]> gcc.gnu.org Git - gcc.git/blob - gcc/tree-chkp.c
git://gcc.gnu.org / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
re PR middle-end/66568 ([CHKP] internal compiler error: in expand_expr_addr_expr_1)
[gcc.git] / gcc / tree-chkp.c
1 /* Pointer Bounds Checker insrumentation pass.
2 Copyright (C) 2014-2015 Free Software Foundation, Inc.
3 Contributed by Ilya Enkovich (ilya.enkovich@intel.com)
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 3, or (at your option) any later
10 version.
11
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "alias.h"
25 #include "symtab.h"
26 #include "options.h"
27 #include "tree.h"
28 #include "fold-const.h"
29 #include "stor-layout.h"
30 #include "varasm.h"
31 #include "target.h"
32 #include "tree-iterator.h"
33 #include "tree-cfg.h"
34 #include "langhooks.h"
35 #include "tree-pass.h"
36 #include "diagnostic.h"
37 #include "cfgloop.h"
38 #include "stringpool.h"
39 #include "tree-ssa-alias.h"
40 #include "tree-ssanames.h"
41 #include "tree-ssa-operands.h"
42 #include "tree-ssa-address.h"
43 #include "tree-ssa.h"
44 #include "predict.h"
45 #include "dominance.h"
46 #include "cfg.h"
47 #include "basic-block.h"
48 #include "tree-ssa-loop-niter.h"
49 #include "gimple-expr.h"
50 #include "gimple.h"
51 #include "tree-phinodes.h"
52 #include "gimple-ssa.h"
53 #include "ssa-iterators.h"
54 #include "gimple-pretty-print.h"
55 #include "gimple-iterator.h"
56 #include "gimplify.h"
57 #include "gimplify-me.h"
58 #include "print-tree.h"
59 #include "tm.h"
60 #include "hard-reg-set.h"
61 #include "function.h"
62 #include "rtl.h"
63 #include "flags.h"
64 #include "insn-config.h"
65 #include "expmed.h"
66 #include "dojump.h"
67 #include "explow.h"
68 #include "calls.h"
69 #include "emit-rtl.h"
70 #include "stmt.h"
71 #include "expr.h"
72 #include "tree-ssa-propagate.h"
73 #include "gimple-fold.h"
74 #include "tree-chkp.h"
75 #include "gimple-walk.h"
76 #include "rtl.h" /* For MEM_P, assign_temp. */
77 #include "tree-dfa.h"
78 #include "ipa-ref.h"
79 #include "lto-streamer.h"
80 #include "cgraph.h"
81 #include "ipa-chkp.h"
82 #include "params.h"
83
84 /* Pointer Bounds Checker instruments code with memory checks to find
85 out-of-bounds memory accesses. Checks are performed by computing
86 bounds for each pointer and then comparing address of accessed
87 memory before pointer dereferencing.
88
89 1. Function clones.
90
91 See ipa-chkp.c.
92
93 2. Instrumentation.
94
95 There are few things to instrument:
96
97 a) Memory accesses - add checker calls to check address of accessed memory
98 against bounds of dereferenced pointer. Obviously safe memory
99 accesses like static variable access does not have to be instrumented
100 with checks.
101
102 Example:
103
104 val_2 = *p_1;
105
106 with 4 bytes access is transformed into:
107
108 __builtin___chkp_bndcl (__bound_tmp.1_3, p_1);
109 D.1_4 = p_1 + 3;
110 __builtin___chkp_bndcu (__bound_tmp.1_3, D.1_4);
111 val_2 = *p_1;
112
113 where __bound_tmp.1_3 are bounds computed for pointer p_1,
114 __builtin___chkp_bndcl is a lower bound check and
115 __builtin___chkp_bndcu is an upper bound check.
116
117 b) Pointer stores.
118
119 When pointer is stored in memory we need to store its bounds. To
120 achieve compatibility of instrumented code with regular codes
121 we have to keep data layout and store bounds in special bound tables
122 via special checker call. Implementation of bounds table may vary for
123 different platforms. It has to associate pointer value and its
124 location (it is required because we may have two equal pointers
125 with different bounds stored in different places) with bounds.
126 Another checker builtin allows to get bounds for specified pointer
127 loaded from specified location.
128
129 Example:
130
131 buf1[i_1] = &buf2;
132
133 is transformed into:
134
135 buf1[i_1] = &buf2;
136 D.1_2 = &buf1[i_1];
137 __builtin___chkp_bndstx (D.1_2, &buf2, __bound_tmp.1_2);
138
139 where __bound_tmp.1_2 are bounds of &buf2.
140
141 c) Static initialization.
142
143 The special case of pointer store is static pointer initialization.
144 Bounds initialization is performed in a few steps:
145 - register all static initializations in front-end using
146 chkp_register_var_initializer
147 - when file compilation finishes we create functions with special
148 attribute 'chkp ctor' and put explicit initialization code
149 (assignments) for all statically initialized pointers.
150 - when checker constructor is compiled checker pass adds required
151 bounds initialization for all statically initialized pointers
152 - since we do not actually need excess pointers initialization
153 in checker constructor we remove such assignments from them
154
155 d) Calls.
156
157 For each call in the code we add additional arguments to pass
158 bounds for pointer arguments. We determine type of call arguments
159 using arguments list from function declaration; if function
160 declaration is not available we use function type; otherwise
161 (e.g. for unnamed arguments) we use type of passed value. Function
162 declaration/type is replaced with the instrumented one.
163
164 Example:
165
166 val_1 = foo (&buf1, &buf2, &buf1, 0);
167
168 is translated into:
169
170 val_1 = foo.chkp (&buf1, __bound_tmp.1_2, &buf2, __bound_tmp.1_3,
171 &buf1, __bound_tmp.1_2, 0);
172
173 e) Returns.
174
175 If function returns a pointer value we have to return bounds also.
176 A new operand was added for return statement to hold returned bounds.
177
178 Example:
179
180 return &_buf1;
181
182 is transformed into
183
184 return &_buf1, __bound_tmp.1_1;
185
186 3. Bounds computation.
187
188 Compiler is fully responsible for computing bounds to be used for each
189 memory access. The first step for bounds computation is to find the
190 origin of pointer dereferenced for memory access. Basing on pointer
191 origin we define a way to compute its bounds. There are just few
192 possible cases:
193
194 a) Pointer is returned by call.
195
196 In this case we use corresponding checker builtin method to obtain returned
197 bounds.
198
199 Example:
200
201 buf_1 = malloc (size_2);
202 foo (buf_1);
203
204 is translated into:
205
206 buf_1 = malloc (size_2);
207 __bound_tmp.1_3 = __builtin___chkp_bndret (buf_1);
208 foo (buf_1, __bound_tmp.1_3);
209
210 b) Pointer is an address of an object.
211
212 In this case compiler tries to compute objects size and create corresponding
213 bounds. If object has incomplete type then special checker builtin is used to
214 obtain its size at runtime.
215
216 Example:
217
218 foo ()
219 {
220 <unnamed type> __bound_tmp.3;
221 static int buf[100];
222
223 <bb 3>:
224 __bound_tmp.3_2 = __builtin___chkp_bndmk (&buf, 400);
225
226 <bb 2>:
227 return &buf, __bound_tmp.3_2;
228 }
229
230 Example:
231
232 Address of an object 'extern int buf[]' with incomplete type is
233 returned.
234
235 foo ()
236 {
237 <unnamed type> __bound_tmp.4;
238 long unsigned int __size_tmp.3;
239
240 <bb 3>:
241 __size_tmp.3_4 = __builtin_ia32_sizeof (buf);
242 __bound_tmp.4_3 = __builtin_ia32_bndmk (&buf, __size_tmp.3_4);
243
244 <bb 2>:
245 return &buf, __bound_tmp.4_3;
246 }
247
248 c) Pointer is the result of object narrowing.
249
250 It happens when we use pointer to an object to compute pointer to a part
251 of an object. E.g. we take pointer to a field of a structure. In this
252 case we perform bounds intersection using bounds of original object and
253 bounds of object's part (which are computed basing on its type).
254
255 There may be some debatable questions about when narrowing should occur
256 and when it should not. To avoid false bound violations in correct
257 programs we do not perform narrowing when address of an array element is
258 obtained (it has address of the whole array) and when address of the first
259 structure field is obtained (because it is guaranteed to be equal to
260 address of the whole structure and it is legal to cast it back to structure).
261
262 Default narrowing behavior may be changed using compiler flags.
263
264 Example:
265
266 In this example address of the second structure field is returned.
267
268 foo (struct A * p, __bounds_type __bounds_of_p)
269 {
270 <unnamed type> __bound_tmp.3;
271 int * _2;
272 int * _5;
273
274 <bb 2>:
275 _5 = &p_1(D)->second_field;
276 __bound_tmp.3_6 = __builtin___chkp_bndmk (_5, 4);
277 __bound_tmp.3_8 = __builtin___chkp_intersect (__bound_tmp.3_6,
278 __bounds_of_p_3(D));
279 _2 = &p_1(D)->second_field;
280 return _2, __bound_tmp.3_8;
281 }
282
283 Example:
284
285 In this example address of the first field of array element is returned.
286
287 foo (struct A * p, __bounds_type __bounds_of_p, int i)
288 {
289 long unsigned int _3;
290 long unsigned int _4;
291 struct A * _6;
292 int * _7;
293
294 <bb 2>:
295 _3 = (long unsigned int) i_1(D);
296 _4 = _3 * 8;
297 _6 = p_5(D) + _4;
298 _7 = &_6->first_field;
299 return _7, __bounds_of_p_2(D);
300 }
301
302
303 d) Pointer is the result of pointer arithmetic or type cast.
304
305 In this case bounds of the base pointer are used. In case of binary
306 operation producing a pointer we are analyzing data flow further
307 looking for operand's bounds. One operand is considered as a base
308 if it has some valid bounds. If we fall into a case when none of
309 operands (or both of them) has valid bounds, a default bounds value
310 is used.
311
312 Trying to find out bounds for binary operations we may fall into
313 cyclic dependencies for pointers. To avoid infinite recursion all
314 walked phi nodes instantly obtain corresponding bounds but created
315 bounds are marked as incomplete. It helps us to stop DF walk during
316 bounds search.
317
318 When we reach pointer source, some args of incomplete bounds phi obtain
319 valid bounds and those values are propagated further through phi nodes.
320 If no valid bounds were found for phi node then we mark its result as
321 invalid bounds. Process stops when all incomplete bounds become either
322 valid or invalid and we are able to choose a pointer base.
323
324 e) Pointer is loaded from the memory.
325
326 In this case we just need to load bounds from the bounds table.
327
328 Example:
329
330 foo ()
331 {
332 <unnamed type> __bound_tmp.3;
333 static int * buf;
334 int * _2;
335
336 <bb 2>:
337 _2 = buf;
338 __bound_tmp.3_4 = __builtin___chkp_bndldx (&buf, _2);
339 return _2, __bound_tmp.3_4;
340 }
341
342 */
343
344 typedef void (*assign_handler)(tree, tree, void *);
345
346 static tree chkp_get_zero_bounds ();
347 static tree chkp_find_bounds (tree ptr, gimple_stmt_iterator *iter);
348 static tree chkp_find_bounds_loaded (tree ptr, tree ptr_src,
349 gimple_stmt_iterator *iter);
350 static void chkp_parse_array_and_component_ref (tree node, tree *ptr,
351 tree *elt, bool *safe,
352 bool *bitfield,
353 tree *bounds,
354 gimple_stmt_iterator *iter,
355 bool innermost_bounds);
356
357 #define chkp_bndldx_fndecl \
358 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDLDX))
359 #define chkp_bndstx_fndecl \
360 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDSTX))
361 #define chkp_checkl_fndecl \
362 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDCL))
363 #define chkp_checku_fndecl \
364 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDCU))
365 #define chkp_bndmk_fndecl \
366 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDMK))
367 #define chkp_ret_bnd_fndecl \
368 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDRET))
369 #define chkp_intersect_fndecl \
370 (targetm.builtin_chkp_function (BUILT_IN_CHKP_INTERSECT))
371 #define chkp_narrow_bounds_fndecl \
372 (targetm.builtin_chkp_function (BUILT_IN_CHKP_NARROW))
373 #define chkp_sizeof_fndecl \
374 (targetm.builtin_chkp_function (BUILT_IN_CHKP_SIZEOF))
375 #define chkp_extract_lower_fndecl \
376 (targetm.builtin_chkp_function (BUILT_IN_CHKP_EXTRACT_LOWER))
377 #define chkp_extract_upper_fndecl \
378 (targetm.builtin_chkp_function (BUILT_IN_CHKP_EXTRACT_UPPER))
379
380 static GTY (()) tree chkp_uintptr_type;
381
382 static GTY (()) tree chkp_zero_bounds_var;
383 static GTY (()) tree chkp_none_bounds_var;
384
385 static GTY (()) basic_block entry_block;
386 static GTY (()) tree zero_bounds;
387 static GTY (()) tree none_bounds;
388 static GTY (()) tree incomplete_bounds;
389 static GTY (()) tree tmp_var;
390 static GTY (()) tree size_tmp_var;
391 static GTY (()) bitmap chkp_abnormal_copies;
392
393 struct hash_set<tree> *chkp_invalid_bounds;
394 struct hash_set<tree> *chkp_completed_bounds_set;
395 struct hash_map<tree, tree> *chkp_reg_bounds;
396 struct hash_map<tree, tree> *chkp_bound_vars;
397 struct hash_map<tree, tree> *chkp_reg_addr_bounds;
398 struct hash_map<tree, tree> *chkp_incomplete_bounds_map;
399 struct hash_map<tree, tree> *chkp_bounds_map;
400 struct hash_map<tree, tree> *chkp_static_var_bounds;
401
402 static bool in_chkp_pass;
403
404 #define CHKP_BOUND_TMP_NAME "__bound_tmp"
405 #define CHKP_SIZE_TMP_NAME "__size_tmp"
406 #define CHKP_BOUNDS_OF_SYMBOL_PREFIX "__chkp_bounds_of_"
407 #define CHKP_STRING_BOUNDS_PREFIX "__chkp_string_bounds_"
408 #define CHKP_VAR_BOUNDS_PREFIX "__chkp_var_bounds_"
409 #define CHKP_ZERO_BOUNDS_VAR_NAME "__chkp_zero_bounds"
410 #define CHKP_NONE_BOUNDS_VAR_NAME "__chkp_none_bounds"
411
412 /* Static checker constructors may become very large and their
413 compilation with optimization may take too much time.
414 Therefore we put a limit to number of statements in one
415 constructor. Tests with 100 000 statically initialized
416 pointers showed following compilation times on Sandy Bridge
417 server (used -O2):
418 limit 100 => ~18 sec.
419 limit 300 => ~22 sec.
420 limit 1000 => ~30 sec.
421 limit 3000 => ~49 sec.
422 limit 5000 => ~55 sec.
423 limit 10000 => ~76 sec.
424 limit 100000 => ~532 sec. */
425 #define MAX_STMTS_IN_STATIC_CHKP_CTOR (PARAM_VALUE (PARAM_CHKP_MAX_CTOR_SIZE))
426
427 struct chkp_ctor_stmt_list
428 {
429 tree stmts;
430 int avail;
431 };
432
433 /* Return 1 if function FNDECL is instrumented by Pointer
434 Bounds Checker. */
435 bool
436 chkp_function_instrumented_p (tree fndecl)
437 {
438 return fndecl
439 && lookup_attribute ("chkp instrumented", DECL_ATTRIBUTES (fndecl));
440 }
441
442 /* Mark function FNDECL as instrumented. */
443 void
444 chkp_function_mark_instrumented (tree fndecl)
445 {
446 if (chkp_function_instrumented_p (fndecl))
447 return;
448
449 DECL_ATTRIBUTES (fndecl)
450 = tree_cons (get_identifier ("chkp instrumented"), NULL,
451 DECL_ATTRIBUTES (fndecl));
452 }
453
454 /* Return true when STMT is builtin call to instrumentation function
455 corresponding to CODE. */
456
457 bool
458 chkp_gimple_call_builtin_p (gimple call,
459 enum built_in_function code)
460 {
461 tree fndecl;
462 if (is_gimple_call (call)
463 && (fndecl = targetm.builtin_chkp_function (code))
464 && gimple_call_fndecl (call) == fndecl)
465 return true;
466 return false;
467 }
468
469 /* Emit code to build zero bounds and return RTL holding
470 the result. */
471 rtx
472 chkp_expand_zero_bounds ()
473 {
474 tree zero_bnd;
475
476 if (flag_chkp_use_static_const_bounds)
477 zero_bnd = chkp_get_zero_bounds_var ();
478 else
479 zero_bnd = chkp_build_make_bounds_call (integer_zero_node,
480 integer_zero_node);
481 return expand_normal (zero_bnd);
482 }
483
484 /* Emit code to store zero bounds for PTR located at MEM. */
485 void
486 chkp_expand_bounds_reset_for_mem (tree mem, tree ptr)
487 {
488 tree zero_bnd, bnd, addr, bndstx;
489
490 if (flag_chkp_use_static_const_bounds)
491 zero_bnd = chkp_get_zero_bounds_var ();
492 else
493 zero_bnd = chkp_build_make_bounds_call (integer_zero_node,
494 integer_zero_node);
495 bnd = make_tree (pointer_bounds_type_node,
496 assign_temp (pointer_bounds_type_node, 0, 1));
497 addr = build1 (ADDR_EXPR,
498 build_pointer_type (TREE_TYPE (mem)), mem);
499 bndstx = chkp_build_bndstx_call (addr, ptr, bnd);
500
501 expand_assignment (bnd, zero_bnd, false);
502 expand_normal (bndstx);
503 }
504
505 /* Build retbnd call for returned value RETVAL.
506
507 If BNDVAL is not NULL then result is stored
508 in it. Otherwise a temporary is created to
509 hold returned value.
510
511 GSI points to a position for a retbnd call
512 and is set to created stmt.
513
514 Cgraph edge is created for a new call if
515 UPDATE_EDGE is 1.
516
517 Obtained bounds are returned. */
518 tree
519 chkp_insert_retbnd_call (tree bndval, tree retval,
520 gimple_stmt_iterator *gsi)
521 {
522 gimple call;
523
524 if (!bndval)
525 bndval = create_tmp_reg (pointer_bounds_type_node, "retbnd");
526
527 call = gimple_build_call (chkp_ret_bnd_fndecl, 1, retval);
528 gimple_call_set_lhs (call, bndval);
529 gsi_insert_after (gsi, call, GSI_CONTINUE_LINKING);
530
531 return bndval;
532 }
533
534 /* Build a GIMPLE_CALL identical to CALL but skipping bounds
535 arguments. */
536
537 gcall *
538 chkp_copy_call_skip_bounds (gcall *call)
539 {
540 bitmap bounds;
541 unsigned i;
542
543 bitmap_obstack_initialize (NULL);
544 bounds = BITMAP_ALLOC (NULL);
545
546 for (i = 0; i < gimple_call_num_args (call); i++)
547 if (POINTER_BOUNDS_P (gimple_call_arg (call, i)))
548 bitmap_set_bit (bounds, i);
549
550 if (!bitmap_empty_p (bounds))
551 call = gimple_call_copy_skip_args (call, bounds);
552 gimple_call_set_with_bounds (call, false);
553
554 BITMAP_FREE (bounds);
555 bitmap_obstack_release (NULL);
556
557 return call;
558 }
559
560 /* Redirect edge E to the correct node according to call_stmt.
