[thirdparty/gcc.git] / gcc / c-family / c-ubsan.c

/* UndefinedBehaviorSanitizer, undefined behavior detector.
   Copyright (C) 2013 Free Software Foundation, Inc.
   Contributed by Marek Polacek <polacek@redhat.com>

This file is part of GCC.

GCC is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
Software Foundation; either version 3, or (at your option) any later
version.

GCC is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
for more details.

You should have received a copy of the GNU General Public License
along with GCC; see the file COPYING3.  If not see
<http://www.gnu.org/licenses/>.  */

#include "config.h"
#include "system.h"
#include "coretypes.h"
#include "tree.h"
#include "alloc-pool.h"
#include "cgraph.h"
#include "gimple.h"
#include "hash-table.h"
#include "output.h"
#include "toplev.h"
#include "ubsan.h"
#include "c-family/c-common.h"
#include "c-family/c-ubsan.h"

/* Instrument division by zero and INT_MIN / -1.  If not instrumenting,
   return NULL_TREE.  */

tree
ubsan_instrument_division (location_t loc, tree op0, tree op1)
{
  tree t, tt;
  tree type = TREE_TYPE (op0);

  /* At this point both operands should have the same type,
     because they are already converted to RESULT_TYPE.
     Use TYPE_MAIN_VARIANT since typedefs can confuse us.  */
  gcc_assert (TYPE_MAIN_VARIANT (TREE_TYPE (op0))
	      == TYPE_MAIN_VARIANT (TREE_TYPE (op1)));

  /* TODO: REAL_TYPE is not supported yet.  */
  if (TREE_CODE (type) != INTEGER_TYPE)
    return NULL_TREE;

  /* If we *know* that the divisor is not -1 or 0, we don't have to
     instrument this expression.
     ??? We could use decl_constant_value to cover up more cases.  */
  if (TREE_CODE (op1) == INTEGER_CST
      && integer_nonzerop (op1)
      && !integer_minus_onep (op1))
    return NULL_TREE;

  t = fold_build2 (EQ_EXPR, boolean_type_node,
		    op1, build_int_cst (type, 0));

  /* We check INT_MIN / -1 only for signed types.  */
  if (!TYPE_UNSIGNED (type))
    {
      tree x;
      tt = fold_build2 (EQ_EXPR, boolean_type_node, op1,
			build_int_cst (type, -1));
      x = fold_build2 (EQ_EXPR, boolean_type_node, op0,
		       TYPE_MIN_VALUE (type));
      x = fold_build2 (TRUTH_AND_EXPR, boolean_type_node, x, tt);
      t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t, x);
    }

  /* In case we have a SAVE_EXPR in a conditional context, we need to
     make sure it gets evaluated before the condition.  */
  t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), op0, t);
  tree data = ubsan_create_data ("__ubsan_overflow_data",
				 loc, ubsan_type_descriptor (type),
				 NULL_TREE);
  data = build_fold_addr_expr_loc (loc, data);
  tt = builtin_decl_explicit (BUILT_IN_UBSAN_HANDLE_DIVREM_OVERFLOW);
  tt = build_call_expr_loc (loc, tt, 3, data, ubsan_encode_value (op0),
			    ubsan_encode_value (op1));
  t = fold_build3 (COND_EXPR, void_type_node, t, tt, void_zero_node);

  return t;
}

/* Instrument left and right shifts.  If not instrumenting, return
   NULL_TREE.  */

tree
ubsan_instrument_shift (location_t loc, enum tree_code code,
			tree op0, tree op1)
{
  tree t, tt = NULL_TREE;
  tree type0 = TREE_TYPE (op0);
  tree type1 = TREE_TYPE (op1);
  tree op1_utype = unsigned_type_for (type1);
  HOST_WIDE_INT op0_prec = TYPE_PRECISION (type0);
  tree uprecm1 = build_int_cst (op1_utype, op0_prec - 1);
  tree precm1 = build_int_cst (type1, op0_prec - 1);

  t = fold_convert_loc (loc, op1_utype, op1);
  t = fold_build2 (GT_EXPR, boolean_type_node, t, uprecm1);

  /* For signed x << y, in C99/C11, the following:
     (unsigned) x >> (precm1 - y)
     if non-zero, is undefined.  */
  if (code == LSHIFT_EXPR
      && !TYPE_UNSIGNED (type0)
      && flag_isoc99)
    {
      tree x = fold_build2 (MINUS_EXPR, integer_type_node, precm1, op1);
      tt = fold_convert_loc (loc, unsigned_type_for (type0), op0);
      tt = fold_build2 (RSHIFT_EXPR, TREE_TYPE (tt), tt, x);
      tt = fold_build2 (NE_EXPR, boolean_type_node, tt,
			build_int_cst (TREE_TYPE (tt), 0));
    }

