]> git.ipfire.org Git - thirdparty/gcc.git/blob - gcc/tree-chkp.c
projects / thirdparty / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
* asan.c (handle_builtin_alloca): Deal with all alloca variants.
[thirdparty/gcc.git] / gcc / tree-chkp.c
1 /* Pointer Bounds Checker insrumentation pass.
2 Copyright (C) 2014-2017 Free Software Foundation, Inc.
3 Contributed by Ilya Enkovich (ilya.enkovich@intel.com)
4
5 This file is part of GCC.
6
7 GCC is free software; you can redistribute it and/or modify it under
8 the terms of the GNU General Public License as published by the Free
9 Software Foundation; either version 3, or (at your option) any later
10 version.
11
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with GCC; see the file COPYING3. If not see
19 <http://www.gnu.org/licenses/>. */
20
21 #include "config.h"
22 #include "system.h"
23 #include "coretypes.h"
24 #include "backend.h"
25 #include "target.h"
26 #include "rtl.h"
27 #include "tree.h"
28 #include "gimple.h"
29 #include "cfghooks.h"
30 #include "tree-pass.h"
31 #include "ssa.h"
32 #include "cgraph.h"
33 #include "diagnostic.h"
34 #include "fold-const.h"
35 #include "stor-layout.h"
36 #include "varasm.h"
37 #include "tree-iterator.h"
38 #include "tree-cfg.h"
39 #include "langhooks.h"
40 #include "tree-ssa-address.h"
41 #include "tree-ssa-loop-niter.h"
42 #include "gimple-pretty-print.h"
43 #include "gimple-iterator.h"
44 #include "gimplify.h"
45 #include "gimplify-me.h"
46 #include "print-tree.h"
47 #include "calls.h"
48 #include "expr.h"
49 #include "tree-ssa-propagate.h"
50 #include "tree-chkp.h"
51 #include "gimple-walk.h"
52 #include "tree-dfa.h"
53 #include "ipa-chkp.h"
54 #include "params.h"
55 #include "stringpool.h"
56 #include "attribs.h"
57
58 /* Pointer Bounds Checker instruments code with memory checks to find
59 out-of-bounds memory accesses. Checks are performed by computing
60 bounds for each pointer and then comparing address of accessed
61 memory before pointer dereferencing.
62
63 1. Function clones.
64
65 See ipa-chkp.c.
66
67 2. Instrumentation.
68
69 There are few things to instrument:
70
71 a) Memory accesses - add checker calls to check address of accessed memory
72 against bounds of dereferenced pointer. Obviously safe memory
73 accesses like static variable access does not have to be instrumented
74 with checks.
75
76 Example:
77
78 val_2 = *p_1;
79
80 with 4 bytes access is transformed into:
81
82 __builtin___chkp_bndcl (__bound_tmp.1_3, p_1);
83 D.1_4 = p_1 + 3;
84 __builtin___chkp_bndcu (__bound_tmp.1_3, D.1_4);
85 val_2 = *p_1;
86
87 where __bound_tmp.1_3 are bounds computed for pointer p_1,
88 __builtin___chkp_bndcl is a lower bound check and
89 __builtin___chkp_bndcu is an upper bound check.
90
91 b) Pointer stores.
92
93 When pointer is stored in memory we need to store its bounds. To
94 achieve compatibility of instrumented code with regular codes
95 we have to keep data layout and store bounds in special bound tables
96 via special checker call. Implementation of bounds table may vary for
97 different platforms. It has to associate pointer value and its
98 location (it is required because we may have two equal pointers
99 with different bounds stored in different places) with bounds.
100 Another checker builtin allows to get bounds for specified pointer
101 loaded from specified location.
102
103 Example:
104
105 buf1[i_1] = &buf2;
106
107 is transformed into:
108
109 buf1[i_1] = &buf2;
110 D.1_2 = &buf1[i_1];
111 __builtin___chkp_bndstx (D.1_2, &buf2, __bound_tmp.1_2);
112
113 where __bound_tmp.1_2 are bounds of &buf2.
114
115 c) Static initialization.
116
117 The special case of pointer store is static pointer initialization.
118 Bounds initialization is performed in a few steps:
119 - register all static initializations in front-end using
120 chkp_register_var_initializer
121 - when file compilation finishes we create functions with special
122 attribute 'chkp ctor' and put explicit initialization code
123 (assignments) for all statically initialized pointers.
124 - when checker constructor is compiled checker pass adds required
125 bounds initialization for all statically initialized pointers
126 - since we do not actually need excess pointers initialization
127 in checker constructor we remove such assignments from them
128
129 d) Calls.
130
131 For each call in the code we add additional arguments to pass
132 bounds for pointer arguments. We determine type of call arguments
133 using arguments list from function declaration; if function
134 declaration is not available we use function type; otherwise
135 (e.g. for unnamed arguments) we use type of passed value. Function
136 declaration/type is replaced with the instrumented one.
137
138 Example:
139
140 val_1 = foo (&buf1, &buf2, &buf1, 0);
141
142 is translated into:
143
144 val_1 = foo.chkp (&buf1, __bound_tmp.1_2, &buf2, __bound_tmp.1_3,
145 &buf1, __bound_tmp.1_2, 0);
146
147 e) Returns.
148
149 If function returns a pointer value we have to return bounds also.
150 A new operand was added for return statement to hold returned bounds.
151
152 Example:
153
154 return &_buf1;
155
156 is transformed into
157
158 return &_buf1, __bound_tmp.1_1;
159
160 3. Bounds computation.
161
162 Compiler is fully responsible for computing bounds to be used for each
163 memory access. The first step for bounds computation is to find the
164 origin of pointer dereferenced for memory access. Basing on pointer
165 origin we define a way to compute its bounds. There are just few
166 possible cases:
167
168 a) Pointer is returned by call.
169
170 In this case we use corresponding checker builtin method to obtain returned
171 bounds.
172
173 Example:
174
175 buf_1 = malloc (size_2);
176 foo (buf_1);
177
178 is translated into:
179
180 buf_1 = malloc (size_2);
181 __bound_tmp.1_3 = __builtin___chkp_bndret (buf_1);
182 foo (buf_1, __bound_tmp.1_3);
183
184 b) Pointer is an address of an object.
185
186 In this case compiler tries to compute objects size and create corresponding
187 bounds. If object has incomplete type then special checker builtin is used to
188 obtain its size at runtime.
189
190 Example:
191
192 foo ()
193 {
194 <unnamed type> __bound_tmp.3;
195 static int buf[100];
196
197 <bb 3>:
198 __bound_tmp.3_2 = __builtin___chkp_bndmk (&buf, 400);
199
200 <bb 2>:
201 return &buf, __bound_tmp.3_2;
202 }
203
204 Example:
205
206 Address of an object 'extern int buf[]' with incomplete type is
207 returned.
208
209 foo ()
210 {
211 <unnamed type> __bound_tmp.4;
212 long unsigned int __size_tmp.3;
213
214 <bb 3>:
215 __size_tmp.3_4 = __builtin_ia32_sizeof (buf);
216 __bound_tmp.4_3 = __builtin_ia32_bndmk (&buf, __size_tmp.3_4);
217
218 <bb 2>:
219 return &buf, __bound_tmp.4_3;
220 }
221
222 c) Pointer is the result of object narrowing.
223
224 It happens when we use pointer to an object to compute pointer to a part
225 of an object. E.g. we take pointer to a field of a structure. In this
226 case we perform bounds intersection using bounds of original object and
227 bounds of object's part (which are computed basing on its type).
228
229 There may be some debatable questions about when narrowing should occur
230 and when it should not. To avoid false bound violations in correct
231 programs we do not perform narrowing when address of an array element is
232 obtained (it has address of the whole array) and when address of the first
233 structure field is obtained (because it is guaranteed to be equal to
234 address of the whole structure and it is legal to cast it back to structure).
235
236 Default narrowing behavior may be changed using compiler flags.
237
238 Example:
239
240 In this example address of the second structure field is returned.
241
242 foo (struct A * p, __bounds_type __bounds_of_p)
243 {
244 <unnamed type> __bound_tmp.3;
245 int * _2;
246 int * _5;
247
248 <bb 2>:
249 _5 = &p_1(D)->second_field;
250 __bound_tmp.3_6 = __builtin___chkp_bndmk (_5, 4);
251 __bound_tmp.3_8 = __builtin___chkp_intersect (__bound_tmp.3_6,
252 __bounds_of_p_3(D));
253 _2 = &p_1(D)->second_field;
254 return _2, __bound_tmp.3_8;
255 }
256
257 Example:
258
259 In this example address of the first field of array element is returned.
260
261 foo (struct A * p, __bounds_type __bounds_of_p, int i)
262 {
263 long unsigned int _3;
264 long unsigned int _4;
265 struct A * _6;
266 int * _7;
267
268 <bb 2>:
269 _3 = (long unsigned int) i_1(D);
270 _4 = _3 * 8;
271 _6 = p_5(D) + _4;
272 _7 = &_6->first_field;
273 return _7, __bounds_of_p_2(D);
274 }
275
276
277 d) Pointer is the result of pointer arithmetic or type cast.
278
279 In this case bounds of the base pointer are used. In case of binary
280 operation producing a pointer we are analyzing data flow further
281 looking for operand's bounds. One operand is considered as a base
282 if it has some valid bounds. If we fall into a case when none of
283 operands (or both of them) has valid bounds, a default bounds value
284 is used.
285
286 Trying to find out bounds for binary operations we may fall into
287 cyclic dependencies for pointers. To avoid infinite recursion all
288 walked phi nodes instantly obtain corresponding bounds but created
289 bounds are marked as incomplete. It helps us to stop DF walk during
290 bounds search.
