Suzero. X8664. NaCl Sandboxing.

src/IceTargetLoweringX86BaseImpl.h

 //===- subzero/src/IceTargetLoweringX86BaseImpl.h - x86 lowering -*- C++ -*-==//
 //
 //                        The Subzero Code Generator
 //
 // This file is distributed under the University of Illinois Open Source
 // License. See LICENSE.TXT for details.
 //
 //===----------------------------------------------------------------------===//
 ///
 /// \file
@@ skipping 290 matching lines @@
 }
 
 template <typename TraitsType>
 void TargetX86Base<TraitsType>::initNodeForLowering(CfgNode *Node) {
   FoldingInfo.init(Node);
   FoldingInfo.dump(Func);
 }
 
 template <typename TraitsType>
 TargetX86Base<TraitsType>::TargetX86Base(Cfg *Func)
-    : TargetLowering(Func) {
+    : TargetLowering(Func), NeedSandboxing(Ctx->getFlags().getUseSandboxing()) {
   static_assert(
       (Traits::InstructionSet::End - Traits::InstructionSet::Begin) ==
           (TargetInstructionSet::X86InstructionSet_End -
            TargetInstructionSet::X86InstructionSet_Begin),
       "Traits::InstructionSet range different from TargetInstructionSet");
   if (Func->getContext()->getFlags().getTargetInstructionSet() !=
       TargetInstructionSet::BaseInstructionSet) {
     InstructionSet = static_cast<InstructionSetEnum>(
         (Func->getContext()->getFlags().getTargetInstructionSet() -
          TargetInstructionSet::X86InstructionSet_Begin) +
         Traits::InstructionSet::Begin);
   }
 }
 
 template <typename TraitsType>
 void TargetX86Base<TraitsType>::staticInit(const ClFlags &Flags) {
-  Traits::initRegisterSet(&TypeToRegisterSet, &RegisterAliases, &ScratchRegs);
+  Traits::initRegisterSet(Flags, &TypeToRegisterSet, &RegisterAliases,
+                          &ScratchRegs);
   PcRelFixup = Traits::FK_PcRel;
   AbsFixup = Flags.getUseNonsfi() ? Traits::FK_Gotoff : Traits::FK_Abs;
 }
 
 template <typename TraitsType> void TargetX86Base<TraitsType>::translateO2() {
   TimerMarker T(TimerStack::TT_O2, Func);
 
   if (!Traits::Is64Bit && Func->getContext()->getFlags().getUseNonsfi()) {
     GotVar = Func->makeVariable(IceType_i32);
   }
+
+  if (NeedSandboxing) {
+    initSandbox();
+  }
+
   genTargetHelperCalls();
   Func->dump("After target helper call insertion");
 
   // Merge Alloca instructions, and lay out the stack.
   static constexpr bool SortAndCombineAllocas = true;
   Func->processAllocas(SortAndCombineAllocas);
   Func->dump("After Alloca processing");
 
   if (!Ctx->getFlags().getPhiEdgeSplit()) {
     // Lower Phi instructions.
@@ skipping 100 matching lines @@
   // particular, no transformations that insert or reorder CfgNodes should be
   // done after branch optimization. We go ahead and do it before nop insertion
   // to reduce the amount of work needed for searching for opportunities.
   Func->doBranchOpt();
   Func->dump("After branch optimization");
 
   // Nop insertion if -nop-insertion is enabled.
   Func->doNopInsertion();
 
   // Mark nodes that require sandbox alignment
-  if (Ctx->getFlags().getUseSandboxing())
+  if (NeedSandboxing) {
     Func->markNodesForSandboxing();
+  }
 }
 
 template <typename TraitsType> void TargetX86Base<TraitsType>::translateOm1() {
   TimerMarker T(TimerStack::TT_Om1, Func);
 
   if (!Traits::Is64Bit && Func->getContext()->getFlags().getUseNonsfi()) {
     GotVar = Func->makeVariable(IceType_i32);
   }
+
+  if (NeedSandboxing) {
+    initSandbox();
+  }
+
   genTargetHelperCalls();
 
   // Do not merge Alloca instructions, and lay out the stack.
   static constexpr bool SortAndCombineAllocas = false;
   Func->processAllocas(SortAndCombineAllocas);
   Func->dump("After Alloca processing");
 
   Func->placePhiLoads();
   if (Func->hasError())
     return;
@@ skipping 22 matching lines @@
     return;
   Func->dump("After stack frame mapping");
 
   // Shuffle basic block order if -reorder-basic-blocks is enabled.
   Func->shuffleNodes();
 
   // Nop insertion if -nop-insertion is enabled.
   Func->doNopInsertion();
 
   // Mark nodes that require sandbox alignment
-  if (Ctx->getFlags().getUseSandboxing())
+  if (NeedSandboxing)
     Func->markNodesForSandboxing();
 }
 
 inline bool canRMW(const InstArithmetic *Arith) {
   Type Ty = Arith->getDest()->getType();
   // X86 vector instructions write to a register and have no RMW option.
   if (isVectorType(Ty))
     return false;
   bool isI64 = Ty == IceType_i64;
 
@@ skipping 281 matching lines @@
 IceString TargetX86Base<TraitsType>::getRegName(SizeT RegNum, Type Ty) const {
   return Traits::getRegName(Traits::getGprForType(Ty, RegNum));
 }
 
 template <typename TraitsType>
 void TargetX86Base<TraitsType>::emitVariable(const Variable *Var) const {
   if (!BuildDefs::dump())
     return;
   Ostream &Str = Ctx->getStrEmit();
   if (Var->hasReg()) {
-    Str << "%" << getRegName(Var->getRegNum(), Var->getType());
+    const bool Is64BitSandboxing = Traits::Is64Bit && NeedSandboxing;
+    const Type VarType = (Var->isRematerializable() && Is64BitSandboxing)
+                             ? IceType_i64
+                             : Var->getType();
+    Str << "%" << getRegName(Var->getRegNum(), VarType);
     return;
   }
   if (Var->mustHaveReg()) {
     llvm::report_fatal_error(
         "Infinite-weight Variable has no register assigned");
   }
   const int32_t Offset = Var->getStackOffset();
   int32_t BaseRegNum = Var->getBaseRegNum();
   if (BaseRegNum == Variable::NoRegister)
     BaseRegNum = getFrameOrStackReg();
@@ skipping 92 matching lines @@
     return Var64On32->getLo();
   if (auto *Const = llvm::dyn_cast<ConstantInteger64>(Operand)) {
     auto *ConstInt = llvm::dyn_cast<ConstantInteger32>(
         Ctx->getConstantInt32(static_cast<int32_t>(Const->getValue())));
     // Check if we need to blind/pool the constant.
     return legalize(ConstInt);
   }
   if (auto *Mem = llvm::dyn_cast<X86OperandMem>(Operand)) {
     auto *MemOperand = X86OperandMem::create(
         Func, IceType_i32, Mem->getBase(), Mem->getOffset(), Mem->getIndex(),
-        Mem->getShift(), Mem->getSegmentRegister(), Mem->getIsPIC());
+        Mem->getShift(), Mem->getSegmentRegister(), Mem->getIsRebased());
     // Test if we should randomize or pool the offset, if so randomize it or
     // pool it then create mem operand with the blinded/pooled constant.
     // Otherwise, return the mem operand as ordinary mem operand.
     return legalize(MemOperand);
   }
   llvm_unreachable("Unsupported operand type");
   return nullptr;
 }
 
