1/* AddressSanitizer, a fast memory error detector. 2 Copyright (C) 2012-2015 Free Software Foundation, Inc. 3 Contributed by Kostya Serebryany <kcc@google.com> 4 5This file is part of GCC. 6 7GCC is free software; you can redistribute it and/or modify it under 8the terms of the GNU General Public License as published by the Free 9Software Foundation; either version 3, or (at your option) any later 10version. 11 12GCC is distributed in the hope that it will be useful, but WITHOUT ANY 13WARRANTY; without even the implied warranty of MERCHANTABILITY or 14FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15for more details. 16 17You should have received a copy of the GNU General Public License 18along with GCC; see the file COPYING3. If not see 19<http://www.gnu.org/licenses/>. */ 20 21 22#include "config.h" 23#include "system.h" 24#include "coretypes.h" 25#include "hash-set.h" 26#include "machmode.h" 27#include "vec.h" 28#include "double-int.h" 29#include "input.h" 30#include "alias.h" 31#include "symtab.h" 32#include "options.h" 33#include "wide-int.h" 34#include "inchash.h" 35#include "tree.h" 36#include "fold-const.h" 37#include "hash-table.h" 38#include "predict.h" 39#include "tm.h" 40#include "hard-reg-set.h" 41#include "function.h" 42#include "dominance.h" 43#include "cfg.h" 44#include "cfganal.h" 45#include "basic-block.h" 46#include "tree-ssa-alias.h" 47#include "internal-fn.h" 48#include "gimple-expr.h" 49#include "is-a.h" 50#include "gimple.h" 51#include "gimplify.h" 52#include "gimple-iterator.h" 53#include "calls.h" 54#include "varasm.h" 55#include "stor-layout.h" 56#include "tree-iterator.h" 57#include "hash-map.h" 58#include "plugin-api.h" 59#include "ipa-ref.h" 60#include "cgraph.h" 61#include "stringpool.h" 62#include "tree-ssanames.h" 63#include "tree-pass.h" 64#include "asan.h" 65#include "gimple-pretty-print.h" 66#include "target.h" 67#include "hashtab.h" 68#include "rtl.h" 69#include "flags.h" 70#include "statistics.h" 71#include "real.h" 72#include "fixed-value.h" 73#include "insn-config.h" 74#include "expmed.h" 75#include "dojump.h" 76#include "explow.h" 77#include "emit-rtl.h" 78#include "stmt.h" 79#include "expr.h" 80#include "insn-codes.h" 81#include "optabs.h" 82#include "output.h" 83#include "tm_p.h" 84#include "langhooks.h" 85#include "alloc-pool.h" 86#include "cfgloop.h" 87#include "gimple-builder.h" 88#include "ubsan.h" 89#include "params.h" 90#include "builtins.h" 91 92/* AddressSanitizer finds out-of-bounds and use-after-free bugs 93 with <2x slowdown on average. 94 95 The tool consists of two parts: 96 instrumentation module (this file) and a run-time library. 97 The instrumentation module adds a run-time check before every memory insn. 98 For a 8- or 16- byte load accessing address X: 99 ShadowAddr = (X >> 3) + Offset 100 ShadowValue = *(char*)ShadowAddr; // *(short*) for 16-byte access. 101 if (ShadowValue) 102 __asan_report_load8(X); 103 For a load of N bytes (N=1, 2 or 4) from address X: 104 ShadowAddr = (X >> 3) + Offset 105 ShadowValue = *(char*)ShadowAddr; 106 if (ShadowValue) 107 if ((X & 7) + N - 1 > ShadowValue) 108 __asan_report_loadN(X); 109 Stores are instrumented similarly, but using __asan_report_storeN functions. 110 A call too __asan_init_vN() is inserted to the list of module CTORs. 111 N is the version number of the AddressSanitizer API. The changes between the 112 API versions are listed in libsanitizer/asan/asan_interface_internal.h. 113 114 The run-time library redefines malloc (so that redzone are inserted around 115 the allocated memory) and free (so that reuse of free-ed memory is delayed), 116 provides __asan_report* and __asan_init_vN functions. 117 118 Read more: 119 http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm 120 121 The current implementation supports detection of out-of-bounds and 122 use-after-free in the heap, on the stack and for global variables. 123 124 [Protection of stack variables] 125 126 To understand how detection of out-of-bounds and use-after-free works 127 for stack variables, lets look at this example on x86_64 where the 128 stack grows downward: 129 130 int 131 foo () 132 { 133 char a[23] = {0}; 134 int b[2] = {0}; 135 136 a[5] = 1; 137 b[1] = 2; 138 139 return a[5] + b[1]; 140 } 141 142 For this function, the stack protected by asan will be organized as 143 follows, from the top of the stack to the bottom: 144 145 Slot 1/ [red zone of 32 bytes called 'RIGHT RedZone'] 146 147 Slot 2/ [8 bytes of red zone, that adds up to the space of 'a' to make 148 the next slot be 32 bytes aligned; this one is called Partial 149 Redzone; this 32 bytes alignment is an asan constraint] 150 151 Slot 3/ [24 bytes for variable 'a'] 152 153 Slot 4/ [red zone of 32 bytes called 'Middle RedZone'] 154 155 Slot 5/ [24 bytes of Partial Red Zone (similar to slot 2] 156 157 Slot 6/ [8 bytes for variable 'b'] 158 159 Slot 7/ [32 bytes of Red Zone at the bottom of the stack, called 160 'LEFT RedZone'] 161 162 The 32 bytes of LEFT red zone at the bottom of the stack can be 163 decomposed as such: 164 165 1/ The first 8 bytes contain a magical asan number that is always 166 0x41B58AB3. 167 168 2/ The following 8 bytes contains a pointer to a string (to be 169 parsed at runtime by the runtime asan library), which format is 170 the following: 171 172 "<function-name> <space> <num-of-variables-on-the-stack> 173 (<32-bytes-aligned-offset-in-bytes-of-variable> <space> 174 <length-of-var-in-bytes> ){n} " 175 176 where '(...){n}' means the content inside the parenthesis occurs 'n' 177 times, with 'n' being the number of variables on the stack. 178 179 3/ The following 8 bytes contain the PC of the current function which 180 will be used by the run-time library to print an error message. 181 182 4/ The following 8 bytes are reserved for internal use by the run-time. 183 184 The shadow memory for that stack layout is going to look like this: 185 186 - content of shadow memory 8 bytes for slot 7: 0xF1F1F1F1. 187 The F1 byte pattern is a magic number called 188 ASAN_STACK_MAGIC_LEFT and is a way for the runtime to know that 189 the memory for that shadow byte is part of a the LEFT red zone 190 intended to seat at the bottom of the variables on the stack. 191 192 - content of shadow memory 8 bytes for slots 6 and 5: 193 0xF4F4F400. The F4 byte pattern is a magic number 194 called ASAN_STACK_MAGIC_PARTIAL. It flags the fact that the 195 memory region for this shadow byte is a PARTIAL red zone 196 intended to pad a variable A, so that the slot following 197 {A,padding} is 32 bytes aligned. 198 199 Note that the fact that the least significant byte of this 200 shadow memory content is 00 means that 8 bytes of its 201 corresponding memory (which corresponds to the memory of 202 variable 'b') is addressable. 203 204 - content of shadow memory 8 bytes for slot 4: 0xF2F2F2F2. 205 The F2 byte pattern is a magic number called 206 ASAN_STACK_MAGIC_MIDDLE. It flags the fact that the memory 207 region for this shadow byte is a MIDDLE red zone intended to 208 seat between two 32 aligned slots of {variable,padding}. 209 210 - content of shadow memory 8 bytes for slot 3 and 2: 211 0xF4000000. This represents is the concatenation of 212 variable 'a' and the partial red zone following it, like what we 213 had for variable 'b'. The least significant 3 bytes being 00 214 means that the 3 bytes of variable 'a' are addressable. 215 216 - content of shadow memory 8 bytes for slot 1: 0xF3F3F3F3. 217 The F3 byte pattern is a magic number called 218 ASAN_STACK_MAGIC_RIGHT. It flags the fact that the memory 219 region for this shadow byte is a RIGHT red zone intended to seat 220 at the top of the variables of the stack. 221 222 Note that the real variable layout is done in expand_used_vars in 223 cfgexpand.c. As far as Address Sanitizer is concerned, it lays out 224 stack variables as well as the different red zones, emits some 225 prologue code to populate the shadow memory as to poison (mark as 226 non-accessible) the regions of the red zones and mark the regions of 227 stack variables as accessible, and emit some epilogue code to 228 un-poison (mark as accessible) the regions of red zones right before 229 the function exits. 230 231 [Protection of global variables] 232 233 The basic idea is to insert a red zone between two global variables 234 and install a constructor function that calls the asan runtime to do 235 the populating of the relevant shadow memory regions at load time. 236 237 So the global variables are laid out as to insert a red zone between 238 them. The size of the red zones is so that each variable starts on a 239 32 bytes boundary. 240 241 Then a constructor function is installed so that, for each global 242 variable, it calls the runtime asan library function 243 __asan_register_globals_with an instance of this type: 244 245 struct __asan_global 246 { 247 // Address of the beginning of the global variable. 248 const void *__beg; 249 250 // Initial size of the global variable. 251 uptr __size; 252 253 // Size of the global variable + size of the red zone. This 254 // size is 32 bytes aligned. 255 uptr __size_with_redzone; 256 257 // Name of the global variable. 258 const void *__name; 259 260 // Name of the module where the global variable is declared. 261 const void *__module_name; 262 263 // 1 if it has dynamic initialization, 0 otherwise. 264 uptr __has_dynamic_init; 265 266 // A pointer to struct that contains source location, could be NULL. 267 __asan_global_source_location *__location; 268 } 269 270 A destructor function that calls the runtime asan library function 271 _asan_unregister_globals is also installed. */ 272 273static unsigned HOST_WIDE_INT asan_shadow_offset_value; 274static bool asan_shadow_offset_computed; 275 276/* Sets shadow offset to value in string VAL. */ 277 278bool 279set_asan_shadow_offset (const char *val) 280{ 281 char *endp; 282 283 errno = 0; 284#ifdef HAVE_LONG_LONG 285 asan_shadow_offset_value = strtoull (val, &endp, 0); 286#else 287 asan_shadow_offset_value = strtoul (val, &endp, 0); 288#endif 289 if (!(*val != '\0' && *endp == '\0' && errno == 0)) 290 return false; 291 292 asan_shadow_offset_computed = true; 293 294 return true; 295} 296 297/* Returns Asan shadow offset. */ 298 299static unsigned HOST_WIDE_INT 300asan_shadow_offset () 301{ 302 if (!asan_shadow_offset_computed) 303 { 304 asan_shadow_offset_computed = true; 305 asan_shadow_offset_value = targetm.asan_shadow_offset (); 306 } 307 return asan_shadow_offset_value; 308} 309 310alias_set_type asan_shadow_set = -1; 311 312/* Pointer types to 1 resp. 2 byte integers in shadow memory. A separate 313 alias set is used for all shadow memory accesses. */ 314static GTY(()) tree shadow_ptr_types[2]; 315 316/* Decl for __asan_option_detect_stack_use_after_return. */ 317static GTY(()) tree asan_detect_stack_use_after_return; 318 319/* Various flags for Asan builtins. */ 320enum asan_check_flags 321{ 322 ASAN_CHECK_STORE = 1 << 0, 323 ASAN_CHECK_SCALAR_ACCESS = 1 << 1, 324 ASAN_CHECK_NON_ZERO_LEN = 1 << 2, 325 ASAN_CHECK_LAST = 1 << 3 326}; 327 328/* Hashtable support for memory references used by gimple 329 statements. */ 330 331/* This type represents a reference to a memory region. */ 332struct asan_mem_ref 333{ 334 /* The expression of the beginning of the memory region. */ 335 tree start; 336 337 /* The size of the access. */ 338 HOST_WIDE_INT access_size; 339}; 340 341static alloc_pool asan_mem_ref_alloc_pool; 342 343/* This creates the alloc pool used to store the instances of 344 asan_mem_ref that are stored in the hash table asan_mem_ref_ht. */ 345 346static alloc_pool 347asan_mem_ref_get_alloc_pool () 348{ 349 if (asan_mem_ref_alloc_pool == NULL) 350 asan_mem_ref_alloc_pool = create_alloc_pool ("asan_mem_ref", 351 sizeof (asan_mem_ref), 352 10); 353 return asan_mem_ref_alloc_pool; 354 355} 356 357/* Initializes an instance of asan_mem_ref. */ 