291
292 When we reach pointer source, some args of incomplete bounds phi obtain
293 valid bounds and those values are propagated further through phi nodes.
294 If no valid bounds were found for phi node then we mark its result as
295 invalid bounds. Process stops when all incomplete bounds become either
296 valid or invalid and we are able to choose a pointer base.
297
298 e) Pointer is loaded from the memory.
299
300 In this case we just need to load bounds from the bounds table.
301
302 Example:
303
304 foo ()
305 {
306 <unnamed type> __bound_tmp.3;
307 static int * buf;
308 int * _2;
309
310 <bb 2>:
311 _2 = buf;
312 __bound_tmp.3_4 = __builtin___chkp_bndldx (&buf, _2);
313 return _2, __bound_tmp.3_4;
314 }
315
316 */
317
318 typedef void (*assign_handler)(tree, tree, void *);
319
320 static tree chkp_get_zero_bounds ();
321 static tree chkp_find_bounds (tree ptr, gimple_stmt_iterator *iter);
322 static tree chkp_find_bounds_loaded (tree ptr, tree ptr_src,
323 gimple_stmt_iterator *iter);
324 static void chkp_parse_array_and_component_ref (tree node, tree *ptr,
325 tree *elt, bool *safe,
326 bool *bitfield,
327 tree *bounds,
328 gimple_stmt_iterator *iter,
329 bool innermost_bounds);
330 static void chkp_parse_bit_field_ref (tree node, location_t loc,
331 tree *offset, tree *size);
332 static tree
333 chkp_make_addressed_object_bounds (tree obj, gimple_stmt_iterator *iter);
334
335 #define chkp_bndldx_fndecl \
336 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDLDX))
337 #define chkp_bndstx_fndecl \
338 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDSTX))
339 #define chkp_checkl_fndecl \
340 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDCL))
341 #define chkp_checku_fndecl \
342 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDCU))
343 #define chkp_bndmk_fndecl \
344 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDMK))
345 #define chkp_ret_bnd_fndecl \
346 (targetm.builtin_chkp_function (BUILT_IN_CHKP_BNDRET))
347 #define chkp_intersect_fndecl \
348 (targetm.builtin_chkp_function (BUILT_IN_CHKP_INTERSECT))
349 #define chkp_narrow_bounds_fndecl \
350 (targetm.builtin_chkp_function (BUILT_IN_CHKP_NARROW))
351 #define chkp_sizeof_fndecl \
352 (targetm.builtin_chkp_function (BUILT_IN_CHKP_SIZEOF))
353 #define chkp_extract_lower_fndecl \
354 (targetm.builtin_chkp_function (BUILT_IN_CHKP_EXTRACT_LOWER))
355 #define chkp_extract_upper_fndecl \
356 (targetm.builtin_chkp_function (BUILT_IN_CHKP_EXTRACT_UPPER))
357
358 static GTY (()) tree chkp_uintptr_type;
359
360 static GTY (()) tree chkp_zero_bounds_var;
361 static GTY (()) tree chkp_none_bounds_var;
362
363 static GTY (()) basic_block entry_block;
364 static GTY (()) tree zero_bounds;
365 static GTY (()) tree none_bounds;
366 static GTY (()) tree incomplete_bounds;
367 static GTY (()) tree tmp_var;
368 static GTY (()) tree size_tmp_var;
369 static GTY (()) bitmap chkp_abnormal_copies;
370
371 struct hash_set<tree> *chkp_invalid_bounds;
372 struct hash_set<tree> *chkp_completed_bounds_set;
373 struct hash_map<tree, tree> *chkp_reg_bounds;
374 struct hash_map<tree, tree> *chkp_bound_vars;
375 struct hash_map<tree, tree> *chkp_reg_addr_bounds;
376 struct hash_map<tree, tree> *chkp_incomplete_bounds_map;
377 struct hash_map<tree, tree> *chkp_bounds_map;
378 struct hash_map<tree, tree> *chkp_static_var_bounds;
379
380 static bool in_chkp_pass;
381
382 #define CHKP_BOUND_TMP_NAME "__bound_tmp"
383 #define CHKP_SIZE_TMP_NAME "__size_tmp"
384 #define CHKP_BOUNDS_OF_SYMBOL_PREFIX "__chkp_bounds_of_"
385 #define CHKP_STRING_BOUNDS_PREFIX "__chkp_string_bounds_"
386 #define CHKP_VAR_BOUNDS_PREFIX "__chkp_var_bounds_"
387 #define CHKP_ZERO_BOUNDS_VAR_NAME "__chkp_zero_bounds"
388 #define CHKP_NONE_BOUNDS_VAR_NAME "__chkp_none_bounds"
389
390 /* Static checker constructors may become very large and their
391 compilation with optimization may take too much time.
392 Therefore we put a limit to number of statements in one
393 constructor. Tests with 100 000 statically initialized
394 pointers showed following compilation times on Sandy Bridge
395 server (used -O2):
396 limit 100 => ~18 sec.
397 limit 300 => ~22 sec.
398 limit 1000 => ~30 sec.
399 limit 3000 => ~49 sec.
400 limit 5000 => ~55 sec.
401 limit 10000 => ~76 sec.
402 limit 100000 => ~532 sec. */
403 #define MAX_STMTS_IN_STATIC_CHKP_CTOR (PARAM_VALUE (PARAM_CHKP_MAX_CTOR_SIZE))
404
405 struct chkp_ctor_stmt_list
406 {
407 tree stmts;
408 int avail;
409 };
410
411 /* Return 1 if function FNDECL is instrumented by Pointer
412 Bounds Checker. */
413 bool
414 chkp_function_instrumented_p (tree fndecl)
415 {
416 return fndecl
417 && lookup_attribute ("chkp instrumented", DECL_ATTRIBUTES (fndecl));
418 }
419
420 /* Mark function FNDECL as instrumented. */
421 void
422 chkp_function_mark_instrumented (tree fndecl)
423 {
424 if (chkp_function_instrumented_p (fndecl))
425 return;
426
427 DECL_ATTRIBUTES (fndecl)
428 = tree_cons (get_identifier ("chkp instrumented"), NULL,
429 DECL_ATTRIBUTES (fndecl));
430 }
431
432 /* Return true when STMT is builtin call to instrumentation function
433 corresponding to CODE. */
434
435 bool
436 chkp_gimple_call_builtin_p (gimple *call,
437 enum built_in_function code)
438 {
439 tree fndecl;
440 /* We are skipping the check for address-spaces, that's
441 why we don't use gimple_call_builtin_p directly here. */
442 if (is_gimple_call (call)
443 && (fndecl = gimple_call_fndecl (call)) != NULL
444 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_MD
445 && (fndecl = targetm.builtin_chkp_function (code))
446 && (DECL_FUNCTION_CODE (gimple_call_fndecl (call))
447 == DECL_FUNCTION_CODE (fndecl)))
448 return true;
449 return false;
450 }
451
452 /* Emit code to build zero bounds and return RTL holding
453 the result. */
454 rtx
455 chkp_expand_zero_bounds ()
456 {
457 tree zero_bnd;
458
459 if (flag_chkp_use_static_const_bounds)
460 zero_bnd = chkp_get_zero_bounds_var ();
461 else
462 zero_bnd = chkp_build_make_bounds_call (integer_zero_node,
463 integer_zero_node);
464 return expand_normal (zero_bnd);
465 }
466
467 /* Emit code to store zero bounds for PTR located at MEM. */
468 void
469 chkp_expand_bounds_reset_for_mem (tree mem, tree ptr)
470 {
471 tree zero_bnd, bnd, addr, bndstx;
472
473 if (flag_chkp_use_static_const_bounds)
474 zero_bnd = chkp_get_zero_bounds_var ();
475 else
476 zero_bnd = chkp_build_make_bounds_call (integer_zero_node,
477 integer_zero_node);
478 bnd = make_tree (pointer_bounds_type_node,
479 assign_temp (pointer_bounds_type_node, 0, 1));
480 addr = build1 (ADDR_EXPR,
481 build_pointer_type (TREE_TYPE (mem)), mem);
482 bndstx = chkp_build_bndstx_call (addr, ptr, bnd);
483
484 expand_assignment (bnd, zero_bnd, false);
485 expand_normal (bndstx);
486 }
487
488 /* Build retbnd call for returned value RETVAL.
489
490 If BNDVAL is not NULL then result is stored
491 in it. Otherwise a temporary is created to
492 hold returned value.
493
494 GSI points to a position for a retbnd call
495 and is set to created stmt.
496
497 Cgraph edge is created for a new call if
498 UPDATE_EDGE is 1.
499
500 Obtained bounds are returned. */
501 tree
502 chkp_insert_retbnd_call (tree bndval, tree retval,
503 gimple_stmt_iterator *gsi)
504 {
505 gimple *call;
506
507 if (!bndval)
508 bndval = create_tmp_reg (pointer_bounds_type_node, "retbnd");
509
510 call = gimple_build_call (chkp_ret_bnd_fndecl, 1, retval);
511 gimple_call_set_lhs (call, bndval);
512 gsi_insert_after (gsi, call, GSI_CONTINUE_LINKING);
513
514 return bndval;
515 }
516
517 /* Build a GIMPLE_CALL identical to CALL but skipping bounds
518 arguments. */
519
520 gcall *
521 chkp_copy_call_skip_bounds (gcall *call)
522 {
523 bitmap bounds;
524 unsigned i;
525
526 bitmap_obstack_initialize (NULL);
527 bounds = BITMAP_ALLOC (NULL);
528
529 for (i = 0; i < gimple_call_num_args (call); i++)
530 if (POINTER_BOUNDS_P (gimple_call_arg (call, i)))
531 bitmap_set_bit (bounds, i);
532
533 if (!bitmap_empty_p (bounds))
534 call = gimple_call_copy_skip_args (call, bounds);
535 gimple_call_set_with_bounds (call, false);
536
537 BITMAP_FREE (bounds);
538 bitmap_obstack_release (NULL);
539
540 return call;
541 }
542
543 /* Redirect edge E to the correct node according to call_stmt.
