search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
PR testsuite/66621
[official-gcc.git] / gcc / ubsan.c
blob3809728ce4671daf3bb94e8a786072aa7cc87a60
1 /* UndefinedBehaviorSanitizer, undefined behavior detector.
2 Copyright (C) 2013-2015 Free Software Foundation, Inc.
3 Contributed by Marek Polacek <polacek@redhat.com>
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 3, or (at your option) any later
10 version.
11
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "alias.h"
25 #include "symtab.h"
26 #include "options.h"
27 #include "tree.h"
28 #include "fold-const.h"
29 #include "stor-layout.h"
30 #include "stringpool.h"
31 #include "predict.h"
32 #include "dominance.h"
33 #include "cfg.h"
34 #include "cfganal.h"
35 #include "basic-block.h"
36 #include "plugin-api.h"
37 #include "tm.h"
38 #include "hard-reg-set.h"
39 #include "function.h"
40 #include "ipa-ref.h"
41 #include "cgraph.h"
42 #include "tree-pass.h"
43 #include "tree-ssa-alias.h"
44 #include "tree-pretty-print.h"
45 #include "internal-fn.h"
46 #include "gimple-expr.h"
47 #include "gimple.h"
48 #include "gimple-iterator.h"
49 #include "gimple-ssa.h"
50 #include "gimple-walk.h"
51 #include "output.h"
52 #include "tm_p.h"
53 #include "toplev.h"
54 #include "cfgloop.h"
55 #include "ubsan.h"
56 #include "c-family/c-common.h"
57 #include "rtl.h"
58 #include "flags.h"
59 #include "insn-config.h"
60 #include "expmed.h"
61 #include "dojump.h"
62 #include "explow.h"
63 #include "calls.h"
64 #include "emit-rtl.h"
65 #include "varasm.h"
66 #include "stmt.h"
67 #include "expr.h"
68 #include "tree-ssanames.h"
69 #include "asan.h"
70 #include "gimplify-me.h"
71 #include "intl.h"
72 #include "realmpfr.h"
73 #include "dfp.h"
74 #include "builtins.h"
75 #include "tree-object-size.h"
76 #include "tree-eh.h"
77 #include "tree-cfg.h"
78
79 /* Map from a tree to a VAR_DECL tree. */
80
81 struct GTY((for_user)) tree_type_map {
82 struct tree_map_base type;
83 tree decl;
84 };
85
86 struct tree_type_map_cache_hasher : ggc_cache_hasher<tree_type_map *>
87 {
88 static inline hashval_t
89 hash (tree_type_map *t)
90 {
91 return TYPE_UID (t->type.from);
92 }
93
94 static inline bool
95 equal (tree_type_map *a, tree_type_map *b)
96 {
97 return a->type.from == b->type.from;
98 }
99
100 static void
101 handle_cache_entry (tree_type_map *&m)
102 {
103 extern void gt_ggc_mx (tree_type_map *&);
104 if (m == HTAB_EMPTY_ENTRY || m == HTAB_DELETED_ENTRY)
105 return;
106 else if (ggc_marked_p (m->type.from))
107 gt_ggc_mx (m);
108 else
109 m = static_cast<tree_type_map *> (HTAB_DELETED_ENTRY);
110 }
111 };
112
113 static GTY ((cache))
114 hash_table<tree_type_map_cache_hasher> *decl_tree_for_type;
115
116 /* Lookup a VAR_DECL for TYPE, and return it if we find one. */
117
118 static tree
119 decl_for_type_lookup (tree type)
120 {
121 /* If the hash table is not initialized yet, create it now. */
122 if (decl_tree_for_type == NULL)
123 {
124 decl_tree_for_type
125 = hash_table<tree_type_map_cache_hasher>::create_ggc (10);
126 /* That also means we don't have to bother with the lookup. */
127 return NULL_TREE;
128 }
129
130 struct tree_type_map *h, in;
131 in.type.from = type;
132
133 h = decl_tree_for_type->find_with_hash (&in, TYPE_UID (type));
134 return h ? h->decl : NULL_TREE;
135 }
136
137 /* Insert a mapping TYPE->DECL in the VAR_DECL for type hashtable. */
138
139 static void
140 decl_for_type_insert (tree type, tree decl)
141 {
142 struct tree_type_map *h;
143
144 h = ggc_alloc<tree_type_map> ();
145 h->type.from = type;
146 h->decl = decl;
147 *decl_tree_for_type->find_slot_with_hash (h, TYPE_UID (type), INSERT) = h;
148 }
149
150 /* Helper routine, which encodes a value in the pointer_sized_int_node.
151 Arguments with precision <= POINTER_SIZE are passed directly,
152 the rest is passed by reference. T is a value we are to encode.
153 IN_EXPAND_P is true if this function is called during expansion. */
154
155 tree
156 ubsan_encode_value (tree t, bool in_expand_p)
157 {
158 tree type = TREE_TYPE (t);
159 const unsigned int bitsize = GET_MODE_BITSIZE (TYPE_MODE (type));
160 if (bitsize <= POINTER_SIZE)
161 switch (TREE_CODE (type))
162 {
163 case BOOLEAN_TYPE:
164 case ENUMERAL_TYPE:
165 case INTEGER_TYPE:
166 return fold_build1 (NOP_EXPR, pointer_sized_int_node, t);
167 case REAL_TYPE:
168 {
169 tree itype = build_nonstandard_integer_type (bitsize, true);
170 t = fold_build1 (VIEW_CONVERT_EXPR, itype, t);
171 return fold_convert (pointer_sized_int_node, t);
172 }
173 default:
174 gcc_unreachable ();
175 }
176 else
177 {
178 if (!DECL_P (t) || !TREE_ADDRESSABLE (t))
179 {
180 /* The reason for this is that we don't want to pessimize
181 code by making vars unnecessarily addressable. */
182 tree var = create_tmp_var (type);
183 tree tem = build2 (MODIFY_EXPR, void_type_node, var, t);
184 if (in_expand_p)
185 {
186 rtx mem
187 = assign_stack_temp_for_type (TYPE_MODE (type),
188 GET_MODE_SIZE (TYPE_MODE (type)),
189 type);
190 SET_DECL_RTL (var, mem);
191 expand_assignment (var, t, false);
192 return build_fold_addr_expr (var);
193 }
194 t = build_fold_addr_expr (var);
195 return build2 (COMPOUND_EXPR, TREE_TYPE (t), tem, t);
196 }
197 else
198 return build_fold_addr_expr (t);
199 }
200 }
201
202 /* Cached ubsan_get_type_descriptor_type () return value. */
203 static GTY(()) tree ubsan_type_descriptor_type;
204
205 /* Build
206 struct __ubsan_type_descriptor
207 {
208 unsigned short __typekind;
209 unsigned short __typeinfo;
210 char __typename[];
211 }
212 type. */
213
214 static tree
215 ubsan_get_type_descriptor_type (void)
216 {
217 static const char *field_names[3]
218 = { "__typekind", "__typeinfo", "__typename" };
219 tree fields[3], ret;
220
221 if (ubsan_type_descriptor_type)
222 return ubsan_type_descriptor_type;
223
224 tree itype = build_range_type (sizetype, size_zero_node, NULL_TREE);
225 tree flex_arr_type = build_array_type (char_type_node, itype);
226
227 ret = make_node (RECORD_TYPE);
228 for (int i = 0; i < 3; i++)
229 {
230 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL,
231 get_identifier (field_names[i]),
232 (i == 2) ? flex_arr_type
233 : short_unsigned_type_node);
234 DECL_CONTEXT (fields[i]) = ret;
235 if (i)
236 DECL_CHAIN (fields[i - 1]) = fields[i];
237 }
238 tree type_decl = build_decl (input_location, TYPE_DECL,
239 get_identifier ("__ubsan_type_descriptor"),
240 ret);
241 DECL_IGNORED_P (type_decl) = 1;
242 DECL_ARTIFICIAL (type_decl) = 1;
243 TYPE_FIELDS (ret) = fields[0];
244 TYPE_NAME (ret) = type_decl;
245 TYPE_STUB_DECL (ret) = type_decl;
246 layout_type (ret);
247 ubsan_type_descriptor_type = ret;
248 return ret;
249 }
250
251 /* Cached ubsan_get_source_location_type () return value. */
252 static GTY(()) tree ubsan_source_location_type;
253
254 /* Build
255 struct __ubsan_source_location
256 {
257 const char *__filename;
258 unsigned int __line;
259 unsigned int __column;
260 }
261 type. */
262
263 tree
264 ubsan_get_source_location_type (void)
265 {
266 static const char *field_names[3]
267 = { "__filename", "__line", "__column" };
268 tree fields[3], ret;
269 if (ubsan_source_location_type)
270 return ubsan_source_location_type;
271
272 tree const_char_type = build_qualified_type (char_type_node,
273 TYPE_QUAL_CONST);
274
275 ret = make_node (RECORD_TYPE);
276 for (int i = 0; i < 3; i++)
277 {
278 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL,
279 get_identifier (field_names[i]),
280 (i == 0) ? build_pointer_type (const_char_type)
281 : unsigned_type_node);
282 DECL_CONTEXT (fields[i]) = ret;
283 if (i)
284 DECL_CHAIN (fields[i - 1]) = fields[i];
285 }
286 tree type_decl = build_decl (input_location, TYPE_DECL,
287 get_identifier ("__ubsan_source_location"),
288 ret);
289 DECL_IGNORED_P (type_decl) = 1;
290 DECL_ARTIFICIAL (type_decl) = 1;
291 TYPE_FIELDS (ret) = fields[0];
