Merge commit '77bcab835aca' from llvm.org/main into next

Conflicts:
      llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
      llvm/test/Transforms/InstCombine/ptrauth-intrinsics-call.ll

rdar://156051408

Author: ahmedbougacha

llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp

@@ -4050,34 +4050,45 @@ static IntrinsicInst *findInitTrampoline(Value *Callee) {
   return nullptr;
 }
 
-Instruction *InstCombinerImpl::tryCombinePtrAuthCall(CallBase &Call) {
-  Value *Callee = Call.getCalledOperand();
-  auto *IPC = dyn_cast<IntToPtrInst>(Callee);
+Instruction *InstCombinerImpl::foldPtrAuthIntrinsicCallee(CallBase &Call) {
+  const Value *Callee = Call.getCalledOperand();
+  const auto *IPC = dyn_cast<IntToPtrInst>(Callee);
   if (!IPC || !IPC->isNoopCast(DL))
     return nullptr;
 
-  IntrinsicInst *II = dyn_cast<IntrinsicInst>(IPC->getOperand(0));
+  const auto *II = dyn_cast<IntrinsicInst>(IPC->getOperand(0));
   if (!II)
     return nullptr;
 
-  auto PtrAuthBundleOrNone = Call.getOperandBundle(LLVMContext::OB_ptrauth);
-  assert(Call.getNumOperandBundles() <= 1 &&
-         "unimplemented support for ptrauth and other bundle");
-
-  Value *NewCallee = nullptr;
-  SmallVector<OperandBundleDef, 1> NewBundles;
-  switch (II->getIntrinsicID()) {
-  default:
+  Intrinsic::ID IIID = II->getIntrinsicID();
+  if (IIID != Intrinsic::ptrauth_resign && IIID != Intrinsic::ptrauth_sign &&
+      IIID != Intrinsic::ptrauth_auth)
     return nullptr;
 
-  // call(ptrauth_resign(p)), ["ptrauth"()] ->  call p, ["ptrauth"()]
+  // Isolate the ptrauth bundle from the others.
+  std::optional<OperandBundleUse> PtrAuthBundleOrNone;
+  SmallVector<OperandBundleDef, 2> NewBundles;
+  for (unsigned BI = 0, BE = Call.getNumOperandBundles(); BI != BE; ++BI) {
+    OperandBundleUse Bundle = Call.getOperandBundleAt(BI);
+    if (Bundle.getTagID() == LLVMContext::OB_ptrauth)
+      PtrAuthBundleOrNone = Bundle;
+    else
+      NewBundles.emplace_back(Bundle);
+  }
+
+  Value *NewCallee = nullptr;
+  switch (IIID) {
+  // call(ptrauth.resign(p)), ["ptrauth"()] ->  call p, ["ptrauth"()]
   // assuming the call bundle and the sign operands match.
   case Intrinsic::ptrauth_resign: {
     if (!PtrAuthBundleOrNone)
       return nullptr;
-    auto PtrAuthBundle = *PtrAuthBundleOrNone;
-    if (II->getOperand(3) != PtrAuthBundle.Inputs[0] ||
-        II->getOperand(4) != PtrAuthBundle.Inputs[1])
+
+    // Resign result key should match bundle.
+    if (II->getOperand(3) != PtrAuthBundleOrNone->Inputs[0])
+      return nullptr;
+    // Resign result discriminator should match bundle.
+    if (II->getOperand(4) != PtrAuthBundleOrNone->Inputs[1])
       return nullptr;
 
     Value *NewBundleOps[] = {II->getOperand(1), II->getOperand(2)};
@@ -4086,14 +4097,18 @@ Instruction *InstCombinerImpl::tryCombinePtrAuthCall(CallBase &Call) {
     break;
   }
 
