-GI-NEXT:    cmp x8, x9
+; CHECK-GI-NEXT:    b.ne .LBB6_2
+; CHECK-GI-NEXT:  // %bb.1: // %entry
+; CHECK-GI-NEXT:    .seh_startepilogue
+; CHECK-GI-NEXT:    ldr x30, [sp, #16] // 8-byte Reload
+; CHECK-GI-NEXT:    .seh_save_reg x30, 16
+; CHECK-GI-NEXT:    add sp, sp, #32
+; CHECK-GI-NEXT:    .seh_stackalloc 32
+; CHECK-GI-NEXT:    .seh_endepilogue
+; CHECK-GI-NEXT:    ret
+; CHECK-GI-NEXT:  .LBB6_2: // %entry
+; CHECK-GI-NEXT:    bl __stack_chk_fail
+; CHECK-GI-NEXT:    brk #0x1
+; CHECK-GI-NEXT:    .seh_endfunclet
+; CHECK-GI-NEXT:    .seh_endproc
 entry:
   %c = alloca i8, align 1
   call void @llvm.lifetime.start.p0(i64 1, ptr nonnull %c)
@@ -134,5 +206,4 @@ attributes #0 = { sspstrong }
 ; CHECK:        .xword  var
 
 ;; NOTE: These prefixes are unused and the list is autogenerated. Do not add tests below this line:
-; CHECK-GI: {{.*}}
 ; CHECK-SD: {{.*}}
diff --git a/llvm/test/CodeGen/AArch64/stack-protector-target.ll b/llvm/test/CodeGen/AArch64/stack-protector-target.ll
@@ -31,14 +31,18 @@ declare void @_Z7CapturePi(ptr)
 
 ; WINDOWS-AARCH64: adrp x8, __security_cookie
 ; WINDOWS-AARCH64: ldr x8, [x8, :lo12:__security_cookie]
+; WINDOWS-AARCH64: sub x8, sp, x8
 ; WINDOWS-AARCH64: str x8, [sp, #8]
 ; WINDOWS-AARCH64: bl  _Z7CapturePi
-; WINDOWS-AARCH64: ldr x0, [sp, #8]
+; WINDOWS-AARCH64: ldr x8, [sp, #8]
+; WINDOWS-AARCH64: add x0, sp, x8
 ; WINDOWS-AARCH64: bl  __security_check_cookie
 
 ; WINDOWS-ARM64EC: adrp x8, __security_cookie
 ; WINDOWS-ARM64EC: ldr x8, [x8, :lo12:__security_cookie]
+; WINDOWS-ARM64EC: sub x8, sp, x8
 ; WINDOWS-ARM64EC: str x8, [sp, #8]
 ; WINDOWS-ARM64EC: bl "#_Z7CapturePi"
-; WINDOWS-ARM64EC: ldr x0, [sp, #8]
+; WINDOWS-ARM64EC: ldr x8, [sp, #8]
+; WINDOWS-ARM64EC: add x0, sp, x8
 ; WINDOWS-ARM64EC: bl "#__security_check_cookie_arm64ec"