292 TYPE_NAME (ret) = type_decl;
293 TYPE_STUB_DECL (ret) = type_decl;
294 layout_type (ret);
295 ubsan_source_location_type = ret;
296 return ret;
297 }
298
299 /* Helper routine that returns a CONSTRUCTOR of __ubsan_source_location
300 type with its fields filled from a location_t LOC. */
301
302 static tree
303 ubsan_source_location (location_t loc)
304 {
305 expanded_location xloc;
306 tree type = ubsan_get_source_location_type ();
307
308 xloc = expand_location (loc);
309 tree str;
310 if (xloc.file == NULL)
311 {
312 str = build_int_cst (ptr_type_node, 0);
313 xloc.line = 0;
314 xloc.column = 0;
315 }
316 else
317 {
318 /* Fill in the values from LOC. */
319 size_t len = strlen (xloc.file) + 1;
320 str = build_string (len, xloc.file);
321 TREE_TYPE (str) = build_array_type_nelts (char_type_node, len);
322 TREE_READONLY (str) = 1;
323 TREE_STATIC (str) = 1;
324 str = build_fold_addr_expr (str);
325 }
326 tree ctor = build_constructor_va (type, 3, NULL_TREE, str, NULL_TREE,
327 build_int_cst (unsigned_type_node,
328 xloc.line), NULL_TREE,
329 build_int_cst (unsigned_type_node,
330 xloc.column));
331 TREE_CONSTANT (ctor) = 1;
332 TREE_STATIC (ctor) = 1;
333
334 return ctor;
335 }
336
337 /* This routine returns a magic number for TYPE. */
338
339 static unsigned short
340 get_ubsan_type_info_for_type (tree type)
341 {
342 gcc_assert (TYPE_SIZE (type) && tree_fits_uhwi_p (TYPE_SIZE (type)));
343 if (TREE_CODE (type) == REAL_TYPE)
344 return tree_to_uhwi (TYPE_SIZE (type));
345 else if (INTEGRAL_TYPE_P (type))
346 {
347 int prec = exact_log2 (tree_to_uhwi (TYPE_SIZE (type)));
348 gcc_assert (prec != -1);
349 return (prec << 1) | !TYPE_UNSIGNED (type);
350 }
351 else
352 return 0;
353 }
354
355 /* Helper routine that returns ADDR_EXPR of a VAR_DECL of a type
356 descriptor. It first looks into the hash table; if not found,
357 create the VAR_DECL, put it into the hash table and return the
358 ADDR_EXPR of it. TYPE describes a particular type. PSTYLE is
359 an enum controlling how we want to print the type. */
360
361 tree
362 ubsan_type_descriptor (tree type, enum ubsan_print_style pstyle)
363 {
364 /* See through any typedefs. */
365 type = TYPE_MAIN_VARIANT (type);
366
367 tree decl = decl_for_type_lookup (type);
368 /* It is possible that some of the earlier created DECLs were found
369 unused, in that case they weren't emitted and varpool_node::get
370 returns NULL node on them. But now we really need them. Thus,
371 renew them here. */
372 if (decl != NULL_TREE && varpool_node::get (decl))
373 return build_fold_addr_expr (decl);
374
375 tree dtype = ubsan_get_type_descriptor_type ();
376 tree type2 = type;
377 const char *tname = NULL;
378 pretty_printer pretty_name;
379 unsigned char deref_depth = 0;
380 unsigned short tkind, tinfo;
381
382 /* Get the name of the type, or the name of the pointer type. */
383 if (pstyle == UBSAN_PRINT_POINTER)
384 {
385 gcc_assert (POINTER_TYPE_P (type));
386 type2 = TREE_TYPE (type);
387
388 /* Remove any '*' operators from TYPE. */
389 while (POINTER_TYPE_P (type2))
390 deref_depth++, type2 = TREE_TYPE (type2);
391
392 if (TREE_CODE (type2) == METHOD_TYPE)
393 type2 = TYPE_METHOD_BASETYPE (type2);
394 }
395
396 /* If an array, get its type. */
397 type2 = strip_array_types (type2);
398
399 if (pstyle == UBSAN_PRINT_ARRAY)
400 {
401 while (POINTER_TYPE_P (type2))
402 deref_depth++, type2 = TREE_TYPE (type2);
403 }
404
405 if (TYPE_NAME (type2) != NULL)
406 {
407 if (TREE_CODE (TYPE_NAME (type2)) == IDENTIFIER_NODE)
408 tname = IDENTIFIER_POINTER (TYPE_NAME (type2));
409 else if (DECL_NAME (TYPE_NAME (type2)) != NULL)
410 tname = IDENTIFIER_POINTER (DECL_NAME (TYPE_NAME (type2)));
411 }
412
413 if (tname == NULL)
414 /* We weren't able to determine the type name. */
415 tname = "<unknown>";
416
417 if (pstyle == UBSAN_PRINT_POINTER)
418 {
419 pp_printf (&pretty_name, "'%s%s%s%s%s%s%s",
420 TYPE_VOLATILE (type2) ? "volatile " : "",
421 TYPE_READONLY (type2) ? "const " : "",
422 TYPE_RESTRICT (type2) ? "restrict " : "",
423 TYPE_ATOMIC (type2) ? "_Atomic " : "",
424 TREE_CODE (type2) == RECORD_TYPE
425 ? "struct "
426 : TREE_CODE (type2) == UNION_TYPE
427 ? "union " : "", tname,
428 deref_depth == 0 ? "" : " ");
429 while (deref_depth-- > 0)
430 pp_star (&pretty_name);
431 pp_quote (&pretty_name);
432 }
433 else if (pstyle == UBSAN_PRINT_ARRAY)
434 {
435 /* Pretty print the array dimensions. */
436 gcc_assert (TREE_CODE (type) == ARRAY_TYPE);
437 tree t = type;
438 pp_printf (&pretty_name, "'%s ", tname);
439 while (deref_depth-- > 0)
440 pp_star (&pretty_name);
441 while (TREE_CODE (t) == ARRAY_TYPE)
442 {
443 pp_left_bracket (&pretty_name);
444 tree dom = TYPE_DOMAIN (t);
445 if (dom && TREE_CODE (TYPE_MAX_VALUE (dom)) == INTEGER_CST)
446 {
447 if (tree_fits_uhwi_p (TYPE_MAX_VALUE (dom))
448 && tree_to_uhwi (TYPE_MAX_VALUE (dom)) + 1 != 0)
449 pp_printf (&pretty_name, HOST_WIDE_INT_PRINT_DEC,
450 tree_to_uhwi (TYPE_MAX_VALUE (dom)) + 1);
451 else
452 pp_wide_int (&pretty_name,
453 wi::add (wi::to_widest (TYPE_MAX_VALUE (dom)), 1),
454 TYPE_SIGN (TREE_TYPE (dom)));
455 }
456 else
457 /* ??? We can't determine the variable name; print VLA unspec. */
458 pp_star (&pretty_name);
459 pp_right_bracket (&pretty_name);
460 t = TREE_TYPE (t);
461 }
462 pp_quote (&pretty_name);
463
464 /* Save the tree with stripped types. */
465 type = t;
466 }
467 else
468 pp_printf (&pretty_name, "'%s'", tname);
469
470 switch (TREE_CODE (type))
471 {
472 case BOOLEAN_TYPE:
473 case ENUMERAL_TYPE:
474 case INTEGER_TYPE:
475 tkind = 0x0000;
476 break;
477 case REAL_TYPE:
478 /* FIXME: libubsan right now only supports float, double and
479 long double type formats. */
480 if (TYPE_MODE (type) == TYPE_MODE (float_type_node)
481 || TYPE_MODE (type) == TYPE_MODE (double_type_node)
482 || TYPE_MODE (type) == TYPE_MODE (long_double_type_node))
483 tkind = 0x0001;
484 else
485 tkind = 0xffff;
486 break;
487 default:
488 tkind = 0xffff;
489 break;
490 }
491 tinfo = get_ubsan_type_info_for_type (type);
492
493 /* Create a new VAR_DECL of type descriptor. */
494 const char *tmp = pp_formatted_text (&pretty_name);
495 size_t len = strlen (tmp) + 1;
496 tree str = build_string (len, tmp);
497 TREE_TYPE (str) = build_array_type_nelts (char_type_node, len);
498 TREE_READONLY (str) = 1;
499 TREE_STATIC (str) = 1;
500
501 char tmp_name[32];
502 static unsigned int type_var_id_num;
503 ASM_GENERATE_INTERNAL_LABEL (tmp_name, "Lubsan_type", type_var_id_num++);
504 decl = build_decl (UNKNOWN_LOCATION, VAR_DECL, get_identifier (tmp_name),
505 dtype);
506 TREE_STATIC (decl) = 1;
507 TREE_PUBLIC (decl) = 0;
508 DECL_ARTIFICIAL (decl) = 1;
509 DECL_IGNORED_P (decl) = 1;
510 DECL_EXTERNAL (decl) = 0;
511 DECL_SIZE (decl)
512 = size_binop (PLUS_EXPR, DECL_SIZE (decl), TYPE_SIZE (TREE_TYPE (str)));
513 DECL_SIZE_UNIT (decl)
514 = size_binop (PLUS_EXPR, DECL_SIZE_UNIT (decl),
515 TYPE_SIZE_UNIT (TREE_TYPE (str)));
516
517 tree ctor = build_constructor_va (dtype, 3, NULL_TREE,
518 build_int_cst (short_unsigned_type_node,
519 tkind), NULL_TREE,
520 build_int_cst (short_unsigned_type_node,
521 tinfo), NULL_TREE, str);
522 TREE_CONSTANT (ctor) = 1;
523 TREE_STATIC (ctor) = 1;
524 DECL_INITIAL (decl) = ctor;
525 varpool_node::finalize_decl (decl);
526
527 /* Save the VAR_DECL into the hash table. */
528 decl_for_type_insert (type, decl);
529
530 return build_fold_addr_expr (decl);
531 }
532
533 /* Create a structure for the ubsan library. NAME is a name of the new
534 structure. LOCCNT is number of locations, PLOC points to array of
535 locations. The arguments in ... are of __ubsan_type_descriptor type
536 and there are at most two of them, followed by NULL_TREE, followed
537 by optional extra arguments and another NULL_TREE. */
538
539 tree
540 ubsan_create_data (const char *name, int loccnt, const location_t *ploc, ...)
