SIL: add needsStackProtection flags for address_to_pointer and index_addr instructions.

Also add new "unprotected" variants of the `addressof` builtins:
* `Builtin.unprotectedAddressOf`
* `Builtin.unprotectedAddressOfBorrow`

Author: eeckstein

SwiftCompilerSources/Sources/SIL/Instruction.swift

@@ -341,7 +341,11 @@ final public
 class RawPointerToRefInst : SingleValueInstruction, UnaryInstruction {}
 
 final public
-class AddressToPointerInst : SingleValueInstruction, UnaryInstruction {}
+class AddressToPointerInst : SingleValueInstruction, UnaryInstruction {
+  public var needsStackProtection: Bool {
+    AddressToPointerInst_needsStackProtection(bridged) != 0
+  }
+}
 
 final public
 class PointerToAddressInst : SingleValueInstruction, UnaryInstruction {}
@@ -350,6 +354,10 @@ final public
 class IndexAddrInst : SingleValueInstruction {
   public var base: Value { operands[0].value }
   public var index: Value { operands[1].value }
+  
+  public var needsStackProtection: Bool {
+    IndexAddrInst_needsStackProtection(bridged) != 0
+  }
 }
 
 final public

docs/SIL.rst

@@ -4298,7 +4298,7 @@ index_addr
 ``````````
 ::
 
-  sil-instruction ::= 'index_addr' sil-operand ',' sil-operand
+  sil-instruction ::= 'index_addr' ('[' 'stack_protection' ']')? sil-operand ',' sil-operand
 
   %2 = index_addr %0 : $*T, %1 : $Builtin.Int<n>
   // %0 must be of an address type $*T
@@ -4314,6 +4314,9 @@ special behavior in this regard, unlike ``char*`` or ``void*`` in C.) It is
 also undefined behavior to index out of bounds of an array, except to index
 the "past-the-end" address of the array.
 
+The ``stack_protection`` flag indicates that stack protection is done for
+the pointer origin.
+
 tail_addr
 `````````
 ::
@@ -6548,7 +6551,7 @@ address_to_pointer
 ``````````````````
 ::
 
-  sil-instruction ::= 'address_to_pointer' sil-operand 'to' sil-type
+  sil-instruction ::= 'address_to_pointer' ('[' 'stack_protection' ']')? sil-operand 'to' sil-type
 
   %1 = address_to_pointer %0 : $*T to $Builtin.RawPointer
   // %0 must be of an address type $*T
@@ -6560,6 +6563,9 @@ an address equivalent to ``%0``. It is undefined behavior to cast the
 ``RawPointer`` to any address type other than its original address type or
 any `layout compatible types`_.
 
+The ``stack_protection`` flag indicates that stack protection is done for
+the pointer origin.
+
 pointer_to_address
 ``````````````````
 ::

include/swift/AST/Builtins.def

@@ -339,11 +339,25 @@ BUILTIN_SIL_OPERATION(ReinterpretCast, "reinterpretCast", Special)
 /// only valid for the duration of the original binding.
 BUILTIN_SIL_OPERATION(AddressOf, "addressof", Special)
 
+/// unprotectedAddressOf (inout T) -> Builtin.RawPointer
+/// Returns a RawPointer pointing to a physical lvalue. The returned pointer is
+/// only valid for the duration of the original binding.
+/// In contrast to `addressof`, this builtin doesn't trigger an insertion of
+/// stack protectors.
+BUILTIN_SIL_OPERATION(UnprotectedAddressOf, "unprotectedAddressOf", Special)
+
 /// addressOfBorrow (__shared T) -> Builtin.RawPointer
 /// Returns a RawPointer pointing to a borrowed rvalue. The returned pointer is only
 /// valid within the scope of the borrow.
 BUILTIN_SIL_OPERATION(AddressOfBorrow, "addressOfBorrow", Special)
 
+/// unprotectedAddressOfBorrow (__shared T) -> Builtin.RawPointer
+/// Returns a RawPointer pointing to a borrowed rvalue. The returned pointer is only
+/// valid within the scope of the borrow.
+/// In contrast to `addressOfBorrow`, this builtin doesn't trigger an insertion of
+/// stack protectors.
+BUILTIN_SIL_OPERATION(UnprotectedAddressOfBorrow, "unprotectedAddressOfBorrow", Special)
+
 /// GepRaw(Builtin.RawPointer, Builtin.Word) -> Builtin.RawPointer
 ///
 /// Adds index bytes to a base pointer.

