| blob | 12af458fb90d79a0df94125075c1a3db2b98e5f2 |
1 /* Pointer Bounds Checker insrumentation pass.
2 Copyright (C) 2014-2017 Free Software Foundation, Inc.
3 Contributed by Ilya Enkovich (ilya.enkovich@intel.com)
5 This file is part of GCC.
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 3, or (at your option) any later
10 version.
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 for more details.
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
58 /* Pointer Bounds Checker instruments code with memory checks to find
59 out-of-bounds memory accesses. Checks are performed by computing
60 bounds for each pointer and then comparing address of accessed
61 memory before pointer dereferencing.
63 1. Function clones.
65 See ipa-chkp.c.
67 2. Instrumentation.
69 There are few things to instrument:
71 a) Memory accesses - add checker calls to check address of accessed memory
72 against bounds of dereferenced pointer. Obviously safe memory
73 accesses like static variable access does not have to be instrumented
74 with checks.
76 Example:
78 val_2 = *p_1;
80 with 4 bytes access is transformed into:
82 __builtin___chkp_bndcl (__bound_tmp.1_3, p_1);
83 D.1_4 = p_1 + 3;
84 __builtin___chkp_bndcu (__bound_tmp.1_3, D.1_4);
85 val_2 = *p_1;
87 where __bound_tmp.1_3 are bounds computed for pointer p_1,
88 __builtin___chkp_bndcl is a lower bound check and
89 __builtin___chkp_bndcu is an upper bound check.
91 b) Pointer stores.
93 When pointer is stored in memory we need to store its bounds. To
94 achieve compatibility of instrumented code with regular codes
95 we have to keep data layout and store bounds in special bound tables
96 via special checker call. Implementation of bounds table may vary for
97 different platforms. It has to associate pointer value and its
98 location (it is required because we may have two equal pointers
99 with different bounds stored in different places) with bounds.
100 Another checker builtin allows to get bounds for specified pointer
101 loaded from specified location.
103 Example:
105 buf1[i_1] = &buf2;
107 is transformed into:
109 buf1[i_1] = &buf2;
110 D.1_2 = &buf1[i_1];
111 __builtin___chkp_bndstx (D.1_2, &buf2, __bound_tmp.1_2);
113 where __bound_tmp.1_2 are bounds of &buf2.
115 c) Static initialization.
117 The special case of pointer store is static pointer initialization.
118 Bounds initialization is performed in a few steps:
119 - register all static initializations in front-end using
120 chkp_register_var_initializer
121 - when file compilation finishes we create functions with special
122 attribute 'chkp ctor' and put explicit initialization code
123 (assignments) for all statically initialized pointers.
124 - when checker constructor is compiled checker pass adds required
125 bounds initialization for all statically initialized pointers
126 - since we do not actually need excess pointers initialization
127 in checker constructor we remove such assignments from them
129 d) Calls.
131 For each call in the code we add additional arguments to pass
132 bounds for pointer arguments. We determine type of call arguments
133 using arguments list from function declaration; if function
134 declaration is not available we use function type; otherwise
135 (e.g. for unnamed arguments) we use type of passed value. Function
136 declaration/type is replaced with the instrumented one.
138 Example:
140 val_1 = foo (&buf1, &buf2, &buf1, 0);
142 is translated into:
144 val_1 = foo.chkp (&buf1, __bound_tmp.1_2, &buf2, __bound_tmp.1_3,
145 &buf1, __bound_tmp.1_2, 0);
147 e) Returns.
149 If function returns a pointer value we have to return bounds also.
150 A new operand was added for return statement to hold returned bounds.
152 Example:
154 return &_buf1;
156 is transformed into
158 return &_buf1, __bound_tmp.1_1;
160 3. Bounds computation.
162 Compiler is fully responsible for computing bounds to be used for each
163 memory access. The first step for bounds computation is to find the
164 origin of pointer dereferenced for memory access. Basing on pointer
165 origin we define a way to compute its bounds. There are just few
166 possible cases:
168 a) Pointer is returned by call.
170 In this case we use corresponding checker builtin method to obtain returned
171 bounds.
173 Example:
175 buf_1 = malloc (size_2);
176 foo (buf_1);
178 is translated into:
180 buf_1 = malloc (size_2);
181 __bound_tmp.1_3 = __builtin___chkp_bndret (buf_1);
182 foo (buf_1, __bound_tmp.1_3);
184 b) Pointer is an address of an object.
186 In this case compiler tries to compute objects size and create corresponding
187 bounds. If object has incomplete type then special checker builtin is used to
188 obtain its size at runtime.
190 Example:
192 foo ()
193 {
194 <unnamed type> __bound_tmp.3;
195 static int buf[100];
197 <bb 3>:
198 __bound_tmp.3_2 = __builtin___chkp_bndmk (&buf, 400);
200 <bb 2>:
201 return &buf, __bound_tmp.3_2;
202 }
204 Example:
206 Address of an object 'extern int buf[]' with incomplete type is
207 returned.
209 foo ()
210 {
211 <unnamed type> __bound_tmp.4;
212 long unsigned int __size_tmp.3;
214 <bb 3>:
215 __size_tmp.3_4 = __builtin_ia32_sizeof (buf);
216 __bound_tmp.4_3 = __builtin_ia32_bndmk (&buf, __size_tmp.3_4);
218 <bb 2>:
219 return &buf, __bound_tmp.4_3;
220 }
222 c) Pointer is the result of object narrowing.
224 It happens when we use pointer to an object to compute pointer to a part
225 of an object. E.g. we take pointer to a field of a structure. In this
226 case we perform bounds intersection using bounds of original object and
227 bounds of object's part (which are computed basing on its type).
229 There may be some debatable questions about when narrowing should occur
230 and when it should not. To avoid false bound violations in correct
231 programs we do not perform narrowing when address of an array element is
232 obtained (it has address of the whole array) and when address of the first
233 structure field is obtained (because it is guaranteed to be equal to
234 address of the whole structure and it is legal to cast it back to structure).