544 Return 1 if bounds removal from call_stmt should be done
545 instead of redirection. */
546
547 bool
548 chkp_redirect_edge (cgraph_edge *e)
549 {
550 bool instrumented = false;
551 tree decl = e->callee->decl;
552
553 if (e->callee->instrumentation_clone
554 || chkp_function_instrumented_p (decl))
555 instrumented = true;
556
557 if (instrumented
558 && !gimple_call_with_bounds_p (e->call_stmt))
559 e->redirect_callee (cgraph_node::get_create (e->callee->orig_decl));
560 else if (!instrumented
561 && gimple_call_with_bounds_p (e->call_stmt)
562 && !chkp_gimple_call_builtin_p (e->call_stmt, BUILT_IN_CHKP_BNDCL)
563 && !chkp_gimple_call_builtin_p (e->call_stmt, BUILT_IN_CHKP_BNDCU)
564 && !chkp_gimple_call_builtin_p (e->call_stmt, BUILT_IN_CHKP_BNDSTX))
565 {
566 if (e->callee->instrumented_version)
567 e->redirect_callee (e->callee->instrumented_version);
568 else
569 {
570 tree args = TYPE_ARG_TYPES (TREE_TYPE (decl));
571 /* Avoid bounds removal if all args will be removed. */
572 if (!args || TREE_VALUE (args) != void_type_node)
573 return true;
574 else
575 gimple_call_set_with_bounds (e->call_stmt, false);
576 }
577 }
578
579 return false;
580 }
581
582 /* Mark statement S to not be instrumented. */
583 static void
584 chkp_mark_stmt (gimple *s)
585 {
586 gimple_set_plf (s, GF_PLF_1, true);
587 }
588
589 /* Mark statement S to be instrumented. */
590 static void
591 chkp_unmark_stmt (gimple *s)
592 {
593 gimple_set_plf (s, GF_PLF_1, false);
594 }
595
596 /* Return 1 if statement S should not be instrumented. */
597 static bool
598 chkp_marked_stmt_p (gimple *s)
599 {
600 return gimple_plf (s, GF_PLF_1);
601 }
602
603 /* Get var to be used for bound temps. */
604 static tree
605 chkp_get_tmp_var (void)
606 {
607 if (!tmp_var)
608 tmp_var = create_tmp_reg (pointer_bounds_type_node, CHKP_BOUND_TMP_NAME);
609
610 return tmp_var;
611 }
612
613 /* Get SSA_NAME to be used as temp. */
614 static tree
615 chkp_get_tmp_reg (gimple *stmt)
616 {
617 if (in_chkp_pass)
618 return make_ssa_name (chkp_get_tmp_var (), stmt);
619
620 return make_temp_ssa_name (pointer_bounds_type_node, stmt,
621 CHKP_BOUND_TMP_NAME);
622 }
623
624 /* Get var to be used for size temps. */
625 static tree
626 chkp_get_size_tmp_var (void)
627 {
628 if (!size_tmp_var)
629 size_tmp_var = create_tmp_reg (chkp_uintptr_type, CHKP_SIZE_TMP_NAME);
630
631 return size_tmp_var;
632 }
633
634 /* Register bounds BND for address of OBJ. */
635 static void
636 chkp_register_addr_bounds (tree obj, tree bnd)
637 {
638 if (bnd == incomplete_bounds)
639 return;
640
641 chkp_reg_addr_bounds->put (obj, bnd);
642
643 if (dump_file && (dump_flags & TDF_DETAILS))
644 {
645 fprintf (dump_file, "Regsitered bound ");
646 print_generic_expr (dump_file, bnd);
647 fprintf (dump_file, " for address of ");
648 print_generic_expr (dump_file, obj);
649 fprintf (dump_file, "\n");
650 }
651 }
652
653 /* Return bounds registered for address of OBJ. */
654 static tree
655 chkp_get_registered_addr_bounds (tree obj)
656 {
657 tree *slot = chkp_reg_addr_bounds->get (obj);
658 return slot ? *slot : NULL_TREE;
659 }
660
661 /* Mark BOUNDS as completed. */
662 static void
663 chkp_mark_completed_bounds (tree bounds)
664 {
665 chkp_completed_bounds_set->add (bounds);
666
667 if (dump_file && (dump_flags & TDF_DETAILS))
668 {
669 fprintf (dump_file, "Marked bounds ");
670 print_generic_expr (dump_file, bounds);
671 fprintf (dump_file, " as completed\n");
672 }
673 }
674
675 /* Return 1 if BOUNDS were marked as completed and 0 otherwise. */
676 static bool
677 chkp_completed_bounds (tree bounds)
678 {
679 return chkp_completed_bounds_set->contains (bounds);
680 }
681
682 /* Clear comleted bound marks. */
683 static void
684 chkp_erase_completed_bounds (void)
685 {
686 delete chkp_completed_bounds_set;
687 chkp_completed_bounds_set = new hash_set<tree>;
688 }
689
690 /* This function is used to provide a base address for
691 chkp_get_hard_register_fake_addr_expr. */
692 static tree
693 chkp_get_hard_register_var_fake_base_address ()
694 {
695 int prec = TYPE_PRECISION (ptr_type_node);
696 return wide_int_to_tree (ptr_type_node, wi::min_value (prec, SIGNED));
697 }
698
699 /* If we check bounds for a hard register variable, we cannot
700 use its address - it is illegal, so instead of that we use
701 this fake value. */
702 static tree
703 chkp_get_hard_register_fake_addr_expr (tree obj)
704 {
705 tree addr = chkp_get_hard_register_var_fake_base_address ();
706 tree outer = obj;
707 while (TREE_CODE (outer) == COMPONENT_REF || TREE_CODE (outer) == ARRAY_REF)
708 {
709 if (TREE_CODE (outer) == COMPONENT_REF)
710 {
711 addr = fold_build_pointer_plus (addr,
712 component_ref_field_offset (outer));
713 outer = TREE_OPERAND (outer, 0);
714 }
715 else if (TREE_CODE (outer) == ARRAY_REF)
716 {
717 tree indx = fold_convert(size_type_node, TREE_OPERAND(outer, 1));
718 tree offset = size_binop (MULT_EXPR,
719 array_ref_element_size (outer), indx);
720 addr = fold_build_pointer_plus (addr, offset);
721 outer = TREE_OPERAND (outer, 0);
722 }
723 }
724
725 return addr;
726 }
727
728 /* Mark BOUNDS associated with PTR as incomplete. */
729 static void
730 chkp_register_incomplete_bounds (tree bounds, tree ptr)
731 {
732 chkp_incomplete_bounds_map->put (bounds, ptr);
733
734 if (dump_file && (dump_flags & TDF_DETAILS))
735 {
736 fprintf (dump_file, "Regsitered incomplete bounds ");
737 print_generic_expr (dump_file, bounds);
738 fprintf (dump_file, " for ");
739 print_generic_expr (dump_file, ptr);
740 fprintf (dump_file, "\n");
741 }
742 }
743
744 /* Return 1 if BOUNDS are incomplete and 0 otherwise. */
745 static bool
746 chkp_incomplete_bounds (tree bounds)
747 {
748 if (bounds == incomplete_bounds)
749 return true;
750
751 if (chkp_completed_bounds (bounds))
752 return false;
753
754 return chkp_incomplete_bounds_map->get (bounds) != NULL;
755 }
756
757 /* Clear incomleted bound marks. */
758 static void
759 chkp_erase_incomplete_bounds (void)
760 {
761 delete chkp_incomplete_bounds_map;
762 chkp_incomplete_bounds_map = new hash_map<tree, tree>;
763 }
764
765 /* Build and return bndmk call which creates bounds for structure
766 pointed by PTR. Structure should have complete type. */
767 tree
768 chkp_make_bounds_for_struct_addr (tree ptr)
769 {
770 tree type = TREE_TYPE (ptr);
771 tree size;
772
773 gcc_assert (POINTER_TYPE_P (type));
774
775 size = TYPE_SIZE (TREE_TYPE (type));
776
777 gcc_assert (size);
778
779 return build_call_nary (pointer_bounds_type_node,
780 build_fold_addr_expr (chkp_bndmk_fndecl),
781 2, ptr, size);
782 }
783
784 /* Traversal function for chkp_may_finish_incomplete_bounds.
785 Set RES to 0 if at least one argument of phi statement
786 defining bounds (passed in KEY arg) is unknown.
787 Traversal stops when first unknown phi argument is found. */
788 bool
789 chkp_may_complete_phi_bounds (tree const &bounds, tree *slot ATTRIBUTE_UNUSED,
790 bool *res)
791 {
792 gimple *phi;
793 unsigned i;
794
795 gcc_assert (TREE_CODE (bounds) == SSA_NAME);
796
797 phi = SSA_NAME_DEF_STMT (bounds);
798
799 gcc_assert (phi && gimple_code (phi) == GIMPLE_PHI);
800
801 for (i = 0; i < gimple_phi_num_args (phi); i++)
802 {
803 tree phi_arg = gimple_phi_arg_def (phi, i);
804 if (!phi_arg)
805 {
806 *res = false;
807 /* Do not need to traverse further. */
808 return false;
809 }
810 }
811
812 return true;
813 }
814
815 /* Return 1 if all phi nodes created for bounds have their
816 arguments computed. */
817 static bool
818 chkp_may_finish_incomplete_bounds (void)
819 {
820 bool res = true;
821
822 chkp_incomplete_bounds_map
823 ->traverse<bool *, chkp_may_complete_phi_bounds> (&res);
824
825 return res;
826 }
827
828 /* Helper function for chkp_finish_incomplete_bounds.
