search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
debug/dwarf: support 64-bit DWARF in byte order check
[official-gcc.git] / gcc / ubsan.c
bloba6d446a69a84671afcf720ce4e5d3b09ee913cc0
1 /* UndefinedBehaviorSanitizer, undefined behavior detector.
2 Copyright (C) 2013-2017 Free Software Foundation, Inc.
3 Contributed by Marek Polacek <polacek@redhat.com>
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 3, or (at your option) any later
10 version.
11
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "backend.h"
25 #include "rtl.h"
26 #include "c-family/c-common.h"
27 #include "gimple.h"
28 #include "cfghooks.h"
29 #include "tree-pass.h"
30 #include "memmodel.h"
31 #include "tm_p.h"
32 #include "ssa.h"
33 #include "cgraph.h"
34 #include "tree-pretty-print.h"
35 #include "stor-layout.h"
36 #include "cfganal.h"
37 #include "gimple-iterator.h"
38 #include "output.h"
39 #include "cfgloop.h"
40 #include "ubsan.h"
41 #include "expr.h"
42 #include "stringpool.h"
43 #include "attribs.h"
44 #include "asan.h"
45 #include "gimplify-me.h"
46 #include "dfp.h"
47 #include "builtins.h"
48 #include "tree-object-size.h"
49 #include "tree-cfg.h"
50 #include "gimple-fold.h"
51 #include "varasm.h"
52
53 /* Map from a tree to a VAR_DECL tree. */
54
55 struct GTY((for_user)) tree_type_map {
56 struct tree_map_base type;
57 tree decl;
58 };
59
60 struct tree_type_map_cache_hasher : ggc_cache_ptr_hash<tree_type_map>
61 {
62 static inline hashval_t
63 hash (tree_type_map *t)
64 {
65 return TYPE_UID (t->type.from);
66 }
67
68 static inline bool
69 equal (tree_type_map *a, tree_type_map *b)
70 {
71 return a->type.from == b->type.from;
72 }
73
74 static int
75 keep_cache_entry (tree_type_map *&m)
76 {
77 return ggc_marked_p (m->type.from);
78 }
79 };
80
81 static GTY ((cache))
82 hash_table<tree_type_map_cache_hasher> *decl_tree_for_type;
83
84 /* Lookup a VAR_DECL for TYPE, and return it if we find one. */
85
86 static tree
87 decl_for_type_lookup (tree type)
88 {
89 /* If the hash table is not initialized yet, create it now. */
90 if (decl_tree_for_type == NULL)
91 {
92 decl_tree_for_type
93 = hash_table<tree_type_map_cache_hasher>::create_ggc (10);
94 /* That also means we don't have to bother with the lookup. */
95 return NULL_TREE;
96 }
97
98 struct tree_type_map *h, in;
99 in.type.from = type;
100
101 h = decl_tree_for_type->find_with_hash (&in, TYPE_UID (type));
102 return h ? h->decl : NULL_TREE;
103 }
104
105 /* Insert a mapping TYPE->DECL in the VAR_DECL for type hashtable. */
106
107 static void
108 decl_for_type_insert (tree type, tree decl)
109 {
110 struct tree_type_map *h;
111
112 h = ggc_alloc<tree_type_map> ();
113 h->type.from = type;
114 h->decl = decl;
115 *decl_tree_for_type->find_slot_with_hash (h, TYPE_UID (type), INSERT) = h;
116 }
117
118 /* Helper routine, which encodes a value in the pointer_sized_int_node.
119 Arguments with precision <= POINTER_SIZE are passed directly,
120 the rest is passed by reference. T is a value we are to encode.
121 PHASE determines when this function is called. */
122
123 tree
124 ubsan_encode_value (tree t, enum ubsan_encode_value_phase phase)
125 {
126 tree type = TREE_TYPE (t);
127 scalar_mode mode = SCALAR_TYPE_MODE (type);
128 const unsigned int bitsize = GET_MODE_BITSIZE (mode);
129 if (bitsize <= POINTER_SIZE)
130 switch (TREE_CODE (type))
131 {
132 case BOOLEAN_TYPE:
133 case ENUMERAL_TYPE:
134 case INTEGER_TYPE:
135 return fold_build1 (NOP_EXPR, pointer_sized_int_node, t);
136 case REAL_TYPE:
137 {
138 tree itype = build_nonstandard_integer_type (bitsize, true);
139 t = fold_build1 (VIEW_CONVERT_EXPR, itype, t);
140 return fold_convert (pointer_sized_int_node, t);
141 }
142 default:
143 gcc_unreachable ();
144 }
145 else
146 {
147 if (!DECL_P (t) || !TREE_ADDRESSABLE (t))
148 {
149 /* The reason for this is that we don't want to pessimize
150 code by making vars unnecessarily addressable. */
151 tree var;
152 if (phase != UBSAN_ENCODE_VALUE_GENERIC)
153 {
154 var = create_tmp_var (type);
155 mark_addressable (var);
156 }
157 else
158 {
159 var = create_tmp_var_raw (type);
160 TREE_ADDRESSABLE (var) = 1;
161 DECL_CONTEXT (var) = current_function_decl;
162 }
163 if (phase == UBSAN_ENCODE_VALUE_RTL)
164 {
165 rtx mem = assign_stack_temp_for_type (mode, GET_MODE_SIZE (mode),
166 type);
167 SET_DECL_RTL (var, mem);
168 expand_assignment (var, t, false);
169 return build_fold_addr_expr (var);
170 }
171 if (phase != UBSAN_ENCODE_VALUE_GENERIC)
172 {
173 tree tem = build2 (MODIFY_EXPR, void_type_node, var, t);
174 t = build_fold_addr_expr (var);
175 return build2 (COMPOUND_EXPR, TREE_TYPE (t), tem, t);
176 }
177 else
178 {
179 var = build4 (TARGET_EXPR, type, var, t, NULL_TREE, NULL_TREE);
180 return build_fold_addr_expr (var);
181 }
182 }
183 else
184 return build_fold_addr_expr (t);
185 }
186 }
187
188 /* Cached ubsan_get_type_descriptor_type () return value. */
189 static GTY(()) tree ubsan_type_descriptor_type;
190
191 /* Build
192 struct __ubsan_type_descriptor
193 {
194 unsigned short __typekind;
195 unsigned short __typeinfo;
196 char __typename[];
197 }
198 type. */
199
200 static tree
201 ubsan_get_type_descriptor_type (void)
202 {
203 static const char *field_names[3]
204 = { "__typekind", "__typeinfo", "__typename" };
205 tree fields[3], ret;
206
207 if (ubsan_type_descriptor_type)
208 return ubsan_type_descriptor_type;
209
210 tree itype = build_range_type (sizetype, size_zero_node, NULL_TREE);
211 tree flex_arr_type = build_array_type (char_type_node, itype);
212
213 ret = make_node (RECORD_TYPE);
214 for (int i = 0; i < 3; i++)
215 {
216 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL,
217 get_identifier (field_names[i]),
218 (i == 2) ? flex_arr_type
219 : short_unsigned_type_node);
220 DECL_CONTEXT (fields[i]) = ret;
221 if (i)
222 DECL_CHAIN (fields[i - 1]) = fields[i];
223 }
224 tree type_decl = build_decl (input_location, TYPE_DECL,
225 get_identifier ("__ubsan_type_descriptor"),
226 ret);
227 DECL_IGNORED_P (type_decl) = 1;
228 DECL_ARTIFICIAL (type_decl) = 1;
229 TYPE_FIELDS (ret) = fields[0];
230 TYPE_NAME (ret) = type_decl;
231 TYPE_STUB_DECL (ret) = type_decl;
232 layout_type (ret);
233 ubsan_type_descriptor_type = ret;
234 return ret;
235 }
236
237 /* Cached ubsan_get_source_location_type () return value. */
238 static GTY(()) tree ubsan_source_location_type;
239
240 /* Build
241 struct __ubsan_source_location
242 {
243 const char *__filename;
244 unsigned int __line;
245 unsigned int __column;
246 }
247 type. */
248
249 tree
250 ubsan_get_source_location_type (void)
251 {
252 static const char *field_names[3]
253 = { "__filename", "__line", "__column" };
254 tree fields[3], ret;
255 if (ubsan_source_location_type)
256 return ubsan_source_location_type;
257
258 tree const_char_type = build_qualified_type (char_type_node,
259 TYPE_QUAL_CONST);
260
261 ret = make_node (RECORD_TYPE);
262 for (int i = 0; i < 3; i++)
263 {
264 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL,
265 get_identifier (field_names[i]),
266 (i == 0) ? build_pointer_type (const_char_type)
267 : unsigned_type_node);
268 DECL_CONTEXT (fields[i]) = ret;
269 if (i)
270 DECL_CHAIN (fields[i - 1]) = fields[i];
271 }
272 tree type_decl = build_decl (input_location, TYPE_DECL,
273 get_identifier ("__ubsan_source_location"),
274 ret);
275 DECL_IGNORED_P (type_decl) = 1;
276 DECL_ARTIFICIAL (type_decl) = 1;
277 TYPE_FIELDS (ret) = fields[0];
278 TYPE_NAME (ret) = type_decl;
279 TYPE_STUB_DECL (ret) = type_decl;
280 layout_type (ret);
281 ubsan_source_location_type = ret;
282 return ret;
283 }
284
285 /* Helper routine that returns a CONSTRUCTOR of __ubsan_source_location
286 type with its fields filled from a location_t LOC. */
287
288 static tree
289 ubsan_source_location (location_t loc)
290 {
291 expanded_location xloc;
292 tree type = ubsan_get_source_location_type ();
293
294 xloc = expand_location (loc);
295 tree str;
296 if (xloc.file == NULL)
297 {
298 str = build_int_cst (ptr_type_node, 0);
299 xloc.line = 0;
300 xloc.column = 0;
301 }
302 else
303 {
304 /* Fill in the values from LOC. */
305 size_t len = strlen (xloc.file) + 1;
306 str = build_string (len, xloc.file);
307 TREE_TYPE (str) = build_array_type_nelts (char_type_node, len);
308 TREE_READONLY (str) = 1;
309 TREE_STATIC (str) = 1;
310 str = build_fold_addr_expr (str);
311 }
312 tree ctor = build_constructor_va (type, 3, NULL_TREE, str, NULL_TREE,
313 build_int_cst (unsigned_type_node,
314 xloc.line), NULL_TREE,
315 build_int_cst (unsigned_type_node,
316 xloc.column));
317 TREE_CONSTANT (ctor) = 1;
318 TREE_STATIC (ctor) = 1;
319
320 return ctor;
321 }
322
323 /* This routine returns a magic number for TYPE. */
324
325 static unsigned short
326 get_ubsan_type_info_for_type (tree type)
327 {
328 if (TREE_CODE (type) == REAL_TYPE)
329 return tree_to_uhwi (TYPE_SIZE (type));
330 else if (INTEGRAL_TYPE_P (type))
331 {
332 int prec = exact_log2 (tree_to_uhwi (TYPE_SIZE (type)));
333 gcc_assert (prec != -1);
334 return (prec << 1) | !TYPE_UNSIGNED (type);
335 }
336 else
337 return 0;
338 }
339
340 /* Counters for internal labels. ubsan_ids[0] for Lubsan_type,
341 ubsan_ids[1] for Lubsan_data labels. */
342 static GTY(()) unsigned int ubsan_ids[2];
343
344 /* Helper routine that returns ADDR_EXPR of a VAR_DECL of a type
345 descriptor. It first looks into the hash table; if not found,
346 create the VAR_DECL, put it into the hash table and return the
347 ADDR_EXPR of it. TYPE describes a particular type. PSTYLE is
348 an enum controlling how we want to print the type. */
349
350 tree
351 ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
352 {
353 /* See through any typedefs. */
354 type = TYPE_MAIN_VARIANT (type);
355
356 tree decl = decl_for_type_lookup (type);
357 /* It is possible that some of the earlier created DECLs were found
358 unused, in that case they weren't emitted and varpool_node::get
359 returns NULL node on them. But now we really need them. Thus,
360 renew them here. */
361 if (decl != NULL_TREE && varpool_node::get (decl))
362 return build_fold_addr_expr (decl);
363
364 tree dtype = ubsan_get_type_descriptor_type ();
365 tree type2 = type;
366 const char *tname = NULL;
367 pretty_printer pretty_name;
368 unsigned char deref_depth = 0;
369 unsigned short tkind, tinfo;
370
371 /* Get the name of the type, or the name of the pointer type. */
372 if (pstyle == UBSAN_PRINT_POINTER)
373 {
374 gcc_assert (POINTER_TYPE_P (type));
375 type2 = TREE_TYPE (type);
376
377 /* Remove any '*' operators from TYPE. */
378 while (POINTER_TYPE_P (type2))
379 deref_depth++, type2 = TREE_TYPE (type2);
380
381 if (TREE_CODE (type2) == METHOD_TYPE)
382 type2 = TYPE_METHOD_BASETYPE (type2);
383 }
384
385 /* If an array, get its type. */
386 type2 = strip_array_types (type2);
387
388 if (pstyle == UBSAN_PRINT_ARRAY)
389 {
390 while (POINTER_TYPE_P (type2))
391 deref_depth++, type2 = TREE_TYPE (type2);
392 }
393
394 if (TYPE_NAME (type2) != NULL)
395 {
396 if (TREE_CODE (TYPE_NAME (type2)) == IDENTIFIER_NODE)
397 tname = IDENTIFIER_POINTER (TYPE_NAME (type2));
398 else if (DECL_NAME (TYPE_NAME (type2)) != NULL)
399 tname = IDENTIFIER_POINTER (DECL_NAME (TYPE_NAME (type2)));
400 }
401
402 if (tname == NULL)
403 /* We weren't able to determine the type name. */
404 tname = "<unknown>";
405
406 tree eltype = type;
