/cp
[official-gcc.git] / gcc / vtable-verify.c
blobd954d1f91e0608e7bde31e89ad6b938a3d9406cf
1 /* Copyright (C) 2013
2 Free Software Foundation, Inc.
4 This file is part of GCC.
6 GCC is free software; you can redistribute it and/or modify it under
7 the terms of the GNU General Public License as published by the Free
8 Software Foundation; either version 3, or (at your option) any later
9 version.
11 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
12 WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 for more details.
16 You should have received a copy of the GNU General Public License
17 along with GCC; see the file COPYING3. If not see
18 <http://www.gnu.org/licenses/>. */
20 /* Virtual Table Pointer Security Pass - Detect corruption of vtable pointers
21 before using them for virtual method dispatches. */
23 /* This file is part of the vtable security feature implementation.
24 The vtable security feature is designed to detect when a virtual
25 call is about to be made through an invalid vtable pointer
26 (possibly due to data corruption or malicious attacks). The
27 compiler finds every virtual call, and inserts a verification call
28 before the virtual call. The verification call takes the actual
29 vtable pointer value in the object through which the virtual call
30 is being made, and compares the vtable pointer against a set of all
31 valid vtable pointers that the object could contain (this set is
32 based on the declared type of the object). If the pointer is in
33 the valid set, execution is allowed to continue; otherwise the
34 program is halted.
36 There are several pieces needed in order to make this work: 1. For
37 every virtual class in the program (i.e. a class that contains
38 virtual methods), we need to build the set of all possible valid
39 vtables that an object of that class could point to. This includes
40 vtables for any class(es) that inherit from the class under
41 consideration. 2. For every such data set we build up, we need a
42 way to find and reference the data set. This is complicated by the
43 fact that the real vtable addresses are not known until runtime,
44 when the program is loaded into memory, but we need to reference the
45 sets at compile time when we are inserting verification calls into
46 the program. 3. We need to find every virtual call in the program,
47 and insert the verification call (with the appropriate arguments)
48 before the virtual call. 4. We need some runtime library pieces:
49 the code to build up the data sets at runtime; the code to actually
50 perform the verification using the data sets; and some code to set
51 protections on the data sets, so they themselves do not become
52 hacker targets.
54 To find and reference the set of valid vtable pointers for any given
55 virtual class, we create a special global variable for each virtual
56 class. We refer to this as the "vtable map variable" for that
57 class. The vtable map variable has the type "void *", and is
58 initialized by the compiler to NULL. At runtime when the set of
59 valid vtable pointers for a virtual class, e.g. class Foo, is built,
60 the vtable map variable for class Foo is made to point to the set.
61 During compile time, when the compiler is inserting verification
62 calls into the program, it passes the vtable map variable for the
63 appropriate class to the verification call, so that at runtime the
64 verification call can find the appropriate data set.
66 The actual set of valid vtable pointers for a virtual class,
67 e.g. class Foo, cannot be built until runtime, when the vtables get
68 loaded into memory and their addresses are known. But the knowledge
69 about which vtables belong in which class' hierarchy is only known
70 at compile time. Therefore at compile time we collect class
71 hierarchy and vtable information about every virtual class, and we
72 generate calls to build up the data sets at runtime. To build the
73 data sets, we call one of the functions we add to the runtime
74 library, __VLTRegisterPair. __VLTRegisterPair takes two arguments,
75 a vtable map variable and the address of a vtable. If the vtable
76 map variable is currently NULL, it creates a new data set (hash
77 table), makes the vtable map variable point to the new data set, and
78 inserts the vtable address into the data set. If the vtable map
79 variable is not NULL, it just inserts the vtable address into the
80 data set. In order to make sure that our data sets are built before
81 any verification calls happen, we create a special constructor
82 initialization function for each compilation unit, give it a very
83 high initialization priority, and insert all of our calls to
84 __VLTRegisterPair into our special constructor initialization
85 function.