541 {
542 va_list args;
543 tree ret, t;
544 tree fields[6];
545 vec<tree, va_gc> *saved_args = NULL;
546 size_t i = 0;
547 int j;
548
549 /* Firstly, create a pointer to type descriptor type. */
550 tree td_type = ubsan_get_type_descriptor_type ();
551 td_type = build_pointer_type (td_type);
552
553 /* Create the structure type. */
554 ret = make_node (RECORD_TYPE);
555 for (j = 0; j < loccnt; j++)
556 {
557 gcc_checking_assert (i < 2);
558 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
559 ubsan_get_source_location_type ());
560 DECL_CONTEXT (fields[i]) = ret;
561 if (i)
562 DECL_CHAIN (fields[i - 1]) = fields[i];
563 i++;
564 }
565
566 va_start (args, ploc);
567 for (t = va_arg (args, tree); t != NULL_TREE;
568 i++, t = va_arg (args, tree))
569 {
570 gcc_checking_assert (i < 4);
571 /* Save the tree arguments for later use. */
572 vec_safe_push (saved_args, t);
573 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
574 td_type);
575 DECL_CONTEXT (fields[i]) = ret;
576 if (i)
577 DECL_CHAIN (fields[i - 1]) = fields[i];
578 }
579
580 for (t = va_arg (args, tree); t != NULL_TREE;
581 i++, t = va_arg (args, tree))
582 {
583 gcc_checking_assert (i < 6);
584 /* Save the tree arguments for later use. */
585 vec_safe_push (saved_args, t);
586 fields[i] = build_decl (UNKNOWN_LOCATION, FIELD_DECL, NULL_TREE,
587 TREE_TYPE (t));
588 DECL_CONTEXT (fields[i]) = ret;
589 if (i)
590 DECL_CHAIN (fields[i - 1]) = fields[i];
591 }
592 va_end (args);
593
594 tree type_decl = build_decl (input_location, TYPE_DECL,
595 get_identifier (name), ret);
596 DECL_IGNORED_P (type_decl) = 1;
597 DECL_ARTIFICIAL (type_decl) = 1;
598 TYPE_FIELDS (ret) = fields[0];
599 TYPE_NAME (ret) = type_decl;
600 TYPE_STUB_DECL (ret) = type_decl;
601 layout_type (ret);
602
603 /* Now, fill in the type. */
604 char tmp_name[32];
605 static unsigned int ubsan_var_id_num;
606 ASM_GENERATE_INTERNAL_LABEL (tmp_name, "Lubsan_data", ubsan_var_id_num++);
607 tree var = build_decl (UNKNOWN_LOCATION, VAR_DECL, get_identifier (tmp_name),
608 ret);
609 TREE_STATIC (var) = 1;
610 TREE_PUBLIC (var) = 0;
611 DECL_ARTIFICIAL (var) = 1;
612 DECL_IGNORED_P (var) = 1;
613 DECL_EXTERNAL (var) = 0;
614
615 vec<constructor_elt, va_gc> *v;
616 vec_alloc (v, i);
617 tree ctor = build_constructor (ret, v);
618
619 /* If desirable, set the __ubsan_source_location element. */
620 for (j = 0; j < loccnt; j++)
621 {
622 location_t loc = LOCATION_LOCUS (ploc[j]);
623 CONSTRUCTOR_APPEND_ELT (v, NULL_TREE, ubsan_source_location (loc));
624 }
625
626 size_t nelts = vec_safe_length (saved_args);
627 for (i = 0; i < nelts; i++)
628 {
629 t = (*saved_args)[i];
630 CONSTRUCTOR_APPEND_ELT (v, NULL_TREE, t);
631 }
632
633 TREE_CONSTANT (ctor) = 1;
634 TREE_STATIC (ctor) = 1;
635 DECL_INITIAL (var) = ctor;
636 varpool_node::finalize_decl (var);
637
638 return var;
639 }
640
641 /* Instrument the __builtin_unreachable call. We just call the libubsan
642 routine instead. */
643
644 bool
645 ubsan_instrument_unreachable (gimple_stmt_iterator *gsi)
646 {
647 gimple g;
648 location_t loc = gimple_location (gsi_stmt (*gsi));
649
650 if (flag_sanitize_undefined_trap_on_error)
651 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
652 else
653 {
654 tree data = ubsan_create_data ("__ubsan_unreachable_data", 1, &loc,
655 NULL_TREE, NULL_TREE);
656 data = build_fold_addr_expr_loc (loc, data);
657 tree fn
658 = builtin_decl_explicit (BUILT_IN_UBSAN_HANDLE_BUILTIN_UNREACHABLE);
659 g = gimple_build_call (fn, 1, data);
660 }
661 gimple_set_location (g, loc);
662 gsi_replace (gsi, g, false);
663 return false;
664 }
665
666 /* Return true if T is a call to a libubsan routine. */
667
668 bool
669 is_ubsan_builtin_p (tree t)
670 {
671 return TREE_CODE (t) == FUNCTION_DECL
672 && DECL_BUILT_IN_CLASS (t) == BUILT_IN_NORMAL
673 && strncmp (IDENTIFIER_POINTER (DECL_NAME (t)),
674 "__builtin___ubsan_", 18) == 0;
675 }
676
677 /* Create a callgraph edge for statement STMT. */
678
679 static void
680 ubsan_create_edge (gimple stmt)
681 {
682 gcall *call_stmt = dyn_cast <gcall *> (stmt);
683 basic_block bb = gimple_bb (stmt);
684 int freq = compute_call_stmt_bb_frequency (current_function_decl, bb);
685 cgraph_node *node = cgraph_node::get (current_function_decl);
686 tree decl = gimple_call_fndecl (call_stmt);
687 if (decl)
688 node->create_edge (cgraph_node::get_create (decl), call_stmt, bb->count,
689 freq);
690 }
691
692 /* Expand the UBSAN_BOUNDS special builtin function. */
693
694 bool
695 ubsan_expand_bounds_ifn (gimple_stmt_iterator *gsi)
696 {
697 gimple stmt = gsi_stmt (*gsi);
698 location_t loc = gimple_location (stmt);
699 gcc_assert (gimple_call_num_args (stmt) == 3);
700
701 /* Pick up the arguments of the UBSAN_BOUNDS call. */
702 tree type = TREE_TYPE (TREE_TYPE (gimple_call_arg (stmt, 0)));
703 tree index = gimple_call_arg (stmt, 1);
704 tree orig_index_type = TREE_TYPE (index);
705 tree bound = gimple_call_arg (stmt, 2);
706
707 gimple_stmt_iterator gsi_orig = *gsi;
708
709 /* Create condition "if (index > bound)". */
710 basic_block then_bb, fallthru_bb;
711 gimple_stmt_iterator cond_insert_point
712 = create_cond_insert_point (gsi, false, false, true,
713 &then_bb, &fallthru_bb);
714 index = fold_convert (TREE_TYPE (bound), index);
715 index = force_gimple_operand_gsi (&cond_insert_point, index,
716 true, NULL_TREE,
717 false, GSI_NEW_STMT);
718 gimple g = gimple_build_cond (GT_EXPR, index, bound, NULL_TREE, NULL_TREE);
719 gimple_set_location (g, loc);
720 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
721
722 /* Generate __ubsan_handle_out_of_bounds call. */
723 *gsi = gsi_after_labels (then_bb);
724 if (flag_sanitize_undefined_trap_on_error)
725 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
726 else
727 {
728 tree data
729 = ubsan_create_data ("__ubsan_out_of_bounds_data", 1, &loc,
730 ubsan_type_descriptor (type, UBSAN_PRINT_ARRAY),
731 ubsan_type_descriptor (orig_index_type),
732 NULL_TREE, NULL_TREE);
733 data = build_fold_addr_expr_loc (loc, data);
734 enum built_in_function bcode
735 = (flag_sanitize_recover & SANITIZE_BOUNDS)
736 ? BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS
737 : BUILT_IN_UBSAN_HANDLE_OUT_OF_BOUNDS_ABORT;
738 tree fn = builtin_decl_explicit (bcode);
739 tree val = force_gimple_operand_gsi (gsi, ubsan_encode_value (index),
740 true, NULL_TREE, true,
741 GSI_SAME_STMT);
742 g = gimple_build_call (fn, 2, data, val);
743 }
744 gimple_set_location (g, loc);
745 gsi_insert_before (gsi, g, GSI_SAME_STMT);
746
747 /* Get rid of the UBSAN_BOUNDS call from the IR. */
748 unlink_stmt_vdef (stmt);
749 gsi_remove (&gsi_orig, true);
750
751 /* Point GSI to next logical statement. */
752 *gsi = gsi_start_bb (fallthru_bb);
753 return true;
754 }
755
756 /* Expand UBSAN_NULL internal call. The type is kept on the ckind
757 argument which is a constant, because the middle-end treats pointer
758 conversions as useless and therefore the type of the first argument
759 could be changed to any other pointer type. */
760
761 bool
762 ubsan_expand_null_ifn (gimple_stmt_iterator *gsip)
763 {
764 gimple_stmt_iterator gsi = *gsip;
765 gimple stmt = gsi_stmt (gsi);
766 location_t loc = gimple_location (stmt);
767 gcc_assert (gimple_call_num_args (stmt) == 3);
768 tree ptr = gimple_call_arg (stmt, 0);
769 tree ckind = gimple_call_arg (stmt, 1);
770 tree align = gimple_call_arg (stmt, 2);
771 tree check_align = NULL_TREE;
772 bool check_null;
773
774 basic_block cur_bb = gsi_bb (gsi);
775
776 gimple g;
777 if (!integer_zerop (align))
778 {
779 unsigned int ptralign = get_pointer_alignment (ptr) / BITS_PER_UNIT;
780 if (compare_tree_int (align, ptralign) == 1)
781 {
782 check_align = make_ssa_name (pointer_sized_int_node);
783 g = gimple_build_assign (check_align, NOP_EXPR, ptr);
784 gimple_set_location (g, loc);
785 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
786 }
787 }
788 check_null = (flag_sanitize & SANITIZE_NULL) != 0;
789
790 if (check_align == NULL_TREE && !check_null)
791 {
792 gsi_remove (gsip, true);
793 /* Unlink the UBSAN_NULLs vops before replacing it. */
794 unlink_stmt_vdef (stmt);
795 return true;
796 }
797
798 /* Split the original block holding the pointer dereference. */
799 edge e = split_block (cur_bb, stmt);
800
801 /* Get a hold on the 'condition block', the 'then block' and the
802 'else block'. */
803 basic_block cond_bb = e->src;
804 basic_block fallthru_bb = e->dest;
805 basic_block then_bb = create_empty_bb (cond_bb);
806 add_bb_to_loop (then_bb, cond_bb->loop_father);
807 loops_state_set (LOOPS_NEED_FIXUP);
808
809 /* Make an edge coming from the 'cond block' into the 'then block';
810 this edge is unlikely taken, so set up the probability accordingly. */
811 e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
812 e->probability = PROB_VERY_UNLIKELY;
813
814 /* Connect 'then block' with the 'else block'. This is needed
815 as the ubsan routines we call in the 'then block' are not noreturn.