407 if (pstyle == UBSAN_PRINT_POINTER)
408 {
409 pp_printf (&pretty_name, "'%s%s%s%s%s%s%s",
410 TYPE_VOLATILE (type2) ? "volatile " : "",
411 TYPE_READONLY (type2) ? "const " : "",
412 TYPE_RESTRICT (type2) ? "restrict " : "",
413 TYPE_ATOMIC (type2) ? "_Atomic " : "",
414 TREE_CODE (type2) == RECORD_TYPE
415 ? "struct "
416 : TREE_CODE (type2) == UNION_TYPE
417 ? "union " : "", tname,
418 deref_depth == 0 ? "" : " ");
419 while (deref_depth-- > 0)
420 pp_star (&pretty_name);
421 pp_quote (&pretty_name);
422 }
423 else if (pstyle == UBSAN_PRINT_ARRAY)
424 {
425 /* Pretty print the array dimensions. */
426 gcc_assert (TREE_CODE (type) == ARRAY_TYPE);
427 tree t = type;
428 pp_printf (&pretty_name, "'%s ", tname);
429 while (deref_depth-- > 0)
430 pp_star (&pretty_name);
431 while (TREE_CODE (t) == ARRAY_TYPE)
432 {
433 pp_left_bracket (&pretty_name);
434 tree dom = TYPE_DOMAIN (t);
435 if (dom != NULL_TREE
436 && TYPE_MAX_VALUE (dom) != NULL_TREE
437 && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST)
438 {
439 if (tree_fits_uhwi_p (TYPE_MAX_VALUE (dom))
440 && tree_to_uhwi (TYPE_MAX_VALUE (dom)) + 1 != 0)
441 pp_printf (&pretty_name, HOST_WIDE_INT_PRINT_DEC,
442 tree_to_uhwi (TYPE_MAX_VALUE (dom)) + 1);
443 else
444 pp_wide_int (&pretty_name,
445 wi::add (wi::to_widest (TYPE_MAX_VALUE (dom)), 1),
446 TYPE_SIGN (TREE_TYPE (dom)));
447 }
448 else
449 /* ??? We can't determine the variable name; print VLA unspec. */
450 pp_star (&pretty_name);
451 pp_right_bracket (&pretty_name);
452 t = TREE_TYPE (t);
453 }
454 pp_quote (&pretty_name);
455
456 /* Save the tree with stripped types. */
457 eltype = t;
458 }
459 else
460 pp_printf (&pretty_name, "'%s'", tname);
461
462 switch (TREE_CODE (eltype))
463 {
464 case BOOLEAN_TYPE:
465 case ENUMERAL_TYPE:
466 case INTEGER_TYPE:
467 tkind = 0x0000;
468 break;
469 case REAL_TYPE:
470 /* FIXME: libubsan right now only supports float, double and
471 long double type formats. */
472 if (TYPE_MODE (eltype) == TYPE_MODE (float_type_node)
473 || TYPE_MODE (eltype) == TYPE_MODE (double_type_node)
474 || TYPE_MODE (eltype) == TYPE_MODE (long_double_type_node))
475 tkind = 0x0001;
476 else
477 tkind = 0xffff;
478 break;
479 default:
480 tkind = 0xffff;
481 break;
482 }
483 tinfo = get_ubsan_type_info_for_type (eltype);
484
485 /* Create a new VAR_DECL of type descriptor. */
486 const char *tmp = pp_formatted_text (&pretty_name);
487 size_t len = strlen (tmp) + 1;
488 tree str = build_string (len, tmp);
489 TREE_TYPE (str) = build_array_type_nelts (char_type_node, len);
490 TREE_READONLY (str) = 1;
491 TREE_STATIC (str) = 1;
492
493 char tmp_name[32];
494 ASM_GENERATE_INTERNAL_LABEL (tmp_name, "Lubsan_type", ubsan_ids[0]++);
495 decl = build_decl (UNKNOWN_LOCATION, VAR_DECL, get_identifier (tmp_name),
496 dtype);
497 TREE_STATIC (decl) = 1;
498 TREE_PUBLIC (decl) = 0;
499 DECL_ARTIFICIAL (decl) = 1;
500 DECL_IGNORED_P (decl) = 1;
501 DECL_EXTERNAL (decl) = 0;
502 DECL_SIZE (decl)
503 = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (TREE_TYPE (str)));
504 DECL_SIZE_UNIT (decl)
505 = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
506 TYPE_SIZE_UNIT (TREE_TYPE (str)));
507
508 tree ctor = build_constructor_va (dtype, 3, NULL_TREE,
509 build_int_cst (short_unsigned_type_node,
510 tkind), NULL_TREE,
511 build_int_cst (short_unsigned_type_node,
512 tinfo), NULL_TREE, str);
513 TREE_CONSTANT (ctor) = 1;
514 TREE_STATIC (ctor) = 1;
515 DECL_INITIAL (decl) = ctor;
516 varpool_node::finalize_decl (decl);
517
518 /* Save the VAR_DECL into the hash table. */
519 decl_for_type_insert (type, decl);
520
521 return build_fold_addr_expr (decl);
522 }
523
524 /* Create a structure for the ubsan library. NAME is a name of the new
525 structure. LOCCNT is number of locations, PLOC points to array of
526 locations. The arguments in ... are of __ubsan_type_descriptor type
527 and there are at most two of them, followed by NULL_TREE, followed
528 by optional extra arguments and another NULL_TREE. */
529
530 tree
531 ubsan_create_data (const char *name, int loccnt, const location_t *ploc, ...)
532 {
533 va_list args;
534 tree ret, t;
535 tree fields[6];
536 vec<tree, va_gc> *saved_args = NULL;
537 size_t i = 0;
538 int j;
539
540 /* It is possible that PCH zapped table with definitions of sanitizer
541 builtins. Reinitialize them if needed. */
542 initialize_sanitizer_builtins ();
543
544 /* Firstly, create a pointer to type descriptor type. */
545 tree td_type = ubsan_get_type_descriptor_type ();
546 td_type = build_pointer_type (td_type);
547
548 /* Create the structure type. */
549 ret = make_node (RECORD_TYPE);
550 for (j = 0; j < loccnt; j++)
551 {
552 gcc_checking_assert (i < 2);
553 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
554 ubsan_get_source_location_type ());
555 DECL_CONTEXT (fields[i]) = ret;
556 if (i)
557 DECL_CHAIN (fields[i - 1]) = fields[i];
558 i++;
559 }
560
561 va_start (args, ploc);
562 for (t = va_arg (args, tree); t != NULL_TREE;
563 i++, t = va_arg (args, tree))
564 {
565 gcc_checking_assert (i < 4);
566 /* Save the tree arguments for later use. */
567 vec_safe_push (saved_args, t);
568 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
569 td_type);
570 DECL_CONTEXT (fields[i]) = ret;
571 if (i)
572 DECL_CHAIN (fields[i - 1]) = fields[i];
573 }
574
575 for (t = va_arg (args, tree); t != NULL_TREE;
576 i++, t = va_arg (args, tree))
577 {
578 gcc_checking_assert (i < 6);
579 /* Save the tree arguments for later use. */
580 vec_safe_push (saved_args, t);
581 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
582 TREE_TYPE (t));
583 DECL_CONTEXT (fields[i]) = ret;
584 if (i)
585 DECL_CHAIN (fields[i - 1]) = fields[i];
586 }
587 va_end (args);
588
589 tree type_decl = build_decl (input_location, TYPE_DECL,
590 get_identifier (name), ret);
591 DECL_IGNORED_P (type_decl) = 1;
592 DECL_ARTIFICIAL (type_decl) = 1;
593 TYPE_FIELDS (ret) = fields[0];
594 TYPE_NAME (ret) = type_decl;
595 TYPE_STUB_DECL (ret) = type_decl;
596 layout_type (ret);
597
598 /* Now, fill in the type. */
599 char tmp_name[32];
600 ASM_GENERATE_INTERNAL_LABEL (tmp_name, "Lubsan_data", ubsan_ids[1]++);
601 tree var = build_decl (UNKNOWN_LOCATION, VAR_DECL, get_identifier (tmp_name),
602 ret);
603 TREE_STATIC (var) = 1;
604 TREE_PUBLIC (var) = 0;
605 DECL_ARTIFICIAL (var) = 1;
606 DECL_IGNORED_P (var) = 1;
607 DECL_EXTERNAL (var) = 0;
608
609 vec<constructor_elt, va_gc> *v;
610 vec_alloc (v, i);
611 tree ctor = build_constructor (ret, v);
612
613 /* If desirable, set the __ubsan_source_location element. */
614 for (j = 0; j < loccnt; j++)
615 {
616 location_t loc = LOCATION_LOCUS (ploc[j]);
617 CONSTRUCTOR_APPEND_ELT (v, NULL_TREE, ubsan_source_location (loc));
618 }
619
620 size_t nelts = vec_safe_length (saved_args);
621 for (i = 0; i < nelts; i++)
622 {
623 t = (*saved_args)[i];
624 CONSTRUCTOR_APPEND_ELT (v, NULL_TREE, t);
625 }
626
627 TREE_CONSTANT (ctor) = 1;
628 TREE_STATIC (ctor) = 1;
629 DECL_INITIAL (var) = ctor;
630 varpool_node::finalize_decl (var);
631
632 return var;
633 }
634
635 /* Instrument the __builtin_unreachable call. We just call the libubsan
636 routine instead. */
637
638 bool
639 ubsan_instrument_unreachable (gimple_stmt_iterator *gsi)
640 {
641 gimple *g;
642 location_t loc = gimple_location (gsi_stmt (*gsi));
643
644 if (flag_sanitize_undefined_trap_on_error)
645 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
646 else
647 {
648 tree data = ubsan_create_data ("__ubsan_unreachable_data", 1, &loc,
649 NULL_TREE, NULL_TREE);
650 data = build_fold_addr_expr_loc (loc, data);
651 tree fn
652 = builtin_decl_explicit (BUILT_IN_UBSAN_HANDLE_BUILTIN_UNREACHABLE);
653 g = gimple_build_call (fn, 1, data);
654 }
655 gimple_set_location (g, loc);
656 gsi_replace (gsi, g, false);
657 return false;
658 }
659
660 /* Return true if T is a call to a libubsan routine. */
661
662 bool
663 is_ubsan_builtin_p (tree t)
664 {
665 return TREE_CODE (t) == FUNCTION_DECL
666 && DECL_BUILT_IN_CLASS (t) == BUILT_IN_NORMAL
667 && strncmp (IDENTIFIER_POINTER (DECL_NAME (t)),
668 "__builtin___ubsan_", 18) == 0;
669 }
670
671 /* Create a callgraph edge for statement STMT. */
672
673 static void
674 ubsan_create_edge (gimple *stmt)
675 {
676 gcall *call_stmt = dyn_cast <gcall *> (stmt);
677 basic_block bb = gimple_bb (stmt);
678 int freq = compute_call_stmt_bb_frequency (current_function_decl, bb);
679 cgraph_node *node = cgraph_node::get (current_function_decl);
680 tree decl = gimple_call_fndecl (call_stmt);
681 if (decl)
682 node->create_edge (cgraph_node::get_create (decl), call_stmt, bb->count,
683 freq);
684 }
685
686 /* Expand the UBSAN_BOUNDS special builtin function. */
687
688 bool
689 ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
690 {
691 gimple *stmt = gsi_stmt (*gsi);
692 location_t loc = gimple_location (stmt);
693 gcc_assert (gimple_call_num_args (stmt) == 3);
694
695 /* Pick up the arguments of the UBSAN_BOUNDS call. */
696 tree type = TREE_TYPE (TREE_TYPE (gimple_call_arg (stmt, 0)));
697 tree index = gimple_call_arg (stmt, 1);
698 tree orig_index = index;
699 tree bound = gimple_call_arg (stmt, 2);
700
701 gimple_stmt_iterator gsi_orig = *gsi;
702
703 /* Create condition "if (index > bound)". */
704 basic_block then_bb, fallthru_bb;
705 gimple_stmt_iterator cond_insert_point
706 = create_cond_insert_point (gsi, false, false, true,
707 &then_bb, &fallthru_bb);
708 index = fold_convert (TREE_TYPE (bound), index);
709 index = force_gimple_operand_gsi (&cond_insert_point, index,
710 true, NULL_TREE,
711 false, GSI_NEW_STMT);
712 gimple *g = gimple_build_cond (GT_EXPR, index, bound, NULL_TREE, NULL_TREE);
713 gimple_set_location (g, loc);
714 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
715
716 /* Generate __ubsan_handle_out_of_bounds call. */
717 *gsi = gsi_after_labels (then_bb);
718 if (flag_sanitize_undefined_trap_on_error)
719 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
720 else
721 {
722 tree data
723 = ubsan_create_data ("__ubsan_out_of_bounds_data", 1, &loc,
724 ubsan_type_descriptor (type, UBSAN_PRINT_ARRAY),
725 ubsan_type_descriptor (TREE_TYPE (orig_index)),
726 NULL_TREE, NULL_TREE);
727 data = build_fold_addr_expr_loc (loc, data);
728 enum built_in_function bcode
729 = (flag_sanitize_recover & SANITIZE_BOUNDS)
730 ? BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS
731 : BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS_ABORT;
732 tree fn = builtin_decl_explicit (bcode);
733 tree val = ubsan_encode_value (orig_index, UBSAN_ENCODE_VALUE_GIMPLE);
734 val = force_gimple_operand_gsi (gsi, val, true, NULL_TREE, true,
735 GSI_SAME_STMT);
736 g = gimple_build_call (fn, 2, data, val);
737 }
738 gimple_set_location (g, loc);
739 gsi_insert_before (gsi, g, GSI_SAME_STMT);
740
741 /* Get rid of the UBSAN_BOUNDS call from the IR. */
742 unlink_stmt_vdef (stmt);
743 gsi_remove (&gsi_orig, true);
744
745 /* Point GSI to next logical statement. */
746 *gsi = gsi_start_bb (fallthru_bb);
747 return true;
748 }
749
750 /* Expand UBSAN_NULL internal call. The type is kept on the ckind
751 argument which is a constant, because the middle-end treats pointer
752 conversions as useless and therefore the type of the first argument
753 could be changed to any other pointer type. */
754
755 bool
756 ubsan_expand_null_ifn (gimple_stmt_iterator *gsip)
757 {