236 Default narrowing behavior may be changed using compiler flags.
238 Example:
240 In this example address of the second structure field is returned.
242 foo (struct A * p, __bounds_type __bounds_of_p)
243 {
244 <unnamed type> __bound_tmp.3;
245 int * _2;
246 int * _5;
248 <bb 2>:
249 _5 = &p_1(D)->second_field;
250 __bound_tmp.3_6 = __builtin___chkp_bndmk (_5, 4);
251 __bound_tmp.3_8 = __builtin___chkp_intersect (__bound_tmp.3_6,
252 __bounds_of_p_3(D));
253 _2 = &p_1(D)->second_field;
254 return _2, __bound_tmp.3_8;
255 }
257 Example:
259 In this example address of the first field of array element is returned.
261 foo (struct A * p, __bounds_type __bounds_of_p, int i)
262 {
263 long unsigned int _3;
264 long unsigned int _4;
265 struct A * _6;
266 int * _7;
268 <bb 2>:
269 _3 = (long unsigned int) i_1(D);
270 _4 = _3 * 8;
271 _6 = p_5(D) + _4;
272 _7 = &_6->first_field;
273 return _7, __bounds_of_p_2(D);
274 }
277 d) Pointer is the result of pointer arithmetic or type cast.
279 In this case bounds of the base pointer are used. In case of binary
280 operation producing a pointer we are analyzing data flow further
281 looking for operand's bounds. One operand is considered as a base
282 if it has some valid bounds. If we fall into a case when none of
283 operands (or both of them) has valid bounds, a default bounds value
284 is used.
286 Trying to find out bounds for binary operations we may fall into
287 cyclic dependencies for pointers. To avoid infinite recursion all
288 walked phi nodes instantly obtain corresponding bounds but created
289 bounds are marked as incomplete. It helps us to stop DF walk during
290 bounds search.
292 When we reach pointer source, some args of incomplete bounds phi obtain
293 valid bounds and those values are propagated further through phi nodes.
294 If no valid bounds were found for phi node then we mark its result as
295 invalid bounds. Process stops when all incomplete bounds become either
296 valid or invalid and we are able to choose a pointer base.
298 e) Pointer is loaded from the memory.
300 In this case we just need to load bounds from the bounds table.
302 Example:
304 foo ()
305 {
306 <unnamed type> __bound_tmp.3;
307 static int * buf;
308 int * _2;
310 <bb 2>:
311 _2 = buf;
312 __bound_tmp.3_4 = __builtin___chkp_bndldx (&buf, _2);
313 return _2, __bound_tmp.3_4;
314 }
316 */
332 static tree
335 #define chkp_bndldx_fndecl \
336 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDLDX))
337 #define chkp_bndstx_fndecl \
338 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDSTX))
339 #define chkp_checkl_fndecl \
340 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDCL))
341 #define chkp_checku_fndecl \
342 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDCU))
343 #define chkp_bndmk_fndecl \
344 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDMK))
345 #define chkp_ret_bnd_fndecl \
346 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDRET))
347 #define chkp_intersect_fndecl \
348 (targetm.builtin_chkp_function (BUILT_IN_CHKP_INTERSECT))
349 #define chkp_narrow_bounds_fndecl \
350 (targetm.builtin_chkp_function (BUILT_IN_CHKP_NARROW))
351 #define chkp_sizeof_fndecl \
352 (targetm.builtin_chkp_function (BUILT_IN_CHKP_SIZEOF))
353 #define chkp_extract_lower_fndecl \
354 (targetm.builtin_chkp_function (BUILT_IN_CHKP_EXTRACT_LOWER))
355 #define chkp_extract_upper_fndecl \
356 (targetm.builtin_chkp_function (BUILT_IN_CHKP_EXTRACT_UPPER))
390 /* Static checker constructors may become very large and their
391 compilation with optimization may take too much time.
392 Therefore we put a limit to number of statements in one
393 constructor. Tests with 100 000 statically initialized
394 pointers showed following compilation times on Sandy Bridge
395 server (used -O2):
396 limit 100 => ~18 sec.
397 limit 300 => ~22 sec.
398 limit 1000 => ~30 sec.
399 limit 3000 => ~49 sec.
400 limit 5000 => ~55 sec.
401 limit 10000 => ~76 sec.
402 limit 100000 => ~532 sec. */
403 #define MAX_STMTS_IN_STATIC_CHKP_CTOR (PARAM_VALUE (PARAM_CHKP_MAX_CTOR_SIZE))
405 struct chkp_ctor_stmt_list
406 {
407 tree stmts;
409 };
411 /* Return 1 if function FNDECL is instrumented by Pointer
412 Bounds Checker. */
413 bool
415 {
416 return fndecl
418 }
420 /* Mark function FNDECL as instrumented. */
421 void
423 {
430 }
432 /* Return true when STMT is builtin call to instrumentation function
433 corresponding to CODE. */
435 bool
438 {
439 tree fndecl;
440 /* We are skipping the check for address-spaces, that's
441 why we don't use gimple_call_builtin_p directly here. */
450 }
452 /* Emit code to build zero bounds and return RTL holding
453 the result. */
454 rtx
456 {
457 tree zero_bnd;
461 else
463 integer_zero_node);
465 }
467 /* Emit code to store zero bounds for PTR located at MEM. */
468 void
470 {
475 else
477 integer_zero_node);
486 }
488 /* Build retbnd call for returned value RETVAL.
490 If BNDVAL is not NULL then result is stored
491 in it. Otherwise a temporary is created to
492 hold returned value.
494 GSI points to a position for a retbnd call
495 and is set to created stmt.
497 Cgraph edge is created for a new call if
498 UPDATE_EDGE is 1.
500 Obtained bounds are returned. */
501 tree
504 {
515 }
517 /* Build a GIMPLE_CALL identical to CALL but skipping bounds
518 arguments. */
520 gcall *
522 {
523 bitmap bounds;
541 }
543 /* Redirect edge E to the correct node according to call_stmt.