  /* For signed x << y, in C++11/C++14, the following:
     x < 0 || ((unsigned) x >> (precm1 - y))
     if > 1, is undefined.  */
  if (code == LSHIFT_EXPR
      && !TYPE_UNSIGNED (TREE_TYPE (op0))
      && (cxx_dialect == cxx11 || cxx_dialect == cxx1y))
    {
      tree x = fold_build2 (MINUS_EXPR, integer_type_node, precm1, op1);
      tt = fold_convert_loc (loc, unsigned_type_for (type0), op0);
      tt = fold_build2 (RSHIFT_EXPR, TREE_TYPE (tt), tt, x);
      tt = fold_build2 (GT_EXPR, boolean_type_node, tt,
			build_int_cst (TREE_TYPE (tt), 1));
      x = fold_build2 (LT_EXPR, boolean_type_node, op0,
		       build_int_cst (type0, 0));
      tt = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, x, tt);
    }

  /* In case we have a SAVE_EXPR in a conditional context, we need to
     make sure it gets evaluated before the condition.  */
  t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), op0, t);
  tree data = ubsan_create_data ("__ubsan_shift_data",
				 loc, ubsan_type_descriptor (type0),
				 ubsan_type_descriptor (type1), NULL_TREE);

  data = build_fold_addr_expr_loc (loc, data);

  t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t,
		   tt ? tt : integer_zero_node);
  tt = builtin_decl_explicit (BUILT_IN_UBSAN_HANDLE_SHIFT_OUT_OF_BOUNDS);
  tt = build_call_expr_loc (loc, tt, 3, data, ubsan_encode_value (op0),
			    ubsan_encode_value (op1));
  t = fold_build3 (COND_EXPR, void_type_node, t, tt, void_zero_node);