358 359static void 360asan_mem_ref_init (asan_mem_ref *ref, tree start, HOST_WIDE_INT access_size) 361{ 362 ref->start = start; 363 ref->access_size = access_size; 364} 365 366/* Allocates memory for an instance of asan_mem_ref into the memory 367 pool returned by asan_mem_ref_get_alloc_pool and initialize it. 368 START is the address of (or the expression pointing to) the 369 beginning of memory reference. ACCESS_SIZE is the size of the 370 access to the referenced memory. */ 371 372static asan_mem_ref* 373asan_mem_ref_new (tree start, HOST_WIDE_INT access_size) 374{ 375 asan_mem_ref *ref = 376 (asan_mem_ref *) pool_alloc (asan_mem_ref_get_alloc_pool ()); 377 378 asan_mem_ref_init (ref, start, access_size); 379 return ref; 380} 381 382/* This builds and returns a pointer to the end of the memory region 383 that starts at START and of length LEN. */ 384 385tree 386asan_mem_ref_get_end (tree start, tree len) 387{ 388 if (len == NULL_TREE || integer_zerop (len)) 389 return start; 390 391 if (!ptrofftype_p (len)) 392 len = convert_to_ptrofftype (len); 393 394 return fold_build2 (POINTER_PLUS_EXPR, TREE_TYPE (start), start, len); 395} 396 397/* Return a tree expression that represents the end of the referenced 398 memory region. Beware that this function can actually build a new 399 tree expression. */ 400 401tree 402asan_mem_ref_get_end (const asan_mem_ref *ref, tree len) 403{ 404 return asan_mem_ref_get_end (ref->start, len); 405} 406 407struct asan_mem_ref_hasher 408 : typed_noop_remove <asan_mem_ref> 409{ 410 typedef asan_mem_ref value_type; 411 typedef asan_mem_ref compare_type; 412 413 static inline hashval_t hash (const value_type *); 414 static inline bool equal (const value_type *, const compare_type *); 415}; 416 417/* Hash a memory reference. */ 418 419inline hashval_t 420asan_mem_ref_hasher::hash (const asan_mem_ref *mem_ref) 421{ 422 return iterative_hash_expr (mem_ref->start, 0); 423} 424 425/* Compare two memory references. We accept the length of either 426 memory references to be NULL_TREE. */ 427 428inline bool 429asan_mem_ref_hasher::equal (const asan_mem_ref *m1, 430 const asan_mem_ref *m2) 431{ 432 return operand_equal_p (m1->start, m2->start, 0); 433} 434 435static hash_table<asan_mem_ref_hasher> *asan_mem_ref_ht; 436 437/* Returns a reference to the hash table containing memory references. 438 This function ensures that the hash table is created. Note that 439 this hash table is updated by the function 440 update_mem_ref_hash_table. */ 441 442static hash_table<asan_mem_ref_hasher> * 443get_mem_ref_hash_table () 444{ 445 if (!asan_mem_ref_ht) 446 asan_mem_ref_ht = new hash_table<asan_mem_ref_hasher> (10); 447 448 return asan_mem_ref_ht; 449} 450 451/* Clear all entries from the memory references hash table. */ 452 453static void 454empty_mem_ref_hash_table () 455{ 456 if (asan_mem_ref_ht) 457 asan_mem_ref_ht->empty (); 458} 459 460/* Free the memory references hash table. */ 461 462static void 463free_mem_ref_resources () 464{ 465 delete asan_mem_ref_ht; 466 asan_mem_ref_ht = NULL; 467 468 if (asan_mem_ref_alloc_pool) 469 { 470 free_alloc_pool (asan_mem_ref_alloc_pool); 471 asan_mem_ref_alloc_pool = NULL; 472 } 473} 474 475/* Return true iff the memory reference REF has been instrumented. */ 476 477static bool 478has_mem_ref_been_instrumented (tree ref, HOST_WIDE_INT access_size) 479{ 480 asan_mem_ref r; 481 asan_mem_ref_init (&r, ref, access_size); 482 483 asan_mem_ref *saved_ref = get_mem_ref_hash_table ()->find (&r); 484 return saved_ref && saved_ref->access_size >= access_size; 485} 486 487/* Return true iff the memory reference REF has been instrumented. */ 488 489static bool 490has_mem_ref_been_instrumented (const asan_mem_ref *ref) 491{ 492 return has_mem_ref_been_instrumented (ref->start, ref->access_size); 493} 494 495/* Return true iff access to memory region starting at REF and of 496 length LEN has been instrumented. */ 497 498static bool 499has_mem_ref_been_instrumented (const asan_mem_ref *ref, tree len) 500{ 501 HOST_WIDE_INT size_in_bytes 502 = tree_fits_shwi_p (len) ? tree_to_shwi (len) : -1; 503 504 return size_in_bytes != -1 505 && has_mem_ref_been_instrumented (ref->start, size_in_bytes); 506} 507 508/* Set REF to the memory reference present in a gimple assignment 509 ASSIGNMENT. Return true upon successful completion, false 510 otherwise. */ 511 512static bool 513get_mem_ref_of_assignment (const gassign *assignment, 514 asan_mem_ref *ref, 515 bool *ref_is_store) 516{ 517 gcc_assert (gimple_assign_single_p (assignment)); 518 519 if (gimple_store_p (assignment) 520 && !gimple_clobber_p (assignment)) 521 { 522 ref->start = gimple_assign_lhs (assignment); 523 *ref_is_store = true; 524 } 525 else if (gimple_assign_load_p (assignment)) 526 { 527 ref->start = gimple_assign_rhs1 (assignment); 528 *ref_is_store = false; 529 } 530 else 531 return false; 532 533 ref->access_size = int_size_in_bytes (TREE_TYPE (ref->start)); 534 return true; 535} 536 537/* Return the memory references contained in a gimple statement 538 representing a builtin call that has to do with memory access. */ 539 540static bool 541get_mem_refs_of_builtin_call (const gcall *call, 542 asan_mem_ref *src0, 543 tree *src0_len, 544 bool *src0_is_store, 545 asan_mem_ref *src1, 546 tree *src1_len, 547 bool *src1_is_store, 548 asan_mem_ref *dst, 549 tree *dst_len, 550 bool *dst_is_store, 551 bool *dest_is_deref, 552 bool *intercepted_p) 553{ 554 gcc_checking_assert (gimple_call_builtin_p (call, BUILT_IN_NORMAL)); 555 556 tree callee = gimple_call_fndecl (call); 557 tree source0 = NULL_TREE, source1 = NULL_TREE, 558 dest = NULL_TREE, len = NULL_TREE; 559 bool is_store = true, got_reference_p = false; 560 HOST_WIDE_INT access_size = 1; 561 562 *intercepted_p = asan_intercepted_p ((DECL_FUNCTION_CODE (callee))); 563 564 switch (DECL_FUNCTION_CODE (callee)) 565 { 566 /* (s, s, n) style memops. */ 567 case BUILT_IN_BCMP: 568 case BUILT_IN_MEMCMP: 569 source0 = gimple_call_arg (call, 0); 570 source1 = gimple_call_arg (call, 1); 571 len = gimple_call_arg (call, 2); 572 break; 573 574 /* (src, dest, n) style memops. */ 575 case BUILT_IN_BCOPY: 576 source0 = gimple_call_arg (call, 0); 577 dest = gimple_call_arg (call, 1); 578 len = gimple_call_arg (call, 2); 579 break; 580 581 /* (dest, src, n) style memops. */ 582 case BUILT_IN_MEMCPY: 583 case BUILT_IN_MEMCPY_CHK: 584 case BUILT_IN_MEMMOVE: 585 case BUILT_IN_MEMMOVE_CHK: 586 case BUILT_IN_MEMPCPY: 587 case BUILT_IN_MEMPCPY_CHK: 588 dest = gimple_call_arg (call, 0); 589 source0 = gimple_call_arg (call, 1); 590 len = gimple_call_arg (call, 2); 591 break; 592 593 /* (dest, n) style memops. */ 594 case BUILT_IN_BZERO: 595 dest = gimple_call_arg (call, 0); 596 len = gimple_call_arg (call, 1); 597 break; 598 599 /* (dest, x, n) style memops*/ 600 case BUILT_IN_MEMSET: 601 case BUILT_IN_MEMSET_CHK: 602 dest = gimple_call_arg (call, 0); 603 len = gimple_call_arg (call, 2); 604 break; 605 606 case BUILT_IN_STRLEN: 607 source0 = gimple_call_arg (call, 0); 608 len = gimple_call_lhs (call); 609 break ; 610 611 /* And now the __atomic* and __sync builtins. 612 These are handled differently from the classical memory memory 613 access builtins above. */ 614 615 case BUILT_IN_ATOMIC_LOAD_1: 616 case BUILT_IN_ATOMIC_LOAD_2: 617 case BUILT_IN_ATOMIC_LOAD_4: 618 case BUILT_IN_ATOMIC_LOAD_8: 619 case BUILT_IN_ATOMIC_LOAD_16: 620 is_store = false; 621 /* fall through. */ 622 623 case BUILT_IN_SYNC_FETCH_AND_ADD_1: 624 case BUILT_IN_SYNC_FETCH_AND_ADD_2: 625 case BUILT_IN_SYNC_FETCH_AND_ADD_4: 626 case BUILT_IN_SYNC_FETCH_AND_ADD_8: 627 case BUILT_IN_SYNC_FETCH_AND_ADD_16: 628 629 case BUILT_IN_SYNC_FETCH_AND_SUB_1: 630 case BUILT_IN_SYNC_FETCH_AND_SUB_2: 631 case BUILT_IN_SYNC_FETCH_AND_SUB_4: 632 case BUILT_IN_SYNC_FETCH_AND_SUB_8: 633 case BUILT_IN_SYNC_FETCH_AND_SUB_16: 634 635 case BUILT_IN_SYNC_FETCH_AND_OR_1: 636 case BUILT_IN_SYNC_FETCH_AND_OR_2: 637 case BUILT_IN_SYNC_FETCH_AND_OR_4: 638 case BUILT_IN_SYNC_FETCH_AND_OR_8: 639 case BUILT_IN_SYNC_FETCH_AND_OR_16: 640 641 case BUILT_IN_SYNC_FETCH_AND_AND_1: 642 case BUILT_IN_SYNC_FETCH_AND_AND_2: 643 case BUILT_IN_SYNC_FETCH_AND_AND_4: 644 case BUILT_IN_SYNC_FETCH_AND_AND_8: 645 case BUILT_IN_SYNC_FETCH_AND_AND_16: 646 647 case BUILT_IN_SYNC_FETCH_AND_XOR_1: 648 case BUILT_IN_SYNC_FETCH_AND_XOR_2: 649 case BUILT_IN_SYNC_FETCH_AND_XOR_4: 650 case BUILT_IN_SYNC_FETCH_AND_XOR_8: 651 case BUILT_IN_SYNC_FETCH_AND_XOR_16: 652 653 case BUILT_IN_SYNC_FETCH_AND_NAND_1: 654 case BUILT_IN_SYNC_FETCH_AND_NAND_2: 655 case BUILT_IN_SYNC_FETCH_AND_NAND_4: 656 case BUILT_IN_SYNC_FETCH_AND_NAND_8: 657 658 case BUILT_IN_SYNC_ADD_AND_FETCH_1: 659 case BUILT_IN_SYNC_ADD_AND_FETCH_2: 660 case BUILT_IN_SYNC_ADD_AND_FETCH_4: 661 case BUILT_IN_SYNC_ADD_AND_FETCH_8: 662 case BUILT_IN_SYNC_ADD_AND_FETCH_16: 663 664 case BUILT_IN_SYNC_SUB_AND_FETCH_1: 665 case BUILT_IN_SYNC_SUB_AND_FETCH_2: 666 case BUILT_IN_SYNC_SUB_AND_FETCH_4: 667 case BUILT_IN_SYNC_SUB_AND_FETCH_8: 668 case BUILT_IN_SYNC_SUB_AND_FETCH_16: 669 670 case BUILT_IN_SYNC_OR_AND_FETCH_1: 671 case BUILT_IN_SYNC_OR_AND_FETCH_2: 672 case BUILT_IN_SYNC_OR_AND_FETCH_4: 673 case BUILT_IN_SYNC_OR_AND_FETCH_8: 674 case BUILT_IN_SYNC_OR_AND_FETCH_16: 675 676 case BUILT_IN_SYNC_AND_AND_FETCH_1: 677 case BUILT_IN_SYNC_AND_AND_FETCH_2: 678 case BUILT_IN_SYNC_AND_AND_FETCH_4: 679 case BUILT_IN_SYNC_AND_AND_FETCH_8: 680 case BUILT_IN_SYNC_AND_AND_FETCH_16: 681 682 case BUILT_IN_SYNC_XOR_AND_FETCH_1: 683 case BUILT_IN_SYNC_XOR_AND_FETCH_2: 684 case BUILT_IN_SYNC_XOR_AND_FETCH_4: 685 case BUILT_IN_SYNC_XOR_AND_FETCH_8: 686 case BUILT_IN_SYNC_XOR_AND_FETCH_16: 687 688 case BUILT_IN_SYNC_NAND_AND_FETCH_1: 689 case BUILT_IN_SYNC_NAND_AND_FETCH_2: 690 case BUILT_IN_SYNC_NAND_AND_FETCH_4: 691 case BUILT_IN_SYNC_NAND_AND_FETCH_8: 692 693 case BUILT_IN_SYNC_BOOL_COMPARE_AND_SWAP_1: 694 case BUILT_IN_SYNC_BOOL_COMPARE_AND_SWAP_2: 695 case BUILT_IN_SYNC_BOOL_COMPARE_AND_SWAP_4: 696 case BUILT_IN_SYNC_BOOL_COMPARE_AND_SWAP_8: 697 case BUILT_IN_SYNC_BOOL_COMPARE_AND_SWAP_16: 698 699 case BUILT_IN_SYNC_VAL_COMPARE_AND_SWAP_1: 700 case BUILT_IN_SYNC_VAL_COMPARE_AND_SWAP_2: 701 case BUILT_IN_SYNC_VAL_COMPARE_AND_SWAP_4: 702 case BUILT_IN_SYNC_VAL_COMPARE_AND_SWAP_8: 703 case BUILT_IN_SYNC_VAL_COMPARE_AND_SWAP_16: 704 705 case BUILT_IN_SYNC_LOCK_TEST_AND_SET_1: 706 case BUILT_IN_SYNC_LOCK_TEST_AND_SET_2: 707 case BUILT_IN_SYNC_LOCK_TEST_AND_SET_4: 708 case BUILT_IN_SYNC_LOCK_TEST_AND_SET_8: 709 case BUILT_IN_SYNC_LOCK_TEST_AND_SET_16: 710 711 case BUILT_IN_SYNC_LOCK_RELEASE_1: 712 case BUILT_IN_SYNC_LOCK_RELEASE_2: 713 case BUILT_IN_SYNC_LOCK_RELEASE_4: 714 case BUILT_IN_SYNC_LOCK_RELEASE_8: 715 case BUILT_IN_SYNC_LOCK_RELEASE_16: 716 717 case BUILT_IN_ATOMIC_EXCHANGE_1: 718 case BUILT_IN_ATOMIC_EXCHANGE_2: 719 case BUILT_IN_ATOMIC_EXCHANGE_4: 720 case BUILT_IN_ATOMIC_EXCHANGE_8: 721 case BUILT_IN_ATOMIC_EXCHANGE_16: 722 723 case BUILT_IN_ATOMIC_COMPARE_EXCHANGE_1: 724 case BUILT_IN_ATOMIC_COMPARE_EXCHANGE_2: 725 case BUILT_IN_ATOMIC_COMPARE_EXCHANGE_4: 726 case BUILT_IN_ATOMIC_COMPARE_EXCHANGE_8: 727 case BUILT_IN_ATOMIC_COMPARE_EXCHANGE_16: 728 729 case BUILT_IN_ATOMIC_STORE_1: 730 case BUILT_IN_ATOMIC_STORE_2: 731 case BUILT_IN_ATOMIC_STORE_4: 732 case BUILT_IN_ATOMIC_STORE_8: 733 case BUILT_IN_ATOMIC_STORE_16: 734 735 case BUILT_IN_ATOMIC_ADD_FETCH_1: 736 case BUILT_IN_ATOMIC_ADD_FETCH_2: 737 case BUILT_IN_ATOMIC_ADD_FETCH_4: 738 case BUILT_IN_ATOMIC_ADD_FETCH_8: 739 case BUILT_IN_ATOMIC_ADD_FETCH_16: 740 741 case BUILT_IN_ATOMIC_SUB_FETCH_1: 742 case BUILT_IN_ATOMIC_SUB_FETCH_2: 743 case BUILT_IN_ATOMIC_SUB_FETCH_4: 744 case BUILT_IN_ATOMIC_SUB_FETCH_8: 745 case BUILT_IN_ATOMIC_SUB_FETCH_16: 746 747 case BUILT_IN_ATOMIC_AND_FETCH_1: 748 case BUILT_IN_ATOMIC_AND_FETCH_2: 749 case BUILT_IN_ATOMIC_AND_FETCH_4: 750 case BUILT_IN_ATOMIC_AND_FETCH_8: 751 case BUILT_IN_ATOMIC_AND_FETCH_16: 752 753 case