561 Return 1 if bounds removal from call_stmt should be done
562 instead of redirection. */
563
564 bool
565 chkp_redirect_edge (cgraph_edge *e)
566 {
567 bool instrumented = false;
568 tree decl = e->callee->decl;
569
570 if (e->callee->instrumentation_clone
571 || chkp_function_instrumented_p (decl))
572 instrumented = true;
573
574 if (instrumented
575 && !gimple_call_with_bounds_p (e->call_stmt))
576 e->redirect_callee (cgraph_node::get_create (e->callee->orig_decl));
577 else if (!instrumented
578 && gimple_call_with_bounds_p (e->call_stmt)
579 && !chkp_gimple_call_builtin_p (e->call_stmt, BUILT_IN_CHKP_BNDCL)
580 && !chkp_gimple_call_builtin_p (e->call_stmt, BUILT_IN_CHKP_BNDCU)
581 && !chkp_gimple_call_builtin_p (e->call_stmt, BUILT_IN_CHKP_BNDSTX))
582 {
583 if (e->callee->instrumented_version)
584 e->redirect_callee (e->callee->instrumented_version);
585 else
586 {
587 tree args = TYPE_ARG_TYPES (TREE_TYPE (decl));
588 /* Avoid bounds removal if all args will be removed. */
589 if (!args || TREE_VALUE (args) != void_type_node)
590 return true;
591 else
592 gimple_call_set_with_bounds (e->call_stmt, false);
593 }
594 }
595
596 return false;
597 }
598
599 /* Mark statement S to not be instrumented. */
600 static void
601 chkp_mark_stmt (gimple s)
602 {
603 gimple_set_plf (s, GF_PLF_1, true);
604 }
605
606 /* Mark statement S to be instrumented. */
607 static void
608 chkp_unmark_stmt (gimple s)
609 {
610 gimple_set_plf (s, GF_PLF_1, false);
611 }
612
613 /* Return 1 if statement S should not be instrumented. */
614 static bool
615 chkp_marked_stmt_p (gimple s)
616 {
617 return gimple_plf (s, GF_PLF_1);
618 }
619
620 /* Get var to be used for bound temps. */
621 static tree
622 chkp_get_tmp_var (void)
623 {
624 if (!tmp_var)
625 tmp_var = create_tmp_reg (pointer_bounds_type_node, CHKP_BOUND_TMP_NAME);
626
627 return tmp_var;
628 }
629
630 /* Get SSA_NAME to be used as temp. */
631 static tree
632 chkp_get_tmp_reg (gimple stmt)
633 {
634 if (in_chkp_pass)
635 return make_ssa_name (chkp_get_tmp_var (), stmt);
636
637 return make_temp_ssa_name (pointer_bounds_type_node, stmt,
638 CHKP_BOUND_TMP_NAME);
639 }
640
641 /* Get var to be used for size temps. */
642 static tree
643 chkp_get_size_tmp_var (void)
644 {
645 if (!size_tmp_var)
646 size_tmp_var = create_tmp_reg (chkp_uintptr_type, CHKP_SIZE_TMP_NAME);
647
648 return size_tmp_var;
649 }
650
651 /* Register bounds BND for address of OBJ. */
652 static void
653 chkp_register_addr_bounds (tree obj, tree bnd)
654 {
655 if (bnd == incomplete_bounds)
656 return;
657
658 chkp_reg_addr_bounds->put (obj, bnd);
659
660 if (dump_file && (dump_flags & TDF_DETAILS))
661 {
662 fprintf (dump_file, "Regsitered bound ");
663 print_generic_expr (dump_file, bnd, 0);
664 fprintf (dump_file, " for address of ");
665 print_generic_expr (dump_file, obj, 0);
666 fprintf (dump_file, "\n");
667 }
668 }
669
670 /* Return bounds registered for address of OBJ. */
671 static tree
672 chkp_get_registered_addr_bounds (tree obj)
673 {
674 tree *slot = chkp_reg_addr_bounds->get (obj);
675 return slot ? *slot : NULL_TREE;
676 }
677
678 /* Mark BOUNDS as completed. */
679 static void
680 chkp_mark_completed_bounds (tree bounds)
681 {
682 chkp_completed_bounds_set->add (bounds);
683
684 if (dump_file && (dump_flags & TDF_DETAILS))
685 {
686 fprintf (dump_file, "Marked bounds ");
687 print_generic_expr (dump_file, bounds, 0);
688 fprintf (dump_file, " as completed\n");
689 }
690 }
691
692 /* Return 1 if BOUNDS were marked as completed and 0 otherwise. */
693 static bool
694 chkp_completed_bounds (tree bounds)
695 {
696 return chkp_completed_bounds_set->contains (bounds);
697 }
698
699 /* Clear comleted bound marks. */
700 static void
701 chkp_erase_completed_bounds (void)
702 {
703 delete chkp_completed_bounds_set;
704 chkp_completed_bounds_set = new hash_set<tree>;
705 }
706
707 /* Mark BOUNDS associated with PTR as incomplete. */
708 static void
709 chkp_register_incomplete_bounds (tree bounds, tree ptr)
710 {
711 chkp_incomplete_bounds_map->put (bounds, ptr);
712
713 if (dump_file && (dump_flags & TDF_DETAILS))
714 {
715 fprintf (dump_file, "Regsitered incomplete bounds ");
716 print_generic_expr (dump_file, bounds, 0);
717 fprintf (dump_file, " for ");
718 print_generic_expr (dump_file, ptr, 0);
719 fprintf (dump_file, "\n");
720 }
721 }
722
723 /* Return 1 if BOUNDS are incomplete and 0 otherwise. */
724 static bool
725 chkp_incomplete_bounds (tree bounds)
726 {
727 if (bounds == incomplete_bounds)
728 return true;
729
730 if (chkp_completed_bounds (bounds))
731 return false;
732
733 return chkp_incomplete_bounds_map->get (bounds) != NULL;
734 }
735
736 /* Clear incomleted bound marks. */
737 static void
738 chkp_erase_incomplete_bounds (void)
739 {
740 delete chkp_incomplete_bounds_map;
741 chkp_incomplete_bounds_map = new hash_map<tree, tree>;
742 }
743
744 /* Build and return bndmk call which creates bounds for structure
745 pointed by PTR. Structure should have complete type. */
746 tree
747 chkp_make_bounds_for_struct_addr (tree ptr)
748 {
749 tree type = TREE_TYPE (ptr);
750 tree size;
751
752 gcc_assert (POINTER_TYPE_P (type));
753
754 size = TYPE_SIZE (TREE_TYPE (type));
755
756 gcc_assert (size);
757
758 return build_call_nary (pointer_bounds_type_node,
759 build_fold_addr_expr (chkp_bndmk_fndecl),
760 2, ptr, size);
761 }
762
763 /* Traversal function for chkp_may_finish_incomplete_bounds.
764 Set RES to 0 if at least one argument of phi statement
765 defining bounds (passed in KEY arg) is unknown.
766 Traversal stops when first unknown phi argument is found. */
767 bool
768 chkp_may_complete_phi_bounds (tree const &bounds, tree *slot ATTRIBUTE_UNUSED,
769 bool *res)
770 {
771 gimple phi;
772 unsigned i;
773
774 gcc_assert (TREE_CODE (bounds) == SSA_NAME);
775
776 phi = SSA_NAME_DEF_STMT (bounds);
777
778 gcc_assert (phi && gimple_code (phi) == GIMPLE_PHI);
779
780 for (i = 0; i < gimple_phi_num_args (phi); i++)
781 {
782 tree phi_arg = gimple_phi_arg_def (phi, i);
783 if (!phi_arg)
784 {
785 *res = false;
786 /* Do not need to traverse further. */
787 return false;
788 }
789 }
790
791 return true;
792 }
793
794 /* Return 1 if all phi nodes created for bounds have their
795 arguments computed. */
796 static bool
797 chkp_may_finish_incomplete_bounds (void)
798 {
799 bool res = true;
800
801 chkp_incomplete_bounds_map
802 ->traverse<bool *, chkp_may_complete_phi_bounds> (&res);
803
804 return res;
805 }
806
807 /* Helper function for chkp_finish_incomplete_bounds.
808 Recompute args for bounds phi node. */
809 bool
810 chkp_recompute_phi_bounds (tree const &bounds, tree *slot,
811 void *res ATTRIBUTE_UNUSED)
812 {
813 tree ptr = *slot;
814 gphi *bounds_phi;
815 gphi *ptr_phi;
816 unsigned i;
817
818 gcc_assert (TREE_CODE (bounds) == SSA_NAME);
819 gcc_assert (TREE_CODE (ptr) == SSA_NAME);
820
821 bounds_phi = as_a <gphi *> (SSA_NAME_DEF_STMT (bounds));
822 ptr_phi = as_a <gphi *> (SSA_NAME_DEF_STMT (ptr));
823
824 for (i = 0; i < gimple_phi_num_args (bounds_phi); i++)
825 {
826 tree ptr_arg = gimple_phi_arg_def (ptr_phi, i);
827 tree bound_arg = chkp_find_bounds (ptr_arg, NULL);
828
829 add_phi_arg (bounds_phi, bound_arg,
830 gimple_phi_arg_edge (ptr_phi, i),
831 UNKNOWN_LOCATION);
832 }
833
834 return true;
835 }
836
837 /* Mark BOUNDS as invalid. */
838 static void
839 chkp_mark_invalid_bounds (tree bounds)
840 {
841 chkp_invalid_bounds->add (bounds);
842
843 if (dump_file && (dump_flags & TDF_DETAILS))
844 {
845 fprintf (dump_file, "Marked bounds ");
846 print_generic_expr (dump_file, bounds, 0);
847 fprintf (dump_file, " as invalid\n");
848 }
849 }
850
851 /* Return 1 if BOUNDS were marked as invalid and 0 otherwise. */
852 static bool
853 chkp_valid_bounds (tree bounds)
854 {
855 if (bounds == zero_bounds || bounds == none_bounds)
856 return false;
857
858 return !chkp_invalid_bounds->contains (bounds);
859 }
860
861 /* Helper function for chkp_finish_incomplete_bounds.
862 Check all arguments of phi nodes trying to find
863 valid completed bounds. If there is at least one
864 such arg then bounds produced by phi node are marked
865 as valid completed bounds and all phi args are
866 recomputed. */
867 bool
868 chkp_find_valid_phi_bounds (tree const &bounds, tree *slot, bool *res)
869 {
870 gimple phi;
871 unsigned i;
872
873 gcc_assert (TREE_CODE (bounds) == SSA_NAME);
874
875 if (chkp_completed_bounds (bounds))
876 return true;
877
878 phi = SSA_NAME_DEF_STMT (bounds);
879
880 gcc_assert (phi && gimple_code (phi) == GIMPLE_PHI);
881
882 for (i = 0; i < gimple_phi_num_args (phi); i++)
883 {
884 tree phi_arg = gimple_phi_arg_def (phi, i);
885
886 gcc_assert (phi_arg);
887
888 if (chkp_valid_bounds (phi_arg) && !chkp_incomplete_bounds (phi_arg))
889 {
890 *res = true;
891 chkp_mark_completed_bounds (bounds);
892 chkp_recompute_phi_bounds (bounds, slot, NULL);
893 return true;
894 }
895 }
896
897 return true;
898 }
899
900 /* Helper function for chkp_finish_incomplete_bounds.
901 Marks all incompleted bounds as invalid. */
902 bool
903 chkp_mark_invalid_bounds_walker (tree const &bounds,
904 tree *slot ATTRIBUTE_UNUSED,
905 void *res ATTRIBUTE_UNUSED)
906 {
907 if (!chkp_completed_bounds (bounds))
908 {
909 chkp_mark_invalid_bounds (bounds);
910 chkp_mark_completed_bounds (bounds);
911 }
912 return true;
913 }
914
915 /* When all bound phi nodes have all their args computed
916 we have enough info to find valid bounds. We iterate
917 through all incompleted bounds searching for valid
918 bounds. Found valid bounds are marked as completed
919 and all remaining incompleted bounds are recomputed.
920 Process continues until no new valid bounds may be
921 found. All remained incompleted bounds are marked as
922 invalid (i.e. have no valid source of bounds). */
923 static void
924 chkp_finish_incomplete_bounds (void)
925 {
926 bool found_valid;
927
928 while (found_valid)
929 {
930 found_valid = false;
931
932 chkp_incomplete_bounds_map->
933 traverse<bool *, chkp_find_valid_phi_bounds> (&found_valid);
934
935 if (found_valid)
936 chkp_incomplete_bounds_map->
937 traverse<void *, chkp_recompute_phi_bounds> (NULL);
938 }
939
940 chkp_incomplete_bounds_map->
941 traverse<void *, chkp_mark_invalid_bounds_walker> (NULL);
942 chkp_incomplete_bounds_map->
943 traverse<void *, chkp_recompute_phi_bounds> (NULL);
944
945 chkp_erase_completed_bounds ();
946 chkp_erase_incomplete_bounds ();
947 }
948
949 /* Return 1 if type TYPE is a pointer type or a
950 structure having a pointer type as one of its fields.
951 Otherwise return 0. */
952 bool
953 chkp_type_has_pointer (const_tree type)
954 {
955 bool res = false;
956
957 if (BOUNDED_TYPE_P (type))
958 res = true;
959 else if (RECORD_OR_UNION_TYPE_P (type))
960 {
961 tree field;
962
963 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
964 if (TREE_CODE (field) == FIELD_DECL)
965 res = res || chkp_type_has_pointer (TREE_TYPE (field));
966 }
967 else if (TREE_CODE (type) == ARRAY_TYPE)
968 res = chkp_type_has_pointer (TREE_TYPE (type));
969
970 return res;
971 }
972
973 unsigned
974 chkp_type_bounds_count (const_tree type)
975 {
976 unsigned res = 0;
977
978 if (!type)
979 res = 0;
980 else if (BOUNDED_TYPE_P (type))
981 res = 1;
982 else if (RECORD_OR_UNION_TYPE_P (type))
983 {
984 bitmap have_bound;
985
986 bitmap_obstack_initialize (NULL);
987 have_bound = BITMAP_ALLOC (NULL);
988 chkp_find_bound_slots (type, have_bound);
989 res = bitmap_count_bits (have_bound);
990 BITMAP_FREE (have_bound);
991 bitmap_obstack_release (NULL);
992 }
993
994 return res;
995 }
996
997 /* Get bounds associated with NODE via
998 chkp_set_bounds call. */
999 tree
1000 chkp_get_bounds (tree node)
1001 {
1002 tree *slot;
1003
1004 if (!chkp_bounds_map)
1005 return NULL_TREE;
1006
1007 slot = chkp_bounds_map->get (node);
1008 return slot ? *slot : NULL_TREE;
1009 }
1010
1011 /* Associate bounds VAL with NODE. */
1012 void
1013 chkp_set_bounds (tree node, tree val)
1014 {
1015 if (!chkp_bounds_map)
1016 chkp_bounds_map = new hash_map<tree, tree>;
1017
1018 chkp_bounds_map->put (node, val);
1019 }
1020
1021 /* Check if statically initialized variable VAR require
1022 static bounds initialization. If VAR is added into
1023 bounds initlization list then 1 is returned. Otherwise
1024 return 0. */
1025 extern bool
1026 chkp_register_var_initializer (tree var)
1027 {
1028 if (!flag_check_pointer_bounds
1029 || DECL_INITIAL (var) == error_mark_node)
1030 return false;
1031
1032 gcc_assert (TREE_CODE (var) == VAR_DECL);
1033 gcc_assert (DECL_INITIAL (var));
1034
1035 if (TREE_STATIC (var)
1036 && chkp_type_has_pointer (TREE_TYPE (var)))
1037 {
1038 varpool_node::get_create (var)->need_bounds_init = 1;
1039 return true;
1040 }
1041
1042 return false;
1043 }
1044
1045 /* Helper function for chkp_finish_file.
1046
1047 Add new modification statement (RHS is assigned to LHS)
1048 into list of static initializer statementes (passed in ARG).
1049 If statements list becomes too big, emit checker constructor
1050 and start the new one. */
1051 static void
1052 chkp_add_modification_to_stmt_list (tree lhs,
1053 tree rhs,
1054 void *arg)
1055 {
1056 struct chkp_ctor_stmt_list *stmts = (struct chkp_ctor_stmt_list *)arg;
1057 tree modify;
1058
1059 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
1060 rhs = build1 (CONVERT_EXPR, TREE_TYPE (lhs), rhs);
1061
1062 modify = build2 (MODIFY_EXPR, TREE_TYPE (lhs), lhs, rhs);
1063 append_to_statement_list (modify, &stmts->stmts);
1064
1065 stmts->avail--;
1066 }
1067
1068 /* Build and return ADDR_EXPR for specified object OBJ. */
1069 static tree
1070 chkp_build_addr_expr (tree obj)
1071 {
1072 return TREE_CODE (obj) == TARGET_MEM_REF
1073 ? tree_mem_ref_addr (ptr_type_node, obj)
1074 : build_fold_addr_expr (obj);
1075 }
1076
1077 /* Helper function for chkp_finish_file.
1078 Initialize bound variable BND_VAR with bounds of variable
1079 VAR to statements list STMTS. If statements list becomes
1080 too big, emit checker constructor and start the new one. */
1081 static void
1082 chkp_output_static_bounds (tree bnd_var, tree var,
1083 struct chkp_ctor_stmt_list *stmts)
1084 {
1085 tree lb, ub, size;
1086
1087 if (TREE_CODE (var) == STRING_CST)
1088 {
1089 lb = build1 (CONVERT_EXPR, size_type_node, chkp_build_addr_expr (var));
1090 size = build_int_cst (size_type_node, TREE_STRING_LENGTH (var) - 1);
1091 }
1092 else if (DECL_SIZE (var)
1093 && !chkp_variable_size_type (TREE_TYPE (var)))
1094 {
1095 /* Compute bounds using statically known size. */
1096 lb = build1 (CONVERT_EXPR, size_type_node, chkp_build_addr_expr (var));
1097 size = size_binop (MINUS_EXPR, DECL_SIZE_UNIT (var), size_one_node);
1098 }
1099 else
1100 {
1101 /* Compute bounds using dynamic size. */
1102 tree call;
1103
1104 lb = build1 (CONVERT_EXPR, size_type_node, chkp_build_addr_expr (var));
1105 call = build1 (ADDR_EXPR,
1106 build_pointer_type (TREE_TYPE (chkp_sizeof_fndecl)),
1107 chkp_sizeof_fndecl);
1108 size = build_call_nary (TREE_TYPE (TREE_TYPE (chkp_sizeof_fndecl)),
1109 call, 1, var);
1110
1111 if (flag_chkp_zero_dynamic_size_as_infinite)
1112 {
1113 tree max_size, cond;
1114
1115 max_size = build2 (MINUS_EXPR, size_type_node, size_zero_node, lb);
1116 cond = build2 (NE_EXPR, boolean_type_node, size, size_zero_node);
1117 size = build3 (COND_EXPR, size_type_node, cond, size, max_size);
1118 }
1119
1120 size = size_binop (MINUS_EXPR, size, size_one_node);
1121 }
1122
1123 ub = size_binop (PLUS_EXPR, lb, size);
1124 stmts->avail -= targetm.chkp_initialize_bounds (bnd_var, lb, ub,
1125 &stmts->stmts);
1126 if (stmts->avail <= 0)
1127 {
1128 cgraph_build_static_cdtor ('B', stmts->stmts,
1129 MAX_RESERVED_INIT_PRIORITY + 2);
1130 stmts->avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
1131 stmts->stmts = NULL;
1132 }
1133 }
1134
1135 /* Return entry block to be used for checker initilization code.
1136 Create new block if required. */
1137 static basic_block
1138 chkp_get_entry_block (void)
1139 {
1140 if (!entry_block)
1141 entry_block
1142 = split_block_after_labels (ENTRY_BLOCK_PTR_FOR_FN (cfun))->dest;
1143
1144 return entry_block;
1145 }
1146
1147 /* Return a bounds var to be used for pointer var PTR_VAR. */
1148 static tree
1149 chkp_get_bounds_var (tree ptr_var)
1150 {
1151 tree bnd_var;
1152 tree *slot;
1153
1154 slot = chkp_bound_vars->get (ptr_var);
1155 if (slot)
1156 bnd_var = *slot;
1157 else
1158 {
1159 bnd_var = create_tmp_reg (pointer_bounds_type_node,
1160 CHKP_BOUND_TMP_NAME);
1161 chkp_bound_vars->put (ptr_var, bnd_var);
1162 }
1163
1164 return bnd_var;
1165 }
1166
1167 /* If BND is an abnormal bounds copy, return a copied value.
1168 Otherwise return BND. */
1169 static tree
1170 chkp_get_orginal_bounds_for_abnormal_copy (tree bnd)
1171 {
1172 if (bitmap_bit_p (chkp_abnormal_copies, SSA_NAME_VERSION (bnd)))
1173 {
1174 gimple bnd_def = SSA_NAME_DEF_STMT (bnd);
1175 gcc_checking_assert (gimple_code (bnd_def) == GIMPLE_ASSIGN);
1176 bnd = gimple_assign_rhs1 (bnd_def);
1177 }
1178
1179 return bnd;
1180 }
1181
1182 /* Register bounds BND for object PTR in global bounds table.
1183 A copy of bounds may be created for abnormal ssa names.
1184 Returns bounds to use for PTR. */
1185 static tree
1186 chkp_maybe_copy_and_register_bounds (tree ptr, tree bnd)
1187 {
1188 bool abnormal_ptr;
1189
1190 if (!chkp_reg_bounds)
1191 return bnd;
1192
1193 /* Do nothing if bounds are incomplete_bounds
1194 because it means bounds will be recomputed. */
1195 if (bnd == incomplete_bounds)
1196 return bnd;
1197
1198 abnormal_ptr = (TREE_CODE (ptr) == SSA_NAME
1199 && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr)
1200 && gimple_code (SSA_NAME_DEF_STMT (ptr)) != GIMPLE_PHI);
1201
1202 /* A single bounds value may be reused multiple times for
1203 different pointer values. It may cause coalescing issues
1204 for abnormal SSA names. To avoid it we create a bounds
1205 copy in case it is computed for abnormal SSA name.
