1 /* Optimize and expand sanitizer functions.
2 Copyright (C) 2014 Free Software Foundation, Inc.
3 Contributed by Marek Polacek <polacek@redhat.com>
5 This file is part of GCC.
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 3, or (at your option) any later
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
23 #include "coretypes.h"
25 #include "hash-table.h"
31 #include "hard-reg-set.h"
33 #include "dominance.h"
35 #include "basic-block.h"
36 #include "tree-ssa-alias.h"
37 #include "internal-fn.h"
38 #include "gimple-expr.h"
42 #include "gimple-iterator.h"
44 #include "plugin-api.h"
45 #include "tree-pass.h"
47 #include "gimple-pretty-print.h"
49 #include "langhooks.h"
54 /* This is used to carry information about basic blocks. It is
55 attached to the AUX field of the standard CFG block. */
59 /* True if this BB has been visited. */
63 /* This is used to carry various hash maps and variables used
64 in sanopt_optimize_walker. */
68 /* This map maps a pointer (the first argument of UBSAN_NULL) to
69 a vector of UBSAN_NULL call statements that check this pointer. */
70 hash_map
<tree
, auto_vec
<gimple
> > null_check_map
;
72 /* Number of IFN_ASAN_CHECK statements. */
73 int asan_num_accesses
;
77 /* Try to optimize away redundant UBSAN_NULL checks.
79 We walk blocks in the CFG via a depth first search of the dominator
80 tree; we push unique UBSAN_NULL statements into a vector in the
81 NULL_CHECK_MAP as we enter the blocks. When leaving a block, we
82 mark the block as visited; then when checking the statements in the
83 vector, we ignore statements that are coming from already visited
84 blocks, because these cannot dominate anything anymore.
85 CTX is a sanopt context. */
88 sanopt_optimize_walker (basic_block bb
, struct sanopt_ctx
*ctx
)
91 gimple_stmt_iterator gsi
;
93 for (gsi
= gsi_start_bb (bb
); !gsi_end_p (gsi
);)
95 gimple stmt
= gsi_stmt (gsi
);
98 if (is_gimple_call (stmt
)
99 && gimple_call_internal_p (stmt
))
100 switch (gimple_call_internal_fn (stmt
))
104 gcc_assert (gimple_call_num_args (stmt
) == 3);
105 tree ptr
= gimple_call_arg (stmt
, 0);
106 tree cur_align
= gimple_call_arg (stmt
, 2);
107 gcc_assert (TREE_CODE (cur_align
) == INTEGER_CST
);
109 auto_vec
<gimple
> &v
= ctx
->null_check_map
.get_or_insert (ptr
);
111 /* For this PTR we don't have any UBSAN_NULL stmts
112 recorded, so there's nothing to optimize yet. */
116 /* We already have recorded a UBSAN_NULL check
117 for this pointer. Perhaps we can drop this one.
118 But only if this check doesn't specify stricter
120 while (!v
.is_empty ())
122 gimple g
= v
.last ();
123 /* Remove statements for BBs that have been
124 already processed. */
125 sanopt_info
*si
= (sanopt_info
*) gimple_bb (g
)->aux
;
130 /* At this point we shouldn't have any statements
131 that aren't dominating the current BB. */
132 tree align
= gimple_call_arg (g
, 2);
133 int kind
= tree_to_shwi (gimple_call_arg (g
, 1));
134 /* If this is a NULL pointer check where we had segv
135 anyway, we can remove it. */
136 if (integer_zerop (align
)
137 && (kind
== UBSAN_LOAD_OF
138 || kind
== UBSAN_STORE_OF
139 || kind
== UBSAN_MEMBER_ACCESS
))
141 /* Otherwise remove the check in non-recovering
142 mode, or if the stmts have same location. */
143 else if (integer_zerop (align
))
144 remove
= !(flag_sanitize_recover
& SANITIZE_NULL
)
145 || flag_sanitize_undefined_trap_on_error
146 || gimple_location (g
)
147 == gimple_location (stmt
);
148 else if (tree_int_cst_le (cur_align
, align
))
149 remove
= !(flag_sanitize_recover
150 & SANITIZE_ALIGNMENT
)
151 || flag_sanitize_undefined_trap_on_error
152 || gimple_location (g