87 The vtable verification feature is controlled by the flag
88 '-fvtable-verify='. There are three flavors of this:
89 '-fvtable-verify=std', '-fvtable-verify=preinit', and
90 '-fvtable-verify=none'. If the option '-fvtable-verfy=preinit' is
91 used, then our constructor initialization function gets put into the
92 preinit array. This is necessary if there are data sets that need
93 to be built very early in execution. If the constructor
94 initialization function gets put into the preinit array, the we also
95 add calls to __VLTChangePermission at the beginning and end of the
96 function. The call at the beginning sets the permissions on the
97 data sets and vtable map variables to read/write, and the one at the
98 end makes them read-only. If the '-fvtable-verify=std' option is
99 used, the constructor initialization functions are executed at their
100 normal time, and the __VLTChangePermission calls are handled
101 differently (see the comments in libstdc++-v3/libsupc++/vtv_rts.cc).
102 The option '-fvtable-verify=none' turns off vtable verification.
104 This file contains code for the tree pass that goes through all the
105 statements in each basic block, looking for virtual calls, and
106 inserting a call to __VLTVerifyVtablePointer (with appropriate
107 arguments) before each one. It also contains the hash table
108 functions for the data structures used for collecting the class
109 hierarchy data and building/maintaining the vtable map variable data
110 are defined in gcc/vtable-verify.h. These data structures are
111 shared with the code in the C++ front end that collects the class
112 hierarchy & vtable information and generates the vtable map
113 variables (see cp/vtable-class-hierarchy.c). This tree pass should
114 run just before the gimple is converted to RTL.
116 Some implementation details for this pass:
118 To find all of the virtual calls, we iterate through all the
119 gimple statements in each basic block, looking for any call
120 statement with the code "OBJ_TYPE_REF". Once we have found the
121 virtual call, we need to find the vtable pointer through which the
122 call is being made, and the type of the object containing the
123 pointer (to find the appropriate vtable map variable). We then use
124 these to build a call to __VLTVerifyVtablePointer, passing the
125 vtable map variable, and the vtable pointer. We insert the
126 verification call just after the gimple statement that gets the
127 vtable pointer out of the object, and we update the next
128 statement to depend on the result returned from
129 __VLTVerifyVtablePointer (the vtable pointer value), to ensure
130 subsequent compiler phases don't remove or reorder the call (it's no
131 good to have the verification occur after the virtual call, for
132 example). To find the vtable pointer being used (and the type of
133 the object) we search backwards through the def_stmts chain from the
134 virtual call (see verify_bb_vtables for more details). */
136 #include "config.h"
137 #include "system.h"
138 #include "coretypes.h"
139 #include "tree.h"
140 #include "basic-block.h"
141 #include "tree-ssa.h"
142 #include "tree-pass.h"
143 #include "cfgloop.h"
145 #include "vtable-verify.h"
147 unsigned num_vtable_map_nodes = 0;
148 int total_num_virtual_calls = 0;
149 int total_num_verified_vcalls = 0;
151 extern GTY(()) tree verify_vtbl_ptr_fndecl;
152 tree verify_vtbl_ptr_fndecl = NULL_TREE;
154 /* Keep track of whether or not any virtual call were verified. */
155 static bool any_verification_calls_generated = false;
157 unsigned int vtable_verify_main (void);
160 /* The following few functions are for the vtbl pointer hash table
161 in the 'registered' field of the struct vtable_map_node. The hash
162 table keeps track of which vtable pointers have been used in