816 The 'then block' only has one outcoming edge. */
817 make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
818
819 /* Set up the fallthrough basic block. */
820 e = find_edge (cond_bb, fallthru_bb);
821 e->flags = EDGE_FALSE_VALUE;
822 e->count = cond_bb->count;
823 e->probability = REG_BR_PROB_BASE - PROB_VERY_UNLIKELY;
824
825 /* Update dominance info for the newly created then_bb; note that
826 fallthru_bb's dominance info has already been updated by
827 split_block. */
828 if (dom_info_available_p (CDI_DOMINATORS))
829 set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);
830
831 /* Put the ubsan builtin call into the newly created BB. */
832 if (flag_sanitize_undefined_trap_on_error)
833 g = gimple_build_call (builtin_decl_implicit (BUILT_IN_TRAP), 0);
834 else
835 {
836 enum built_in_function bcode
837 = (flag_sanitize_recover & ((check_align ? SANITIZE_ALIGNMENT : 0)
838 | (check_null ? SANITIZE_NULL : 0)))
839 ? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH
840 : BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_ABORT;
841 tree fn = builtin_decl_implicit (bcode);
842 tree data
843 = ubsan_create_data ("__ubsan_null_data", 1, &loc,
844 ubsan_type_descriptor (TREE_TYPE (ckind),
845 UBSAN_PRINT_POINTER),
846 NULL_TREE,
847 align,
848 fold_convert (unsigned_char_type_node, ckind),
849 NULL_TREE);
850 data = build_fold_addr_expr_loc (loc, data);
851 g = gimple_build_call (fn, 2, data,
852 check_align ? check_align
853 : build_zero_cst (pointer_sized_int_node));
854 }
855 gimple_stmt_iterator gsi2 = gsi_start_bb (then_bb);
856 gimple_set_location (g, loc);
857 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
858
859 /* Unlink the UBSAN_NULLs vops before replacing it. */
860 unlink_stmt_vdef (stmt);
861
862 if (check_null)
863 {
864 g = gimple_build_cond (EQ_EXPR, ptr, build_int_cst (TREE_TYPE (ptr), 0),
865 NULL_TREE, NULL_TREE);
866 gimple_set_location (g, loc);
867
868 /* Replace the UBSAN_NULL with a GIMPLE_COND stmt. */
869 gsi_replace (&gsi, g, false);
870 stmt = g;
871 }
872
873 if (check_align)
874 {
875 if (check_null)
876 {
877 /* Split the block with the condition again. */
878 e = split_block (cond_bb, stmt);
879 basic_block cond1_bb = e->src;
880 basic_block cond2_bb = e->dest;
881
882 /* Make an edge coming from the 'cond1 block' into the 'then block';
883 this edge is unlikely taken, so set up the probability
884 accordingly. */
885 e = make_edge (cond1_bb, then_bb, EDGE_TRUE_VALUE);
886 e->probability = PROB_VERY_UNLIKELY;
887
888 /* Set up the fallthrough basic block. */
889 e = find_edge (cond1_bb, cond2_bb);
890 e->flags = EDGE_FALSE_VALUE;
891 e->count = cond1_bb->count;
892 e->probability = REG_BR_PROB_BASE - PROB_VERY_UNLIKELY;
893
894 /* Update dominance info. */
895 if (dom_info_available_p (CDI_DOMINATORS))
896 {
897 set_immediate_dominator (CDI_DOMINATORS, fallthru_bb, cond1_bb);
898 set_immediate_dominator (CDI_DOMINATORS, then_bb, cond1_bb);
899 }
900
901 gsi2 = gsi_start_bb (cond2_bb);
902 }
903
904 tree mask = build_int_cst (pointer_sized_int_node,
905 tree_to_uhwi (align) - 1);
906 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
907 BIT_AND_EXPR, check_align, mask);
908 gimple_set_location (g, loc);
909 if (check_null)
910 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
911 else
912 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
913
914 g = gimple_build_cond (NE_EXPR, gimple_assign_lhs (g),
915 build_int_cst (pointer_sized_int_node, 0),
916 NULL_TREE, NULL_TREE);
917 gimple_set_location (g, loc);
918 if (check_null)
919 gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
920 else
921 /* Replace the UBSAN_NULL with a GIMPLE_COND stmt. */
922 gsi_replace (&gsi, g, false);
923 }
924 return false;
925 }
926
927 #define OBJSZ_MAX_OFFSET (1024 * 16)
928
929 /* Expand UBSAN_OBJECT_SIZE internal call. */
930
931 bool
932 ubsan_expand_objsize_ifn (gimple_stmt_iterator *gsi)
933 {
934 gimple stmt = gsi_stmt (*gsi);
935 location_t loc = gimple_location (stmt);
936 gcc_assert (gimple_call_num_args (stmt) == 4);
937
938 tree ptr = gimple_call_arg (stmt, 0);
939 tree offset = gimple_call_arg (stmt, 1);
940 tree size = gimple_call_arg (stmt, 2);
941 tree ckind = gimple_call_arg (stmt, 3);
942 gimple_stmt_iterator gsi_orig = *gsi;
943 gimple g;
944
945 /* See if we can discard the check. */
946 if (TREE_CODE (size) != INTEGER_CST
947 || integer_all_onesp (size))
948 /* Yes, __builtin_object_size couldn't determine the
949 object size. */;
950 else if (TREE_CODE (offset) == INTEGER_CST
951 && wi::ges_p (wi::to_widest (offset), -OBJSZ_MAX_OFFSET)
952 && wi::les_p (wi::to_widest (offset), -1))
953 /* The offset is in range [-16K, -1]. */;
954 else
955 {
956 /* if (offset > objsize) */
957 basic_block then_bb, fallthru_bb;
958 gimple_stmt_iterator cond_insert_point
959 = create_cond_insert_point (gsi, false, false, true,
960 &then_bb, &fallthru_bb);
961 g = gimple_build_cond (GT_EXPR, offset, size, NULL_TREE, NULL_TREE);
962 gimple_set_location (g, loc);
963 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
964
965 /* If the offset is small enough, we don't need the second
966 run-time check. */
967 if (TREE_CODE (offset) == INTEGER_CST
968 && wi::ges_p (wi::to_widest (offset), 0)
969 && wi::les_p (wi::to_widest (offset), OBJSZ_MAX_OFFSET))
970 *gsi = gsi_after_labels (then_bb);
971 else
972 {
973 /* Don't issue run-time error if (ptr > ptr + offset). That
974 may happen when computing a POINTER_PLUS_EXPR. */
975 basic_block then2_bb, fallthru2_bb;
976
977 gimple_stmt_iterator gsi2 = gsi_after_labels (then_bb);
978 cond_insert_point = create_cond_insert_point (&gsi2, false, false,
979 true, &then2_bb,
980 &fallthru2_bb);
981 /* Convert the pointer to an integer type. */
982 tree p = make_ssa_name (pointer_sized_int_node);
983 g = gimple_build_assign (p, NOP_EXPR, ptr);
984 gimple_set_location (g, loc);
985 gsi_insert_before (&cond_insert_point, g, GSI_NEW_STMT);
986 p = gimple_assign_lhs (g);
987 /* Compute ptr + offset. */
988 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
989 PLUS_EXPR, p, offset);
990 gimple_set_location (g, loc);
991 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
992 /* Now build the conditional and put it into the IR. */
993 g = gimple_build_cond (LE_EXPR, p, gimple_assign_lhs (g),
994 NULL_TREE, NULL_TREE);
995 gimple_set_location (g, loc);
996 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
997 *gsi = gsi_after_labels (then2_bb);
998 }
999
1000 /* Generate __ubsan_handle_type_mismatch call. */
1001 if (flag_sanitize_undefined_trap_on_error)
1002 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
1003 else
1004 {
1005 tree data
1006 = ubsan_create_data ("__ubsan_objsz_data", 1, &loc,
1007 ubsan_type_descriptor (TREE_TYPE (ptr),
1008 UBSAN_PRINT_POINTER),
1009 NULL_TREE,
1010 build_zero_cst (pointer_sized_int_node),
1011 ckind,
1012 NULL_TREE);
1013 data = build_fold_addr_expr_loc (loc, data);
1014 enum built_in_function bcode
1015 = (flag_sanitize_recover & SANITIZE_OBJECT_SIZE)
1016 ? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH
1017 : BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_ABORT;
1018 tree p = make_ssa_name (pointer_sized_int_node);
1019 g = gimple_build_assign (p, NOP_EXPR, ptr);
1020 gimple_set_location (g, loc);
1021 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1022 g = gimple_build_call (builtin_decl_explicit (bcode), 2, data, p);
1023 }
1024 gimple_set_location (g, loc);
1025 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1026
1027 /* Point GSI to next logical statement. */
1028 *gsi = gsi_start_bb (fallthru_bb);
1029
1030 /* Get rid of the UBSAN_OBJECT_SIZE call from the IR. */
1031 unlink_stmt_vdef (stmt);
1032 gsi_remove (&gsi_orig, true);
1033 return true;
1034 }
1035
1036 /* Get rid of the UBSAN_OBJECT_SIZE call from the IR. */
1037 unlink_stmt_vdef (stmt);
1038 gsi_remove (gsi, true);
1039 return true;
1040 }
1041
1042 /* Cached __ubsan_vptr_type_cache decl. */
1043 static GTY(()) tree ubsan_vptr_type_cache_decl;
1044
1045 /* Expand UBSAN_VPTR internal call. The type is kept on the ckind
1046 argument which is a constant, because the middle-end treats pointer
1047 conversions as useless and therefore the type of the first argument
1048 could be changed to any other pointer type. */
1049
1050 bool
1051 ubsan_expand_vptr_ifn (gimple_stmt_iterator *gsip)
1052 {
1053 gimple_stmt_iterator gsi = *gsip;
1054 gimple stmt = gsi_stmt (gsi);
1055 location_t loc = gimple_location (stmt);
1056 gcc_assert (gimple_call_num_args (stmt) == 5);
1057 tree op = gimple_call_arg (stmt, 0);
1058 tree vptr = gimple_call_arg (stmt, 1);
1059 tree str_hash = gimple_call_arg (stmt, 2);
1060 tree ti_decl_addr = gimple_call_arg (stmt, 3);
1061 tree ckind_tree = gimple_call_arg (stmt, 4);
1062 ubsan_null_ckind ckind = (ubsan_null_ckind) tree_to_uhwi (ckind_tree);
1063 tree type = TREE_TYPE (TREE_TYPE (ckind_tree));
1064 gimple g;
1065 basic_block fallthru_bb = NULL;
1066
1067 if (ckind == UBSAN_DOWNCAST_POINTER)
1068 {
1069 /* Guard everything with if (op != NULL) { ... }. */
1070 basic_block then_bb;
1071 gimple_stmt_iterator cond_insert_point