  return t;
}
Commit	Line	Data
de5a5fa1 MP	1	/* UndefinedBehaviorSanitizer, undefined behavior detector.
	2	Copyright (C) 2013 Free Software Foundation, Inc.
	3	Contributed by Marek Polacek <polacek@redhat.com>
	4
	5	This file is part of GCC.
	6
	7	GCC is free software; you can redistribute it and/or modify it under
	8	the terms of the GNU General Public License as published by the Free
	9	Software Foundation; either version 3, or (at your option) any later
	10	version.
	11
	12	GCC is distributed in the hope that it will be useful, but WITHOUT ANY
	13	WARRANTY; without even the implied warranty of MERCHANTABILITY or
	14	FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
	15	for more details.
	16
	17	You should have received a copy of the GNU General Public License
	18	along with GCC; see the file COPYING3. If not see
	19	<http://www.gnu.org/licenses/>. */
	20
	21	#include "config.h"
	22	#include "system.h"
	23	#include "coretypes.h"
	24	#include "tree.h"
	25	#include "alloc-pool.h"
	26	#include "cgraph.h"
	27	#include "gimple.h"
	28	#include "hash-table.h"
	29	#include "output.h"
	30	#include "toplev.h"
	31	#include "ubsan.h"
	32	#include "c-family/c-common.h"
	33	#include "c-family/c-ubsan.h"
	34
	35	/* Instrument division by zero and INT_MIN / -1. If not instrumenting,
	36	return NULL_TREE. */
	37
	38	tree
	39	ubsan_instrument_division (location_t loc, tree op0, tree op1)
	40	{
	41	tree t, tt;
	42	tree type = TREE_TYPE (op0);
	43
	44	/* At this point both operands should have the same type,
	45	because they are already converted to RESULT_TYPE.
	46	Use TYPE_MAIN_VARIANT since typedefs can confuse us. */
	47	gcc_assert (TYPE_MAIN_VARIANT (TREE_TYPE (op0))
	48	== TYPE_MAIN_VARIANT (TREE_TYPE (op1)));
	49
	50	/* TODO: REAL_TYPE is not supported yet. */
	51	if (TREE_CODE (type) != INTEGER_TYPE)
	52	return NULL_TREE;
	53
	54	/* If we know that the divisor is not -1 or 0, we don't have to
	55	instrument this expression.
	56	??? We could use decl_constant_value to cover up more cases. */
	57	if (TREE_CODE (op1) == INTEGER_CST
	58	&& integer_nonzerop (op1)
	59	&& !integer_minus_onep (op1))
	60	return NULL_TREE;
	61
	62	t = fold_build2 (EQ_EXPR, boolean_type_node,
	63	op1, build_int_cst (type, 0));
	64
65	/* We check INT_MIN / -1 only for signed types. */
66	if (!TYPE_UNSIGNED (type))
67	{
68	tree x;
69	tt = fold_build2 (EQ_EXPR, boolean_type_node, op1,
70	build_int_cst (type, -1));
71	x = fold_build2 (EQ_EXPR, boolean_type_node, op0,
72	TYPE_MIN_VALUE (type));
73	x = fold_build2 (TRUTH_AND_EXPR, boolean_type_node, x, tt);
74	t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t, x);
75	}
76
77	/* In case we have a SAVE_EXPR in a conditional context, we need to
78	make sure it gets evaluated before the condition. */
79	t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), op0, t);
80	tree data = ubsan_create_data ("__ubsan_overflow_data",
81	loc, ubsan_type_descriptor (type),
82	NULL_TREE);
83	data = build_fold_addr_expr_loc (loc, data);
84	tt = builtin_decl_explicit (BUILT_IN_UBSAN_HANDLE_DIVREM_OVERFLOW);
85	tt = build_call_expr_loc (loc, tt, 3, data, ubsan_encode_value (op0),
86	ubsan_encode_value (op1));
87	t = fold_build3 (COND_EXPR, void_type_node, t, tt, void_zero_node);
88
89	return t;
90	}
91
92	/* Instrument left and right shifts. If not instrumenting, return
93	NULL_TREE. */
94
95	tree
96	ubsan_instrument_shift (location_t loc, enum tree_code code,
97	tree op0, tree op1)
98	{
99	tree t, tt = NULL_TREE;
100	tree type0 = TREE_TYPE (op0);
101	tree type1 = TREE_TYPE (op1);
102	tree op1_utype = unsigned_type_for (type1);
103	HOST_WIDE_INT op0_prec = TYPE_PRECISION (type0);
104	tree uprecm1 = build_int_cst (op1_utype, op0_prec - 1);
105	tree precm1 = build_int_cst (type1, op0_prec - 1);
106
107	t = fold_convert_loc (loc, op1_utype, op1);
108	t = fold_build2 (GT_EXPR, boolean_type_node, t, uprecm1);
109
110	/* For signed x << y, in C99/C11, the following:
111	(unsigned) x >> (precm1 - y)
112	if non-zero, is undefined. */
113	if (code == LSHIFT_EXPR
114	&& !TYPE_UNSIGNED (type0)
115	&& flag_isoc99)
116	{
117	tree x = fold_build2 (MINUS_EXPR, integer_type_node, precm1, op1);
118	tt = fold_convert_loc (loc, unsigned_type_for (type0), op0);
119	tt = fold_build2 (RSHIFT_EXPR, TREE_TYPE (tt), tt, x);
120	tt = fold_build2 (NE_EXPR, boolean_type_node, tt,
121	build_int_cst (TREE_TYPE (tt), 0));
122	}
123
124	/* For signed x << y, in C++11/C++14, the following:
125	x < 0 \|\| ((unsigned) x >> (precm1 - y))
126	if > 1, is undefined. */
127	if (code == LSHIFT_EXPR
128	&& !TYPE_UNSIGNED (TREE_TYPE (op0))
129	&& (cxx_dialect == cxx11 \|\| cxx_dialect == cxx1y))
130	{
131	tree x = fold_build2 (MINUS_EXPR, integer_type_node, precm1, op1);
132	tt = fold_convert_loc (loc, unsigned_type_for (type0), op0);
133	tt = fold_build2 (RSHIFT_EXPR, TREE_TYPE (tt), tt, x);
134	tt = fold_build2 (GT_EXPR, boolean_type_node, tt,
135	build_int_cst (TREE_TYPE (tt), 1));
136	x = fold_build2 (LT_EXPR, boolean_type_node, op0,
137	build_int_cst (type0, 0));
138	tt = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, x, tt);
139	}
140
141	/* In case we have a SAVE_EXPR in a conditional context, we need to
142	make sure it gets evaluated before the condition. */
143	t = fold_build2 (COMPOUND_EXPR, TREE_TYPE (t), op0, t);
144	tree data = ubsan_create_data ("__ubsan_shift_data",
145	loc, ubsan_type_descriptor (type0),
146	ubsan_type_descriptor (type1), NULL_TREE);
147
148	data = build_fold_addr_expr_loc (loc, data);
149
150	t = fold_build2 (TRUTH_OR_EXPR, boolean_type_node, t,
151	tt ? tt : integer_zero_node);
152	tt = builtin_decl_explicit (BUILT_IN_UBSAN_HANDLE_SHIFT_OUT_OF_BOUNDS);
153	tt = build_call_expr_loc (loc, tt, 3, data, ubsan_encode_value (op0),
154	ubsan_encode_value (op1));
155	t = fold_build3 (COND_EXPR, void_type_node, t, tt, void_zero_node);
156
157	return t;
158	}