163 calls to __VLTRegisterPair with that particular vtable map variable. */
165 /* This function checks to see if a particular VTABLE_DECL and OFFSET are
166 already in the 'registered' hash table for NODE. */
168 bool
169 vtbl_map_node_registration_find (struct vtbl_map_node *node,
170 tree vtable_decl,
171 unsigned offset)
173 struct vtable_registration key;
174 struct vtable_registration **slot;
176 gcc_assert (node && node->registered.is_created ());
178 key.vtable_decl = vtable_decl;
179 slot = (struct vtable_registration **) node->registered.find_slot (&key,
180 NO_INSERT);
182 if (slot && (*slot))
184 unsigned i;
185 for (i = 0; i < ((*slot)->offsets).length (); ++i)
186 if ((*slot)->offsets[i] == offset)
187 return true;
190 return false;
193 /* This function inserts VTABLE_DECL and OFFSET into the 'registered'
194 hash table for NODE. It returns a boolean indicating whether or not
195 it actually inserted anything. */
197 bool
198 vtbl_map_node_registration_insert (struct vtbl_map_node *node,
199 tree vtable_decl,
200 unsigned offset)
202 struct vtable_registration key;
203 struct vtable_registration **slot;
204 bool inserted_something = false;
206 if (!node || !node->registered.is_created ())
207 return false;
209 key.vtable_decl = vtable_decl;
210 slot = (struct vtable_registration **) node->registered.find_slot (&key,
211 INSERT);
213 if (! *slot)
215 struct vtable_registration *node;
216 node = XNEW (struct vtable_registration);
217 node->vtable_decl = vtable_decl;
219 (node->offsets).create (10);
220 (node->offsets).safe_push (offset);
221 *slot = node;
222 inserted_something = true;
224 else
226 /* We found the vtable_decl slot; we need to see if it already
227 contains the offset. If not, we need to add the offset. */
228 unsigned i;
229 bool found = false;
230 for (i = 0; i < ((*slot)->offsets).length () && !found; ++i)
231 if ((*slot)->offsets[i] == offset)
232 found = true;
234 if (!found)
236 ((*slot)->offsets).safe_push (offset);
237 inserted_something = true;
240 return inserted_something;
243 /* Hashtable functions for vtable_registration hashtables. */
245 inline hashval_t
246 registration_hasher::hash (const value_type *p)
248 const struct vtable_registration *n = (const struct vtable_registration *) p;
249 return (hashval_t) (DECL_UID (n->vtable_decl));
252 inline bool
253 registration_hasher::equal (const value_type *p1, const compare_type *p2)
255 const struct vtable_registration *n1 =
256 (const struct vtable_registration *) p1;
257 const struct vtable_registration *n2 =
258 (const struct vtable_registration *) p2;
259 return (DECL_UID (n1->vtable_decl) == DECL_UID (n2->vtable_decl));
262 /* End of hashtable functions for "registered" hashtables. */
266 /* Hashtable definition and functions for vtbl_map_hash. */
268 struct vtbl_map_hasher : typed_noop_remove <struct vtbl_map_node>
270 typedef struct vtbl_map_node value_type;
271 typedef struct vtbl_map_node compare_type;
272 static inline hashval_t hash (const value_type *);
273 static inline bool equal (const value_type *, const compare_type *);
276 /* Returns a hash code for P. */
278 inline hashval_t
279 vtbl_map_hasher::hash (const value_type *p)
281 const struct vtbl_map_node n = *((const struct vtbl_map_node *) p);
282 return (hashval_t) IDENTIFIER_HASH_VALUE (n.class_name);
285 /* Returns nonzero if P1 and P2 are equal. */
287 inline bool
288 vtbl_map_hasher::equal (const value_type *p1, const compare_type *p2)
290 const struct vtbl_map_node n1 = *((const struct vtbl_map_node *) p1);
291 const struct vtbl_map_node n2 = *((const struct vtbl_map_node *) p2);
292 return (IDENTIFIER_HASH_VALUE (n1.class_name) ==
293 IDENTIFIER_HASH_VALUE (n2.class_name));
296 /* Here are the two structures into which we insert vtable map nodes.