 template <typename TraitsType>
@@ skipping 19 matching lines @@
     } else if (auto *IntOffset = llvm::dyn_cast<ConstantInteger32>(Offset)) {
       Offset = Ctx->getConstantInt32(4 + IntOffset->getValue());
     } else if (auto *SymOffset = llvm::dyn_cast<ConstantRelocatable>(Offset)) {
       assert(!Utils::WouldOverflowAdd(SymOffset->getOffset(), 4));
       Offset =
           Ctx->getConstantSym(4 + SymOffset->getOffset(), SymOffset->getName(),
                               SymOffset->getSuppressMangling());
     }
     auto *MemOperand = X86OperandMem::create(
         Func, IceType_i32, Mem->getBase(), Offset, Mem->getIndex(),
-        Mem->getShift(), Mem->getSegmentRegister(), Mem->getIsPIC());
+        Mem->getShift(), Mem->getSegmentRegister(), Mem->getIsRebased());
     // Test if the Offset is an eligible i32 constants for randomization and
     // pooling. Blind/pool it if it is. Otherwise return as oridinary mem
     // operand.
     return legalize(MemOperand);
   }
   llvm_unreachable("Unsupported operand type");
   return nullptr;
 }
 
 template <typename TraitsType>
 llvm::SmallBitVector
 TargetX86Base<TraitsType>::getRegisterSet(RegSetMask Include,
                                           RegSetMask Exclude) const {
-  return Traits::getRegisterSet(Include, Exclude);
+  return Traits::getRegisterSet(Ctx->getFlags(), Include, Exclude);
 }
 
 template <typename TraitsType>
 void TargetX86Base<TraitsType>::initGotVarIfNeeded() {
   if (!Func->getContext()->getFlags().getUseNonsfi())
     return;
   if (Traits::Is64Bit) {
     // Probably no implementation is needed, but error to be safe for now.
     llvm::report_fatal_error(
         "Need to implement initGotVarIfNeeded() for 64-bit.");
@@ skipping 39 matching lines @@
     _and(esp, Ctx->getConstantInt32(-Alignment));
   }
 
   Variable *Dest = Inst->getDest();
   Operand *TotalSize = legalize(Inst->getSizeInBytes());
 
   if (const auto *ConstantTotalSize =
           llvm::dyn_cast<ConstantInteger32>(TotalSize)) {
     const uint32_t Value =
         Utils::applyAlignment(ConstantTotalSize->getValue(), Alignment);
-    if (!UseFramePointer) {
+    if (UseFramePointer) {
+      _sub_sp(Ctx->getConstantInt32(Value));
+    } else {
       // If we don't need a Frame Pointer, this alloca has a known offset to the
       // stack pointer. We don't need adjust the stack pointer, nor assign any
       // value to Dest, as Dest is rematerializable.
       assert(Dest->isRematerializable());
       FixedAllocaSizeBytes += Value;
       Context.insert<InstFakeDef>(Dest);
-    } else {
-      _sub(esp, Ctx->getConstantInt32(Value));
     }
   } else {
     // Non-constant sizes need to be adjusted to the next highest multiple of
     // the required alignment at runtime.
-    Variable *T = makeReg(Traits::WordType);
-    if (Traits::Is64Bit && TotalSize->getType() != IceType_i64) {
+    Variable *T = nullptr;
+    if (Traits::Is64Bit && TotalSize->getType() != IceType_i64 &&
+        !NeedSandboxing) {
+      T = makeReg(IceType_i64);
       _movzx(T, TotalSize);
     } else {
+      T = makeReg(IceType_i32);
       _mov(T, TotalSize);
     }
     _add(T, Ctx->getConstantInt32(Alignment - 1));
     _and(T, Ctx->getConstantInt32(-Alignment));
-    _sub(esp, T);
+    _sub_sp(T);
   }
   // Add enough to the returned address to account for the out args area.
   uint32_t OutArgsSize = maxOutArgsSizeBytes();
   if (OutArgsSize > 0) {
     Variable *T = makeReg(IceType_i32);
     auto *CalculateOperand = X86OperandMem::create(
-        Func, IceType_i32, esp, Ctx->getConstantInt(IceType_i32, OutArgsSize));
+        Func, IceType_void, esp, Ctx->getConstantInt(IceType_i32, OutArgsSize));
     _lea(T, CalculateOperand);
     _mov(Dest, T);
   } else {
     _mov(Dest, esp);
   }
 }
 
