Lower stacksave/restore.
Lower ctlz, cttz, bswap, and popcount. Popcount is just
done with a helper call. Ctz can use the clz instruction
after reversing the bits.

We can only crosstest stacksave/restore for now which
happens to be written in C for the C99 VLAs. The CXX
crosstests I can't seem to compile with the arm-cross-g++
(missing headers), so I will check that later after
resolving the cross compilation issue.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4076
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/1222943003 .

When compiling with DEBUG, there is a problem linking
InstMIPS32. It overrides dump, but never defined that.

Also, update the code for some recent changes.  Namely, we
no longer check ALLOW_DUMP but instead check
BuildDefs::dump().  Also, the instruction dtors have been
deleted.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4167
R=kschimpf@google.com

Review URL: https://codereview.chromium.org/1214863019 .

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4167
R=jvoung@chromium.org

Review URL: https://codereview.chromium.org/1176133004 .

Patch from Reed Kotler <reed.kotler@imgtec.com>.

This CL introduces the X86Inst templates. The previous implementation relied on template specialization which did not played nice with the new design. This required a lot of other boilerplate code (i.e., tons of new named constructors, one for each X86Inst.)

This CL also moves X8632 code out of the X86Base{Impl}?.h files so that they are **almost** target agnostic. As we move to adding other X86 targets more methods will be moved to the target-specific trait class (e.g., call/ret/argument lowering.)

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4077
R=jvoung@chromium.org

Review URL: https://codereview.chromium.org/1216933015.

Accidentally resurrected during rebase when it shouldn't have been.

BUG=
R=jvoung@chromium.org

Review URL: https://codereview.chromium.org/1217503011.

There were many // comment used to document classes, functions etc. but
those are not picked up by doxygen which expects /// comments. This
converts many comments from // to /// in order to improve the generated
documentation.

BUG=
R=jvoung@chromium.org, kschimpf@google.com

Review URL: https://codereview.chromium.org/1216963007.

The original arithmetic lowering was introducing some
unused mov instructions from legalization (e.g., the upper
part of shift num bits -- which should be 0 anyway), and
div helper calls don't actually use the legalized
parameters (handled separately by lowerCall). These unused
instructions cause the Om1 allocator to assert that LRBegin
exists but LREnd does not.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4076
R=kschimpf@google.com

Review URL: https://codereview.chromium.org/1210073017.

As part of the refactoring moves the MachineTraits<TargetX8632> to a separate header.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4077
R=jvoung@chromium.org

Review URL: https://codereview.chromium.org/1216033004.

Deals with fact that minimal builds generate simple "generic" error
messages, rather than descriptive error messages.

BUG=None
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1209083005.

BUG=none
R=jpp@chromium.org, kschimpf@google.com

Review URL: https://codereview.chromium.org/1219883003.

ARM normally just returns 0 when dividing by 0 with the
software and hw implementations, which is different from
what X86 does. So, for NaCl, we've modified LLVM to trap
by inserting explicit 0 checks.

Uses -mattr=hwdiv-arm attribute to decide if 32-bit
sdiv/udiv are supported.

Also lower the unreachable-inst to a trap-inst, since we
need a trap instruction for divide by 0 anyway.

Misc: fix switch test under MINIMAL=1, since ARM requires
allow_dump for filetype=asm.
Random clang-format changes...

TODO: check via cross tests

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4076
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1214693004.

If the bitcode parser detects that the last block in the function
is missing a terminator, generate an error message and insert
a terminator instruction.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4214
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1210013005.

No bool-folding optimization, just the straightforward
compare followed by mov and conditional mov.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4076
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1211243005.

A naive implementation of switch lowering using sequential tests for each of the cases.

BUG= none
TEST=switch-opt.ll
R=jvoung@chromium.org

Review URL: https://codereview.chromium.org/1213593002.

BUG=none
R=jvoung@chromium.org, stichnot@chromium.org

Review URL: https://codereview.chromium.org/1207823002.

IceCfg::getAssembler() is a template that simply static_casts the CFG's assembler. This could potentially be problematic in the future, so we enabled the (relatively) cheap llvm dyn_cast operator for Assemblers.

This CL also renames assembler_mips32.h to IceAssemblerMIPS32.h.

BUG=
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1211863004.

It tests dump output and therefore requires allow_dump.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4212
R=jvoung@chromium.org

Review URL: https://codereview.chromium.org/1214043002.

Uses pragmas when including problematic LLVM headers, so that clang
doesn't warn about unused parameters -- a rampant problem in the LLVM
code.  This way, we can increase clang's pickiness on Subzero code,
and also not drown in LLVM warnings.

BUG= none
R=jpp@chromium.org, jvoung@chromium.org

Review URL: https://codereview.chromium.org/1217433002

Also fixes the X8664 Registers file.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4077
R=kschimpf@google.com

Review URL: https://codereview.chromium.org/1212393005.

BUG=
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1211103004.

Fixes constructor InstBr when it is a conditional branch, and the
true and false branches are the same.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4212
R=jpp@chromium.org, stichnot@chromium.org

Review URL: https://codereview.chromium.org/1215443002.