1206
1207 We also cannot reuse such created copies for other pointers */
1208 if (abnormal_ptr
1209 || bitmap_bit_p (chkp_abnormal_copies, SSA_NAME_VERSION (bnd)))
1210 {
1211 tree bnd_var = NULL_TREE;
1212
1213 if (abnormal_ptr)
1214 {
1215 if (SSA_NAME_VAR (ptr))
1216 bnd_var = chkp_get_bounds_var (SSA_NAME_VAR (ptr));
1217 }
1218 else
1219 bnd_var = chkp_get_tmp_var ();
1220
1221 /* For abnormal copies we may just find original
1222 bounds and use them. */
1223 if (!abnormal_ptr && !SSA_NAME_IS_DEFAULT_DEF (bnd))
1224 bnd = chkp_get_orginal_bounds_for_abnormal_copy (bnd);
1225 /* For undefined values we usually use none bounds
1226 value but in case of abnormal edge it may cause
1227 coalescing failures. Use default definition of
1228 bounds variable instead to avoid it. */
1229 else if (SSA_NAME_IS_DEFAULT_DEF (ptr)
1230 && TREE_CODE (SSA_NAME_VAR (ptr)) != PARM_DECL)
1231 {
1232 bnd = get_or_create_ssa_default_def (cfun, bnd_var);
1233
1234 if (dump_file && (dump_flags & TDF_DETAILS))
1235 {
1236 fprintf (dump_file, "Using default def bounds ");
1237 print_generic_expr (dump_file, bnd, 0);
1238 fprintf (dump_file, " for abnormal default def SSA name ");
1239 print_generic_expr (dump_file, ptr, 0);
1240 fprintf (dump_file, "\n");
1241 }
1242 }
1243 else
1244 {
1245 tree copy;
1246 gimple def = SSA_NAME_DEF_STMT (ptr);
1247 gimple assign;
1248 gimple_stmt_iterator gsi;
1249
1250 if (bnd_var)
1251 copy = make_ssa_name (bnd_var);
1252 else
1253 copy = make_temp_ssa_name (pointer_bounds_type_node,
1254 NULL,
1255 CHKP_BOUND_TMP_NAME);
1256 bnd = chkp_get_orginal_bounds_for_abnormal_copy (bnd);
1257 assign = gimple_build_assign (copy, bnd);
1258
1259 if (dump_file && (dump_flags & TDF_DETAILS))
1260 {
1261 fprintf (dump_file, "Creating a copy of bounds ");
1262 print_generic_expr (dump_file, bnd, 0);
1263 fprintf (dump_file, " for abnormal SSA name ");
1264 print_generic_expr (dump_file, ptr, 0);
1265 fprintf (dump_file, "\n");
1266 }
1267
1268 if (gimple_code (def) == GIMPLE_NOP)
1269 {
1270 gsi = gsi_last_bb (chkp_get_entry_block ());
1271 if (!gsi_end_p (gsi) && is_ctrl_stmt (gsi_stmt (gsi)))
1272 gsi_insert_before (&gsi, assign, GSI_CONTINUE_LINKING);
1273 else
1274 gsi_insert_after (&gsi, assign, GSI_CONTINUE_LINKING);
1275 }
1276 else
1277 {
1278 gimple bnd_def = SSA_NAME_DEF_STMT (bnd);
1279 /* Sometimes (e.g. when we load a pointer from a
1280 memory) bounds are produced later than a pointer.
1281 We need to insert bounds copy appropriately. */
1282 if (gimple_code (bnd_def) != GIMPLE_NOP
1283 && stmt_dominates_stmt_p (def, bnd_def))
1284 gsi = gsi_for_stmt (bnd_def);
1285 else
1286 gsi = gsi_for_stmt (def);
1287 gsi_insert_after (&gsi, assign, GSI_CONTINUE_LINKING);
1288 }
1289
1290 bnd = copy;
1291 }
1292
1293 if (abnormal_ptr)
1294 bitmap_set_bit (chkp_abnormal_copies, SSA_NAME_VERSION (bnd));
1295 }
1296
1297 chkp_reg_bounds->put (ptr, bnd);
1298
1299 if (dump_file && (dump_flags & TDF_DETAILS))
1300 {
1301 fprintf (dump_file, "Regsitered bound ");
1302 print_generic_expr (dump_file, bnd, 0);
1303 fprintf (dump_file, " for pointer ");
1304 print_generic_expr (dump_file, ptr, 0);
1305 fprintf (dump_file, "\n");
1306 }
1307
1308 return bnd;
1309 }
1310
1311 /* Get bounds registered for object PTR in global bounds table. */
1312 static tree
1313 chkp_get_registered_bounds (tree ptr)
1314 {
1315 tree *slot;
1316
1317 if (!chkp_reg_bounds)
1318 return NULL_TREE;
1319
1320 slot = chkp_reg_bounds->get (ptr);
1321 return slot ? *slot : NULL_TREE;
1322 }
1323
1324 /* Add bound retvals to return statement pointed by GSI. */
1325
1326 static void
1327 chkp_add_bounds_to_ret_stmt (gimple_stmt_iterator *gsi)
1328 {
1329 greturn *ret = as_a <greturn *> (gsi_stmt (*gsi));
1330 tree retval = gimple_return_retval (ret);
1331 tree ret_decl = DECL_RESULT (cfun->decl);
1332 tree bounds;
1333
1334 if (!retval)
1335 return;
1336
1337 if (BOUNDED_P (ret_decl))
1338 {
1339 bounds = chkp_find_bounds (retval, gsi);
1340 bounds = chkp_maybe_copy_and_register_bounds (ret_decl, bounds);
1341 gimple_return_set_retbnd (ret, bounds);
1342 }
1343
1344 update_stmt (ret);
1345 }
1346
1347 /* Force OP to be suitable for using as an argument for call.
1348 New statements (if any) go to SEQ. */
1349 static tree
1350 chkp_force_gimple_call_op (tree op, gimple_seq *seq)
1351 {
1352 gimple_seq stmts;
1353 gimple_stmt_iterator si;
1354
1355 op = force_gimple_operand (unshare_expr (op), &stmts, true, NULL_TREE);
1356
1357 for (si = gsi_start (stmts); !gsi_end_p (si); gsi_next (&si))
1358 chkp_mark_stmt (gsi_stmt (si));
1359
1360 gimple_seq_add_seq (seq, stmts);
1361
1362 return op;
1363 }
1364
1365 /* Generate lower bound check for memory access by ADDR.
1366 Check is inserted before the position pointed by ITER.
1367 DIRFLAG indicates whether memory access is load or store. */
1368 static void
1369 chkp_check_lower (tree addr, tree bounds,
1370 gimple_stmt_iterator iter,
1371 location_t location,
1372 tree dirflag)
1373 {
1374 gimple_seq seq;
1375 gimple check;
1376 tree node;
1377
1378 if (!chkp_function_instrumented_p (current_function_decl)
1379 && bounds == chkp_get_zero_bounds ())
1380 return;
1381
1382 if (dirflag == integer_zero_node
1383 && !flag_chkp_check_read)
1384 return;
1385
1386 if (dirflag == integer_one_node
1387 && !flag_chkp_check_write)
1388 return;
1389
1390 seq = NULL;
1391
1392 node = chkp_force_gimple_call_op (addr, &seq);
1393
1394 check = gimple_build_call (chkp_checkl_fndecl, 2, node, bounds);
1395 chkp_mark_stmt (check);
1396 gimple_call_set_with_bounds (check, true);
1397 gimple_set_location (check, location);
1398 gimple_seq_add_stmt (&seq, check);
1399
1400 gsi_insert_seq_before (&iter, seq, GSI_SAME_STMT);
1401
1402 if (dump_file && (dump_flags & TDF_DETAILS))
1403 {
1404 gimple before = gsi_stmt (iter);
1405 fprintf (dump_file, "Generated lower bound check for statement ");
1406 print_gimple_stmt (dump_file, before, 0, TDF_VOPS|TDF_MEMSYMS);
1407 fprintf (dump_file, " ");
1408 print_gimple_stmt (dump_file, check, 0, TDF_VOPS|TDF_MEMSYMS);
1409 }
1410 }
1411
1412 /* Generate upper bound check for memory access by ADDR.
1413 Check is inserted before the position pointed by ITER.
1414 DIRFLAG indicates whether memory access is load or store. */
1415 static void
1416 chkp_check_upper (tree addr, tree bounds,
1417 gimple_stmt_iterator iter,
1418 location_t location,
1419 tree dirflag)
1420 {
1421 gimple_seq seq;
1422 gimple check;
1423 tree node;
1424
1425 if (!chkp_function_instrumented_p (current_function_decl)
1426 && bounds == chkp_get_zero_bounds ())
1427 return;
1428
1429 if (dirflag == integer_zero_node
1430 && !flag_chkp_check_read)
1431 return;
1432
1433 if (dirflag == integer_one_node
1434 && !flag_chkp_check_write)
1435 return;
1436
1437 seq = NULL;
1438
1439 node = chkp_force_gimple_call_op (addr, &seq);
1440
1441 check = gimple_build_call (chkp_checku_fndecl, 2, node, bounds);
1442 chkp_mark_stmt (check);
1443 gimple_call_set_with_bounds (check, true);
1444 gimple_set_location (check, location);
1445 gimple_seq_add_stmt (&seq, check);
1446
1447 gsi_insert_seq_before (&iter, seq, GSI_SAME_STMT);
1448
1449 if (dump_file && (dump_flags & TDF_DETAILS))
1450 {
1451 gimple before = gsi_stmt (iter);
1452 fprintf (dump_file, "Generated upper bound check for statement ");
1453 print_gimple_stmt (dump_file, before, 0, TDF_VOPS|TDF_MEMSYMS);
1454 fprintf (dump_file, " ");
1455 print_gimple_stmt (dump_file, check, 0, TDF_VOPS|TDF_MEMSYMS);
1456 }
1457 }
1458
1459 /* Generate lower and upper bound checks for memory access
1460 to memory slot [FIRST, LAST] againsr BOUNDS. Checks
1461 are inserted before the position pointed by ITER.
1462 DIRFLAG indicates whether memory access is load or store. */
1463 void
1464 chkp_check_mem_access (tree first, tree last, tree bounds,
1465 gimple_stmt_iterator iter,
1466 location_t location,
1467 tree dirflag)
1468 {
1469 chkp_check_lower (first, bounds, iter, location, dirflag);
1470 chkp_check_upper (last, bounds, iter, location, dirflag);
1471 }
1472
1473 /* Replace call to _bnd_chk_* pointed by GSI with
1474 bndcu and bndcl calls. DIRFLAG determines whether
1475 check is for read or write. */
1476
1477 void
1478 chkp_replace_address_check_builtin (gimple_stmt_iterator *gsi,
1479 tree dirflag)
1480 {
1481 gimple_stmt_iterator call_iter = *gsi;
1482 gimple call = gsi_stmt (*gsi);
1483 tree fndecl = gimple_call_fndecl (call);
1484 tree addr = gimple_call_arg (call, 0);
1485 tree bounds = chkp_find_bounds (addr, gsi);
1486
1487 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_LBOUNDS
1488 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_BOUNDS)
1489 chkp_check_lower (addr, bounds, *gsi, gimple_location (call), dirflag);
1490
1491 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_UBOUNDS)
1492 chkp_check_upper (addr, bounds, *gsi, gimple_location (call), dirflag);
1493
1494 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_BOUNDS)
1495 {
1496 tree size = gimple_call_arg (call, 1);
1497 addr = fold_build_pointer_plus (addr, size);
1498 addr = fold_build_pointer_plus_hwi (addr, -1);
1499 chkp_check_upper (addr, bounds, *gsi, gimple_location (call), dirflag);
1500 }
1501
1502 gsi_remove (&call_iter, true);
1503 }
1504
1505 /* Replace call to _bnd_get_ptr_* pointed by GSI with
1506 corresponding bounds extract call. */
1507
1508 void
1509 chkp_replace_extract_builtin (gimple_stmt_iterator *gsi)
1510 {
1511 gimple call = gsi_stmt (*gsi);
1512 tree fndecl = gimple_call_fndecl (call);
1513 tree addr = gimple_call_arg (call, 0);
1514 tree bounds = chkp_find_bounds (addr, gsi);
1515 gimple extract;
1516
1517 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_LBOUND)
1518 fndecl = chkp_extract_lower_fndecl;
1519 else if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_UBOUND)
1520 fndecl = chkp_extract_upper_fndecl;
1521 else
1522 gcc_unreachable ();
1523
1524 extract = gimple_build_call (fndecl, 1, bounds);
1525 gimple_call_set_lhs (extract, gimple_call_lhs (call));
1526 chkp_mark_stmt (extract);
1527
1528 gsi_replace (gsi, extract, false);
1529 }
1530
1531 /* Return COMPONENT_REF accessing FIELD in OBJ. */
1532 static tree
1533 chkp_build_component_ref (tree obj, tree field)
1534 {
1535 tree res;
1536
1537 /* If object is TMR then we do not use component_ref but
1538 add offset instead. We need it to be able to get addr
1539 of the reasult later. */
1540 if (TREE_CODE (obj) == TARGET_MEM_REF)
1541 {
1542 tree offs = TMR_OFFSET (obj);
1543 offs = fold_binary_to_constant (PLUS_EXPR, TREE_TYPE (offs),
1544 offs, DECL_FIELD_OFFSET (field));
1545
1546 gcc_assert (offs);
1547
1548 res = copy_node (obj);
1549 TREE_TYPE (res) = TREE_TYPE (field);
1550 TMR_OFFSET (res) = offs;
1551 }
1552 else
1553 res = build3 (COMPONENT_REF, TREE_TYPE (field), obj, field, NULL_TREE);
1554
1555 return res;
1556 }
1557
1558 /* Return ARRAY_REF for array ARR and index IDX with
1559 specified element type ETYPE and element size ESIZE. */
1560 static tree
1561 chkp_build_array_ref (tree arr, tree etype, tree esize,
1562 unsigned HOST_WIDE_INT idx)
1563 {
1564 tree index = build_int_cst (size_type_node, idx);
1565 tree res;
1566
1567 /* If object is TMR then we do not use array_ref but
1568 add offset instead. We need it to be able to get addr
1569 of the reasult later. */
1570 if (TREE_CODE (arr) == TARGET_MEM_REF)
1571 {
1572 tree offs = TMR_OFFSET (arr);
1573
1574 esize = fold_binary_to_constant (MULT_EXPR, TREE_TYPE (esize),
1575 esize, index);
1576 gcc_assert(esize);
1577
1578 offs = fold_binary_to_constant (PLUS_EXPR, TREE_TYPE (offs),
1579 offs, esize);
1580 gcc_assert (offs);
1581
1582 res = copy_node (arr);
1583 TREE_TYPE (res) = etype;
1584 TMR_OFFSET (res) = offs;
1585 }
1586 else
1587 res = build4 (ARRAY_REF, etype, arr, index, NULL_TREE, NULL_TREE);
1588
1589 return res;
1590 }
1591
1592 /* Helper function for chkp_add_bounds_to_call_stmt.
1593 Fill ALL_BOUNDS output array with created bounds.
1594
1595 OFFS is used for recursive calls and holds basic
1596 offset of TYPE in outer structure in bits.
1597
1598 ITER points a position where bounds are searched.
1599
1600 ALL_BOUNDS[i] is filled with elem bounds if there
1601 is a field in TYPE which has pointer type and offset
1602 equal to i * POINTER_SIZE in bits. */
1603 static void
1604 chkp_find_bounds_for_elem (tree elem, tree *all_bounds,
1605 HOST_WIDE_INT offs,
1606 gimple_stmt_iterator *iter)
1607 {
1608 tree type = TREE_TYPE (elem);
1609
1610 if (BOUNDED_TYPE_P (type))
1611 {
1612 if (!all_bounds[offs / POINTER_SIZE])
1613 {
1614 tree temp = make_temp_ssa_name (type, NULL, "");
1615 gimple assign = gimple_build_assign (temp, elem);
1616 gimple_stmt_iterator gsi;
1617
1618 gsi_insert_before (iter, assign, GSI_SAME_STMT);
1619 gsi = gsi_for_stmt (assign);
1620
1621 all_bounds[offs / POINTER_SIZE] = chkp_find_bounds (temp, &gsi);
1622 }
1623 }
1624 else if (RECORD_OR_UNION_TYPE_P (type))
1625 {
1626 tree field;
1627
1628 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
1629 if (TREE_CODE (field) == FIELD_DECL)
1630 {
1631 tree base = unshare_expr (elem);
1632 tree field_ref = chkp_build_component_ref (base, field);
1633 HOST_WIDE_INT field_offs
1634 = TREE_INT_CST_LOW (DECL_FIELD_BIT_OFFSET (field));
1635 if (DECL_FIELD_OFFSET (field))
1636 field_offs += TREE_INT_CST_LOW (DECL_FIELD_OFFSET (field)) * 8;
1637
1638 chkp_find_bounds_for_elem (field_ref, all_bounds,
1639 offs + field_offs, iter);
1640 }
1641 }
1642 else if (TREE_CODE (type) == ARRAY_TYPE)
1643 {
1644 tree maxval = TYPE_MAX_VALUE (TYPE_DOMAIN (type));
1645 tree etype = TREE_TYPE (type);
1646 HOST_WIDE_INT esize = TREE_INT_CST_LOW (TYPE_SIZE (etype));
1647 unsigned HOST_WIDE_INT cur;
1648
1649 if (!maxval || integer_minus_onep (maxval))
1650 return;
1651
1652 for (cur = 0; cur <= TREE_INT_CST_LOW (maxval); cur++)
1653 {
1654 tree base = unshare_expr (elem);
1655 tree arr_elem = chkp_build_array_ref (base, etype,
1656 TYPE_SIZE (etype),
1657 cur);
1658 chkp_find_bounds_for_elem (arr_elem, all_bounds, offs + cur * esize,
1659 iter);
1660 }
1661 }
1662 }
1663
1664 /* Fill HAVE_BOUND output bitmap with information about
1665 bounds requred for object of type TYPE.
1666
1667 OFFS is used for recursive calls and holds basic
1668 offset of TYPE in outer structure in bits.
1669
1670 HAVE_BOUND[i] is set to 1 if there is a field
1671 in TYPE which has pointer type and offset
1672 equal to i * POINTER_SIZE - OFFS in bits. */
1673 void
1674 chkp_find_bound_slots_1 (const_tree type, bitmap have_bound,
1675 HOST_WIDE_INT offs)
1676 {
1677 if (BOUNDED_TYPE_P (type))
1678 bitmap_set_bit (have_bound, offs / POINTER_SIZE);
1679 else if (RECORD_OR_UNION_TYPE_P (type))
1680 {
1681 tree field;
1682
1683 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
1684 if (TREE_CODE (field) == FIELD_DECL)
1685 {
1686 HOST_WIDE_INT field_offs
1687 = TREE_INT_CST_LOW (DECL_FIELD_BIT_OFFSET (field));
1688 if (DECL_FIELD_OFFSET (field))
1689 field_offs += TREE_INT_CST_LOW (DECL_FIELD_OFFSET (field)) * 8;
1690 chkp_find_bound_slots_1 (TREE_TYPE (field), have_bound,
1691 offs + field_offs);
1692 }
1693 }
1694 else if (TREE_CODE (type) == ARRAY_TYPE)
1695 {
1696 tree maxval = TYPE_MAX_VALUE (TYPE_DOMAIN (type));
1697 tree etype = TREE_TYPE (type);
1698 HOST_WIDE_INT esize = TREE_INT_CST_LOW (TYPE_SIZE (etype));
1699 unsigned HOST_WIDE_INT cur;
1700
1701 if (!maxval
1702 || TREE_CODE (maxval) != INTEGER_CST
1703 || integer_minus_onep (maxval))
1704 return;
1705
1706 for (cur = 0; cur <= TREE_INT_CST_LOW (maxval); cur++)
1707 chkp_find_bound_slots_1 (etype, have_bound, offs + cur * esize);
1708 }
1709 }
1710
1711 /* Fill bitmap RES with information about bounds for
1712 type TYPE. See chkp_find_bound_slots_1 for more
1713 details. */
1714 void
1715 chkp_find_bound_slots (const_tree type, bitmap res)
1716 {
1717 bitmap_clear (res);
1718 chkp_find_bound_slots_1 (type, res, 0);
1719 }
1720
1721 /* Return 1 if call to FNDECL should be instrumented
1722 and 0 otherwise. */
1723
1724 static bool
1725 chkp_instrument_normal_builtin (tree fndecl)
1726 {
1727 switch (DECL_FUNCTION_CODE (fndecl))
1728 {
1729 case BUILT_IN_STRLEN:
1730 case BUILT_IN_STRCPY:
1731 case BUILT_IN_STRNCPY:
1732 case BUILT_IN_STPCPY:
1733 case BUILT_IN_STPNCPY:
1734 case BUILT_IN_STRCAT:
1735 case BUILT_IN_STRNCAT:
1736 case BUILT_IN_MEMCPY:
1737 case BUILT_IN_MEMPCPY:
1738 case BUILT_IN_MEMSET:
1739 case BUILT_IN_MEMMOVE:
1740 case BUILT_IN_BZERO:
1741 case BUILT_IN_STRCMP:
1742 case BUILT_IN_STRNCMP:
1743 case BUILT_IN_BCMP:
1744 case BUILT_IN_MEMCMP:
1745 case BUILT_IN_MEMCPY_CHK:
1746 case BUILT_IN_MEMPCPY_CHK:
1747 case BUILT_IN_MEMMOVE_CHK:
1748 case BUILT_IN_MEMSET_CHK:
1749 case BUILT_IN_STRCPY_CHK:
1750 case BUILT_IN_STRNCPY_CHK:
1751 case BUILT_IN_STPCPY_CHK:
1752 case BUILT_IN_STPNCPY_CHK:
1753 case BUILT_IN_STRCAT_CHK:
1754 case BUILT_IN_STRNCAT_CHK:
1755 case BUILT_IN_MALLOC:
1756 case BUILT_IN_CALLOC:
1757 case BUILT_IN_REALLOC:
1758 return 1;
1759
1760 default:
1761 return 0;
1762 }
1763 }
1764
1765 /* Add bound arguments to call statement pointed by GSI.