544 Return 1 if bounds removal from call_stmt should be done
545 instead of redirection. */
547 bool
549 {
565 {
568 else
569 {
571 /* Avoid bounds removal if all args will be removed. */
574 else
576 }
577 }
580 }
582 /* Mark statement S to not be instrumented. */
583 static void
585 {
587 }
589 /* Mark statement S to be instrumented. */
590 static void
592 {
594 }
596 /* Return 1 if statement S should not be instrumented. */
597 static bool
599 {
601 }
603 /* Get var to be used for bound temps. */
604 static tree
606 {
611 }
613 /* Get SSA_NAME to be used as temp. */
614 static tree
616 {
621 CHKP_BOUND_TMP_NAME);
622 }
624 /* Get var to be used for size temps. */
625 static tree
627 {
632 }
634 /* Register bounds BND for address of OBJ. */
635 static void
637 {
644 {
650 }
651 }
653 /* Return bounds registered for address of OBJ. */
654 static tree
656 {
659 }
661 /* Mark BOUNDS as completed. */
662 static void
664 {
668 {
672 }
673 }
675 /* Return 1 if BOUNDS were marked as completed and 0 otherwise. */
676 static bool
678 {
680 }
682 /* Clear comleted bound marks. */
683 static void
685 {
688 }
690 /* This function is used to provide a base address for
691 chkp_get_hard_register_fake_addr_expr. */
692 static tree
694 {
697 }
699 /* If we check bounds for a hard register variable, we cannot
700 use its address - it is illegal, so instead of that we use
701 this fake value. */
702 static tree
704 {
708 {
710 {
714 }
716 {
722 }
723 }
726 }
728 /* Mark BOUNDS associated with PTR as incomplete. */
729 static void
731 {
735 {
741 }
742 }
744 /* Return 1 if BOUNDS are incomplete and 0 otherwise. */
745 static bool
747 {
755 }
757 /* Clear incomleted bound marks. */
758 static void
760 {
763 }
765 /* Build and return bndmk call which creates bounds for structure
766 pointed by PTR. Structure should have complete type. */
767 tree
769 {
771 tree size;
782 }
784 /* Traversal function for chkp_may_finish_incomplete_bounds.
785 Set RES to 0 if at least one argument of phi statement
786 defining bounds (passed in KEY arg) is unknown.
787 Traversal stops when first unknown phi argument is found. */
788 bool
791 {
802 {
805 {
807 /* Do not need to traverse further. */
809 }
810 }
813 }
815 /* Return 1 if all phi nodes created for bounds have their
816 arguments computed. */
817 static bool
819 {
822 chkp_incomplete_bounds_map
826 }
828 /* Helper function for chkp_finish_incomplete_bounds.
829 Recompute args for bounds phi node. */
830 bool
833 {
846 {
852 UNKNOWN_LOCATION);
853 }
856 }
858 /* Mark BOUNDS as invalid. */
859 static void
861 {
865 {
869 }
870 }
872 /* Return 1 if BOUNDS were marked as invalid and 0 otherwise. */
873 static bool
875 {
880 }
882 /* Helper function for chkp_finish_incomplete_bounds.
883 Check all arguments of phi nodes trying to find
884 valid completed bounds. If there is at least one
885 such arg then bounds produced by phi node are marked
886 as valid completed bounds and all phi args are
887 recomputed. */
888 bool
890 {
904 {
910 {
915 }
916 }
919 }
921 /* Helper function for chkp_finish_incomplete_bounds.
922 Marks all incompleted bounds as invalid. */
923 bool
927 {
929 {
932 }
934 }
936 /* When all bound phi nodes have all their args computed
937 we have enough info to find valid bounds. We iterate
938 through all incompleted bounds searching for valid
939 bounds. Found valid bounds are marked as completed
940 and all remaining incompleted bounds are recomputed.
941 Process continues until no new valid bounds may be
942 found. All remained incompleted bounds are marked as
943 invalid (i.e. have no valid source of bounds). */
944 static void
946 {
950 {
953 chkp_incomplete_bounds_map->
957 chkp_incomplete_bounds_map->
959 }
961 chkp_incomplete_bounds_map->
963 chkp_incomplete_bounds_map->
968 }
970 /* Return 1 if type TYPE is a pointer type or a
971 structure having a pointer type as one of its fields.
972 Otherwise return 0. */
973 bool
975 {
981 {
982 tree field;
987 }
992 }
994 unsigned
996 {
1004 {
1005 bitmap have_bound;
1013 }
1016 }
1018 /* Get bounds associated with NODE via
1019 chkp_set_bounds call. */
1020 tree
1022 {
1030 }
1032 /* Associate bounds VAL with NODE. */
1033 void
1035 {
1040 }
1042 /* Check if statically initialized variable VAR require
1043 static bounds initialization. If VAR is added into
1044 bounds initlization list then 1 is returned. Otherwise
1045 return 0. */
1048 {
1058 {
1061 }
1064 }
1066 /* Helper function for chkp_finish_file.
1068 Add new modification statement (RHS is assigned to LHS)
1069 into list of static initializer statementes (passed in ARG).
1070 If statements list becomes too big, emit checker constructor
1071 and start the new one. */
1072 static void
1074 tree rhs,
1076 {
1078 tree modify;
1087 }
1089 /* Build and return ADDR_EXPR for specified object OBJ. */
1090 static tree
1092 {
1093 /* We first check whether it is a "hard reg case". */
1098 /* If not - return regular ADDR_EXPR. */
1102 }
1104 /* Helper function for chkp_finish_file.
1105 Initialize bound variable BND_VAR with bounds of variable
1106 VAR to statements list STMTS. If statements list becomes
1107 too big, emit checker constructor and start the new one. */
1108 static void
1111 {
1115 {
1118 }
1121 {
1122 /* Compute bounds using statically known size. */
1125 }
1126 else
1127 {
1128 /* Compute bounds using dynamic size. */
1129 tree call;
1134 chkp_sizeof_fndecl);
1139 {
1145 }
1148 }
1154 {
1159 }
1160 }
1162 /* Return entry block to be used for checker initilization code.
1163 Create new block if required. */
1164 static basic_block
1166 {
1168 entry_block
1172 }
1174 /* Return a bounds var to be used for pointer var PTR_VAR. */
1175 static tree
1177 {
1178 tree bnd_var;
1184 else
1185 {
1187 CHKP_BOUND_TMP_NAME);
1189 }
1192 }
1194 /* If BND is an abnormal bounds copy, return a copied value.
1195 Otherwise return BND. */
1196 static tree
1198 {
1200 {
1204 }
1207 }
1209 /* Register bounds BND for object PTR in global bounds table.