758 gimple_stmt_iterator gsi = *gsip;
759 gimple *stmt = gsi_stmt (gsi);
760 location_t loc = gimple_location (stmt);
761 gcc_assert (gimple_call_num_args (stmt) == 3);
762 tree ptr = gimple_call_arg (stmt, 0);
763 tree ckind = gimple_call_arg (stmt, 1);
764 tree align = gimple_call_arg (stmt, 2);
765 tree check_align = NULL_TREE;
766 bool check_null;
767
768 basic_block cur_bb = gsi_bb (gsi);
769
770 gimple *g;
771 if (!integer_zerop (align))
772 {
773 unsigned int ptralign = get_pointer_alignment (ptr) / BITS_PER_UNIT;
774 if (compare_tree_int (align, ptralign) == 1)
775 {
776 check_align = make_ssa_name (pointer_sized_int_node);
777 g = gimple_build_assign (check_align, NOP_EXPR, ptr);
778 gimple_set_location (g, loc);
779 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
780 }
781 }
782 check_null = sanitize_flags_p (SANITIZE_NULL);
783
784 if (check_align == NULL_TREE && !check_null)
785 {
786 gsi_remove (gsip, true);
787 /* Unlink the UBSAN_NULLs vops before replacing it. */
788 unlink_stmt_vdef (stmt);
789 return true;
790 }
791
792 /* Split the original block holding the pointer dereference. */
793 edge e = split_block (cur_bb, stmt);
794
795 /* Get a hold on the 'condition block', the 'then block' and the
796 'else block'. */
797 basic_block cond_bb = e->src;
798 basic_block fallthru_bb = e->dest;
799 basic_block then_bb = create_empty_bb (cond_bb);
800 add_bb_to_loop (then_bb, cond_bb->loop_father);
801 loops_state_set (LOOPS_NEED_FIXUP);
802
803 /* Make an edge coming from the 'cond block' into the 'then block';
804 this edge is unlikely taken, so set up the probability accordingly. */
805 e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
806 e->probability = profile_probability::very_unlikely ();
807
808 /* Connect 'then block' with the 'else block'. This is needed
809 as the ubsan routines we call in the 'then block' are not noreturn.
810 The 'then block' only has one outcoming edge. */
811 make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
812
813 /* Set up the fallthrough basic block. */
814 e = find_edge (cond_bb, fallthru_bb);
815 e->flags = EDGE_FALSE_VALUE;
816 e->probability = profile_probability::very_likely ();
817
818 /* Update dominance info for the newly created then_bb; note that
819 fallthru_bb's dominance info has already been updated by
820 split_block. */
821 if (dom_info_available_p (CDI_DOMINATORS))
822 set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);
823
824 /* Put the ubsan builtin call into the newly created BB. */
825 if (flag_sanitize_undefined_trap_on_error)
826 g = gimple_build_call (builtin_decl_implicit (BUILT_IN_TRAP), 0);
827 else
828 {
829 enum built_in_function bcode
830 = (flag_sanitize_recover & ((check_align ? SANITIZE_ALIGNMENT : 0)
831 | (check_null ? SANITIZE_NULL : 0)))
832 ? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1
833 : BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1_ABORT;
834 tree fn = builtin_decl_implicit (bcode);
835 int align_log = tree_log2 (align);
836 tree data
837 = ubsan_create_data ("__ubsan_null_data", 1, &loc,
838 ubsan_type_descriptor (TREE_TYPE (ckind),
839 UBSAN_PRINT_POINTER),
840 NULL_TREE,
841 build_int_cst (unsigned_char_type_node,
842 MAX (align_log, 0)),
843 fold_convert (unsigned_char_type_node, ckind),
844 NULL_TREE);
845 data = build_fold_addr_expr_loc (loc, data);
846 g = gimple_build_call (fn, 2, data,
847 check_align ? check_align
848 : build_zero_cst (pointer_sized_int_node));
849 }
850 gimple_stmt_iterator gsi2 = gsi_start_bb (then_bb);
851 gimple_set_location (g, loc);
852 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
853
854 /* Unlink the UBSAN_NULLs vops before replacing it. */
855 unlink_stmt_vdef (stmt);
856
857 if (check_null)
858 {
859 g = gimple_build_cond (EQ_EXPR, ptr, build_int_cst (TREE_TYPE (ptr), 0),
860 NULL_TREE, NULL_TREE);
861 gimple_set_location (g, loc);
862
863 /* Replace the UBSAN_NULL with a GIMPLE_COND stmt. */
864 gsi_replace (&gsi, g, false);
865 stmt = g;
866 }
867
868 if (check_align)
869 {
870 if (check_null)
871 {
872 /* Split the block with the condition again. */
873 e = split_block (cond_bb, stmt);
874 basic_block cond1_bb = e->src;
875 basic_block cond2_bb = e->dest;
876
877 /* Make an edge coming from the 'cond1 block' into the 'then block';
878 this edge is unlikely taken, so set up the probability
879 accordingly. */
880 e = make_edge (cond1_bb, then_bb, EDGE_TRUE_VALUE);
881 e->probability = profile_probability::very_unlikely ();
882
883 /* Set up the fallthrough basic block. */
884 e = find_edge (cond1_bb, cond2_bb);
885 e->flags = EDGE_FALSE_VALUE;
886 e->probability = profile_probability::very_likely ();
887
888 /* Update dominance info. */
889 if (dom_info_available_p (CDI_DOMINATORS))
890 {
891 set_immediate_dominator (CDI_DOMINATORS, fallthru_bb, cond1_bb);
892 set_immediate_dominator (CDI_DOMINATORS, then_bb, cond1_bb);
893 }
894
895 gsi2 = gsi_start_bb (cond2_bb);
896 }
897
898 tree mask = build_int_cst (pointer_sized_int_node,
899 tree_to_uhwi (align) - 1);
900 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
901 BIT_AND_EXPR, check_align, mask);
902 gimple_set_location (g, loc);
903 if (check_null)
904 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
905 else
906 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
907
908 g = gimple_build_cond (NE_EXPR, gimple_assign_lhs (g),
909 build_int_cst (pointer_sized_int_node, 0),
910 NULL_TREE, NULL_TREE);
911 gimple_set_location (g, loc);
912 if (check_null)
913 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
914 else
915 /* Replace the UBSAN_NULL with a GIMPLE_COND stmt. */
916 gsi_replace (&gsi, g, false);
917 }
918 return false;
919 }
920
921 #define OBJSZ_MAX_OFFSET (1024 * 16)
922
923 /* Expand UBSAN_OBJECT_SIZE internal call. */
924
925 bool
926 ubsan_expand_objsize_ifn (gimple_stmt_iterator *gsi)
927 {
928 gimple *stmt = gsi_stmt (*gsi);
929 location_t loc = gimple_location (stmt);
930 gcc_assert (gimple_call_num_args (stmt) == 4);
931
932 tree ptr = gimple_call_arg (stmt, 0);
933 tree offset = gimple_call_arg (stmt, 1);
934 tree size = gimple_call_arg (stmt, 2);
935 tree ckind = gimple_call_arg (stmt, 3);
936 gimple_stmt_iterator gsi_orig = *gsi;
937 gimple *g;
938
939 /* See if we can discard the check. */
940 if (TREE_CODE (size) != INTEGER_CST
941 || integer_all_onesp (size))
942 /* Yes, __builtin_object_size couldn't determine the
943 object size. */;
944 else if (TREE_CODE (offset) == INTEGER_CST
945 && wi::to_widest (offset) >= -OBJSZ_MAX_OFFSET
946 && wi::to_widest (offset) <= -1)
947 /* The offset is in range [-16K, -1]. */;
948 else
949 {
950 /* if (offset > objsize) */
951 basic_block then_bb, fallthru_bb;
952 gimple_stmt_iterator cond_insert_point
953 = create_cond_insert_point (gsi, false, false, true,
954 &then_bb, &fallthru_bb);
955 g = gimple_build_cond (GT_EXPR, offset, size, NULL_TREE, NULL_TREE);
956 gimple_set_location (g, loc);
957 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
958
959 /* If the offset is small enough, we don't need the second
960 run-time check. */
961 if (TREE_CODE (offset) == INTEGER_CST
962 && wi::to_widest (offset) >= 0
963 && wi::to_widest (offset) <= OBJSZ_MAX_OFFSET)
964 *gsi = gsi_after_labels (then_bb);
965 else
966 {
967 /* Don't issue run-time error if (ptr > ptr + offset). That
968 may happen when computing a POINTER_PLUS_EXPR. */
969 basic_block then2_bb, fallthru2_bb;
970
971 gimple_stmt_iterator gsi2 = gsi_after_labels (then_bb);
972 cond_insert_point = create_cond_insert_point (&gsi2, false, false,
973 true, &then2_bb,
974 &fallthru2_bb);
975 /* Convert the pointer to an integer type. */
976 tree p = make_ssa_name (pointer_sized_int_node);
977 g = gimple_build_assign (p, NOP_EXPR, ptr);
978 gimple_set_location (g, loc);
979 gsi_insert_before (&cond_insert_point, g, GSI_NEW_STMT);
980 p = gimple_assign_lhs (g);
981 /* Compute ptr + offset. */
982 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
983 PLUS_EXPR, p, offset);
984 gimple_set_location (g, loc);
985 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
986 /* Now build the conditional and put it into the IR. */
987 g = gimple_build_cond (LE_EXPR, p, gimple_assign_lhs (g),
988 NULL_TREE, NULL_TREE);
989 gimple_set_location (g, loc);
990 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
991 *gsi = gsi_after_labels (then2_bb);
992 }
993
994 /* Generate __ubsan_handle_type_mismatch call. */
995 if (flag_sanitize_undefined_trap_on_error)
996 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
997 else
998 {
999 tree data
1000 = ubsan_create_data ("__ubsan_objsz_data", 1, &loc,
1001 ubsan_type_descriptor (TREE_TYPE (ptr),
1002 UBSAN_PRINT_POINTER),
1003 NULL_TREE,
1004 build_zero_cst (unsigned_char_type_node),
1005 ckind,
1006 NULL_TREE);
1007 data = build_fold_addr_expr_loc (loc, data);
1008 enum built_in_function bcode
1009 = (flag_sanitize_recover & SANITIZE_OBJECT_SIZE)
1010 ? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1
1011 : BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_V1_ABORT;
1012 tree p = make_ssa_name (pointer_sized_int_node);
1013 g = gimple_build_assign (p, NOP_EXPR, ptr);
1014 gimple_set_location (g, loc);
1015 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1016 g = gimple_build_call (builtin_decl_explicit (bcode), 2, data, p);
1017 }
1018 gimple_set_location (g, loc);
1019 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1020
1021 /* Point GSI to next logical statement. */
1022 *gsi = gsi_start_bb (fallthru_bb);
1023
1024 /* Get rid of the UBSAN_OBJECT_SIZE call from the IR. */
1025 unlink_stmt_vdef (stmt);
1026 gsi_remove (&gsi_orig, true);
1027 return true;
1028 }
1029
1030 /* Get rid of the UBSAN_OBJECT_SIZE call from the IR. */
1031 unlink_stmt_vdef (stmt);
1032 gsi_remove (gsi, true);
1033 return true;
1034 }
1035
1036 /* Expand UBSAN_PTR internal call. */
1037
1038 bool
1039 ubsan_expand_ptr_ifn (gimple_stmt_iterator *gsip)
1040 {
1041 gimple_stmt_iterator gsi = *gsip;
1042 gimple *stmt = gsi_stmt (gsi);
1043 location_t loc = gimple_location (stmt);
1044 gcc_assert (gimple_call_num_args (stmt) == 2);
1045 tree ptr = gimple_call_arg (stmt, 0);
1046 tree off = gimple_call_arg (stmt, 1);
1047
1048 if (integer_zerop (off))
1049 {
1050 gsi_remove (gsip, true);
1051 unlink_stmt_vdef (stmt);
1052 return true;
1053 }
1054
1055 basic_block cur_bb = gsi_bb (gsi);
1056 tree ptrplusoff = make_ssa_name (pointer_sized_int_node);
1057 tree ptri = make_ssa_name (pointer_sized_int_node);
1058 int pos_neg = get_range_pos_neg (off);
1059
1060 /* Split the original block holding the pointer dereference. */
1061 edge e = split_block (cur_bb, stmt);
1062
1063 /* Get a hold on the 'condition block', the 'then block' and the
1064 'else block'. */
1065 basic_block cond_bb = e->src;
1066 basic_block fallthru_bb = e->dest;
1067 basic_block then_bb = create_empty_bb (cond_bb);
1068 basic_block cond_pos_bb = NULL, cond_neg_bb = NULL;
1069 add_bb_to_loop (then_bb, cond_bb->loop_father);
1070 loops_state_set (LOOPS_NEED_FIXUP);
1071
1072 /* Set up the fallthrough basic block. */
1073 e->flags = EDGE_FALSE_VALUE;
1074 if (pos_neg != 3)
1075 {
1076 e->probability = profile_probability::very_likely ();
1077
1078 /* Connect 'then block' with the 'else block'. This is needed
1079 as the ubsan routines we call in the 'then block' are not noreturn.