 /// Strength-reduce scalar integer multiplication by a constant (for i32 or
 /// narrower) for certain constants. The lea instruction can be used to multiply
 /// by 3, 5, or 9, and the lsh instruction can be used to multiply by powers of
 /// 2. These can be combined such that e.g. multiplying by 100 can be done as 2
 /// lea-based multiplies by 5, combined with left-shifting by 2.
 template <typename TraitsType>
 bool TargetX86Base<TraitsType>::optimizeScalarMul(Variable *Dest, Operand *Src0,
                                                   int32_t Src1) {
   // Disable this optimization for Om1 and O0, just to keep things simple
   // there.
   if (Ctx->getFlags().getOptLevel() < Opt_1)
     return false;
   Type Ty = Dest->getType();
-  Variable *T = nullptr;
   if (Src1 == -1) {
+    Variable *T = nullptr;
     _mov(T, Src0);
     _neg(T);
     _mov(Dest, T);
     return true;
   }
   if (Src1 == 0) {
     _mov(Dest, Ctx->getConstantZero(Ty));
     return true;
   }
   if (Src1 == 1) {
+    Variable *T = nullptr;
     _mov(T, Src0);
     _mov(Dest, T);
     return true;
   }
   // Don't bother with the edge case where Src1 == MININT.
   if (Src1 == -Src1)
     return false;
   const bool Src1IsNegative = Src1 < 0;
   if (Src1IsNegative)
     Src1 = -Src1;
@@ skipping 17 matching lines @@
       Src1 /= 3;
     } else if (Src1 % 2 == 0) {
       if (Count2 == 0)
         ++CountOps;
       ++Count2;
       Src1 /= 2;
     } else {
       return false;
     }
   }
-  // Lea optimization only works for i32 type, not i1/i8/i16/i64.
-  if (Ty != IceType_i32 && (Count3 || Count5 || Count9))
+  // Lea optimization only works for i16 and i32 types, not i8.
+  if (Ty != IceType_i32 && !(Traits::Is64Bit && Ty == IceType_i64) &&
+      (Count3 || Count5 || Count9))
     return false;
   // Limit the number of lea/shl operations for a single multiply, to a
   // somewhat arbitrary choice of 3.
   constexpr uint32_t MaxOpsForOptimizedMul = 3;
   if (CountOps > MaxOpsForOptimizedMul)
     return false;
-  _mov(T, Src0);
+  Variable *T = makeReg(Traits::WordType);
+  if (typeWidthInBytes(Src0->getType()) < typeWidthInBytes(T->getType())) {
+    _movzx(T, Src0);
+  } else {
+    _mov(T, Src0);
+  }
   Constant *Zero = Ctx->getConstantZero(IceType_i32);
   for (uint32_t i = 0; i < Count9; ++i) {
     constexpr uint16_t Shift = 3; // log2(9-1)
     _lea(T, X86OperandMem::create(Func, IceType_void, T, Zero, T, Shift));
   }
   for (uint32_t i = 0; i < Count5; ++i) {
     constexpr uint16_t Shift = 2; // log2(5-1)
     _lea(T, X86OperandMem::create(Func, IceType_void, T, Zero, T, Shift));
   }
   for (uint32_t i = 0; i < Count3; ++i) {
@@ skipping 2379 matching lines @@
   }
   case Intrinsics::Memmove: {
     lowerMemmove(Instr->getArg(0), Instr->getArg(1), Instr->getArg(2));
     return;
   }
   case Intrinsics::Memset: {
     lowerMemset(Instr->getArg(0), Instr->getArg(1), Instr->getArg(2));
     return;
   }
   case Intrinsics::NaClReadTP: {
-    if (Ctx->getFlags().getUseSandboxing()) {
+    if (NeedSandboxing) {
       Operand *Src =
           dispatchToConcrete(&ConcreteTarget::createNaClReadTPSrcOperand);
       Variable *Dest = Instr->getDest();
       Variable *T = nullptr;
       _mov(T, Src);
       _mov(Dest, T);
     } else {
       InstCall *Call = makeHelperCall(H_call_read_tp, Instr->getDest(), 0);
       lowerCall(Call);
     }
     return;
   }
   case Intrinsics::Setjmp: {
     InstCall *Call = makeHelperCall(H_call_setjmp, Instr->getDest(), 1);
     Call->addArg(Instr->getArg(0));
     lowerCall(Call);
     return;
   }
   case Intrinsics::Sqrt: {
     Operand *Src = legalize(Instr->getArg(0));
     Variable *Dest = Instr->getDest();
     Variable *T = makeReg(Dest->getType());
     _sqrtss(T, Src);
     _mov(Dest, T);
     return;
   }
   case Intrinsics::Stacksave: {
-    Variable *esp =
-        Func->getTarget()->getPhysicalRegister(getStackReg(), Traits::WordType);
+    if (!Traits::Is64Bit || !NeedSandboxing) {
+      Variable *esp = Func->getTarget()->getPhysicalRegister(getStackReg(),
+                                                             Traits::WordType);
+      Variable *Dest = Instr->getDest();
+      _mov(Dest, esp);
+      return;
+    }
+    Variable *esp = Func->getTarget()->getPhysicalRegister(
+        Traits::RegisterSet::Reg_esp, IceType_i32);
     Variable *Dest = Instr->getDest();
     _mov(Dest, esp);
+
     return;
   }
   case Intrinsics::Stackrestore: {
     Operand *Src = Instr->getArg(0);
-    const Type SrcTy = Src->getType();
-    Variable *esp = Func->getTarget()->getPhysicalRegister(
-        Traits::getGprForType(SrcTy, getStackReg()), SrcTy);
-    _redefined(_mov(esp, Src));
+    _mov_sp(Src);
     return;
   }
+
   case Intrinsics::Trap:
     _ud2();
     return;
   case Intrinsics::UnknownIntrinsic:
     Func->setError("Should not be lowering UnknownIntrinsic");
     return;
   }
   return;
 }
 
@@ skipping 688 matching lines @@
     lowerCast(InstCast::create(Func, InstCast::Zext, ValExtVar, Val));
     ValExt = ValExtVar;
   }
   InstCall *Call = makeHelperCall(H_call_memset, nullptr, 3);
   Call->addArg(Dest);
   Call->addArg(ValExt);
   Call->addArg(Count);
   lowerCall(Call);
 }
 
-template <typename TraitsType>
-void TargetX86Base<TraitsType>::lowerIndirectJump(Variable *JumpTarget) {
-  const bool NeedSandboxing = Ctx->getFlags().getUseSandboxing();
-  if (Traits::Is64Bit) {
-    Variable *T = makeReg(IceType_i64);
-    _movzx(T, JumpTarget);
-    JumpTarget = T;
-  }
-  if (NeedSandboxing) {
-    _bundle_lock();
-    const SizeT BundleSize =
-        1 << Func->getAssembler<>()->getBundleAlignLog2Bytes();
-    _and(JumpTarget, Ctx->getConstantInt32(~(BundleSize - 1)));
-  }
-  _jmp(JumpTarget);
-  if (NeedSandboxing)
-    _bundle_unlock();
-}
-
 inline bool isAdd(const Inst *Inst) {
   if (auto *Arith = llvm::dyn_cast_or_null<const InstArithmetic>(Inst)) {
     return (Arith->getOp() == InstArithmetic::Add);
   }
   return false;
 }
 
 inline void dumpAddressOpt(const Cfg *Func,
                            const ConstantRelocatable *Relocatable,
                            int32_t Offset, const Variable *Base,
@@ skipping 219 matching lines @@
       return false;
     // Incorporate ConstantRelocatables.
     if (Reloc0)
       NewRelocatable = Reloc0;
     else if (Reloc1)
       NewRelocatable = Reloc1;
     if ((Reloc0 || Reloc1) && BaseOther && GotVar)
       return false;
     // Compute the updated constant offset.
     if (Const0) {
-      int32_t MoreOffset = IsAdd ? Const0->getValue() : -Const0->getValue();
+      const int32_t MoreOffset =
+          IsAdd ? Const0->getValue() : -Const0->getValue();
       if (Utils::WouldOverflowAdd(NewOffset, MoreOffset))
         return false;
       NewOffset += MoreOffset;
     }
     if (Const1) {
-      int32_t MoreOffset = IsAdd ? Const1->getValue() : -Const1->getValue();
+      const int32_t MoreOffset =
+          IsAdd ? Const1->getValue() : -Const1->getValue();
       if (Utils::WouldOverflowAdd(NewOffset, MoreOffset))
         return false;
       NewOffset += MoreOffset;
     }
     // Update the computed address parameters once we are sure optimization
     // is valid.
     if ((Reloc0 || Reloc1) && GotVar) {
       assert(BaseOther == nullptr);
       BaseOther = GotVar;
     }
     Base = NewBase;
     Offset = NewOffset;
     Relocatable = NewRelocatable;
     Reason = BaseInst;
     return true;
   }
   return false;
 }
 