1210 A copy of bounds may be created for abnormal ssa names.
1211 Returns bounds to use for PTR. */
1212 static tree
1214 {
1220 /* Do nothing if bounds are incomplete_bounds
1221 because it means bounds will be recomputed. */
1229 /* A single bounds value may be reused multiple times for
1230 different pointer values. It may cause coalescing issues
1231 for abnormal SSA names. To avoid it we create a bounds
1232 copy in case it is computed for abnormal SSA name.
1234 We also cannot reuse such created copies for other pointers */
1237 {
1241 {
1244 }
1245 else
1248 /* For abnormal copies we may just find original
1249 bounds and use them. */
1252 /* For undefined values we usually use none bounds
1253 value but in case of abnormal edge it may cause
1254 coalescing failures. Use default definition of
1255 bounds variable instead to avoid it. */
1258 {
1262 {
1268 }
1269 }
1270 else
1271 {
1272 tree copy;
1275 gimple_stmt_iterator gsi;
1279 else
1281 NULL,
1282 CHKP_BOUND_TMP_NAME);
1287 {
1293 }
1296 {
1300 else
1302 }
1303 else
1304 {
1306 /* Sometimes (e.g. when we load a pointer from a
1307 memory) bounds are produced later than a pointer.
1308 We need to insert bounds copy appropriately. */
1312 else
1315 }
1318 }
1322 }
1327 {
1333 }
1336 }
1338 /* Get bounds registered for object PTR in global bounds table. */
1339 static tree
1341 {
1349 }
1351 /* Add bound retvals to return statement pointed by GSI. */
1353 static void
1355 {
1359 tree bounds;
1365 {
1369 }
1372 }
1374 /* Force OP to be suitable for using as an argument for call.
1375 New statements (if any) go to SEQ. */
1376 static tree
1378 {
1379 gimple_seq stmts;
1380 gimple_stmt_iterator si;
1390 }
1392 /* Generate lower bound check for memory access by ADDR.
1393 Check is inserted before the position pointed by ITER.
1394 DIRFLAG indicates whether memory access is load or store. */
1395 static void
1397 gimple_stmt_iterator iter,
1398 location_t location,
1399 tree dirflag)
1400 {
1401 gimple_seq seq;
1403 tree node;
1430 {
1436 }
1437 }
1439 /* Generate upper bound check for memory access by ADDR.
1440 Check is inserted before the position pointed by ITER.
1441 DIRFLAG indicates whether memory access is load or store. */
1442 static void
1444 gimple_stmt_iterator iter,
1445 location_t location,
1446 tree dirflag)
1447 {
1448 gimple_seq seq;
1450 tree node;
1477 {
1483 }
1484 }
1486 /* Generate lower and upper bound checks for memory access
1487 to memory slot [FIRST, LAST] againsr BOUNDS. Checks
1488 are inserted before the position pointed by ITER.
1489 DIRFLAG indicates whether memory access is load or store. */
1490 void
1492 gimple_stmt_iterator iter,
1493 location_t location,
1494 tree dirflag)
1495 {
1498 }
1500 /* Replace call to _bnd_chk_* pointed by GSI with
1501 bndcu and bndcl calls. DIRFLAG determines whether
1502 check is for read or write. */
1504 void
1506 tree dirflag)
1507 {
1522 {
1527 }
1530 }
1532 /* Replace call to _bnd_get_ptr_* pointed by GSI with
1533 corresponding bounds extract call. */
1535 void
1537 {
1548 else
1556 }
1558 /* Return COMPONENT_REF accessing FIELD in OBJ. */
1559 static tree
1561 {
1562 tree res;
1564 /* If object is TMR then we do not use component_ref but
1565 add offset instead. We need it to be able to get addr
1566 of the reasult later. */
1568 {
1578 }
1579 else
1583 }
1585 /* Return ARRAY_REF for array ARR and index IDX with
1586 specified element type ETYPE and element size ESIZE. */
1587 static tree
1590 {
1592 tree res;
1594 /* If object is TMR then we do not use array_ref but
1595 add offset instead. We need it to be able to get addr
1596 of the reasult later. */
1598 {
1612 }
1613 else
1617 }
1619 /* Helper function for chkp_add_bounds_to_call_stmt.
1620 Fill ALL_BOUNDS output array with created bounds.
1622 OFFS is used for recursive calls and holds basic
1623 offset of TYPE in outer structure in bits.
1625 ITER points a position where bounds are searched.
1627 ALL_BOUNDS[i] is filled with elem bounds if there
1628 is a field in TYPE which has pointer type and offset
1629 equal to i * POINTER_SIZE in bits. */
1630 static void
1632 HOST_WIDE_INT offs,
1634 {
1638 {
1640 {
1643 gimple_stmt_iterator gsi;
1649 }
1650 }
1652 {
1653 tree field;
1657 {
1660 HOST_WIDE_INT field_offs
1667 }
1668 }
1670 {
1680 {
1684 cur);
1686 iter);
1687 }
1688 }
1689 }
1691 /* Fill HAVE_BOUND output bitmap with information about
1692 bounds requred for object of type TYPE.
1694 OFFS is used for recursive calls and holds basic
1695 offset of TYPE in outer structure in bits.
1697 HAVE_BOUND[i] is set to 1 if there is a field
1698 in TYPE which has pointer type and offset
1699 equal to i * POINTER_SIZE - OFFS in bits. */
1700 void
1702 HOST_WIDE_INT offs)
1703 {
1707 {
1708 tree field;
1712 {
1720 }
1721 }
1723 {
1724 /* The object type is an array of complete type, i.e., other
1725 than a flexible array. */
1738 }
1739 }
1741 /* Fill bitmap RES with information about bounds for
1742 type TYPE. See chkp_find_bound_slots_1 for more
1743 details. */
1744 void
1746 {
1749 }
1751 /* Return 1 if call to FNDECL should be instrumented
1752 and 0 otherwise. */
1754 static bool
1756 {
1758 {
1792 }
1793 }
1795 /* Add bound arguments to call statement pointed by GSI.