BUILT_IN_ATOMIC_NAND_FETCH_1: 754 case BUILT_IN_ATOMIC_NAND_FETCH_2: 755 case BUILT_IN_ATOMIC_NAND_FETCH_4: 756 case BUILT_IN_ATOMIC_NAND_FETCH_8: 757 case BUILT_IN_ATOMIC_NAND_FETCH_16: 758 759 case BUILT_IN_ATOMIC_XOR_FETCH_1: 760 case BUILT_IN_ATOMIC_XOR_FETCH_2: 761 case BUILT_IN_ATOMIC_XOR_FETCH_4: 762 case BUILT_IN_ATOMIC_XOR_FETCH_8: 763 case BUILT_IN_ATOMIC_XOR_FETCH_16: 764 765 case BUILT_IN_ATOMIC_OR_FETCH_1: 766 case BUILT_IN_ATOMIC_OR_FETCH_2: 767 case BUILT_IN_ATOMIC_OR_FETCH_4: 768 case BUILT_IN_ATOMIC_OR_FETCH_8: 769 case BUILT_IN_ATOMIC_OR_FETCH_16: 770 771 case BUILT_IN_ATOMIC_FETCH_ADD_1: 772 case BUILT_IN_ATOMIC_FETCH_ADD_2: 773 case BUILT_IN_ATOMIC_FETCH_ADD_4: 774 case BUILT_IN_ATOMIC_FETCH_ADD_8: 775 case BUILT_IN_ATOMIC_FETCH_ADD_16: 776 777 case BUILT_IN_ATOMIC_FETCH_SUB_1: 778 case BUILT_IN_ATOMIC_FETCH_SUB_2: 779 case BUILT_IN_ATOMIC_FETCH_SUB_4: 780 case BUILT_IN_ATOMIC_FETCH_SUB_8: 781 case BUILT_IN_ATOMIC_FETCH_SUB_16: 782 783 case BUILT_IN_ATOMIC_FETCH_AND_1: 784 case BUILT_IN_ATOMIC_FETCH_AND_2: 785 case BUILT_IN_ATOMIC_FETCH_AND_4: 786 case BUILT_IN_ATOMIC_FETCH_AND_8: 787 case BUILT_IN_ATOMIC_FETCH_AND_16: 788 789 case BUILT_IN_ATOMIC_FETCH_NAND_1: 790 case BUILT_IN_ATOMIC_FETCH_NAND_2: 791 case BUILT_IN_ATOMIC_FETCH_NAND_4: 792 case BUILT_IN_ATOMIC_FETCH_NAND_8: 793 case BUILT_IN_ATOMIC_FETCH_NAND_16: 794 795 case BUILT_IN_ATOMIC_FETCH_XOR_1: 796 case BUILT_IN_ATOMIC_FETCH_XOR_2: 797 case BUILT_IN_ATOMIC_FETCH_XOR_4: 798 case BUILT_IN_ATOMIC_FETCH_XOR_8: 799 case BUILT_IN_ATOMIC_FETCH_XOR_16: 800 801 case BUILT_IN_ATOMIC_FETCH_OR_1: 802 case BUILT_IN_ATOMIC_FETCH_OR_2: 803 case BUILT_IN_ATOMIC_FETCH_OR_4: 804 case BUILT_IN_ATOMIC_FETCH_OR_8: 805 case BUILT_IN_ATOMIC_FETCH_OR_16: 806 { 807 dest = gimple_call_arg (call, 0); 808 /* DEST represents the address of a memory location. 809 instrument_derefs wants the memory location, so lets 810 dereference the address DEST before handing it to 811 instrument_derefs. */ 812 if (TREE_CODE (dest) == ADDR_EXPR) 813 dest = TREE_OPERAND (dest, 0); 814 else if (TREE_CODE (dest) == SSA_NAME || TREE_CODE (dest) == INTEGER_CST) 815 dest = build2 (MEM_REF, TREE_TYPE (TREE_TYPE (dest)), 816 dest, build_int_cst (TREE_TYPE (dest), 0)); 817 else 818 gcc_unreachable (); 819 820 access_size = int_size_in_bytes (TREE_TYPE (dest)); 821 } 822 823 default: 824 /* The other builtins memory access are not instrumented in this 825 function because they either don't have any length parameter, 826 or their length parameter is just a limit. */ 827 break; 828 } 829 830 if (len != NULL_TREE) 831 { 832 if (source0 != NULL_TREE) 833 { 834 src0->start = source0; 835 src0->access_size = access_size; 836 *src0_len = len; 837 *src0_is_store = false; 838 } 839 840 if (source1 != NULL_TREE) 841 { 842 src1->start = source1; 843 src1->access_size = access_size; 844 *src1_len = len; 845 *src1_is_store = false; 846 } 847 848 if (dest != NULL_TREE) 849 { 850 dst->start = dest; 851 dst->access_size = access_size; 852 *dst_len = len; 853 *dst_is_store = true; 854 } 855 856 got_reference_p = true; 857 } 858 else if (dest) 859 { 860 dst->start = dest; 861 dst->access_size = access_size; 862 *dst_len = NULL_TREE; 863 *dst_is_store = is_store; 864 *dest_is_deref = true; 865 got_reference_p = true; 866 } 867 868 return got_reference_p; 869} 870 871/* Return true iff a given gimple statement has been instrumented. 872 Note that the statement is "defined" by the memory references it 873 contains. */ 874 875static bool 876has_stmt_been_instrumented_p (gimple stmt) 877{ 878 if (gimple_assign_single_p (stmt)) 879 { 880 bool r_is_store; 881 asan_mem_ref r; 882 asan_mem_ref_init (&r, NULL, 1); 883 884 if (get_mem_ref_of_assignment (as_a <gassign *> (stmt), &r, 885 &r_is_store)) 886 return has_mem_ref_been_instrumented (&r); 887 } 888 else if (gimple_call_builtin_p (stmt, BUILT_IN_NORMAL)) 889 { 890 asan_mem_ref src0, src1, dest; 891 asan_mem_ref_init (&src0, NULL, 1); 892 asan_mem_ref_init (&src1, NULL, 1); 893 asan_mem_ref_init (&dest, NULL, 1); 894 895 tree src0_len = NULL_TREE, src1_len = NULL_TREE, dest_len = NULL_TREE; 896 bool src0_is_store = false, src1_is_store = false, 897 dest_is_store = false, dest_is_deref = false, intercepted_p = true; 898 if (get_mem_refs_of_builtin_call (as_a <gcall *> (stmt), 899 &src0, &src0_len, &src0_is_store, 900 &src1, &src1_len, &src1_is_store, 901 &dest, &dest_len, &dest_is_store, 902 &dest_is_deref, &intercepted_p)) 903 { 904 if (src0.start != NULL_TREE 905 && !has_mem_ref_been_instrumented (&src0, src0_len)) 906 return false; 907 908 if (src1.start != NULL_TREE 909 && !has_mem_ref_been_instrumented (&src1, src1_len)) 910 return false; 911 912 if (dest.start != NULL_TREE 913 && !has_mem_ref_been_instrumented (&dest, dest_len)) 914 return false; 915 916 return true; 917 } 918 } 919 return false; 920} 921 922/* Insert a memory reference into the hash table. */ 923 924static void 925update_mem_ref_hash_table (tree ref, HOST_WIDE_INT access_size) 926{ 927 hash_table<asan_mem_ref_hasher> *ht = get_mem_ref_hash_table (); 928 929 asan_mem_ref r; 930 asan_mem_ref_init (&r, ref, access_size); 931 932 asan_mem_ref **slot = ht->find_slot (&r, INSERT); 933 if (*slot == NULL || (*slot)->access_size < access_size) 934 *slot = asan_mem_ref_new (ref, access_size); 935} 936 937/* Initialize shadow_ptr_types array. */ 938 939static void 940asan_init_shadow_ptr_types (void) 941{ 942 asan_shadow_set = new_alias_set (); 943 shadow_ptr_types[0] = build_distinct_type_copy (signed_char_type_node); 944 TYPE_ALIAS_SET (shadow_ptr_types[0]) = asan_shadow_set; 945 shadow_ptr_types[0] = build_pointer_type (shadow_ptr_types[0]); 946 shadow_ptr_types[1] = build_distinct_type_copy (short_integer_type_node); 947 TYPE_ALIAS_SET (shadow_ptr_types[1]) = asan_shadow_set; 948 shadow_ptr_types[1] = build_pointer_type (shadow_ptr_types[1]); 949 initialize_sanitizer_builtins (); 950} 951 952/* Create ADDR_EXPR of STRING_CST with the PP pretty printer text. */ 953 954static tree 955asan_pp_string (pretty_printer *pp) 956{ 957 const char *buf = pp_formatted_text (pp); 958 size_t len = strlen (buf); 959 tree ret = build_string (len + 1, buf); 960 TREE_TYPE (ret) 961 = build_array_type (TREE_TYPE (shadow_ptr_types[0]), 962 build_index_type (size_int (len))); 963 TREE_READONLY (ret) = 1; 964 TREE_STATIC (ret) = 1; 965 return build1 (ADDR_EXPR, shadow_ptr_types[0], ret); 966} 967 968/* Return a CONST_INT representing 4 subsequent shadow memory bytes. */ 969 970static rtx 971asan_shadow_cst (unsigned char shadow_bytes[4]) 972{ 973 int i; 974 unsigned HOST_WIDE_INT val = 0; 975 gcc_assert (WORDS_BIG_ENDIAN == BYTES_BIG_ENDIAN); 976 for (i = 0; i < 4; i++) 977 val |= (unsigned HOST_WIDE_INT) shadow_bytes[BYTES_BIG_ENDIAN ? 3 - i : i] 978 << (BITS_PER_UNIT * i); 979 return gen_int_mode (val, SImode); 980} 981 982/* Clear shadow memory at SHADOW_MEM, LEN bytes. Can't call a library call here 983 though. */ 984 985static void 986asan_clear_shadow (rtx shadow_mem, HOST_WIDE_INT len) 987{ 988 rtx_insn *insn, *insns, *jump; 989 rtx_code_label *top_label; 990 rtx end, addr, tmp; 991 992 start_sequence (); 993 clear_storage (shadow_mem, GEN_INT (len), BLOCK_OP_NORMAL); 994 insns = get_insns (); 995 end_sequence (); 996 for (insn = insns; insn; insn = NEXT_INSN (insn)) 997 if (CALL_P (insn)) 998 break; 999 if (insn == NULL_RTX) 1000 { 1001 emit_insn (insns); 1002 return; 1003 } 1004 1005 gcc_assert ((len & 3) == 0); 1006 top_label = gen_label_rtx (); 1007 addr = copy_to_mode_reg (Pmode, XEXP (shadow_mem, 0)); 1008 shadow_mem = adjust_automodify_address (shadow_mem, SImode, addr, 0); 1009 end = force_reg (Pmode, plus_constant (Pmode, addr, len)); 1010 emit_label (top_label); 1011 1012 emit_move_insn (shadow_mem, const0_rtx); 1013 tmp = expand_simple_binop (Pmode, PLUS, addr, gen_int_mode (4, Pmode), addr, 1014 true, OPTAB_LIB_WIDEN); 1015 if (tmp != addr) 1016 emit_move_insn (addr, tmp); 1017 emit_cmp_and_jump_insns (addr, end, LT, NULL_RTX, Pmode, true, top_label); 1018 jump = get_last_insn (); 1019 gcc_assert (JUMP_P (jump)); 1020 add_int_reg_note (jump, REG_BR_PROB, REG_BR_PROB_BASE * 80 / 100); 1021} 1022 1023void 1024asan_function_start (void) 1025{ 1026 section *fnsec = function_section (current_function_decl); 1027 switch_to_section (fnsec); 1028 ASM_OUTPUT_DEBUG_LABEL (asm_out_file, "LASANPC", 1029 current_function_funcdef_no); 1030} 1031 1032/* Insert code to protect stack vars. The prologue sequence should be emitted 1033 directly, epilogue sequence returned. BASE is the register holding the 1034 stack base, against which OFFSETS array offsets are relative to, OFFSETS 1035 array contains pairs of offsets in reverse order, always the end offset 1036 of some gap that needs protection followed by starting offset, 1037 and DECLS is an array of representative decls for each var partition. 1038 LENGTH is the length of the OFFSETS array, DECLS array is LENGTH / 2 - 1 1039 elements long (OFFSETS include gap before the first variable as well 1040 as gaps after each stack variable). PBASE is, if non-NULL, some pseudo 1041 register which stack vars DECL_RTLs are based on. Either BASE should be 1042 assigned to PBASE, when not doing use after return protection, or 1043 corresponding address based on __asan_stack_malloc* return value. */ 1044 1045rtx_insn * 1046asan_emit_stack_protection (rtx base, rtx pbase, unsigned int alignb, 1047 HOST_WIDE_INT *offsets, tree *decls, int length) 1048{ 1049 rtx shadow_base, shadow_mem, ret, mem, orig_base; 1050 rtx_code_label *lab; 1051 rtx_insn *insns; 1052 char buf[30]; 1053 unsigned char shadow_bytes[4]; 1054 HOST_WIDE_INT base_offset = offsets[length - 1]; 1055 HOST_WIDE_INT base_align_bias = 0, offset, prev_offset; 1056 HOST_WIDE_INT asan_frame_size = offsets[0] - base_offset; 1057 HOST_WIDE_INT last_offset, last_size; 1058 int l; 1059 unsigned char cur_shadow_byte = ASAN_STACK_MAGIC_LEFT; 1060 tree str_cst, decl, id; 1061 int use_after_return_class = -1; 1062 1063 if (shadow_ptr_types[0] == NULL_TREE) 1064 asan_init_shadow_ptr_types (); 1065 1066 /* First of all, prepare the description string. */ 1067 pretty_printer asan_pp; 1068 1069 pp_decimal_int (&asan_pp, length / 2 - 1); 1070 pp_space (&asan_pp); 1071 for (l = length - 2; l; l -= 2) 1072 { 1073 tree decl = decls[l / 2 - 1]; 1074 pp_wide_integer (&asan_pp, offsets[l] - base_offset); 1075 pp_space (&asan_pp); 1076 pp_wide_integer (&asan_pp, offsets[l - 1] - offsets[l]); 1077 pp_space (&asan_pp); 1078 if (DECL_P (decl) && DECL_NAME (decl)) 1079 { 1080 pp_decimal_int (&asan_pp, IDENTIFIER_LENGTH (DECL_NAME (decl))); 1081 pp_space (&asan_pp); 1082 pp_tree_identifier (&asan_pp, DECL_NAME (decl)); 1083 } 1084 else 1085 pp_string (&asan_pp, "9 <unknown>"); 1086 pp_space (&asan_pp); 1087 } 1088 str_cst = asan_pp_string (&asan_pp); 1089 1090 /* Emit the prologue sequence. */ 1091 if (asan_frame_size > 32 && asan_frame_size <= 65536 && pbase 1092 && ASAN_USE_AFTER_RETURN) 1093 { 1094 use_after_return_class = floor_log2 (asan_frame_size - 1) - 5; 1095 /* __asan_stack_malloc_N guarantees alignment 1096 N < 6 ? (64 << N) : 4096 bytes. */ 1097 if (alignb > (use_after_return_class < 6 1098 ? (64U << use_after_return_class) : 4096U)) 1099 use_after_return_class = -1; 1100 else if (alignb > ASAN_RED_ZONE_SIZE && (asan_frame_size & (alignb - 1))) 1101 base_align_bias = ((asan_frame_size + alignb - 1) 1102 & ~(alignb - HOST_WIDE_INT_1)) - asan_frame_size; 1103 } 1104 /* Align base if target is STRICT_ALIGNMENT. */ 1105 if (STRICT_ALIGNMENT) 1106 base = expand_binop (Pmode, and_optab, base, 1107 gen_int_mode (-((GET_MODE_ALIGNMENT (SImode) 1108 << ASAN_SHADOW_SHIFT) 1109 / BITS_PER_UNIT), Pmode), NULL_RTX, 1110 1, OPTAB_DIRECT); 1111 1112 if (use_after_return_class == -1 && pbase) 1113 emit_move_insn (pbase, base); 1114 1115 base = expand_binop (Pmode, add_optab, base, 1116 gen_int_mode (base_offset - base_align_bias, Pmode), 1117 NULL_RTX, 1, OPTAB_DIRECT); 1118 orig_base = NULL_RTX; 1119 if (use_after_return_class != -1) 1120 { 1121 if (asan_detect_stack_use_after_return == NULL_TREE) 1122 { 1123 id = get_identifier ("__asan_option_detect_stack_use_after_return"); 1124 decl = build_decl (BUILTINS_LOCATION, VAR_DECL, id, 1125 integer_type_node); 1126 SET_DECL_ASSEMBLER_NAME (decl, id); 1127 TREE_ADDRESSABLE (decl) = 1; 1128 DECL_ARTIFICIAL (decl) = 1; 1129 DECL_IGNORED_P (decl) = 1; 1130 DECL_EXTERNAL (decl) = 1; 1131 TREE_STATIC (decl) = 1; 1132 TREE_PUBLIC (decl) = 1; 1133 TREE_USED (decl) = 1; 1134 asan_detect_stack_use_after_return = decl; 1135 } 1136 orig_base = gen_reg_rtx (Pmode); 1137 emit_move_insn (orig_base, base); 1138 ret = expand_normal (asan_detect_stack_use_after_return); 1139 lab = gen_label_rtx (); 1140 int very_likely = REG_BR_PROB_BASE - (REG_BR_PROB_BASE / 2000 - 1); 1141 emit_cmp_and_jump_insns (ret, const0_rtx, EQ, NULL_RTX, 1142 VOIDmode, 0, lab, very_likely); 1143 snprintf (buf, sizeof buf, "__asan_stack_malloc_%d", 1144 use_after_return_class); 1145 ret = init_one_libfunc (buf); 1146 rtx addr = convert_memory_address (ptr_mode, base); 1147 ret = emit_library_call_value (ret, NULL_RTX, LCT_NORMAL, ptr_mode, 2, 1148 GEN_INT (asan_frame_size 1149 + base_align_bias), 1150 TYPE_MODE (pointer_sized_int_node), 1151 addr, ptr_mode); 1152 ret = convert_memory_address (Pmode, ret); 1153 emit_move_insn (base, ret); 1154 emit_label (lab); 1155 emit_move_insn (pbase, expand_binop (Pmode, add_optab, base, 1156 gen_int_mode (base_align_bias 1157 - base_offset, Pmode), 1158 NULL_RTX, 1, OPTAB_DIRECT)); 1159 } 1160 mem = gen_rtx_MEM (ptr_mode, base); 1161 mem = adjust_address (mem, VOIDmode, base_align_bias); 1162 emit_move_insn (mem, gen_int_mode (ASAN_STACK_FRAME_MAGIC, ptr_mode)); 1163 mem = adjust_address (mem, VOIDmode, GET_MODE_SIZE (ptr_mode)); 1164 emit_move_insn (mem, expand_normal (str_cst)); 1165 mem = adjust_address (mem, VOIDmode, GET_MODE_SIZE (ptr_mode)); 1166 ASM_GENERATE_INTERNAL_LABEL (buf, "LASANPC", current_function_funcdef_no); 1167 id = get_identifier (buf); 1168 decl = build_decl (DECL_SOURCE_LOCATION (current_function_decl), 1169 VAR_DECL, id, char_type_node); 1170 SET_DECL_ASSEMBLER_NAME (decl, id); 1171 TREE_ADDRESSABLE (decl) = 1; 1172 TREE_READONLY (decl) = 1; 1173 DECL_ARTIFICIAL (decl) = 1; 1174 DECL_IGNORED_P (decl) = 1; 1175 TREE_STATIC (decl) = 1; 1176 TREE_PUBLIC (decl) = 0; 1177 TREE_USED (decl) = 1; 1178 DECL_INITIAL (decl) = decl; 1179 TREE_ASM_WRITTEN (decl) = 1; 1180 TREE_ASM_WRITTEN (id) = 1; 1181 emit_move_insn (mem, expand_normal (build_fold_addr_expr (decl))); 1182 shadow_base = expand_binop (Pmode, lshr_optab, base, 1183 GEN_INT (ASAN_SHADOW_SHIFT), 1184 NULL_RTX, 1, OPTAB_DIRECT); 1185 shadow_base 1186 = plus_constant (Pmode, shadow_base, 1187 asan_shadow_offset () 1188 + (base_align_bias >> ASAN_SHADOW_SHIFT)); 1189 gcc_assert (asan_shadow_set != -1 1190 && (ASAN_RED_ZONE_SIZE >> ASAN_SHADOW_SHIFT) == 4); 1191 shadow_mem = gen_rtx_MEM (SImode, shadow_base); 1192 set_mem_alias_set (shadow_mem, asan_shadow_set); 1193 if (STRICT_ALIGNMENT) 1194 set_mem_align (shadow_mem, (GET_MODE_ALIGNMENT (SImode))); 1195 prev_offset = base_offset; 1196 for (l = length; l; l -= 2) 1197 { 1198 if (l == 2) 1199 cur_shadow_byte = ASAN_STACK_MAGIC_RIGHT; 1200 offset = offsets[l - 1]; 1201 if ((offset - base_offset) & (ASAN_RED_ZONE_SIZE - 1)) 1202 { 1203 int i; 1204 HOST_WIDE_INT aoff 1205 = base_offset + ((offset - base_offset) 1206 & ~(ASAN_RED_ZONE_SIZE - HOST_WIDE_INT_1)); 1207 shadow_mem = adjust_address (shadow_mem, VOIDmode, 1208 (aoff - prev_offset) 1209 >> ASAN_SHADOW_SHIFT); 1210 prev_offset = aoff; 1211 for (i = 0; i < 4; i++, aoff += (1 << ASAN_SHADOW_SHIFT)) 1212 if (aoff < offset) 1213 { 1214 if (aoff < offset - (1 << ASAN_SHADOW_SHIFT) + 1) 1215 shadow_bytes[i] = 0; 1216 else 1217 shadow_bytes[i] = offset - aoff; 1218 } 1219 else 1220 shadow_bytes[i] = ASAN_STACK_MAGIC_PARTIAL; 1221 emit_move_insn (shadow_mem, asan_shadow_cst (shadow_bytes)); 1222 offset = aoff; 1223 } 1224 while (offset <= offsets[l - 2] - ASAN_RED_ZONE_SIZE) 1225 { 1226 shadow_mem = adjust_address (shadow_mem, VOIDmode, 1227 (offset - prev_offset) 1228 >> ASAN_SHADOW_SHIFT); 1229 prev_offset = offset; 1230 memset (shadow_bytes, cur_shadow_byte, 4); 1231 emit_move_insn (shadow_mem, asan_shadow_cst (shadow_bytes)); 1232 offset += ASAN_RED_ZONE_SIZE; 1233 } 1234 cur_shadow_byte = ASAN_STACK_MAGIC_MIDDLE; 1235 } 1236 do_pending_stack_adjust (); 1237 1238 /* Construct epilogue sequence. */ 1239 start_sequence (); 1240 1241 lab = NULL; 1242 if (use_after_return_class != -1) 1243 { 1244 rtx_code_label *lab2 = gen_label_rtx (); 1245 char c = (char) ASAN_STACK_MAGIC_USE_AFTER_RET; 1246 int very_likely = REG_BR_PROB_BASE - (REG_BR_PROB_BASE / 2000 - 1); 1247 emit_cmp_and_jump_insns (orig_base, base, EQ, NULL_RTX, 1248 VOIDmode, 0, lab2, very_likely); 1249 shadow_mem = gen_rtx_MEM (BLKmode, shadow_base); 1250 set_mem_alias_set (shadow_mem, asan_shadow_set); 1251 mem = gen_rtx_MEM (ptr_mode, base); 1252 mem = adjust_address (mem, VOIDmode, base_align_bias); 1253 emit_move_insn (mem, gen_int_mode (ASAN_STACK_RETIRED_MAGIC, ptr_mode)); 1254 unsigned HOST_WIDE_INT sz = asan_frame_size >> ASAN_SHADOW_SHIFT; 1255 if (use_after_return_class < 5 1256 && can_store_by_pieces (sz, builtin_memset_read_str, &c, 1257 BITS_PER_UNIT, true)) 1258 store_by_pieces (shadow_mem, sz, builtin_memset_read_str, &c, 1259 BITS_PER_UNIT, true, 0); 1260 else if (use_after_return_class >= 5 1261 || !set_storage_via_setmem (shadow_mem, 1262 GEN_INT (sz), 1263 gen_int_mode (c, QImode), 1264 BITS_PER_UNIT, BITS_PER_UNIT, 1265 -1, sz, sz, sz)) 1266 { 1267 snprintf (buf, sizeof buf, "__asan_stack_free_%d", 1268 use_after_return_class); 1269 ret = init_one_libfunc (buf); 1270 rtx addr = convert_memory_address (ptr_mode, base); 1271 rtx orig_addr = convert_memory_address (ptr_mode, orig_base); 1272 emit_library_call (ret, LCT_NORMAL, ptr_mode, 3, addr, ptr_mode, 1273 GEN_INT (asan_frame_size + base_align_bias), 1274 TYPE_MODE (pointer_sized_int_node), 1275 orig_addr, ptr_mode); 1276 } 1277 lab = gen_label_rtx (); 1278 emit_jump (lab); 1279 emit_label (lab2); 1280 } 1281 1282 shadow_mem = gen_rtx_MEM (BLKmode, shadow_base); 1283 set_mem_alias_set (shadow_mem, asan_shadow_set); 1284 1285 if (STRICT_ALIGNMENT) 1286 set_mem_align (shadow_mem, (GET_MODE_ALIGNMENT (SImode))); 1287 1288 prev_offset = base_offset; 1289 last_offset = base_offset; 1290 last_size = 0; 1291 for (l = length; l; l -= 2) 1292 { 1293 offset = base_offset + ((offsets[l - 1] - base_offset) 1294 & ~(ASAN_RED_ZONE_SIZE - HOST_WIDE_INT_1)); 1295 if (last_offset + last_size != offset) 1296 { 1297 shadow_mem = adjust_address (shadow_mem, VOIDmode, 1298 (last_offset - prev_offset) 1299 >> ASAN_SHADOW_SHIFT); 1300 prev_offset = last_offset; 1301 asan_clear_shadow (shadow_mem, last_size >> ASAN_SHADOW_SHIFT); 1302 last_offset = offset; 1303 last_size = 0; 1304 } 1305 last_size += base_offset + ((offsets[l - 2] - base_offset) 1306 & ~(ASAN_RED_ZONE_SIZE - HOST_WIDE_INT_1)) 1307 - offset; 1308 } 1309 if (last_size) 1310 { 1311 shadow_mem = adjust_address (shadow_mem, VOIDmode, 1312 (last_offset - prev_offset) 1313 >> ASAN_SHADOW_SHIFT); 1314 asan_clear_shadow (shadow_mem, last_size >> ASAN_SHADOW_SHIFT); 1315 } 1316 1317 do_pending_stack_adjust (); 1318 if (lab) 1319 emit_label (lab); 1320 1321 insns = get_insns (); 1322 end_sequence (); 1323 return insns; 1324} 1325 1326/* Return true if DECL, a global var, might be overridden and needs 1327 therefore a local alias. */ 1328 1329static bool 1330asan_needs_local_alias (tree decl) 1331{ 1332 return DECL_WEAK (decl) || !targetm.binds_local_p (decl); 1333} 1334 1335/* Return true if DECL is a VAR_DECL that should be protected 1336 by Address Sanitizer, by appending a red zone with protected 1337 shadow memory after it and aligning it to at least 1338 ASAN_RED_ZONE_SIZE bytes. */ 1339 1340bool 1341asan_protect_global (tree decl) 1342{ 1343 if (!ASAN_GLOBALS) 1344 return false; 1345 1346 rtx rtl, symbol; 1347 1348 if (TREE_CODE (decl) == STRING_CST) 1349 { 1350 /* Instrument all STRING_CSTs except those created 1351 by asan_pp_string here. */ 1352 if (shadow_ptr_types[0] != NULL_TREE 1353 && TREE_CODE (TREE_TYPE (decl)) == ARRAY_TYPE 1354 && TREE_TYPE (TREE_TYPE (decl)) == TREE_TYPE (shadow_ptr_types[0])) 1355 return false; 1356 return true; 1357 } 1358 if (TREE_CODE (decl) != VAR_DECL 1359 /* TLS vars aren't statically protectable. */ 1360 || DECL_THREAD_LOCAL_P (decl) 1361 /* Externs will be protected elsewhere. */ 1362 || DECL_EXTERNAL (decl) 1363 || !DECL_RTL_SET_P (decl) 1364 /* Comdat vars pose an ABI problem, we can't know if 1365 the var that is selected by the linker will have 1366 padding or not. */ 1367 || DECL_ONE_ONLY (decl) 1368 /* Similarly for common vars. People can use -fno-common. 1369 Note: Linux kernel is built with -fno-common, so we do instrument 1370 globals there even if it is C. */ 1371 || (DECL_COMMON (decl) && TREE_PUBLIC (decl)) 1372 /* Don't protect if using user section, often vars placed 1373 into user section from multiple TUs are then assumed 1374 to be an array of such vars, putting padding in there 1375 breaks this assumption. */ 1376 || (DECL_SECTION_NAME (decl) != NULL 1377 && !symtab_node::get (decl)->implicit_section) 1378 || DECL_SIZE (decl) == 0 1379 || ASAN_RED_ZONE_SIZE * BITS_PER_UNIT > MAX_OFILE_ALIGNMENT 1380 || !valid_constant_size_p (DECL_SIZE_UNIT (decl)) 1381 || DECL_ALIGN_UNIT (decl) > 2 * ASAN_RED_ZONE_SIZE 1382 || TREE_TYPE (decl) == ubsan_get_source_location_type ()) 1383 return false; 1384 1385 rtl = DECL_RTL (decl); 1386 if (!MEM_P (rtl) || GET_CODE (XEXP (rtl, 0)) != SYMBOL_REF) 1387 return false; 1388 symbol = XEXP (rtl, 0); 1389 1390 if (CONSTANT_POOL_ADDRESS_P (symbol) 1391 || TREE_CONSTANT_POOL_ADDRESS_P (symbol)) 1392 return false; 1393 1394 if (lookup_attribute ("weakref", DECL_ATTRIBUTES (decl))) 1395 return false; 1396 1397#ifndef ASM_OUTPUT_DEF 1398 if (asan_needs_local_alias (decl)) 1399 return false; 1400#endif 1401 1402 return true; 1403} 1404 1405/* Construct a function tree for __asan_report_{load,store}{1,2,4,8,16,_n}. 1406 IS_STORE is either 1 (for a store) or 0 (for a load). */ 1407 1408static tree 1409report_error_func (bool is_store, bool recover_p, HOST_WIDE_INT size_in_bytes, 1410 int *nargs) 1411{ 1412 static enum built_in_function report[2][2][6] 1413 = { { { BUILT_IN_ASAN_REPORT_LOAD1, BUILT_IN_ASAN_REPORT_LOAD2, 1414 BUILT_IN_ASAN_REPORT_LOAD4, BUILT_IN_ASAN_REPORT_LOAD8, 1415 BUILT_IN_ASAN_REPORT_LOAD16, BUILT_IN_ASAN_REPORT_LOAD_N }, 1416 { BUILT_IN_ASAN_REPORT_STORE1, BUILT_IN_ASAN_REPORT_STORE2, 1417 BUILT_IN_ASAN_REPORT_STORE4, BUILT_IN_ASAN_REPORT_STORE8, 1418 BUILT_IN_ASAN_REPORT_STORE16, BUILT_IN_ASAN_REPORT_STORE_N } }, 1419 { { BUILT_IN_ASAN_REPORT_LOAD1_NOABORT, 1420 BUILT_IN_ASAN_REPORT_LOAD2_NOABORT, 1421 BUILT_IN_ASAN_REPORT_LOAD4_NOABORT, 1422 BUILT_IN_ASAN_REPORT_LOAD8_NOABORT, 1423 BUILT_IN_ASAN_REPORT_LOAD16_NOABORT, 1424 BUILT_IN_ASAN_REPORT_LOAD_N_NOABORT }, 1425 { BUILT_IN_ASAN_REPORT_STORE1_NOABORT, 1426 BUILT_IN_ASAN_REPORT_STORE2_NOABORT, 1427 BUILT_IN_ASAN_REPORT_STORE4_NOABORT, 1428 BUILT_IN_ASAN_REPORT_STORE8_NOABORT, 1429 BUILT_IN_ASAN_REPORT_STORE16_NOABORT, 1430 BUILT_IN_ASAN_REPORT_STORE_N_NOABORT } } }; 1431 if (size_in_bytes == -1) 1432 { 1433 *nargs = 2; 1434 return builtin_decl_implicit (report[recover_p][is_store][5]); 1435 } 1436 *nargs = 1; 1437 int size_log2 = exact_log2 (size_in_bytes); 1438 return builtin_decl_implicit (report[recover_p][is_store][size_log2]); 1439} 1440 1441/* Construct a function tree for __asan_{load,store}{1,2,4,8,16,_n}. 