829 Recompute args for bounds phi node. */
830 bool
831 chkp_recompute_phi_bounds (tree const &bounds, tree *slot,
832 void *res ATTRIBUTE_UNUSED)
833 {
834 tree ptr = *slot;
835 gphi *bounds_phi;
836 gphi *ptr_phi;
837 unsigned i;
838
839 gcc_assert (TREE_CODE (bounds) == SSA_NAME);
840 gcc_assert (TREE_CODE (ptr) == SSA_NAME);
841
842 bounds_phi = as_a <gphi *> (SSA_NAME_DEF_STMT (bounds));
843 ptr_phi = as_a <gphi *> (SSA_NAME_DEF_STMT (ptr));
844
845 for (i = 0; i < gimple_phi_num_args (bounds_phi); i++)
846 {
847 tree ptr_arg = gimple_phi_arg_def (ptr_phi, i);
848 tree bound_arg = chkp_find_bounds (ptr_arg, NULL);
849
850 add_phi_arg (bounds_phi, bound_arg,
851 gimple_phi_arg_edge (ptr_phi, i),
852 UNKNOWN_LOCATION);
853 }
854
855 return true;
856 }
857
858 /* Mark BOUNDS as invalid. */
859 static void
860 chkp_mark_invalid_bounds (tree bounds)
861 {
862 chkp_invalid_bounds->add (bounds);
863
864 if (dump_file && (dump_flags & TDF_DETAILS))
865 {
866 fprintf (dump_file, "Marked bounds ");
867 print_generic_expr (dump_file, bounds);
868 fprintf (dump_file, " as invalid\n");
869 }
870 }
871
872 /* Return 1 if BOUNDS were marked as invalid and 0 otherwise. */
873 static bool
874 chkp_valid_bounds (tree bounds)
875 {
876 if (bounds == zero_bounds || bounds == none_bounds)
877 return false;
878
879 return !chkp_invalid_bounds->contains (bounds);
880 }
881
882 /* Helper function for chkp_finish_incomplete_bounds.
883 Check all arguments of phi nodes trying to find
884 valid completed bounds. If there is at least one
885 such arg then bounds produced by phi node are marked
886 as valid completed bounds and all phi args are
887 recomputed. */
888 bool
889 chkp_find_valid_phi_bounds (tree const &bounds, tree *slot, bool *res)
890 {
891 gimple *phi;
892 unsigned i;
893
894 gcc_assert (TREE_CODE (bounds) == SSA_NAME);
895
896 if (chkp_completed_bounds (bounds))
897 return true;
898
899 phi = SSA_NAME_DEF_STMT (bounds);
900
901 gcc_assert (phi && gimple_code (phi) == GIMPLE_PHI);
902
903 for (i = 0; i < gimple_phi_num_args (phi); i++)
904 {
905 tree phi_arg = gimple_phi_arg_def (phi, i);
906
907 gcc_assert (phi_arg);
908
909 if (chkp_valid_bounds (phi_arg) && !chkp_incomplete_bounds (phi_arg))
910 {
911 *res = true;
912 chkp_mark_completed_bounds (bounds);
913 chkp_recompute_phi_bounds (bounds, slot, NULL);
914 return true;
915 }
916 }
917
918 return true;
919 }
920
921 /* Helper function for chkp_finish_incomplete_bounds.
922 Marks all incompleted bounds as invalid. */
923 bool
924 chkp_mark_invalid_bounds_walker (tree const &bounds,
925 tree *slot ATTRIBUTE_UNUSED,
926 void *res ATTRIBUTE_UNUSED)
927 {
928 if (!chkp_completed_bounds (bounds))
929 {
930 chkp_mark_invalid_bounds (bounds);
931 chkp_mark_completed_bounds (bounds);
932 }
933 return true;
934 }
935
936 /* When all bound phi nodes have all their args computed
937 we have enough info to find valid bounds. We iterate
938 through all incompleted bounds searching for valid
939 bounds. Found valid bounds are marked as completed
940 and all remaining incompleted bounds are recomputed.
941 Process continues until no new valid bounds may be
942 found. All remained incompleted bounds are marked as
943 invalid (i.e. have no valid source of bounds). */
944 static void
945 chkp_finish_incomplete_bounds (void)
946 {
947 bool found_valid = true;
948
949 while (found_valid)
950 {
951 found_valid = false;
952
953 chkp_incomplete_bounds_map->
954 traverse<bool *, chkp_find_valid_phi_bounds> (&found_valid);
955
956 if (found_valid)
957 chkp_incomplete_bounds_map->
958 traverse<void *, chkp_recompute_phi_bounds> (NULL);
959 }
960
961 chkp_incomplete_bounds_map->
962 traverse<void *, chkp_mark_invalid_bounds_walker> (NULL);
963 chkp_incomplete_bounds_map->
964 traverse<void *, chkp_recompute_phi_bounds> (NULL);
965
966 chkp_erase_completed_bounds ();
967 chkp_erase_incomplete_bounds ();
968 }
969
970 /* Return 1 if type TYPE is a pointer type or a
971 structure having a pointer type as one of its fields.
972 Otherwise return 0. */
973 bool
974 chkp_type_has_pointer (const_tree type)
975 {
976 bool res = false;
977
978 if (BOUNDED_TYPE_P (type))
979 res = true;
980 else if (RECORD_OR_UNION_TYPE_P (type))
981 {
982 tree field;
983
984 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
985 if (TREE_CODE (field) == FIELD_DECL)
986 res = res || chkp_type_has_pointer (TREE_TYPE (field));
987 }
988 else if (TREE_CODE (type) == ARRAY_TYPE)
989 res = chkp_type_has_pointer (TREE_TYPE (type));
990
991 return res;
992 }
993
994 unsigned
995 chkp_type_bounds_count (const_tree type)
996 {
997 unsigned res = 0;
998
999 if (!type)
1000 res = 0;
1001 else if (BOUNDED_TYPE_P (type))
1002 res = 1;
1003 else if (RECORD_OR_UNION_TYPE_P (type))
1004 {
1005 bitmap have_bound;
1006
1007 bitmap_obstack_initialize (NULL);
1008 have_bound = BITMAP_ALLOC (NULL);
1009 chkp_find_bound_slots (type, have_bound);
1010 res = bitmap_count_bits (have_bound);
1011 BITMAP_FREE (have_bound);
1012 bitmap_obstack_release (NULL);
1013 }
1014
1015 return res;
1016 }
1017
1018 /* Get bounds associated with NODE via
1019 chkp_set_bounds call. */
1020 tree
1021 chkp_get_bounds (tree node)
1022 {
1023 tree *slot;
1024
1025 if (!chkp_bounds_map)
1026 return NULL_TREE;
1027
1028 slot = chkp_bounds_map->get (node);
1029 return slot ? *slot : NULL_TREE;
1030 }
1031
1032 /* Associate bounds VAL with NODE. */
1033 void
1034 chkp_set_bounds (tree node, tree val)
1035 {
1036 if (!chkp_bounds_map)
1037 chkp_bounds_map = new hash_map<tree, tree>;
1038
1039 chkp_bounds_map->put (node, val);
1040 }
1041
1042 /* Check if statically initialized variable VAR require
1043 static bounds initialization. If VAR is added into
1044 bounds initlization list then 1 is returned. Otherwise
1045 return 0. */
1046 extern bool
1047 chkp_register_var_initializer (tree var)
1048 {
1049 if (!flag_check_pointer_bounds
1050 || DECL_INITIAL (var) == error_mark_node)
1051 return false;
1052
1053 gcc_assert (VAR_P (var));
1054 gcc_assert (DECL_INITIAL (var));
1055
1056 if (TREE_STATIC (var)
1057 && chkp_type_has_pointer (TREE_TYPE (var)))
1058 {
1059 varpool_node::get_create (var)->need_bounds_init = 1;
1060 return true;
1061 }
1062
1063 return false;
1064 }
1065
1066 /* Helper function for chkp_finish_file.
1067
1068 Add new modification statement (RHS is assigned to LHS)
1069 into list of static initializer statementes (passed in ARG).
1070 If statements list becomes too big, emit checker constructor
1071 and start the new one. */
1072 static void
1073 chkp_add_modification_to_stmt_list (tree lhs,
1074 tree rhs,
1075 void *arg)
1076 {
1077 struct chkp_ctor_stmt_list *stmts = (struct chkp_ctor_stmt_list *)arg;
1078 tree modify;
1079
1080 if (!useless_type_conversion_p (TREE_TYPE (lhs), TREE_TYPE (rhs)))
1081 rhs = build1 (CONVERT_EXPR, TREE_TYPE (lhs), rhs);
1082
1083 modify = build2 (MODIFY_EXPR, TREE_TYPE (lhs), lhs, rhs);
1084 append_to_statement_list (modify, &stmts->stmts);
1085
1086 stmts->avail--;
1087 }
1088
1089 /* Build and return ADDR_EXPR for specified object OBJ. */
1090 static tree
1091 chkp_build_addr_expr (tree obj)
1092 {
1093 /* We first check whether it is a "hard reg case". */
1094 tree base = get_base_address (obj);
1095 if (VAR_P (base) && DECL_HARD_REGISTER (base))
1096 return chkp_get_hard_register_fake_addr_expr (obj);
1097
1098 /* If not - return regular ADDR_EXPR. */
1099 return TREE_CODE (obj) == TARGET_MEM_REF
1100 ? tree_mem_ref_addr (ptr_type_node, obj)
1101 : build_fold_addr_expr (obj);
1102 }
1103
1104 /* Helper function for chkp_finish_file.