1766 Also performs a replacement of user checker builtins calls
1767 with internal ones. */
1768
1769 static void
1770 chkp_add_bounds_to_call_stmt (gimple_stmt_iterator *gsi)
1771 {
1772 gcall *call = as_a <gcall *> (gsi_stmt (*gsi));
1773 unsigned arg_no = 0;
1774 tree fndecl = gimple_call_fndecl (call);
1775 tree fntype;
1776 tree first_formal_arg;
1777 tree arg;
1778 bool use_fntype = false;
1779 tree op;
1780 ssa_op_iter iter;
1781 gcall *new_call;
1782
1783 /* Do nothing for internal functions. */
1784 if (gimple_call_internal_p (call))
1785 return;
1786
1787 fntype = TREE_TYPE (TREE_TYPE (gimple_call_fn (call)));
1788
1789 /* Do nothing if back-end builtin is called. */
1790 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_MD)
1791 return;
1792
1793 /* Do nothing for some middle-end builtins. */
1794 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1795 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_OBJECT_SIZE)
1796 return;
1797
1798 /* Do nothing for calls to not instrumentable functions. */
1799 if (fndecl && !chkp_instrumentable_p (fndecl))
1800 return;
1801
1802 /* Ignore CHKP_INIT_PTR_BOUNDS, CHKP_NULL_PTR_BOUNDS
1803 and CHKP_COPY_PTR_BOUNDS. */
1804 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1805 && (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_INIT_PTR_BOUNDS
1806 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_NULL_PTR_BOUNDS
1807 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_COPY_PTR_BOUNDS
1808 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_SET_PTR_BOUNDS))
1809 return;
1810
1811 /* Check user builtins are replaced with checks. */
1812 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1813 && (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_LBOUNDS
1814 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_UBOUNDS
1815 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_BOUNDS))
1816 {
1817 chkp_replace_address_check_builtin (gsi, integer_minus_one_node);
1818 return;
1819 }
1820
1821 /* Check user builtins are replaced with bound extract. */
1822 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1823 && (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_LBOUND
1824 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_UBOUND))
1825 {
1826 chkp_replace_extract_builtin (gsi);
1827 return;
1828 }
1829
1830 /* BUILT_IN_CHKP_NARROW_PTR_BOUNDS call is replaced with
1831 target narrow bounds call. */
1832 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1833 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_NARROW_PTR_BOUNDS)
1834 {
1835 tree arg = gimple_call_arg (call, 1);
1836 tree bounds = chkp_find_bounds (arg, gsi);
1837
1838 gimple_call_set_fndecl (call, chkp_narrow_bounds_fndecl);
1839 gimple_call_set_arg (call, 1, bounds);
1840 update_stmt (call);
1841
1842 return;
1843 }
1844
1845 /* BUILT_IN_CHKP_STORE_PTR_BOUNDS call is replaced with
1846 bndstx call. */
1847 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1848 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_STORE_PTR_BOUNDS)
1849 {
1850 tree addr = gimple_call_arg (call, 0);
1851 tree ptr = gimple_call_arg (call, 1);
1852 tree bounds = chkp_find_bounds (ptr, gsi);
1853 gimple_stmt_iterator iter = gsi_for_stmt (call);
1854
1855 chkp_build_bndstx (addr, ptr, bounds, gsi);
1856 gsi_remove (&iter, true);
1857
1858 return;
1859 }
1860
1861 if (!flag_chkp_instrument_calls)
1862 return;
1863
1864 /* We instrument only some subset of builtins. We also instrument
1865 builtin calls to be inlined. */
1866 if (fndecl
1867 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1868 && !chkp_instrument_normal_builtin (fndecl))
1869 {
1870 if (!lookup_attribute ("always_inline", DECL_ATTRIBUTES (fndecl)))
1871 return;
1872
1873 struct cgraph_node *clone = chkp_maybe_create_clone (fndecl);
1874 if (!clone
1875 || !gimple_has_body_p (clone->decl))
1876 return;
1877 }
1878
1879 /* If function decl is available then use it for
1880 formal arguments list. Otherwise use function type. */
1881 if (fndecl && DECL_ARGUMENTS (fndecl))
1882 first_formal_arg = DECL_ARGUMENTS (fndecl);
1883 else
1884 {
1885 first_formal_arg = TYPE_ARG_TYPES (fntype);
1886 use_fntype = true;
1887 }
1888
1889 /* Fill vector of new call args. */
1890 vec<tree> new_args = vNULL;
1891 new_args.create (gimple_call_num_args (call));
1892 arg = first_formal_arg;
1893 for (arg_no = 0; arg_no < gimple_call_num_args (call); arg_no++)
1894 {
1895 tree call_arg = gimple_call_arg (call, arg_no);
1896 tree type;
1897
1898 /* Get arg type using formal argument description
1899 or actual argument type. */
1900 if (arg)
1901 if (use_fntype)
1902 if (TREE_VALUE (arg) != void_type_node)
1903 {
1904 type = TREE_VALUE (arg);
1905 arg = TREE_CHAIN (arg);
1906 }
1907 else
1908 type = TREE_TYPE (call_arg);
1909 else
1910 {
1911 type = TREE_TYPE (arg);
1912 arg = TREE_CHAIN (arg);
1913 }
1914 else
1915 type = TREE_TYPE (call_arg);
1916
1917 new_args.safe_push (call_arg);
1918
1919 if (BOUNDED_TYPE_P (type)
1920 || pass_by_reference (NULL, TYPE_MODE (type), type, true))
1921 new_args.safe_push (chkp_find_bounds (call_arg, gsi));
1922 else if (chkp_type_has_pointer (type))
1923 {
1924 HOST_WIDE_INT max_bounds
1925 = TREE_INT_CST_LOW (TYPE_SIZE (type)) / POINTER_SIZE;
1926 tree *all_bounds = (tree *)xmalloc (sizeof (tree) * max_bounds);
1927 HOST_WIDE_INT bnd_no;
1928
1929 memset (all_bounds, 0, sizeof (tree) * max_bounds);
1930
1931 chkp_find_bounds_for_elem (call_arg, all_bounds, 0, gsi);
1932
1933 for (bnd_no = 0; bnd_no < max_bounds; bnd_no++)
1934 if (all_bounds[bnd_no])
1935 new_args.safe_push (all_bounds[bnd_no]);
1936
1937 free (all_bounds);
1938 }
1939 }
1940
1941 if (new_args.length () == gimple_call_num_args (call))
1942 new_call = call;
1943 else
1944 {
1945 new_call = gimple_build_call_vec (gimple_op (call, 1), new_args);
1946 gimple_call_set_lhs (new_call, gimple_call_lhs (call));
1947 gimple_call_copy_flags (new_call, call);
1948 gimple_call_set_chain (new_call, gimple_call_chain (call));
1949 }
1950 new_args.release ();
1951
1952 /* For direct calls fndecl is replaced with instrumented version. */
1953 if (fndecl)
1954 {
1955 tree new_decl = chkp_maybe_create_clone (fndecl)->decl;
1956 gimple_call_set_fndecl (new_call, new_decl);
1957 gimple_call_set_fntype (new_call, TREE_TYPE (new_decl));
1958 }
1959 /* For indirect call we should fix function pointer type if
1960 pass some bounds. */
1961 else if (new_call != call)
1962 {
1963 tree type = gimple_call_fntype (call);
1964 type = chkp_copy_function_type_adding_bounds (type);
1965 gimple_call_set_fntype (new_call, type);
1966 }
1967
1968 /* replace old call statement with the new one. */
1969 if (call != new_call)
1970 {
1971 FOR_EACH_SSA_TREE_OPERAND (op, call, iter, SSA_OP_ALL_DEFS)
1972 {
1973 SSA_NAME_DEF_STMT (op) = new_call;
1974 }
1975 gsi_replace (gsi, new_call, true);
1976 }
1977 else
1978 update_stmt (new_call);
1979
1980 gimple_call_set_with_bounds (new_call, true);
1981 }
1982
1983 /* Return constant static bounds var with specified bounds LB and UB.
1984 If such var does not exists then new var is created with specified NAME. */
1985 static tree
1986 chkp_make_static_const_bounds (HOST_WIDE_INT lb,
1987 HOST_WIDE_INT ub,
1988 const char *name)
1989 {
1990 tree id = get_identifier (name);
1991 tree var;
1992 varpool_node *node;
1993 symtab_node *snode;
1994
1995 var = build_decl (UNKNOWN_LOCATION, VAR_DECL, id,
1996 pointer_bounds_type_node);
1997 TREE_STATIC (var) = 1;
1998 TREE_PUBLIC (var) = 1;
1999
2000 /* With LTO we may have constant bounds already in varpool.
2001 Try to find it. */
2002 if ((snode = symtab_node::get_for_asmname (DECL_ASSEMBLER_NAME (var))))
2003 {
2004 /* We don't allow this symbol usage for non bounds. */
2005 if (snode->type != SYMTAB_VARIABLE
2006 || !POINTER_BOUNDS_P (snode->decl))
2007 sorry ("-fcheck-pointer-bounds requires '%s' "
2008 "name for internal usage",
2009 IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (var)));
2010
2011 return snode->decl;
2012 }
2013
2014 TREE_USED (var) = 1;
2015 TREE_READONLY (var) = 1;
2016 TREE_ADDRESSABLE (var) = 0;
2017 DECL_ARTIFICIAL (var) = 1;
2018 DECL_READ_P (var) = 1;
2019 DECL_INITIAL (var) = targetm.chkp_make_bounds_constant (lb, ub);
2020 make_decl_one_only (var, DECL_ASSEMBLER_NAME (var));
2021 /* We may use this symbol during ctors generation in chkp_finish_file
2022 when all symbols are emitted. Force output to avoid undefined
2023 symbols in ctors. */
2024 node = varpool_node::get_create (var);
2025 node->force_output = 1;
2026
2027 varpool_node::finalize_decl (var);
2028
2029 return var;
2030 }
2031
2032 /* Generate code to make bounds with specified lower bound LB and SIZE.
2033 if AFTER is 1 then code is inserted after position pointed by ITER
2034 otherwise code is inserted before position pointed by ITER.
2035 If ITER is NULL then code is added to entry block. */
2036 static tree
2037 chkp_make_bounds (tree lb, tree size, gimple_stmt_iterator *iter, bool after)
2038 {
2039 gimple_seq seq;
2040 gimple_stmt_iterator gsi;
2041 gimple stmt;
2042 tree bounds;
2043
2044 if (iter)
2045 gsi = *iter;
2046 else
2047 gsi = gsi_start_bb (chkp_get_entry_block ());
2048
2049 seq = NULL;
2050
2051 lb = chkp_force_gimple_call_op (lb, &seq);
2052 size = chkp_force_gimple_call_op (size, &seq);
2053
2054 stmt = gimple_build_call (chkp_bndmk_fndecl, 2, lb, size);
2055 chkp_mark_stmt (stmt);
2056
2057 bounds = chkp_get_tmp_reg (stmt);
2058 gimple_call_set_lhs (stmt, bounds);
2059
2060 gimple_seq_add_stmt (&seq, stmt);
2061
2062 if (iter && after)
2063 gsi_insert_seq_after (&gsi, seq, GSI_SAME_STMT);
2064 else
2065 gsi_insert_seq_before (&gsi, seq, GSI_SAME_STMT);
2066
2067 if (dump_file && (dump_flags & TDF_DETAILS))
2068 {
2069 fprintf (dump_file, "Made bounds: ");
2070 print_gimple_stmt (dump_file, stmt, 0, TDF_VOPS|TDF_MEMSYMS);
2071 if (iter)
2072 {
2073 fprintf (dump_file, " inserted before statement: ");
2074 print_gimple_stmt (dump_file, gsi_stmt (*iter), 0, TDF_VOPS|TDF_MEMSYMS);
2075 }
2076 else
2077 fprintf (dump_file, " at function entry\n");
2078 }
2079
2080 /* update_stmt (stmt); */
2081
2082 return bounds;
2083 }
2084
2085 /* Return var holding zero bounds. */
2086 tree
2087 chkp_get_zero_bounds_var (void)
2088 {
2089 if (!chkp_zero_bounds_var)
2090 chkp_zero_bounds_var
2091 = chkp_make_static_const_bounds (0, -1,
2092 CHKP_ZERO_BOUNDS_VAR_NAME);
2093 return chkp_zero_bounds_var;
2094 }
2095
2096 /* Return var holding none bounds. */
2097 tree
2098 chkp_get_none_bounds_var (void)
2099 {
2100 if (!chkp_none_bounds_var)
2101 chkp_none_bounds_var
2102 = chkp_make_static_const_bounds (-1, 0,
2103 CHKP_NONE_BOUNDS_VAR_NAME);
2104 return chkp_none_bounds_var;
2105 }
2106
2107 /* Return SSA_NAME used to represent zero bounds. */
2108 static tree
2109 chkp_get_zero_bounds (void)
2110 {
2111 if (zero_bounds)
2112 return zero_bounds;
2113
2114 if (dump_file && (dump_flags & TDF_DETAILS))
2115 fprintf (dump_file, "Creating zero bounds...");
2116
2117 if ((flag_chkp_use_static_bounds && flag_chkp_use_static_const_bounds)
2118 || flag_chkp_use_static_const_bounds > 0)
2119 {
2120 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
2121 gimple stmt;
2122
2123 zero_bounds = chkp_get_tmp_reg (NULL);
2124 stmt = gimple_build_assign (zero_bounds, chkp_get_zero_bounds_var ());
2125 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
2126 }
2127 else
2128 zero_bounds = chkp_make_bounds (integer_zero_node,
2129 integer_zero_node,
2130 NULL,
2131 false);
2132
2133 return zero_bounds;
2134 }
2135
2136 /* Return SSA_NAME used to represent none bounds. */
2137 static tree
2138 chkp_get_none_bounds (void)
2139 {
2140 if (none_bounds)
2141 return none_bounds;
2142
2143 if (dump_file && (dump_flags & TDF_DETAILS))
2144 fprintf (dump_file, "Creating none bounds...");
2145
2146
2147 if ((flag_chkp_use_static_bounds && flag_chkp_use_static_const_bounds)
2148 || flag_chkp_use_static_const_bounds > 0)
2149 {
2150 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
2151 gimple stmt;
2152
2153 none_bounds = chkp_get_tmp_reg (NULL);
2154 stmt = gimple_build_assign (none_bounds, chkp_get_none_bounds_var ());
2155 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
2156 }
2157 else
2158 none_bounds = chkp_make_bounds (integer_minus_one_node,
2159 build_int_cst (size_type_node, 2),
2160 NULL,
2161 false);
2162
2163 return none_bounds;
2164 }
2165
2166 /* Return bounds to be used as a result of operation which
2167 should not create poiunter (e.g. MULT_EXPR). */
2168 static tree
2169 chkp_get_invalid_op_bounds (void)
2170 {
2171 return chkp_get_zero_bounds ();
2172 }
2173
2174 /* Return bounds to be used for loads of non-pointer values. */
2175 static tree
2176 chkp_get_nonpointer_load_bounds (void)
2177 {
2178 return chkp_get_zero_bounds ();
2179 }
2180
2181 /* Return 1 if may use bndret call to get bounds for pointer
2182 returned by CALL. */
2183 static bool
2184 chkp_call_returns_bounds_p (gcall *call)
2185 {
2186 if (gimple_call_internal_p (call))
2187 return false;
2188
2189 if (gimple_call_builtin_p (call, BUILT_IN_CHKP_NARROW_PTR_BOUNDS)
2190 || chkp_gimple_call_builtin_p (call, BUILT_IN_CHKP_NARROW))
2191 return true;
2192
2193 if (gimple_call_with_bounds_p (call))
2194 return true;
2195
2196 tree fndecl = gimple_call_fndecl (call);
2197
2198 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_MD)
2199 return false;
2200
2201 if (fndecl && !chkp_instrumentable_p (fndecl))
2202 return false;
2203
2204 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
2205 {
2206 if (chkp_instrument_normal_builtin (fndecl))
2207 return true;
2208
2209 if (!lookup_attribute ("always_inline", DECL_ATTRIBUTES (fndecl)))
2210 return false;
2211
2212 struct cgraph_node *clone = chkp_maybe_create_clone (fndecl);
2213 return (clone && gimple_has_body_p (clone->decl));
2214 }
2215
2216 return true;
2217 }
2218
2219 /* Build bounds returned by CALL. */
2220 static tree
2221 chkp_build_returned_bound (gcall *call)
2222 {
2223 gimple_stmt_iterator gsi;
2224 tree bounds;
2225 gimple stmt;
2226 tree fndecl = gimple_call_fndecl (call);
2227 unsigned int retflags;
2228
2229 /* To avoid fixing alloca expands in targets we handle
2230 it separately. */
2231 if (fndecl
2232 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2233 && (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_ALLOCA
2234 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_ALLOCA_WITH_ALIGN))
2235 {
2236 tree size = gimple_call_arg (call, 0);
2237 tree lb = gimple_call_lhs (call);
2238 gimple_stmt_iterator iter = gsi_for_stmt (call);
2239 bounds = chkp_make_bounds (lb, size, &iter, true);
2240 }
2241 /* We know bounds returned by set_bounds builtin call. */
2242 else if (fndecl
2243 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2244 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_SET_PTR_BOUNDS)
2245 {
2246 tree lb = gimple_call_arg (call, 0);
2247 tree size = gimple_call_arg (call, 1);
2248 gimple_stmt_iterator iter = gsi_for_stmt (call);
2249 bounds = chkp_make_bounds (lb, size, &iter, true);
2250 }
2251 /* Detect bounds initialization calls. */
2252 else if (fndecl
2253 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2254 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_INIT_PTR_BOUNDS)
2255 bounds = chkp_get_zero_bounds ();
2256 /* Detect bounds nullification calls. */
2257 else if (fndecl
2258 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2259 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_NULL_PTR_BOUNDS)
2260 bounds = chkp_get_none_bounds ();
2261 /* Detect bounds copy calls. */
2262 else if (fndecl
2263 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2264 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_COPY_PTR_BOUNDS)
2265 {
2266 gimple_stmt_iterator iter = gsi_for_stmt (call);
2267 bounds = chkp_find_bounds (gimple_call_arg (call, 1), &iter);
2268 }
2269 /* Do not use retbnd when returned bounds are equal to some
2270 of passed bounds. */
2271 else if (((retflags = gimple_call_return_flags (call)) & ERF_RETURNS_ARG)
2272 && (retflags & ERF_RETURN_ARG_MASK) < gimple_call_num_args (call))
2273 {
2274 gimple_stmt_iterator iter = gsi_for_stmt (call);
2275 unsigned int retarg = retflags & ERF_RETURN_ARG_MASK, argno;
2276 if (gimple_call_with_bounds_p (call))
2277 {
2278 for (argno = 0; argno < gimple_call_num_args (call); argno++)
2279 if (!POINTER_BOUNDS_P (gimple_call_arg (call, argno)))
2280 {
2281 if (retarg)
2282 retarg--;
2283 else
2284 break;
2285 }
2286 }
2287 else
2288 argno = retarg;
2289
2290 bounds = chkp_find_bounds (gimple_call_arg (call, argno), &iter);
2291 }
2292 else if (chkp_call_returns_bounds_p (call))
2293 {
2294 gcc_assert (TREE_CODE (gimple_call_lhs (call)) == SSA_NAME);
2295
2296 /* In general case build checker builtin call to
2297 obtain returned bounds. */
2298 stmt = gimple_build_call (chkp_ret_bnd_fndecl, 1,
2299 gimple_call_lhs (call));
2300 chkp_mark_stmt (stmt);
2301
2302 gsi = gsi_for_stmt (call);
2303 gsi_insert_after (&gsi, stmt, GSI_SAME_STMT);
2304
2305 bounds = chkp_get_tmp_reg (stmt);
2306 gimple_call_set_lhs (stmt, bounds);
2307
2308 update_stmt (stmt);
2309 }
2310 else
2311 bounds = chkp_get_zero_bounds ();
2312
2313 if (dump_file && (dump_flags & TDF_DETAILS))
2314 {
2315 fprintf (dump_file, "Built returned bounds (");
2316 print_generic_expr (dump_file, bounds, 0);
2317 fprintf (dump_file, ") for call: ");
2318 print_gimple_stmt (dump_file, call, 0, TDF_VOPS|TDF_MEMSYMS);
2319 }
2320
2321 bounds = chkp_maybe_copy_and_register_bounds (gimple_call_lhs (call), bounds);
2322
2323 return bounds;
2324 }
2325
2326 /* Return bounds used as returned by call
2327 which produced SSA name VAL. */
2328 gcall *
2329 chkp_retbnd_call_by_val (tree val)
2330 {
2331 if (TREE_CODE (val) != SSA_NAME)
2332 return NULL;
2333
2334 gcc_assert (gimple_code (SSA_NAME_DEF_STMT (val)) == GIMPLE_CALL);
2335
2336 imm_use_iterator use_iter;
2337 use_operand_p use_p;
2338 FOR_EACH_IMM_USE_FAST (use_p, use_iter, val)
2339 if (gimple_code (USE_STMT (use_p)) == GIMPLE_CALL
2340 && gimple_call_fndecl (USE_STMT (use_p)) == chkp_ret_bnd_fndecl)
2341 return as_a <gcall *> (USE_STMT (use_p));
2342
2343 return NULL;
2344 }
2345
2346 /* Check the next parameter for the given PARM is bounds
2347 and return it's default SSA_NAME (create if required). */
2348 static tree
2349 chkp_get_next_bounds_parm (tree parm)
2350 {
2351 tree bounds = TREE_CHAIN (parm);
2352 gcc_assert (POINTER_BOUNDS_P (bounds));
2353 bounds = ssa_default_def (cfun, bounds);
2354 if (!bounds)
2355 {
2356 bounds = make_ssa_name (TREE_CHAIN (parm), gimple_build_nop ());
2357 set_ssa_default_def (cfun, TREE_CHAIN (parm), bounds);
2358 }
2359 return bounds;
2360 }
2361
2362 /* Return bounds to be used for input argument PARM. */
2363 static tree
2364 chkp_get_bound_for_parm (tree parm)
2365 {
2366 tree decl = SSA_NAME_VAR (parm);
2367 tree bounds;
2368
2369 gcc_assert (TREE_CODE (decl) == PARM_DECL);
2370
2371 bounds = chkp_get_registered_bounds (parm);
2372
2373 if (!bounds)
2374 bounds = chkp_get_registered_bounds (decl);
2375
2376 if (!bounds)
2377 {
2378 tree orig_decl = cgraph_node::get (cfun->decl)->orig_decl;
2379
2380 /* For static chain param we return zero bounds
2381 because currently we do not check dereferences
2382 of this pointer. */
2383 if (cfun->static_chain_decl == decl)
2384 bounds = chkp_get_zero_bounds ();
2385 /* If non instrumented runtime is used then it may be useful
2386 to use zero bounds for input arguments of main
2387 function. */
2388 else if (flag_chkp_zero_input_bounds_for_main
2389 && strcmp (IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (orig_decl)),
2390 "main") == 0)
2391 bounds = chkp_get_zero_bounds ();
2392 else if (BOUNDED_P (parm))
2393 {
2394 bounds = chkp_get_next_bounds_parm (decl);
2395 bounds = chkp_maybe_copy_and_register_bounds (decl, bounds);
2396
2397 if (dump_file && (dump_flags & TDF_DETAILS))
2398 {
2399 fprintf (dump_file, "Built arg bounds (");
2400 print_generic_expr (dump_file, bounds, 0);
2401 fprintf (dump_file, ") for arg: ");
2402 print_node (dump_file, "", decl, 0);
2403 }
2404 }
2405 else
2406 bounds = chkp_get_zero_bounds ();
2407 }
2408
2409 if (!chkp_get_registered_bounds (parm))
2410 bounds = chkp_maybe_copy_and_register_bounds (parm, bounds);
2411
2412 if (dump_file && (dump_flags & TDF_DETAILS))
2413 {
2414 fprintf (dump_file, "Using bounds ");
2415 print_generic_expr (dump_file, bounds, 0);
2416 fprintf (dump_file, " for parm ");
2417 print_generic_expr (dump_file, parm, 0);
2418 fprintf (dump_file, " of type ");
2419 print_generic_expr (dump_file, TREE_TYPE (parm), 0);
2420 fprintf (dump_file, ".\n");
2421 }
2422
2423 return bounds;
2424 }
2425
2426 /* Build and return CALL_EXPR for bndstx builtin with specified
2427 arguments. */
2428 tree
2429 chkp_build_bndldx_call (tree addr, tree ptr)
2430 {
2431 tree fn = build1 (ADDR_EXPR,
2432 build_pointer_type (TREE_TYPE (chkp_bndldx_fndecl)),
2433 chkp_bndldx_fndecl);
2434 tree call = build_call_nary (TREE_TYPE (TREE_TYPE (chkp_bndldx_fndecl)),
2435 fn, 2, addr, ptr);
2436 CALL_WITH_BOUNDS_P (call) = true;
2437 return call;
2438 }
2439
2440 /* Insert code to load bounds for PTR located by ADDR.