PURPOSE:
The purpose of function layout reordering is to defend against code-reuse attacks as the location of code blocks will be various among different binaries. The layout reordering for global variables and pooled constants can be considered as static data randomization. This is to stop memory corruption attacks by randomizing the locations of the static data. After function layout reordering, the order of function blocks in TEXT section will be randomized. Global variable reordering randomize the order of global variables, and pooled constant reordering randomize the order of pooled constants. Note the order of constant pools won’t be affected and all pooled constants will remain in their original constant pools.

USAGE:
-reorder-functions: bool type command line option, enables function layout shuffling in TEXT section. Note when -threads=0 is set, function reordering will be forced off.

-reorder-functions-window-size: uint32 type command line option, specify the length of the shuffling queue. Note -reorder-functions-window-size=0 or 1 means no shuffling applied to functions.

-reorder-global-variables: bool type command line option, enables global variables shuffling.

-reorder-pooled-constants: bool type command line option, enables pooled constants shuffling.

APPROACH:
Randomization is introduced at the code emission time. We use a shuffling method to randomize the emission of function code, global variables and pooled constants. For function code emission, we also introduce “window size” as a parameter to control the size of the function holding buffer for shuffling. Window size 1 and 0 mean no shuffling applied, and a value higher than the number of translated functions means holding all the functions and shuffling them before emitting any of them.

IMPLEMENTATION:
    Function reordering:
        GlobalContext::emitItems(): Call RandomShuffle() routine to shuffle a specific part of the Pending vector.

    Global variable reorder:
        GlobalContext::lowerGlobals(const IceString &SectionSuffix): Call RandomShuffle() routine upon declaration list: Globals.

    Pooled constant reordering:
        TargetDataX8632::emitConstantPool(GlobalContext *Ctx): Add call to RandomShuffle() to shuffle the constant pool to be emitted. This is for asm output.

        ELFObjectWriter::writeConstantPool(Type Tu): Add call to RandomShuffle() to shuffle the constant pool before emitting it. This is only for elf output.

ISSUES:
    The initialization of global variables are emitted along with function code, all of them are considered as EmitterWorkItem. However, we do need to first emit global variables to keep the block profiling workflow untouched. To fulfill this, a “kind” check is added in the while loop of GlobalContext::emitItems(). The “if” statement at line 480 shows the workaround of this issue.
BUG=
R=jpp@chromium.org, jvoung@chromium.org, stichnot@chromium.org

Review URL: https://codereview.chromium.org/1206723003.

This "include module header first" is part of the llvm style guide.

This change exposes "broken" headers that were accessing undefined types, or
even using types without forward declaring them.

BUG=
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1202253002.

Also fixes a set of warnings that only show up for the cmake build.

BUG= none
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/1208673003

It turns out that using using TargetLowering::<member> causes problems when compiling with g++. The problem was fixed by using
Machine:: instead, where Machine is the template parameter. With name-dependent identifier, g++ does the right thing.

BUG= None
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1208663002.

Try to make most #ifdef'd code be compiled under all configurations,
to catch code rot earlier.  When #ifdef code is required, try to use
it only to guard trivial code like "return;".

BUG= none
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/1197863003

Jan correctly pointed out that this makefie definition was redundant
since -lLLVMNaClBitTestUtils was already defined in LLVM_LIBS_LIST.
Removing the definition and simplifying makefile.

BUG=None
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/1211593003.

Related changes:
NaCl change: https://codereview.chromium.org/1201483005
LLVM change: https://codereview.chromium.org/1193843016

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4077
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1199043006.

Emacs will try to execute .dir-locals.el whenever loading a file under
the subzero directory.  It sets local variables depending on the mode.

Set the fill-column to 80 for c++-mode, c-mode, and python-mode.  The
main use is when using M-q to reformat multi-line comments.

Disable tabs (use spaces instead) in c++-mode, c-mode, and
python-mode.

Set the tab-width to 2 spaces in python-mode.  (The tab-width doesn't
really matter in c++-mode or c-mode thanks to clang-format.)

BUG= none
R=kschimpf@google.com

Review URL: https://codereview.chromium.org/1199133005

Fixes how (very) large size entries in the TYPE_CODE_NUMENTRY is
handled when reading bitcode. Makes sure that we con't call
vector.resize() with too large a value (replacing an allocation
exception with a parse error).

Also tries to clean up type modeling of bitcode indices (references to
values etc in the bitcode). Uses common type NaClBcIndexSize_t and
NaClRelBcIndexSize_t (defined in nacl) to describe these (32-bit)
values.

Note: We use cast truncation of 64-bit values to NaClBcIndexSize_t and
NaClRelBcIndexSize_t, since negative value indices are stored both as
32 and 64 bit values. The truncation cast handles this differences
correctly (and efficiently).

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4195
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1182323011

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4077
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1202533003.

Look for "() override {}" and "() final {}" patterns.

Don't touch IceTargetLoweringX8632.* to spare a refactoring in
progress.

