Let's say I am compiling for a target that has
TARGET_PAD_SHORT_FUNCTION (example: i386 Atom) and that the
compilation flags are -fPIE -fstack-protector.
For certain functions, the starting code sequence will look like the following:
function:
call __i686.get_pc_thunk.bx
addl $_GLOBAL_OFFSET_TABLE_, %ebx
movl %gs:20, %eax # Stack-guard init
movl %eax, -12(%ebp) # Stack-guard init
__i686.get_pc_thunk.bx:
.LFB2:
nop
nop
nop
nop
nop
nop
nop
nop
movl (%esp), %ebx
ret
You can generate this by running the following:
echo "int global; void function(){global = 2;} int main(){function();
}" | ./bin/gcc -fPIE -S -fstack-protector-all -mtune=atom -march=atom
-m32 -xc -o /dev/stdout - | egrep -A10 "function:|.bx:"
Now, what I want to do is move stack guard initialization part
(consisting of the two instructions I have commented as "Stack-guard
init" into get_pc_thunk.bx for those functions that have both the
stack guard and a call to get_pc_thunk.bx. The compiler should
generate a "stack_guarded_get_pc_thunk.bx" that will do move the
%gs:20 value to the correction location on the stack instead of
executing nops. In this way some useful work can be done instead of
nops.
As far as I understand, the stack guard part is done in function.c
(called by cfgexpand.c) which adds the prologue and epilogue to the
protected functions. At this point, we are still target-independent.
The get_pc_thunk.bx is generated by the target-specific
config/i386/i386.c part (ix86_file_end).
How should I go about creating such a patch that should:
1. Check if a function has both stack guard as well as access to a
global (which would result in having the get_pc_thunk call).
2. Remove the stack guard prologue instructions.
3. Replace calls to get_pc_thunk.bx in that function to
stack_guarded_get_pc_thunk.
Specifically, what phase should this be done in?
Thanks,