1105 Initialize bound variable BND_VAR with bounds of variable
1106 VAR to statements list STMTS. If statements list becomes
1107 too big, emit checker constructor and start the new one. */
1108 static void
1109 chkp_output_static_bounds (tree bnd_var, tree var,
1110 struct chkp_ctor_stmt_list *stmts)
1111 {
1112 tree lb, ub, size;
1113
1114 if (TREE_CODE (var) == STRING_CST)
1115 {
1116 lb = build1 (CONVERT_EXPR, size_type_node, chkp_build_addr_expr (var));
1117 size = build_int_cst (size_type_node, TREE_STRING_LENGTH (var) - 1);
1118 }
1119 else if (DECL_SIZE (var)
1120 && !chkp_variable_size_type (TREE_TYPE (var)))
1121 {
1122 /* Compute bounds using statically known size. */
1123 lb = build1 (CONVERT_EXPR, size_type_node, chkp_build_addr_expr (var));
1124 size = size_binop (MINUS_EXPR, DECL_SIZE_UNIT (var), size_one_node);
1125 }
1126 else
1127 {
1128 /* Compute bounds using dynamic size. */
1129 tree call;
1130
1131 lb = build1 (CONVERT_EXPR, size_type_node, chkp_build_addr_expr (var));
1132 call = build1 (ADDR_EXPR,
1133 build_pointer_type (TREE_TYPE (chkp_sizeof_fndecl)),
1134 chkp_sizeof_fndecl);
1135 size = build_call_nary (TREE_TYPE (TREE_TYPE (chkp_sizeof_fndecl)),
1136 call, 1, var);
1137
1138 if (flag_chkp_zero_dynamic_size_as_infinite)
1139 {
1140 tree max_size, cond;
1141
1142 max_size = build2 (MINUS_EXPR, size_type_node, size_zero_node, lb);
1143 cond = build2 (NE_EXPR, boolean_type_node, size, size_zero_node);
1144 size = build3 (COND_EXPR, size_type_node, cond, size, max_size);
1145 }
1146
1147 size = size_binop (MINUS_EXPR, size, size_one_node);
1148 }
1149
1150 ub = size_binop (PLUS_EXPR, lb, size);
1151 stmts->avail -= targetm.chkp_initialize_bounds (bnd_var, lb, ub,
1152 &stmts->stmts);
1153 if (stmts->avail <= 0)
1154 {
1155 cgraph_build_static_cdtor ('B', stmts->stmts,
1156 MAX_RESERVED_INIT_PRIORITY + 2);
1157 stmts->avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
1158 stmts->stmts = NULL;
1159 }
1160 }
1161
1162 /* Return entry block to be used for checker initilization code.
1163 Create new block if required. */
1164 static basic_block
1165 chkp_get_entry_block (void)
1166 {
1167 if (!entry_block)
1168 entry_block
1169 = split_block_after_labels (ENTRY_BLOCK_PTR_FOR_FN (cfun))->dest;
1170
1171 return entry_block;
1172 }
1173
1174 /* Return a bounds var to be used for pointer var PTR_VAR. */
1175 static tree
1176 chkp_get_bounds_var (tree ptr_var)
1177 {
1178 tree bnd_var;
1179 tree *slot;
1180
1181 slot = chkp_bound_vars->get (ptr_var);
1182 if (slot)
1183 bnd_var = *slot;
1184 else
1185 {
1186 bnd_var = create_tmp_reg (pointer_bounds_type_node,
1187 CHKP_BOUND_TMP_NAME);
1188 chkp_bound_vars->put (ptr_var, bnd_var);
1189 }
1190
1191 return bnd_var;
1192 }
1193
1194 /* If BND is an abnormal bounds copy, return a copied value.
1195 Otherwise return BND. */
1196 static tree
1197 chkp_get_orginal_bounds_for_abnormal_copy (tree bnd)
1198 {
1199 if (bitmap_bit_p (chkp_abnormal_copies, SSA_NAME_VERSION (bnd)))
1200 {
1201 gimple *bnd_def = SSA_NAME_DEF_STMT (bnd);
1202 gcc_checking_assert (gimple_code (bnd_def) == GIMPLE_ASSIGN);
1203 bnd = gimple_assign_rhs1 (bnd_def);
1204 }
1205
1206 return bnd;
1207 }
1208
1209 /* Register bounds BND for object PTR in global bounds table.
1210 A copy of bounds may be created for abnormal ssa names.
1211 Returns bounds to use for PTR. */
1212 static tree
1213 chkp_maybe_copy_and_register_bounds (tree ptr, tree bnd)
1214 {
1215 bool abnormal_ptr;
1216
1217 if (!chkp_reg_bounds)
1218 return bnd;
1219
1220 /* Do nothing if bounds are incomplete_bounds
1221 because it means bounds will be recomputed. */
1222 if (bnd == incomplete_bounds)
1223 return bnd;
1224
1225 abnormal_ptr = (TREE_CODE (ptr) == SSA_NAME
1226 && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (ptr)
1227 && gimple_code (SSA_NAME_DEF_STMT (ptr)) != GIMPLE_PHI);
1228
1229 /* A single bounds value may be reused multiple times for
1230 different pointer values. It may cause coalescing issues
1231 for abnormal SSA names. To avoid it we create a bounds
1232 copy in case it is computed for abnormal SSA name.
1233
1234 We also cannot reuse such created copies for other pointers */
1235 if (abnormal_ptr
1236 || bitmap_bit_p (chkp_abnormal_copies, SSA_NAME_VERSION (bnd)))
1237 {
1238 tree bnd_var = NULL_TREE;
1239
1240 if (abnormal_ptr)
1241 {
1242 if (SSA_NAME_VAR (ptr))
1243 bnd_var = chkp_get_bounds_var (SSA_NAME_VAR (ptr));
1244 }
1245 else
1246 bnd_var = chkp_get_tmp_var ();
1247
1248 /* For abnormal copies we may just find original
1249 bounds and use them. */
1250 if (!abnormal_ptr && !SSA_NAME_IS_DEFAULT_DEF (bnd))
1251 bnd = chkp_get_orginal_bounds_for_abnormal_copy (bnd);
1252 /* For undefined values we usually use none bounds
1253 value but in case of abnormal edge it may cause
1254 coalescing failures. Use default definition of
1255 bounds variable instead to avoid it. */
1256 else if (SSA_NAME_IS_DEFAULT_DEF (ptr)
1257 && TREE_CODE (SSA_NAME_VAR (ptr)) != PARM_DECL)
1258 {
1259 bnd = get_or_create_ssa_default_def (cfun, bnd_var);
1260
1261 if (dump_file && (dump_flags & TDF_DETAILS))
1262 {
1263 fprintf (dump_file, "Using default def bounds ");
1264 print_generic_expr (dump_file, bnd);
1265 fprintf (dump_file, " for abnormal default def SSA name ");
1266 print_generic_expr (dump_file, ptr);
1267 fprintf (dump_file, "\n");
1268 }
1269 }
1270 else
1271 {
1272 tree copy;
1273 gimple *def = SSA_NAME_DEF_STMT (ptr);
1274 gimple *assign;
1275 gimple_stmt_iterator gsi;
1276
1277 if (bnd_var)
1278 copy = make_ssa_name (bnd_var);
1279 else
1280 copy = make_temp_ssa_name (pointer_bounds_type_node,
1281 NULL,
1282 CHKP_BOUND_TMP_NAME);
1283 bnd = chkp_get_orginal_bounds_for_abnormal_copy (bnd);
1284 assign = gimple_build_assign (copy, bnd);
1285
1286 if (dump_file && (dump_flags & TDF_DETAILS))
1287 {
1288 fprintf (dump_file, "Creating a copy of bounds ");
1289 print_generic_expr (dump_file, bnd);
1290 fprintf (dump_file, " for abnormal SSA name ");
1291 print_generic_expr (dump_file, ptr);
1292 fprintf (dump_file, "\n");
1293 }
1294
1295 if (gimple_code (def) == GIMPLE_NOP)
1296 {
1297 gsi = gsi_last_bb (chkp_get_entry_block ());
1298 if (!gsi_end_p (gsi) && is_ctrl_stmt (gsi_stmt (gsi)))
1299 gsi_insert_before (&gsi, assign, GSI_CONTINUE_LINKING);
1300 else
1301 gsi_insert_after (&gsi, assign, GSI_CONTINUE_LINKING);
1302 }
1303 else
1304 {
1305 gimple *bnd_def = SSA_NAME_DEF_STMT (bnd);
1306 /* Sometimes (e.g. when we load a pointer from a
1307 memory) bounds are produced later than a pointer.