-  // call(ptrauth_sign(p)), ["ptrauth"()] ->  call p
+  // call(ptrauth.sign(p)), ["ptrauth"()] ->  call p
   // assuming the call bundle and the sign operands match.
+  // Non-ptrauth indirect calls are undesirable, but so is ptrauth.sign.
   case Intrinsic::ptrauth_sign: {
     if (!PtrAuthBundleOrNone)
       return nullptr;
-    auto PtrAuthBundle = *PtrAuthBundleOrNone;
-    if (II->getOperand(1) != PtrAuthBundle.Inputs[0] ||
-        II->getOperand(2) != PtrAuthBundle.Inputs[1])
+
+    // Sign key should match bundle.
+    if (II->getOperand(1) != PtrAuthBundleOrNone->Inputs[0])
+      return nullptr;
+    // Sign discriminator should match bundle.
+    if (II->getOperand(2) != PtrAuthBundleOrNone->Inputs[1])
       return nullptr;
     NewCallee = II->getOperand(0);
     break;
@@ -4103,24 +4118,21 @@ Instruction *InstCombinerImpl::tryCombinePtrAuthCall(CallBase &Call) {
   case Intrinsic::ptrauth_auth: {
     if (PtrAuthBundleOrNone)
       return nullptr;
+
     Value *NewBundleOps[] = {II->getOperand(1), II->getOperand(2)};
     NewBundles.emplace_back("ptrauth", NewBundleOps);
     NewCallee = II->getOperand(0);
     break;
   }
+  default:
+    llvm_unreachable("unexpected intrinsic ID");
   }
 
   if (!NewCallee)
     return nullptr;
 
   NewCallee = Builder.CreateBitOrPointerCast(NewCallee, Callee->getType());
-  CallBase *NewCall = nullptr;
-  if (auto *CI = dyn_cast<CallInst>(&Call)) {
-    NewCall = CallInst::Create(CI, NewBundles);
-  } else {
-    auto *IKI = cast<InvokeInst>(&Call);
-    NewCall = InvokeInst::Create(IKI, NewBundles);
-  }
+  CallBase *NewCall = CallBase::Create(&Call, NewBundles);
   NewCall->setCalledOperand(NewCallee);
   return NewCall;
 }
@@ -4313,8 +4325,8 @@ Instruction *InstCombinerImpl::visitCallBase(CallBase &Call) {
   if (IntrinsicInst *II = findInitTrampoline(Callee))
     return transformCallThroughTrampoline(Call, *II);
 
-  // Combine calls involving pointer authentication
-  if (Instruction *NewCall = tryCombinePtrAuthCall(Call))
+  // Combine calls involving pointer authentication intrinsics.
+  if (Instruction *NewCall = foldPtrAuthIntrinsicCallee(Call))
     return NewCall;
 
   // Combine calls to ptrauth constants.

llvm/lib/Transforms/InstCombine/InstCombineInternal.h

@@ -284,6 +284,14 @@ class LLVM_LIBRARY_VISIBILITY InstCombinerImpl final
                                               IntrinsicInst &Tramp);
   Instruction *tryCombinePtrAuthCall(CallBase &Call);
 
+  /// Try to optimize a call to the result of a ptrauth intrinsic, potentially
+  /// into the ptrauth call bundle:
+  /// - call(ptrauth.resign(p)), ["ptrauth"()] ->  call p, ["ptrauth"()]
+  /// - call(ptrauth.sign(p)),   ["ptrauth"()] ->  call p
+  /// as long as the key/discriminator are the same in sign and auth-bundle,
+  /// and we don't change the key in the bundle (to a potentially-invalid key.)
+  Instruction *foldPtrAuthIntrinsicCallee(CallBase &Call);
+
   /// Try to optimize a call to a ptrauth constant, into its ptrauth bundle:
   ///   call(ptrauth(f)), ["ptrauth"()] ->  call f
   /// as long as the key/discriminator are the same in constant and bundle.

llvm/test/Transforms/InstCombine/ptrauth-intrinsics-call.ll

@@ -1,52 +1,143 @@
 ; NOTE: Assertions have been autogenerated by utils/update_test_checks.py
 ; RUN: opt < %s -passes=instcombine -S | FileCheck %s
 