1080 The 'then block' only has one outcoming edge. */
1081 make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
1082
1083 /* Make an edge coming from the 'cond block' into the 'then block';
1084 this edge is unlikely taken, so set up the probability
1085 accordingly. */
1086 e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
1087 e->probability = profile_probability::very_unlikely ();
1088 }
1089 else
1090 {
1091 e->probability = profile_probability::even ();
1092
1093 e = split_block (fallthru_bb, (gimple *) NULL);
1094 cond_neg_bb = e->src;
1095 fallthru_bb = e->dest;
1096 e->probability = profile_probability::very_likely ();
1097 e->flags = EDGE_FALSE_VALUE;
1098
1099 e = make_edge (cond_neg_bb, then_bb, EDGE_TRUE_VALUE);
1100 e->probability = profile_probability::very_unlikely ();
1101
1102 cond_pos_bb = create_empty_bb (cond_bb);
1103 add_bb_to_loop (cond_pos_bb, cond_bb->loop_father);
1104
1105 e = make_edge (cond_bb, cond_pos_bb, EDGE_TRUE_VALUE);
1106 e->probability = profile_probability::even ();
1107
1108 e = make_edge (cond_pos_bb, then_bb, EDGE_TRUE_VALUE);
1109 e->probability = profile_probability::very_unlikely ();
1110
1111 e = make_edge (cond_pos_bb, fallthru_bb, EDGE_FALSE_VALUE);
1112 e->probability = profile_probability::very_likely ();
1113
1114 make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
1115 }
1116
1117 gimple *g = gimple_build_assign (ptri, NOP_EXPR, ptr);
1118 gimple_set_location (g, loc);
1119 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
1120 g = gimple_build_assign (ptrplusoff, PLUS_EXPR, ptri, off);
1121 gimple_set_location (g, loc);
1122 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
1123
1124 /* Update dominance info for the newly created then_bb; note that
1125 fallthru_bb's dominance info has already been updated by
1126 split_block. */
1127 if (dom_info_available_p (CDI_DOMINATORS))
1128 {
1129 set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);
1130 if (pos_neg == 3)
1131 {
1132 set_immediate_dominator (CDI_DOMINATORS, cond_pos_bb, cond_bb);
1133 set_immediate_dominator (CDI_DOMINATORS, fallthru_bb, cond_bb);
1134 }
1135 }
1136
1137 /* Put the ubsan builtin call into the newly created BB. */
1138 if (flag_sanitize_undefined_trap_on_error)
1139 g = gimple_build_call (builtin_decl_implicit (BUILT_IN_TRAP), 0);
1140 else
1141 {
1142 enum built_in_function bcode
1143 = (flag_sanitize_recover & SANITIZE_POINTER_OVERFLOW)
1144 ? BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW
1145 : BUILT_IN_UBSAN_HANDLE_POINTER_OVERFLOW_ABORT;
1146 tree fn = builtin_decl_implicit (bcode);
1147 tree data
1148 = ubsan_create_data ("__ubsan_ptrovf_data", 1, &loc,
1149 NULL_TREE, NULL_TREE);
1150 data = build_fold_addr_expr_loc (loc, data);
1151 g = gimple_build_call (fn, 3, data, ptr, ptrplusoff);
1152 }
1153 gimple_stmt_iterator gsi2 = gsi_start_bb (then_bb);
1154 gimple_set_location (g, loc);
1155 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
1156
1157 /* Unlink the UBSAN_PTRs vops before replacing it. */
1158 unlink_stmt_vdef (stmt);
1159
1160 if (TREE_CODE (off) == INTEGER_CST)
1161 g = gimple_build_cond (wi::neg_p (wi::to_wide (off)) ? LT_EXPR : GE_EXPR,
1162 ptri, fold_build1 (NEGATE_EXPR, sizetype, off),
1163 NULL_TREE, NULL_TREE);
1164 else if (pos_neg != 3)
1165 g = gimple_build_cond (pos_neg == 1 ? LT_EXPR : GT_EXPR,
1166 ptrplusoff, ptri, NULL_TREE, NULL_TREE);
1167 else
1168 {
1169 gsi2 = gsi_start_bb (cond_pos_bb);
1170 g = gimple_build_cond (LT_EXPR, ptrplusoff, ptri, NULL_TREE, NULL_TREE);
1171 gimple_set_location (g, loc);
1172 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
1173
1174 gsi2 = gsi_start_bb (cond_neg_bb);
1175 g = gimple_build_cond (GT_EXPR, ptrplusoff, ptri, NULL_TREE, NULL_TREE);
1176 gimple_set_location (g, loc);
1177 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
1178
1179 gimple_seq seq = NULL;
1180 tree t = gimple_build (&seq, loc, NOP_EXPR, ssizetype, off);
1181 t = gimple_build (&seq, loc, GE_EXPR, boolean_type_node,
1182 t, ssize_int (0));
1183 gsi_insert_seq_before (&gsi, seq, GSI_SAME_STMT);
1184 g = gimple_build_cond (NE_EXPR, t, boolean_false_node,
1185 NULL_TREE, NULL_TREE);
1186 }
1187 gimple_set_location (g, loc);
1188 /* Replace the UBSAN_PTR with a GIMPLE_COND stmt. */
1189 gsi_replace (&gsi, g, false);
1190 return false;
1191 }
1192
1193
1194 /* Cached __ubsan_vptr_type_cache decl. */
1195 static GTY(()) tree ubsan_vptr_type_cache_decl;
1196
1197 /* Expand UBSAN_VPTR internal call. The type is kept on the ckind
1198 argument which is a constant, because the middle-end treats pointer
1199 conversions as useless and therefore the type of the first argument
1200 could be changed to any other pointer type. */
1201
1202 bool
1203 ubsan_expand_vptr_ifn (gimple_stmt_iterator *gsip)
1204 {
1205 gimple_stmt_iterator gsi = *gsip;
1206 gimple *stmt = gsi_stmt (gsi);
1207 location_t loc = gimple_location (stmt);
1208 gcc_assert (gimple_call_num_args (stmt) == 5);
1209 tree op = gimple_call_arg (stmt, 0);
1210 tree vptr = gimple_call_arg (stmt, 1);
1211 tree str_hash = gimple_call_arg (stmt, 2);
1212 tree ti_decl_addr = gimple_call_arg (stmt, 3);
1213 tree ckind_tree = gimple_call_arg (stmt, 4);
1214 ubsan_null_ckind ckind = (ubsan_null_ckind) tree_to_uhwi (ckind_tree);
1215 tree type = TREE_TYPE (TREE_TYPE (ckind_tree));
1216 gimple *g;
1217 basic_block fallthru_bb = NULL;
1218
1219 if (ckind == UBSAN_DOWNCAST_POINTER)
1220 {
1221 /* Guard everything with if (op != NULL) { ... }. */
1222 basic_block then_bb;
1223 gimple_stmt_iterator cond_insert_point
1224 = create_cond_insert_point (gsip, false, false, true,
1225 &then_bb, &fallthru_bb);
1226 g = gimple_build_cond (NE_EXPR, op, build_zero_cst (TREE_TYPE (op)),
1227 NULL_TREE, NULL_TREE);
1228 gimple_set_location (g, loc);
1229 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
1230 *gsip = gsi_after_labels (then_bb);
1231 gsi_remove (&gsi, false);
1232 gsi_insert_before (gsip, stmt, GSI_NEW_STMT);
1233 gsi = *gsip;
1234 }
1235
1236 tree htype = TREE_TYPE (str_hash);
1237 tree cst = wide_int_to_tree (htype,
1238 wi::uhwi (((uint64_t) 0x9ddfea08 << 32)
1239 | 0xeb382d69, 64));
1240 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1241 vptr, str_hash);
1242 gimple_set_location (g, loc);
1243 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1244 g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
1245 gimple_assign_lhs (g), cst);
1246 gimple_set_location (g, loc);
1247 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1248 tree t1 = gimple_assign_lhs (g);
1249 g = gimple_build_assign (make_ssa_name (htype), LSHIFT_EXPR,
1250 t1, build_int_cst (integer_type_node, 47));
1251 gimple_set_location (g, loc);
1252 tree t2 = gimple_assign_lhs (g);
1253 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1254 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1255 vptr, t1);
1256 gimple_set_location (g, loc);
1257 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1258 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1259 t2, gimple_assign_lhs (g));
1260 gimple_set_location (g, loc);
1261 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1262 g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
1263 gimple_assign_lhs (g), cst);
1264 gimple_set_location (g, loc);
1265 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1266 tree t3 = gimple_assign_lhs (g);
1267 g = gimple_build_assign (make_ssa_name (htype), LSHIFT_EXPR,
1268 t3, build_int_cst (integer_type_node, 47));
1269 gimple_set_location (g, loc);
1270 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1271 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1272 t3, gimple_assign_lhs (g));
1273 gimple_set_location (g, loc);
1274 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1275 g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
1276 gimple_assign_lhs (g), cst);
1277 gimple_set_location (g, loc);
1278 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1279 if (!useless_type_conversion_p (pointer_sized_int_node, htype))
1280 {
1281 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
1282 NOP_EXPR, gimple_assign_lhs (g));
1283 gimple_set_location (g, loc);
1284 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1285 }
1286 tree hash = gimple_assign_lhs (g);
1287
1288 if (ubsan_vptr_type_cache_decl == NULL_TREE)
1289 {
1290 tree atype = build_array_type_nelts (pointer_sized_int_node, 128);
1291 tree array = build_decl (UNKNOWN_LOCATION, VAR_DECL,
1292 get_identifier ("__ubsan_vptr_type_cache"),
1293 atype);
1294 DECL_ARTIFICIAL (array) = 1;
1295 DECL_IGNORED_P (array) = 1;
1296 TREE_PUBLIC (array) = 1;
1297 TREE_STATIC (array) = 1;
1298 DECL_EXTERNAL (array) = 1;
1299 DECL_VISIBILITY (array) = VISIBILITY_DEFAULT;
1300 DECL_VISIBILITY_SPECIFIED (array) = 1;
1301 varpool_node::finalize_decl (array);
1302 ubsan_vptr_type_cache_decl = array;
1303 }
1304
1305 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
1306 BIT_AND_EXPR, hash,
1307 build_int_cst (pointer_sized_int_node, 127));
1308 gimple_set_location (g, loc);
1309 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1310
