1 /* AddressSanitizer, a fast memory error detector.
2 Copyright (C) 2011-2019 Free Software Foundation, Inc.
3 Contributed by Kostya Serebryany <kcc@google.com>
5 This file is part of GCC.
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 3, or (at your option) any later
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
24 extern void asan_function_start (void);
25 extern void asan_finish_file (void);
26 extern rtx_insn
*asan_emit_stack_protection (rtx
, rtx
, unsigned int,
27 HOST_WIDE_INT
*, tree
*, int);
28 extern rtx_insn
*asan_emit_allocas_unpoison (rtx
, rtx
, rtx_insn
*);
29 extern bool asan_protect_global (tree
, bool ignore_decl_rtl_set_p
= false);
30 extern void initialize_sanitizer_builtins (void);
31 extern tree
asan_dynamic_init_call (bool);
32 extern bool asan_expand_check_ifn (gimple_stmt_iterator
*, bool);
33 extern bool asan_expand_mark_ifn (gimple_stmt_iterator
*);
34 extern bool asan_expand_poison_ifn (gimple_stmt_iterator
*, bool *,
35 hash_map
<tree
, tree
> &);
37 extern gimple_stmt_iterator create_cond_insert_point
38 (gimple_stmt_iterator
*, bool, bool, bool, basic_block
*, basic_block
*);
40 /* Alias set for accessing the shadow memory. */
41 extern alias_set_type asan_shadow_set
;
43 /* Hash set of labels that are either used in a goto, or their address
45 extern hash_set
<tree
> *asan_used_labels
;
47 /* Shadow memory is found at
48 (address >> ASAN_SHADOW_SHIFT) + asan_shadow_offset (). */
49 #define ASAN_SHADOW_SHIFT 3
50 #define ASAN_SHADOW_GRANULARITY (1UL << ASAN_SHADOW_SHIFT)
52 /* Red zone size, stack and global variables are padded by ASAN_RED_ZONE_SIZE
53 up to 2 * ASAN_RED_ZONE_SIZE - 1 bytes. */
54 #define ASAN_RED_ZONE_SIZE 32
56 /* Stack variable use more compact red zones. The size includes also
57 size of variable itself. */
59 #define ASAN_MIN_RED_ZONE_SIZE 16
61 /* Shadow memory values for stack protection. Left is below protected vars,
62 the first pointer in stack corresponding to that offset contains
63 ASAN_STACK_FRAME_MAGIC word, the second pointer to a string describing
64 the frame. Middle is for padding in between variables, right is
65 above the last protected variable and partial immediately after variables
66 up to ASAN_RED_ZONE_SIZE alignment. */
67 #define ASAN_STACK_MAGIC_LEFT 0xf1
68 #define ASAN_STACK_MAGIC_MIDDLE 0xf2
69 #define ASAN_STACK_MAGIC_RIGHT 0xf3
70 #define ASAN_STACK_MAGIC_USE_AFTER_RET 0xf5
71 #define ASAN_STACK_MAGIC_USE_AFTER_SCOPE 0xf8
73 #define ASAN_STACK_FRAME_MAGIC 0x41b58ab3
74 #define ASAN_STACK_RETIRED_MAGIC 0x45e0360e
76 #define ASAN_USE_AFTER_SCOPE_ATTRIBUTE "use after scope memory"
78 /* Various flags for Asan builtins. */
81 ASAN_CHECK_STORE
= 1 << 0,
82 ASAN_CHECK_SCALAR_ACCESS
= 1 << 1,
83 ASAN_CHECK_NON_ZERO_LEN
= 1 << 2,
84 ASAN_CHECK_LAST
= 1 << 3
87 /* Flags for Asan check builtins. */
88 #define IFN_ASAN_MARK_FLAGS DEF(POISON), DEF(UNPOISON)
92 #define DEF(X) ASAN_MARK_##X
97 /* Return true if STMT is ASAN_MARK with FLAG as first argument. */
98 extern bool asan_mark_p (gimple
*stmt
, enum asan_mark_flags flag
);
100 /* Return the size of padding needed to insert after a protected
103 static inline unsigned int
104 asan_red_zone_size (unsigned int size
)
106 unsigned int c
= size
& (ASAN_RED_ZONE_SIZE
- 1);
107 return c
? 2 * ASAN_RED_ZONE_SIZE
- c
: ASAN_RED_ZONE_SIZE
;
110 /* Return how much a stack variable occupis on a stack
111 including a space for red zone. */
113 static inline unsigned HOST_WIDE_INT
114 asan_var_and_redzone_size (unsigned HOST_WIDE_INT size
)
120 else if (size
<= 128)
122 else if (size
<= 512)
124 else if (size
<= 4096)
130 extern bool set_asan_shadow_offset (const char *);
132 extern void set_sanitized_sections (const char *);
134 extern bool asan_sanitize_stack_p (void);
136 extern bool asan_sanitize_allocas_p (void);
138 extern hash_set
<tree
> *asan_handled_variables
;
140 /* Return TRUE if builtin with given FCODE will be intercepted by
144 asan_intercepted_p (enum built_in_function fcode
)
146 return fcode
== BUILT_IN_INDEX
147 || fcode
== BUILT_IN_MEMCHR
148 || fcode
== BUILT_IN_MEMCMP
149 || fcode
== BUILT_IN_MEMCPY
150 || fcode
== BUILT_IN_MEMMOVE
151 || fcode
== BUILT_IN_MEMSET
152 || fcode
== BUILT_IN_STRCASECMP
153 || fcode
== BUILT_IN_STRCAT
154 || fcode
== BUILT_IN_STRCHR
155 || fcode
== BUILT_IN_STRCMP
156 || fcode
== BUILT_IN_STRCPY
157 || fcode
== BUILT_IN_STRDUP
158 || fcode
== BUILT_IN_STRLEN
159 || fcode
== BUILT_IN_STRNCASECMP
160 || fcode
== BUILT_IN_STRNCAT
161 || fcode
== BUILT_IN_STRNCMP
162 || fcode
== BUILT_IN_STRCSPN
163 || fcode
== BUILT_IN_STRPBRK
164 || fcode
== BUILT_IN_STRSPN
165 || fcode
== BUILT_IN_STRSTR
166 || fcode
== BUILT_IN_STRNCPY
;
169 /* Return TRUE if we should instrument for use-after-scope sanity checking. */
172 asan_sanitize_use_after_scope (void)
174 return (flag_sanitize_address_use_after_scope
&& asan_sanitize_stack_p ());
177 /* Return true if DECL should be guarded on the stack. */
180 asan_protect_stack_decl (tree decl
)
183 && (!DECL_ARTIFICIAL (decl
)
184 || (asan_sanitize_use_after_scope () && TREE_ADDRESSABLE (decl
)));
187 /* Return true when flag_sanitize & FLAG is non-zero. If FN is non-null,
188 remove all flags mentioned in "no_sanitize" of DECL_ATTRIBUTES. */
191 sanitize_flags_p (unsigned int flag
, const_tree fn
= current_function_decl
)
193 unsigned int result_flags
= flag_sanitize
& flag
;
194 if (result_flags
== 0)
199 tree value
= lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn
));
201 result_flags
&= ~tree_to_uhwi (TREE_VALUE (value
));
207 #endif /* TREE_ASAN */