 // Builds information for a canonical address expresion:
 //   <Relocatable + Offset>(Base, Index, Shift)
 // On entry:
 //   Relocatable == null,
 //   Offset == 0,
 //   Base is a Variable,
 //   Index == nullptr,
 //   Shift == 0
 inline bool computeAddressOpt(Cfg *Func, const Inst *Instr, Variable *GotVar,
+                              bool ReserveSlot,
                               ConstantRelocatable *&Relocatable,
                               int32_t &Offset, Variable *&Base,
                               Variable *&Index, uint16_t &Shift) {
   bool AddressWasOptimized = false;
   Func->resetCurrentNode();
   if (Func->isVerbose(IceV_AddrOpt)) {
     OstreamLocker L(Func->getContext());
     Ostream &Str = Func->getContext()->getStrDump();
     Str << "\nStarting computeAddressOpt for instruction:\n  ";
     Instr->dumpDecorated(Func);
   }
   if (Base == nullptr)
     return AddressWasOptimized;
   // If the Base has more than one use or is live across multiple blocks, then
   // don't go further. Alternatively (?), never consider a transformation that
   // would change a variable that is currently *not* live across basic block
   // boundaries into one that *is*.
   if (Func->getVMetadata()->isMultiBlock(Base) /* || Base->getUseCount() > 1*/)
     return AddressWasOptimized;
 
   const bool MockBounds = Func->getContext()->getFlags().getMockBoundsCheck();
   const VariablesMetadata *VMetadata = Func->getVMetadata();
   const Inst *Reason = nullptr;
   do {
+    assert(!ReserveSlot || Base == nullptr || Index == nullptr);
     if (Reason) {
       dumpAddressOpt(Func, Relocatable, Offset, Base, Index, Shift, Reason);
       AddressWasOptimized = true;
       Reason = nullptr;
     }
     // Update Base and Index to follow through assignments to definitions.
     if (matchAssign(VMetadata, GotVar, Base, Relocatable, Offset, Reason)) {
       // Assignments of Base from a Relocatable or ConstantInt32 can result
       // in Base becoming nullptr.  To avoid code duplication in this loop we
       // prefer that Base be non-nullptr if possible.
       if ((Base == nullptr) && (Index != nullptr) && Shift == 0)
         std::swap(Base, Index);
       continue;
     }
     if (matchAssign(VMetadata, GotVar, Index, Relocatable, Offset, Reason))
       continue;
 
     if (!MockBounds) {
       // Transition from:
       //   <Relocatable + Offset>(Base) to
       //   <Relocatable + Offset>(Base, Index)
-      if (matchCombinedBaseIndex(VMetadata, Base, Index, Shift, Reason))
+      if (!ReserveSlot &&
+          matchCombinedBaseIndex(VMetadata, Base, Index, Shift, Reason))
         continue;
       // Recognize multiply/shift and update Shift amount.
       // Index becomes Index=Var<<Const && Const+Shift<=3 ==>
       //   Index=Var, Shift+=Const
       // Index becomes Index=Const*Var && log2(Const)+Shift<=3 ==>
       //   Index=Var, Shift+=log2(Const)
       if (matchShiftedIndex(VMetadata, Index, Shift, Reason))
         continue;
       // If Shift is zero, the choice of Base and Index was purely arbitrary.
       // Recognize multiply/shift and set Shift amount.
@@ skipping 112 matching lines @@
   Variable *Index = nullptr;
   ConstantRelocatable *Relocatable = nullptr;
   uint16_t Shift = 0;
   int32_t Offset = 0;
   // Vanilla ICE load instructions should not use the segment registers, and
   // computeAddressOpt only works at the level of Variables and Constants, not
   // other X86OperandMem, so there should be no mention of segment
   // registers there either.
   constexpr auto SegmentReg = X86OperandMem::SegmentRegisters::DefaultSegment;
   auto *Base = llvm::dyn_cast<Variable>(Addr);
-  if (computeAddressOpt(Func, Inst, GotVar, Relocatable, Offset, Base, Index,
-                        Shift)) {
+  const bool ReserveSlot = Traits::Is64Bit && NeedSandboxing;
+  if (computeAddressOpt(Func, Inst, GotVar, ReserveSlot, Relocatable, Offset,
+                        Base, Index, Shift)) {
     Inst->setDeleted();
     Constant *OffsetOp = nullptr;
     if (Relocatable == nullptr) {
       OffsetOp = Ctx->getConstantInt32(Offset);
     } else {
       OffsetOp = Ctx->getConstantSym(Relocatable->getOffset() + Offset,
                                      Relocatable->getName(),
                                      Relocatable->getSuppressMangling());
     }
-    // The new mem operand is created without IsPIC being set, because
+    // The new mem operand is created without IsRebased being set, because
     // computeAddressOpt() doesn't include GotVar in its final result.
     Addr = X86OperandMem::create(Func, Dest->getType(), Base, OffsetOp, Index,
                                  Shift, SegmentReg);
     Context.insert<InstLoad>(Dest, Addr);
   }
 }
 
 template <typename TraitsType>
 void TargetX86Base<TraitsType>::randomlyInsertNop(float Probability,
                                                   RandomNumberGenerator &RNG) {
@@ skipping 273 matching lines @@
   Variable *Index = nullptr;
   ConstantRelocatable *Relocatable = nullptr;
   uint16_t Shift = 0;
   int32_t Offset = 0;
   auto *Base = llvm::dyn_cast<Variable>(Addr);
   // Vanilla ICE store instructions should not use the segment registers, and
   // computeAddressOpt only works at the level of Variables and Constants, not
   // other X86OperandMem, so there should be no mention of segment
   // registers there either.
   constexpr auto SegmentReg = X86OperandMem::SegmentRegisters::DefaultSegment;
-  if (computeAddressOpt(Func, Inst, GotVar, Relocatable, Offset, Base, Index,
-                        Shift)) {
+  const bool ReserveSlot = Traits::Is64Bit && NeedSandboxing;
+  if (computeAddressOpt(Func, Inst, GotVar, ReserveSlot, Relocatable, Offset,
+                        Base, Index, Shift)) {
     Inst->setDeleted();
     Constant *OffsetOp = nullptr;
     if (Relocatable == nullptr) {
       OffsetOp = Ctx->getConstantInt32(Offset);
     } else {
       OffsetOp = Ctx->getConstantSym(Relocatable->getOffset() + Offset,
                                      Relocatable->getName(),
                                      Relocatable->getSuppressMangling());
     }
-    // The new mem operand is created without IsPIC being set, because
+    // The new mem operand is created without IsRebased being set, because
     // computeAddressOpt() doesn't include GotVar in its final result.
     Addr = X86OperandMem::create(Func, Data->getType(), Base, OffsetOp, Index,
                                  Shift, SegmentReg);
     auto *NewStore = Context.insert<InstStore>(Data, Addr);
     if (Inst->getDest())
       NewStore->setRmwBeacon(Inst->getRmwBeacon());
   }
 }
 
 template <typename TraitsType>
@@ skipping 33 matching lines @@
       _br(Traits::Cond::Br_a, SkipJumpTable);
     } else {
       _br(Traits::Cond::Br_a, DefaultTarget);
     }
 