BUG= none
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/1201023002

BUG=None
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1205463002

This has been added to allow fuzzing to be applied to textual bitcode
records. When built with make option TEXTUAL_BITCODE=1, the
corresponding generated pnacl-sz will preprocess the input file
(containing the textual form of bitcode records) and generate
a corresponding data stream with the binary form.

Note that the texual form of bitcode records is not LLVM assembly
(i.e. .ll files). Rather, it is sequences of texual integers
corresponding to bitcode records.

Dependent on: https://codereview.chromium.org/1191393004

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4169
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1190413004

Some recent ARM changes turned out to break the lit tests for the MINIMAL build.  Two main issues:

1. ARM tests are currently asm-only, so allow_dump needs to be required.

2. GlobalContext::emitFileHeader() needs to return gracefully instead of calling report_fatal_error(), to allow error tests to produce the right error output.

BUG= none
R=kschimpf@google.com

Review URL: https://codereview.chromium.org/1202563002

Adds named constructors to initialzers. Removes destructor from Inst.

BUG= None
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1181013016.

The read-modify-write (RMW) optimization looks for patterns like this:

  a = Load addr
  b = <op> a, other
  Store b, addr

and essentially transforms them into this:

  RMW <op>, addr, other

This CL also applies the transformation when the middle instruction is
  b = <op> other, a
and <op> is commutative.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4095
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/1193103005

Also change the pattern "foo() {}" into "foo() = default;" for ctors and dtors.

Generally avoids initializing unique_ptr<> members to nullptr in a .h file, because that requires knowing the definition of the underlying class which may not be available to all includers.

BUG= none
R=jpp@chromium.org

Review URL: https://codereview.chromium.org/1197223002

GOAL:
The goal is to remove the ability of an attacker to control immediates emitted into the text section.

OPTION:
The option -randomize-pool-immediates is set to none by default (-randomize-pool-immediates=none). To turn on constant blinding, set -randomize-pool-immediates=randomize; to turn on constant pooling, use -randomize-pool-immediates=pool.

Not all constant integers in the input pexe file will be randomized or pooled. The signed representation of a candidate constant integer must be between -randomizeOrPoolImmediatesThreshold/2 and +randomizeOrPoolImmediatesThreshold/2. This threshold value can be set with command line option: "-randomize-pool-threshold". By default this threshold is set to 0xffff.

The constants introduced by instruction lowering (e.g. constants in shifting, masking) and argument lowering are not blinded in this way. The mask used for sandboxing is not affected either.

APPROACH:
We use GAS syntax in these examples.

Constant blinding for immediates:
Original:
    add 0x1234, eax
After:
    mov 0x1234+cookie, temp_reg
    lea -cookie[temp_reg], temp_reg
    add temp_reg, eax

Constant blinding for memory addressing offsets:
Original:
  mov 0x1234(eax, esi, 1), ebx
After:
  lea 0x1234+cookie(eax), temp_reg
  mov -cookie(temp_reg, esi, 1), ebx

We use "lea" here because it won't affect flag register, so it is safer to transform immediate-involved instructions.

Constant pooling for immediates:
Original:
    add 0x1234, eax
After:
    mov [memory label of 0x1234], temp_reg
    add temp_reg, eax

Constant pooling for addressing offsets:
Original:
  mov 0x1234, eax
After:
  mov [memory label of 0x1234], temp_reg
  mov temp_reg, eax

Note in both cases, temp_reg may be assigned with "eax" here, depends on the
liveness analysis. So this approach may not require extra register.

IMPLEMENTATION:
  Processing:
   TargetX8632::randomizeOrPoolImmediate(Constant *Immediate, int32_t RegNum);
   TargetX8632::randomizeOrPoolImmediate(OperandX8632Mem *Memoperand, int32_t RegNum);

  Checking eligibility:
    ConstantInteger32::shouldBeRandomizedOrPooled(const GlobalContext *Ctx);

ISSUES:
1. bool Ice::TargetX8632::RandomizationPoolingPaused is used to guard some translation phases to disable constant blinding/pooling temporally. Helper class BoolFlagSaver is added to latch the value of RandomizationPoolingPaused.

Known phases that need to be guarded are: doLoadOpt() and advancedPhiLowering(). However, during advancedPhiLowering(), if the destination variable has a physical register allocated, constant blinding and pooling are allowed. Stopping blinding/pooling for doLoadOpt() won't hurt our randomization or pooling as the optimized addressing operands will be processed again in genCode() phase.

2. i8 and i16 constants are collected with different constant pools now, instead of sharing a same constant pool with i32 constants. This requires emitting two more pools during constants lowering, hence create two more read-only data sections in the resulting ELF and ASM. No runtime issues have been observed so far.

BUG=
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1185703004.

Actually assign arguments to r0-r3 at the call site. Previously
this was left unhandled. There was only logic for pulling
formal parameters out of r0-r3.

Refactor the GPR counter and move it into a class so that the
rounding up for i64 arguments is in one place for callsites
and for pulling out of parameters. We might be able to use a
similar pattern to count the FP/SIMD registers later.

BUG= https://code.google.com/p/nativeclient/issues/detail?id=4076
R=stichnot@chromium.org

Review URL: https://codereview.chromium.org/1187513006.