1311 tree c = build4_loc (loc, ARRAY_REF, pointer_sized_int_node,
1312 ubsan_vptr_type_cache_decl, gimple_assign_lhs (g),
1313 NULL_TREE, NULL_TREE);
1314 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
1315 ARRAY_REF, c);
1316 gimple_set_location (g, loc);
1317 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1318
1319 basic_block then_bb, fallthru2_bb;
1320 gimple_stmt_iterator cond_insert_point
1321 = create_cond_insert_point (gsip, false, false, true,
1322 &then_bb, &fallthru2_bb);
1323 g = gimple_build_cond (NE_EXPR, gimple_assign_lhs (g), hash,
1324 NULL_TREE, NULL_TREE);
1325 gimple_set_location (g, loc);
1326 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
1327 *gsip = gsi_after_labels (then_bb);
1328 if (fallthru_bb == NULL)
1329 fallthru_bb = fallthru2_bb;
1330
1331 tree data
1332 = ubsan_create_data ("__ubsan_vptr_data", 1, &loc,
1333 ubsan_type_descriptor (type), NULL_TREE, ti_decl_addr,
1334 build_int_cst (unsigned_char_type_node, ckind),
1335 NULL_TREE);
1336 data = build_fold_addr_expr_loc (loc, data);
1337 enum built_in_function bcode
1338 = (flag_sanitize_recover & SANITIZE_VPTR)
1339 ? BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS
1340 : BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS_ABORT;
1341
1342 g = gimple_build_call (builtin_decl_explicit (bcode), 3, data, op, hash);
1343 gimple_set_location (g, loc);
1344 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1345
1346 /* Point GSI to next logical statement. */
1347 *gsip = gsi_start_bb (fallthru_bb);
1348
1349 /* Get rid of the UBSAN_VPTR call from the IR. */
1350 unlink_stmt_vdef (stmt);
1351 gsi_remove (&gsi, true);
1352 return true;
1353 }
1354
1355 /* Instrument a memory reference. BASE is the base of MEM, IS_LHS says
1356 whether the pointer is on the left hand side of the assignment. */
1357
1358 static void
1359 instrument_mem_ref (tree mem, tree base, gimple_stmt_iterator *iter,
1360 bool is_lhs)
1361 {
1362 enum ubsan_null_ckind ikind = is_lhs ? UBSAN_STORE_OF : UBSAN_LOAD_OF;
1363 unsigned int align = 0;
1364 if (sanitize_flags_p (SANITIZE_ALIGNMENT))
1365 {
1366 align = min_align_of_type (TREE_TYPE (base));
1367 if (align <= 1)
1368 align = 0;
1369 }
1370 if (align == 0 && !sanitize_flags_p (SANITIZE_NULL))
1371 return;
1372 tree t = TREE_OPERAND (base, 0);
1373 if (!POINTER_TYPE_P (TREE_TYPE (t)))
1374 return;
1375 if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (base)) && mem != base)
1376 ikind = UBSAN_MEMBER_ACCESS;
1377 tree kind = build_int_cst (build_pointer_type (TREE_TYPE (base)), ikind);
1378 tree alignt = build_int_cst (pointer_sized_int_node, align);
1379 gcall *g = gimple_build_call_internal (IFN_UBSAN_NULL, 3, t, kind, alignt);
1380 gimple_set_location (g, gimple_location (gsi_stmt (*iter)));
1381 gsi_insert_before (iter, g, GSI_SAME_STMT);
1382 }
1383
1384 /* Perform the pointer instrumentation. */
1385
1386 static void
1387 instrument_null (gimple_stmt_iterator gsi, tree t, bool is_lhs)
1388 {
1389 /* Handle also e.g. &s->i. */
1390 if (TREE_CODE (t) == ADDR_EXPR)
1391 t = TREE_OPERAND (t, 0);
1392 tree base = get_base_address (t);
1393 if (base != NULL_TREE
1394 && TREE_CODE (base) == MEM_REF
1395 && TREE_CODE (TREE_OPERAND (base, 0)) == SSA_NAME)
1396 instrument_mem_ref (t, base, &gsi, is_lhs);
1397 }
1398
1399 /* Instrument pointer arithmetics PTR p+ OFF. */
1400
1401 static void
1402 instrument_pointer_overflow (gimple_stmt_iterator *gsi, tree ptr, tree off)
1403 {
1404 if (TYPE_PRECISION (sizetype) != POINTER_SIZE)
1405 return;
1406 gcall *g = gimple_build_call_internal (IFN_UBSAN_PTR, 2, ptr, off);
1407 gimple_set_location (g, gimple_location (gsi_stmt (*gsi)));
1408 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1409 }
1410
1411 /* Instrument pointer arithmetics if any. */
1412
1413 static void
1414 maybe_instrument_pointer_overflow (gimple_stmt_iterator *gsi, tree t)
1415 {
1416 if (TYPE_PRECISION (sizetype) != POINTER_SIZE)
1417 return;
1418
1419 /* Handle also e.g. &s->i. */
1420 if (TREE_CODE (t) == ADDR_EXPR)
1421 t = TREE_OPERAND (t, 0);
1422
1423 if (!handled_component_p (t) && TREE_CODE (t) != MEM_REF)
1424 return;
1425
1426 HOST_WIDE_INT bitsize, bitpos, bytepos;
1427 tree offset;
1428 machine_mode mode;
1429 int volatilep = 0, reversep, unsignedp = 0;
1430 tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset, &mode,
1431 &unsignedp, &reversep, &volatilep);
1432 tree moff = NULL_TREE;
1433
1434 bool decl_p = DECL_P (inner);
1435 tree base;
1436 if (decl_p)
1437 {
1438 if (DECL_REGISTER (inner))
1439 return;
1440 base = inner;
1441 /* If BASE is a fixed size automatic variable or
1442 global variable defined in the current TU and bitpos
1443 fits, don't instrument anything. */
1444 if (offset == NULL_TREE
1445 && bitpos > 0
1446 && (VAR_P (base)
1447 || TREE_CODE (base) == PARM_DECL
1448 || TREE_CODE (base) == RESULT_DECL)
1449 && DECL_SIZE (base)
1450 && TREE_CODE (DECL_SIZE (base)) == INTEGER_CST
1451 && compare_tree_int (DECL_SIZE (base), bitpos) >= 0
1452 && (!is_global_var (base) || decl_binds_to_current_def_p (base)))
1453 return;
1454 }
1455 else if (TREE_CODE (inner) == MEM_REF)
1456 {
1457 base = TREE_OPERAND (inner, 0);
1458 if (TREE_CODE (base) == ADDR_EXPR
1459 && DECL_P (TREE_OPERAND (base, 0))
1460 && !TREE_ADDRESSABLE (TREE_OPERAND (base, 0))
1461 && !is_global_var (TREE_OPERAND (base, 0)))
1462 return;
1463 moff = TREE_OPERAND (inner, 1);
1464 if (integer_zerop (moff))
1465 moff = NULL_TREE;
1466 }
1467 else
1468 return;
1469
1470 if (!POINTER_TYPE_P (TREE_TYPE (base)) && !DECL_P (base))
1471 return;
1472 bytepos = bitpos / BITS_PER_UNIT;
1473 if (offset == NULL_TREE && bytepos == 0 && moff == NULL_TREE)
1474 return;
1475
1476 tree base_addr = base;
1477 if (decl_p)
1478 base_addr = build1 (ADDR_EXPR,
1479 build_pointer_type (TREE_TYPE (base)), base);
1480 t = offset;
1481 if (bytepos)
1482 {
1483 if (t)
1484 t = fold_build2 (PLUS_EXPR, TREE_TYPE (t), t,
1485 build_int_cst (TREE_TYPE (t), bytepos));
1486 else
1487 t = size_int (bytepos);
1488 }
1489 if (moff)
1490 {
1491 if (t)
1492 t = fold_build2 (PLUS_EXPR, TREE_TYPE (t), t,
1493 fold_convert (TREE_TYPE (t), moff));
1494 else
1495 t = fold_convert (sizetype, moff);
1496 }
1497 t = force_gimple_operand_gsi (gsi, t, true, NULL_TREE, true,
1498 GSI_SAME_STMT);
1499 base_addr = force_gimple_operand_gsi (gsi, base_addr, true, NULL_TREE, true,
1500 GSI_SAME_STMT);
1501 instrument_pointer_overflow (gsi, base_addr, t);
1502 }
1503
1504 /* Build an ubsan builtin call for the signed-integer-overflow
1505 sanitization. CODE says what kind of builtin are we building,
1506 LOC is a location, LHSTYPE is the type of LHS, OP0 and OP1
1507 are operands of the binary operation. */
1508
1509 tree
1510 ubsan_build_overflow_builtin (tree_code code, location_t loc, tree lhstype,
1511 tree op0, tree op1, tree *datap)
1512 {
1513 if (flag_sanitize_undefined_trap_on_error)
1514 return build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
1515
1516 tree data;
1517 if (datap && *datap)
1518 data = *datap;
1519 else
1520 data = ubsan_create_data ("__ubsan_overflow_data", 1, &loc,
1521 ubsan_type_descriptor (lhstype), NULL_TREE,
1522 NULL_TREE);
1523 if (datap)
1524 *datap = data;
1525 enum built_in_function fn_code;
1526
1527 switch (code)
1528 {
1529 case PLUS_EXPR:
1530 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1531 ? BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW
1532 : BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW_ABORT;
1533 break;
1534 case MINUS_EXPR:
1535 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1536 ? BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW
1537 : BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW_ABORT;
1538 break;
1539 case MULT_EXPR:
1540 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1541 ? BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW
1542 : BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW_ABORT;
1543 break;
1544 case NEGATE_EXPR:
1545 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1546 ? BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW
1547 : BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW_ABORT;
1548 break;
1549 default:
1550 gcc_unreachable ();
1551 }
1552 tree fn = builtin_decl_explicit (fn_code);
1553 return build_call_expr_loc (loc, fn, 2 + (code != NEGATE_EXPR),
1554 build_fold_addr_expr_loc (loc, data),
1555 ubsan_encode_value (op0, UBSAN_ENCODE_VALUE_RTL),
1556 op1
1557 ? ubsan_encode_value (op1,
1558 UBSAN_ENCODE_VALUE_RTL)
1559 : NULL_TREE);
1560 }
1561
1562 /* Perform the signed integer instrumentation. GSI is the iterator
1563 pointing at statement we are trying to instrument. */
1564
1565 static void
1566 instrument_si_overflow (gimple_stmt_iterator gsi)
1567 {
1568 gimple *stmt = gsi_stmt (gsi);
1569 tree_code code = gimple_assign_rhs_code (stmt);
1570 tree lhs = gimple_assign_lhs (stmt);
1571 tree lhstype = TREE_TYPE (lhs);
1572 tree lhsinner = VECTOR_TYPE_P (lhstype) ? TREE_TYPE (lhstype) : lhstype;
1573 tree a, b;
1574 gimple *g;
1575
1576 /* If this is not a signed operation, don't instrument anything here.
