Hide the x86-64 sandbox base address.

Prevent sandbox addresses from being written to the stack.  This
covers the following cases:

1. Function calls manually push a masked return address and jump to
the target, rather than using the call instruction.

2. When the function prolog chooses to use a frame pointer (rbp), it
saves a masked version of the old rbp.

3. Indirect branches (jumps, calls, and returns) uniformly use r11 to
construct the 64-bit target address.

4. Register r11 is marked as reserved (similar to r15) so that the
register allocator won't inadvertently spill a code address to the
stack.

These transformations can be disabled for performance testing with the
flag "-sfi-hide-sandbox-base=false".

BUG= https://code.google.com/p/nativeclient/issues/detail?id=1235
R=eliben@chromium.org, mseaborn@chromium.org

Review URL: https://codereview.chromium.org/19505003

1 files changed, 4 insertions, 4 deletions

diff --git a/test/CodeGen/X86/fast-isel-x86-64.ll b/test/CodeGen/X86/fast-isel-x86-64.ll
index acfa64582c..ae1998cd54 100644
--- a/test/CodeGen/X86/fast-isel-x86-64.ll
+++ b/test/CodeGen/X86/fast-isel-x86-64.ll
@@ -55,8 +55,8 @@ define i32 @test3_nacl64() nounwind {
 
 ; NACL64_PIC: test3_nacl64:
 ; NACL64_PIC: movl G@GOTPCREL(%rip), %eax
-; NACL64_PIC-NEXT: popq    %rcx
-; NACL64_PIC-NEXT: nacljmp %ecx, %r15
+; NACL64_PIC-NEXT: popq    %r11
+; NACL64_PIC-NEXT: nacljmp %r11, %r15
 }
 
 
@@ -316,8 +316,8 @@ define void @test23(i8* noalias sret %result) {
 ; NACL64: test23:
 ; NACL64: call
 ; NACL64: movl  %edi, %eax
-; NACL64: popq %rcx
-; NACL64: nacljmp %ecx, %r15
+; NACL64: popq %r11
+; NACL64: nacljmp %r11, %r15
 }
 
 declare i8* @foo23()