1072 = create_cond_insert_point (gsip, false, false, true,
1073 &then_bb, &fallthru_bb);
1074 g = gimple_build_cond (NE_EXPR, op, build_zero_cst (TREE_TYPE (op)),
1075 NULL_TREE, NULL_TREE);
1076 gimple_set_location (g, loc);
1077 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
1078 *gsip = gsi_after_labels (then_bb);
1079 gsi_remove (&gsi, false);
1080 gsi_insert_before (gsip, stmt, GSI_NEW_STMT);
1081 gsi = *gsip;
1082 }
1083
1084 tree htype = TREE_TYPE (str_hash);
1085 tree cst = wide_int_to_tree (htype,
1086 wi::uhwi (((uint64_t) 0x9ddfea08 << 32)
1087 | 0xeb382d69, 64));
1088 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1089 vptr, str_hash);
1090 gimple_set_location (g, loc);
1091 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1092 g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
1093 gimple_assign_lhs (g), cst);
1094 gimple_set_location (g, loc);
1095 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1096 tree t1 = gimple_assign_lhs (g);
1097 g = gimple_build_assign (make_ssa_name (htype), LSHIFT_EXPR,
1098 t1, build_int_cst (integer_type_node, 47));
1099 gimple_set_location (g, loc);
1100 tree t2 = gimple_assign_lhs (g);
1101 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1102 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1103 vptr, t1);
1104 gimple_set_location (g, loc);
1105 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1106 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1107 t2, gimple_assign_lhs (g));
1108 gimple_set_location (g, loc);
1109 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1110 g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
1111 gimple_assign_lhs (g), cst);
1112 gimple_set_location (g, loc);
1113 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1114 tree t3 = gimple_assign_lhs (g);
1115 g = gimple_build_assign (make_ssa_name (htype), LSHIFT_EXPR,
1116 t3, build_int_cst (integer_type_node, 47));
1117 gimple_set_location (g, loc);
1118 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1119 g = gimple_build_assign (make_ssa_name (htype), BIT_XOR_EXPR,
1120 t3, gimple_assign_lhs (g));
1121 gimple_set_location (g, loc);
1122 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1123 g = gimple_build_assign (make_ssa_name (htype), MULT_EXPR,
1124 gimple_assign_lhs (g), cst);
1125 gimple_set_location (g, loc);
1126 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1127 if (!useless_type_conversion_p (pointer_sized_int_node, htype))
1128 {
1129 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
1130 NOP_EXPR, gimple_assign_lhs (g));
1131 gimple_set_location (g, loc);
1132 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1133 }
1134 tree hash = gimple_assign_lhs (g);
1135
1136 if (ubsan_vptr_type_cache_decl == NULL_TREE)
1137 {
1138 tree atype = build_array_type_nelts (pointer_sized_int_node, 128);
1139 tree array = build_decl (UNKNOWN_LOCATION, VAR_DECL,
1140 get_identifier ("__ubsan_vptr_type_cache"),
1141 atype);
1142 DECL_ARTIFICIAL (array) = 1;
1143 DECL_IGNORED_P (array) = 1;
1144 TREE_PUBLIC (array) = 1;
1145 TREE_STATIC (array) = 1;
1146 DECL_EXTERNAL (array) = 1;
1147 DECL_VISIBILITY (array) = VISIBILITY_DEFAULT;
1148 DECL_VISIBILITY_SPECIFIED (array) = 1;
1149 varpool_node::finalize_decl (array);
1150 ubsan_vptr_type_cache_decl = array;
1151 }
1152
1153 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
1154 BIT_AND_EXPR, hash,
1155 build_int_cst (pointer_sized_int_node, 127));
1156 gimple_set_location (g, loc);
1157 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1158
1159 tree c = build4_loc (loc, ARRAY_REF, pointer_sized_int_node,
1160 ubsan_vptr_type_cache_decl, gimple_assign_lhs (g),
1161 NULL_TREE, NULL_TREE);
1162 g = gimple_build_assign (make_ssa_name (pointer_sized_int_node),
1163 ARRAY_REF, c);
1164 gimple_set_location (g, loc);
1165 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1166
1167 basic_block then_bb, fallthru2_bb;
1168 gimple_stmt_iterator cond_insert_point
1169 = create_cond_insert_point (gsip, false, false, true,
1170 &then_bb, &fallthru2_bb);
1171 g = gimple_build_cond (NE_EXPR, gimple_assign_lhs (g), hash,
1172 NULL_TREE, NULL_TREE);
1173 gimple_set_location (g, loc);
1174 gsi_insert_after (&cond_insert_point, g, GSI_NEW_STMT);
1175 *gsip = gsi_after_labels (then_bb);
1176 if (fallthru_bb == NULL)
1177 fallthru_bb = fallthru2_bb;
1178
1179 tree data
1180 = ubsan_create_data ("__ubsan_vptr_data", 1, &loc,
1181 ubsan_type_descriptor (type), NULL_TREE, ti_decl_addr,
1182 build_int_cst (unsigned_char_type_node, ckind),
1183 NULL_TREE);
1184 data = build_fold_addr_expr_loc (loc, data);
1185 enum built_in_function bcode
1186 = (flag_sanitize_recover & SANITIZE_VPTR)
1187 ? BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS
1188 : BUILT_IN_UBSAN_HANDLE_DYNAMIC_TYPE_CACHE_MISS_ABORT;
1189
1190 g = gimple_build_call (builtin_decl_explicit (bcode), 3, data, op, hash);
1191 gimple_set_location (g, loc);
1192 gsi_insert_before (gsip, g, GSI_SAME_STMT);
1193
1194 /* Point GSI to next logical statement. */
1195 *gsip = gsi_start_bb (fallthru_bb);
1196
1197 /* Get rid of the UBSAN_VPTR call from the IR. */
1198 unlink_stmt_vdef (stmt);
1199 gsi_remove (&gsi, true);
1200 return true;
1201 }
1202
1203 /* Instrument a memory reference. BASE is the base of MEM, IS_LHS says
1204 whether the pointer is on the left hand side of the assignment. */
1205
1206 static void
1207 instrument_mem_ref (tree mem, tree base, gimple_stmt_iterator *iter,
1208 bool is_lhs)
1209 {
1210 enum ubsan_null_ckind ikind = is_lhs ? UBSAN_STORE_OF : UBSAN_LOAD_OF;
1211 unsigned int align = 0;
1212 if (flag_sanitize & SANITIZE_ALIGNMENT)
1213 {
1214 align = min_align_of_type (TREE_TYPE (base));
1215 if (align <= 1)
1216 align = 0;
1217 }
1218 if (align == 0 && (flag_sanitize & SANITIZE_NULL) == 0)
1219 return;
1220 tree t = TREE_OPERAND (base, 0);
1221 if (!POINTER_TYPE_P (TREE_TYPE (t)))
1222 return;
1223 if (RECORD_OR_UNION_TYPE_P (TREE_TYPE (base)) && mem != base)
1224 ikind = UBSAN_MEMBER_ACCESS;
1225 tree kind = build_int_cst (build_pointer_type (TREE_TYPE (base)), ikind);
1226 tree alignt = build_int_cst (pointer_sized_int_node, align);
1227 gcall *g = gimple_build_call_internal (IFN_UBSAN_NULL, 3, t, kind, alignt);
1228 gimple_set_location (g, gimple_location (gsi_stmt (*iter)));
1229 gsi_insert_before (iter, g, GSI_SAME_STMT);
1230 }
1231
1232 /* Perform the pointer instrumentation. */
1233
1234 static void
1235 instrument_null (gimple_stmt_iterator gsi, bool is_lhs)
1236 {
1237 gimple stmt = gsi_stmt (gsi);
1238 tree t = is_lhs ? gimple_get_lhs (stmt) : gimple_assign_rhs1 (stmt);
1239 tree base = get_base_address (t);
1240 const enum tree_code code = TREE_CODE (base);
1241 if (code == MEM_REF
1242 && TREE_CODE (TREE_OPERAND (base, 0)) == SSA_NAME)
1243 instrument_mem_ref (t, base, &gsi, is_lhs);
1244 }
1245
1246 /* Build an ubsan builtin call for the signed-integer-overflow
1247 sanitization. CODE says what kind of builtin are we building,
1248 LOC is a location, LHSTYPE is the type of LHS, OP0 and OP1
1249 are operands of the binary operation. */
1250
1251 tree
1252 ubsan_build_overflow_builtin (tree_code code, location_t loc, tree lhstype,
1253 tree op0, tree op1)
1254 {
1255 if (flag_sanitize_undefined_trap_on_error)
1256 return build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
1257
1258 tree data = ubsan_create_data ("__ubsan_overflow_data", 1, &loc,
1259 ubsan_type_descriptor (lhstype), NULL_TREE,
1260 NULL_TREE);
1261 enum built_in_function fn_code;
1262
1263 switch (code)
1264 {
1265 case PLUS_EXPR:
1266 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1267 ? BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW
1268 : BUILT_IN_UBSAN_HANDLE_ADD_OVERFLOW_ABORT;
1269 break;
1270 case MINUS_EXPR:
1271 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1272 ? BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW
1273 : BUILT_IN_UBSAN_HANDLE_SUB_OVERFLOW_ABORT;
1274 break;
1275 case MULT_EXPR:
1276 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1277 ? BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW
1278 : BUILT_IN_UBSAN_HANDLE_MUL_OVERFLOW_ABORT;
1279 break;
1280 case NEGATE_EXPR:
1281 fn_code = (flag_sanitize_recover & SANITIZE_SI_OVERFLOW)
1282 ? BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW
1283 : BUILT_IN_UBSAN_HANDLE_NEGATE_OVERFLOW_ABORT;
1284 break;
1285 default:
1286 gcc_unreachable ();
1287 }
1288 tree fn = builtin_decl_explicit (fn_code);
1289 return build_call_expr_loc (loc, fn, 2 + (code != NEGATE_EXPR),
1290 build_fold_addr_expr_loc (loc, data),
1291 ubsan_encode_value (op0, true),
1292 op1 ? ubsan_encode_value (op1, true)
1293 : NULL_TREE);
1294 }
1295
1296 /* Perform the signed integer instrumentation. GSI is the iterator
1297 pointing at statement we are trying to instrument. */
1298
1299 static void
1300 instrument_si_overflow (gimple_stmt_iterator gsi)
1301 {
1302 gimple stmt = gsi_stmt (gsi);
1303 tree_code code = gimple_assign_rhs_code (stmt);
1304 tree lhs = gimple_assign_lhs (stmt);
1305 tree lhstype = TREE_TYPE (lhs);
1306 tree a, b;
1307 gimple g;
1308
1309 /* If this is not a signed operation, don't instrument anything here.