1308 We need to insert bounds copy appropriately. */
1309 if (gimple_code (bnd_def) != GIMPLE_NOP
1310 && stmt_dominates_stmt_p (def, bnd_def))
1311 gsi = gsi_for_stmt (bnd_def);
1312 else
1313 gsi = gsi_for_stmt (def);
1314 gsi_insert_after (&gsi, assign, GSI_CONTINUE_LINKING);
1315 }
1316
1317 bnd = copy;
1318 }
1319
1320 if (abnormal_ptr)
1321 bitmap_set_bit (chkp_abnormal_copies, SSA_NAME_VERSION (bnd));
1322 }
1323
1324 chkp_reg_bounds->put (ptr, bnd);
1325
1326 if (dump_file && (dump_flags & TDF_DETAILS))
1327 {
1328 fprintf (dump_file, "Regsitered bound ");
1329 print_generic_expr (dump_file, bnd);
1330 fprintf (dump_file, " for pointer ");
1331 print_generic_expr (dump_file, ptr);
1332 fprintf (dump_file, "\n");
1333 }
1334
1335 return bnd;
1336 }
1337
1338 /* Get bounds registered for object PTR in global bounds table. */
1339 static tree
1340 chkp_get_registered_bounds (tree ptr)
1341 {
1342 tree *slot;
1343
1344 if (!chkp_reg_bounds)
1345 return NULL_TREE;
1346
1347 slot = chkp_reg_bounds->get (ptr);
1348 return slot ? *slot : NULL_TREE;
1349 }
1350
1351 /* Add bound retvals to return statement pointed by GSI. */
1352
1353 static void
1354 chkp_add_bounds_to_ret_stmt (gimple_stmt_iterator *gsi)
1355 {
1356 greturn *ret = as_a <greturn *> (gsi_stmt (*gsi));
1357 tree retval = gimple_return_retval (ret);
1358 tree ret_decl = DECL_RESULT (cfun->decl);
1359 tree bounds;
1360
1361 if (!retval)
1362 return;
1363
1364 if (BOUNDED_P (ret_decl))
1365 {
1366 bounds = chkp_find_bounds (retval, gsi);
1367 bounds = chkp_maybe_copy_and_register_bounds (ret_decl, bounds);
1368 gimple_return_set_retbnd (ret, bounds);
1369 }
1370
1371 update_stmt (ret);
1372 }
1373
1374 /* Force OP to be suitable for using as an argument for call.
1375 New statements (if any) go to SEQ. */
1376 static tree
1377 chkp_force_gimple_call_op (tree op, gimple_seq *seq)
1378 {
1379 gimple_seq stmts;
1380 gimple_stmt_iterator si;
1381
1382 op = force_gimple_operand (unshare_expr (op), &stmts, true, NULL_TREE);
1383
1384 for (si = gsi_start (stmts); !gsi_end_p (si); gsi_next (&si))
1385 chkp_mark_stmt (gsi_stmt (si));
1386
1387 gimple_seq_add_seq (seq, stmts);
1388
1389 return op;
1390 }
1391
1392 /* Generate lower bound check for memory access by ADDR.
1393 Check is inserted before the position pointed by ITER.
1394 DIRFLAG indicates whether memory access is load or store. */
1395 static void
1396 chkp_check_lower (tree addr, tree bounds,
1397 gimple_stmt_iterator iter,
1398 location_t location,
1399 tree dirflag)
1400 {
1401 gimple_seq seq;
1402 gimple *check;
1403 tree node;
1404
1405 if (!chkp_function_instrumented_p (current_function_decl)
1406 && bounds == chkp_get_zero_bounds ())
1407 return;
1408
1409 if (dirflag == integer_zero_node
1410 && !flag_chkp_check_read)
1411 return;
1412
1413 if (dirflag == integer_one_node
1414 && !flag_chkp_check_write)
1415 return;
1416
1417 seq = NULL;
1418
1419 node = chkp_force_gimple_call_op (addr, &seq);
1420
1421 check = gimple_build_call (chkp_checkl_fndecl, 2, node, bounds);
1422 chkp_mark_stmt (check);
1423 gimple_call_set_with_bounds (check, true);
1424 gimple_set_location (check, location);
1425 gimple_seq_add_stmt (&seq, check);
1426
1427 gsi_insert_seq_before (&iter, seq, GSI_SAME_STMT);
1428
1429 if (dump_file && (dump_flags & TDF_DETAILS))
1430 {
1431 gimple *before = gsi_stmt (iter);
1432 fprintf (dump_file, "Generated lower bound check for statement ");
1433 print_gimple_stmt (dump_file, before, 0, TDF_VOPS|TDF_MEMSYMS);
1434 fprintf (dump_file, " ");
1435 print_gimple_stmt (dump_file, check, 0, TDF_VOPS|TDF_MEMSYMS);
1436 }
1437 }
1438
1439 /* Generate upper bound check for memory access by ADDR.
1440 Check is inserted before the position pointed by ITER.
1441 DIRFLAG indicates whether memory access is load or store. */
1442 static void
1443 chkp_check_upper (tree addr, tree bounds,
1444 gimple_stmt_iterator iter,
1445 location_t location,
1446 tree dirflag)
1447 {
1448 gimple_seq seq;
1449 gimple *check;
1450 tree node;
1451
1452 if (!chkp_function_instrumented_p (current_function_decl)
1453 && bounds == chkp_get_zero_bounds ())
1454 return;
1455
1456 if (dirflag == integer_zero_node
1457 && !flag_chkp_check_read)
1458 return;
1459
1460 if (dirflag == integer_one_node
1461 && !flag_chkp_check_write)
1462 return;
1463
1464 seq = NULL;
1465
1466 node = chkp_force_gimple_call_op (addr, &seq);
1467
1468 check = gimple_build_call (chkp_checku_fndecl, 2, node, bounds);
1469 chkp_mark_stmt (check);
1470 gimple_call_set_with_bounds (check, true);
1471 gimple_set_location (check, location);
1472 gimple_seq_add_stmt (&seq, check);
1473
1474 gsi_insert_seq_before (&iter, seq, GSI_SAME_STMT);
1475
1476 if (dump_file && (dump_flags & TDF_DETAILS))
1477 {
1478 gimple *before = gsi_stmt (iter);
1479 fprintf (dump_file, "Generated upper bound check for statement ");
1480 print_gimple_stmt (dump_file, before, 0, TDF_VOPS|TDF_MEMSYMS);
1481 fprintf (dump_file, " ");
1482 print_gimple_stmt (dump_file, check, 0, TDF_VOPS|TDF_MEMSYMS);
1483 }
1484 }
1485
1486 /* Generate lower and upper bound checks for memory access
1487 to memory slot [FIRST, LAST] againsr BOUNDS. Checks
1488 are inserted before the position pointed by ITER.
1489 DIRFLAG indicates whether memory access is load or store. */
1490 void
1491 chkp_check_mem_access (tree first, tree last, tree bounds,
1492 gimple_stmt_iterator iter,
1493 location_t location,
1494 tree dirflag)
1495 {
1496 chkp_check_lower (first, bounds, iter, location, dirflag);
1497 chkp_check_upper (last, bounds, iter, location, dirflag);
1498 }
1499
1500 /* Replace call to _bnd_chk_* pointed by GSI with
1501 bndcu and bndcl calls. DIRFLAG determines whether
1502 check is for read or write. */
1503
1504 void
1505 chkp_replace_address_check_builtin (gimple_stmt_iterator *gsi,
1506 tree dirflag)
1507 {
1508 gimple_stmt_iterator call_iter = *gsi;
1509 gimple *call = gsi_stmt (*gsi);
1510 tree fndecl = gimple_call_fndecl (call);
1511 tree addr = gimple_call_arg (call, 0);
1512 tree bounds = chkp_find_bounds (addr, gsi);
1513
1514 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_LBOUNDS
1515 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_BOUNDS)
1516 chkp_check_lower (addr, bounds, *gsi, gimple_location (call), dirflag);
1517
1518 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_UBOUNDS)
1519 chkp_check_upper (addr, bounds, *gsi, gimple_location (call), dirflag);
1520
1521 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_BOUNDS)
1522 {
1523 tree size = gimple_call_arg (call, 1);
1524 addr = fold_build_pointer_plus (addr, size);
1525 addr = fold_build_pointer_plus_hwi (addr, -1);
1526 chkp_check_upper (addr, bounds, *gsi, gimple_location (call), dirflag);
1527 }
1528
1529 gsi_remove (&call_iter, true);
1530 }
1531
1532 /* Replace call to _bnd_get_ptr_* pointed by GSI with
1533 corresponding bounds extract call. */
1534
1535 void
1536 chkp_replace_extract_builtin (gimple_stmt_iterator *gsi)
1537 {
1538 gimple *call = gsi_stmt (*gsi);
1539 tree fndecl = gimple_call_fndecl (call);
1540 tree addr = gimple_call_arg (call, 0);
1541 tree bounds = chkp_find_bounds (addr, gsi);
1542 gimple *extract;
1543
1544 if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_LBOUND)
1545 fndecl = chkp_extract_lower_fndecl;
1546 else if (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_UBOUND)
1547 fndecl = chkp_extract_upper_fndecl;
1548 else
1549 gcc_unreachable ();
1550
1551 extract = gimple_build_call (fndecl, 1, bounds);
1552 gimple_call_set_lhs (extract, gimple_call_lhs (call));
1553 chkp_mark_stmt (extract);
1554
1555 gsi_replace (gsi, extract, false);
1556 }
1557
1558 /* Return COMPONENT_REF accessing FIELD in OBJ. */
1559 static tree
1560 chkp_build_component_ref (tree obj, tree field)
1561 {
1562 tree res;
1563
1564 /* If object is TMR then we do not use component_ref but
1565 add offset instead. We need it to be able to get addr
1566 of the reasult later. */
1567 if (TREE_CODE (obj) == TARGET_MEM_REF)
1568 {
1569 tree offs = TMR_OFFSET (obj);
1570 offs = fold_binary_to_constant (PLUS_EXPR, TREE_TYPE (offs),
1571 offs, DECL_FIELD_OFFSET (field));
1572
1573 gcc_assert (offs);
1574
1575 res = copy_node (obj);
1576 TREE_TYPE (res) = TREE_TYPE (field);
1577 TMR_OFFSET (res) = offs;
1578 }
1579 else
1580 res = build3 (COMPONENT_REF, TREE_TYPE (field), obj, field, NULL_TREE);
1581
1582 return res;
1583 }
1584
1585 /* Return ARRAY_REF for array ARR and index IDX with
1586 specified element type ETYPE and element size ESIZE. */
1587 static tree
1588 chkp_build_array_ref (tree arr, tree etype, tree esize,
1589 unsigned HOST_WIDE_INT idx)
1590 {
1591 tree index = build_int_cst (size_type_node, idx);
1592 tree res;
1593
1594 /* If object is TMR then we do not use array_ref but
1595 add offset instead. We need it to be able to get addr
1596 of the reasult later. */
1597 if (TREE_CODE (arr) == TARGET_MEM_REF)
1598 {
1599 tree offs = TMR_OFFSET (arr);
1600
1601 esize = fold_binary_to_constant (MULT_EXPR, TREE_TYPE (esize),
1602 esize, index);
1603 gcc_assert(esize);
1604
1605 offs = fold_binary_to_constant (PLUS_EXPR, TREE_TYPE (offs),
1606 offs, esize);
1607 gcc_assert (offs);
1608
1609 res = copy_node (arr);
1610 TREE_TYPE (res) = etype;
1611 TMR_OFFSET (res) = offs;
1612 }
1613 else
1614 res = build4 (ARRAY_REF, etype, arr, index, NULL_TREE, NULL_TREE);
1615
1616 return res;
1617 }
1618
1619 /* Helper function for chkp_add_bounds_to_call_stmt.