)
153 == gimple_location (stmt
);
154 if (!remove
&& gimple_bb (g
) == gimple_bb (stmt
)
155 && tree_int_cst_compare (cur_align
, align
) == 0)
163 /* Drop this check. */
164 if (dump_file
&& (dump_flags
& TDF_DETAILS
))
166 fprintf (dump_file
, "Optimizing out\n ");
167 print_gimple_stmt (dump_file
, stmt
, 0,
169 fprintf (dump_file
, "\n");
171 gsi_remove (&gsi
, true);
178 ctx
->asan_num_accesses
++;
184 /* If we were able to remove the current statement, gsi_remove
185 already pointed us to the next statement. */
190 for (son
= first_dom_son (CDI_DOMINATORS
, bb
);
192 son
= next_dom_son (CDI_DOMINATORS
, son
))
193 sanopt_optimize_walker (son
, ctx
);
195 /* We're leaving this BB, so mark it to that effect. */
196 sanopt_info
*info
= (sanopt_info
*) bb
->aux
;
197 info
->visited_p
= true;
200 /* Try to remove redundant sanitizer checks in function FUN. */
203 sanopt_optimize (function
*fun
)
205 struct sanopt_ctx ctx
;
206 ctx
.asan_num_accesses
= 0;
208 /* Set up block info for each basic block. */
209 alloc_aux_for_blocks (sizeof (sanopt_info
));
211 /* We're going to do a dominator walk, so ensure that we have
212 dominance information. */
213 calculate_dominance_info (CDI_DOMINATORS
);
215 /* Recursively walk the dominator tree optimizing away
217 sanopt_optimize_walker (ENTRY_BLOCK_PTR_FOR_FN (fun
), &ctx
);
219 free_aux_for_blocks ();
221 return ctx
.asan_num_accesses
;
224 /* Perform optimization of sanitize functions. */
228 const pass_data pass_data_sanopt
=
230 GIMPLE_PASS
, /* type */
232 OPTGROUP_NONE
, /* optinfo_flags */
234 ( PROP_ssa
| PROP_cfg
| PROP_gimple_leh
), /* properties_required */
235 0, /* properties_provided */
236 0, /* properties_destroyed */
237 0, /* todo_flags_start */
238 TODO_update_ssa
, /* todo_flags_finish */
241 class pass_sanopt
: public gimple_opt_pass
244 pass_sanopt (gcc::context
*ctxt
)
245 : gimple_opt_pass (pass_data_sanopt
, ctxt
)
248 /* opt_pass methods: */
249 virtual bool gate (function
*) { return flag_sanitize
; }
250 virtual unsigned int execute (function
*);
252 }; // class pass_sanopt
255 pass_sanopt::execute (function
*fun
)
258 int asan_num_accesses
= 0;
260 /* Try to remove redundant checks. */
262 && (flag_sanitize
& (SANITIZE_NULL
| SANITIZE_ALIGNMENT
)))
263 asan_num_accesses
= sanopt_optimize (fun
);
264 else if (flag_sanitize
& SANITIZE_ADDRESS
)
266 gimple_stmt_iterator gsi
;
267 FOR_EACH_BB_FN (bb
, fun
)
268 for (gsi
= gsi_start_bb (bb
); !gsi_end_p (gsi
); gsi_next (&gsi
))
270 gimple stmt
= gsi_stmt (gsi
);
271 if (is_gimple_call (stmt
) && gimple_call_internal_p (stmt
)
272 && gimple_call_internal_fn (stmt
) == IFN_ASAN_CHECK
)
277 bool use_calls
= ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD
< INT_MAX
278 && asan_num_accesses
>= ASAN_INSTRUMENTATION_WITH_CALL_THRESHOLD
;
280 FOR_EACH_BB_FN (bb
, fun
)
282 gimple_stmt_iterator gsi
;
283 for (gsi
= gsi_start_bb (bb
); !gsi_end_p (gsi
); )
285 gimple stmt
= gsi_stmt (gsi
);
286 bool no_next
= false;
288 if (!is_gimple_call (stmt
))
294 if (gimple_call_internal_p (stmt
))
296 enum internal_fn ifn
= gimple_call_internal_fn (stmt
);
300 no_next
= ubsan_expand_null_ifn (&gsi
);
302 case IFN_UBSAN_BOUNDS
:
303 no_next
= ubsan_expand_bounds_ifn (&gsi
);
305 case IFN_UBSAN_OBJECT_SIZE
:
306 no_next
= ubsan_expand_objsize_ifn (&gsi
);
309 no_next
= asan_expand_check_ifn (&gsi
, use_calls
);
316 if (dump_file
&& (dump_flags
& TDF_DETAILS
))
318 fprintf (dump_file
, "Expanded\n ");
319 print_gimple_stmt (dump_file
, stmt
, 0, dump_flags
);
320 fprintf (dump_file
, "\n");
333 make_pass_sanopt (gcc::context
*ctxt
)
335 return new pass_sanopt (ctxt
);