include/swift/SIL/SILBridging.h

@@ -362,6 +362,8 @@ BridgedArrayRef TermInst_getSuccessors(BridgedInstruction term);
 
 llvm::StringRef CondFailInst_getMessage(BridgedInstruction cfi);
 BridgedBuiltinID BuiltinInst_getID(BridgedInstruction bi);
+SwiftInt AddressToPointerInst_needsStackProtection(BridgedInstruction atp);
+SwiftInt IndexAddrInst_needsStackProtection(BridgedInstruction ia);
 BridgedGlobalVar GlobalAccessInst_getGlobal(BridgedInstruction globalInst);
 BridgedFunction FunctionRefBaseInst_getReferencedFunction(BridgedInstruction fri);
 llvm::StringRef StringLiteralInst_getValue(BridgedInstruction sli);

include/swift/SIL/SILBuilder.h

@@ -1094,9 +1094,9 @@ class SILBuilder {
   }
 
   AddressToPointerInst *createAddressToPointer(SILLocation Loc, SILValue Op,
-                                               SILType Ty) {
+                                               SILType Ty, bool needsStackProtection) {
     return insert(new (getModule()) AddressToPointerInst(
-        getSILDebugLocation(Loc), Op, Ty));
+        getSILDebugLocation(Loc), Op, Ty, needsStackProtection));
   }
 
   PointerToAddressInst *
@@ -2136,9 +2136,9 @@ class SILBuilder {
   //===--------------------------------------------------------------------===//
 
   IndexAddrInst *createIndexAddr(SILLocation Loc, SILValue Operand,
-                                 SILValue Index) {
+                                 SILValue Index, bool needsStackProtection) {
     return insert(new (getModule()) IndexAddrInst(getSILDebugLocation(Loc),
-                                                    Operand, Index));
+                                    Operand, Index, needsStackProtection));
   }
 
   TailAddrInst *createTailAddr(SILLocation Loc, SILValue Operand,

include/swift/SIL/SILCloner.h

@@ -1461,7 +1461,8 @@ SILCloner<ImplClass>::visitAddressToPointerInst(AddressToPointerInst *Inst) {
   recordClonedInstruction(
       Inst, getBuilder().createAddressToPointer(getOpLocation(Inst->getLoc()),
                                                 getOpValue(Inst->getOperand()),
-                                                getOpType(Inst->getType())));
+                                                getOpType(Inst->getType()),
+                                                Inst->needsStackProtection()));
 }
 
 template<typename ImplClass>
@@ -2627,7 +2628,8 @@ SILCloner<ImplClass>::visitIndexAddrInst(IndexAddrInst *Inst) {
   recordClonedInstruction(
       Inst, getBuilder().createIndexAddr(getOpLocation(Inst->getLoc()),
                                          getOpValue(Inst->getBase()),
-                                         getOpValue(Inst->getIndex())));
+                                         getOpValue(Inst->getIndex()),
+                                         Inst->needsStackProtection()));
 }
 
 template<typename ImplClass>

include/swift/SIL/SILInstruction.h

@@ -5304,9 +5304,18 @@ class AddressToPointerInst
                                 ConversionInst>
 {
   friend SILBuilder;
+  USE_SHARED_UINT8;
 
-  AddressToPointerInst(SILDebugLocation DebugLoc, SILValue Operand, SILType Ty)
-      : UnaryInstructionBase(DebugLoc, Operand, Ty) {}
+  AddressToPointerInst(SILDebugLocation DebugLoc, SILValue Operand, SILType Ty,
+                       bool needsStackProtection)
+      : UnaryInstructionBase(DebugLoc, Operand, Ty) {
+        sharedUInt8().AddressToPointerInst.needsStackProtection = needsStackProtection;
+      }
+
+public:
+  bool needsStackProtection() const {
+    return sharedUInt8().AddressToPointerInst.needsStackProtection;
+  }
 };
 