1442 IS_STORE is either 1 (for a store) or 0 (for a load). */ 1443 1444static tree 1445check_func (bool is_store, bool recover_p, HOST_WIDE_INT size_in_bytes, 1446 int *nargs) 1447{ 1448 static enum built_in_function check[2][2][6] 1449 = { { { BUILT_IN_ASAN_LOAD1, BUILT_IN_ASAN_LOAD2, 1450 BUILT_IN_ASAN_LOAD4, BUILT_IN_ASAN_LOAD8, 1451 BUILT_IN_ASAN_LOAD16, BUILT_IN_ASAN_LOADN }, 1452 { BUILT_IN_ASAN_STORE1, BUILT_IN_ASAN_STORE2, 1453 BUILT_IN_ASAN_STORE4, BUILT_IN_ASAN_STORE8, 1454 BUILT_IN_ASAN_STORE16, BUILT_IN_ASAN_STOREN } }, 1455 { { BUILT_IN_ASAN_LOAD1_NOABORT, 1456 BUILT_IN_ASAN_LOAD2_NOABORT, 1457 BUILT_IN_ASAN_LOAD4_NOABORT, 1458 BUILT_IN_ASAN_LOAD8_NOABORT, 1459 BUILT_IN_ASAN_LOAD16_NOABORT, 1460 BUILT_IN_ASAN_LOADN_NOABORT }, 1461 { BUILT_IN_ASAN_STORE1_NOABORT, 1462 BUILT_IN_ASAN_STORE2_NOABORT, 1463 BUILT_IN_ASAN_STORE4_NOABORT, 1464 BUILT_IN_ASAN_STORE8_NOABORT, 1465 BUILT_IN_ASAN_STORE16_NOABORT, 1466 BUILT_IN_ASAN_STOREN_NOABORT } } }; 1467 if (size_in_bytes == -1) 1468 { 1469 *nargs = 2; 1470 return builtin_decl_implicit (check[recover_p][is_store][5]); 1471 } 1472 *nargs = 1; 1473 int size_log2 = exact_log2 (size_in_bytes); 1474 return builtin_decl_implicit (check[recover_p][is_store][size_log2]); 1475} 1476 1477/* Split the current basic block and create a condition statement 1478 insertion point right before or after the statement pointed to by 1479 ITER. Return an iterator to the point at which the caller might 1480 safely insert the condition statement. 1481 1482 THEN_BLOCK must be set to the address of an uninitialized instance 1483 of basic_block. The function will then set *THEN_BLOCK to the 1484 'then block' of the condition statement to be inserted by the 1485 caller. 1486 1487 If CREATE_THEN_FALLTHRU_EDGE is false, no edge will be created from 1488 *THEN_BLOCK to *FALLTHROUGH_BLOCK. 1489 1490 Similarly, the function will set *FALLTRHOUGH_BLOCK to the 'else 1491 block' of the condition statement to be inserted by the caller. 1492 1493 Note that *FALLTHROUGH_BLOCK is a new block that contains the 1494 statements starting from *ITER, and *THEN_BLOCK is a new empty 1495 block. 1496 1497 *ITER is adjusted to point to always point to the first statement 1498 of the basic block * FALLTHROUGH_BLOCK. That statement is the 1499 same as what ITER was pointing to prior to calling this function, 1500 if BEFORE_P is true; otherwise, it is its following statement. */ 1501 1502gimple_stmt_iterator 1503create_cond_insert_point (gimple_stmt_iterator *iter, 1504 bool before_p, 1505 bool then_more_likely_p, 1506 bool create_then_fallthru_edge, 1507 basic_block *then_block, 1508 basic_block *fallthrough_block) 1509{ 1510 gimple_stmt_iterator gsi = *iter; 1511 1512 if (!gsi_end_p (gsi) && before_p) 1513 gsi_prev (&gsi); 1514 1515 basic_block cur_bb = gsi_bb (*iter); 1516 1517 edge e = split_block (cur_bb, gsi_stmt (gsi)); 1518 1519 /* Get a hold on the 'condition block', the 'then block' and the 1520 'else block'. */ 1521 basic_block cond_bb = e->src; 1522 basic_block fallthru_bb = e->dest; 1523 basic_block then_bb = create_empty_bb (cond_bb); 1524 if (current_loops) 1525 { 1526 add_bb_to_loop (then_bb, cond_bb->loop_father); 1527 loops_state_set (LOOPS_NEED_FIXUP); 1528 } 1529 1530 /* Set up the newly created 'then block'. */ 1531 e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE); 1532 int fallthrough_probability 1533 = then_more_likely_p 1534 ? PROB_VERY_UNLIKELY 1535 : PROB_ALWAYS - PROB_VERY_UNLIKELY; 1536 e->probability = PROB_ALWAYS - fallthrough_probability; 1537 if (create_then_fallthru_edge) 1538 make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU); 1539 1540 /* Set up the fallthrough basic block. */ 1541 e = find_edge (cond_bb, fallthru_bb); 1542 e->flags = EDGE_FALSE_VALUE; 1543 e->count = cond_bb->count; 1544 e->probability = fallthrough_probability; 1545 1546 /* Update dominance info for the newly created then_bb; note that 1547 fallthru_bb's dominance info has already been updated by 1548 split_bock. */ 1549 if (dom_info_available_p (CDI_DOMINATORS)) 1550 set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb); 1551 1552 *then_block = then_bb; 1553 *fallthrough_block = fallthru_bb; 1554 *iter = gsi_start_bb (fallthru_bb); 1555 1556 return gsi_last_bb (cond_bb); 1557} 1558 1559/* Insert an if condition followed by a 'then block' right before the 1560 statement pointed to by ITER. The fallthrough block -- which is the 1561 else block of the condition as well as the destination of the 1562 outcoming edge of the 'then block' -- starts with the statement 1563 pointed to by ITER. 1564 1565 COND is the condition of the if. 1566 1567 If THEN_MORE_LIKELY_P is true, the probability of the edge to the 1568 'then block' is higher than the probability of the edge to the 1569 fallthrough block. 1570 1571 Upon completion of the function, *THEN_BB is set to the newly 1572 inserted 'then block' and similarly, *FALLTHROUGH_BB is set to the 1573 fallthrough block. 1574 1575 *ITER is adjusted to still point to the same statement it was 1576 pointing to initially. */ 1577 1578static void 1579insert_if_then_before_iter (gcond *cond, 1580 gimple_stmt_iterator *iter, 1581 bool then_more_likely_p, 1582 basic_block *then_bb, 1583 basic_block *fallthrough_bb) 1584{ 1585 gimple_stmt_iterator cond_insert_point = 1586 create_cond_insert_point (iter, 1587 /*before_p=*/true, 1588 then_more_likely_p, 1589 /*create_then_fallthru_edge=*/true, 1590 then_bb, 1591 fallthrough_bb); 1592 gsi_insert_after (&cond_insert_point, cond, GSI_NEW_STMT); 1593} 1594 1595/* Build 1596 (base_addr >> ASAN_SHADOW_SHIFT) + asan_shadow_offset (). */ 1597 1598static tree 1599build_shadow_mem_access (gimple_stmt_iterator *gsi, location_t location, 1600 tree base_addr, tree shadow_ptr_type) 1601{ 1602 tree t, uintptr_type = TREE_TYPE (base_addr); 1603 tree shadow_type = TREE_TYPE (shadow_ptr_type); 1604 gimple g; 1605 1606 t = build_int_cst (uintptr_type, ASAN_SHADOW_SHIFT); 1607 g = gimple_build_assign (make_ssa_name (uintptr_type), RSHIFT_EXPR, 1608 base_addr, t); 1609 gimple_set_location (g, location); 1610 gsi_insert_after (gsi, g, GSI_NEW_STMT); 1611 1612 t = build_int_cst (uintptr_type, asan_shadow_offset ()); 1613 g = gimple_build_assign (make_ssa_name (uintptr_type), PLUS_EXPR, 1614 gimple_assign_lhs (g), t); 1615 gimple_set_location (g, location); 1616 gsi_insert_after (gsi, g, GSI_NEW_STMT); 1617 1618 g = gimple_build_assign (make_ssa_name (shadow_ptr_type), NOP_EXPR, 1619 gimple_assign_lhs (g)); 1620 gimple_set_location (g, location); 1621 gsi_insert_after (gsi, g, GSI_NEW_STMT); 1622 1623 t = build2 (MEM_REF, shadow_type, gimple_assign_lhs (g), 1624 build_int_cst (shadow_ptr_type, 0)); 1625 g = gimple_build_assign (make_ssa_name (shadow_type), MEM_REF, t); 1626 gimple_set_location (g, location); 1627 gsi_insert_after (gsi, g, GSI_NEW_STMT); 1628 return gimple_assign_lhs (g); 1629} 1630 1631/* BASE can already be an SSA_NAME; in that case, do not create a 1632 new SSA_NAME for it. */ 1633 1634static tree 1635maybe_create_ssa_name (location_t loc, tree base, gimple_stmt_iterator *iter, 1636 bool before_p) 1637{ 1638 if (TREE_CODE (base) == SSA_NAME) 1639 return base; 1640 gimple g = gimple_build_assign (make_ssa_name (TREE_TYPE (base)), 1641 TREE_CODE (base), base); 1642 gimple_set_location (g, loc); 1643 if (before_p) 1644 gsi_insert_before (iter, g, GSI_SAME_STMT); 1645 else 1646 gsi_insert_after (iter, g, GSI_NEW_STMT); 1647 return gimple_assign_lhs (g); 1648} 1649 1650/* LEN can already have necessary size and precision; 1651 in that case, do not create a new variable. */ 1652 1653tree 1654maybe_cast_to_ptrmode (location_t loc, tree len, gimple_stmt_iterator *iter, 1655 bool before_p) 1656{ 1657 if (ptrofftype_p (len)) 1658 return len; 1659 gimple g = gimple_build_assign (make_ssa_name (pointer_sized_int_node), 1660 NOP_EXPR, len); 1661 gimple_set_location (g, loc); 1662 if (before_p) 1663 gsi_insert_before (iter, g, GSI_SAME_STMT); 1664 else 1665 gsi_insert_after (iter, g, GSI_NEW_STMT); 1666 return gimple_assign_lhs (g); 1667} 1668 1669/* Instrument the memory access instruction BASE. Insert new 1670 statements before or after ITER. 1671 1672 Note that the memory access represented by BASE can be either an 1673 SSA_NAME, or a non-SSA expression. LOCATION is the source code 1674 location. IS_STORE is TRUE for a store, FALSE for a load. 1675 BEFORE_P is TRUE for inserting the instrumentation code before 1676 ITER, FALSE for inserting it after ITER. IS_SCALAR_ACCESS is TRUE 1677 for a scalar memory access and FALSE for memory region access. 1678 NON_ZERO_P is TRUE if memory region is guaranteed to have non-zero 1679 length. ALIGN tells alignment of accessed memory object. 1680 1681 START_INSTRUMENTED and END_INSTRUMENTED are TRUE if start/end of 1682 memory region have already been instrumented. 1683 1684 If BEFORE_P is TRUE, *ITER is arranged to still point to the 1685 statement it was pointing to prior to calling this function, 1686 otherwise, it points to the statement logically following it. */ 1687 1688static void 1689build_check_stmt (location_t loc, tree base, tree len, 1690 HOST_WIDE_INT size_in_bytes, gimple_stmt_iterator *iter, 1691 bool is_non_zero_len, bool before_p, bool is_store, 1692 bool is_scalar_access, unsigned int align = 0) 1693{ 1694 gimple_stmt_iterator gsi = *iter; 1695 gimple g; 1696 1697 gcc_assert (!(size_in_bytes > 0 && !is_non_zero_len)); 1698 1699 gsi = *iter; 1700 1701 base = unshare_expr (base); 1702 base = maybe_create_ssa_name (loc, base, &gsi, before_p); 1703 1704 if (len) 1705 { 1706 len = unshare_expr (len); 1707 len = maybe_cast_to_ptrmode (loc, len, iter, before_p); 1708 } 1709 else 1710 { 1711 gcc_assert (size_in_bytes != -1); 1712 len = build_int_cst (pointer_sized_int_node, size_in_bytes); 1713 } 1714 1715 if (size_in_bytes > 1) 1716 { 1717 if ((size_in_bytes & (size_in_bytes - 1)) != 0 1718 || size_in_bytes > 16) 1719 is_scalar_access = false; 1720 else if (align && align < size_in_bytes * BITS_PER_UNIT) 1721 { 1722 /* On non-strict alignment targets, if 1723 16-byte access is just 8-byte aligned, 1724 this will result in misaligned shadow 1725 memory 2 byte load, but otherwise can 1726 be handled using one read. */ 1727 if (size_in_bytes != 16 1728 || STRICT_ALIGNMENT 1729 || align < 8 * BITS_PER_UNIT) 1730 is_scalar_access = false; 1731 } 1732 } 1733 1734 HOST_WIDE_INT flags = 0; 1735 if (is_store) 1736 flags |= ASAN_CHECK_STORE; 1737 if (is_non_zero_len) 1738 flags |= ASAN_CHECK_NON_ZERO_LEN; 1739 if (is_scalar_access) 1740 flags |= ASAN_CHECK_SCALAR_ACCESS; 1741 1742 g = gimple_build_call_internal (IFN_ASAN_CHECK, 4, 1743 build_int_cst (integer_type_node, flags), 1744 base, len, 1745 build_int_cst (integer_type_node, 1746 align / BITS_PER_UNIT)); 1747 gimple_set_location (g, loc); 1748 if (before_p) 1749 gsi_insert_before (&gsi, g, GSI_SAME_STMT); 1750 else 1751 { 1752 gsi_insert_after (&gsi, g, GSI_NEW_STMT); 1753 gsi_next (&gsi); 1754 *iter = gsi; 1755 } 1756} 1757 1758/* If T represents a memory access, add instrumentation code before ITER. 1759 LOCATION is source code location. 