     InstJumpTable *JumpTable = Case.getJumpTable();
     Context.insert(JumpTable);
 
     // Make sure the index is a register of the same width as the base
     Variable *Index;
-    if (RangeIndex->getType() != getPointerType()) {
-      Index = makeReg(getPointerType());
+    const Type PointerType = getPointerType();
+    if (RangeIndex->getType() != PointerType) {
+      Index = makeReg(PointerType);
       _movzx(Index, RangeIndex);
     } else {
       Index = legalizeToReg(RangeIndex);
     }
 
     constexpr RelocOffsetT RelocOffset = 0;
     constexpr bool SuppressMangling = true;
-    const bool IsPIC = Ctx->getFlags().getUseNonsfi();
+    const bool IsRebased = Ctx->getFlags().getUseNonsfi();
     IceString MangledName = Ctx->mangleName(Func->getFunctionName());
-    Variable *Base = IsPIC ? legalizeToReg(GotVar) : nullptr;
+    Variable *Base = IsRebased ? legalizeToReg(GotVar) : nullptr;
     Constant *Offset = Ctx->getConstantSym(
         RelocOffset, InstJumpTable::makeName(MangledName, JumpTable->getId()),
         SuppressMangling);
-    uint16_t Shift = typeWidthInBytesLog2(getPointerType());
+    uint16_t Shift = typeWidthInBytesLog2(PointerType);
     constexpr auto Segment = X86OperandMem::SegmentRegisters::DefaultSegment;
+
+    Variable *Target = nullptr;
+    if (Traits::Is64Bit && NeedSandboxing) {
+      assert(Base == nullptr);
+      assert(Index != nullptr && Index->getType() == IceType_i32);
+    }
     auto *TargetInMemory = X86OperandMem::create(
-        Func, getPointerType(), Base, Offset, Index, Shift, Segment, IsPIC);
-    Variable *Target = nullptr;
+        Func, PointerType, Base, Offset, Index, Shift, Segment, IsRebased);
     _mov(Target, TargetInMemory);
+
     lowerIndirectJump(Target);
 
     if (DefaultTarget == nullptr)
       Context.insert(SkipJumpTable);
     return;
   }
   case CaseCluster::Range: {
     if (Case.isUnitRange()) {
       // Single item
       if (!DoneCmp) {
@@ skipping 862 matching lines @@
   }
 
   if (auto *Mem = llvm::dyn_cast<X86OperandMem>(From)) {
     // Before doing anything with a Mem operand, we need to ensure that the
     // Base and Index components are in physical registers.
     Variable *Base = Mem->getBase();
     Variable *Index = Mem->getIndex();
     Constant *Offset = Mem->getOffset();
     Variable *RegBase = nullptr;
     Variable *RegIndex = nullptr;
+    uint16_t Shift = Mem->getShift();
     if (Base) {
       RegBase = llvm::cast<Variable>(
           legalize(Base, Legal_Reg | Legal_Rematerializable));
     }
     if (Index) {
+      // TODO(jpp): perhaps we should only allow Legal_Reg if
+      // Base->isRematerializable.
       RegIndex = llvm::cast<Variable>(
           legalize(Index, Legal_Reg | Legal_Rematerializable));
     }
     // For Non-SFI mode, if the Offset field is a ConstantRelocatable, we
     // replace either Base or Index with a legalized GotVar.  At emission time,
     // the ConstantRelocatable will be emitted with the @GOTOFF relocation.
-    bool NeedPIC = false;
-    if (UseNonsfi && !Mem->getIsPIC() && Offset &&
+    bool IsRebased = false;
+    if (UseNonsfi && !Mem->getIsRebased() && Offset &&
         llvm::isa<ConstantRelocatable>(Offset)) {
       assert(!(Allowed & Legal_AddrAbs));
-      NeedPIC = true;
+      IsRebased = true;
       if (RegBase == nullptr) {
         RegBase = legalizeToReg(GotVar);
       } else if (RegIndex == nullptr) {
         RegIndex = legalizeToReg(GotVar);
       } else {
         llvm::report_fatal_error(
             "Either Base or Index must be unused in Non-SFI mode");
       }
     }
     if (Base != RegBase || Index != RegIndex) {
-      Mem = X86OperandMem::create(Func, Ty, RegBase, Offset, RegIndex,
-                                  Mem->getShift(), Mem->getSegmentRegister(),
-                                  NeedPIC);
+      Mem = X86OperandMem::create(Func, Ty, RegBase, Offset, RegIndex, Shift,
+                                  Mem->getSegmentRegister(), IsRebased);
     }
 
     // For all Memory Operands, we do randomization/pooling here
     From = randomizeOrPoolImmediate(Mem);
 
     if (!(Allowed & Legal_Mem)) {
       From = copyToReg(From, RegNum);
     }
     return From;
   }
@@ skipping 28 matching lines @@
       }
     }
 
     // If the operand is a ConstantRelocatable, and Legal_AddrAbs is not
     // specified, and UseNonsfi is indicated, we need to add GotVar.
     if (auto *CR = llvm::dyn_cast<ConstantRelocatable>(Const)) {
       if (UseNonsfi && !(Allowed & Legal_AddrAbs)) {
         assert(Ty == IceType_i32);
         Variable *RegBase = legalizeToReg(GotVar);
         Variable *NewVar = makeReg(Ty, RegNum);
-        auto *Mem = Traits::X86OperandMem::create(Func, Ty, RegBase, CR);
-        Mem->setIsPIC();
+        static constexpr bool IsRebased = true;
+        auto *Mem =
+            Traits::X86OperandMem::create(Func, Ty, RegBase, CR, IsRebased);
         _lea(NewVar, Mem);
         From = NewVar;
       }
     }
 