297 We use two data structures because of the vastly different ways we need
298 to find the nodes for various tasks (see comments in vtable-verify.h
299 for more details. */
301 typedef hash_table <vtbl_map_hasher> vtbl_map_table_type;
302 typedef vtbl_map_table_type::iterator vtbl_map_iterator_type;
304 /* Vtable map variable nodes stored in a hash table. */
305 static vtbl_map_table_type vtbl_map_hash;
307 /* Vtable map variable nodes stored in a vector. */
308 vec<struct vtbl_map_node *> vtbl_map_nodes_vec;
310 /* Return vtbl_map node for CLASS_NAME without creating a new one. */
312 struct vtbl_map_node *
313 vtbl_map_get_node (tree class_type)
315 struct vtbl_map_node key;
316 struct vtbl_map_node **slot;
318 tree class_type_decl;
319 tree class_name;
320 unsigned int type_quals;
322 if (!vtbl_map_hash.is_created ())
323 return NULL;
325 gcc_assert (TREE_CODE (class_type) == RECORD_TYPE);
328 /* Find the TYPE_DECL for the class. */
329 class_type_decl = TYPE_NAME (class_type);
331 /* Verify that there aren't any qualifiers on the type. */
332 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
333 gcc_assert (type_quals == TYPE_UNQUALIFIED);
335 /* Get the mangled name for the unqualified type. */
336 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
337 class_name = DECL_ASSEMBLER_NAME (class_type_decl);
339 key.class_name = class_name;
340 slot = (struct vtbl_map_node **) vtbl_map_hash.find_slot (&key,
341 NO_INSERT);
342 if (!slot)
343 return NULL;
344 return *slot;
347 /* Return vtbl_map node assigned to BASE_CLASS_TYPE. Create new one
348 when needed. */
350 struct vtbl_map_node *
351 find_or_create_vtbl_map_node (tree base_class_type)
353 struct vtbl_map_node key;
354 struct vtbl_map_node *node;
355 struct vtbl_map_node **slot;
356 tree class_type_decl;
357 unsigned int type_quals;
359 if (!vtbl_map_hash.is_created ())
360 vtbl_map_hash.create (10);
362 /* Find the TYPE_DECL for the class. */
363 class_type_decl = TYPE_NAME (base_class_type);
365 /* Verify that there aren't any type qualifiers on type. */
366 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
367 gcc_assert (type_quals == TYPE_UNQUALIFIED);
369 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
370 key.class_name = DECL_ASSEMBLER_NAME (class_type_decl);
371 slot = (struct vtbl_map_node **) vtbl_map_hash.find_slot (&key,
372 INSERT);
374 if (*slot)
375 return *slot;
377 node = XNEW (struct vtbl_map_node);
378 node->vtbl_map_decl = NULL_TREE;
379 node->class_name = key.class_name;
380 node->uid = num_vtable_map_nodes++;
382 node->class_info = XNEW (struct vtv_graph_node);
383 node->class_info->class_type = base_class_type;
384 node->class_info->class_uid = node->uid;
385 node->class_info->num_processed_children = 0;
387 (node->class_info->parents).create (4);
388 (node->class_info->children).create (4);
390 node->registered.create (16);
392 node->is_used = false;
394 vtbl_map_nodes_vec.safe_push (node);
395 gcc_assert (vtbl_map_nodes_vec[node->uid] == node);
397 *slot = node;
398 return node;
401 /* End of hashtable functions for vtable_map variables hash table. */
403 /* Given a gimple STMT, this function checks to see if the statement
404 is an assignment, the rhs of which is getting the vtable pointer
405 value out of an object. (i.e. it's the value we need to verify
406 because its the vtable pointer that will be used for a virtual
407 call). */