1310 Also punt on bit-fields. */
1311 if (!INTEGRAL_TYPE_P (lhstype)
1312 || TYPE_OVERFLOW_WRAPS (lhstype)
1313 || GET_MODE_BITSIZE (TYPE_MODE (lhstype)) != TYPE_PRECISION (lhstype))
1314 return;
1315
1316 switch (code)
1317 {
1318 case MINUS_EXPR:
1319 case PLUS_EXPR:
1320 case MULT_EXPR:
1321 /* Transform
1322 i = u {+,-,*} 5;
1323 into
1324 i = UBSAN_CHECK_{ADD,SUB,MUL} (u, 5); */
1325 a = gimple_assign_rhs1 (stmt);
1326 b = gimple_assign_rhs2 (stmt);
1327 g = gimple_build_call_internal (code == PLUS_EXPR
1328 ? IFN_UBSAN_CHECK_ADD
1329 : code == MINUS_EXPR
1330 ? IFN_UBSAN_CHECK_SUB
1331 : IFN_UBSAN_CHECK_MUL, 2, a, b);
1332 gimple_call_set_lhs (g, lhs);
1333 gsi_replace (&gsi, g, false);
1334 break;
1335 case NEGATE_EXPR:
1336 /* Represent i = -u;
1337 as
1338 i = UBSAN_CHECK_SUB (0, u); */
1339 a = build_int_cst (lhstype, 0);
1340 b = gimple_assign_rhs1 (stmt);
1341 g = gimple_build_call_internal (IFN_UBSAN_CHECK_SUB, 2, a, b);
1342 gimple_call_set_lhs (g, lhs);
1343 gsi_replace (&gsi, g, false);
1344 break;
1345 case ABS_EXPR:
1346 /* Transform i = ABS_EXPR<u>;
1347 into
1348 _N = UBSAN_CHECK_SUB (0, u);
1349 i = ABS_EXPR<_N>; */
1350 a = build_int_cst (lhstype, 0);
1351 b = gimple_assign_rhs1 (stmt);
1352 g = gimple_build_call_internal (IFN_UBSAN_CHECK_SUB, 2, a, b);
1353 a = make_ssa_name (lhstype);
1354 gimple_call_set_lhs (g, a);
1355 gimple_set_location (g, gimple_location (stmt));
1356 gsi_insert_before (&gsi, g, GSI_SAME_STMT);
1357 gimple_assign_set_rhs1 (stmt, a);
1358 update_stmt (stmt);
1359 break;
1360 default:
1361 break;
1362 }
1363 }
1364
1365 /* Instrument loads from (non-bitfield) bool and C++ enum values
1366 to check if the memory value is outside of the range of the valid
1367 type values. */
1368
1369 static void
1370 instrument_bool_enum_load (gimple_stmt_iterator *gsi)
1371 {
1372 gimple stmt = gsi_stmt (*gsi);
1373 tree rhs = gimple_assign_rhs1 (stmt);
1374 tree type = TREE_TYPE (rhs);
1375 tree minv = NULL_TREE, maxv = NULL_TREE;
1376
1377 if (TREE_CODE (type) == BOOLEAN_TYPE && (flag_sanitize & SANITIZE_BOOL))
1378 {
1379 minv = boolean_false_node;
1380 maxv = boolean_true_node;
1381 }
1382 else if (TREE_CODE (type) == ENUMERAL_TYPE
1383 && (flag_sanitize & SANITIZE_ENUM)
1384 && TREE_TYPE (type) != NULL_TREE
1385 && TREE_CODE (TREE_TYPE (type)) == INTEGER_TYPE
1386 && (TYPE_PRECISION (TREE_TYPE (type))
1387 < GET_MODE_PRECISION (TYPE_MODE (type))))
1388 {
1389 minv = TYPE_MIN_VALUE (TREE_TYPE (type));
1390 maxv = TYPE_MAX_VALUE (TREE_TYPE (type));
1391 }
1392 else
1393 return;
1394
1395 int modebitsize = GET_MODE_BITSIZE (TYPE_MODE (type));
1396 HOST_WIDE_INT bitsize, bitpos;
1397 tree offset;
1398 machine_mode mode;
1399 int volatilep = 0, unsignedp = 0;
1400 tree base = get_inner_reference (rhs, &bitsize, &bitpos, &offset, &mode,
1401 &unsignedp, &volatilep, false);
1402 tree utype = build_nonstandard_integer_type (modebitsize, 1);
1403
1404 if ((TREE_CODE (base) == VAR_DECL && DECL_HARD_REGISTER (base))
1405 || (bitpos % modebitsize) != 0
1406 || bitsize != modebitsize
1407 || GET_MODE_BITSIZE (TYPE_MODE (utype)) != modebitsize
1408 || TREE_CODE (gimple_assign_lhs (stmt)) != SSA_NAME)
1409 return;
1410
1411 bool ends_bb = stmt_ends_bb_p (stmt);
1412 location_t loc = gimple_location (stmt);
1413 tree lhs = gimple_assign_lhs (stmt);
1414 tree ptype = build_pointer_type (TREE_TYPE (rhs));
1415 tree atype = reference_alias_ptr_type (rhs);
1416 gimple g = gimple_build_assign (make_ssa_name (ptype),
1417 build_fold_addr_expr (rhs));
1418 gimple_set_location (g, loc);
1419 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1420 tree mem = build2 (MEM_REF, utype, gimple_assign_lhs (g),
1421 build_int_cst (atype, 0));
1422 tree urhs = make_ssa_name (utype);
1423 if (ends_bb)
1424 {
1425 gimple_assign_set_lhs (stmt, urhs);
1426 g = gimple_build_assign (lhs, NOP_EXPR, urhs);
1427 gimple_set_location (g, loc);
1428 edge e = find_fallthru_edge (gimple_bb (stmt)->succs);
1429 gsi_insert_on_edge_immediate (e, g);
1430 gimple_assign_set_rhs_from_tree (gsi, mem);
1431 update_stmt (stmt);
1432 *gsi = gsi_for_stmt (g);
1433 g = stmt;
1434 }
1435 else
1436 {
1437 g = gimple_build_assign (urhs, mem);
1438 gimple_set_location (g, loc);
1439 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1440 }
1441 minv = fold_convert (utype, minv);
1442 maxv = fold_convert (utype, maxv);
1443 if (!integer_zerop (minv))
1444 {
1445 g = gimple_build_assign (make_ssa_name (utype), MINUS_EXPR, urhs, minv);
1446 gimple_set_location (g, loc);
1447 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1448 }
1449
1450 gimple_stmt_iterator gsi2 = *gsi;
1451 basic_block then_bb, fallthru_bb;
1452 *gsi = create_cond_insert_point (gsi, true, false, true,
1453 &then_bb, &fallthru_bb);
1454 g = gimple_build_cond (GT_EXPR, gimple_assign_lhs (g),
1455 int_const_binop (MINUS_EXPR, maxv, minv),
1456 NULL_TREE, NULL_TREE);
1457 gimple_set_location (g, loc);
1458 gsi_insert_after (gsi, g, GSI_NEW_STMT);
1459
1460 if (!ends_bb)
1461 {
1462 gimple_assign_set_rhs_with_ops (&gsi2, NOP_EXPR, urhs);
1463 update_stmt (stmt);
1464 }
1465
1466 gsi2 = gsi_after_labels (then_bb);
1467 if (flag_sanitize_undefined_trap_on_error)
1468 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
1469 else
1470 {
1471 tree data = ubsan_create_data ("__ubsan_invalid_value_data", 1, &loc,
1472 ubsan_type_descriptor (type), NULL_TREE,
1473 NULL_TREE);
1474 data = build_fold_addr_expr_loc (loc, data);
1475 enum built_in_function bcode
1476 = (flag_sanitize_recover & (TREE_CODE (type) == BOOLEAN_TYPE
1477 ? SANITIZE_BOOL : SANITIZE_ENUM))
1478 ? BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE
1479 : BUILT_IN_UBSAN_HANDLE_LOAD_INVALID_VALUE_ABORT;
1480 tree fn = builtin_decl_explicit (bcode);
1481
1482 tree val = force_gimple_operand_gsi (&gsi2, ubsan_encode_value (urhs),
1483 true, NULL_TREE, true,
1484 GSI_SAME_STMT);
1485 g = gimple_build_call (fn, 2, data, val);
1486 }
1487 gimple_set_location (g, loc);
1488 gsi_insert_before (&gsi2, g, GSI_SAME_STMT);
1489 ubsan_create_edge (g);
1490 *gsi = gsi_for_stmt (stmt);
1491 }
1492
1493 /* Instrument float point-to-integer conversion. TYPE is an integer type of
1494 destination, EXPR is floating-point expression. ARG is what to pass
1495 the libubsan call as value, often EXPR itself. */
1496
1497 tree
1498 ubsan_instrument_float_cast (location_t loc, tree type, tree expr, tree arg)
1499 {
1500 tree expr_type = TREE_TYPE (expr);
1501 tree t, tt, fn, min, max;
1502 machine_mode mode = TYPE_MODE (expr_type);
1503 int prec = TYPE_PRECISION (type);
1504 bool uns_p = TYPE_UNSIGNED (type);
1505
1506 /* Float to integer conversion first truncates toward zero, so
1507 even signed char c = 127.875f; is not problematic.
