Add support for using MI bundles as bundle-locked groups on x86

Use it to sandbox lea instructions with esp as the destination

Review URL: https://codereview.chromium.org/1137803004/

Author: dschuff

lib/Target/X86/X86MCInstLower.cpp

@@ -1007,6 +1007,22 @@ void X86AsmPrinter::EmitInstruction(const MachineInstr *MI) {
   X86MCInstLower MCInstLowering(*MF, *this);
   const X86RegisterInfo *RI = MF->getSubtarget<X86Subtarget>().getRegisterInfo();
 
+  // @LOCALMOD-START
+  // MI Bundles are used to represent bundle-locked groups.
+  // MBB iterators skip bundles, so when we reach a bundle head, unpack it here.
+  if (MI->isBundle()) {
+    MachineBasicBlock::const_iterator MBBI(MI);
+    MachineBasicBlock::const_instr_iterator MII (MBBI.getInstrIterator());
+    ++MBBI;
+    OutStreamer.EmitBundleLock(false);
+    while (++MII != MBBI) {
+      EmitInstruction(MII);
+    }
+    OutStreamer.EmitBundleUnlock();
+    return;
+  }
+  // @LOCALMOD-END
+
   switch (MI->getOpcode()) {
   case TargetOpcode::DBG_VALUE:
     llvm_unreachable("Should be handled target independently");

lib/Target/X86/X86NaClRewritePass.cpp

@@ -260,21 +260,37 @@ bool X86NaClRewritePass::ApplyStackSFI(MachineBasicBlock &MBB,
     return true;
   }
 
-  //  Promote 32-bit lea to 64-bit lea (does this ever happen?)
   assert(Opc != X86::LEA32r && "Invalid opcode in 64-bit mode!");
-  if (Opc == X86::LEA64_32r) {
-    unsigned DestReg = MI.getOperand(0).getReg();
+  if (Opc == X86::LEA64_32r){
     unsigned BaseReg = MI.getOperand(1).getReg();
-    unsigned Scale   = MI.getOperand(2).getImm();
-    unsigned IndexReg = MI.getOperand(3).getReg();
-    assert(DestReg == X86::ESP);
-    assert(Scale == 1);
-    assert(BaseReg == X86::EBP);
-    assert(IndexReg == 0);
-    MI.getOperand(0).setReg(X86::RSP);
-    MI.getOperand(1).setReg(X86::RBP);
-    MI.setDesc(TII->get(X86::LEA64r));
-    Opc = X86::LEA64r;
+    if (BaseReg == X86::EBP) {
+      // leal N(%ebp), %esp can be promoted to leaq N(%rbp), %rsp, which
+      // converts to SPAJDi32 below.
+      unsigned DestReg = MI.getOperand(0).getReg();
+      unsigned Scale   = MI.getOperand(2).getImm();
+      unsigned IndexReg = MI.getOperand(3).getReg();
+      assert(DestReg == X86::ESP);
+      assert(Scale == 1);
+      assert(BaseReg == X86::EBP);
+      assert(IndexReg == 0);
+      MI.getOperand(0).setReg(X86::RSP);
+      MI.getOperand(1).setReg(X86::RBP);
+      MI.setDesc(TII->get(X86::LEA64r));
+      Opc = X86::LEA64r;
+    } else {
+      // Create a MachineInstr bundle (i.e. a bundle-locked group) and fix up
+      // the stack pointer by adding R15.  TODO(dschuff): generalize this for
+      // other uses if needed, and try to replace some pseudos if
+      // possible. Eventually replace with auto-sandboxing.
+      auto NextMBBI = MBBI;
+      ++NextMBBI;
+      BuildMI(MBB, NextMBBI, MBBI->getDebugLoc(),
+              TII->get(X86::ADD64rr), X86::RSP)
+          .addReg(X86::RSP).addReg(X86::R15);
+      MIBundleBuilder(MBB, MBBI, NextMBBI);
+      finalizeBundle(MBB, MBBI.getInstrIterator());
+      return true;
+    }
   }
 
   if (Opc == X86::LEA64r && MatchesSPAdj(MI)) {

test/NaCl/X86/dynamic-stack-alloc2.ll

@@ -0,0 +1,23 @@
+; RUN: llc -mtriple=x86_64-nacl %s -o - | FileCheck %s
+
+target datalayout = "e-p:32:32-i64:64-n32"
+target triple = "le32-unknown-nacl"
+
+; CHECK-LABEL: @foo
+; CHECK: .bundle_lock
+; CHECK: leal -16({{.*}}), %esp
+; CHECK: addq %r15, %rsp
+; CHECK: .bundle_unlock
+define hidden void @foo() {
+entry:
+  br label %bb1
+; The alloca must be in a non-entry block so it gets lowered in the dag as
+; a dynamic_stackalloc node
+bb1:
+  %0 = alloca i8, i32 16, align 16
+  %1 = load i8, i8* %0, align 1
+  %call5 = call i32 @bar(i8 %1)
+  unreachable
+}
+
+declare hidden i32 @bar(i8)