1577 Also punt on bit-fields. */
1578 if (!INTEGRAL_TYPE_P (lhsinner)
1579 || TYPE_OVERFLOW_WRAPS (lhsinner)
1580 || GET_MODE_BITSIZE (TYPE_MODE (lhsinner)) != TYPE_PRECISION (lhsinner))
1581 return;
1582
1583 switch (code)
1584 {
1585 case MINUS_EXPR:
1586 case PLUS_EXPR:
1587 case MULT_EXPR:
1588 /* Transform
1589 i = u {+,-,*} 5;
1590 into
1591 i = UBSAN_CHECK_{ADD,SUB,MUL} (u, 5); */
1592 a = gimple_assign_rhs1 (stmt);
1593 b = gimple_assign_rhs2 (stmt);
1594 g = gimple_build_call_internal (code == PLUS_EXPR
1595 ? IFN_UBSAN_CHECK_ADD
1596 : code == MINUS_EXPR
1597 ? IFN_UBSAN_CHECK_SUB
1598 : IFN_UBSAN_CHECK_MUL, 2, a, b);
1599 gimple_call_set_lhs (g, lhs);
1600 gsi_replace (&gsi, g, true);
1601 break;
1602 case NEGATE_EXPR:
1603 /* Represent i = -u;
1604 as
1605 i = UBSAN_CHECK_SUB (0, u); */
1606 a = build_zero_cst (lhstype);
1607 b = gimple_assign_rhs1 (stmt);
1608 g = gimple_build_call_internal (IFN_UBSAN_CHECK_SUB, 2, a, b);
1609 gimple_call_set_lhs (g, lhs);
1610 gsi_replace (&gsi, g, true);
1611 break;
1612 case ABS_EXPR:
1613 /* Transform i = ABS_EXPR<u>;
1614 into
1615 _N = UBSAN_CHECK_SUB (0, u);
1616 i = ABS_EXPR<_N>; */
1617 a = build_zero_cst (lhstype);
1618 b = gimple_assign_rhs1 (stmt);
1619 g = gimple_build_call_internal (IFN_UBSAN_CHECK_SUB, 2, a, b);
1620 a = make_ssa_name (lhstype);
1621 gimple_call_set_lhs (g, a);
1622 gimple_set_location (g, gimple_location (stmt));
1623 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
1624 gimple_assign_set_rhs1 (stmt, a);
1625 update_stmt (stmt);
1626 break;
1627 default:
1628 break;
1629 }
1630 }
1631
1632 /* Instrument loads from (non-bitfield) bool and C++ enum values
1633 to check if the memory value is outside of the range of the valid
1634 type values. */
1635
1636 static void
1637 instrument_bool_enum_load (gimple_stmt_iterator *gsi)
1638 {
1639 gimple *stmt = gsi_stmt (*gsi);
1640 tree rhs = gimple_assign_rhs1 (stmt);
1641 tree type = TREE_TYPE (rhs);
1642 tree minv = NULL_TREE, maxv = NULL_TREE;
1643
1644 if (TREE_CODE (type) == BOOLEAN_TYPE
1645 && sanitize_flags_p (SANITIZE_BOOL))
1646 {
1647 minv = boolean_false_node;
1648 maxv = boolean_true_node;
1649 }
1650 else if (TREE_CODE (type) == ENUMERAL_TYPE
1651 && sanitize_flags_p (SANITIZE_ENUM)
1652 && TREE_TYPE (type) != NULL_TREE
1653 && TREE_CODE (TREE_TYPE (type)) == INTEGER_TYPE
1654 && (TYPE_PRECISION (TREE_TYPE (type))
1655 < GET_MODE_PRECISION (SCALAR_INT_TYPE_MODE (type))))
1656 {
1657 minv = TYPE_MIN_VALUE (TREE_TYPE (type));
1658 maxv = TYPE_MAX_VALUE (TREE_TYPE (type));
1659 }
1660 else
1661 return;
1662
1663 int modebitsize = GET_MODE_BITSIZE (SCALAR_INT_TYPE_MODE (type));
1664 HOST_WIDE_INT bitsize, bitpos;
1665 tree offset;
1666 machine_mode mode;
1667 int volatilep = 0, reversep, unsignedp = 0;
1668 tree base = get_inner_reference (rhs, &bitsize, &bitpos, &offset, &mode,
1669 &unsignedp, &reversep, &volatilep);
1670 tree utype = build_nonstandard_integer_type (modebitsize, 1);
1671
1672 if ((VAR_P (base) && DECL_HARD_REGISTER (base))
1673 || (bitpos % modebitsize) != 0
1674 || bitsize != modebitsize
1675 || GET_MODE_BITSIZE (SCALAR_INT_TYPE_MODE (utype)) != modebitsize
1676 || TREE_CODE (gimple_assign_lhs (stmt)) != SSA_NAME)
1677 return;
1678
1679 bool ends_bb = stmt_ends_bb_p (stmt);
1680 location_t loc = gimple_location (stmt);
1681 tree lhs = gimple_assign_lhs (stmt);
1682 tree ptype = build_pointer_type (TREE_TYPE (rhs));
1683 tree atype = reference_alias_ptr_type (rhs);
1684 gimple *g = gimple_build_assign (make_ssa_name (ptype),
1685 build_fold_addr_expr (rhs));
1686 gimple_set_location (g, loc);
1687 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1688 tree mem = build2 (MEM_REF, utype, gimple_assign_lhs (g),
1689 build_int_cst (atype, 0));
1690 tree urhs = make_ssa_name (utype);
1691 if (ends_bb)
1692 {
1693 gimple_assign_set_lhs (stmt, urhs);
1694 g = gimple_build_assign (lhs, NOP_EXPR, urhs);
1695 gimple_set_location (g, loc);
1696 edge e = find_fallthru_edge (gimple_bb (stmt)->succs);
1697 gsi_insert_on_edge_immediate (e, g);
1698 gimple_assign_set_rhs_from_tree (gsi, mem);
1699 update_stmt (stmt);
1700 *gsi = gsi_for_stmt (g);
1701 g = stmt;
1702 }
1703 else
1704 {
1705 g = gimple_build_assign (urhs, mem);
1706 gimple_set_location (g, loc);
1707 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1708 }
1709 minv = fold_convert (utype, minv);
1710 maxv = fold_convert (utype, maxv);
1711 if (!integer_zerop (minv))
1712 {
1713 g = gimple_build_assign (make_ssa_name (utype), MINUS_EXPR, urhs, minv);
1714 gimple_set_location (g, loc);
1715 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1716 }
1717
1718 gimple_stmt_iterator gsi2 = *gsi;
1719 basic_block then_bb, fallthru_bb;
1720 *gsi = create_cond_insert_point (gsi, true, false, true,
1721 &then_bb, &fallthru_bb);
1722 g = gimple_build_cond (GT_EXPR, gimple_assign_lhs (g),
1723 int_const_binop (MINUS_EXPR, maxv, minv),
1724 NULL_TREE, NULL_TREE);
1725 gimple_set_location (g, loc);
1726 gsi_insert_after (gsi, g, GSI_NEW_STMT);
1727
1728 if (!ends_bb)
1729 {
1730 gimple_assign_set_rhs_with_ops (&gsi2, NOP_EXPR, urhs);
1731 update_stmt (stmt);
1732 }
1733
1734 gsi2 = gsi_after_labels (then_bb);
1735 if (flag_sanitize_undefined_trap_on_error)
1736 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
1737 else
1738 {
1739 tree data = ubsan_create_data ("__ubsan_invalid_value_data", 1, &loc,
1740 ubsan_type_descriptor (type), NULL_TREE,
1741 NULL_TREE);
1742 data = build_fold_addr_expr_loc (loc, data);
1743 enum built_in_function bcode
1744 = (flag_sanitize_recover & (TREE_CODE (type) == BOOLEAN_TYPE
1745 ? SANITIZE_BOOL : SANITIZE_ENUM))
1746 ? BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE
1747 : BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE_ABORT;
1748 tree fn = builtin_decl_explicit (bcode);
1749
1750 tree val = ubsan_encode_value (urhs, UBSAN_ENCODE_VALUE_GIMPLE);
1751 val = force_gimple_operand_gsi (&gsi2, val, true, NULL_TREE, true,
1752 GSI_SAME_STMT);
1753 g = gimple_build_call (fn, 2, data, val);
1754 }
1755 gimple_set_location (g, loc);
1756 gsi_insert_before (&gsi2, g, GSI_SAME_STMT);
1757 ubsan_create_edge (g);
1758 *gsi = gsi_for_stmt (stmt);
1759 }
1760
1761 /* Determine if we can propagate given LOCATION to ubsan_data descriptor to use
1762 new style handlers. Libubsan uses heuristics to destinguish between old and
1763 new styles and relies on these properties for filename:
1764
1765 a) Location's filename must not be NULL.
1766 b) Location's filename must not be equal to "".
1767 c) Location's filename must not be equal to "\1".
1768 d) First two bytes of filename must not contain '\xff' symbol. */
1769
1770 static bool
1771 ubsan_use_new_style_p (location_t loc)
1772 {
1773 if (loc == UNKNOWN_LOCATION)
1774 return false;
1775
1776 expanded_location xloc = expand_location (loc);
1777 if (xloc.file == NULL || strncmp (xloc.file, "\1", 2) == 0
1778 || xloc.file[0] == '\0' || xloc.file[0] == '\xff'
1779 || xloc.file[1] == '\xff')
1780 return false;
1781
1782 return true;
1783 }
1784
1785 /* Instrument float point-to-integer conversion. TYPE is an integer type of
1786 destination, EXPR is floating-point expression. */
1787
1788 tree
1789 ubsan_instrument_float_cast (location_t loc, tree type, tree expr)
1790 {
1791 tree expr_type = TREE_TYPE (expr);
1792 tree t, tt, fn, min, max;
1793 machine_mode mode = TYPE_MODE (expr_type);
1794 int prec = TYPE_PRECISION (type);
1795 bool uns_p = TYPE_UNSIGNED (type);
1796 if (loc == UNKNOWN_LOCATION)
1797 loc = input_location;
1798
1799 /* Float to integer conversion first truncates toward zero, so
1800 even signed char c = 127.875f; is not problematic.