1796 Also performs a replacement of user checker builtins calls
1797 with internal ones. */
1799 static void
1801 {
1805 tree fntype;
1806 tree first_formal_arg;
1807 tree arg;
1809 tree op;
1810 ssa_op_iter iter;
1813 /* Do nothing for internal functions. */
1819 /* Do nothing if back-end builtin is called. */
1823 /* Do nothing for some middle-end builtins. */
1828 /* Do nothing for calls to not instrumentable functions. */
1832 /* Ignore CHKP_INIT_PTR_BOUNDS, CHKP_NULL_PTR_BOUNDS
1833 and CHKP_COPY_PTR_BOUNDS. */
1841 /* Check user builtins are replaced with checks. */
1846 {
1849 }
1851 /* Check user builtins are replaced with bound extract. */
1855 {
1858 }
1860 /* BUILT_IN_CHKP_NARROW_PTR_BOUNDS call is replaced with
1861 target narrow bounds call. */
1864 {
1873 }
1875 /* BUILT_IN_CHKP_STORE_PTR_BOUNDS call is replaced with
1876 bndstx call. */
1879 {
1889 }
1894 /* We instrument only some subset of builtins. We also instrument
1895 builtin calls to be inlined. */
1899 {
1907 }
1909 /* If function decl is available then use it for
1910 formal arguments list. Otherwise use function type. */
1915 else
1916 {
1919 }
1921 /* Fill vector of new call args. */
1926 {
1928 tree type;
1930 /* Get arg type using formal argument description
1931 or actual argument type. */
1935 {
1938 }
1939 else
1941 else
1942 {
1945 }
1946 else
1955 {
1956 HOST_WIDE_INT max_bounds
1959 HOST_WIDE_INT bnd_no;
1970 }
1971 }
1975 else
1976 {
1981 }
1984 /* For direct calls fndecl is replaced with instrumented version. */
1986 {
1989 /* In case of a type cast we should modify used function
1990 type instead of using type of new fndecl. */
1992 {
1996 }
1997 else
1999 }
2000 /* For indirect call we should fix function pointer type if
2001 pass some bounds. */
2003 {
2007 }
2009 /* replace old call statement with the new one. */
2011 {
2013 {
2015 }
2017 }
2018 else
2022 }
2024 /* Return constant static bounds var with specified bounds LB and UB.
2025 If such var does not exists then new var is created with specified NAME. */
2026 static tree
2028 HOST_WIDE_INT ub,
2030 {
2032 tree var;
2037 pointer_bounds_type_node);
2041 /* With LTO we may have constant bounds already in varpool.
2042 Try to find it. */
2044 {
2045 /* We don't allow this symbol usage for non bounds. */
2053 }
2062 /* We may use this symbol during ctors generation in chkp_finish_file
2063 when all symbols are emitted. Force output to avoid undefined
2064 symbols in ctors. */
2071 }
2073 /* Generate code to make bounds with specified lower bound LB and SIZE.
2074 if AFTER is 1 then code is inserted after position pointed by ITER
2075 otherwise code is inserted before position pointed by ITER.
2076 If ITER is NULL then code is added to entry block. */
2077 static tree
2079 {
2080 gimple_seq seq;
2081 gimple_stmt_iterator gsi;
2083 tree bounds;
2087 else
2105 else
2109 {
2113 {
2116 }
2117 else
2119 }
2121 /* update_stmt (stmt); */
2124 }
2126 /* Return var holding zero bounds. */
2127 tree
2129 {
2131 chkp_zero_bounds_var
2133 CHKP_ZERO_BOUNDS_VAR_NAME);
2135 }
2137 /* Return var holding none bounds. */
2138 tree
2140 {
2142 chkp_none_bounds_var
2144 CHKP_NONE_BOUNDS_VAR_NAME);
2146 }
2148 /* Return SSA_NAME used to represent zero bounds. */
2149 static tree
2151 {
2160 {
2167 }
2168 else
2170 integer_zero_node,
2171 NULL,
2175 }
2177 /* Return SSA_NAME used to represent none bounds. */
2178 static tree
2180 {
2190 {
2197 }
2198 else
2201 NULL,
2205 }
2207 /* Return bounds to be used as a result of operation which
2208 should not create poiunter (e.g. MULT_EXPR). */
2209 static tree
2211 {
2213 }
2215 /* Return bounds to be used for loads of non-pointer values. */
2216 static tree
2218 {
2220 }
2222 /* Return 1 if may use bndret call to get bounds for pointer
2223 returned by CALL. */
2224 static bool
2226 {
2228 {
2232 }
2250 {
2259 }
2262 }
2264 /* Build bounds returned by CALL. */
2265 static tree
2267 {
2268 gimple_stmt_iterator gsi;
2269 tree bounds;
2275 /* To avoid fixing alloca expands in targets we handle
2276 it separately. */
2281 {
2285 }
2286 /* We know bounds returned by set_bounds builtin call. */
2290 {
2295 }
2296 /* Detect bounds initialization calls. */
2301 /* Detect bounds nullification calls. */
2306 /* Detect bounds copy calls. */
2310 {
2313 }
2314 /* Do not use retbnd when returned bounds are equal to some
2315 of passed bounds. */
2318 {
2322 {
2325 {
2327 retarg--;
2328 else
2330 }
2331 }
2332 else
2336 }
2339 {
2342 /* In general case build checker builtin call to
2343 obtain returned bounds. */
2355 }
2356 else
2360 {
2365 }
2370 }
2372 /* Return bounds used as returned by call
2373 which produced SSA name VAL. */
2374 gcall *
2376 {
2382 imm_use_iterator use_iter;
2383 use_operand_p use_p;
2389 }
2391 /* Check the next parameter for the given PARM is bounds
2392 and return it's default SSA_NAME (create if required). */
2393 static tree
2395 {
2400 {
2403 }
2405 }
2407 /* Return bounds to be used for input argument PARM. */
2408 static tree
2410 {
2412 tree bounds;
2422 {
2425 /* For static chain param we return zero bounds
2426 because currently we do not check dereferences
2427 of this pointer. */
2430 /* If non instrumented runtime is used then it may be useful
2431 to use zero bounds for input arguments of main
2432 function. */
2437 {
2442 {
2447 }
2448 }
2449 else
2451 }
2457 {
2465 }
2468 }
2470 /* Build and return CALL_EXPR for bndstx builtin with specified
2471 arguments. */
2472 tree
2474 {
2477 chkp_bndldx_fndecl);
2482 }
2484 /* Insert code to load bounds for PTR located by ADDR.