409 static bool
410 is_vtable_assignment_stmt (gimple stmt)
413 if (gimple_code (stmt) != GIMPLE_ASSIGN)
414 return false;
415 else
417 tree lhs = gimple_assign_lhs (stmt);
418 tree rhs = gimple_assign_rhs1 (stmt);
420 if (TREE_CODE (lhs) != SSA_NAME)
421 return false;
423 if (TREE_CODE (rhs) != COMPONENT_REF)
424 return false;
426 if (! (TREE_OPERAND (rhs, 1))
427 || (TREE_CODE (TREE_OPERAND (rhs, 1)) != FIELD_DECL))
428 return false;
430 if (! DECL_VIRTUAL_P (TREE_OPERAND (rhs, 1)))
431 return false;
434 return true;
437 /* This function attempts to recover the declared class of an object
438 that is used in making a virtual call. We try to get the type from
439 the type cast in the gimple assignment statement that extracts the
440 vtable pointer from the object (DEF_STMT). The gimple statement
441 usually looks something like this:
443 D.2201_4 = MEM[(struct Event *)this_1(D)]._vptr.Event */
445 static tree
446 extract_object_class_type (tree rhs)
448 tree result = NULL_TREE;
450 /* Try to find and extract the type cast from that stmt. */
451 if (TREE_CODE (rhs) == COMPONENT_REF)
453 tree op0 = TREE_OPERAND (rhs, 0);
454 tree op1 = TREE_OPERAND (rhs, 1);
456 if (TREE_CODE (op1) == FIELD_DECL
457 && DECL_VIRTUAL_P (op1))
459 if (TREE_CODE (op0) == COMPONENT_REF
460 && TREE_CODE (TREE_OPERAND (op0, 0)) == MEM_REF
461 && TREE_CODE (TREE_TYPE (TREE_OPERAND (op0, 0)))== RECORD_TYPE)
462 result = TREE_TYPE (TREE_OPERAND (op0, 0));
463 else
464 result = TREE_TYPE (op0);
466 else if (TREE_CODE (op0) == COMPONENT_REF)
468 result = extract_object_class_type (op0);
469 if (result == NULL_TREE
470 && TREE_CODE (op1) == COMPONENT_REF)
471 result = extract_object_class_type (op1);
475 return result;
478 /* This function traces forward through the def-use chain of an SSA
479 variable to see if it ever gets used in a virtual function call. It
480 returns a boolean indicating whether or not it found a virtual call in
481 the use chain. */
483 static bool
484 var_is_used_for_virtual_call_p (tree lhs, int *mem_ref_depth)
486 imm_use_iterator imm_iter;
487 bool found_vcall = false;
488 use_operand_p use_p;
490 if (TREE_CODE (lhs) != SSA_NAME)
491 return false;
493 if (*mem_ref_depth > 2)
494 return false;
496 /* Iterate through the immediate uses of the current variable. If
497 it's a virtual function call, we're done. Otherwise, if there's
498 an LHS for the use stmt, add the ssa var to the work list
499 (assuming it's not already in the list and is not a variable
500 we've already examined. */
502 FOR_EACH_IMM_USE_FAST (use_p, imm_iter, lhs)
504 gimple stmt2 = USE_STMT (use_p);
506 if (gimple_code (stmt2) == GIMPLE_CALL)
508 tree fncall = gimple_call_fn (stmt2);
509 if (TREE_CODE (fncall) == OBJ_TYPE_REF)
510 found_vcall = true;
511 else
512 return false;
514 else if (gimple_code (stmt2) == GIMPLE_PHI)
516 found_vcall = var_is_used_for_virtual_call_p
517 (gimple_phi_result (stmt2),
518 mem_ref_depth);
520 else if (gimple_code (stmt2) == GIMPLE_ASSIGN)
522 tree rhs = gimple_assign_rhs1 (stmt2);
523 if (TREE_CODE (rhs) == ADDR_EXPR
524 || TREE_CODE (rhs) == MEM_REF)
525 *mem_ref_depth = *mem_ref_depth + 1;
527 if (TREE_CODE (rhs) == COMPONENT_REF)
529 while (TREE_CODE (TREE_OPERAND (rhs, 0)) == COMPONENT_REF)
530 rhs = TREE_OPERAND (rhs, 0);
532 if (TREE_CODE (TREE_OPERAND (rhs, 0)) == ADDR_EXPR
533 || TREE_CODE (TREE_OPERAND (rhs, 0)) == MEM_REF)