1801 Therefore, we should complain only if EXPR is unordered or smaller
1802 or equal than TYPE_MIN_VALUE - 1.0 or greater or equal than
1803 TYPE_MAX_VALUE + 1.0. */
1804 if (REAL_MODE_FORMAT (mode)->b == 2)
1805 {
1806 /* For maximum, TYPE_MAX_VALUE might not be representable
1807 in EXPR_TYPE, e.g. if TYPE is 64-bit long long and
1808 EXPR_TYPE is IEEE single float, but TYPE_MAX_VALUE + 1.0 is
1809 either representable or infinity. */
1810 REAL_VALUE_TYPE maxval = dconst1;
1811 SET_REAL_EXP (&maxval, REAL_EXP (&maxval) + prec - !uns_p);
1812 real_convert (&maxval, mode, &maxval);
1813 max = build_real (expr_type, maxval);
1814
1815 /* For unsigned, assume -1.0 is always representable. */
1816 if (uns_p)
1817 min = build_minus_one_cst (expr_type);
1818 else
1819 {
1820 /* TYPE_MIN_VALUE is generally representable (or -inf),
1821 but TYPE_MIN_VALUE - 1.0 might not be. */
1822 REAL_VALUE_TYPE minval = dconstm1, minval2;
1823 SET_REAL_EXP (&minval, REAL_EXP (&minval) + prec - 1);
1824 real_convert (&minval, mode, &minval);
1825 real_arithmetic (&minval2, MINUS_EXPR, &minval, &dconst1);
1826 real_convert (&minval2, mode, &minval2);
1827 if (real_compare (EQ_EXPR, &minval, &minval2)
1828 && !real_isinf (&minval))
1829 {
1830 /* If TYPE_MIN_VALUE - 1.0 is not representable and
1831 rounds to TYPE_MIN_VALUE, we need to subtract
1832 more. As REAL_MODE_FORMAT (mode)->p is the number
1833 of base digits, we want to subtract a number that
1834 will be 1 << (REAL_MODE_FORMAT (mode)->p - 1)
1835 times smaller than minval. */
1836 minval2 = dconst1;
1837 gcc_assert (prec > REAL_MODE_FORMAT (mode)->p);
1838 SET_REAL_EXP (&minval2,
1839 REAL_EXP (&minval2) + prec - 1
1840 - REAL_MODE_FORMAT (mode)->p + 1);
1841 real_arithmetic (&minval2, MINUS_EXPR, &minval, &minval2);
1842 real_convert (&minval2, mode, &minval2);
1843 }
1844 min = build_real (expr_type, minval2);
1845 }
1846 }
1847 else if (REAL_MODE_FORMAT (mode)->b == 10)
1848 {
1849 /* For _Decimal128 up to 34 decimal digits, - sign,
1850 dot, e, exponent. */
1851 char buf[64];
1852 mpfr_t m;
1853 int p = REAL_MODE_FORMAT (mode)->p;
1854 REAL_VALUE_TYPE maxval, minval;
1855
1856 /* Use mpfr_snprintf rounding to compute the smallest
1857 representable decimal number greater or equal than
1858 1 << (prec - !uns_p). */
1859 mpfr_init2 (m, prec + 2);
1860 mpfr_set_ui_2exp (m, 1, prec - !uns_p, GMP_RNDN);
1861 mpfr_snprintf (buf, sizeof buf, "%.*RUe", p - 1, m);
1862 decimal_real_from_string (&maxval, buf);
1863 max = build_real (expr_type, maxval);
1864
1865 /* For unsigned, assume -1.0 is always representable. */
1866 if (uns_p)
1867 min = build_minus_one_cst (expr_type);
1868 else
1869 {
1870 /* Use mpfr_snprintf rounding to compute the largest
1871 representable decimal number less or equal than
1872 (-1 << (prec - 1)) - 1. */
1873 mpfr_set_si_2exp (m, -1, prec - 1, GMP_RNDN);
1874 mpfr_sub_ui (m, m, 1, GMP_RNDN);
1875 mpfr_snprintf (buf, sizeof buf, "%.*RDe", p - 1, m);
1876 decimal_real_from_string (&minval, buf);
1877 min = build_real (expr_type, minval);
1878 }
1879 mpfr_clear (m);
1880 }
1881 else
1882 return NULL_TREE;
1883
1884 t = fold_build2 (UNLE_EXPR, boolean_type_node, expr, min);
1885 tt = fold_build2 (UNGE_EXPR, boolean_type_node, expr, max);
1886 t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t, tt);
1887 if (integer_zerop (t))
1888 return NULL_TREE;
1889
1890 if (flag_sanitize_undefined_trap_on_error)
1891 fn = build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
1892 else
1893 {
1894 location_t *loc_ptr = NULL;
1895 unsigned num_locations = 0;
1896 /* Figure out if we can propagate location to ubsan_data and use new
1897 style handlers in libubsan. */
1898 if (ubsan_use_new_style_p (loc))
1899 {
1900 loc_ptr = &loc;
1901 num_locations = 1;
1902 }
1903 /* Create the __ubsan_handle_float_cast_overflow fn call. */
1904 tree data = ubsan_create_data ("__ubsan_float_cast_overflow_data",
1905 num_locations, loc_ptr,
1906 ubsan_type_descriptor (expr_type),
1907 ubsan_type_descriptor (type), NULL_TREE,
1908 NULL_TREE);
1909 enum built_in_function bcode
1910 = (flag_sanitize_recover & SANITIZE_FLOAT_CAST)
1911 ? BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW
1912 : BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW_ABORT;
1913 fn = builtin_decl_explicit (bcode);
1914 fn = build_call_expr_loc (loc, fn, 2,
1915 build_fold_addr_expr_loc (loc, data),
1916 ubsan_encode_value (expr));
1917 }
1918
1919 return fold_build3 (COND_EXPR, void_type_node, t, fn, integer_zero_node);
1920 }
1921
1922 /* Instrument values passed to function arguments with nonnull attribute. */
1923
1924 static void
1925 instrument_nonnull_arg (gimple_stmt_iterator *gsi)
1926 {
1927 gimple *stmt = gsi_stmt (*gsi);
1928 location_t loc[2];
1929 /* infer_nonnull_range needs flag_delete_null_pointer_checks set,
1930 while for nonnull sanitization it is clear. */
1931 int save_flag_delete_null_pointer_checks = flag_delete_null_pointer_checks;
1932 flag_delete_null_pointer_checks = 1;
1933 loc[0] = gimple_location (stmt);
1934 loc[1] = UNKNOWN_LOCATION;
1935 for (unsigned int i = 0; i < gimple_call_num_args (stmt); i++)
1936 {
1937 tree arg = gimple_call_arg (stmt, i);
1938 if (POINTER_TYPE_P (TREE_TYPE (arg))
1939 && infer_nonnull_range_by_attribute (stmt, arg))
1940 {
1941 gimple *g;
1942 if (!is_gimple_val (arg))
1943 {
1944 g = gimple_build_assign (make_ssa_name (TREE_TYPE (arg)), arg);
1945 gimple_set_location (g, loc[0]);
1946 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1947 arg = gimple_assign_lhs (g);
1948 }
1949
1950 basic_block then_bb, fallthru_bb;
1951 *gsi = create_cond_insert_point (gsi, true, false, true,
1952 &then_bb, &fallthru_bb);
1953 g = gimple_build_cond (EQ_EXPR, arg,
1954 build_zero_cst (TREE_TYPE (arg)),
1955 NULL_TREE, NULL_TREE);
1956 gimple_set_location (g, loc[0]);
1957 gsi_insert_after (gsi, g, GSI_NEW_STMT);
1958
1959 *gsi = gsi_after_labels (then_bb);
1960 if (flag_sanitize_undefined_trap_on_error)
1961 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
1962 else
1963 {
1964 tree data = ubsan_create_data ("__ubsan_nonnull_arg_data",
1965 2, loc, NULL_TREE,
1966 build_int_cst (integer_type_node,
1967 i + 1),
1968 NULL_TREE);
1969 data = build_fold_addr_expr_loc (loc[0], data);
1970 enum built_in_function bcode
1971 = (flag_sanitize_recover & SANITIZE_NONNULL_ATTRIBUTE)
1972 ? BUILT_IN_UBSAN_HANDLE_NONNULL_ARG
1973 : BUILT_IN_UBSAN_HANDLE_NONNULL_ARG_ABORT;
1974 tree fn = builtin_decl_explicit (bcode);
1975
1976 g = gimple_build_call (fn, 1, data);
1977 }
1978 gimple_set_location (g, loc[0]);
1979 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1980 ubsan_create_edge (g);
1981 }
1982 *gsi = gsi_for_stmt (stmt);
1983 }
1984 flag_delete_null_pointer_checks = save_flag_delete_null_pointer_checks;
1985 }
1986
1987 /* Instrument returns in functions with returns_nonnull attribute. */
1988
1989 static void
1990 instrument_nonnull_return (gimple_stmt_iterator *gsi)
1991 {
1992 greturn *stmt = as_a <greturn *> (gsi_stmt (*gsi));
1993 location_t loc[2];
1994 tree arg = gimple_return_retval (stmt);
1995 /* infer_nonnull_range needs flag_delete_null_pointer_checks set,
1996 while for nonnull return sanitization it is clear. */
1997 int save_flag_delete_null_pointer_checks = flag_delete_null_pointer_checks;
1998 flag_delete_null_pointer_checks = 1;
1999 loc[0] = gimple_location (stmt);
2000 loc[1] = UNKNOWN_LOCATION;
2001 if (arg
2002 && POINTER_TYPE_P (TREE_TYPE (arg))
2003 && is_gimple_val (arg)
2004 && infer_nonnull_range_by_attribute (stmt, arg))
2005 {
2006 basic_block then_bb, fallthru_bb;
2007 *gsi = create_cond_insert_point (gsi, true, false, true,
2008 &then_bb, &fallthru_bb);
2009 gimple *g = gimple_build_cond (EQ_EXPR, arg,
2010 build_zero_cst (TREE_TYPE (arg)),
2011 NULL_TREE, NULL_TREE);
2012 gimple_set_location (g, loc[0]);
2013 gsi_insert_after (gsi, g, GSI_NEW_STMT);
2014
2015 *gsi = gsi_after_labels (then_bb);
2016 if (flag_sanitize_undefined_trap_on_error)
2017 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
2018 else
2019 {
2020 tree data = ubsan_create_data ("__ubsan_nonnull_return_data",
2021 1, &loc[1], NULL_TREE, NULL_TREE);
2022 data = build_fold_addr_expr_loc (loc[0], data);
2023 tree data2 = ubsan_create_data ("__ubsan_nonnull_return_data",
2024 1, &loc[0], NULL_TREE, NULL_TREE);
2025 data2 = build_fold_addr_expr_loc (loc[0], data2);
2026 enum built_in_function bcode
2027 = (flag_sanitize_recover & SANITIZE_RETURNS_NONNULL_ATTRIBUTE)
2028 ? BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_V1
2029 : BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_V1_ABORT;
2030 tree fn = builtin_decl_explicit (bcode);
2031
2032 g = gimple_build_call (fn, 2, data, data2);
2033 }
2034 gimple_set_location (g, loc[0]);
2035 gsi_insert_before (gsi, g, GSI_SAME_STMT);
2036 ubsan_create_edge (g);
2037 *gsi = gsi_for_stmt (stmt);
2038 }
2039 flag_delete_null_pointer_checks = save_flag_delete_null_pointer_checks;
2040 }
2041
2042 /* Instrument memory references. Here we check whether the pointer
2043 points to an out-of-bounds location. */
2044
2045 static void
2046 instrument_object_size (gimple_stmt_iterator *gsi, tree t, bool is_lhs)
2047 {
2048 gimple *stmt = gsi_stmt (*gsi);
2049 location_t loc = gimple_location (stmt);
2050 tree type;
2051 tree index = NULL_TREE;
2052 HOST_WIDE_INT size_in_bytes;
2053
2054 type = TREE_TYPE (t);
2055 if (VOID_TYPE_P (type))
2056 return;
2057
2058 switch (TREE_CODE (t))
2059 {
2060 case COMPONENT_REF:
2061 if (TREE_CODE (t) == COMPONENT_REF
2062 && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE)
2063 {
2064 tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1));
2065 t = build3 (COMPONENT_REF, TREE_TYPE (repr), TREE_OPERAND (t, 0),
2066 repr, TREE_OPERAND (t, 2));
2067 }
2068 break;
2069 case ARRAY_REF:
2070 index = TREE_OPERAND (t, 1);
2071 break;
2072 case INDIRECT_REF:
2073 case MEM_REF:
2074 case VAR_DECL:
2075 case PARM_DECL:
2076 case RESULT_DECL:
2077 break;
2078 default:
2079 return;
2080 }
2081
2082 size_in_bytes = int_size_in_bytes (type);
2083 if (size_in_bytes <= 0)
2084 return;
2085
2086 HOST_WIDE_INT bitsize, bitpos;
2087 tree offset;
2088 machine_mode mode;
2089 int volatilep = 0, reversep, unsignedp = 0;
2090 tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset, &mode,
2091 &unsignedp, &reversep, &volatilep);
2092
2093 if (bitpos % BITS_PER_UNIT != 0
2094 || bitsize != size_in_bytes * BITS_PER_UNIT)
2095 return;
2096
2097 bool decl_p = DECL_P (inner);
2098 tree base;
2099 if (decl_p)
2100 {