1508 Therefore, we should complain only if EXPR is unordered or smaller
1509 or equal than TYPE_MIN_VALUE - 1.0 or greater or equal than
1510 TYPE_MAX_VALUE + 1.0. */
1511 if (REAL_MODE_FORMAT (mode)->b == 2)
1512 {
1513 /* For maximum, TYPE_MAX_VALUE might not be representable
1514 in EXPR_TYPE, e.g. if TYPE is 64-bit long long and
1515 EXPR_TYPE is IEEE single float, but TYPE_MAX_VALUE + 1.0 is
1516 either representable or infinity. */
1517 REAL_VALUE_TYPE maxval = dconst1;
1518 SET_REAL_EXP (&maxval, REAL_EXP (&maxval) + prec - !uns_p);
1519 real_convert (&maxval, mode, &maxval);
1520 max = build_real (expr_type, maxval);
1521
1522 /* For unsigned, assume -1.0 is always representable. */
1523 if (uns_p)
1524 min = build_minus_one_cst (expr_type);
1525 else
1526 {
1527 /* TYPE_MIN_VALUE is generally representable (or -inf),
1528 but TYPE_MIN_VALUE - 1.0 might not be. */
1529 REAL_VALUE_TYPE minval = dconstm1, minval2;
1530 SET_REAL_EXP (&minval, REAL_EXP (&minval) + prec - 1);
1531 real_convert (&minval, mode, &minval);
1532 real_arithmetic (&minval2, MINUS_EXPR, &minval, &dconst1);
1533 real_convert (&minval2, mode, &minval2);
1534 if (real_compare (EQ_EXPR, &minval, &minval2)
1535 && !real_isinf (&minval))
1536 {
1537 /* If TYPE_MIN_VALUE - 1.0 is not representable and
1538 rounds to TYPE_MIN_VALUE, we need to subtract
1539 more. As REAL_MODE_FORMAT (mode)->p is the number
1540 of base digits, we want to subtract a number that
1541 will be 1 << (REAL_MODE_FORMAT (mode)->p - 1)
1542 times smaller than minval. */
1543 minval2 = dconst1;
1544 gcc_assert (prec > REAL_MODE_FORMAT (mode)->p);
1545 SET_REAL_EXP (&minval2,
1546 REAL_EXP (&minval2) + prec - 1
1547 - REAL_MODE_FORMAT (mode)->p + 1);
1548 real_arithmetic (&minval2, MINUS_EXPR, &minval, &minval2);
1549 real_convert (&minval2, mode, &minval2);
1550 }
1551 min = build_real (expr_type, minval2);
1552 }
1553 }
1554 else if (REAL_MODE_FORMAT (mode)->b == 10)
1555 {
1556 /* For _Decimal128 up to 34 decimal digits, - sign,
1557 dot, e, exponent. */
1558 char buf[64];
1559 mpfr_t m;
1560 int p = REAL_MODE_FORMAT (mode)->p;
1561 REAL_VALUE_TYPE maxval, minval;
1562
1563 /* Use mpfr_snprintf rounding to compute the smallest
1564 representable decimal number greater or equal than
1565 1 << (prec - !uns_p). */
1566 mpfr_init2 (m, prec + 2);
1567 mpfr_set_ui_2exp (m, 1, prec - !uns_p, GMP_RNDN);
1568 mpfr_snprintf (buf, sizeof buf, "%.*RUe", p - 1, m);
1569 decimal_real_from_string (&maxval, buf);
1570 max = build_real (expr_type, maxval);
1571
1572 /* For unsigned, assume -1.0 is always representable. */
1573 if (uns_p)
1574 min = build_minus_one_cst (expr_type);
1575 else
1576 {
1577 /* Use mpfr_snprintf rounding to compute the largest
1578 representable decimal number less or equal than
1579 (-1 << (prec - 1)) - 1. */
1580 mpfr_set_si_2exp (m, -1, prec - 1, GMP_RNDN);
1581 mpfr_sub_ui (m, m, 1, GMP_RNDN);
1582 mpfr_snprintf (buf, sizeof buf, "%.*RDe", p - 1, m);
1583 decimal_real_from_string (&minval, buf);
1584 min = build_real (expr_type, minval);
1585 }
1586 mpfr_clear (m);
1587 }
1588 else
1589 return NULL_TREE;
1590
1591 t = fold_build2 (UNLE_EXPR, boolean_type_node, expr, min);
1592 tt = fold_build2 (UNGE_EXPR, boolean_type_node, expr, max);
1593 t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t, tt);
1594 if (integer_zerop (t))
1595 return NULL_TREE;
1596
1597 if (flag_sanitize_undefined_trap_on_error)
1598 fn = build_call_expr_loc (loc, builtin_decl_explicit (BUILT_IN_TRAP), 0);
1599 else
1600 {
1601 /* Create the __ubsan_handle_float_cast_overflow fn call. */
1602 tree data = ubsan_create_data ("__ubsan_float_cast_overflow_data", 0,
1603 NULL, ubsan_type_descriptor (expr_type),
1604 ubsan_type_descriptor (type), NULL_TREE,
1605 NULL_TREE);
1606 enum built_in_function bcode
1607 = (flag_sanitize_recover & SANITIZE_FLOAT_CAST)
1608 ? BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW
1609 : BUILT_IN_UBSAN_HANDLE_FLOAT_CAST_OVERFLOW_ABORT;
1610 fn = builtin_decl_explicit (bcode);
1611 fn = build_call_expr_loc (loc, fn, 2,
1612 build_fold_addr_expr_loc (loc, data),
1613 ubsan_encode_value (arg, false));
1614 }
1615
1616 return fold_build3 (COND_EXPR, void_type_node, t, fn, integer_zero_node);
1617 }
1618
1619 /* Instrument values passed to function arguments with nonnull attribute. */
1620
1621 static void
1622 instrument_nonnull_arg (gimple_stmt_iterator *gsi)
1623 {
1624 gimple stmt = gsi_stmt (*gsi);
1625 location_t loc[2];
1626 /* infer_nonnull_range needs flag_delete_null_pointer_checks set,
1627 while for nonnull sanitization it is clear. */
1628 int save_flag_delete_null_pointer_checks = flag_delete_null_pointer_checks;
1629 flag_delete_null_pointer_checks = 1;
1630 loc[0] = gimple_location (stmt);
1631 loc[1] = UNKNOWN_LOCATION;
1632 for (unsigned int i = 0; i < gimple_call_num_args (stmt); i++)
1633 {
1634 tree arg = gimple_call_arg (stmt, i);
1635 if (POINTER_TYPE_P (TREE_TYPE (arg))
1636 && infer_nonnull_range (stmt, arg, false, true))
1637 {
1638 gimple g;
1639 if (!is_gimple_val (arg))
1640 {
1641 g = gimple_build_assign (make_ssa_name (TREE_TYPE (arg)), arg);
1642 gimple_set_location (g, loc[0]);
1643 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1644 arg = gimple_assign_lhs (g);
1645 }
1646
1647 basic_block then_bb, fallthru_bb;
1648 *gsi = create_cond_insert_point (gsi, true, false, true,
1649 &then_bb, &fallthru_bb);
1650 g = gimple_build_cond (EQ_EXPR, arg,
1651 build_zero_cst (TREE_TYPE (arg)),
1652 NULL_TREE, NULL_TREE);
1653 gimple_set_location (g, loc[0]);
1654 gsi_insert_after (gsi, g, GSI_NEW_STMT);
1655
1656 *gsi = gsi_after_labels (then_bb);
1657 if (flag_sanitize_undefined_trap_on_error)
1658 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
1659 else
1660 {
1661 tree data = ubsan_create_data ("__ubsan_nonnull_arg_data",
1662 2, loc, NULL_TREE,
1663 build_int_cst (integer_type_node,
1664 i + 1),
1665 NULL_TREE);
1666 data = build_fold_addr_expr_loc (loc[0], data);
1667 enum built_in_function bcode
1668 = (flag_sanitize_recover & SANITIZE_NONNULL_ATTRIBUTE)
1669 ? BUILT_IN_UBSAN_HANDLE_NONNULL_ARG
1670 : BUILT_IN_UBSAN_HANDLE_NONNULL_ARG_ABORT;
1671 tree fn = builtin_decl_explicit (bcode);
1672
1673 g = gimple_build_call (fn, 1, data);
1674 }
1675 gimple_set_location (g, loc[0]);
1676 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1677 ubsan_create_edge (g);
1678 }
1679 *gsi = gsi_for_stmt (stmt);
1680 }
1681 flag_delete_null_pointer_checks = save_flag_delete_null_pointer_checks;
1682 }
1683
1684 /* Instrument returns in functions with returns_nonnull attribute. */
1685
1686 static void
1687 instrument_nonnull_return (gimple_stmt_iterator *gsi)
1688 {
1689 greturn *stmt = as_a <greturn *> (gsi_stmt (*gsi));
1690 location_t loc[2];
1691 tree arg = gimple_return_retval (stmt);
1692 /* infer_nonnull_range needs flag_delete_null_pointer_checks set,
1693 while for nonnull return sanitization it is clear. */
1694 int save_flag_delete_null_pointer_checks = flag_delete_null_pointer_checks;
1695 flag_delete_null_pointer_checks = 1;
1696 loc[0] = gimple_location (stmt);
1697 loc[1] = UNKNOWN_LOCATION;
1698 if (arg
1699 && POINTER_TYPE_P (TREE_TYPE (arg))
1700 && is_gimple_val (arg)
1701 && infer_nonnull_range (stmt, arg, false, true))
1702 {
1703 basic_block then_bb, fallthru_bb;
1704 *gsi = create_cond_insert_point (gsi, true, false, true,
1705 &then_bb, &fallthru_bb);
1706 gimple g = gimple_build_cond (EQ_EXPR, arg,
1707 build_zero_cst (TREE_TYPE (arg)),
1708 NULL_TREE, NULL_TREE);
1709 gimple_set_location (g, loc[0]);
1710 gsi_insert_after (gsi, g, GSI_NEW_STMT);
1711
1712 *gsi = gsi_after_labels (then_bb);
1713 if (flag_sanitize_undefined_trap_on_error)
1714 g = gimple_build_call (builtin_decl_explicit (BUILT_IN_TRAP), 0);
1715 else
1716 {
1717 tree data = ubsan_create_data ("__ubsan_nonnull_return_data",
1718 2, loc, NULL_TREE, NULL_TREE);
1719 data = build_fold_addr_expr_loc (loc[0], data);
1720 enum built_in_function bcode
1721 = (flag_sanitize_recover & SANITIZE_RETURNS_NONNULL_ATTRIBUTE)
1722 ? BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN
1723 : BUILT_IN_UBSAN_HANDLE_NONNULL_RETURN_ABORT;
1724 tree fn = builtin_decl_explicit (bcode);
1725
1726 g = gimple_build_call (fn, 1, data);
1727 }
1728 gimple_set_location (g, loc[0]);
1729 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1730 ubsan_create_edge (g);
1731 *gsi = gsi_for_stmt (stmt);
1732 }
1733 flag_delete_null_pointer_checks = save_flag_delete_null_pointer_checks;
1734 }
1735