2485 Code is inserted after position pointed by GSI.
2486 Loaded bounds are returned. */
2487 static tree
2489 {
2490 gimple_seq seq;
2492 tree bounds;
2509 {
2514 }
2517 }
2519 /* Build and return CALL_EXPR for bndstx builtin with specified
2520 arguments. */
2521 tree
2523 {
2526 chkp_bndstx_fndecl);
2531 }
2533 /* Insert code to store BOUNDS for PTR stored by ADDR.
2534 New statements are inserted after position pointed
2535 by GSI. */
2536 void
2539 {
2540 gimple_seq seq;
2557 {
2561 }
2562 }
2564 /* This function is called when call statement
2565 is inlined and therefore we can't use bndret
2566 for its LHS anymore. Function fixes bndret
2567 call using new RHS value if possible. */
2568 void
2570 {
2577 /* Search for retbnd call. */
2582 /* Currently only handle cases when call is replaced
2583 with a memory access. In this case bndret call
2584 may be replaced with bndldx call. Otherwise we
2585 have to search for bounds which may cause wrong
2586 result due to various optimizations applied. */
2588 {
2609 }
2611 /* Create a new statements sequence with bndldx call. */
2617 /* Remove bndret call. */
2622 /* Link new bndldx call. */
2625 }
2627 /* Compute bounds for pointer NODE which was assigned in
2628 assignment statement ASSIGN. Return computed bounds. */
2629 static tree
2631 {
2639 {
2642 }
2645 {
2650 /* We need to load bounds from the bounds table. */
2661 /* Bounds are just propagated from RHS. */
2667 /* Bounds are just propagated from RHS. */
2673 {
2674 /* We need to load bounds from the bounds table. */
2678 }
2679 else
2688 {
2693 /* First we try to check types of operands. If it
2694 does not help then look at bound values.
2696 If some bounds are incomplete and other are
2697 not proven to be valid (i.e. also incomplete
2698 or invalid because value is not pointer) then
2699 resulting value is incomplete and will be
2700 recomputed later in chkp_finish_incomplete_bounds. */
2712 else
2718 else
2725 else
2729 else
2730 /* Seems both operands may have valid bounds
2731 (e.g. pointer minus pointer). In such case
2732 use default invalid op bounds. */
2736 }
2766 /* No valid bounds may be produced by these exprs. */
2771 {
2782 else
2783 {
2792 }
2793 }
2798 {
2807 else
2808 {
2819 }
2820 }
2827 }
2831 /* We may reuse bounds of other pointer we copy/modify. But it is not
2832 allowed for abnormal ssa names. If we produced a pointer using
2833 abnormal ssa name, we better make a bounds copy to avoid coalescing
2834 issues. */
2838 {
2842 }
2848 }
2850 /* Compute bounds for ssa name NODE defined by DEF_STMT pointed by ITER.
2852 There are just few statement codes allowed: NOP (for default ssa names),
2853 ASSIGN, CALL, PHI, ASM.
2855 Return computed bounds. */
2856 static tree
2859 {
2865 {
2871 }
2874 {
2878 {
2884 /* For uninitialized pointers use none bounds. */
2890 {
2891 tree base_type;
2904 }
2909 {
2912 }
2915 }
2930 else
2932 NULL,
2933 CHKP_BOUND_TMP_NAME);
2934 else
2942 /* Created bounds do not have all phi args computed and
2943 therefore we do not know if there is a valid source
2944 of bounds for that node. Therefore we mark bounds
2945 as incomplete and then recompute them when all phi
2946 args are computed. */
2958 }
2961 }
2963 /* Return CALL_EXPR for bndmk with specified LOWER_BOUND and SIZE. */
2964 tree
2966 {
2969 chkp_bndmk_fndecl);
2972 }
2974 /* Create static bounds var of specfified OBJ which is
2975 is either VAR_DECL or string constant. */
2976 static tree
2978 {
2984 tree bnd_var;
2986 /* First check if we already have required var. */
2988 {
2989 /* For vars we use assembler name as a key in
2990 chkp_static_var_bounds map. It allows to
2991 avoid duplicating bound vars for decls
2992 sharing assembler name. */
2994 {
2999 }
3000 else
3001 {
3005 }
3006 }
3008 /* Build decl for bounds var. */
3010 {
3012 {
3015 }
3016 else
3017 {
3020 /* For hidden symbols we want to skip first '*' char. */
3022 var_name++;
3028 }
3032 pointer_bounds_type_node);
3034 /* Address of the obj will be used as lower bound. */
3036 }
3037 else
3038 {
3044 pointer_bounds_type_node);
3045 }
3059 /* Force output similar to constant bounds.
3060 See chkp_make_static_const_bounds. */
3062 /* Mark symbol as requiring bounds initialization. */
3066 /* Add created var to the map to use it for other references
3067 to obj. */
3072 {
3075 }
3076 else
3080 }
3082 /* When var has incomplete type we cannot get size to
3083 compute its bounds. In such cases we use checker
3084 builtin call which determines object size at runtime. */
3085 static tree
3087 {
3089 gimple_stmt_iterator gsi;
3093 /* If instrumentation is not enabled for vars having
3094 incomplete type then just return zero bounds to avoid
3095 checks for this var. */
3100 {
3104 }
3117 {
3118 /* We should check that size relocation was resolved.
3119 If it was not then use maximum possible size for the var. */
3128 }
3129 else
3130 {
3133 }
3141 }
3143 /* Return 1 if TYPE has fields with zero size or fields
3144 marked with chkp_variable_size attribute. */
3145 bool
3147 {
3149 tree field;
3153 {
3155 res = res
3158 }
3159 else
3165 }
3167 /* Compute and return bounds for address of DECL which is
3168 one of VAR_DECL, PARM_DECL, RESULT_DECL. */
3169 static tree
3171 {
3172 tree bounds;
3184 {
3188 }
3190 /* Use zero bounds if size is unknown and checks for
3191 unknown sizes are restricted. */
3206 {
3214 }
3220 {
3223 }
3224 else
3225 {
3228 }
3231 }
3233 /* Compute and return bounds for constant string. */
3234 static tree
3236 {
3237 tree bounds;
3238 tree lb;
3239 tree size;
3250 {
3258 }
3259 else
3260 {
3264 }
3269 }
3271 /* Generate code to instersect bounds BOUNDS1 and BOUNDS2 and
3272 return the result. if ITER is not NULL then Code is inserted
3273 before position pointed by ITER. Otherwise code is added to
3274 entry block. */
3275 static tree
3277 {
3282 else
3283 {
3284 gimple_seq seq;
3286 tree bounds;
3298 /* We are probably doing narrowing for constant expression.