+define i32 @test_ptrauth_call_sign(ptr %p) {
+; CHECK-LABEL: @test_ptrauth_call_sign(
+; CHECK-NEXT:    [[V3:%.*]] = call i32 [[P:%.*]]()
+; CHECK-NEXT:    ret i32 [[V3]]
+;
+  %v0 = ptrtoint ptr %p to i64
+  %v1 = call i64 @llvm.ptrauth.sign(i64 %v0, i32 2, i64 5678)
+  %v2 = inttoptr i64 %v1 to ptr
+  %v3 = call i32 %v2() [ "ptrauth"(i32 2, i64 5678) ]
+  ret i32 %v3
+}
+
+define i32 @test_ptrauth_call_sign_otherbundle(ptr %p) {
+; CHECK-LABEL: @test_ptrauth_call_sign_otherbundle(
+; CHECK-NEXT:    [[V3:%.*]] = call i32 [[P:%.*]]() [ "somebundle"(ptr null), "otherbundle"(i64 0) ]
+; CHECK-NEXT:    ret i32 [[V3]]
+;
+  %v0 = ptrtoint ptr %p to i64
+  %v1 = call i64 @llvm.ptrauth.sign(i64 %v0, i32 2, i64 5678)
+  %v2 = inttoptr i64 %v1 to ptr
+  %v3 = call i32 %v2() [ "somebundle"(ptr null), "ptrauth"(i32 2, i64 5678), "otherbundle"(i64 0) ]
+  ret i32 %v3
+}
+
 define i32 @test_ptrauth_call_resign(ptr %p) {
 ; CHECK-LABEL: @test_ptrauth_call_resign(
-; CHECK-NEXT:    [[TMP3:%.*]] = call i32 [[P:%.*]]() [ "ptrauth"(i32 0, i64 1234) ]
-; CHECK-NEXT:    ret i32 [[TMP3]]
+; CHECK-NEXT:    [[V3:%.*]] = call i32 [[P:%.*]]() [ "ptrauth"(i32 1, i64 1234) ]
+; CHECK-NEXT:    ret i32 [[V3]]
 ;
-  %tmp0 = ptrtoint ptr %p to i64
-  %tmp1 = call i64 @llvm.ptrauth.resign(i64 %tmp0, i32 0, i64 1234, i32 2, i64 5678)
-  %tmp2 = inttoptr i64 %tmp1 to ptr
-  %tmp3 = call i32 %tmp2() [ "ptrauth"(i32 2, i64 5678) ]
-  ret i32 %tmp3
+  %v0 = ptrtoint ptr %p to i64
+  %v1 = call i64 @llvm.ptrauth.resign(i64 %v0, i32 1, i64 1234, i32 1, i64 5678)
+  %v2 = inttoptr i64 %v1 to ptr
+  %v3 = call i32 %v2() [ "ptrauth"(i32 1, i64 5678) ]
+  ret i32 %v3
 }
 
 define i32 @test_ptrauth_call_resign_blend(ptr %pp) {
 ; CHECK-LABEL: @test_ptrauth_call_resign_blend(
-; CHECK-NEXT:    [[TMP01:%.*]] = load ptr, ptr [[PP:%.*]], align 8
-; CHECK-NEXT:    [[TMP6:%.*]] = call i32 [[TMP01]]() [ "ptrauth"(i32 0, i64 1234) ]
-; CHECK-NEXT:    ret i32 [[TMP6]]
+; CHECK-NEXT:    [[V01:%.*]] = load ptr, ptr [[PP:%.*]], align 8
+; CHECK-NEXT:    [[V6:%.*]] = call i32 [[V01]]() [ "ptrauth"(i32 1, i64 1234) ]
+; CHECK-NEXT:    ret i32 [[V6]]
 ;
-  %tmp0 = load ptr, ptr %pp, align 8
-  %tmp1 = ptrtoint ptr %pp to i64
-  %tmp2 = ptrtoint ptr %tmp0 to i64
-  %tmp3 = call i64 @llvm.ptrauth.blend(i64 %tmp1, i64 5678)
-  %tmp4 = call i64 @llvm.ptrauth.resign(i64 %tmp2, i32 0, i64 1234, i32 1, i64 %tmp3)
-  %tmp5 = inttoptr i64 %tmp4 to ptr
-  %tmp6 = call i32 %tmp5() [ "ptrauth"(i32 1, i64 %tmp3) ]
-  ret i32 %tmp6
+  %v0 = load ptr, ptr %pp, align 8
+  %v1 = ptrtoint ptr %pp to i64
+  %v2 = ptrtoint ptr %v0 to i64
+  %v3 = call i64 @llvm.ptrauth.blend(i64 %v1, i64 5678)
+  %v4 = call i64 @llvm.ptrauth.resign(i64 %v2, i32 1, i64 1234, i32 1, i64 %v3)
+  %v5 = inttoptr i64 %v4 to ptr
+  %v6 = call i32 %v5() [ "ptrauth"(i32 1, i64 %v3) ]
+  ret i32 %v6
 }
 