1760 IS_STORE is either TRUE (for a store) or FALSE (for a load). */ 1761 1762static void 1763instrument_derefs (gimple_stmt_iterator *iter, tree t, 1764 location_t location, bool is_store) 1765{ 1766 if (is_store && !ASAN_INSTRUMENT_WRITES) 1767 return; 1768 if (!is_store && !ASAN_INSTRUMENT_READS) 1769 return; 1770 1771 tree type, base; 1772 HOST_WIDE_INT size_in_bytes; 1773 1774 type = TREE_TYPE (t); 1775 switch (TREE_CODE (t)) 1776 { 1777 case ARRAY_REF: 1778 case COMPONENT_REF: 1779 case INDIRECT_REF: 1780 case MEM_REF: 1781 case VAR_DECL: 1782 case BIT_FIELD_REF: 1783 break; 1784 /* FALLTHRU */ 1785 default: 1786 return; 1787 } 1788 1789 size_in_bytes = int_size_in_bytes (type); 1790 if (size_in_bytes <= 0) 1791 return; 1792 1793 HOST_WIDE_INT bitsize, bitpos; 1794 tree offset; 1795 machine_mode mode; 1796 int volatilep = 0, unsignedp = 0; 1797 tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset, 1798 &mode, &unsignedp, &volatilep, false); 1799 1800 if (TREE_CODE (t) == COMPONENT_REF 1801 && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE) 1802 { 1803 tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)); 1804 instrument_derefs (iter, build3 (COMPONENT_REF, TREE_TYPE (repr), 1805 TREE_OPERAND (t, 0), repr, 1806 NULL_TREE), location, is_store); 1807 return; 1808 } 1809 1810 if (bitpos % BITS_PER_UNIT 1811 || bitsize != size_in_bytes * BITS_PER_UNIT) 1812 return; 1813 1814 if (TREE_CODE (inner) == VAR_DECL 1815 && offset == NULL_TREE 1816 && bitpos >= 0 1817 && DECL_SIZE (inner) 1818 && tree_fits_shwi_p (DECL_SIZE (inner)) 1819 && bitpos + bitsize <= tree_to_shwi (DECL_SIZE (inner))) 1820 { 1821 if (DECL_THREAD_LOCAL_P (inner)) 1822 return; 1823 if (!ASAN_GLOBALS && is_global_var (inner)) 1824 return; 1825 if (!TREE_STATIC (inner)) 1826 { 1827 /* Automatic vars in the current function will be always 1828 accessible. */ 1829 if (decl_function_context (inner) == current_function_decl) 1830 return; 1831 } 1832 /* Always instrument external vars, they might be dynamically 1833 initialized. */ 1834 else if (!DECL_EXTERNAL (inner)) 1835 { 1836 /* For static vars if they are known not to be dynamically 1837 initialized, they will be always accessible. */ 1838 varpool_node *vnode = varpool_node::get (inner); 1839 if (vnode && !vnode->dynamically_initialized) 1840 return; 1841 } 1842 } 1843 1844 base = build_fold_addr_expr (t); 1845 if (!has_mem_ref_been_instrumented (base, size_in_bytes)) 1846 { 1847 unsigned int align = get_object_alignment (t); 1848 build_check_stmt (location, base, NULL_TREE, size_in_bytes, iter, 1849 /*is_non_zero_len*/size_in_bytes > 0, /*before_p=*/true, 1850 is_store, /*is_scalar_access*/true, align); 1851 update_mem_ref_hash_table (base, size_in_bytes); 1852 update_mem_ref_hash_table (t, size_in_bytes); 1853 } 1854 1855} 1856 1857/* Insert a memory reference into the hash table if access length 1858 can be determined in compile time. */ 1859 1860static void 1861maybe_update_mem_ref_hash_table (tree base, tree len) 1862{ 1863 if (!POINTER_TYPE_P (TREE_TYPE (base)) 1864 || !INTEGRAL_TYPE_P (TREE_TYPE (len))) 1865 return; 1866 1867 HOST_WIDE_INT size_in_bytes = tree_fits_shwi_p (len) ? tree_to_shwi (len) : -1; 1868 1869 if (size_in_bytes != -1) 1870 update_mem_ref_hash_table (base, size_in_bytes); 1871} 1872 1873/* Instrument an access to a contiguous memory region that starts at 1874 the address pointed to by BASE, over a length of LEN (expressed in 1875 the sizeof (*BASE) bytes). ITER points to the instruction before 1876 which the instrumentation instructions must be inserted. LOCATION 1877 is the source location that the instrumentation instructions must 1878 have. If IS_STORE is true, then the memory access is a store; 1879 otherwise, it's a load. */ 1880 1881static void 1882instrument_mem_region_access (tree base, tree len, 1883 gimple_stmt_iterator *iter, 1884 location_t location, bool is_store) 1885{ 1886 if (!POINTER_TYPE_P (TREE_TYPE (base)) 1887 || !INTEGRAL_TYPE_P (TREE_TYPE (len)) 1888 || integer_zerop (len)) 1889 return; 1890 1891 HOST_WIDE_INT size_in_bytes = tree_fits_shwi_p (len) ? tree_to_shwi (len) : -1; 1892 1893 if ((size_in_bytes == -1) 1894 || !has_mem_ref_been_instrumented (base, size_in_bytes)) 1895 { 1896 build_check_stmt (location, base, len, size_in_bytes, iter, 1897 /*is_non_zero_len*/size_in_bytes > 0, /*before_p*/true, 1898 is_store, /*is_scalar_access*/false, /*align*/0); 1899 } 1900 1901 maybe_update_mem_ref_hash_table (base, len); 1902 *iter = gsi_for_stmt (gsi_stmt (*iter)); 1903} 1904 1905/* Instrument the call to a built-in memory access function that is 1906 pointed to by the iterator ITER. 1907 1908 Upon completion, return TRUE iff *ITER has been advanced to the 1909 statement following the one it was originally pointing to. */ 1910 1911static bool 1912instrument_builtin_call (gimple_stmt_iterator *iter) 1913{ 1914 if (!ASAN_MEMINTRIN) 1915 return false; 1916 1917 bool iter_advanced_p = false; 1918 gcall *call = as_a <gcall *> (gsi_stmt (*iter)); 1919 1920 gcc_checking_assert (gimple_call_builtin_p (call, BUILT_IN_NORMAL)); 1921 1922 location_t loc = gimple_location (call); 1923 1924 asan_mem_ref src0, src1, dest; 1925 asan_mem_ref_init (&src0, NULL, 1); 1926 asan_mem_ref_init (&src1, NULL, 1); 1927 asan_mem_ref_init (&dest, NULL, 1); 1928 1929 tree src0_len = NULL_TREE, src1_len = NULL_TREE, dest_len = NULL_TREE; 1930 bool src0_is_store = false, src1_is_store = false, dest_is_store = false, 1931 dest_is_deref = false, intercepted_p = true; 1932 1933 if (get_mem_refs_of_builtin_call (call, 1934 &src0, &src0_len, &src0_is_store, 1935 &src1, &src1_len, &src1_is_store, 1936 &dest, &dest_len, &dest_is_store, 1937 &dest_is_deref, &intercepted_p)) 1938 { 1939 if (dest_is_deref) 1940 { 1941 instrument_derefs (iter, dest.start, loc, dest_is_store); 1942 gsi_next (iter); 1943 iter_advanced_p = true; 1944 } 1945 else if (!intercepted_p 1946 && (src0_len || src1_len || dest_len)) 1947 { 1948 if (src0.start != NULL_TREE) 1949 instrument_mem_region_access (src0.start, src0_len, 1950 iter, loc, /*is_store=*/false); 1951 if (src1.start != NULL_TREE) 1952 instrument_mem_region_access (src1.start, src1_len, 1953 iter, loc, /*is_store=*/false); 1954 if (dest.start != NULL_TREE) 1955 instrument_mem_region_access (dest.start, dest_len, 1956 iter, loc, /*is_store=*/true); 1957 1958 *iter = gsi_for_stmt (call); 1959 gsi_next (iter); 1960 iter_advanced_p = true; 1961 } 1962 else 1963 { 1964 if (src0.start != NULL_TREE) 1965 maybe_update_mem_ref_hash_table (src0.start, src0_len); 1966 if (src1.start != NULL_TREE) 1967 maybe_update_mem_ref_hash_table (src1.start, src1_len); 1968 if (dest.start != NULL_TREE) 1969 maybe_update_mem_ref_hash_table (dest.start, dest_len); 1970 } 1971 } 1972 return iter_advanced_p; 1973} 1974 1975/* Instrument the assignment statement ITER if it is subject to 1976 instrumentation. Return TRUE iff instrumentation actually 1977 happened. In that case, the iterator ITER is advanced to the next 1978 logical expression following the one initially pointed to by ITER, 1979 and the relevant memory reference that which access has been 1980 instrumented is added to the memory references hash table. */ 1981 1982static bool 1983maybe_instrument_assignment (gimple_stmt_iterator *iter) 1984{ 1985 gimple s = gsi_stmt (*iter); 1986 1987 gcc_assert (gimple_assign_single_p (s)); 1988 1989 tree ref_expr = NULL_TREE; 1990 bool is_store, is_instrumented = false; 1991 1992 if (gimple_store_p (s)) 1993 { 1994 ref_expr = gimple_assign_lhs (s); 1995 is_store = true; 1996 instrument_derefs (iter, ref_expr, 1997 gimple_location (s), 1998 is_store); 1999 is_instrumented = true; 2000 } 2001 2002 if (gimple_assign_load_p (s)) 2003 { 2004 ref_expr = gimple_assign_rhs1 (s); 2005 is_store = false; 2006 instrument_derefs (iter, ref_expr, 2007 gimple_location (s), 2008 is_store); 2009 is_instrumented = true; 2010 } 2011 2012 if (is_instrumented) 2013 gsi_next (iter); 2014 2015 return is_instrumented; 2016} 2017 2018/* Instrument the function call pointed to by the iterator ITER, if it 2019 is subject to instrumentation. At the moment, the only function 2020 calls that are instrumented are some built-in functions that access 2021 memory. Look at instrument_builtin_call to learn more. 2022 2023 Upon completion return TRUE iff *ITER was advanced to the statement 2024 following the one it was originally pointing to. */ 2025 2026static bool 2027maybe_instrument_call (gimple_stmt_iterator *iter) 2028{ 2029 gimple stmt = gsi_stmt (*iter); 2030 bool is_builtin = gimple_call_builtin_p (stmt, BUILT_IN_NORMAL); 2031 2032 if (is_builtin && instrument_builtin_call (iter)) 2033 return true; 2034 2035 if (gimple_call_noreturn_p (stmt)) 2036 { 2037 if (is_builtin) 2038 { 2039 tree callee = gimple_call_fndecl (stmt); 2040 switch (DECL_FUNCTION_CODE (callee)) 2041 { 2042 case BUILT_IN_UNREACHABLE: 2043 case BUILT_IN_TRAP: 2044 /* Don't instrument these. */ 2045 return false; 2046 default: 2047 break; 2048 } 2049 } 2050 tree decl = builtin_decl_implicit (BUILT_IN_ASAN_HANDLE_NO_RETURN); 2051 gimple g = gimple_build_call (decl, 0); 2052 gimple_set_location (g, gimple_location (stmt)); 2053 gsi_insert_before (iter, g, GSI_SAME_STMT); 2054 } 2055 return false; 2056} 2057 2058/* Walk each instruction of all basic block and instrument those that 2059 represent memory references: loads, stores, or function calls. 2060 In a given basic block, this function avoids instrumenting memory 2061 references that have already been instrumented. */ 2062 2063static void 2064transform_statements (void) 2065{ 2066 basic_block bb, last_bb = NULL; 2067 gimple_stmt_iterator i; 2068 int saved_last_basic_block = last_basic_block_for_fn (cfun); 2069 2070 FOR_EACH_BB_FN (bb, cfun) 2071 { 2072 basic_block prev_bb = bb; 2073 2074 if (bb->index >= saved_last_basic_block) continue; 2075 2076 /* Flush the mem ref hash table, if current bb doesn't have 2077 exactly one predecessor, or if that predecessor (skipping 2078 over asan created basic blocks) isn't the last processed 2079 basic block. Thus we effectively flush on extended basic 2080 block boundaries. */ 2081 while (single_pred_p (prev_bb)) 2082 { 2083 prev_bb = single_pred (prev_bb); 2084 if (prev_bb->index < saved_last_basic_block) 2085 break; 2086 } 2087 if (prev_bb != last_bb) 2088 empty_mem_ref_hash_table (); 2089 last_bb = bb; 2090 2091 for (i = gsi_start_bb (bb); !gsi_end_p (i);) 2092 { 2093 gimple s = gsi_stmt (i); 2094 2095 if (has_stmt_been_instrumented_p (s)) 2096 gsi_next (&i); 2097 else if (gimple_assign_single_p (s) 2098 && !gimple_clobber_p (s) 2099 && maybe_instrument_assignment (&i)) 2100 /* Nothing to do as maybe_instrument_assignment advanced 2101 the iterator I. */; 2102 else if (is_gimple_call (s) && maybe_instrument_call (&i)) 2103 /* Nothing to do as maybe_instrument_call 2104 advanced the iterator I. */; 2105 else 2106 { 2107 /* No instrumentation happened. 2108 2109 If the current instruction is a function call that 2110 might free something, let's forget about the memory 2111 references that got instrumented. Otherwise we might 2112 miss some instrumentation opportunities. */ 2113 if (is_gimple_call (s) && !nonfreeing_call_p (s)) 2114 empty_mem_ref_hash_table (); 2115 2116 gsi_next (&i); 2117 } 2118 } 2119 } 2120 free_mem_ref_resources (); 2121} 2122 2123/* Build 2124 __asan_before_dynamic_init (module_name) 2125 or 2126 __asan_after_dynamic_init () 2127 call. */ 2128 2129tree 2130asan_dynamic_init_call (bool after_p) 2131{ 2132 tree fn = builtin_decl_implicit (after_p 2133 ? BUILT_IN_ASAN_AFTER_DYNAMIC_INIT 2134 : BUILT_IN_ASAN_BEFORE_DYNAMIC_INIT); 2135 tree module_name_cst = NULL_TREE; 2136 if (!after_p) 2137 { 2138 pretty_printer module_name_pp; 2139 pp_string (&module_name_pp, main_input_filename); 2140 2141 if (shadow_ptr_types[0] == NULL_TREE) 2142 asan_init_shadow_ptr_types (); 2143 module_name_cst = asan_pp_string (&module_name_pp); 2144 module_name_cst = fold_convert (const_ptr_type_node, 2145 module_name_cst); 2146 } 2147 2148 return build_call_expr (fn, after_p ? 