     // Convert a scalar floating point constant into an explicit memory
     // operand.
     if (isScalarFloatingType(Ty)) {
       if (auto *ConstFloat = llvm::dyn_cast<ConstantFloat>(Const)) {
         if (Utils::isPositiveZero(ConstFloat->getValue()))
           return makeZeroedRegister(Ty, RegNum);
       } else if (auto *ConstDouble = llvm::dyn_cast<ConstantDouble>(Const)) {
         if (Utils::isPositiveZero(ConstDouble->getValue()))
           return makeZeroedRegister(Ty, RegNum);
       }
       Variable *Base = UseNonsfi ? legalizeToReg(GotVar) : nullptr;
       std::string Buffer;
       llvm::raw_string_ostream StrBuf(Buffer);
       llvm::cast<Constant>(From)->emitPoolLabel(StrBuf, Ctx);
       llvm::cast<Constant>(From)->setShouldBePooled(true);
       Constant *Offset = Ctx->getConstantSym(0, StrBuf.str(), true);
-      auto *Mem = X86OperandMem::create(Func, Ty, Base, Offset);
-      if (UseNonsfi)
-        Mem->setIsPIC();
+      const bool IsRebased = Base != nullptr;
+      auto *Mem = X86OperandMem::create(Func, Ty, Base, Offset, IsRebased);
       From = Mem;
     }
     bool NeedsReg = false;
     if (!(Allowed & Legal_Imm) && !isScalarFloatingType(Ty))
       // Immediate specifically not allowed
       NeedsReg = true;
     if (!(Allowed & Legal_Mem) && isScalarFloatingType(Ty))
       // On x86, FP constants are lowered to mem operands.
       NeedsReg = true;
     if (NeedsReg) {
@@ skipping 103 matching lines @@
       // we guarantee legalize(Offset) will return a Constant*.
       if (!llvm::isa<ConstantRelocatable>(Offset)) {
         BoolFlagSaver B(RandomizationPoolingPaused, true);
 
         Offset = llvm::cast<Constant>(legalize(Offset));
       }
 
       assert(llvm::isa<ConstantInteger32>(Offset) ||
              llvm::isa<ConstantRelocatable>(Offset));
     }
-    // Not completely sure whether it's OK to leave IsPIC unset when creating
-    // the mem operand.  If DoLegalize is true, it will definitely be applied
-    // during the legalize() call, but perhaps not during the
+    // Not completely sure whether it's OK to leave IsRebased unset when
+    // creating the mem operand.  If DoLegalize is true, it will definitely be
+    // applied during the legalize() call, but perhaps not during the
     // randomizeOrPoolImmediate() call.  In any case, the emit routines will
     // assert that PIC legalization has been applied.
     Mem = X86OperandMem::create(Func, Ty, Base, Offset);
   }
   // Do legalization, which contains randomization/pooling or do
   // randomization/pooling.
   return llvm::cast<X86OperandMem>(DoLegalize ? legalize(Mem)
                                               : randomizeOrPoolImmediate(Mem));
 }
 
@@ skipping 107 matching lines @@
 Operand *
 TargetX86Base<TraitsType>::randomizeOrPoolImmediate(Constant *Immediate,
                                                     int32_t RegNum) {
   assert(llvm::isa<ConstantInteger32>(Immediate) ||
          llvm::isa<ConstantRelocatable>(Immediate));
   if (Ctx->getFlags().getRandomizeAndPoolImmediatesOption() == RPI_None ||
       RandomizationPoolingPaused == true) {
     // Immediates randomization/pooling off or paused
     return Immediate;
   }
-  if (Immediate->shouldBeRandomizedOrPooled(Ctx)) {
-    Ctx->statsUpdateRPImms();
-    if (Ctx->getFlags().getRandomizeAndPoolImmediatesOption() ==
-        RPI_Randomize) {
-      // blind the constant
-      // FROM:
-      //  imm
-      // TO:
-      //  insert: mov imm+cookie, Reg
-      //  insert: lea -cookie[Reg], Reg
-      //  => Reg
-      // If we have already assigned a phy register, we must come from
-      // advancedPhiLowering()=>lowerAssign(). In this case we should reuse the
-      // assigned register as this assignment is that start of its use-def
-      // chain. So we add RegNum argument here. Note we use 'lea' instruction
-      // instead of 'xor' to avoid affecting the flags.
-      Variable *Reg = makeReg(IceType_i32, RegNum);
-      auto *Integer = llvm::cast<ConstantInteger32>(Immediate);
-      uint32_t Value = Integer->getValue();
-      uint32_t Cookie = Func->getConstantBlindingCookie();
-      _mov(Reg, Ctx->getConstantInt(IceType_i32, Cookie + Value));
-      Constant *Offset = Ctx->getConstantInt(IceType_i32, 0 - Cookie);
-      _lea(Reg,
-           X86OperandMem::create(Func, IceType_i32, Reg, Offset, nullptr, 0));
-      if (Immediate->getType() != IceType_i32) {
-        Variable *TruncReg = makeReg(Immediate->getType(), RegNum);
-        _mov(TruncReg, Reg);
-        return TruncReg;
-      }
+
+  if (Traits::Is64Bit && NeedSandboxing) {
+    // Immediate randomization/pooling is currently disabled for x86-64
+    // sandboxing for it could generate invalid memory operands.
+    assert(false &&
+           "Constant pooling/randomization is disabled for x8664 sandbox.");
+    return Immediate;
+  }
+
+  if (!Immediate->shouldBeRandomizedOrPooled(Ctx)) {
+    // the constant Immediate is not eligible for blinding/pooling
+    return Immediate;
+  }
+  Ctx->statsUpdateRPImms();
+  switch (Ctx->getFlags().getRandomizeAndPoolImmediatesOption()) {
+  default:
+    llvm::report_fatal_error("Unsupported -randomize-pool-immediates option");
+  case RPI_Randomize: {
+    // blind the constant
+    // FROM:
+    //  imm
+    // TO:
+    //  insert: mov imm+cookie, Reg
+    //  insert: lea -cookie[Reg], Reg
+    //  => Reg
+    // If we have already assigned a phy register, we must come from
+    // advancedPhiLowering()=>lowerAssign(). In this case we should reuse the
+    // assigned register as this assignment is that start of its use-def
+    // chain. So we add RegNum argument here. Note we use 'lea' instruction
+    // instead of 'xor' to avoid affecting the flags.
+    Variable *Reg = makeReg(IceType_i32, RegNum);
+    auto *Integer = llvm::cast<ConstantInteger32>(Immediate);
+    uint32_t Value = Integer->getValue();
+    uint32_t Cookie = Func->getConstantBlindingCookie();
+    _mov(Reg, Ctx->getConstantInt(IceType_i32, Cookie + Value));
+    Constant *Offset = Ctx->getConstantInt(IceType_i32, 0 - Cookie);
+    _lea(Reg, X86OperandMem::create(Func, IceType_i32, Reg, Offset));
+    if (Immediate->getType() == IceType_i32) {
       return Reg;
     }
-    if (Ctx->getFlags().getRandomizeAndPoolImmediatesOption() == RPI_Pool) {
-      // pool the constant
-      // FROM:
-      //  imm
-      // TO:
-      //  insert: mov $label, Reg
-      //  => Reg
-      assert(Ctx->getFlags().getRandomizeAndPoolImmediatesOption() == RPI_Pool);
-      Immediate->setShouldBePooled(true);
-      // if we have already assigned a phy register, we must come from
-      // advancedPhiLowering()=>lowerAssign(). In this case we should reuse the
-      // assigned register as this assignment is that start of its use-def
-      // chain. So we add RegNum argument here.
-      Variable *Reg = makeReg(Immediate->getType(), RegNum);
-      IceString Label;
-      llvm::raw_string_ostream Label_stream(Label);
-      Immediate->emitPoolLabel(Label_stream, Ctx);
-      constexpr RelocOffsetT Offset = 0;
-      constexpr bool SuppressMangling = true;
-      Constant *Symbol =
-          Ctx->getConstantSym(Offset, Label_stream.str(), SuppressMangling);
-      const bool UseNonsfi = Ctx->getFlags().getUseNonsfi();
-      Variable *Base = UseNonsfi ? legalizeToReg(GotVar) : nullptr;
-      X86OperandMem *MemOperand =
-          X86OperandMem::create(Func, Immediate->getType(), Base, Symbol);
-      if (UseNonsfi)
-        MemOperand->setIsPIC();
-      _mov(Reg, MemOperand);
-      return Reg;
-    }
-    assert("Unsupported -randomize-pool-immediates option" && false);
+    Variable *TruncReg = makeReg(Immediate->getType(), RegNum);
+    _mov(TruncReg, Reg);
+    return TruncReg;
   }
-  // the constant Immediate is not eligible for blinding/pooling
-  return Immediate;
+  case RPI_Pool: {
+    // pool the constant
+    // FROM:
+    //  imm
+    // TO:
+    //  insert: mov $label, Reg
+    //  => Reg
+    assert(Ctx->getFlags().getRandomizeAndPoolImmediatesOption() == RPI_Pool);
+    Immediate->setShouldBePooled(true);
+    // if we have already assigned a phy register, we must come from
+    // advancedPhiLowering()=>lowerAssign(). In this case we should reuse the
+    // assigned register as this assignment is that start of its use-def
+    // chain. So we add RegNum argument here.
+    Variable *Reg = makeReg(Immediate->getType(), RegNum);
+    IceString Label;
+    llvm::raw_string_ostream Label_stream(Label);
+    Immediate->emitPoolLabel(Label_stream, Ctx);
+    constexpr RelocOffsetT Offset = 0;
+    constexpr bool SuppressMangling = true;
+    Constant *Symbol =
+        Ctx->getConstantSym(Offset, Label_stream.str(), SuppressMangling);
+    const bool UseNonsfi = Ctx->getFlags().getUseNonsfi();
+    Variable *Base = UseNonsfi ? legalizeToReg(GotVar) : nullptr;
+    const bool IsRebased = Base != nullptr;
+    X86OperandMem *MemOperand = X86OperandMem::create(
+        Func, Immediate->getType(), Base, Symbol, IsRebased);
+    _mov(Reg, MemOperand);
+    return Reg;
+  }
+  }
 }
 