534 *mem_ref_depth = *mem_ref_depth + 1;
537 if (*mem_ref_depth < 3)
538 found_vcall = var_is_used_for_virtual_call_p
539 (gimple_assign_lhs (stmt2),
540 mem_ref_depth);
543 else
544 break;
546 if (found_vcall)
547 return true;
550 return false;
553 /* Search through all the statements in a basic block (BB), searching
554 for virtual method calls. For each virtual method dispatch, find
555 the vptr value used, and the statically declared type of the
556 object; retrieve the vtable map variable for the type of the
557 object; generate a call to __VLTVerifyVtablePointer; and insert the
558 generated call into the basic block, after the point where the vptr
559 value is gotten out of the object and before the virtual method
560 dispatch. Make the virtual method dispatch depend on the return
561 value from the verification call, so that subsequent optimizations
562 cannot reorder the two calls. */
564 static void
565 verify_bb_vtables (basic_block bb)
567 gimple_seq stmts;
568 gimple stmt = NULL;
569 gimple_stmt_iterator gsi_vtbl_assign;
570 gimple_stmt_iterator gsi_virtual_call;
572 stmts = bb_seq (bb);
573 gsi_virtual_call = gsi_start (stmts);
574 for (; !gsi_end_p (gsi_virtual_call); gsi_next (&gsi_virtual_call))
576 stmt = gsi_stmt (gsi_virtual_call);
578 /* Count virtual calls. */
579 if (gimple_code (stmt) == GIMPLE_CALL)
581 tree fncall = gimple_call_fn (stmt);
582 if (TREE_CODE (fncall) == OBJ_TYPE_REF)
583 total_num_virtual_calls++;
586 if (is_vtable_assignment_stmt (stmt))
588 tree lhs = gimple_assign_lhs (stmt);
589 tree vtbl_var_decl = NULL_TREE;
590 struct vtbl_map_node *vtable_map_node;
591 tree vtbl_decl = NULL_TREE;
592 gimple call_stmt;
593 const char *vtable_name = "<unknown>";
594 tree tmp0;
595 bool found;
596 int mem_ref_depth = 0;
598 /* Make sure this vptr field access is for a virtual call. */
599 if (!var_is_used_for_virtual_call_p (lhs, &mem_ref_depth))
600 continue;
602 /* Now we have found the virtual method dispatch and
603 the preceding access of the _vptr.* field... Next
604 we need to find the statically declared type of
605 the object, so we can find and use the right
606 vtable map variable in the verification call. */
607 tree class_type = extract_object_class_type
608 (gimple_assign_rhs1 (stmt));
610 gsi_vtbl_assign = gsi_for_stmt (stmt);
612 if (class_type
613 && (TREE_CODE (class_type) == RECORD_TYPE)
614 && TYPE_BINFO (class_type))
616 /* Get the vtable VAR_DECL for the type. */
617 vtbl_var_decl = BINFO_VTABLE (TYPE_BINFO (class_type));
619 if (TREE_CODE (vtbl_var_decl) == POINTER_PLUS_EXPR)
620 vtbl_var_decl = TREE_OPERAND (TREE_OPERAND (vtbl_var_decl, 0),
623 gcc_assert (vtbl_var_decl);
625 vtbl_decl = vtbl_var_decl;
626 vtable_map_node = vtbl_map_get_node
627 (TYPE_MAIN_VARIANT (class_type));
629 gcc_assert (verify_vtbl_ptr_fndecl);
631 /* Given the vtable pointer for the base class of the
632 object, build the call to __VLTVerifyVtablePointer to
633 verify that the object's vtable pointer (contained in
634 lhs) is in the set of valid vtable pointers for the
635 base class. */
637 if (vtable_map_node && vtable_map_node->vtbl_map_decl)
639 use_operand_p use_p;
640 ssa_op_iter iter;
642 vtable_map_node->is_used = true;
643 vtbl_var_decl = vtable_map_node->vtbl_map_decl;
645 if (TREE_CODE (vtbl_decl) == VAR_DECL)
646 vtable_name = IDENTIFIER_POINTER (DECL_NAME (vtbl_decl));
648 /* Call different routines if we are interested in