1620 Fill ALL_BOUNDS output array with created bounds.
1621
1622 OFFS is used for recursive calls and holds basic
1623 offset of TYPE in outer structure in bits.
1624
1625 ITER points a position where bounds are searched.
1626
1627 ALL_BOUNDS[i] is filled with elem bounds if there
1628 is a field in TYPE which has pointer type and offset
1629 equal to i * POINTER_SIZE in bits. */
1630 static void
1631 chkp_find_bounds_for_elem (tree elem, tree *all_bounds,
1632 HOST_WIDE_INT offs,
1633 gimple_stmt_iterator *iter)
1634 {
1635 tree type = TREE_TYPE (elem);
1636
1637 if (BOUNDED_TYPE_P (type))
1638 {
1639 if (!all_bounds[offs / POINTER_SIZE])
1640 {
1641 tree temp = make_temp_ssa_name (type, NULL, "");
1642 gimple *assign = gimple_build_assign (temp, elem);
1643 gimple_stmt_iterator gsi;
1644
1645 gsi_insert_before (iter, assign, GSI_SAME_STMT);
1646 gsi = gsi_for_stmt (assign);
1647
1648 all_bounds[offs / POINTER_SIZE] = chkp_find_bounds (temp, &gsi);
1649 }
1650 }
1651 else if (RECORD_OR_UNION_TYPE_P (type))
1652 {
1653 tree field;
1654
1655 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
1656 if (TREE_CODE (field) == FIELD_DECL)
1657 {
1658 tree base = unshare_expr (elem);
1659 tree field_ref = chkp_build_component_ref (base, field);
1660 HOST_WIDE_INT field_offs
1661 = TREE_INT_CST_LOW (DECL_FIELD_BIT_OFFSET (field));
1662 if (DECL_FIELD_OFFSET (field))
1663 field_offs += TREE_INT_CST_LOW (DECL_FIELD_OFFSET (field)) * 8;
1664
1665 chkp_find_bounds_for_elem (field_ref, all_bounds,
1666 offs + field_offs, iter);
1667 }
1668 }
1669 else if (TREE_CODE (type) == ARRAY_TYPE)
1670 {
1671 tree maxval = TYPE_MAX_VALUE (TYPE_DOMAIN (type));
1672 tree etype = TREE_TYPE (type);
1673 HOST_WIDE_INT esize = TREE_INT_CST_LOW (TYPE_SIZE (etype));
1674 unsigned HOST_WIDE_INT cur;
1675
1676 if (!maxval || integer_minus_onep (maxval))
1677 return;
1678
1679 for (cur = 0; cur <= TREE_INT_CST_LOW (maxval); cur++)
1680 {
1681 tree base = unshare_expr (elem);
1682 tree arr_elem = chkp_build_array_ref (base, etype,
1683 TYPE_SIZE (etype),
1684 cur);
1685 chkp_find_bounds_for_elem (arr_elem, all_bounds, offs + cur * esize,
1686 iter);
1687 }
1688 }
1689 }
1690
1691 /* Fill HAVE_BOUND output bitmap with information about
1692 bounds requred for object of type TYPE.
1693
1694 OFFS is used for recursive calls and holds basic
1695 offset of TYPE in outer structure in bits.
1696
1697 HAVE_BOUND[i] is set to 1 if there is a field
1698 in TYPE which has pointer type and offset
1699 equal to i * POINTER_SIZE - OFFS in bits. */
1700 void
1701 chkp_find_bound_slots_1 (const_tree type, bitmap have_bound,
1702 HOST_WIDE_INT offs)
1703 {
1704 if (BOUNDED_TYPE_P (type))
1705 bitmap_set_bit (have_bound, offs / POINTER_SIZE);
1706 else if (RECORD_OR_UNION_TYPE_P (type))
1707 {
1708 tree field;
1709
1710 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
1711 if (TREE_CODE (field) == FIELD_DECL)
1712 {
1713 HOST_WIDE_INT field_offs = 0;
1714 if (DECL_FIELD_BIT_OFFSET (field))
1715 field_offs += TREE_INT_CST_LOW (DECL_FIELD_BIT_OFFSET (field));
1716 if (DECL_FIELD_OFFSET (field))
1717 field_offs += TREE_INT_CST_LOW (DECL_FIELD_OFFSET (field)) * 8;
1718 chkp_find_bound_slots_1 (TREE_TYPE (field), have_bound,
1719 offs + field_offs);
1720 }
1721 }
1722 else if (TREE_CODE (type) == ARRAY_TYPE && TYPE_DOMAIN (type))
1723 {
1724 /* The object type is an array of complete type, i.e., other
1725 than a flexible array. */
1726 tree maxval = TYPE_MAX_VALUE (TYPE_DOMAIN (type));
1727 tree etype = TREE_TYPE (type);
1728 HOST_WIDE_INT esize = TREE_INT_CST_LOW (TYPE_SIZE (etype));
1729 unsigned HOST_WIDE_INT cur;
1730
1731 if (!maxval
1732 || TREE_CODE (maxval) != INTEGER_CST
1733 || integer_minus_onep (maxval))
1734 return;
1735
1736 for (cur = 0; cur <= TREE_INT_CST_LOW (maxval); cur++)
1737 chkp_find_bound_slots_1 (etype, have_bound, offs + cur * esize);
1738 }
1739 }
1740
1741 /* Fill bitmap RES with information about bounds for
1742 type TYPE. See chkp_find_bound_slots_1 for more
1743 details. */
1744 void
1745 chkp_find_bound_slots (const_tree type, bitmap res)
1746 {
1747 bitmap_clear (res);
1748 chkp_find_bound_slots_1 (type, res, 0);
1749 }
1750
1751 /* Return 1 if call to FNDECL should be instrumented
1752 and 0 otherwise. */
1753
1754 static bool
1755 chkp_instrument_normal_builtin (tree fndecl)
1756 {
1757 switch (DECL_FUNCTION_CODE (fndecl))
1758 {
1759 case BUILT_IN_STRLEN:
1760 case BUILT_IN_STRCPY:
1761 case BUILT_IN_STRNCPY:
1762 case BUILT_IN_STPCPY:
1763 case BUILT_IN_STPNCPY:
1764 case BUILT_IN_STRCAT:
1765 case BUILT_IN_STRNCAT:
1766 case BUILT_IN_MEMCPY:
1767 case BUILT_IN_MEMPCPY:
1768 case BUILT_IN_MEMSET:
1769 case BUILT_IN_MEMMOVE:
1770 case BUILT_IN_BZERO:
1771 case BUILT_IN_STRCMP:
1772 case BUILT_IN_STRNCMP:
1773 case BUILT_IN_BCMP:
1774 case BUILT_IN_MEMCMP:
1775 case BUILT_IN_MEMCPY_CHK:
1776 case BUILT_IN_MEMPCPY_CHK:
1777 case BUILT_IN_MEMMOVE_CHK:
1778 case BUILT_IN_MEMSET_CHK:
1779 case BUILT_IN_STRCPY_CHK:
1780 case BUILT_IN_STRNCPY_CHK:
1781 case BUILT_IN_STPCPY_CHK:
1782 case BUILT_IN_STPNCPY_CHK:
1783 case BUILT_IN_STRCAT_CHK:
1784 case BUILT_IN_STRNCAT_CHK:
1785 case BUILT_IN_MALLOC:
1786 case BUILT_IN_CALLOC:
1787 case BUILT_IN_REALLOC:
1788 return 1;
1789
1790 default:
1791 return 0;
1792 }
1793 }
1794
1795 /* Add bound arguments to call statement pointed by GSI.