3299 In such case iter may be undefined. */
3301 {
3305 }
3306 else
3310 {
3316 }
3319 }
3320 }
3322 /* Return 1 if we are allowed to narrow bounds for addressed FIELD
3323 and 0 othersize. REF is reference to the field. */
3325 static bool
3327 {
3330 && !(flag_chkp_flexible_struct_trailing_arrays
3338 }
3340 /* Return 1 if bounds for FIELD should be narrowed to
3341 field's own size. REF is reference to the field. */
3343 static bool
3345 {
3346 HOST_WIDE_INT offs;
3347 HOST_WIDE_INT bit_offs;
3352 /* Access to compiler generated fields should not cause
3353 bounds narrowing. */
3361 && (flag_chkp_first_field_has_own_bounds
3362 || offs
3364 }
3366 /* Perform narrowing for BOUNDS of an INNER reference. Shift boundary
3367 by OFFSET bytes and limit to SIZE bytes. Newly created statements are
3368 added to ITER. */
3370 static tree
3373 {
3390 }
3392 /* Perform narrowing for BOUNDS using bounds computed for field
3393 access COMPONENT. ITER meaning is the same as for
3394 chkp_intersect_bounds. */
3396 static tree
3399 {
3403 tree field_bounds;
3408 }
3410 /* Parse field or array access NODE.
3412 PTR ouput parameter holds a pointer to the outermost
3413 object.
3415 BITFIELD output parameter is set to 1 if bitfield is
3416 accessed and to 0 otherwise. If it is 1 then ELT holds
3417 outer component for accessed bit field.
3419 SAFE outer parameter is set to 1 if access is safe and
3420 checks are not required.
3422 BOUNDS outer parameter holds bounds to be used to check
3423 access (may be NULL).
3425 If INNERMOST_BOUNDS is 1 then try to narrow bounds to the
3426 innermost accessed component. */
3427 static void
3434 {
3439 tree var;
3443 /* Compute tree height for expression. */
3450 {
3452 len++;
3453 }
3457 /* It is more convenient for us to scan left-to-right,
3458 so walk tree again and put all node to nodes vector
3459 in reversed order. */
3471 /* To get bitfield address we will need outer element. */
3474 else
3477 /* If we have indirection in expression then compute
3478 outermost structure bounds. Computed bounds may be
3479 narrowed later. */
3481 {
3486 }
3487 else
3488 {
3497 /* For hard register cases chkp_build_addr_expr returns INTEGER_CST
3498 and later on chkp_find_bounds will fail to find proper bounds.
3499 In order to avoid that, we find/create bounds right aways using
3500 the var itself. */
3503 }
3505 /* In this loop we are trying to find a field access
3506 requiring narrowing. There are two simple rules
3507 for search:
3508 1. Leftmost array_ref is chosen if any.
3509 2. Rightmost suitable component_ref is chosen if innermost
3510 bounds are required and no array_ref exists. */
3512 {
3516 {
3520 && !flag_chkp_narrow_to_innermost_arrray
3521 && (!last_comp
3524 {
3527 }
3528 }
3530 {
3534 && !array_ref_found
3540 && flag_chkp_narrow_to_innermost_arrray
3542 {
3546 }
3547 }
3549 {
3551 {
3554 *bounds
3557 }
3558 }
3560 /* Nothing to do for it. */
3561 ;
3562 else
3564 }
3571 }
3573 /* Parse BIT_FIELD_REF to a NODE for a given location LOC. Return OFFSET
3574 and SIZE in bytes. */
3576 static
3579 {
3592 }
3594 /* Compute and return bounds for address of OBJ. */
3595 static tree
3597 {
3604 {
3618 {
3619 tree elt;
3620 tree ptr;
3628 }
3647 {
3652 }
3656 }
3661 }
3663 /* Compute bounds for pointer PTR loaded from PTR_SRC. Generate statements
3664 to compute bounds if required. Computed bounds should be available at
3665 position pointed by ITER.
3667 If PTR_SRC is NULL_TREE then pointer definition is identified.
3669 If PTR_SRC is not NULL_TREE then ITER points to statements which loads
3670 PTR. If PTR is a any memory reference then ITER points to a statement
3671 after which bndldx will be inserterd. In both cases ITER will be updated
3672 to point to the inserted bndldx statement. */
3674 static tree
3676 {
3689 {
3695 else
3696 {
3699 }
3700 else
3708 {
3711 }
3715 {
3719 else
3720 {
3723 }
3724 else
3726 }
3727 else
3728 {
3731 }
3735 /* Handled above but failed. */
3747 {
3749 gphi_iterator phi_iter;
3756 {
3760 {
3762 tree arg_bnd;
3767 /* chkp_get_bounds_by_definition created new phi
3768 statement and phi_iter points to it.
3770 Previous call to chkp_find_bounds could create
3771 new basic block and therefore change phi statement
3772 phi_iter points to. */
3777 UNKNOWN_LOCATION);
3778 }
3780 /* If all bound phi nodes have their arg computed
3781 then we may finish its computation. See
3782 chkp_finish_incomplete_bounds for more details. */
3785 }
3789 }
3802 else
3808 {
3812 }
3815 }
3818 {
3820 {
3823 }
3825 }
3828 }
3830 /* Normal case for bounds search without forced narrowing. */
3831 static tree
3833 {
3835 }
3837 /* Search bounds for pointer PTR loaded from PTR_SRC
3838 by statement *ITER points to. */
3839 static tree
3841 {
3843 }
3845 /* Helper function which checks type of RHS and finds all pointers in
3846 it. For each found pointer we build it's accesses in LHS and RHS
3847 objects and then call HANDLER for them. Function is used to copy
3848 or initilize bounds for copied object. */
3849 static void
3851 assign_handler handler)
3852 {
3855 /* We have nothing to do with clobbers. */
3862 {
3863 tree field;
3866 {
3868 tree val;
3871 {
3873 {
3876 }
3877 }
3878 }
3879 else
3883 {
3887 }
3888 }
3890 {
3897 {
3902 {
3904 {
3910 cur++)
3911 {
3914 }
3915 }
3916 else
3917 {
3919 {
3922 }
3927 }
3928 }
3929 }
3930 /* Copy array only when size is known. */
3933 {
3937 }
3938 }
3939 else
3942 }
3944 /* Add code to copy bounds for assignment of RHS to LHS.