649 trace information to debug problems. */
650 if (flag_vtv_debug)
652 int len1 = IDENTIFIER_LENGTH
653 (DECL_NAME (vtbl_var_decl));
654 int len2 = strlen (vtable_name);
656 call_stmt = gimple_build_call
657 (verify_vtbl_ptr_fndecl, 4,
658 build1 (ADDR_EXPR,
659 TYPE_POINTER_TO
660 (TREE_TYPE (vtbl_var_decl)),
661 vtbl_var_decl),
662 lhs,
663 build_string_literal
664 (len1 + 1,
665 IDENTIFIER_POINTER
666 (DECL_NAME
667 (vtbl_var_decl))),
668 build_string_literal (len2 + 1,
669 vtable_name));
671 else
672 call_stmt = gimple_build_call
673 (verify_vtbl_ptr_fndecl, 2,
674 build1 (ADDR_EXPR,
675 TYPE_POINTER_TO
676 (TREE_TYPE (vtbl_var_decl)),
677 vtbl_var_decl),
678 lhs);
681 /* Create a new SSA_NAME var to hold the call's
682 return value, and make the call_stmt use the
683 variable for that purpose. */
684 tmp0 = make_temp_ssa_name (TREE_TYPE (lhs), NULL, "VTV");
685 gimple_call_set_lhs (call_stmt, tmp0);
686 update_stmt (call_stmt);
688 /* Find the next stmt, after the vptr assignment
689 statememt, which should use the result of the
690 vptr assignment statement value. */
691 gsi_next (&gsi_vtbl_assign);
692 gimple next_stmt = gsi_stmt (gsi_vtbl_assign);
694 if (!next_stmt)
695 return;
697 /* Find any/all uses of 'lhs' in next_stmt, and
698 replace them with 'tmp0'. */
699 found = false;
700 FOR_EACH_PHI_OR_STMT_USE (use_p, next_stmt, iter,
701 SSA_OP_ALL_USES)
703 tree op = USE_FROM_PTR (use_p);
704 if (op == lhs)
706 SET_USE (use_p, tmp0);
707 found = true;
710 update_stmt (next_stmt);
711 gcc_assert (found);
713 /* Insert the new verification call just after the
714 statement that gets the vtable pointer out of the
715 object. */
716 gsi_vtbl_assign = gsi_for_stmt (stmt);
717 gsi_insert_after (&gsi_vtbl_assign, call_stmt,
718 GSI_NEW_STMT);
720 any_verification_calls_generated = true;
721 total_num_verified_vcalls++;
728 /* Main function, called from pass->excute(). Loop through all the
729 basic blocks in the current function, passing them to
730 verify_bb_vtables, which searches for virtual calls, and inserts
731 calls to __VLTVerifyVtablePointer. */
733 unsigned int
734 vtable_verify_main (void)
736 unsigned int ret = 1;
737 basic_block bb;
739 FOR_ALL_BB (bb)
740 verify_bb_vtables (bb);
742 return ret;
745 /* Gate function for the pass. */
747 static bool
748 gate_tree_vtable_verify (void)
750 return (flag_vtable_verify);
753 /* Definition of this optimization pass. */
755 namespace {
757 const pass_data pass_data_vtable_verify =
759 GIMPLE_PASS, /* type */
760 "vtable-verify", /* name */
761 OPTGROUP_NONE, /* optinfo_flags */
762 true, /* has_gate */
763 true, /* has_execute */
764 TV_VTABLE_VERIFICATION, /* tv_id */
765 ( PROP_cfg | PROP_ssa ), /* properties_required */
766 0, /* properties_provided */
767 0, /* properties_destroyed */
768 0, /* todo_flags_start */
769 TODO_update_ssa, /* todo_flags_finish */
772 class pass_vtable_verify : public gimple_opt_pass
774 public:
775 pass_vtable_verify (gcc::context *ctxt)
776 : gimple_opt_pass (pass_data_vtable_verify, ctxt)
779 /* opt_pass methods: */
780 bool gate () { return gate_tree_vtable_verify (); }
781 unsigned int execute () { return vtable_verify_main (); }
783 }; // class pass_vtable_verify
785 } // anon namespace
787 gimple_opt_pass *
788 make_pass_vtable_verify (gcc::context *ctxt)
790 return new pass_vtable_verify (ctxt);
793 #include "gt-vtable-verify.h"