1736 /* Instrument memory references. Here we check whether the pointer
1737 points to an out-of-bounds location. */
1738
1739 static void
1740 instrument_object_size (gimple_stmt_iterator *gsi, bool is_lhs)
1741 {
1742 gimple stmt = gsi_stmt (*gsi);
1743 location_t loc = gimple_location (stmt);
1744 tree t = is_lhs ? gimple_get_lhs (stmt) : gimple_assign_rhs1 (stmt);
1745 tree type;
1746 tree index = NULL_TREE;
1747 HOST_WIDE_INT size_in_bytes;
1748
1749 type = TREE_TYPE (t);
1750 if (VOID_TYPE_P (type))
1751 return;
1752
1753 switch (TREE_CODE (t))
1754 {
1755 case COMPONENT_REF:
1756 if (TREE_CODE (t) == COMPONENT_REF
1757 && DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1)) != NULL_TREE)
1758 {
1759 tree repr = DECL_BIT_FIELD_REPRESENTATIVE (TREE_OPERAND (t, 1));
1760 t = build3 (COMPONENT_REF, TREE_TYPE (repr), TREE_OPERAND (t, 0),
1761 repr, NULL_TREE);
1762 }
1763 break;
1764 case ARRAY_REF:
1765 index = TREE_OPERAND (t, 1);
1766 break;
1767 case INDIRECT_REF:
1768 case MEM_REF:
1769 case VAR_DECL:
1770 case PARM_DECL:
1771 case RESULT_DECL:
1772 break;
1773 default:
1774 return;
1775 }
1776
1777 size_in_bytes = int_size_in_bytes (type);
1778 if (size_in_bytes <= 0)
1779 return;
1780
1781 HOST_WIDE_INT bitsize, bitpos;
1782 tree offset;
1783 machine_mode mode;
1784 int volatilep = 0, unsignedp = 0;
1785 tree inner = get_inner_reference (t, &bitsize, &bitpos, &offset, &mode,
1786 &unsignedp, &volatilep, false);
1787
1788 if (bitpos % BITS_PER_UNIT != 0
1789 || bitsize != size_in_bytes * BITS_PER_UNIT)
1790 return;
1791
1792 bool decl_p = DECL_P (inner);
1793 tree base;
1794 if (decl_p)
1795 base = inner;
1796 else if (TREE_CODE (inner) == MEM_REF)
1797 base = TREE_OPERAND (inner, 0);
1798 else
1799 return;
1800 tree ptr = build1 (ADDR_EXPR, build_pointer_type (TREE_TYPE (t)), t);
1801
1802 while (TREE_CODE (base) == SSA_NAME)
1803 {
1804 gimple def_stmt = SSA_NAME_DEF_STMT (base);
1805 if (gimple_assign_ssa_name_copy_p (def_stmt)
1806 || (gimple_assign_cast_p (def_stmt)
1807 && POINTER_TYPE_P (TREE_TYPE (gimple_assign_rhs1 (def_stmt))))
1808 || (is_gimple_assign (def_stmt)
1809 && gimple_assign_rhs_code (def_stmt) == POINTER_PLUS_EXPR))
1810 {
1811 tree rhs1 = gimple_assign_rhs1 (def_stmt);
1812 if (TREE_CODE (rhs1) == SSA_NAME
1813 && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (rhs1))
1814 break;
1815 else
1816 base = rhs1;
1817 }
1818 else
1819 break;
1820 }
1821
1822 if (!POINTER_TYPE_P (TREE_TYPE (base)) && !DECL_P (base))
1823 return;
1824
1825 tree sizet;
1826 tree base_addr = base;
1827 gimple bos_stmt = NULL;
1828 if (decl_p)
1829 base_addr = build1 (ADDR_EXPR,
1830 build_pointer_type (TREE_TYPE (base)), base);
1831 unsigned HOST_WIDE_INT size = compute_builtin_object_size (base_addr, 0);
1832 if (size != (unsigned HOST_WIDE_INT) -1)
1833 sizet = build_int_cst (sizetype, size);
1834 else if (optimize)
1835 {
1836 if (LOCATION_LOCUS (loc) == UNKNOWN_LOCATION)
1837 loc = input_location;
1838 /* Generate __builtin_object_size call. */
1839 sizet = builtin_decl_explicit (BUILT_IN_OBJECT_SIZE);
1840 sizet = build_call_expr_loc (loc, sizet, 2, base_addr,
1841 integer_zero_node);
1842 sizet = force_gimple_operand_gsi (gsi, sizet, false, NULL_TREE, true,
1843 GSI_SAME_STMT);
1844 /* If the call above didn't end up being an integer constant, go one
1845 statement back and get the __builtin_object_size stmt. Save it,
1846 we might need it later. */
1847 if (SSA_VAR_P (sizet))
1848 {
1849 gsi_prev (gsi);
1850 bos_stmt = gsi_stmt (*gsi);
1851
1852 /* Move on to where we were. */
1853 gsi_next (gsi);
1854 }
1855 }
1856 else
1857 return;
1858
1859 /* Generate UBSAN_OBJECT_SIZE (ptr, ptr+sizeof(*ptr)-base, objsize, ckind)
1860 call. */
1861 /* ptr + sizeof (*ptr) - base */
1862 t = fold_build2 (MINUS_EXPR, sizetype,
1863 fold_convert (pointer_sized_int_node, ptr),
1864 fold_convert (pointer_sized_int_node, base_addr));
1865 t = fold_build2 (PLUS_EXPR, sizetype, t, TYPE_SIZE_UNIT (type));
1866
1867 /* Perhaps we can omit the check. */
1868 if (TREE_CODE (t) == INTEGER_CST
1869 && TREE_CODE (sizet) == INTEGER_CST
1870 && tree_int_cst_le (t, sizet))
1871 return;
1872
1873 if (index != NULL_TREE
1874 && TREE_CODE (index) == SSA_NAME
1875 && TREE_CODE (sizet) == INTEGER_CST)
1876 {
1877 gimple def = SSA_NAME_DEF_STMT (index);
1878 if (is_gimple_assign (def)
1879 && gimple_assign_rhs_code (def) == BIT_AND_EXPR
1880 && TREE_CODE (gimple_assign_rhs2 (def)) == INTEGER_CST)
1881 {
1882 tree cst = gimple_assign_rhs2 (def);
1883 tree sz = fold_build2 (EXACT_DIV_EXPR, sizetype, sizet,
1884 TYPE_SIZE_UNIT (type));
1885 if (tree_int_cst_sgn (cst) >= 0
1886 && tree_int_cst_lt (cst, sz))
1887 return;
1888 }
1889 }
1890
1891 if (bos_stmt && gimple_call_builtin_p (bos_stmt, BUILT_IN_OBJECT_SIZE))
1892 ubsan_create_edge (bos_stmt);
1893
1894 /* We have to emit the check. */
1895 t = force_gimple_operand_gsi (gsi, t, true, NULL_TREE, true,
1896 GSI_SAME_STMT);
1897 ptr = force_gimple_operand_gsi (gsi, ptr, true, NULL_TREE, true,
1898 GSI_SAME_STMT);
1899 tree ckind = build_int_cst (unsigned_char_type_node,
1900 is_lhs ? UBSAN_STORE_OF : UBSAN_LOAD_OF);
1901 gimple g = gimple_build_call_internal (IFN_UBSAN_OBJECT_SIZE, 4,
1902 ptr, t, sizet, ckind);
1903 gimple_set_location (g, loc);
1904 gsi_insert_before (gsi, g, GSI_SAME_STMT);
1905 }
1906
1907 /* True if we want to play UBSan games in the current function. */
1908
1909 bool
1910 do_ubsan_in_current_function ()
1911 {
1912 return (current_function_decl != NULL_TREE
1913 && !lookup_attribute ("no_sanitize_undefined",
1914 DECL_ATTRIBUTES (current_function_decl)));
1915 }
1916
1917 namespace {
1918
1919 const pass_data pass_data_ubsan =
1920 {
1921 GIMPLE_PASS, /* type */
1922 "ubsan", /* name */
1923 OPTGROUP_NONE, /* optinfo_flags */
1924 TV_TREE_UBSAN, /* tv_id */
1925 ( PROP_cfg | PROP_ssa ), /* properties_required */
1926 0, /* properties_provided */
1927 0, /* properties_destroyed */
1928 0, /* todo_flags_start */
1929 TODO_update_ssa, /* todo_flags_finish */
1930 };
1931
1932 class pass_ubsan : public gimple_opt_pass
1933 {
1934 public:
1935 pass_ubsan (gcc::context *ctxt)
1936 : gimple_opt_pass (pass_data_ubsan, ctxt)
1937 {}
1938
1939 /* opt_pass methods: */
1940 virtual bool gate (function *)
1941 {
1942 return flag_sanitize & (SANITIZE_NULL | SANITIZE_SI_OVERFLOW
1943 | SANITIZE_BOOL | SANITIZE_ENUM
1944 | SANITIZE_ALIGNMENT
1945 | SANITIZE_NONNULL_ATTRIBUTE
1946 | SANITIZE_RETURNS_NONNULL_ATTRIBUTE
1947 | SANITIZE_OBJECT_SIZE)
1948 && do_ubsan_in_current_function ();
1949 }
1950
1951 virtual unsigned int execute (function *);
1952
1953 }; // class pass_ubsan
1954
1955 unsigned int
1956 pass_ubsan::execute (function *fun)
1957 {
1958 basic_block bb;
1959 gimple_stmt_iterator gsi;
1960
1961 initialize_sanitizer_builtins ();
1962
1963 FOR_EACH_BB_FN (bb, fun)
1964 {
1965 for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi);)
1966 {
1967 gimple stmt = gsi_stmt (gsi);
1968 if (is_gimple_debug (stmt) || gimple_clobber_p (stmt))
1969 {
1970 gsi_next (&gsi);
1971 continue;
1972 }
1973
1974 if ((flag_sanitize & SANITIZE_SI_OVERFLOW)
1975 && is_gimple_assign (stmt))
1976 instrument_si_overflow (gsi);
1977
1978 if (flag_sanitize & (SANITIZE_NULL | SANITIZE_ALIGNMENT))
1979 {
1980 if (gimple_store_p (stmt))
1981 instrument_null (gsi, true);
1982 if (gimple_assign_load_p (stmt))
1983 instrument_null (gsi, false);
1984 }
1985
1986 if (flag_sanitize & (SANITIZE_BOOL | SANITIZE_ENUM)
1987 && gimple_assign_load_p (stmt))
1988 {
1989 instrument_bool_enum_load (&gsi);
1990 bb = gimple_bb (stmt);
1991 }
1992
1993 if ((flag_sanitize & SANITIZE_NONNULL_ATTRIBUTE)
1994 && is_gimple_call (stmt)
1995 && !gimple_call_internal_p (stmt))
1996 {
1997 instrument_nonnull_arg (&gsi);
1998 bb = gimple_bb (stmt);
1999 }
2000
2001 if ((flag_sanitize & SANITIZE_RETURNS_NONNULL_ATTRIBUTE)
2002 && gimple_code (stmt) == GIMPLE_RETURN)
2003 {
2004 instrument_nonnull_return (&gsi);
2005 bb = gimple_bb (stmt);
2006 }
2007
2008 if (flag_sanitize & SANITIZE_OBJECT_SIZE)
2009 {
2010 if (gimple_store_p (stmt))
2011 instrument_object_size (&gsi, true);
2012 if (gimple_assign_load_p (stmt))
2013 instrument_object_size (&gsi, false);
2014 }
2015
2016 gsi_next (&gsi);
2017 }
2018 }
2019 return 0;
2020 }
2021
2022 } // anon namespace
2023
2024 gimple_opt_pass *
2025 make_pass_ubsan (gcc::context *ctxt)
2026 {
2027 return new pass_ubsan (ctxt);
2028 }
2029
2030 #include "gt-ubsan.h"
Mirror of the offical gcc git repository hosted at gcc.gnu.org