3945 ARG is an iterator pointing ne code position. */
3946 static void
3948 {
3954 }
3956 /* Emit static bound initilizers and size vars. */
3957 void
3959 {
3966 /* Iterate through varpool and generate bounds initialization
3967 constructors for all statically initialized pointers. */
3971 /* Check that var is actually emitted and we need and may initialize
3972 its bounds. */
3978 {
3982 chkp_add_modification_to_stmt_list);
3985 {
3990 }
3991 }
3997 /* Iterate through varpool and generate bounds initialization
3998 constructors for all static bounds vars. */
4005 {
4007 tree var;
4014 }
4022 }
4024 /* An instrumentation function which is called for each statement
4025 having memory access we want to instrument. It inserts check
4026 code and bounds copy code.
4028 ITER points to statement to instrument.
4030 NODE holds memory access in statement to check.
4032 LOC holds the location information for statement.
4034 DIRFLAGS determines whether access is read or write.
4036 ACCESS_OFFS should be added to address used in NODE
4037 before check.
4039 ACCESS_SIZE holds size of checked access.
4041 SAFE indicates if NODE access is safe and should not be
4042 checked. */
4043 static void
4048 {
4057 /* We do not need instrumentation for clobbers. */
4064 {
4067 {
4069 tree elt;
4072 {
4073 /* We are not going to generate any checks, so do not
4074 generate bounds as well. */
4077 }
4082 /* Break if there is no dereference and operation is safe. */
4085 {
4095 addr_first,
4097 }
4098 else
4100 }
4126 {
4137 }
4153 }
4155 /* If addr_last was not computed then use (addr_first + size - 1)
4156 expression to compute it. */
4158 {
4161 }
4163 /* Shift both first_addr and last_addr by access_offs if specified. */
4165 {
4168 }
4171 {
4175 }
4177 /* Generate bndcl/bndcu checks if memory access is not safe. */
4179 {
4187 }
4189 /* We need to store bounds in case pointer is stored. */
4191 && !reg_store
4194 {
4201 chkp_copy_bounds_for_elem);
4202 else
4203 {
4206 }
4207 }
4208 }
4210 /* Add code to copy bounds for all pointers copied
4211 in ASSIGN created during inline of EDGE. */
4212 void
4214 {
4224 /* We should create edges for all created calls to bndldx and bndstx. */
4226 {
4229 {
4244 }
4246 }
4247 }
4249 /* Some code transformation made during instrumentation pass
4250 may put code into inconsistent state. Here we find and fix
4251 such flaws. */
4252 void
4254 {
4255 basic_block bb;
4256 gimple_stmt_iterator i;
4258 /* We could insert some code right after stmt which ends bb.
4259 We wanted to put this code on fallthru edge but did not
4260 add new edges from the beginning because it may cause new
4261 phi node creation which may be incorrect due to incomplete
4262 bound phi nodes. */
4265 {
4273 {
4280 /* We cannot split abnormal edge. Therefore we
4281 store its params, make it regular and then
4282 rebuild abnormal edge after split. */
4284 {
4289 }
4292 {
4296 }
4300 /* Re-create abnormal edge. */
4303 }
4304 }
4305 }
4307 /* Walker callback for chkp_replace_function_pointers. Replaces
4308 function pointer in the specified operand with pointer to the
4309 instrumented function version. */
4310 static tree
4313 {
4317 /* For builtins we replace pointers only for selected
4318 function and functions having definitions. */
4322 {
4332 }
4335 }
4337 /* This function searches for function pointers in statement
4338 pointed by GSI and replaces them with pointers to instrumented
4339 function versions. */
4340 static void
4342 {
4344 /* For calls we want to walk call args only. */
4346 {
4351 }
4352 else
4354 }
4356 /* This function instruments all statements working with memory,
4357 calls and rets.
4359 It also removes excess statements from static initializers. */
4360 static void
4362 {
4364 gimple_stmt_iterator i;
4369 do
4370 {
4373 {
4376 /* Skip statement marked to not be instrumented. */
4378 {
4381 }
4386 {
4402 {
4405 {
4408 integer_zero_node,
4411 /* Additionally we need to add bounds
4412 to return statement. */
4414 }
4415 }
4423 ;
4424 }
4428 /* We do not need any actual pointer stores in checker
4429 static initializer. */
4433 {
4438 }
4439 }
4441 }
4444 /* Some input params may have bounds and be address taken. In this case
4445 we should store incoming bounds into bounds table. */
4446 tree arg;
4450 {
4452 {
4455 gimple_stmt_iterator iter
4461 /* Skip bounds arg. */
4463 }
4465 {
4468 gimple_stmt_iterator iter
4470 bitmap_iterator bi;
4476 {
4486 }
4488 }
4489 }
4490 }
4492 /* Find init/null/copy_ptr_bounds calls and replace them
4493 with assignments. It should allow better code
4494 optimization. */
4496 static void
4498 {
4499 basic_block bb;
4500 gimple_stmt_iterator gsi;
4503 {
4505 {
4507 tree fndecl;
4510 /* Find builtins returning first arg and replace
4511 them with assignments. */
4520 {
4525 }
4526 }
4527 }
4528 }
4530 /* Initialize pass. */
4531 static void
4533 {
4534 basic_block bb;
4535 gimple_stmt_iterator i;
4564 /* We create these constant bounds once for each object file.
4565 These symbols go to comdat section and result in single copy
4566 of each one in the final binary. */
4574 }
4576 /* Finalize instrumentation pass. */
4577 static void
4579 {
4595 }
4597 /* Main instrumentation pass function. */
4598 static unsigned int
4600 {
4614 }
4616 /* Instrumentation pass gate. */
4617 static bool
4619 {
4624 }
4629 {
4638 TODO_verify_il
4640 };
4643 {
4647 {}
4649 /* opt_pass methods: */
4651 {
4653 }
4656 {
4658 }
4661 {
4663 }
4669 gimple_opt_pass *
4671 {
4673 }