 template <typename TraitsType>
 typename TargetX86Base<TraitsType>::X86OperandMem *
 TargetX86Base<TraitsType>::randomizeOrPoolImmediate(X86OperandMem *MemOperand,
                                                     int32_t RegNum) {
   assert(MemOperand);
   if (Ctx->getFlags().getRandomizeAndPoolImmediatesOption() == RPI_None ||
       RandomizationPoolingPaused == true) {
     // immediates randomization/pooling is turned off
     return MemOperand;
   }
 
+  if (Traits::Is64Bit && NeedSandboxing) {
+    // Immediate randomization/pooling is currently disabled for x86-64
+    // sandboxing for it could generate invalid memory operands.
+    assert(false &&
+           "Constant pooling/randomization is disabled for x8664 sandbox.");
+    return MemOperand;
+  }
+
   // If this memory operand is already a randomized one, we do not randomize it
   // again.
   if (MemOperand->getRandomized())
     return MemOperand;
 
-  if (auto *C = llvm::dyn_cast_or_null<Constant>(MemOperand->getOffset())) {
-    if (C->shouldBeRandomizedOrPooled(Ctx)) {
-      // The offset of this mem operand should be blinded or pooled
-      Ctx->statsUpdateRPImms();
-      if (Ctx->getFlags().getRandomizeAndPoolImmediatesOption() ==
-          RPI_Randomize) {
-        // blind the constant offset
-        // FROM:
-        //  offset[base, index, shift]
-        // TO:
-        //  insert: lea offset+cookie[base], RegTemp
-        //  => -cookie[RegTemp, index, shift]
-        uint32_t Value =
-            llvm::dyn_cast<ConstantInteger32>(MemOperand->getOffset())
-                ->getValue();
-        uint32_t Cookie = Func->getConstantBlindingCookie();
-        Constant *Mask1 = Ctx->getConstantInt(
-            MemOperand->getOffset()->getType(), Cookie + Value);
-        Constant *Mask2 =
-            Ctx->getConstantInt(MemOperand->getOffset()->getType(), 0 - Cookie);
+  auto *C = llvm::dyn_cast_or_null<Constant>(MemOperand->getOffset());
 
-        X86OperandMem *TempMemOperand = X86OperandMem::create(
-            Func, MemOperand->getType(), MemOperand->getBase(), Mask1);
-        // If we have already assigned a physical register, we must come from
-        // advancedPhiLowering()=>lowerAssign(). In this case we should reuse
-        // the assigned register as this assignment is that start of its
-        // use-def chain. So we add RegNum argument here.
-        Variable *RegTemp = makeReg(MemOperand->getOffset()->getType(), RegNum);
-        _lea(RegTemp, TempMemOperand);
+  if (C == nullptr) {
+    return MemOperand;
+  }
 
-        X86OperandMem *NewMemOperand = X86OperandMem::create(
-            Func, MemOperand->getType(), RegTemp, Mask2, MemOperand->getIndex(),
-            MemOperand->getShift(), MemOperand->getSegmentRegister());
+  if (!C->shouldBeRandomizedOrPooled(Ctx)) {
+    return MemOperand;
+  }
 