 /// PointerToAddressInst - Convert a Builtin.RawPointer value to a SIL address.
@@ -8086,11 +8095,20 @@ class IndexAddrInst
     : public InstructionBase<SILInstructionKind::IndexAddrInst,
                              IndexingInst> {
   friend SILBuilder;
+  USE_SHARED_UINT8;
 
   enum { Base, Index };
 
-  IndexAddrInst(SILDebugLocation DebugLoc, SILValue Operand, SILValue Index)
-      : InstructionBase(DebugLoc, Operand->getType(), Operand, Index) {}
+  IndexAddrInst(SILDebugLocation DebugLoc, SILValue Operand, SILValue Index,
+                bool needsStackProtection)
+      : InstructionBase(DebugLoc, Operand->getType(), Operand, Index) {
+    sharedUInt8().IndexAddrInst.needsStackProtection = needsStackProtection;
+  }
+
+public:
+  bool needsStackProtection() const {
+    return sharedUInt8().IndexAddrInst.needsStackProtection;
+  }
 };
 
 /// TailAddrInst - like IndexingInst, but aligns-up the resulting address to a

include/swift/SIL/SILNode.h

@@ -194,6 +194,8 @@ class alignas(8) SILNode :
     SHARED_FIELD(EndAccessInst, bool aborting);
     SHARED_FIELD(RefElementAddrInst, bool immutable);
     SHARED_FIELD(RefTailAddrInst, bool immutable);
+    SHARED_FIELD(AddressToPointerInst, bool needsStackProtection);
+    SHARED_FIELD(IndexAddrInst, bool needsStackProtection);
     SHARED_FIELD(HopToExecutorInst, bool mandatory);
     SHARED_FIELD(DestroyValueInst, bool poisonRefs);
     SHARED_FIELD(EndCOWMutationInst, bool keepUnique);

lib/AST/Builtins.cpp

@@ -2710,13 +2710,15 @@ ValueDecl *swift::getBuiltinValueDecl(ASTContext &Context, Identifier Id) {
     return getReinterpretCastOperation(Context, Id);
 
   case BuiltinValueKind::AddressOf:
+  case BuiltinValueKind::UnprotectedAddressOf:
     if (!Types.empty()) return nullptr;
     return getAddressOfOperation(Context, Id);
 
   case BuiltinValueKind::LegacyCondFail:
     return getLegacyCondFailOperation(Context, Id);
 
   case BuiltinValueKind::AddressOfBorrow:
+  case BuiltinValueKind::UnprotectedAddressOfBorrow:
     if (!Types.empty()) return nullptr;
     return getAddressOfBorrowOperation(Context, Id);
 

lib/SIL/IR/SILInstruction.cpp

@@ -663,9 +663,8 @@ namespace {
     }
 
     bool visitIndexAddrInst(IndexAddrInst *RHS) {
-      // We have already compared the operands/types, so we should have equality
-      // at this point.
-      return true;
+      auto *lhs = cast<IndexAddrInst>(LHS);
+      return lhs->needsStackProtection() == RHS->needsStackProtection();
     }
 
     bool visitTailAddrInst(TailAddrInst *RHS) {
@@ -772,7 +771,8 @@ namespace {
     }
 
     bool visitAddressToPointerInst(AddressToPointerInst *RHS) {
-      return true;
+      auto *lhs = cast<AddressToPointerInst>(LHS);
+      return lhs->needsStackProtection() == RHS->needsStackProtection();
     }
 
     bool visitPointerToAddressInst(PointerToAddressInst *RHS) {

lib/SIL/IR/SILPrinter.cpp

@@ -1855,6 +1855,7 @@ class SILPrinter : public SILInstructionVisitor<SILPrinter> {
     printUncheckedConversionInst(CI, CI->getOperand());
   }
   void visitAddressToPointerInst(AddressToPointerInst *CI) {
+    *this << (CI->needsStackProtection() ? "[stack_protection] " : "");
     printUncheckedConversionInst(CI, CI->getOperand());
   }
   void visitPointerToAddressInst(PointerToAddressInst *CI) {
@@ -2361,7 +2362,8 @@ class SILPrinter : public SILInstructionVisitor<SILPrinter> {
   }
 
   void visitIndexAddrInst(IndexAddrInst *IAI) {
-    *this << getIDAndType(IAI->getBase()) << ", "
+    *this << (IAI->needsStackProtection() ? "[stack_protection] " : "")
+          << getIDAndType(IAI->getBase()) << ", "
           << getIDAndType(IAI->getIndex());
   }
 