 define i32 @test_ptrauth_call_resign_blend_2(ptr %pp) {
 ; CHECK-LABEL: @test_ptrauth_call_resign_blend_2(
-; CHECK-NEXT:    [[TMP01:%.*]] = load ptr, ptr [[PP:%.*]], align 8
-; CHECK-NEXT:    [[TMP1:%.*]] = ptrtoint ptr [[PP]] to i64
-; CHECK-NEXT:    [[TMP3:%.*]] = call i64 @llvm.ptrauth.blend(i64 [[TMP1]], i64 5678)
-; CHECK-NEXT:    [[TMP6:%.*]] = call i32 [[TMP01]]() [ "ptrauth"(i32 1, i64 [[TMP3]]) ]
-; CHECK-NEXT:    ret i32 [[TMP6]]
+; CHECK-NEXT:    [[V01:%.*]] = load ptr, ptr [[PP:%.*]], align 8
+; CHECK-NEXT:    [[V1:%.*]] = ptrtoint ptr [[PP]] to i64
+; CHECK-NEXT:    [[V3:%.*]] = call i64 @llvm.ptrauth.blend(i64 [[V1]], i64 5678)
+; CHECK-NEXT:    [[V6:%.*]] = call i32 [[V01]]() [ "ptrauth"(i32 0, i64 [[V3]]) ]
+; CHECK-NEXT:    ret i32 [[V6]]
+;
+  %v0 = load ptr, ptr %pp, align 8
+  %v1 = ptrtoint ptr %pp to i64
+  %v2 = ptrtoint ptr %v0 to i64
+  %v3 = call i64 @llvm.ptrauth.blend(i64 %v1, i64 5678)
+  %v4 = call i64 @llvm.ptrauth.resign(i64 %v2, i32 0, i64 %v3, i32 0, i64 1234)
+  %v5 = inttoptr i64 %v4 to ptr
+  %v6 = call i32 %v5() [ "ptrauth"(i32 0, i64 1234) ]
+  ret i32 %v6
+}
+
+define i32 @test_ptrauth_call_resign_mismatch_key(ptr %p) {
+; CHECK-LABEL: @test_ptrauth_call_resign_mismatch_key(
+; CHECK-NEXT:    [[V0:%.*]] = ptrtoint ptr [[P:%.*]] to i64
+; CHECK-NEXT:    [[V1:%.*]] = call i64 @llvm.ptrauth.resign(i64 [[V0]], i32 1, i64 1234, i32 0, i64 5678)
+; CHECK-NEXT:    [[V2:%.*]] = inttoptr i64 [[V1]] to ptr
+; CHECK-NEXT:    [[V3:%.*]] = call i32 [[V2]]() [ "ptrauth"(i32 1, i64 5678) ]
+; CHECK-NEXT:    ret i32 [[V3]]
+;
+  %v0 = ptrtoint ptr %p to i64
+  %v1 = call i64 @llvm.ptrauth.resign(i64 %v0, i32 1, i64 1234, i32 0, i64 5678)
+  %v2 = inttoptr i64 %v1 to ptr
+  %v3 = call i32 %v2() [ "ptrauth"(i32 1, i64 5678) ]
+  ret i32 %v3
+}
+
+define i32 @test_ptrauth_call_resign_mismatch_disc(ptr %p) {
+; CHECK-LABEL: @test_ptrauth_call_resign_mismatch_disc(
+; CHECK-NEXT:    [[V0:%.*]] = ptrtoint ptr [[P:%.*]] to i64
+; CHECK-NEXT:    [[V1:%.*]] = call i64 @llvm.ptrauth.resign(i64 [[V0]], i32 1, i64 1234, i32 0, i64 9900)
+; CHECK-NEXT:    [[V2:%.*]] = inttoptr i64 [[V1]] to ptr
+; CHECK-NEXT:    [[V3:%.*]] = call i32 [[V2]]() [ "ptrauth"(i32 1, i64 5678) ]
+; CHECK-NEXT:    ret i32 [[V3]]
 ;
-  %tmp0 = load ptr, ptr %pp, align 8
-  %tmp1 = ptrtoint ptr %pp to i64
-  %tmp2 = ptrtoint ptr %tmp0 to i64
-  %tmp3 = call i64 @llvm.ptrauth.blend(i64 %tmp1, i64 5678)
-  %tmp4 = call i64 @llvm.ptrauth.resign(i64 %tmp2, i32 1, i64 %tmp3, i32 0, i64 1234)
-  %tmp5 = inttoptr i64 %tmp4 to ptr
-  %tmp6 = call i32 %tmp5() [ "ptrauth"(i32 0, i64 1234) ]
-  ret i32 %tmp6
+  %v0 = ptrtoint ptr %p to i64
+  %v1 = call i64 @llvm.ptrauth.resign(i64 %v0, i32 1, i64 1234, i32 0, i64 9900)
+  %v2 = inttoptr i64 %v1 to ptr
+  %v3 = call i32 %v2() [ "ptrauth"(i32 1, i64 5678) ]
+  ret i32 %v3
 }
 