0 : 1, module_name_cst); 2149} 2150 2151/* Build 2152 struct __asan_global 2153 { 2154 const void *__beg; 2155 uptr __size; 2156 uptr __size_with_redzone; 2157 const void *__name; 2158 const void *__module_name; 2159 uptr __has_dynamic_init; 2160 __asan_global_source_location *__location; 2161 } type. */ 2162 2163static tree 2164asan_global_struct (void) 2165{ 2166 static const char *field_names[7] 2167 = { "__beg", "__size", "__size_with_redzone", 2168 "__name", "__module_name", "__has_dynamic_init", "__location"}; 2169 tree fields[7], ret; 2170 int i; 2171 2172 ret = make_node (RECORD_TYPE); 2173 for (i = 0; i < 7; i++) 2174 { 2175 fields[i] 2176 = build_decl (UNKNOWN_LOCATION, FIELD_DECL, 2177 get_identifier (field_names[i]), 2178 (i == 0 || i == 3) ? const_ptr_type_node 2179 : pointer_sized_int_node); 2180 DECL_CONTEXT (fields[i]) = ret; 2181 if (i) 2182 DECL_CHAIN (fields[i - 1]) = fields[i]; 2183 } 2184 tree type_decl = build_decl (input_location, TYPE_DECL, 2185 get_identifier ("__asan_global"), ret); 2186 DECL_IGNORED_P (type_decl) = 1; 2187 DECL_ARTIFICIAL (type_decl) = 1; 2188 TYPE_FIELDS (ret) = fields[0]; 2189 TYPE_NAME (ret) = type_decl; 2190 TYPE_STUB_DECL (ret) = type_decl; 2191 layout_type (ret); 2192 return ret; 2193} 2194 2195/* Append description of a single global DECL into vector V. 2196 TYPE is __asan_global struct type as returned by asan_global_struct. */ 2197 2198static void 2199asan_add_global (tree decl, tree type, vec<constructor_elt, va_gc> *v) 2200{ 2201 tree init, uptr = TREE_TYPE (DECL_CHAIN (TYPE_FIELDS (type))); 2202 unsigned HOST_WIDE_INT size; 2203 tree str_cst, module_name_cst, refdecl = decl; 2204 vec<constructor_elt, va_gc> *vinner = NULL; 2205 2206 pretty_printer asan_pp, module_name_pp; 2207 2208 if (DECL_NAME (decl)) 2209 pp_tree_identifier (&asan_pp, DECL_NAME (decl)); 2210 else 2211 pp_string (&asan_pp, "<unknown>"); 2212 str_cst = asan_pp_string (&asan_pp); 2213 2214 pp_string (&module_name_pp, main_input_filename); 2215 module_name_cst = asan_pp_string (&module_name_pp); 2216 2217 if (asan_needs_local_alias (decl)) 2218 { 2219 char buf[20]; 2220 ASM_GENERATE_INTERNAL_LABEL (buf, "LASAN", vec_safe_length (v) + 1); 2221 refdecl = build_decl (DECL_SOURCE_LOCATION (decl), 2222 VAR_DECL, get_identifier (buf), TREE_TYPE (decl)); 2223 TREE_ADDRESSABLE (refdecl) = TREE_ADDRESSABLE (decl); 2224 TREE_READONLY (refdecl) = TREE_READONLY (decl); 2225 TREE_THIS_VOLATILE (refdecl) = TREE_THIS_VOLATILE (decl); 2226 DECL_GIMPLE_REG_P (refdecl) = DECL_GIMPLE_REG_P (decl); 2227 DECL_ARTIFICIAL (refdecl) = DECL_ARTIFICIAL (decl); 2228 DECL_IGNORED_P (refdecl) = DECL_IGNORED_P (decl); 2229 TREE_STATIC (refdecl) = 1; 2230 TREE_PUBLIC (refdecl) = 0; 2231 TREE_USED (refdecl) = 1; 2232 assemble_alias (refdecl, DECL_ASSEMBLER_NAME (decl)); 2233 } 2234 2235 CONSTRUCTOR_APPEND_ELT (vinner, NULL_TREE, 2236 fold_convert (const_ptr_type_node, 2237 build_fold_addr_expr (refdecl))); 2238 size = tree_to_uhwi (DECL_SIZE_UNIT (decl)); 2239 CONSTRUCTOR_APPEND_ELT (vinner, NULL_TREE, build_int_cst (uptr, size)); 2240 size += asan_red_zone_size (size); 2241 CONSTRUCTOR_APPEND_ELT (vinner, NULL_TREE, build_int_cst (uptr, size)); 2242 CONSTRUCTOR_APPEND_ELT (vinner, NULL_TREE, 2243 fold_convert (const_ptr_type_node, str_cst)); 2244 CONSTRUCTOR_APPEND_ELT (vinner, NULL_TREE, 2245 fold_convert (const_ptr_type_node, module_name_cst)); 2246 varpool_node *vnode = varpool_node::get (decl); 2247 int has_dynamic_init = vnode ? vnode->dynamically_initialized : 0; 2248 CONSTRUCTOR_APPEND_ELT (vinner, NULL_TREE, 2249 build_int_cst (uptr, has_dynamic_init)); 2250 tree locptr = NULL_TREE; 2251 location_t loc = DECL_SOURCE_LOCATION (decl); 2252 expanded_location xloc = expand_location (loc); 2253 if (xloc.file != NULL) 2254 { 2255 static int lasanloccnt = 0; 2256 char buf[25]; 2257 ASM_GENERATE_INTERNAL_LABEL (buf, "LASANLOC", ++lasanloccnt); 2258 tree var = build_decl (UNKNOWN_LOCATION, VAR_DECL, get_identifier (buf), 2259 ubsan_get_source_location_type ()); 2260 TREE_STATIC (var) = 1; 2261 TREE_PUBLIC (var) = 0; 2262 DECL_ARTIFICIAL (var) = 1; 2263 DECL_IGNORED_P (var) = 1; 2264 pretty_printer filename_pp; 2265 pp_string (&filename_pp, xloc.file); 2266 tree str = asan_pp_string (&filename_pp); 2267 tree ctor = build_constructor_va (TREE_TYPE (var), 3, 2268 NULL_TREE, str, NULL_TREE, 2269 build_int_cst (unsigned_type_node, 2270 xloc.line), NULL_TREE, 2271 build_int_cst (unsigned_type_node, 2272 xloc.column)); 2273 TREE_CONSTANT (ctor) = 1; 2274 TREE_STATIC (ctor) = 1; 2275 DECL_INITIAL (var) = ctor; 2276 varpool_node::finalize_decl (var); 2277 locptr = fold_convert (uptr, build_fold_addr_expr (var)); 2278 } 2279 else 2280 locptr = build_int_cst (uptr, 0); 2281 CONSTRUCTOR_APPEND_ELT (vinner, NULL_TREE, locptr); 2282 init = build_constructor (type, vinner); 2283 CONSTRUCTOR_APPEND_ELT (v, NULL_TREE, init); 2284} 2285 2286/* Initialize sanitizer.def builtins if the FE hasn't initialized them. */ 2287void 2288initialize_sanitizer_builtins (void) 2289{ 2290 tree decl; 2291 2292 if (builtin_decl_implicit_p (BUILT_IN_ASAN_INIT)) 2293 return; 2294 2295 tree BT_FN_VOID = build_function_type_list (void_type_node, NULL_TREE); 2296 tree BT_FN_VOID_PTR 2297 = build_function_type_list (void_type_node, ptr_type_node, NULL_TREE); 2298 tree BT_FN_VOID_CONST_PTR 2299 = build_function_type_list (void_type_node, const_ptr_type_node, NULL_TREE); 2300 tree BT_FN_VOID_PTR_PTR 2301 = build_function_type_list (void_type_node, ptr_type_node, 2302 ptr_type_node, NULL_TREE); 2303 tree BT_FN_VOID_PTR_PTR_PTR 2304 = build_function_type_list (void_type_node, ptr_type_node, 2305 ptr_type_node, ptr_type_node, NULL_TREE); 2306 tree BT_FN_VOID_PTR_PTRMODE 2307 = build_function_type_list (void_type_node, ptr_type_node, 2308 pointer_sized_int_node, NULL_TREE); 2309 tree BT_FN_VOID_INT 2310 = build_function_type_list (void_type_node, integer_type_node, NULL_TREE); 2311 tree BT_FN_SIZE_CONST_PTR_INT 2312 = build_function_type_list (size_type_node, const_ptr_type_node, 2313 integer_type_node, NULL_TREE); 2314 tree BT_FN_BOOL_VPTR_PTR_IX_INT_INT[5]; 2315 tree BT_FN_IX_CONST_VPTR_INT[5]; 2316 tree BT_FN_IX_VPTR_IX_INT[5]; 2317 tree BT_FN_VOID_VPTR_IX_INT[5]; 2318 tree vptr 2319 = build_pointer_type (build_qualified_type (void_type_node, 2320 TYPE_QUAL_VOLATILE)); 2321 tree cvptr 2322 = build_pointer_type (build_qualified_type (void_type_node, 2323 TYPE_QUAL_VOLATILE 2324 |TYPE_QUAL_CONST)); 2325 tree boolt 2326 = lang_hooks.types.type_for_size (BOOL_TYPE_SIZE, 1); 2327 int i; 2328 for (i = 0; i < 5; i++) 2329 { 2330 tree ix = build_nonstandard_integer_type (BITS_PER_UNIT * (1 << i), 1); 2331 BT_FN_BOOL_VPTR_PTR_IX_INT_INT[i] 2332 = build_function_type_list (boolt, vptr, ptr_type_node, ix, 2333 integer_type_node, integer_type_node, 2334 NULL_TREE); 2335 BT_FN_IX_CONST_VPTR_INT[i] 2336 = build_function_type_list (ix, cvptr, integer_type_node, NULL_TREE); 2337 BT_FN_IX_VPTR_IX_INT[i] 2338 = build_function_type_list (ix, vptr, ix, integer_type_node, 2339 NULL_TREE); 2340 BT_FN_VOID_VPTR_IX_INT[i] 2341 = build_function_type_list (void_type_node, vptr, ix, 2342 integer_type_node, NULL_TREE); 2343 } 2344#define BT_FN_BOOL_VPTR_PTR_I1_INT_INT BT_FN_BOOL_VPTR_PTR_IX_INT_INT[0] 2345#define BT_FN_I1_CONST_VPTR_INT BT_FN_IX_CONST_VPTR_INT[0] 2346#define BT_FN_I1_VPTR_I1_INT BT_FN_IX_VPTR_IX_INT[0] 2347#define BT_FN_VOID_VPTR_I1_INT BT_FN_VOID_VPTR_IX_INT[0] 2348#define BT_FN_BOOL_VPTR_PTR_I2_INT_INT BT_FN_BOOL_VPTR_PTR_IX_INT_INT[1] 2349#define BT_FN_I2_CONST_VPTR_INT BT_FN_IX_CONST_VPTR_INT[1] 2350#define BT_FN_I2_VPTR_I2_INT BT_FN_IX_VPTR_IX_INT[1] 2351#define BT_FN_VOID_VPTR_I2_INT BT_FN_VOID_VPTR_IX_INT[1] 2352#define BT_FN_BOOL_VPTR_PTR_I4_INT_INT BT_FN_BOOL_VPTR_PTR_IX_INT_INT[2] 2353#define BT_FN_I4_CONST_VPTR_INT BT_FN_IX_CONST_VPTR_INT[2] 2354#define BT_FN_I4_VPTR_I4_INT BT_FN_IX_VPTR_IX_INT[2] 2355#define BT_FN_VOID_VPTR_I4_INT BT_FN_VOID_VPTR_IX_INT[2] 2356#define BT_FN_BOOL_VPTR_PTR_I8_INT_INT BT_FN_BOOL_VPTR_PTR_IX_INT_INT[3] 2357#define BT_FN_I8_CONST_VPTR_INT BT_FN_IX_CONST_VPTR_INT[3] 2358#define BT_FN_I8_VPTR_I8_INT BT_FN_IX_VPTR_IX_INT[3] 2359#define BT_FN_VOID_VPTR_I8_INT BT_FN_VOID_VPTR_IX_INT[3] 2360#define BT_FN_BOOL_VPTR_PTR_I16_INT_INT BT_FN_BOOL_VPTR_PTR_IX_INT_INT[4] 2361#define BT_FN_I16_CONST_VPTR_INT BT_FN_IX_CONST_VPTR_INT[4] 2362#define BT_FN_I16_VPTR_I16_INT BT_FN_IX_VPTR_IX_INT[4] 2363#define BT_FN_VOID_VPTR_I16_INT BT_FN_VOID_VPTR_IX_INT[4] 2364#undef ATTR_NOTHROW_LEAF_LIST 2365#define ATTR_NOTHROW_LEAF_LIST ECF_NOTHROW | ECF_LEAF 2366#undef ATTR_TMPURE_NOTHROW_LEAF_LIST 2367#define ATTR_TMPURE_NOTHROW_LEAF_LIST ECF_TM_PURE | ATTR_NOTHROW_LEAF_LIST 2368#undef ATTR_NORETURN_NOTHROW_LEAF_LIST 2369#define ATTR_NORETURN_NOTHROW_LEAF_LIST ECF_NORETURN | ATTR_NOTHROW_LEAF_LIST 2370#undef ATTR_CONST_NORETURN_NOTHROW_LEAF_LIST 2371#define ATTR_CONST_NORETURN_NOTHROW_LEAF_LIST \ 2372 ECF_CONST | ATTR_NORETURN_NOTHROW_LEAF_LIST 2373#undef ATTR_TMPURE_NORETURN_NOTHROW_LEAF_LIST 2374#define ATTR_TMPURE_NORETURN_NOTHROW_LEAF_LIST \ 2375 ECF_TM_PURE | ATTR_NORETURN_NOTHROW_LEAF_LIST 2376#undef ATTR_COLD_NOTHROW_LEAF_LIST 2377#define ATTR_COLD_NOTHROW_LEAF_LIST \ 2378 /* ECF_COLD missing */ ATTR_NOTHROW_LEAF_LIST 2379#undef ATTR_COLD_NORETURN_NOTHROW_LEAF_LIST 2380#define ATTR_COLD_NORETURN_NOTHROW_LEAF_LIST \ 2381 /* ECF_COLD missing */ ATTR_NORETURN_NOTHROW_LEAF_LIST 2382#undef ATTR_COLD_CONST_NORETURN_NOTHROW_LEAF_LIST 2383#define ATTR_COLD_CONST_NORETURN_NOTHROW_LEAF_LIST \ 2384 /* ECF_COLD missing */ ATTR_CONST_NORETURN_NOTHROW_LEAF_LIST 2385#undef ATTR_PURE_NOTHROW_LEAF_LIST 2386#define ATTR_PURE_NOTHROW_LEAF_LIST ECF_PURE | ATTR_NOTHROW_LEAF_LIST 2387#undef DEF_SANITIZER_BUILTIN 2388#define DEF_SANITIZER_BUILTIN(ENUM, NAME, TYPE, ATTRS) \ 2389 decl = add_builtin_function ("__builtin_" NAME, TYPE, ENUM, \ 2390 BUILT_IN_NORMAL, NAME, NULL_TREE); \ 2391 set_call_expr_flags (decl, ATTRS); \ 2392 set_builtin_decl (ENUM, decl, true); 2393 2394#include "sanitizer.def" 2395 2396 /* -fsanitize=object-size uses __builtin_object_size, but that might 2397 not be available for e.g. Fortran at this point. We use 2398 DEF_SANITIZER_BUILTIN here only as a convenience macro. */ 2399 if ((flag_sanitize & SANITIZE_OBJECT_SIZE) 2400 && !builtin_decl_implicit_p (BUILT_IN_OBJECT_SIZE)) 2401 DEF_SANITIZER_BUILTIN (BUILT_IN_OBJECT_SIZE, "object_size", 2402 BT_FN_SIZE_CONST_PTR_INT, 2403 ATTR_PURE_NOTHROW_LEAF_LIST) 2404 2405#undef DEF_SANITIZER_BUILTIN 2406} 2407 2408/* Called via htab_traverse. Count number of emitted 2409 STRING_CSTs in the constant hash table. */ 2410 2411int 2412count_string_csts (constant_descriptor_tree **slot, 2413 unsigned HOST_WIDE_INT *data) 2414{ 2415 struct constant_descriptor_tree *desc = *slot; 2416 if (TREE_CODE (desc->value) == STRING_CST 2417 && TREE_ASM_WRITTEN (desc->value) 2418 && asan_protect_global (desc->value)) 2419 ++*data; 2420 return 1; 2421} 2422 2423/* Helper structure to pass two parameters to 2424 add_string_csts. */ 2425 2426struct asan_add_string_csts_data 2427{ 2428 tree type; 2429 vec<constructor_elt, va_gc> *v; 2430}; 2431 2432/* Called via hash_table::traverse. Call asan_add_global 2433 on emitted STRING_CSTs from the constant hash table. */ 2434 2435int 2436add_string_csts (constant_descriptor_tree **slot, 2437 asan_add_string_csts_data *aascd) 2438{ 2439 struct constant_descriptor_tree *desc = *slot; 2440 if (TREE_CODE (desc->value) == STRING_CST 2441 && TREE_ASM_WRITTEN (desc->value) 2442 && asan_protect_global (desc->value)) 2443 { 2444 asan_add_global (SYMBOL_REF_DECL (XEXP (desc->rtl, 0)), 2445 aascd->type, aascd->v); 2446 } 2447 return 1; 2448} 2449 2450/* Needs to be GTY(()), because cgraph_build_static_cdtor may 2451 invoke ggc_collect. */ 2452static GTY(()) tree asan_ctor_statements; 2453 2454/* Module-level instrumentation. 2455 - Insert __asan_init_vN() into the list of CTORs. 2456 - TODO: insert redzones around globals. 2457 */ 2458 2459void 2460asan_finish_file (void) 2461{ 2462 varpool_node *vnode; 2463 unsigned HOST_WIDE_INT gcount = 0; 2464 2465 if (shadow_ptr_types[0] == NULL_TREE) 2466 asan_init_shadow_ptr_types (); 2467 /* Avoid instrumenting code in the asan ctors/dtors. 2468 We don't need to insert padding after the description strings, 2469 nor after .LASAN* array. */ 2470 flag_sanitize &= ~SANITIZE_ADDRESS; 2471 2472 /* For user-space we want asan constructors to run first. 