-        // Label this memory operand as randomized, so we won't randomize it
-        // again in case we call legalize() multiple times on this memory
-        // operand.
-        NewMemOperand->setRandomized(true);
-        return NewMemOperand;
-      }
-      if (Ctx->getFlags().getRandomizeAndPoolImmediatesOption() == RPI_Pool) {
-        // pool the constant offset
-        // FROM:
-        //  offset[base, index, shift]
-        // TO:
-        //  insert: mov $label, RegTemp
-        //  insert: lea [base, RegTemp], RegTemp
-        //  =>[RegTemp, index, shift]
-        assert(Ctx->getFlags().getRandomizeAndPoolImmediatesOption() ==
-               RPI_Pool);
-        // Memory operand should never exist as source operands in phi lowering
-        // assignments, so there is no need to reuse any registers here. For
-        // phi lowering, we should not ask for new physical registers in
-        // general. However, if we do meet Memory Operand during phi lowering,
-        // we should not blind or pool the immediates for now.
-        if (RegNum != Variable::NoRegister)
-          return MemOperand;
-        Variable *RegTemp = makeReg(IceType_i32);
-        IceString Label;
-        llvm::raw_string_ostream Label_stream(Label);
-        MemOperand->getOffset()->emitPoolLabel(Label_stream, Ctx);
-        MemOperand->getOffset()->setShouldBePooled(true);
-        constexpr RelocOffsetT SymOffset = 0;
-        constexpr bool SuppressMangling = true;
-        Constant *Symbol = Ctx->getConstantSym(SymOffset, Label_stream.str(),
-                                               SuppressMangling);
-        const bool UseNonsfi = Ctx->getFlags().getUseNonsfi();
-        Variable *Base = UseNonsfi ? legalizeToReg(GotVar) : nullptr;
-        X86OperandMem *SymbolOperand = X86OperandMem::create(
-            Func, MemOperand->getOffset()->getType(), Base, Symbol);
-        if (UseNonsfi)
-          SymbolOperand->setIsPIC();
-        _mov(RegTemp, SymbolOperand);
-        // If we have a base variable here, we should add the lea instruction
-        // to add the value of the base variable to RegTemp. If there is no
-        // base variable, we won't need this lea instruction.
-        if (MemOperand->getBase()) {
-          X86OperandMem *CalculateOperand = X86OperandMem::create(
-              Func, MemOperand->getType(), MemOperand->getBase(), nullptr,
-              RegTemp, 0, MemOperand->getSegmentRegister());
-          _lea(RegTemp, CalculateOperand);
-        }
-        X86OperandMem *NewMemOperand = X86OperandMem::create(
-            Func, MemOperand->getType(), RegTemp, nullptr,
-            MemOperand->getIndex(), MemOperand->getShift(),
-            MemOperand->getSegmentRegister());
-        return NewMemOperand;
-      }
-      assert("Unsupported -randomize-pool-immediates option" && false);
+  // The offset of this mem operand should be blinded or pooled
+  Ctx->statsUpdateRPImms();
+  switch (Ctx->getFlags().getRandomizeAndPoolImmediatesOption()) {
+  default:
+    llvm::report_fatal_error("Unsupported -randomize-pool-immediates option");
+  case RPI_Randomize: {
+    // blind the constant offset
+    // FROM:
+    //  offset[base, index, shift]
+    // TO:
+    //  insert: lea offset+cookie[base], RegTemp
+    //  => -cookie[RegTemp, index, shift]
+    uint32_t Value =
+        llvm::dyn_cast<ConstantInteger32>(MemOperand->getOffset())->getValue();
+    uint32_t Cookie = Func->getConstantBlindingCookie();
+    Constant *Mask1 =
+        Ctx->getConstantInt(MemOperand->getOffset()->getType(), Cookie + Value);
+    Constant *Mask2 =
+        Ctx->getConstantInt(MemOperand->getOffset()->getType(), 0 - Cookie);
+
+    X86OperandMem *TempMemOperand = X86OperandMem::create(
+        Func, MemOperand->getType(), MemOperand->getBase(), Mask1);
+    // If we have already assigned a physical register, we must come from
+    // advancedPhiLowering()=>lowerAssign(). In this case we should reuse
+    // the assigned register as this assignment is that start of its
+    // use-def chain. So we add RegNum argument here.
+    Variable *RegTemp = makeReg(MemOperand->getOffset()->getType(), RegNum);
+    _lea(RegTemp, TempMemOperand);
+
+    X86OperandMem *NewMemOperand = X86OperandMem::create(
+        Func, MemOperand->getType(), RegTemp, Mask2, MemOperand->getIndex(),
+        MemOperand->getShift(), MemOperand->getSegmentRegister(),
+        MemOperand->getIsRebased());
+
+    // Label this memory operand as randomized, so we won't randomize it
+    // again in case we call legalize() multiple times on this memory
+    // operand.
+    NewMemOperand->setRandomized(true);
+    return NewMemOperand;
+  }
+  case RPI_Pool: {
+    // pool the constant offset
+    // FROM:
+    //  offset[base, index, shift]
+    // TO:
+    //  insert: mov $label, RegTemp
+    //  insert: lea [base, RegTemp], RegTemp
+    //  =>[RegTemp, index, shift]
+
+    // Memory operand should never exist as source operands in phi lowering
+    // assignments, so there is no need to reuse any registers here. For
+    // phi lowering, we should not ask for new physical registers in
+    // general. However, if we do meet Memory Operand during phi lowering,
+    // we should not blind or pool the immediates for now.
+    if (RegNum != Variable::NoRegister)
+      return MemOperand;
+    Variable *RegTemp = makeReg(IceType_i32);
+    IceString Label;
+    llvm::raw_string_ostream Label_stream(Label);
+    MemOperand->getOffset()->emitPoolLabel(Label_stream, Ctx);
+    MemOperand->getOffset()->setShouldBePooled(true);
+    constexpr RelocOffsetT SymOffset = 0;
+    constexpr bool SuppressMangling = true;
+    Constant *Symbol =
+        Ctx->getConstantSym(SymOffset, Label_stream.str(), SuppressMangling);
+    const bool UseNonsfi = Ctx->getFlags().getUseNonsfi();
+    Variable *Base = UseNonsfi ? legalizeToReg(GotVar) : nullptr;
+    const bool IsRebased = Base != nullptr;
+    X86OperandMem *SymbolOperand = X86OperandMem::create(
+        Func, MemOperand->getOffset()->getType(), Base, Symbol, IsRebased);
+    _mov(RegTemp, SymbolOperand);
+    // If we have a base variable here, we should add the lea instruction
+    // to add the value of the base variable to RegTemp. If there is no
+    // base variable, we won't need this lea instruction.
+    if (MemOperand->getBase()) {
+      X86OperandMem *CalculateOperand = X86OperandMem::create(
+          Func, MemOperand->getType(), MemOperand->getBase(), nullptr, RegTemp,
+          0, MemOperand->getSegmentRegister());
+      _lea(RegTemp, CalculateOperand);
     }
+    X86OperandMem *NewMemOperand = X86OperandMem::create(
+        Func, MemOperand->getType(), RegTemp, nullptr, MemOperand->getIndex(),
+        MemOperand->getShift(), MemOperand->getSegmentRegister());
+    return NewMemOperand;
   }
-  // the offset is not eligible for blinding or pooling, return the original
-  // mem operand
-  return MemOperand;
+  }
 }
-
 } // end of namespace X86NAMESPACE
 } // end of namespace Ice
 
 #endif // SUBZERO_SRC_ICETARGETLOWERINGX86BASEIMPL_H