2441 Code is inserted after position pointed by GSI.
2442 Loaded bounds are returned. */
2443 static tree
2444 chkp_build_bndldx (tree addr, tree ptr, gimple_stmt_iterator *gsi)
2445 {
2446 gimple_seq seq;
2447 gimple stmt;
2448 tree bounds;
2449
2450 seq = NULL;
2451
2452 addr = chkp_force_gimple_call_op (addr, &seq);
2453 ptr = chkp_force_gimple_call_op (ptr, &seq);
2454
2455 stmt = gimple_build_call (chkp_bndldx_fndecl, 2, addr, ptr);
2456 chkp_mark_stmt (stmt);
2457 bounds = chkp_get_tmp_reg (stmt);
2458 gimple_call_set_lhs (stmt, bounds);
2459
2460 gimple_seq_add_stmt (&seq, stmt);
2461
2462 gsi_insert_seq_after (gsi, seq, GSI_CONTINUE_LINKING);
2463
2464 if (dump_file && (dump_flags & TDF_DETAILS))
2465 {
2466 fprintf (dump_file, "Generated bndldx for pointer ");
2467 print_generic_expr (dump_file, ptr, 0);
2468 fprintf (dump_file, ": ");
2469 print_gimple_stmt (dump_file, stmt, 0, TDF_VOPS|TDF_MEMSYMS);
2470 }
2471
2472 return bounds;
2473 }
2474
2475 /* Build and return CALL_EXPR for bndstx builtin with specified
2476 arguments. */
2477 tree
2478 chkp_build_bndstx_call (tree addr, tree ptr, tree bounds)
2479 {
2480 tree fn = build1 (ADDR_EXPR,
2481 build_pointer_type (TREE_TYPE (chkp_bndstx_fndecl)),
2482 chkp_bndstx_fndecl);
2483 tree call = build_call_nary (TREE_TYPE (TREE_TYPE (chkp_bndstx_fndecl)),
2484 fn, 3, ptr, bounds, addr);
2485 CALL_WITH_BOUNDS_P (call) = true;
2486 return call;
2487 }
2488
2489 /* Insert code to store BOUNDS for PTR stored by ADDR.
2490 New statements are inserted after position pointed
2491 by GSI. */
2492 void
2493 chkp_build_bndstx (tree addr, tree ptr, tree bounds,
2494 gimple_stmt_iterator *gsi)
2495 {
2496 gimple_seq seq;
2497 gimple stmt;
2498
2499 seq = NULL;
2500
2501 addr = chkp_force_gimple_call_op (addr, &seq);
2502 ptr = chkp_force_gimple_call_op (ptr, &seq);
2503
2504 stmt = gimple_build_call (chkp_bndstx_fndecl, 3, ptr, bounds, addr);
2505 chkp_mark_stmt (stmt);
2506 gimple_call_set_with_bounds (stmt, true);
2507
2508 gimple_seq_add_stmt (&seq, stmt);
2509
2510 gsi_insert_seq_after (gsi, seq, GSI_CONTINUE_LINKING);
2511
2512 if (dump_file && (dump_flags & TDF_DETAILS))
2513 {
2514 fprintf (dump_file, "Generated bndstx for pointer store ");
2515 print_gimple_stmt (dump_file, gsi_stmt (*gsi), 0, TDF_VOPS|TDF_MEMSYMS);
2516 print_gimple_stmt (dump_file, stmt, 2, TDF_VOPS|TDF_MEMSYMS);
2517 }
2518 }
2519
2520 /* Compute bounds for pointer NODE which was assigned in
2521 assignment statement ASSIGN. Return computed bounds. */
2522 static tree
2523 chkp_compute_bounds_for_assignment (tree node, gimple assign)
2524 {
2525 enum tree_code rhs_code = gimple_assign_rhs_code (assign);
2526 tree rhs1 = gimple_assign_rhs1 (assign);
2527 tree bounds = NULL_TREE;
2528 gimple_stmt_iterator iter = gsi_for_stmt (assign);
2529
2530 if (dump_file && (dump_flags & TDF_DETAILS))
2531 {
2532 fprintf (dump_file, "Computing bounds for assignment: ");
2533 print_gimple_stmt (dump_file, assign, 0, TDF_VOPS|TDF_MEMSYMS);
2534 }
2535
2536 switch (rhs_code)
2537 {
2538 case MEM_REF:
2539 case TARGET_MEM_REF:
2540 case COMPONENT_REF:
2541 case ARRAY_REF:
2542 /* We need to load bounds from the bounds table. */
2543 bounds = chkp_find_bounds_loaded (node, rhs1, &iter);
2544 break;
2545
2546 case VAR_DECL:
2547 case SSA_NAME:
2548 case ADDR_EXPR:
2549 case POINTER_PLUS_EXPR:
2550 case NOP_EXPR:
2551 case CONVERT_EXPR:
2552 case INTEGER_CST:
2553 /* Bounds are just propagated from RHS. */
2554 bounds = chkp_find_bounds (rhs1, &iter);
2555 break;
2556
2557 case VIEW_CONVERT_EXPR:
2558 /* Bounds are just propagated from RHS. */
2559 bounds = chkp_find_bounds (TREE_OPERAND (rhs1, 0), &iter);
2560 break;
2561
2562 case PARM_DECL:
2563 if (BOUNDED_P (rhs1))
2564 {
2565 /* We need to load bounds from the bounds table. */
2566 bounds = chkp_build_bndldx (chkp_build_addr_expr (rhs1),
2567 node, &iter);
2568 TREE_ADDRESSABLE (rhs1) = 1;
2569 }
2570 else
2571 bounds = chkp_get_nonpointer_load_bounds ();
2572 break;
2573
2574 case MINUS_EXPR:
2575 case PLUS_EXPR:
2576 case BIT_AND_EXPR:
2577 case BIT_IOR_EXPR:
2578 case BIT_XOR_EXPR:
2579 {
2580 tree rhs2 = gimple_assign_rhs2 (assign);
2581 tree bnd1 = chkp_find_bounds (rhs1, &iter);
2582 tree bnd2 = chkp_find_bounds (rhs2, &iter);
2583
2584 /* First we try to check types of operands. If it
2585 does not help then look at bound values.
2586
2587 If some bounds are incomplete and other are
2588 not proven to be valid (i.e. also incomplete
2589 or invalid because value is not pointer) then
2590 resulting value is incomplete and will be
2591 recomputed later in chkp_finish_incomplete_bounds. */
2592 if (BOUNDED_P (rhs1)
2593 && !BOUNDED_P (rhs2))
2594 bounds = bnd1;
2595 else if (BOUNDED_P (rhs2)
2596 && !BOUNDED_P (rhs1)
2597 && rhs_code != MINUS_EXPR)
2598 bounds = bnd2;
2599 else if (chkp_incomplete_bounds (bnd1))
2600 if (chkp_valid_bounds (bnd2) && rhs_code != MINUS_EXPR
2601 && !chkp_incomplete_bounds (bnd2))
2602 bounds = bnd2;
2603 else
2604 bounds = incomplete_bounds;
2605 else if (chkp_incomplete_bounds (bnd2))
2606 if (chkp_valid_bounds (bnd1)
2607 && !chkp_incomplete_bounds (bnd1))
2608 bounds = bnd1;
2609 else
2610 bounds = incomplete_bounds;
2611 else if (!chkp_valid_bounds (bnd1))
2612 if (chkp_valid_bounds (bnd2) && rhs_code != MINUS_EXPR)
2613 bounds = bnd2;
2614 else if (bnd2 == chkp_get_zero_bounds ())
2615 bounds = bnd2;
2616 else
2617 bounds = bnd1;
2618 else if (!chkp_valid_bounds (bnd2))
2619 bounds = bnd1;
2620 else
2621 /* Seems both operands may have valid bounds
2622 (e.g. pointer minus pointer). In such case
2623 use default invalid op bounds. */
2624 bounds = chkp_get_invalid_op_bounds ();
2625 }
2626 break;
2627
2628 case BIT_NOT_EXPR:
2629 case NEGATE_EXPR:
2630 case LSHIFT_EXPR:
2631 case RSHIFT_EXPR:
2632 case LROTATE_EXPR:
2633 case RROTATE_EXPR:
2634 case EQ_EXPR:
2635 case NE_EXPR:
2636 case LT_EXPR:
2637 case LE_EXPR:
2638 case GT_EXPR:
2639 case GE_EXPR:
2640 case MULT_EXPR:
2641 case RDIV_EXPR:
2642 case TRUNC_DIV_EXPR:
2643 case FLOOR_DIV_EXPR:
2644 case CEIL_DIV_EXPR:
2645 case ROUND_DIV_EXPR:
2646 case TRUNC_MOD_EXPR:
2647 case FLOOR_MOD_EXPR:
2648 case CEIL_MOD_EXPR:
2649 case ROUND_MOD_EXPR:
2650 case EXACT_DIV_EXPR:
2651 case FIX_TRUNC_EXPR:
2652 case FLOAT_EXPR:
2653 case REALPART_EXPR:
2654 case IMAGPART_EXPR:
2655 /* No valid bounds may be produced by these exprs. */
2656 bounds = chkp_get_invalid_op_bounds ();
2657 break;
2658
2659 case COND_EXPR:
2660 {
2661 tree val1 = gimple_assign_rhs2 (assign);
2662 tree val2 = gimple_assign_rhs3 (assign);
2663 tree bnd1 = chkp_find_bounds (val1, &iter);
2664 tree bnd2 = chkp_find_bounds (val2, &iter);
2665 gimple stmt;
2666
2667 if (chkp_incomplete_bounds (bnd1) || chkp_incomplete_bounds (bnd2))
2668 bounds = incomplete_bounds;
2669 else if (bnd1 == bnd2)
2670 bounds = bnd1;
2671 else
2672 {
2673 rhs1 = unshare_expr (rhs1);
2674
2675 bounds = chkp_get_tmp_reg (assign);
2676 stmt = gimple_build_assign (bounds, COND_EXPR, rhs1, bnd1, bnd2);
2677 gsi_insert_after (&iter, stmt, GSI_SAME_STMT);
2678
2679 if (!chkp_valid_bounds (bnd1) && !chkp_valid_bounds (bnd2))
2680 chkp_mark_invalid_bounds (bounds);
2681 }
2682 }
2683 break;
2684
2685 case MAX_EXPR:
2686 case MIN_EXPR:
2687 {
2688 tree rhs2 = gimple_assign_rhs2 (assign);
2689 tree bnd1 = chkp_find_bounds (rhs1, &iter);
2690 tree bnd2 = chkp_find_bounds (rhs2, &iter);
2691
2692 if (chkp_incomplete_bounds (bnd1) || chkp_incomplete_bounds (bnd2))
2693 bounds = incomplete_bounds;
2694 else if (bnd1 == bnd2)
2695 bounds = bnd1;
2696 else
2697 {
2698 gimple stmt;
2699 tree cond = build2 (rhs_code == MAX_EXPR ? GT_EXPR : LT_EXPR,
2700 boolean_type_node, rhs1, rhs2);
2701 bounds = chkp_get_tmp_reg (assign);
2702 stmt = gimple_build_assign (bounds, COND_EXPR, cond, bnd1, bnd2);
2703
2704 gsi_insert_after (&iter, stmt, GSI_SAME_STMT);
2705
2706 if (!chkp_valid_bounds (bnd1) && !chkp_valid_bounds (bnd2))
2707 chkp_mark_invalid_bounds (bounds);
2708 }
2709 }
2710 break;
2711
2712 default:
2713 bounds = chkp_get_zero_bounds ();
2714 warning (0, "pointer bounds were lost due to unexpected expression %s",
2715 get_tree_code_name (rhs_code));
2716 }
2717
2718 gcc_assert (bounds);
2719
2720 if (node)
2721 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2722
2723 return bounds;
2724 }
2725
2726 /* Compute bounds for ssa name NODE defined by DEF_STMT pointed by ITER.