+define i32 @test_ptrauth_call_resign_mismatch_blend(ptr %pp) {
+; CHECK-LABEL: @test_ptrauth_call_resign_mismatch_blend(
+; CHECK-NEXT:    [[V0:%.*]] = load ptr, ptr [[PP:%.*]], align 8
+; CHECK-NEXT:    [[V1:%.*]] = ptrtoint ptr [[PP]] to i64
+; CHECK-NEXT:    [[V2:%.*]] = ptrtoint ptr [[V0]] to i64
+; CHECK-NEXT:    [[V6:%.*]] = call i64 @llvm.ptrauth.blend(i64 [[V1]], i64 5678)
+; CHECK-NEXT:    [[V4:%.*]] = call i64 @llvm.ptrauth.resign(i64 [[V2]], i32 1, i64 1234, i32 1, i64 [[V6]])
+; CHECK-NEXT:    [[V5:%.*]] = inttoptr i64 [[V4]] to ptr
+; CHECK-NEXT:    [[V3:%.*]] = call i32 [[V5]]() [ "ptrauth"(i32 1, i64 [[V1]]) ]
+; CHECK-NEXT:    ret i32 [[V3]]
+;
+  %v0 = load ptr, ptr %pp, align 8
+  %v1 = ptrtoint ptr %pp to i64
+  %v2 = ptrtoint ptr %v0 to i64
+  %v3 = call i64 @llvm.ptrauth.blend(i64 %v1, i64 5678)
+  %v4 = call i64 @llvm.ptrauth.resign(i64 %v2, i32 1, i64 1234, i32 1, i64 %v3)
+  %v5 = inttoptr i64 %v4 to ptr
+  %v6 = call i32 %v5() [ "ptrauth"(i32 1, i64 %v1) ]
+  ret i32 %v6
+}
+
+; Downstream, we allow changing keys
+
+define i32 @test_ptrauth_call_resign_changing_call_key(ptr %p) {
+; CHECK-LABEL: @test_ptrauth_call_resign_changing_call_key(
+; CHECK-NEXT:    [[V3:%.*]] = call i32 [[P:%.*]]() [ "ptrauth"(i32 0, i64 1234) ]
+; CHECK-NEXT:    ret i32 [[V3]]
+;
+  %v0 = ptrtoint ptr %p to i64
+  %v1 = call i64 @llvm.ptrauth.resign(i64 %v0, i32 0, i64 1234, i32 1, i64 5678)
+  %v2 = inttoptr i64 %v1 to ptr
+  %v3 = call i32 %v2() [ "ptrauth"(i32 1, i64 5678) ]
+  ret i32 %v3
+}
+
+; Downstream, we fold auth into the call
+
 define i32 @test_ptrauth_call_auth(ptr %p) {
 ; CHECK-LABEL: @test_ptrauth_call_auth(
 ; CHECK-NEXT:    [[TMP3:%.*]] = call i32 [[P:%.*]]() [ "ptrauth"(i32 2, i64 5678) ]
@@ -59,19 +150,6 @@ define i32 @test_ptrauth_call_auth(ptr %p) {
   ret i32 %tmp3
 }
 
-define i32 @test_ptrauth_call_sign(ptr %p) {
-; CHECK-LABEL: @test_ptrauth_call_sign(
-; CHECK-NEXT:    [[TMP3:%.*]] = call i32 [[P:%.*]]()
-; CHECK-NEXT:    ret i32 [[TMP3]]
-;
-  %tmp0 = ptrtoint ptr %p to i64
-  %tmp1 = call i64 @llvm.ptrauth.sign(i64 %tmp0, i32 2, i64 5678)
-  %tmp2 = inttoptr i64 %tmp1 to ptr
-  %tmp3 = call i32 %tmp2() [ "ptrauth"(i32 2, i64 5678) ]
-  ret i32 %tmp3
-}
-
-declare i64 @llvm.ptrauth.auth(i64, i32, i64)
 declare i64 @llvm.ptrauth.sign(i64, i32, i64)
 declare i64 @llvm.ptrauth.resign(i64, i32, i64, i32, i64)
 declare i64 @llvm.ptrauth.blend(i64, i64)