2473 Linux kernel does not support priorities other than default, and the only 2474 other user of constructors is coverage. So we run with the default 2475 priority. */ 2476 int priority = flag_sanitize & SANITIZE_USER_ADDRESS 2477 ? MAX_RESERVED_INIT_PRIORITY - 1 : DEFAULT_INIT_PRIORITY; 2478 2479 if (flag_sanitize & SANITIZE_USER_ADDRESS) 2480 { 2481 tree fn = builtin_decl_implicit (BUILT_IN_ASAN_INIT); 2482 append_to_statement_list (build_call_expr (fn, 0), &asan_ctor_statements); 2483 } 2484 FOR_EACH_DEFINED_VARIABLE (vnode) 2485 if (TREE_ASM_WRITTEN (vnode->decl) 2486 && asan_protect_global (vnode->decl)) 2487 ++gcount; 2488 hash_table<tree_descriptor_hasher> *const_desc_htab = constant_pool_htab (); 2489 const_desc_htab->traverse<unsigned HOST_WIDE_INT *, count_string_csts> 2490 (&gcount); 2491 if (gcount) 2492 { 2493 tree type = asan_global_struct (), var, ctor; 2494 tree dtor_statements = NULL_TREE; 2495 vec<constructor_elt, va_gc> *v; 2496 char buf[20]; 2497 2498 type = build_array_type_nelts (type, gcount); 2499 ASM_GENERATE_INTERNAL_LABEL (buf, "LASAN", 0); 2500 var = build_decl (UNKNOWN_LOCATION, VAR_DECL, get_identifier (buf), 2501 type); 2502 TREE_STATIC (var) = 1; 2503 TREE_PUBLIC (var) = 0; 2504 DECL_ARTIFICIAL (var) = 1; 2505 DECL_IGNORED_P (var) = 1; 2506 vec_alloc (v, gcount); 2507 FOR_EACH_DEFINED_VARIABLE (vnode) 2508 if (TREE_ASM_WRITTEN (vnode->decl) 2509 && asan_protect_global (vnode->decl)) 2510 asan_add_global (vnode->decl, TREE_TYPE (type), v); 2511 struct asan_add_string_csts_data aascd; 2512 aascd.type = TREE_TYPE (type); 2513 aascd.v = v; 2514 const_desc_htab->traverse<asan_add_string_csts_data *, add_string_csts> 2515 (&aascd); 2516 ctor = build_constructor (type, v); 2517 TREE_CONSTANT (ctor) = 1; 2518 TREE_STATIC (ctor) = 1; 2519 DECL_INITIAL (var) = ctor; 2520 varpool_node::finalize_decl (var); 2521 2522 tree fn = builtin_decl_implicit (BUILT_IN_ASAN_REGISTER_GLOBALS); 2523 tree gcount_tree = build_int_cst (pointer_sized_int_node, gcount); 2524 append_to_statement_list (build_call_expr (fn, 2, 2525 build_fold_addr_expr (var), 2526 gcount_tree), 2527 &asan_ctor_statements); 2528 2529 fn = builtin_decl_implicit (BUILT_IN_ASAN_UNREGISTER_GLOBALS); 2530 append_to_statement_list (build_call_expr (fn, 2, 2531 build_fold_addr_expr (var), 2532 gcount_tree), 2533 &dtor_statements); 2534 cgraph_build_static_cdtor ('D', dtor_statements, priority); 2535 } 2536 if (asan_ctor_statements) 2537 cgraph_build_static_cdtor ('I', asan_ctor_statements, priority); 2538 flag_sanitize |= SANITIZE_ADDRESS; 2539} 2540 2541/* Expand the ASAN_{LOAD,STORE} builtins. */ 2542 2543bool 2544asan_expand_check_ifn (gimple_stmt_iterator *iter, bool use_calls) 2545{ 2546 gimple g = gsi_stmt (*iter); 2547 location_t loc = gimple_location (g); 2548 2549 bool recover_p 2550 = (flag_sanitize & flag_sanitize_recover & SANITIZE_KERNEL_ADDRESS) != 0; 2551 2552 HOST_WIDE_INT flags = tree_to_shwi (gimple_call_arg (g, 0)); 2553 gcc_assert (flags < ASAN_CHECK_LAST); 2554 bool is_scalar_access = (flags & ASAN_CHECK_SCALAR_ACCESS) != 0; 2555 bool is_store = (flags & ASAN_CHECK_STORE) != 0; 2556 bool is_non_zero_len = (flags & ASAN_CHECK_NON_ZERO_LEN) != 0; 2557 2558 tree base = gimple_call_arg (g, 1); 2559 tree len = gimple_call_arg (g, 2); 2560 HOST_WIDE_INT align = tree_to_shwi (gimple_call_arg (g, 3)); 2561 2562 HOST_WIDE_INT size_in_bytes 2563 = is_scalar_access && tree_fits_shwi_p (len) ? tree_to_shwi (len) : -1; 2564 2565 if (use_calls) 2566 { 2567 /* Instrument using callbacks. */ 2568 gimple g = gimple_build_assign (make_ssa_name (pointer_sized_int_node), 2569 NOP_EXPR, base); 2570 gimple_set_location (g, loc); 2571 gsi_insert_before (iter, g, GSI_SAME_STMT); 2572 tree base_addr = gimple_assign_lhs (g); 2573 2574 int nargs; 2575 tree fun = check_func (is_store, recover_p, size_in_bytes, &nargs); 2576 if (nargs == 1) 2577 g = gimple_build_call (fun, 1, base_addr); 2578 else 2579 { 2580 gcc_assert (nargs == 2); 2581 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node), 2582 NOP_EXPR, len); 2583 gimple_set_location (g, loc); 2584 gsi_insert_before (iter, g, GSI_SAME_STMT); 2585 tree sz_arg = gimple_assign_lhs (g); 2586 g = gimple_build_call (fun, nargs, base_addr, sz_arg); 2587 } 2588 gimple_set_location (g, loc); 2589 gsi_replace (iter, g, false); 2590 return false; 2591 } 2592 2593 HOST_WIDE_INT real_size_in_bytes = size_in_bytes == -1 ? 1 : size_in_bytes; 2594 2595 tree shadow_ptr_type = shadow_ptr_types[real_size_in_bytes == 16 ? 1 : 0]; 2596 tree shadow_type = TREE_TYPE (shadow_ptr_type); 2597 2598 gimple_stmt_iterator gsi = *iter; 2599 2600 if (!is_non_zero_len) 2601 { 2602 /* So, the length of the memory area to asan-protect is 2603 non-constant. Let's guard the generated instrumentation code 2604 like: 2605 2606 if (len != 0) 2607 { 2608 //asan instrumentation code goes here. 2609 } 2610 // falltrough instructions, starting with *ITER. */ 2611 2612 g = gimple_build_cond (NE_EXPR, 2613 len, 2614 build_int_cst (TREE_TYPE (len), 0), 2615 NULL_TREE, NULL_TREE); 2616 gimple_set_location (g, loc); 2617 2618 basic_block then_bb, fallthrough_bb; 2619 insert_if_then_before_iter (as_a <gcond *> (g), iter, 2620 /*then_more_likely_p=*/true, 2621 &then_bb, &fallthrough_bb); 2622 /* Note that fallthrough_bb starts with the statement that was 2623 pointed to by ITER. */ 2624 2625 /* The 'then block' of the 'if (len != 0) condition is where 2626 we'll generate the asan instrumentation code now. */ 2627 gsi = gsi_last_bb (then_bb); 2628 } 2629 2630 /* Get an iterator on the point where we can add the condition 2631 statement for the instrumentation. */ 2632 basic_block then_bb, else_bb; 2633 gsi = create_cond_insert_point (&gsi, /*before_p*/false, 2634 /*then_more_likely_p=*/false, 2635 /*create_then_fallthru_edge*/recover_p, 2636 &then_bb, 2637 &else_bb); 2638 2639 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node), 2640 NOP_EXPR, base); 2641 gimple_set_location (g, loc); 2642 gsi_insert_before (&gsi, g, GSI_NEW_STMT); 2643 tree base_addr = gimple_assign_lhs (g); 2644 2645 tree t = NULL_TREE; 2646 if (real_size_in_bytes >= 8) 2647 { 2648 tree shadow = build_shadow_mem_access (&gsi, loc, base_addr, 2649 shadow_ptr_type); 2650 t = shadow; 2651 } 2652 else 2653 { 2654 /* Slow path for 1, 2 and 4 byte accesses. */ 2655 /* Test (shadow != 0) 2656 & ((base_addr & 7) + (real_size_in_bytes - 1)) >= shadow). */ 2657 tree shadow = build_shadow_mem_access (&gsi, loc, base_addr, 2658 shadow_ptr_type); 2659 gimple shadow_test = build_assign (NE_EXPR, shadow, 0); 2660 gimple_seq seq = NULL; 2661 gimple_seq_add_stmt (&seq, shadow_test); 2662 /* Aligned (>= 8 bytes) can test just 2663 (real_size_in_bytes - 1 >= shadow), as base_addr & 7 is known 2664 to be 0. */ 2665 if (align < 8) 2666 { 2667 gimple_seq_add_stmt (&seq, build_assign (BIT_AND_EXPR, 2668 base_addr, 7)); 2669 gimple_seq_add_stmt (&seq, 2670 build_type_cast (shadow_type, 2671 gimple_seq_last (seq))); 2672 if (real_size_in_bytes > 1) 2673 gimple_seq_add_stmt (&seq, 2674 build_assign (PLUS_EXPR, 2675 gimple_seq_last (seq), 2676 real_size_in_bytes - 1)); 2677 t = gimple_assign_lhs (gimple_seq_last_stmt (seq)); 2678 } 2679 else 2680 t = build_int_cst (shadow_type, real_size_in_bytes - 1); 2681 gimple_seq_add_stmt (&seq, build_assign (GE_EXPR, t, shadow)); 2682 gimple_seq_add_stmt (&seq, build_assign (BIT_AND_EXPR, shadow_test, 2683 gimple_seq_last (seq))); 2684 t = gimple_assign_lhs (gimple_seq_last (seq)); 2685 gimple_seq_set_location (seq, loc); 2686 gsi_insert_seq_after (&gsi, seq, GSI_CONTINUE_LINKING); 2687 2688 /* For non-constant, misaligned or otherwise weird access sizes, 2689 check first and last byte. */ 2690 if (size_in_bytes == -1) 2691 { 2692 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node), 2693 MINUS_EXPR, len, 2694 build_int_cst (pointer_sized_int_node, 1)); 2695 gimple_set_location (g, loc); 2696 gsi_insert_after (&gsi, g, GSI_NEW_STMT); 2697 tree last = gimple_assign_lhs (g); 2698 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node), 2699 PLUS_EXPR, base_addr, last); 2700 gimple_set_location (g, loc); 2701 gsi_insert_after (&gsi, g, GSI_NEW_STMT); 2702 tree base_end_addr = gimple_assign_lhs (g); 2703 2704 tree shadow = build_shadow_mem_access (&gsi, loc, base_end_addr, 2705 shadow_ptr_type); 2706 gimple shadow_test = build_assign (NE_EXPR, shadow, 0); 2707 gimple_seq seq = NULL; 2708 gimple_seq_add_stmt (&seq, shadow_test); 2709 gimple_seq_add_stmt (&seq, build_assign (BIT_AND_EXPR, 2710 base_end_addr, 7)); 2711 gimple_seq_add_stmt (&seq, build_type_cast (shadow_type, 2712 gimple_seq_last (seq))); 2713 gimple_seq_add_stmt (&seq, build_assign (GE_EXPR, 2714 gimple_seq_last (seq), 2715 shadow)); 2716 gimple_seq_add_stmt (&seq, build_assign (BIT_AND_EXPR, shadow_test, 2717 gimple_seq_last (seq))); 2718 gimple_seq_add_stmt (&seq, build_assign (BIT_IOR_EXPR, t, 2719 gimple_seq_last (seq))); 2720 t = gimple_assign_lhs (gimple_seq_last (seq)); 2721 gimple_seq_set_location (seq, loc); 2722 gsi_insert_seq_after (&gsi, seq, GSI_CONTINUE_LINKING); 2723 } 2724 } 2725 2726 g = gimple_build_cond (NE_EXPR, t, build_int_cst (TREE_TYPE (t), 0), 2727 NULL_TREE, NULL_TREE); 2728 gimple_set_location (g, loc); 2729 gsi_insert_after (&gsi, g, GSI_NEW_STMT); 2730 2731 /* Generate call to the run-time library (e.g. __asan_report_load8). */ 2732 gsi = gsi_start_bb (then_bb); 2733 int nargs; 2734 tree fun = report_error_func (is_store, recover_p, size_in_bytes, &nargs); 2735 g = gimple_build_call (fun, nargs, base_addr, len); 2736 gimple_set_location (g, loc); 2737 gsi_insert_after (&gsi, g, GSI_NEW_STMT); 2738 2739 gsi_remove (iter, true); 2740 *iter = gsi_start_bb (else_bb); 2741 2742 return true; 2743} 2744 2745/* Instrument the current function. */ 2746 2747static unsigned int 2748asan_instrument (void) 2749{ 2750 if (shadow_ptr_types[0] == NULL_TREE) 2751 asan_init_shadow_ptr_types (); 2752 transform_statements (); 2753 return 0; 2754} 2755 2756static bool 2757gate_asan (void) 2758{ 2759 return (flag_sanitize & SANITIZE_ADDRESS) != 0 2760 && !lookup_attribute ("no_sanitize_address", 2761 DECL_ATTRIBUTES (current_function_decl)); 2762} 2763 2764namespace { 2765 2766const pass_data pass_data_asan = 2767{ 2768 GIMPLE_PASS, /* type */ 2769 "asan", /* name */ 2770 OPTGROUP_NONE, /* optinfo_flags */ 2771 TV_NONE, /* tv_id */ 2772 ( PROP_ssa | PROP_cfg | PROP_gimple_leh ), /* properties_required */ 2773 0, /* properties_provided */ 2774 0, /* properties_destroyed */ 2775 0, /* todo_flags_start */ 2776 TODO_update_ssa, /* todo_flags_finish */ 2777}; 2778 2779class pass_asan : public gimple_opt_pass 2780{ 2781public: 2782 pass_asan (gcc::context *ctxt) 2783 : gimple_opt_pass (pass_data_asan, ctxt) 2784 {} 2785 2786 /* opt_pass methods: */ 2787 opt_pass * clone () { return new pass_asan (m_ctxt); } 2788 virtual bool gate (function *) { return gate_asan (); } 2789 virtual unsigned int execute (function *) { return asan_instrument (); } 2790 2791}; // class pass_asan 2792 2793} // anon namespace 2794 2795gimple_opt_pass * 2796make_pass_asan (gcc::context *ctxt) 2797{ 2798 return new pass_asan (ctxt); 2799} 2800 2801namespace { 2802 2803const pass_data pass_data_asan_O0 = 2804{ 2805 GIMPLE_PASS, /* type */ 2806 "asan0", /* name */ 2807 OPTGROUP_NONE, /* optinfo_flags */ 2808 TV_NONE, /* tv_id */ 2809 ( PROP_ssa | PROP_cfg | PROP_gimple_leh ), /* properties_required */ 2810 0, /* properties_provided */ 2811 0, /* properties_destroyed */ 2812 0, /* todo_flags_start */ 2813 TODO_update_ssa, /* todo_flags_finish */ 2814}; 2815 2816class pass_asan_O0 : public gimple_opt_pass 2817{ 2818public: 2819 pass_asan_O0 (gcc::context *ctxt) 2820 : gimple_opt_pass (pass_data_asan_O0, ctxt) 2821 {} 2822 2823 /* opt_pass methods: */ 2824 virtual bool gate (function *) { return !optimize && gate_asan (); } 2825 virtual unsigned int execute (function *) { return asan_instrument (); } 2826 2827}; // class pass_asan_O0 2828 2829} // anon namespace 2830 2831gimple_opt_pass * 2832make_pass_asan_O0 (gcc::context *ctxt) 2833{ 2834 return new pass_asan_O0 (ctxt); 2835} 2836 2837#include "gt-asan.h" 2838