2727
2728 There are just few statement codes allowed: NOP (for default ssa names),
2729 ASSIGN, CALL, PHI, ASM.
2730
2731 Return computed bounds. */
2732 static tree
2733 chkp_get_bounds_by_definition (tree node, gimple def_stmt,
2734 gphi_iterator *iter)
2735 {
2736 tree var, bounds;
2737 enum gimple_code code = gimple_code (def_stmt);
2738 gphi *stmt;
2739
2740 if (dump_file && (dump_flags & TDF_DETAILS))
2741 {
2742 fprintf (dump_file, "Searching for bounds for node: ");
2743 print_generic_expr (dump_file, node, 0);
2744
2745 fprintf (dump_file, " using its definition: ");
2746 print_gimple_stmt (dump_file, def_stmt, 0, TDF_VOPS|TDF_MEMSYMS);
2747 }
2748
2749 switch (code)
2750 {
2751 case GIMPLE_NOP:
2752 var = SSA_NAME_VAR (node);
2753 switch (TREE_CODE (var))
2754 {
2755 case PARM_DECL:
2756 bounds = chkp_get_bound_for_parm (node);
2757 break;
2758
2759 case VAR_DECL:
2760 /* For uninitialized pointers use none bounds. */
2761 bounds = chkp_get_none_bounds ();
2762 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2763 break;
2764
2765 case RESULT_DECL:
2766 {
2767 tree base_type;
2768
2769 gcc_assert (TREE_CODE (TREE_TYPE (node)) == REFERENCE_TYPE);
2770
2771 base_type = TREE_TYPE (TREE_TYPE (node));
2772
2773 gcc_assert (TYPE_SIZE (base_type)
2774 && TREE_CODE (TYPE_SIZE (base_type)) == INTEGER_CST
2775 && tree_to_uhwi (TYPE_SIZE (base_type)) != 0);
2776
2777 bounds = chkp_make_bounds (node, TYPE_SIZE_UNIT (base_type),
2778 NULL, false);
2779 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2780 }
2781 break;
2782
2783 default:
2784 if (dump_file && (dump_flags & TDF_DETAILS))
2785 {
2786 fprintf (dump_file, "Unexpected var with no definition\n");
2787 print_generic_expr (dump_file, var, 0);
2788 }
2789 internal_error ("chkp_get_bounds_by_definition: Unexpected var of type %s",
2790 get_tree_code_name (TREE_CODE (var)));
2791 }
2792 break;
2793
2794 case GIMPLE_ASSIGN:
2795 bounds = chkp_compute_bounds_for_assignment (node, def_stmt);
2796 break;
2797
2798 case GIMPLE_CALL:
2799 bounds = chkp_build_returned_bound (as_a <gcall *> (def_stmt));
2800 break;
2801
2802 case GIMPLE_PHI:
2803 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (node))
2804 if (SSA_NAME_VAR (node))
2805 var = chkp_get_bounds_var (SSA_NAME_VAR (node));
2806 else
2807 var = make_temp_ssa_name (pointer_bounds_type_node,
2808 NULL,
2809 CHKP_BOUND_TMP_NAME);
2810 else
2811 var = chkp_get_tmp_var ();
2812 stmt = create_phi_node (var, gimple_bb (def_stmt));
2813 bounds = gimple_phi_result (stmt);
2814 *iter = gsi_for_phi (stmt);
2815
2816 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2817
2818 /* Created bounds do not have all phi args computed and
2819 therefore we do not know if there is a valid source
2820 of bounds for that node. Therefore we mark bounds
2821 as incomplete and then recompute them when all phi
2822 args are computed. */
2823 chkp_register_incomplete_bounds (bounds, node);
2824 break;
2825
2826 case GIMPLE_ASM:
2827 bounds = chkp_get_zero_bounds ();
2828 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2829 break;
2830
2831 default:
2832 internal_error ("chkp_get_bounds_by_definition: Unexpected GIMPLE code %s",
2833 gimple_code_name[code]);
2834 }
2835
2836 return bounds;
2837 }
2838
2839 /* Return CALL_EXPR for bndmk with specified LOWER_BOUND and SIZE. */
2840 tree
2841 chkp_build_make_bounds_call (tree lower_bound, tree size)
2842 {
2843 tree call = build1 (ADDR_EXPR,
2844 build_pointer_type (TREE_TYPE (chkp_bndmk_fndecl)),
2845 chkp_bndmk_fndecl);
2846 return build_call_nary (TREE_TYPE (TREE_TYPE (chkp_bndmk_fndecl)),
2847 call, 2, lower_bound, size);
2848 }
2849
2850 /* Create static bounds var of specfified OBJ which is
2851 is either VAR_DECL or string constant. */
2852 static tree
2853 chkp_make_static_bounds (tree obj)
2854 {
2855 static int string_id = 1;
2856 static int var_id = 1;
2857 tree *slot;
2858 const char *var_name;
2859 char *bnd_var_name;
2860 tree bnd_var;
2861
2862 /* First check if we already have required var. */
2863 if (chkp_static_var_bounds)
2864 {
2865 /* For vars we use assembler name as a key in
2866 chkp_static_var_bounds map. It allows to
2867 avoid duplicating bound vars for decls
2868 sharing assembler name. */
2869 if (TREE_CODE (obj) == VAR_DECL)
2870 {
2871 tree name = DECL_ASSEMBLER_NAME (obj);
2872 slot = chkp_static_var_bounds->get (name);
2873 if (slot)
2874 return *slot;
2875 }
2876 else
2877 {
2878 slot = chkp_static_var_bounds->get (obj);
2879 if (slot)
2880 return *slot;
2881 }
2882 }
2883
2884 /* Build decl for bounds var. */
2885 if (TREE_CODE (obj) == VAR_DECL)
2886 {
2887 if (DECL_IGNORED_P (obj))
2888 {
2889 bnd_var_name = (char *) xmalloc (strlen (CHKP_VAR_BOUNDS_PREFIX) + 10);
2890 sprintf (bnd_var_name, "%s%d", CHKP_VAR_BOUNDS_PREFIX, var_id++);
2891 }
2892 else
2893 {
2894 var_name = IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (obj));
2895
2896 /* For hidden symbols we want to skip first '*' char. */
2897 if (*var_name == '*')
2898 var_name++;
2899
2900 bnd_var_name = (char *) xmalloc (strlen (var_name)
2901 + strlen (CHKP_BOUNDS_OF_SYMBOL_PREFIX) + 1);
2902 strcpy (bnd_var_name, CHKP_BOUNDS_OF_SYMBOL_PREFIX);
2903 strcat (bnd_var_name, var_name);
2904 }
2905
2906 bnd_var = build_decl (UNKNOWN_LOCATION, VAR_DECL,
2907 get_identifier (bnd_var_name),
2908 pointer_bounds_type_node);
2909
2910 /* Address of the obj will be used as lower bound. */
2911 TREE_ADDRESSABLE (obj) = 1;
2912 }
2913 else
2914 {
2915 bnd_var_name = (char *) xmalloc (strlen (CHKP_STRING_BOUNDS_PREFIX) + 10);
2916 sprintf (bnd_var_name, "%s%d", CHKP_STRING_BOUNDS_PREFIX, string_id++);
2917
2918 bnd_var = build_decl (UNKNOWN_LOCATION, VAR_DECL,
2919 get_identifier (bnd_var_name),
2920 pointer_bounds_type_node);
2921 }
2922
2923 TREE_PUBLIC (bnd_var) = 0;
2924 TREE_USED (bnd_var) = 1;
2925 TREE_READONLY (bnd_var) = 0;
2926 TREE_STATIC (bnd_var) = 1;
2927 TREE_ADDRESSABLE (bnd_var) = 0;
2928 DECL_ARTIFICIAL (bnd_var) = 1;
2929 DECL_COMMON (bnd_var) = 1;
2930 DECL_COMDAT (bnd_var) = 1;
2931 DECL_READ_P (bnd_var) = 1;
2932 DECL_INITIAL (bnd_var) = chkp_build_addr_expr (obj);
2933 /* Force output similar to constant bounds.
2934 See chkp_make_static_const_bounds. */
2935 varpool_node::get_create (bnd_var)->force_output = 1;
2936 /* Mark symbol as requiring bounds initialization. */
2937 varpool_node::get_create (bnd_var)->need_bounds_init = 1;
2938 varpool_node::finalize_decl (bnd_var);
2939
2940 /* Add created var to the map to use it for other references
2941 to obj. */
2942 if (!chkp_static_var_bounds)
2943 chkp_static_var_bounds = new hash_map<tree, tree>;
2944
2945 if (TREE_CODE (obj) == VAR_DECL)
2946 {
2947 tree name = DECL_ASSEMBLER_NAME (obj);
2948 chkp_static_var_bounds->put (name, bnd_var);
2949 }
2950 else
2951 chkp_static_var_bounds->put (obj, bnd_var);
2952
2953 return bnd_var;
2954 }
2955
2956 /* When var has incomplete type we cannot get size to
2957 compute its bounds. In such cases we use checker
2958 builtin call which determines object size at runtime. */
2959 static tree
2960 chkp_generate_extern_var_bounds (tree var)
2961 {
2962 tree bounds, size_reloc, lb, size, max_size, cond;
2963 gimple_stmt_iterator gsi;
2964 gimple_seq seq = NULL;
2965 gimple stmt;
2966
2967 /* If instrumentation is not enabled for vars having
2968 incomplete type then just return zero bounds to avoid
2969 checks for this var. */
2970 if (!flag_chkp_incomplete_type)
2971 return chkp_get_zero_bounds ();
2972
2973 if (dump_file && (dump_flags & TDF_DETAILS))
2974 {
2975 fprintf (dump_file, "Generating bounds for extern symbol '");
2976 print_generic_expr (dump_file, var, 0);
2977 fprintf (dump_file, "'\n");
2978 }
2979
2980 stmt = gimple_build_call (chkp_sizeof_fndecl, 1, var);
2981
2982 size_reloc = create_tmp_reg (chkp_uintptr_type, CHKP_SIZE_TMP_NAME);
2983 gimple_call_set_lhs (stmt, size_reloc);
2984
2985 gimple_seq_add_stmt (&seq, stmt);
2986
2987 lb = chkp_build_addr_expr (var);
2988 size = make_ssa_name (chkp_get_size_tmp_var ());
2989
2990 if (flag_chkp_zero_dynamic_size_as_infinite)
2991 {
2992 /* We should check that size relocation was resolved.
2993 If it was not then use maximum possible size for the var. */
2994 max_size = build2 (MINUS_EXPR, chkp_uintptr_type, integer_zero_node,
2995 fold_convert (chkp_uintptr_type, lb));
2996 max_size = chkp_force_gimple_call_op (max_size, &seq);
2997
2998 cond = build2 (NE_EXPR, boolean_type_node,
2999 size_reloc, integer_zero_node);
3000 stmt = gimple_build_assign (size, COND_EXPR, cond, size_reloc, max_size);
3001 gimple_seq_add_stmt (&seq, stmt);
3002 }
3003 else
3004 {
3005 stmt = gimple_build_assign (size, size_reloc);
3006 gimple_seq_add_stmt (&seq, stmt);
3007 }
3008
3009 gsi = gsi_start_bb (chkp_get_entry_block ());
3010 gsi_insert_seq_after (&gsi, seq, GSI_CONTINUE_LINKING);
3011
3012 bounds = chkp_make_bounds (lb, size, &gsi, true);
3013
3014 return bounds;
3015 }
3016
3017 /* Return 1 if TYPE has fields with zero size or fields
3018 marked with chkp_variable_size attribute. */
3019 bool
3020 chkp_variable_size_type (tree type)
3021 {
3022 bool res = false;
3023 tree field;
3024
3025 if (RECORD_OR_UNION_TYPE_P (type))
3026 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
3027 {
3028 if (TREE_CODE (field) == FIELD_DECL)
3029 res = res
3030 || lookup_attribute ("bnd_variable_size", DECL_ATTRIBUTES (field))
3031 || chkp_variable_size_type (TREE_TYPE (field));
3032 }
3033 else
3034 res = !TYPE_SIZE (type)
3035 || TREE_CODE (TYPE_SIZE (type)) != INTEGER_CST
3036 || tree_to_uhwi (TYPE_SIZE (type)) == 0;
3037
3038 return res;
3039 }
3040
3041 /* Compute and return bounds for address of DECL which is
3042 one of VAR_DECL, PARM_DECL, RESULT_DECL. */
3043 static tree
3044 chkp_get_bounds_for_decl_addr (tree decl)
3045 {
3046 tree bounds;
3047
3048 gcc_assert (TREE_CODE (decl) == VAR_DECL
3049 || TREE_CODE (decl) == PARM_DECL
3050 || TREE_CODE (decl) == RESULT_DECL);
3051
3052 bounds = chkp_get_registered_addr_bounds (decl);
3053
3054 if (bounds)
3055 return bounds;
3056
3057 if (dump_file && (dump_flags & TDF_DETAILS))
3058 {
3059 fprintf (dump_file, "Building bounds for address of decl ");
3060 print_generic_expr (dump_file, decl, 0);
3061 fprintf (dump_file, "\n");
3062 }
3063
3064 /* Use zero bounds if size is unknown and checks for
3065 unknown sizes are restricted. */
3066 if ((!DECL_SIZE (decl)
3067 || (chkp_variable_size_type (TREE_TYPE (decl))
3068 && (TREE_STATIC (decl)
3069 || DECL_EXTERNAL (decl)
3070 || TREE_PUBLIC (decl))))
3071 && !flag_chkp_incomplete_type)
3072 return chkp_get_zero_bounds ();
3073
3074 if (flag_chkp_use_static_bounds
3075 && TREE_CODE (decl) == VAR_DECL
3076 && (TREE_STATIC (decl)
3077 || DECL_EXTERNAL (decl)
3078 || TREE_PUBLIC (decl))
3079 && !DECL_THREAD_LOCAL_P (decl))
3080 {
3081 tree bnd_var = chkp_make_static_bounds (decl);
3082 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
3083 gimple stmt;
3084
3085 bounds = chkp_get_tmp_reg (NULL);
3086 stmt = gimple_build_assign (bounds, bnd_var);
3087 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
3088 }
3089 else if (!DECL_SIZE (decl)
3090 || (chkp_variable_size_type (TREE_TYPE (decl))
3091 && (TREE_STATIC (decl)
3092 || DECL_EXTERNAL (decl)
3093 || TREE_PUBLIC (decl))))
3094 {
3095 gcc_assert (TREE_CODE (decl) == VAR_DECL);
3096 bounds = chkp_generate_extern_var_bounds (decl);
3097 }
3098 else
3099 {
3100 tree lb = chkp_build_addr_expr (decl);
3101 bounds = chkp_make_bounds (lb, DECL_SIZE_UNIT (decl), NULL, false);
3102 }
3103
3104 return bounds;
3105 }
3106
3107 /* Compute and return bounds for constant string. */
3108 static tree
3109 chkp_get_bounds_for_string_cst (tree cst)
3110 {
3111 tree bounds;
3112 tree lb;
3113 tree size;
3114
3115 gcc_assert (TREE_CODE (cst) == STRING_CST);
3116
3117 bounds = chkp_get_registered_bounds (cst);
3118
3119 if (bounds)
3120 return bounds;
3121
3122 if ((flag_chkp_use_static_bounds && flag_chkp_use_static_const_bounds)
3123 || flag_chkp_use_static_const_bounds > 0)
3124 {
3125 tree bnd_var = chkp_make_static_bounds (cst);
3126 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
3127 gimple stmt;
3128
3129 bounds = chkp_get_tmp_reg (NULL);
3130 stmt = gimple_build_assign (bounds, bnd_var);
3131 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
3132 }
3133 else
3134 {
3135 lb = chkp_build_addr_expr (cst);
3136 size = build_int_cst (chkp_uintptr_type, TREE_STRING_LENGTH (cst));
3137 bounds = chkp_make_bounds (lb, size, NULL, false);
3138 }
3139
3140 bounds = chkp_maybe_copy_and_register_bounds (cst, bounds);
3141
3142 return bounds;
3143 }
3144
3145 /* Generate code to instersect bounds BOUNDS1 and BOUNDS2 and
3146 return the result. if ITER is not NULL then Code is inserted
3147 before position pointed by ITER. Otherwise code is added to
3148 entry block. */
3149 static tree
3150 chkp_intersect_bounds (tree bounds1, tree bounds2, gimple_stmt_iterator *iter)
3151 {
3152 if (!bounds1 || bounds1 == chkp_get_zero_bounds ())
3153 return bounds2 ? bounds2 : bounds1;
3154 else if (!bounds2 || bounds2 == chkp_get_zero_bounds ())
3155 return bounds1;
3156 else
3157 {
3158 gimple_seq seq;
3159 gimple stmt;
3160 tree bounds;
3161
3162 seq = NULL;
3163
3164 stmt = gimple_build_call (chkp_intersect_fndecl, 2, bounds1, bounds2);
3165 chkp_mark_stmt (stmt);
3166
3167 bounds = chkp_get_tmp_reg (stmt);
3168 gimple_call_set_lhs (stmt, bounds);
3169
3170 gimple_seq_add_stmt (&seq, stmt);
3171
3172 /* We are probably doing narrowing for constant expression.
3173 In such case iter may be undefined. */
3174 if (!iter)
3175 {
3176 gimple_stmt_iterator gsi = gsi_last_bb (chkp_get_entry_block ());
3177 iter = &gsi;
3178 gsi_insert_seq_after (iter, seq, GSI_SAME_STMT);
3179 }
3180 else
3181 gsi_insert_seq_before (iter, seq, GSI_SAME_STMT);
3182
3183 if (dump_file && (dump_flags & TDF_DETAILS))
3184 {
3185 fprintf (dump_file, "Bounds intersection: ");
3186 print_gimple_stmt (dump_file, stmt, 0, TDF_VOPS|TDF_MEMSYMS);
3187 fprintf (dump_file, " inserted before statement: ");
3188 print_gimple_stmt (dump_file, gsi_stmt (*iter), 0,
3189 TDF_VOPS|TDF_MEMSYMS);
3190 }
3191
3192 return bounds;
3193 }
3194 }
3195
3196 /* Return 1 if we are allowed to narrow bounds for addressed FIELD
3197 and 0 othersize. */
3198 static bool
3199 chkp_may_narrow_to_field (tree field)
3200 {
3201 return DECL_SIZE (field) && TREE_CODE (DECL_SIZE (field)) == INTEGER_CST
3202 && tree_to_uhwi (DECL_SIZE (field)) != 0
3203 && (!DECL_FIELD_OFFSET (field)
3204 || TREE_CODE (DECL_FIELD_OFFSET (field)) == INTEGER_CST)
3205 && (!DECL_FIELD_BIT_OFFSET (field)
3206 || TREE_CODE (DECL_FIELD_BIT_OFFSET (field)) == INTEGER_CST)
3207 && !lookup_attribute ("bnd_variable_size", DECL_ATTRIBUTES (field))
3208 && !chkp_variable_size_type (TREE_TYPE (field));
3209 }
3210
3211 /* Return 1 if bounds for FIELD should be narrowed to
3212 field's own size. */
3213 static bool
3214 chkp_narrow_bounds_for_field (tree field)
3215 {
3216 HOST_WIDE_INT offs;
3217 HOST_WIDE_INT bit_offs;
3218
3219 if (!chkp_may_narrow_to_field (field))
3220 return false;
3221
3222 /* Accesse to compiler generated fields should not cause
3223 bounds narrowing. */
3224 if (DECL_ARTIFICIAL (field))
3225 return false;
3226
3227 offs = tree_to_uhwi (DECL_FIELD_OFFSET (field));
3228 bit_offs = tree_to_uhwi (DECL_FIELD_BIT_OFFSET (field));
3229
3230 return (flag_chkp_narrow_bounds
3231 && (flag_chkp_first_field_has_own_bounds
3232 || offs
3233 || bit_offs));
3234 }
3235
3236 /* Perform narrowing for BOUNDS using bounds computed for field
3237 access COMPONENT. ITER meaning is the same as for
3238 chkp_intersect_bounds. */
3239 static tree
3240 chkp_narrow_bounds_to_field (tree bounds, tree component,
3241 gimple_stmt_iterator *iter)
3242 {
3243 tree field = TREE_OPERAND (component, 1);
3244 tree size = DECL_SIZE_UNIT (field);
3245 tree field_ptr = chkp_build_addr_expr (component);
3246 tree field_bounds;
3247
3248 field_bounds = chkp_make_bounds (field_ptr, size, iter, false);
3249
3250 return chkp_intersect_bounds (field_bounds, bounds, iter);
3251 }
3252
3253 /* Parse field or array access NODE.
3254
3255 PTR ouput parameter holds a pointer to the outermost
3256 object.
3257
3258 BITFIELD output parameter is set to 1 if bitfield is
3259 accessed and to 0 otherwise. If it is 1 then ELT holds
3260 outer component for accessed bit field.
3261
3262 SAFE outer parameter is set to 1 if access is safe and
3263 checks are not required.
3264
3265 BOUNDS outer parameter holds bounds to be used to check
3266 access (may be NULL).
3267
3268 If INNERMOST_BOUNDS is 1 then try to narrow bounds to the
3269 innermost accessed component. */
3270 static void
3271 chkp_parse_array_and_component_ref (tree node, tree *ptr,
3272 tree *elt, bool *safe,
3273 bool *bitfield,
3274 tree *bounds,
3275 gimple_stmt_iterator *iter,
3276 bool innermost_bounds)
3277 {
3278 tree comp_to_narrow = NULL_TREE;
3279 tree last_comp = NULL_TREE;
3280 bool array_ref_found = false;
3281 tree *nodes;
3282 tree var;
3283 int len;
3284 int i;
3285
3286 /* Compute tree height for expression. */
3287 var = node;
3288 len = 1;
3289 while (TREE_CODE (var) == COMPONENT_REF
3290 || TREE_CODE (var) == ARRAY_REF
3291 || TREE_CODE (var) == VIEW_CONVERT_EXPR)
3292 {
3293 var = TREE_OPERAND (var, 0);
3294 len++;
3295 }
3296
3297 gcc_assert (len > 1);
3298
3299 /* It is more convenient for us to scan left-to-right,
3300 so walk tree again and put all node to nodes vector
3301 in reversed order. */
3302 nodes = XALLOCAVEC (tree, len);
3303 nodes[len - 1] = node;
3304 for (i = len - 2; i >= 0; i--)
3305 nodes[i] = TREE_OPERAND (nodes[i + 1], 0);
3306
3307 if (bounds)
3308 *bounds = NULL;
3309 *safe = true;
3310 *bitfield = (TREE_CODE (node) == COMPONENT_REF
3311 && DECL_BIT_FIELD_TYPE (TREE_OPERAND (node, 1)));
3312 /* To get bitfield address we will need outer elemnt. */
3313 if (*bitfield)
3314 *elt = nodes[len - 2];
3315 else
3316 *elt = NULL_TREE;
3317
3318 /* If we have indirection in expression then compute
3319 outermost structure bounds. Computed bounds may be
3320 narrowed later. */
3321 if (TREE_CODE (nodes[0]) == MEM_REF || INDIRECT_REF_P (nodes[0]))
3322 {
3323 *safe = false;
3324 *ptr = TREE_OPERAND (nodes[0], 0);
3325 if (bounds)
3326 *bounds = chkp_find_bounds (*ptr, iter);
3327 }
3328 else
3329 {
3330 gcc_assert (TREE_CODE (var) == VAR_DECL
3331 || TREE_CODE (var) == PARM_DECL
3332 || TREE_CODE (var) == RESULT_DECL
3333 || TREE_CODE (var) == STRING_CST
3334 || TREE_CODE (var) == SSA_NAME);
3335
3336 *ptr = chkp_build_addr_expr (var);
3337 }
3338
3339 /* In this loop we are trying to find a field access
3340 requiring narrowing. There are two simple rules
3341 for search:
3342 1. Leftmost array_ref is chosen if any.