2101 if (DECL_REGISTER (inner))
2102 return;
2103 base = inner;
2104 }
2105 else if (TREE_CODE (inner) == MEM_REF)
2106 base = TREE_OPERAND (inner, 0);
2107 else
2108 return;
2109 tree ptr = build1 (ADDR_EXPR, build_pointer_type (TREE_TYPE (t)), t);
2110
2111 while (TREE_CODE (base) == SSA_NAME)
2112 {
2113 gimple *def_stmt = SSA_NAME_DEF_STMT (base);
2114 if (gimple_assign_ssa_name_copy_p (def_stmt)
2115 || (gimple_assign_cast_p (def_stmt)
2116 && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (def_stmt))))
2117 || (is_gimple_assign (def_stmt)
2118 && gimple_assign_rhs_code (def_stmt) == POINTER_PLUS_EXPR))
2119 {
2120 tree rhs1 = gimple_assign_rhs1 (def_stmt);
2121 if (TREE_CODE (rhs1) == SSA_NAME
2122 && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
2123 break;
2124 else
2125 base = rhs1;
2126 }
2127 else
2128 break;
2129 }
2130
2131 if (!POINTER_TYPE_P (TREE_TYPE (base)) && !DECL_P (base))
2132 return;
2133
2134 tree sizet;
2135 tree base_addr = base;
2136 gimple *bos_stmt = NULL;
2137 if (decl_p)
2138 base_addr = build1 (ADDR_EXPR,
2139 build_pointer_type (TREE_TYPE (base)), base);
2140 unsigned HOST_WIDE_INT size;
2141 if (compute_builtin_object_size (base_addr, 0, &size))
2142 sizet = build_int_cst (sizetype, size);
2143 else if (optimize)
2144 {
2145 if (LOCATION_LOCUS (loc) == UNKNOWN_LOCATION)
2146 loc = input_location;
2147 /* Generate __builtin_object_size call. */
2148 sizet = builtin_decl_explicit (BUILT_IN_OBJECT_SIZE);
2149 sizet = build_call_expr_loc (loc, sizet, 2, base_addr,
2150 integer_zero_node);
2151 sizet = force_gimple_operand_gsi (gsi, sizet, false, NULL_TREE, true,
2152 GSI_SAME_STMT);
2153 /* If the call above didn't end up being an integer constant, go one
2154 statement back and get the __builtin_object_size stmt. Save it,
2155 we might need it later. */
2156 if (SSA_VAR_P (sizet))
2157 {
2158 gsi_prev (gsi);
2159 bos_stmt = gsi_stmt (*gsi);
2160
2161 /* Move on to where we were. */
2162 gsi_next (gsi);
2163 }
2164 }
2165 else
2166 return;
2167
2168 /* Generate UBSAN_OBJECT_SIZE (ptr, ptr+sizeof(*ptr)-base, objsize, ckind)
2169 call. */
2170 /* ptr + sizeof (*ptr) - base */
2171 t = fold_build2 (MINUS_EXPR, sizetype,
2172 fold_convert (pointer_sized_int_node, ptr),
2173 fold_convert (pointer_sized_int_node, base_addr));
2174 t = fold_build2 (PLUS_EXPR, sizetype, t, TYPE_SIZE_UNIT (type));
2175
2176 /* Perhaps we can omit the check. */
2177 if (TREE_CODE (t) == INTEGER_CST
2178 && TREE_CODE (sizet) == INTEGER_CST
2179 && tree_int_cst_le (t, sizet))
2180 return;
2181
2182 if (index != NULL_TREE
2183 && TREE_CODE (index) == SSA_NAME
2184 && TREE_CODE (sizet) == INTEGER_CST)
2185 {
2186 gimple *def = SSA_NAME_DEF_STMT (index);
2187 if (is_gimple_assign (def)
2188 && gimple_assign_rhs_code (def) == BIT_AND_EXPR
2189 && TREE_CODE (gimple_assign_rhs2 (def)) == INTEGER_CST)
2190 {
2191 tree cst = gimple_assign_rhs2 (def);
2192 tree sz = fold_build2 (EXACT_DIV_EXPR, sizetype, sizet,
2193 TYPE_SIZE_UNIT (type));
2194 if (tree_int_cst_sgn (cst) >= 0
2195 && tree_int_cst_lt (cst, sz))
2196 return;
2197 }
2198 }
2199
2200 if (bos_stmt && gimple_call_builtin_p (bos_stmt, BUILT_IN_OBJECT_SIZE))
2201 ubsan_create_edge (bos_stmt);
2202
2203 /* We have to emit the check. */
2204 t = force_gimple_operand_gsi (gsi, t, true, NULL_TREE, true,
2205 GSI_SAME_STMT);
2206 ptr = force_gimple_operand_gsi (gsi, ptr, true, NULL_TREE, true,
2207 GSI_SAME_STMT);
2208 tree ckind = build_int_cst (unsigned_char_type_node,
2209 is_lhs ? UBSAN_STORE_OF : UBSAN_LOAD_OF);
2210 gimple *g = gimple_build_call_internal (IFN_UBSAN_OBJECT_SIZE, 4,
2211 ptr, t, sizet, ckind);
2212 gimple_set_location (g, loc);
2213 gsi_insert_before (gsi, g, GSI_SAME_STMT);
2214 }
2215
2216 /* Instrument values passed to builtin functions. */
2217
2218 static void
2219 instrument_builtin (gimple_stmt_iterator *gsi)
2220 {
2221 gimple *stmt = gsi_stmt (*gsi);
2222 location_t loc = gimple_location (stmt);
2223 tree arg;
2224 enum built_in_function fcode
2225 = DECL_FUNCTION_CODE (gimple_call_fndecl (stmt));
2226 int kind = 0;
2227 switch (fcode)
2228 {
2229 CASE_INT_FN (BUILT_IN_CLZ):
2230 kind = 1;
2231 gcc_fallthrough ();
2232 CASE_INT_FN (BUILT_IN_CTZ):
2233 arg = gimple_call_arg (stmt, 0);
2234 if (!integer_nonzerop (arg))
2235 {
2236 gimple *g;
2237 if (!is_gimple_val (arg))
2238 {
2239 g = gimple_build_assign (make_ssa_name (TREE_TYPE (arg)), arg);
2240 gimple_set_location (g, loc);
2241 gsi_insert_before (gsi, g, GSI_SAME_STMT);
2242 arg = gimple_assign_lhs (g);
2243 }
2244
2245 basic_block then_bb, fallthru_bb;
2246 *gsi = create_cond_insert_point (gsi, true, false, true,
2247 &then_bb, &fallthru_bb);
2248 g = gimple_build_cond (EQ_EXPR, arg,
2249 build_zero_cst (TREE_TYPE (arg)),
2250 NULL_TREE, NULL_TREE);
2251 gimple_set_location (g, loc);
2252 gsi_insert_after (gsi, g, GSI_NEW_STMT);
2253
2254 *gsi = gsi_after_labels (then_bb);
2255 if (flag_sanitize_undefined_trap_on_error)
2256 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
2257 else
2258 {
2259 tree t = build_int_cst (unsigned_char_type_node, kind);
2260 tree data = ubsan_create_data ("__ubsan_builtin_data",
2261 1, &loc, NULL_TREE, t, NULL_TREE);
2262 data = build_fold_addr_expr_loc (loc, data);
2263 enum built_in_function bcode
2264 = (flag_sanitize_recover & SANITIZE_BUILTIN)
2265 ? BUILT_IN_UBSAN_HANDLE_INVALID_BUILTIN
2266 : BUILT_IN_UBSAN_HANDLE_INVALID_BUILTIN_ABORT;
2267 tree fn = builtin_decl_explicit (bcode);
2268
2269 g = gimple_build_call (fn, 1, data);
2270 }
2271 gimple_set_location (g, loc);
2272 gsi_insert_before (gsi, g, GSI_SAME_STMT);
2273 ubsan_create_edge (g);
2274 }
2275 *gsi = gsi_for_stmt (stmt);
2276 break;
2277 default:
2278 break;
2279 }
2280 }
2281
2282 namespace {
2283
2284 const pass_data pass_data_ubsan =
2285 {
2286 GIMPLE_PASS, /* type */
2287 "ubsan", /* name */
2288 OPTGROUP_NONE, /* optinfo_flags */
2289 TV_TREE_UBSAN, /* tv_id */
2290 ( PROP_cfg | PROP_ssa ), /* properties_required */
2291 0, /* properties_provided */
2292 0, /* properties_destroyed */
2293 0, /* todo_flags_start */
2294 TODO_update_ssa, /* todo_flags_finish */
2295 };
2296
2297 class pass_ubsan : public gimple_opt_pass
2298 {
2299 public:
2300 pass_ubsan (gcc::context *ctxt)
2301 : gimple_opt_pass (pass_data_ubsan, ctxt)
2302 {}
2303
2304 /* opt_pass methods: */
2305 virtual bool gate (function *)
2306 {
2307 return sanitize_flags_p ((SANITIZE_NULL | SANITIZE_SI_OVERFLOW
2308 | SANITIZE_BOOL | SANITIZE_ENUM
2309 | SANITIZE_ALIGNMENT
2310 | SANITIZE_NONNULL_ATTRIBUTE
2311 | SANITIZE_RETURNS_NONNULL_ATTRIBUTE
2312 | SANITIZE_OBJECT_SIZE
2313 | SANITIZE_POINTER_OVERFLOW
2314 | SANITIZE_BUILTIN));
2315 }
2316
2317 virtual unsigned int execute (function *);
2318
2319 }; // class pass_ubsan
2320
2321 unsigned int
2322 pass_ubsan::execute (function *fun)
2323 {
2324 basic_block bb;
2325 gimple_stmt_iterator gsi;
2326 unsigned int ret = 0;
2327
2328 initialize_sanitizer_builtins ();
2329
2330 FOR_EACH_BB_FN (bb, fun)
2331 {
2332 for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi);)
2333 {
2334 gimple *stmt = gsi_stmt (gsi);
2335 if (is_gimple_debug (stmt) || gimple_clobber_p (stmt))
2336 {
2337 gsi_next (&gsi);
2338 continue;
2339 }
2340
2341 if ((sanitize_flags_p (SANITIZE_SI_OVERFLOW, fun->decl))
2342 && is_gimple_assign (stmt))
2343 instrument_si_overflow (gsi);
2344
2345 if (sanitize_flags_p (SANITIZE_NULL | SANITIZE_ALIGNMENT, fun->decl))
2346 {
2347 if (gimple_store_p (stmt))
2348 instrument_null (gsi, gimple_get_lhs (stmt), true);
2349 if (gimple_assign_single_p (stmt))
2350 instrument_null (gsi, gimple_assign_rhs1 (stmt), false);
2351 if (is_gimple_call (stmt))
2352 {
2353 unsigned args_num = gimple_call_num_args (stmt);
2354 for (unsigned i = 0; i < args_num; ++i)
2355 {
2356 tree arg = gimple_call_arg (stmt, i);
2357 if (is_gimple_reg (arg) || is_gimple_min_invariant (arg))
2358 continue;
2359 instrument_null (gsi, arg, false);
2360 }
2361 }
2362 }
2363
2364 if (sanitize_flags_p (SANITIZE_BOOL | SANITIZE_ENUM, fun->decl)
2365 && gimple_assign_load_p (stmt))
2366 {
2367 instrument_bool_enum_load (&gsi);
2368 bb = gimple_bb (stmt);
2369 }
2370
2371 if (sanitize_flags_p (SANITIZE_NONNULL_ATTRIBUTE, fun->decl)
2372 && is_gimple_call (stmt)
2373 && !gimple_call_internal_p (stmt))
2374 {
2375 instrument_nonnull_arg (&gsi);
2376 bb = gimple_bb (stmt);
2377 }
2378
2379 if (sanitize_flags_p (SANITIZE_BUILTIN, fun->decl)
2380 && gimple_call_builtin_p (stmt, BUILT_IN_NORMAL))
2381 {
2382 instrument_builtin (&gsi);
2383 bb = gimple_bb (stmt);
2384 }
2385
2386 if (sanitize_flags_p (SANITIZE_RETURNS_NONNULL_ATTRIBUTE, fun->decl)
2387 && gimple_code (stmt) == GIMPLE_RETURN)
2388 {
2389 instrument_nonnull_return (&gsi);
2390 bb = gimple_bb (stmt);
2391 }
2392
2393 if (sanitize_flags_p (SANITIZE_OBJECT_SIZE, fun->decl))
2394 {
2395 if (gimple_store_p (stmt))
2396 instrument_object_size (&gsi, gimple_get_lhs (stmt), true);
2397 if (gimple_assign_load_p (stmt))
2398 instrument_object_size (&gsi, gimple_assign_rhs1 (stmt),
2399 false);
2400 if (is_gimple_call (stmt))
2401 {
2402 unsigned args_num = gimple_call_num_args (stmt);
2403 for (unsigned i = 0; i < args_num; ++i)
2404 {
2405 tree arg = gimple_call_arg (stmt, i);
2406 if (is_gimple_reg (arg) || is_gimple_min_invariant (arg))
2407 continue;
2408 instrument_object_size (&gsi, arg, false);
2409 }
2410 }
2411 }
2412
2413 if (sanitize_flags_p (SANITIZE_POINTER_OVERFLOW, fun->decl))
2414 {
2415 if (is_gimple_assign (stmt)
2416 && gimple_assign_rhs_code (stmt) == POINTER_PLUS_EXPR)
2417 instrument_pointer_overflow (&gsi,
2418 gimple_assign_rhs1 (stmt),
2419 gimple_assign_rhs2 (stmt));
2420 if (gimple_store_p (stmt))
2421 maybe_instrument_pointer_overflow (&gsi,
2422 gimple_get_lhs (stmt));
2423 if (gimple_assign_single_p (stmt))
2424 maybe_instrument_pointer_overflow (&gsi,
2425 gimple_assign_rhs1 (stmt));
2426 if (is_gimple_call (stmt))
2427 {
2428 unsigned args_num = gimple_call_num_args (stmt);
2429 for (unsigned i = 0; i < args_num; ++i)
2430 {
2431 tree arg = gimple_call_arg (stmt, i);
2432 if (is_gimple_reg (arg))
2433 continue;
2434 maybe_instrument_pointer_overflow (&gsi, arg);
2435 }
2436 }
2437 }
2438
2439 gsi_next (&gsi);
2440 }
2441 if (gimple_purge_dead_eh_edges (bb))
2442 ret = TODO_cleanup_cfg;
2443 }
2444 return ret;
2445 }
2446
2447 } // anon namespace
2448
2449 gimple_opt_pass *
2450 make_pass_ubsan (gcc::context *ctxt)
2451 {
2452 return new pass_ubsan (ctxt);
2453 }
2454
2455 #include "gt-ubsan.h"
Mirror of the offical gcc git repository hosted at gcc.gnu.org