lib/SIL/Parser/ParseSIL.cpp

@@ -3721,6 +3721,7 @@ bool SILParser::parseSpecificSILInstruction(SILBuilder &B,
     SourceLoc ToLoc;
     bool not_guaranteed = false;
     bool without_actually_escaping = false;
+    bool needsStackProtection = false;
     if (Opcode == SILInstructionKind::ConvertEscapeToNoEscapeInst) {
       StringRef attrName;
       if (parseSILOptional(attrName, *this)) {
@@ -3729,7 +3730,11 @@ bool SILParser::parseSpecificSILInstruction(SILBuilder &B,
         else
           return true;
       }
+    } if (Opcode == SILInstructionKind::AddressToPointerInst) {
+      if (parseSILOptional(needsStackProtection, *this, "stack_protection"))
+        return true;
     }
+  
     if (parseTypedValueRef(Val, B) ||
         parseSILIdentifier(ToToken, ToLoc, diag::expected_tok_in_sil_instr,
                            "to"))
@@ -3793,7 +3798,7 @@ bool SILParser::parseSpecificSILInstruction(SILBuilder &B,
           B.createConvertEscapeToNoEscape(InstLoc, Val, Ty, !not_guaranteed);
       break;
     case SILInstructionKind::AddressToPointerInst:
-      ResultVal = B.createAddressToPointer(InstLoc, Val, Ty);
+      ResultVal = B.createAddressToPointer(InstLoc, Val, Ty, needsStackProtection);
       break;
     case SILInstructionKind::BridgeObjectToRefInst:
       ResultVal =
@@ -5119,11 +5124,13 @@ bool SILParser::parseSpecificSILInstruction(SILBuilder &B,
     }
     case SILInstructionKind::IndexAddrInst: {
       SILValue IndexVal;
-      if (parseTypedValueRef(Val, B) ||
+      bool needsStackProtection = false;
+      if (parseSILOptional(needsStackProtection, *this, "stack_protection") ||
+          parseTypedValueRef(Val, B) ||
           P.parseToken(tok::comma, diag::expected_tok_in_sil_instr, ",") ||
           parseTypedValueRef(IndexVal, B) || parseSILDebugLocation(InstLoc, B))
         return true;
-      ResultVal = B.createIndexAddr(InstLoc, Val, IndexVal);
+      ResultVal = B.createIndexAddr(InstLoc, Val, IndexVal, needsStackProtection);
       break;
     }
     case SILInstructionKind::TailAddrInst: {

lib/SIL/Utils/Projection.cpp

@@ -272,7 +272,9 @@ Projection::createAddressProjection(SILBuilder &B, SILLocation Loc,
         SILType::getBuiltinIntegerType(64, B.getModule().getASTContext());
     auto IntLiteralIndex =
         B.createIntegerLiteral(Loc, IntLiteralTy, getIndex());
-    return B.createIndexAddr(Loc, Base, IntLiteralIndex);
+    return B.createIndexAddr(Loc, Base, IntLiteralIndex,
+        // TODO: do we need to be conservative here?
+        /*needsStackProtection=*/ true);
   }
   case ProjectionKind::Enum:
     return B.createUncheckedTakeEnumDataAddr(Loc, Base,

lib/SIL/Utils/SILBridging.cpp

@@ -768,6 +768,14 @@ BridgedBuiltinID BuiltinInst_getID(BridgedInstruction bi) {
   return (BridgedBuiltinID)castToInst<BuiltinInst>(bi)->getBuiltinInfo().ID;
 }
 
+SwiftInt AddressToPointerInst_needsStackProtection(BridgedInstruction atp) {
+  return castToInst<AddressToPointerInst>(atp)->needsStackProtection() ? 1 : 0;
+}
+
+SwiftInt IndexAddrInst_needsStackProtection(BridgedInstruction ia) {
+  return castToInst<IndexAddrInst>(ia)->needsStackProtection() ? 1 : 0;
+}
+
 BridgedGlobalVar GlobalAccessInst_getGlobal(BridgedInstruction globalInst) {
   return {castToInst<GlobalAccessInst>(globalInst)->getReferencedGlobal()};
 }