3343 2. Rightmost suitable component_ref is chosen if innermost
3344 bounds are required and no array_ref exists. */
3345 for (i = 1; i < len; i++)
3346 {
3347 var = nodes[i];
3348
3349 if (TREE_CODE (var) == ARRAY_REF)
3350 {
3351 *safe = false;
3352 array_ref_found = true;
3353 if (flag_chkp_narrow_bounds
3354 && !flag_chkp_narrow_to_innermost_arrray
3355 && (!last_comp
3356 || chkp_may_narrow_to_field (TREE_OPERAND (last_comp, 1))))
3357 {
3358 comp_to_narrow = last_comp;
3359 break;
3360 }
3361 }
3362 else if (TREE_CODE (var) == COMPONENT_REF)
3363 {
3364 tree field = TREE_OPERAND (var, 1);
3365
3366 if (innermost_bounds
3367 && !array_ref_found
3368 && chkp_narrow_bounds_for_field (field))
3369 comp_to_narrow = var;
3370 last_comp = var;
3371
3372 if (flag_chkp_narrow_bounds
3373 && flag_chkp_narrow_to_innermost_arrray
3374 && TREE_CODE (TREE_TYPE (field)) == ARRAY_TYPE)
3375 {
3376 if (bounds)
3377 *bounds = chkp_narrow_bounds_to_field (*bounds, var, iter);
3378 comp_to_narrow = NULL;
3379 }
3380 }
3381 else if (TREE_CODE (var) == VIEW_CONVERT_EXPR)
3382 /* Nothing to do for it. */
3383 ;
3384 else
3385 gcc_unreachable ();
3386 }
3387
3388 if (comp_to_narrow && DECL_SIZE (TREE_OPERAND (comp_to_narrow, 1)) && bounds)
3389 *bounds = chkp_narrow_bounds_to_field (*bounds, comp_to_narrow, iter);
3390
3391 if (innermost_bounds && bounds && !*bounds)
3392 *bounds = chkp_find_bounds (*ptr, iter);
3393 }
3394
3395 /* Compute and return bounds for address of OBJ. */
3396 static tree
3397 chkp_make_addressed_object_bounds (tree obj, gimple_stmt_iterator *iter)
3398 {
3399 tree bounds = chkp_get_registered_addr_bounds (obj);
3400
3401 if (bounds)
3402 return bounds;
3403
3404 switch (TREE_CODE (obj))
3405 {
3406 case VAR_DECL:
3407 case PARM_DECL:
3408 case RESULT_DECL:
3409 bounds = chkp_get_bounds_for_decl_addr (obj);
3410 break;
3411
3412 case STRING_CST:
3413 bounds = chkp_get_bounds_for_string_cst (obj);
3414 break;
3415
3416 case ARRAY_REF:
3417 case COMPONENT_REF:
3418 {
3419 tree elt;
3420 tree ptr;
3421 bool safe;
3422 bool bitfield;
3423
3424 chkp_parse_array_and_component_ref (obj, &ptr, &elt, &safe,
3425 &bitfield, &bounds, iter, true);
3426
3427 gcc_assert (bounds);
3428 }
3429 break;
3430
3431 case FUNCTION_DECL:
3432 case LABEL_DECL:
3433 bounds = chkp_get_zero_bounds ();
3434 break;
3435
3436 case MEM_REF:
3437 bounds = chkp_find_bounds (TREE_OPERAND (obj, 0), iter);
3438 break;
3439
3440 case REALPART_EXPR:
3441 case IMAGPART_EXPR:
3442 bounds = chkp_make_addressed_object_bounds (TREE_OPERAND (obj, 0), iter);
3443 break;
3444
3445 default:
3446 if (dump_file && (dump_flags & TDF_DETAILS))
3447 {
3448 fprintf (dump_file, "chkp_make_addressed_object_bounds: "
3449 "unexpected object of type %s\n",
3450 get_tree_code_name (TREE_CODE (obj)));
3451 print_node (dump_file, "", obj, 0);
3452 }
3453 internal_error ("chkp_make_addressed_object_bounds: "
3454 "Unexpected tree code %s",
3455 get_tree_code_name (TREE_CODE (obj)));
3456 }
3457
3458 chkp_register_addr_bounds (obj, bounds);
3459
3460 return bounds;
3461 }
3462
3463 /* Compute bounds for pointer PTR loaded from PTR_SRC. Generate statements
3464 to compute bounds if required. Computed bounds should be available at
3465 position pointed by ITER.
3466
3467 If PTR_SRC is NULL_TREE then pointer definition is identified.
3468
3469 If PTR_SRC is not NULL_TREE then ITER points to statements which loads
3470 PTR. If PTR is a any memory reference then ITER points to a statement
3471 after which bndldx will be inserterd. In both cases ITER will be updated
3472 to point to the inserted bndldx statement. */
3473
3474 static tree
3475 chkp_find_bounds_1 (tree ptr, tree ptr_src, gimple_stmt_iterator *iter)
3476 {
3477 tree addr = NULL_TREE;
3478 tree bounds = NULL_TREE;
3479
3480 if (!ptr_src)
3481 ptr_src = ptr;
3482
3483 bounds = chkp_get_registered_bounds (ptr_src);
3484
3485 if (bounds)
3486 return bounds;
3487
3488 switch (TREE_CODE (ptr_src))
3489 {
3490 case MEM_REF:
3491 case VAR_DECL:
3492 if (BOUNDED_P (ptr_src))
3493 if (TREE_CODE (ptr) == VAR_DECL && DECL_REGISTER (ptr))
3494 bounds = chkp_get_zero_bounds ();
3495 else
3496 {
3497 addr = chkp_build_addr_expr (ptr_src);
3498 bounds = chkp_build_bndldx (addr, ptr, iter);
3499 }
3500 else
3501 bounds = chkp_get_nonpointer_load_bounds ();
3502 break;
3503
3504 case ARRAY_REF:
3505 case COMPONENT_REF:
3506 addr = get_base_address (ptr_src);
3507 if (DECL_P (addr)
3508 || TREE_CODE (addr) == MEM_REF
3509 || TREE_CODE (addr) == TARGET_MEM_REF)
3510 {
3511 if (BOUNDED_P (ptr_src))
3512 if (TREE_CODE (ptr) == VAR_DECL && DECL_REGISTER (ptr))
3513 bounds = chkp_get_zero_bounds ();
3514 else
3515 {
3516 addr = chkp_build_addr_expr (ptr_src);
3517 bounds = chkp_build_bndldx (addr, ptr, iter);
3518 }
3519 else
3520 bounds = chkp_get_nonpointer_load_bounds ();
3521 }
3522 else
3523 {
3524 gcc_assert (TREE_CODE (addr) == SSA_NAME);
3525 bounds = chkp_find_bounds (addr, iter);
3526 }
3527 break;
3528
3529 case PARM_DECL:
3530 gcc_unreachable ();
3531 bounds = chkp_get_bound_for_parm (ptr_src);
3532 break;
3533
3534 case TARGET_MEM_REF:
3535 addr = chkp_build_addr_expr (ptr_src);
3536 bounds = chkp_build_bndldx (addr, ptr, iter);
3537 break;
3538
3539 case SSA_NAME:
3540 bounds = chkp_get_registered_bounds (ptr_src);
3541 if (!bounds)
3542 {
3543 gimple def_stmt = SSA_NAME_DEF_STMT (ptr_src);
3544 gphi_iterator phi_iter;
3545
3546 bounds = chkp_get_bounds_by_definition (ptr_src, def_stmt, &phi_iter);
3547
3548 gcc_assert (bounds);
3549
3550 if (gphi *def_phi = dyn_cast <gphi *> (def_stmt))
3551 {
3552 unsigned i;
3553
3554 for (i = 0; i < gimple_phi_num_args (def_phi); i++)
3555 {
3556 tree arg = gimple_phi_arg_def (def_phi, i);
3557 tree arg_bnd;
3558 gphi *phi_bnd;
3559
3560 arg_bnd = chkp_find_bounds (arg, NULL);
3561
3562 /* chkp_get_bounds_by_definition created new phi
3563 statement and phi_iter points to it.
3564
3565 Previous call to chkp_find_bounds could create
3566 new basic block and therefore change phi statement
3567 phi_iter points to. */
3568 phi_bnd = phi_iter.phi ();
3569
3570 add_phi_arg (phi_bnd, arg_bnd,
3571 gimple_phi_arg_edge (def_phi, i),
3572 UNKNOWN_LOCATION);
3573 }
3574
3575 /* If all bound phi nodes have their arg computed
3576 then we may finish its computation. See
3577 chkp_finish_incomplete_bounds for more details. */
3578 if (chkp_may_finish_incomplete_bounds ())
3579 chkp_finish_incomplete_bounds ();
3580 }
3581
3582 gcc_assert (bounds == chkp_get_registered_bounds (ptr_src)
3583 || chkp_incomplete_bounds (bounds));
3584 }
3585 break;
3586
3587 case ADDR_EXPR:
3588 bounds = chkp_make_addressed_object_bounds (TREE_OPERAND (ptr_src, 0), iter);
3589 break;
3590
3591 case INTEGER_CST:
3592 if (integer_zerop (ptr_src))
3593 bounds = chkp_get_none_bounds ();
3594 else
3595 bounds = chkp_get_invalid_op_bounds ();
3596 break;
3597
3598 default:
3599 if (dump_file && (dump_flags & TDF_DETAILS))
3600 {
3601 fprintf (dump_file, "chkp_find_bounds: unexpected ptr of type %s\n",
3602 get_tree_code_name (TREE_CODE (ptr_src)));
3603 print_node (dump_file, "", ptr_src, 0);
3604 }
3605 internal_error ("chkp_find_bounds: Unexpected tree code %s",
3606 get_tree_code_name (TREE_CODE (ptr_src)));
3607 }
3608
3609 if (!bounds)
3610 {
3611 if (dump_file && (dump_flags & TDF_DETAILS))
3612 {
3613 fprintf (stderr, "chkp_find_bounds: cannot find bounds for pointer\n");
3614 print_node (dump_file, "", ptr_src, 0);
3615 }
3616 internal_error ("chkp_find_bounds: Cannot find bounds for pointer");
3617 }
3618
3619 return bounds;
3620 }
3621
3622 /* Normal case for bounds search without forced narrowing. */
3623 static tree
3624 chkp_find_bounds (tree ptr, gimple_stmt_iterator *iter)
3625 {
3626 return chkp_find_bounds_1 (ptr, NULL_TREE, iter);
3627 }
3628
3629 /* Search bounds for pointer PTR loaded from PTR_SRC
3630 by statement *ITER points to. */
3631 static tree
3632 chkp_find_bounds_loaded (tree ptr, tree ptr_src, gimple_stmt_iterator *iter)
3633 {
3634 return chkp_find_bounds_1 (ptr, ptr_src, iter);
3635 }
3636
3637 /* Helper function which checks type of RHS and finds all pointers in
3638 it. For each found pointer we build it's accesses in LHS and RHS
3639 objects and then call HANDLER for them. Function is used to copy
3640 or initilize bounds for copied object. */
3641 static void
3642 chkp_walk_pointer_assignments (tree lhs, tree rhs, void *arg,
3643 assign_handler handler)
3644 {
3645 tree type = TREE_TYPE (lhs);
3646
3647 /* We have nothing to do with clobbers. */
3648 if (TREE_CLOBBER_P (rhs))
3649 return;
3650
3651 if (BOUNDED_TYPE_P (type))
3652 handler (lhs, rhs, arg);
3653 else if (RECORD_OR_UNION_TYPE_P (type))
3654 {
3655 tree field;
3656
3657 if (TREE_CODE (rhs) == CONSTRUCTOR)
3658 {
3659 unsigned HOST_WIDE_INT cnt;
3660 tree val;
3661
3662 FOR_EACH_CONSTRUCTOR_ELT (CONSTRUCTOR_ELTS (rhs), cnt, field, val)
3663 {
3664 if (chkp_type_has_pointer (TREE_TYPE (field)))
3665 {
3666 tree lhs_field = chkp_build_component_ref (lhs, field);
3667 chkp_walk_pointer_assignments (lhs_field, val, arg, handler);
3668 }
3669 }
3670 }
3671 else
3672 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
3673 if (TREE_CODE (field) == FIELD_DECL
3674 && chkp_type_has_pointer (TREE_TYPE (field)))
3675 {
3676 tree rhs_field = chkp_build_component_ref (rhs, field);
3677 tree lhs_field = chkp_build_component_ref (lhs, field);
3678 chkp_walk_pointer_assignments (lhs_field, rhs_field, arg, handler);
3679 }
3680 }
3681 else if (TREE_CODE (type) == ARRAY_TYPE)
3682 {
3683 unsigned HOST_WIDE_INT cur = 0;
3684 tree maxval = TYPE_MAX_VALUE (TYPE_DOMAIN (type));
3685 tree etype = TREE_TYPE (type);
3686 tree esize = TYPE_SIZE (etype);
3687
3688 if (TREE_CODE (rhs) == CONSTRUCTOR)
3689 {
3690 unsigned HOST_WIDE_INT cnt;
3691 tree purp, val, lhs_elem;
3692
3693 FOR_EACH_CONSTRUCTOR_ELT (CONSTRUCTOR_ELTS (rhs), cnt, purp, val)
3694 {
3695 if (purp && TREE_CODE (purp) == RANGE_EXPR)
3696 {
3697 tree lo_index = TREE_OPERAND (purp, 0);
3698 tree hi_index = TREE_OPERAND (purp, 1);
3699
3700 for (cur = (unsigned)tree_to_uhwi (lo_index);
3701 cur <= (unsigned)tree_to_uhwi (hi_index);
3702 cur++)
3703 {
3704 lhs_elem = chkp_build_array_ref (lhs, etype, esize, cur);
3705 chkp_walk_pointer_assignments (lhs_elem, val, arg, handler);
3706 }
3707 }
3708 else
3709 {
3710 if (purp)
3711 {
3712 gcc_assert (TREE_CODE (purp) == INTEGER_CST);
3713 cur = tree_to_uhwi (purp);
3714 }
3715
3716 lhs_elem = chkp_build_array_ref (lhs, etype, esize, cur++);
3717
3718 chkp_walk_pointer_assignments (lhs_elem, val, arg, handler);
3719 }
3720 }
3721 }
3722 /* Copy array only when size is known. */
3723 else if (maxval && !integer_minus_onep (maxval))
3724 for (cur = 0; cur <= TREE_INT_CST_LOW (maxval); cur++)
3725 {
3726 tree lhs_elem = chkp_build_array_ref (lhs, etype, esize, cur);
3727 tree rhs_elem = chkp_build_array_ref (rhs, etype, esize, cur);
3728 chkp_walk_pointer_assignments (lhs_elem, rhs_elem, arg, handler);
3729 }
3730 }
3731 else
3732 internal_error("chkp_walk_pointer_assignments: unexpected RHS type: %s",
3733 get_tree_code_name (TREE_CODE (type)));
3734 }
3735
3736 /* Add code to copy bounds for assignment of RHS to LHS.
3737 ARG is an iterator pointing ne code position. */
3738 static void
3739 chkp_copy_bounds_for_elem (tree lhs, tree rhs, void *arg)
3740 {
3741 gimple_stmt_iterator *iter = (gimple_stmt_iterator *)arg;
3742 tree bounds = chkp_find_bounds (rhs, iter);
3743 tree addr = chkp_build_addr_expr(lhs);
3744
3745 chkp_build_bndstx (addr, rhs, bounds, iter);
3746 }
3747
3748 /* Emit static bound initilizers and size vars. */
3749 void
3750 chkp_finish_file (void)
3751 {
3752 struct varpool_node *node;
3753 struct chkp_ctor_stmt_list stmts;
3754
3755 if (seen_error ())
3756 return;
3757
3758 /* Iterate through varpool and generate bounds initialization
3759 constructors for all statically initialized pointers. */
3760 stmts.avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
3761 stmts.stmts = NULL;
3762 FOR_EACH_VARIABLE (node)
3763 /* Check that var is actually emitted and we need and may initialize
3764 its bounds. */
3765 if (node->need_bounds_init
3766 && !POINTER_BOUNDS_P (node->decl)
3767 && DECL_RTL (node->decl)
3768 && MEM_P (DECL_RTL (node->decl))
3769 && TREE_ASM_WRITTEN (node->decl))
3770 {
3771 chkp_walk_pointer_assignments (node->decl,
3772 DECL_INITIAL (node->decl),
3773 &stmts,
3774 chkp_add_modification_to_stmt_list);
3775
3776 if (stmts.avail <= 0)
3777 {
3778 cgraph_build_static_cdtor ('P', stmts.stmts,
3779 MAX_RESERVED_INIT_PRIORITY + 3);
3780 stmts.avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
3781 stmts.stmts = NULL;
3782 }
3783 }
3784
3785 if (stmts.stmts)
3786 cgraph_build_static_cdtor ('P', stmts.stmts,
3787 MAX_RESERVED_INIT_PRIORITY + 3);
3788
3789 /* Iterate through varpool and generate bounds initialization
3790 constructors for all static bounds vars. */
3791 stmts.avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
3792 stmts.stmts = NULL;
3793 FOR_EACH_VARIABLE (node)
3794 if (node->need_bounds_init
3795 && POINTER_BOUNDS_P (node->decl)
3796 && TREE_ASM_WRITTEN (node->decl))
3797 {
3798 tree bnd = node->decl;
3799 tree var;
3800
3801 gcc_assert (DECL_INITIAL (bnd)
3802 && TREE_CODE (DECL_INITIAL (bnd)) == ADDR_EXPR);
3803
3804 var = TREE_OPERAND (DECL_INITIAL (bnd), 0);
3805 chkp_output_static_bounds (bnd, var, &stmts);
3806 }
3807
3808 if (stmts.stmts)
3809 cgraph_build_static_cdtor ('B', stmts.stmts,
3810 MAX_RESERVED_INIT_PRIORITY + 2);
3811
3812 delete chkp_static_var_bounds;
3813 delete chkp_bounds_map;
3814 }
3815
3816 /* An instrumentation function which is called for each statement
3817 having memory access we want to instrument. It inserts check
3818 code and bounds copy code.
3819
3820 ITER points to statement to instrument.
3821
3822 NODE holds memory access in statement to check.
3823
3824 LOC holds the location information for statement.
3825
3826 DIRFLAGS determines whether access is read or write.
3827
3828 ACCESS_OFFS should be added to address used in NODE
3829 before check.
3830
3831 ACCESS_SIZE holds size of checked access.
3832
3833 SAFE indicates if NODE access is safe and should not be
3834 checked. */
3835 static void
3836 chkp_process_stmt (gimple_stmt_iterator *iter, tree node,
3837 location_t loc, tree dirflag,
3838 tree access_offs, tree access_size,
3839 bool safe)
3840 {
3841 tree node_type = TREE_TYPE (node);
3842 tree size = access_size ? access_size : TYPE_SIZE_UNIT (node_type);
3843 tree addr_first = NULL_TREE; /* address of the first accessed byte */
3844 tree addr_last = NULL_TREE; /* address of the last accessed byte */
3845 tree ptr = NULL_TREE; /* a pointer used for dereference */
3846 tree bounds = NULL_TREE;
3847
3848 /* We do not need instrumentation for clobbers. */
3849 if (dirflag == integer_one_node
3850 && gimple_code (gsi_stmt (*iter)) == GIMPLE_ASSIGN
3851 && TREE_CLOBBER_P (gimple_assign_rhs1 (gsi_stmt (*iter))))
3852 return;
3853
3854 switch (TREE_CODE (node))
3855 {
3856 case ARRAY_REF:
3857 case COMPONENT_REF:
3858 {
3859 bool bitfield;
3860 tree elt;
3861
3862 if (safe)
3863 {
3864 /* We are not going to generate any checks, so do not
3865 generate bounds as well. */
3866 addr_first = chkp_build_addr_expr (node);
3867 break;
3868 }
3869
3870 chkp_parse_array_and_component_ref (node, &ptr, &elt, &safe,
3871 &bitfield, &bounds, iter, false);
3872
3873 /* Break if there is no dereference and operation is safe. */
3874
3875 if (bitfield)
3876 {
3877 tree field = TREE_OPERAND (node, 1);
3878
3879 if (TREE_CODE (DECL_SIZE_UNIT (field)) == INTEGER_CST)
3880 size = DECL_SIZE_UNIT (field);
3881
3882 if (elt)
3883 elt = chkp_build_addr_expr (elt);
3884 addr_first = fold_convert_loc (loc, ptr_type_node, elt ? elt : ptr);
3885 addr_first = fold_build_pointer_plus_loc (loc,
3886 addr_first,
3887 byte_position (field));
3888 }
3889 else
3890 addr_first = chkp_build_addr_expr (node);
3891 }
3892 break;
3893
3894 case INDIRECT_REF:
3895 ptr = TREE_OPERAND (node, 0);
3896 addr_first = ptr;
3897 break;
3898
3899 case MEM_REF:
3900 ptr = TREE_OPERAND (node, 0);
3901 addr_first = chkp_build_addr_expr (node);
3902 break;
3903
3904 case TARGET_MEM_REF:
3905 ptr = TMR_BASE (node);
3906 addr_first = chkp_build_addr_expr (node);
3907 break;
3908
3909 case ARRAY_RANGE_REF:
3910 printf("ARRAY_RANGE_REF\n");
3911 debug_gimple_stmt(gsi_stmt(*iter));
3912 debug_tree(node);
3913 gcc_unreachable ();
3914 break;
3915
3916 case BIT_FIELD_REF:
3917 {
3918 tree offs, rem, bpu;
3919
3920 gcc_assert (!access_offs);
3921 gcc_assert (!access_size);
3922
3923 bpu = fold_convert (size_type_node, bitsize_int (BITS_PER_UNIT));
3924 offs = fold_convert (size_type_node, TREE_OPERAND (node, 2));
3925 rem = size_binop_loc (loc, TRUNC_MOD_EXPR, offs, bpu);
3926 offs = size_binop_loc (loc, TRUNC_DIV_EXPR, offs, bpu);
3927
3928 size = fold_convert (size_type_node, TREE_OPERAND (node, 1));
3929 size = size_binop_loc (loc, PLUS_EXPR, size, rem);
3930 size = size_binop_loc (loc, CEIL_DIV_EXPR, size, bpu);
3931 size = fold_convert (size_type_node, size);
3932
3933 chkp_process_stmt (iter, TREE_OPERAND (node, 0), loc,
3934 dirflag, offs, size, safe);
3935 return;
3936 }
3937 break;
3938
3939 case VAR_DECL:
3940 case RESULT_DECL:
3941 case PARM_DECL:
3942 if (dirflag != integer_one_node
3943 || DECL_REGISTER (node))
3944 return;
3945
3946 safe = true;
3947 addr_first = chkp_build_addr_expr (node);
3948 break;
3949
3950 default:
3951 return;
3952 }
3953
3954 /* If addr_last was not computed then use (addr_first + size - 1)
3955 expression to compute it. */
3956 if (!addr_last)
3957 {
3958 addr_last = fold_build_pointer_plus_loc (loc, addr_first, size);
3959 addr_last = fold_build_pointer_plus_hwi_loc (loc, addr_last, -1);
3960 }
3961
3962 /* Shift both first_addr and last_addr by access_offs if specified. */
3963 if (access_offs)
3964 {
3965 addr_first = fold_build_pointer_plus_loc (loc, addr_first, access_offs);
3966 addr_last = fold_build_pointer_plus_loc (loc, addr_last, access_offs);
3967 }
3968
3969 /* Generate bndcl/bndcu checks if memory access is not safe. */
3970 if (!safe)
3971 {
3972 gimple_stmt_iterator stmt_iter = *iter;
3973
3974 if (!bounds)
3975 bounds = chkp_find_bounds (ptr, iter);
3976
3977 chkp_check_mem_access (addr_first, addr_last, bounds,
3978 stmt_iter, loc, dirflag);
3979 }
3980
3981 /* We need to store bounds in case pointer is stored. */
3982 if (dirflag == integer_one_node
3983 && chkp_type_has_pointer (node_type)
3984 && flag_chkp_store_bounds)
3985 {
3986 gimple stmt = gsi_stmt (*iter);
3987 tree rhs1 = gimple_assign_rhs1 (stmt);
3988 enum tree_code rhs_code = gimple_assign_rhs_code (stmt);
3989
3990 if (get_gimple_rhs_class (rhs_code) == GIMPLE_SINGLE_RHS)
3991 chkp_walk_pointer_assignments (node, rhs1, iter,
3992 chkp_copy_bounds_for_elem);
3993 else
3994 {
3995 bounds = chkp_compute_bounds_for_assignment (NULL_TREE, stmt);
3996 chkp_build_bndstx (addr_first, rhs1, bounds, iter);
3997 }
3998 }
3999 }
4000
4001 /* Add code to copy bounds for all pointers copied
4002 in ASSIGN created during inline of EDGE. */
4003 void
4004 chkp_copy_bounds_for_assign (gimple assign, struct cgraph_edge *edge)
4005 {
4006 tree lhs = gimple_assign_lhs (assign);
4007 tree rhs = gimple_assign_rhs1 (assign);
4008 gimple_stmt_iterator iter = gsi_for_stmt (assign);
4009
4010 if (!flag_chkp_store_bounds)
4011 return;
4012
4013 chkp_walk_pointer_assignments (lhs, rhs, &iter, chkp_copy_bounds_for_elem);
4014
4015 /* We should create edges for all created calls to bndldx and bndstx. */
4016 while (gsi_stmt (iter) != assign)
4017 {
4018 gimple stmt = gsi_stmt (iter);
4019 if (gimple_code (stmt) == GIMPLE_CALL)
4020 {
4021 tree fndecl = gimple_call_fndecl (stmt);
4022 struct cgraph_node *callee = cgraph_node::get_create (fndecl);
4023 struct cgraph_edge *new_edge;
4024
4025 gcc_assert (fndecl == chkp_bndstx_fndecl
4026 || fndecl == chkp_bndldx_fndecl
4027 || fndecl == chkp_ret_bnd_fndecl);
4028
4029 new_edge = edge->caller->create_edge (callee,
4030 as_a <gcall *> (stmt),
4031 edge->count,
4032 edge->frequency);
4033 new_edge->frequency = compute_call_stmt_bb_frequency
4034 (edge->caller->decl, gimple_bb (stmt));
4035 }
4036 gsi_prev (&iter);
4037 }
4038 }
4039
4040 /* Some code transformation made during instrumentation pass
4041 may put code into inconsistent state. Here we find and fix
4042 such flaws. */
4043 void
4044 chkp_fix_cfg ()
4045 {
4046 basic_block bb;
4047 gimple_stmt_iterator i;
4048
4049 /* We could insert some code right after stmt which ends bb.
4050 We wanted to put this code on fallthru edge but did not
4051 add new edges from the beginning because it may cause new
4052 phi node creation which may be incorrect due to incomplete
4053 bound phi nodes. */
4054 FOR_ALL_BB_FN (bb, cfun)
4055 for (i = gsi_start_bb (bb); !gsi_end_p (i); gsi_next (&i))
4056 {
4057 gimple stmt = gsi_stmt (i);
4058 gimple_stmt_iterator next = i;
4059
4060 gsi_next (&next);
4061
4062 if (stmt_ends_bb_p (stmt)
4063 && !gsi_end_p (next))
4064 {
4065 edge fall = find_fallthru_edge (bb->succs);
4066 basic_block dest = NULL;
4067 int flags = 0;
4068
4069 gcc_assert (fall);
4070
4071 /* We cannot split abnormal edge. Therefore we
4072 store its params, make it regular and then
4073 rebuild abnormal edge after split. */
4074 if (fall->flags & EDGE_ABNORMAL)
4075 {
4076 flags = fall->flags & ~EDGE_FALLTHRU;
4077 dest = fall->dest;
4078
4079 fall->flags &= ~EDGE_COMPLEX;
4080 }
4081
4082 while (!gsi_end_p (next))
4083 {
4084 gimple next_stmt = gsi_stmt (next);
4085 gsi_remove (&next, false);
4086 gsi_insert_on_edge (fall, next_stmt);
4087 }
4088
4089 gsi_commit_edge_inserts ();
4090
4091 /* Re-create abnormal edge. */
4092 if (dest)
4093 make_edge (bb, dest, flags);
4094 }
4095 }
4096 }
4097
4098 /* Walker callback for chkp_replace_function_pointers. Replaces
4099 function pointer in the specified operand with pointer to the
4100 instrumented function version. */
4101 static tree
4102 chkp_replace_function_pointer (tree *op, int *walk_subtrees,
4103 void *data ATTRIBUTE_UNUSED)
4104 {
4105 if (TREE_CODE (*op) == FUNCTION_DECL
4106 && chkp_instrumentable_p (*op)
4107 && (DECL_BUILT_IN_CLASS (*op) == NOT_BUILT_IN
4108 /* For builtins we replace pointers only for selected
4109 function and functions having definitions. */
4110 || (DECL_BUILT_IN_CLASS (*op) == BUILT_IN_NORMAL
4111 && (chkp_instrument_normal_builtin (*op)
4112 || gimple_has_body_p (*op)))))
4113 {
4114 struct cgraph_node *node = cgraph_node::get_create (*op);
4115 struct cgraph_node *clone = NULL;
4116
4117 if (!node->instrumentation_clone)
4118 clone = chkp_maybe_create_clone (*op);
4119
4120 if (clone)
4121 *op = clone->decl;
4122 *walk_subtrees = 0;
4123 }
4124
4125 return NULL;
4126 }
4127
4128 /* This function searches for function pointers in statement
4129 pointed by GSI and replaces them with pointers to instrumented
4130 function versions. */
4131 static void
4132 chkp_replace_function_pointers (gimple_stmt_iterator *gsi)
4133 {
4134 gimple stmt = gsi_stmt (*gsi);
4135 /* For calls we want to walk call args only. */
4136 if (gimple_code (stmt) == GIMPLE_CALL)
4137 {
4138 unsigned i;
4139 for (i = 0; i < gimple_call_num_args (stmt); i++)
4140 walk_tree (gimple_call_arg_ptr (stmt, i),
4141 chkp_replace_function_pointer, NULL, NULL);
4142 }
4143 else
4144 walk_gimple_stmt (gsi, NULL, chkp_replace_function_pointer, NULL);
4145 }
4146
4147 /* This function instruments all statements working with memory,
4148 calls and rets.
4149
4150 It also removes excess statements from static initializers. */
4151 static void
4152 chkp_instrument_function (void)
4153 {
4154 basic_block bb, next;
4155 gimple_stmt_iterator i;
4156 enum gimple_rhs_class grhs_class;
4157 bool safe = lookup_attribute ("chkp ctor", DECL_ATTRIBUTES (cfun->decl));
4158
4159 bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb;
4160 do
4161 {
4162 next = bb->next_bb;
4163 for (i = gsi_start_bb (bb); !gsi_end_p (i); )
4164 {
4165 gimple s = gsi_stmt (i);
4166
4167 /* Skip statement marked to not be instrumented. */
4168 if (chkp_marked_stmt_p (s))
4169 {
4170 gsi_next (&i);
4171 continue;
4172 }
4173
4174 chkp_replace_function_pointers (&i);
4175
4176 switch (gimple_code (s))
4177 {
4178 case GIMPLE_ASSIGN:
4179 chkp_process_stmt (&i, gimple_assign_lhs (s),
4180 gimple_location (s), integer_one_node,
4181 NULL_TREE, NULL_TREE, safe);
4182 chkp_process_stmt (&i, gimple_assign_rhs1 (s),
4183 gimple_location (s), integer_zero_node,
4184 NULL_TREE, NULL_TREE, safe);
4185 grhs_class = get_gimple_rhs_class (gimple_assign_rhs_code (s));
4186 if (grhs_class == GIMPLE_BINARY_RHS)
4187 chkp_process_stmt (&i, gimple_assign_rhs2 (s),
4188 gimple_location (s), integer_zero_node,
4189 NULL_TREE, NULL_TREE, safe);
4190 break;
4191
4192 case GIMPLE_RETURN:
4193 {
4194 greturn *r = as_a <greturn *> (s);
4195 if (gimple_return_retval (r) != NULL_TREE)
4196 {
4197 chkp_process_stmt (&i, gimple_return_retval (r),
4198 gimple_location (r),
4199 integer_zero_node,
4200 NULL_TREE, NULL_TREE, safe);
4201
4202 /* Additionally we need to add bounds
4203 to return statement. */
4204 chkp_add_bounds_to_ret_stmt (&i);
4205 }
4206 }
4207 break;
4208
4209 case GIMPLE_CALL:
4210 chkp_add_bounds_to_call_stmt (&i);
4211 break;
4212
4213 default:
4214 ;
4215 }
4216
4217 gsi_next (&i);
4218
4219 /* We do not need any actual pointer stores in checker
4220 static initializer. */
4221 if (lookup_attribute ("chkp ctor", DECL_ATTRIBUTES (cfun->decl))
4222 && gimple_code (s) == GIMPLE_ASSIGN
4223 && gimple_store_p (s))
4224 {
4225 gimple_stmt_iterator del_iter = gsi_for_stmt (s);
4226 gsi_remove (&del_iter, true);
4227 unlink_stmt_vdef (s);
4228 release_defs(s);
4229 }
4230 }
4231 bb = next;
4232 }
4233 while (bb);
4234
4235 /* Some input params may have bounds and be address taken. In this case
4236 we should store incoming bounds into bounds table. */
4237 tree arg;
4238 if (flag_chkp_store_bounds)
4239 for (arg = DECL_ARGUMENTS (cfun->decl); arg; arg = DECL_CHAIN (arg))
4240 if (TREE_ADDRESSABLE (arg))
4241 {
4242 if (BOUNDED_P (arg))
4243 {
4244 tree bounds = chkp_get_next_bounds_parm (arg);
4245 tree def_ptr = ssa_default_def (cfun, arg);
4246 gimple_stmt_iterator iter
4247 = gsi_start_bb (chkp_get_entry_block ());
4248 chkp_build_bndstx (chkp_build_addr_expr (arg),
4249 def_ptr ? def_ptr : arg,
4250 bounds, &iter);
4251
4252 /* Skip bounds arg. */
4253 arg = TREE_CHAIN (arg);
4254 }
4255 else if (chkp_type_has_pointer (TREE_TYPE (arg)))
4256 {
4257 tree orig_arg = arg;
4258 bitmap slots = BITMAP_ALLOC (NULL);
4259 gimple_stmt_iterator iter
4260 = gsi_start_bb (chkp_get_entry_block ());
4261 bitmap_iterator bi;
4262 unsigned bnd_no;
4263
4264 chkp_find_bound_slots (TREE_TYPE (arg), slots);
4265
4266 EXECUTE_IF_SET_IN_BITMAP (slots, 0, bnd_no, bi)
4267 {
4268 tree bounds = chkp_get_next_bounds_parm (arg);
4269 HOST_WIDE_INT offs = bnd_no * POINTER_SIZE / BITS_PER_UNIT;
4270 tree addr = chkp_build_addr_expr (orig_arg);
4271 tree ptr = build2 (MEM_REF, ptr_type_node, addr,
4272 build_int_cst (ptr_type_node, offs));
4273 chkp_build_bndstx (chkp_build_addr_expr (ptr), ptr,
4274 bounds, &iter);
4275
4276 arg = DECL_CHAIN (arg);
4277 }
4278 BITMAP_FREE (slots);
4279 }
4280 }
4281 }
4282
4283 /* Find init/null/copy_ptr_bounds calls and replace them
4284 with assignments. It should allow better code
4285 optimization. */
4286
4287 static void
4288 chkp_remove_useless_builtins ()
4289 {
4290 basic_block bb;
4291 gimple_stmt_iterator gsi;
4292
4293 FOR_EACH_BB_FN (bb, cfun)
4294 {
4295 for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi); gsi_next (&gsi))
4296 {
4297 gimple stmt = gsi_stmt (gsi);
4298 tree fndecl;
4299 enum built_in_function fcode;
4300
4301 /* Find builtins returning first arg and replace
4302 them with assignments. */
4303 if (gimple_code (stmt) == GIMPLE_CALL
4304 && (fndecl = gimple_call_fndecl (stmt))
4305 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
4306 && (fcode = DECL_FUNCTION_CODE (fndecl))
4307 && (fcode == BUILT_IN_CHKP_INIT_PTR_BOUNDS
4308 || fcode == BUILT_IN_CHKP_NULL_PTR_BOUNDS
4309 || fcode == BUILT_IN_CHKP_COPY_PTR_BOUNDS
4310 || fcode == BUILT_IN_CHKP_SET_PTR_BOUNDS))
4311 {
4312 tree res = gimple_call_arg (stmt, 0);
4313 update_call_from_tree (&gsi, res);
4314 stmt = gsi_stmt (gsi);
4315 update_stmt (stmt);
4316 }
4317 }
4318 }
4319 }
4320
4321 /* Initialize pass. */
4322 static void
4323 chkp_init (void)
4324 {
4325 basic_block bb;
4326 gimple_stmt_iterator i;
4327
4328 in_chkp_pass = true;
4329
4330 for (bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb; bb; bb = bb->next_bb)
4331 for (i = gsi_start_bb (bb); !gsi_end_p (i); gsi_next (&i))
4332 chkp_unmark_stmt (gsi_stmt (i));
4333
4334 chkp_invalid_bounds = new hash_set<tree>;
4335 chkp_completed_bounds_set = new hash_set<tree>;
4336 delete chkp_reg_bounds;
4337 chkp_reg_bounds = new hash_map<tree, tree>;
4338 delete chkp_bound_vars;
4339 chkp_bound_vars = new hash_map<tree, tree>;
4340 chkp_reg_addr_bounds = new hash_map<tree, tree>;
4341 chkp_incomplete_bounds_map = new hash_map<tree, tree>;
4342 delete chkp_bounds_map;
4343 chkp_bounds_map = new hash_map<tree, tree>;
4344 chkp_abnormal_copies = BITMAP_GGC_ALLOC ();
4345
4346 entry_block = NULL;
4347 zero_bounds = NULL_TREE;
4348 none_bounds = NULL_TREE;
4349 incomplete_bounds = integer_zero_node;
4350 tmp_var = NULL_TREE;
4351 size_tmp_var = NULL_TREE;
4352
4353 chkp_uintptr_type = lang_hooks.types.type_for_mode (ptr_mode, true);
4354
4355 /* We create these constant bounds once for each object file.
4356 These symbols go to comdat section and result in single copy
4357 of each one in the final binary. */
4358 chkp_get_zero_bounds_var ();
4359 chkp_get_none_bounds_var ();
4360
4361 calculate_dominance_info (CDI_DOMINATORS);
4362 calculate_dominance_info (CDI_POST_DOMINATORS);
4363
4364 bitmap_obstack_initialize (NULL);
4365 }
4366
4367 /* Finalize instrumentation pass. */
4368 static void
4369 chkp_fini (void)
4370 {
4371 in_chkp_pass = false;
4372
4373 delete chkp_invalid_bounds;
4374 delete chkp_completed_bounds_set;
4375 delete chkp_reg_addr_bounds;
4376 delete chkp_incomplete_bounds_map;
4377
4378 free_dominance_info (CDI_DOMINATORS);
4379 free_dominance_info (CDI_POST_DOMINATORS);
4380
4381 bitmap_obstack_release (NULL);
4382
4383 entry_block = NULL;
4384 zero_bounds = NULL_TREE;
4385 none_bounds = NULL_TREE;
4386 }
4387
4388 /* Main instrumentation pass function. */
4389 static unsigned int
4390 chkp_execute (void)
4391 {
4392 chkp_init ();
4393
4394 chkp_instrument_function ();
4395
4396 chkp_remove_useless_builtins ();
4397
4398 chkp_function_mark_instrumented (cfun->decl);
4399
4400 chkp_fix_cfg ();
4401
4402 chkp_fini ();
4403
4404 return 0;
4405 }
4406
4407 /* Instrumentation pass gate. */
4408 static bool
4409 chkp_gate (void)
4410 {
4411 cgraph_node *node = cgraph_node::get (cfun->decl);
4412 return ((node != NULL
4413 && node->instrumentation_clone)
4414 || lookup_attribute ("chkp ctor", DECL_ATTRIBUTES (cfun->decl)));
4415 }
4416
4417 namespace {
4418
4419 const pass_data pass_data_chkp =
4420 {
4421 GIMPLE_PASS, /* type */
4422 "chkp", /* name */
4423 OPTGROUP_NONE, /* optinfo_flags */
4424 TV_NONE, /* tv_id */
4425 PROP_ssa | PROP_cfg, /* properties_required */
4426 0, /* properties_provided */
4427 0, /* properties_destroyed */
4428 0, /* todo_flags_start */
4429 TODO_verify_il
4430 | TODO_update_ssa /* todo_flags_finish */
4431 };
4432
4433 class pass_chkp : public gimple_opt_pass
4434 {
4435 public:
4436 pass_chkp (gcc::context *ctxt)
4437 : gimple_opt_pass (pass_data_chkp, ctxt)
4438 {}
4439
4440 /* opt_pass methods: */
4441 virtual opt_pass * clone ()
4442 {
4443 return new pass_chkp (m_ctxt);
4444 }
4445
4446 virtual bool gate (function *)
4447 {
4448 return chkp_gate ();
4449 }
4450
4451 virtual unsigned int execute (function *)
4452 {
4453 return chkp_execute ();
4454 }
4455
4456 }; // class pass_chkp
4457
4458 } // anon namespace
4459
4460 gimple_opt_pass *
4461 make_pass_chkp (gcc::context *ctxt)
4462 {
4463 return new pass_chkp (ctxt);
4464 }
4465
4466 #include "gt-tree-chkp.h"
GNU Compiler Collection
This page took 0.236355 seconds and 5 git commands to generate.