1796 Also performs a replacement of user checker builtins calls
1797 with internal ones. */
1798
1799 static void
1800 chkp_add_bounds_to_call_stmt (gimple_stmt_iterator *gsi)
1801 {
1802 gcall *call = as_a <gcall *> (gsi_stmt (*gsi));
1803 unsigned arg_no = 0;
1804 tree fndecl = gimple_call_fndecl (call);
1805 tree fntype;
1806 tree first_formal_arg;
1807 tree arg;
1808 bool use_fntype = false;
1809 tree op;
1810 ssa_op_iter iter;
1811 gcall *new_call;
1812
1813 /* Do nothing for internal functions. */
1814 if (gimple_call_internal_p (call))
1815 return;
1816
1817 fntype = TREE_TYPE (TREE_TYPE (gimple_call_fn (call)));
1818
1819 /* Do nothing if back-end builtin is called. */
1820 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_MD)
1821 return;
1822
1823 /* Do nothing for some middle-end builtins. */
1824 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1825 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_OBJECT_SIZE)
1826 return;
1827
1828 /* Do nothing for calls to not instrumentable functions. */
1829 if (fndecl && !chkp_instrumentable_p (fndecl))
1830 return;
1831
1832 /* Ignore CHKP_INIT_PTR_BOUNDS, CHKP_NULL_PTR_BOUNDS
1833 and CHKP_COPY_PTR_BOUNDS. */
1834 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1835 && (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_INIT_PTR_BOUNDS
1836 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_NULL_PTR_BOUNDS
1837 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_COPY_PTR_BOUNDS
1838 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_SET_PTR_BOUNDS))
1839 return;
1840
1841 /* Check user builtins are replaced with checks. */
1842 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1843 && (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_LBOUNDS
1844 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_UBOUNDS
1845 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_CHECK_PTR_BOUNDS))
1846 {
1847 chkp_replace_address_check_builtin (gsi, integer_minus_one_node);
1848 return;
1849 }
1850
1851 /* Check user builtins are replaced with bound extract. */
1852 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1853 && (DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_LBOUND
1854 || DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_GET_PTR_UBOUND))
1855 {
1856 chkp_replace_extract_builtin (gsi);
1857 return;
1858 }
1859
1860 /* BUILT_IN_CHKP_NARROW_PTR_BOUNDS call is replaced with
1861 target narrow bounds call. */
1862 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1863 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_NARROW_PTR_BOUNDS)
1864 {
1865 tree arg = gimple_call_arg (call, 1);
1866 tree bounds = chkp_find_bounds (arg, gsi);
1867
1868 gimple_call_set_fndecl (call, chkp_narrow_bounds_fndecl);
1869 gimple_call_set_arg (call, 1, bounds);
1870 update_stmt (call);
1871
1872 return;
1873 }
1874
1875 /* BUILT_IN_CHKP_STORE_PTR_BOUNDS call is replaced with
1876 bndstx call. */
1877 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1878 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_STORE_PTR_BOUNDS)
1879 {
1880 tree addr = gimple_call_arg (call, 0);
1881 tree ptr = gimple_call_arg (call, 1);
1882 tree bounds = chkp_find_bounds (ptr, gsi);
1883 gimple_stmt_iterator iter = gsi_for_stmt (call);
1884
1885 chkp_build_bndstx (addr, ptr, bounds, gsi);
1886 gsi_remove (&iter, true);
1887
1888 return;
1889 }
1890
1891 if (!flag_chkp_instrument_calls)
1892 return;
1893
1894 /* We instrument only some subset of builtins. We also instrument
1895 builtin calls to be inlined. */
1896 if (fndecl
1897 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
1898 && !chkp_instrument_normal_builtin (fndecl))
1899 {
1900 if (!lookup_attribute ("always_inline", DECL_ATTRIBUTES (fndecl)))
1901 return;
1902
1903 struct cgraph_node *clone = chkp_maybe_create_clone (fndecl);
1904 if (!clone
1905 || !gimple_has_body_p (clone->decl))
1906 return;
1907 }
1908
1909 /* If function decl is available then use it for
1910 formal arguments list. Otherwise use function type. */
1911 if (fndecl
1912 && DECL_ARGUMENTS (fndecl)
1913 && gimple_call_fntype (call) == TREE_TYPE (fndecl))
1914 first_formal_arg = DECL_ARGUMENTS (fndecl);
1915 else
1916 {
1917 first_formal_arg = TYPE_ARG_TYPES (fntype);
1918 use_fntype = true;
1919 }
1920
1921 /* Fill vector of new call args. */
1922 vec<tree> new_args = vNULL;
1923 new_args.create (gimple_call_num_args (call));
1924 arg = first_formal_arg;
1925 for (arg_no = 0; arg_no < gimple_call_num_args (call); arg_no++)
1926 {
1927 tree call_arg = gimple_call_arg (call, arg_no);
1928 tree type;
1929
1930 /* Get arg type using formal argument description
1931 or actual argument type. */
1932 if (arg)
1933 if (use_fntype)
1934 if (TREE_VALUE (arg) != void_type_node)
1935 {
1936 type = TREE_VALUE (arg);
1937 arg = TREE_CHAIN (arg);
1938 }
1939 else
1940 type = TREE_TYPE (call_arg);
1941 else
1942 {
1943 type = TREE_TYPE (arg);
1944 arg = TREE_CHAIN (arg);
1945 }
1946 else
1947 type = TREE_TYPE (call_arg);
1948
1949 new_args.safe_push (call_arg);
1950
1951 if (BOUNDED_TYPE_P (type)
1952 || pass_by_reference (NULL, TYPE_MODE (type), type, true))
1953 new_args.safe_push (chkp_find_bounds (call_arg, gsi));
1954 else if (chkp_type_has_pointer (type))
1955 {
1956 HOST_WIDE_INT max_bounds
1957 = TREE_INT_CST_LOW (TYPE_SIZE (type)) / POINTER_SIZE;
1958 tree *all_bounds = (tree *)xmalloc (sizeof (tree) * max_bounds);
1959 HOST_WIDE_INT bnd_no;
1960
1961 memset (all_bounds, 0, sizeof (tree) * max_bounds);
1962
1963 chkp_find_bounds_for_elem (call_arg, all_bounds, 0, gsi);
1964
1965 for (bnd_no = 0; bnd_no < max_bounds; bnd_no++)
1966 if (all_bounds[bnd_no])
1967 new_args.safe_push (all_bounds[bnd_no]);
1968
1969 free (all_bounds);
1970 }
1971 }
1972
1973 if (new_args.length () == gimple_call_num_args (call))
1974 new_call = call;
1975 else
1976 {
1977 new_call = gimple_build_call_vec (gimple_op (call, 1), new_args);
1978 gimple_call_set_lhs (new_call, gimple_call_lhs (call));
1979 gimple_call_copy_flags (new_call, call);
1980 gimple_call_set_chain (new_call, gimple_call_chain (call));
1981 }
1982 new_args.release ();
1983
1984 /* For direct calls fndecl is replaced with instrumented version. */
1985 if (fndecl)
1986 {
1987 tree new_decl = chkp_maybe_create_clone (fndecl)->decl;
1988 gimple_call_set_fndecl (new_call, new_decl);
1989 /* In case of a type cast we should modify used function
1990 type instead of using type of new fndecl. */
1991 if (gimple_call_fntype (call) != TREE_TYPE (fndecl))
1992 {
1993 tree type = gimple_call_fntype (call);
1994 type = chkp_copy_function_type_adding_bounds (type);
1995 gimple_call_set_fntype (new_call, type);
1996 }
1997 else
1998 gimple_call_set_fntype (new_call, TREE_TYPE (new_decl));
1999 }
2000 /* For indirect call we should fix function pointer type if
2001 pass some bounds. */
2002 else if (new_call != call)
2003 {
2004 tree type = gimple_call_fntype (call);
2005 type = chkp_copy_function_type_adding_bounds (type);
2006 gimple_call_set_fntype (new_call, type);
2007 }
2008
2009 /* replace old call statement with the new one. */
2010 if (call != new_call)
2011 {
2012 FOR_EACH_SSA_TREE_OPERAND (op, call, iter, SSA_OP_ALL_DEFS)
2013 {
2014 SSA_NAME_DEF_STMT (op) = new_call;
2015 }
2016 gsi_replace (gsi, new_call, true);
2017 }
2018 else
2019 update_stmt (new_call);
2020
2021 gimple_call_set_with_bounds (new_call, true);
2022 }
2023
2024 /* Return constant static bounds var with specified bounds LB and UB.
2025 If such var does not exists then new var is created with specified NAME. */
2026 static tree
2027 chkp_make_static_const_bounds (HOST_WIDE_INT lb,
2028 HOST_WIDE_INT ub,
2029 const char *name)
2030 {
2031 tree id = get_identifier (name);
2032 tree var;
2033 varpool_node *node;
2034 symtab_node *snode;
2035
2036 var = build_decl (UNKNOWN_LOCATION, VAR_DECL, id,
2037 pointer_bounds_type_node);
2038 TREE_STATIC (var) = 1;
2039 TREE_PUBLIC (var) = 1;
2040
2041 /* With LTO we may have constant bounds already in varpool.
2042 Try to find it. */
2043 if ((snode = symtab_node::get_for_asmname (DECL_ASSEMBLER_NAME (var))))
2044 {
2045 /* We don't allow this symbol usage for non bounds. */
2046 if (snode->type != SYMTAB_VARIABLE
2047 || !POINTER_BOUNDS_P (snode->decl))
2048 sorry ("-fcheck-pointer-bounds requires %qs "
2049 "name for internal usage",
2050 IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (var)));
2051
2052 return snode->decl;
2053 }
2054
2055 TREE_USED (var) = 1;
2056 TREE_READONLY (var) = 1;
2057 TREE_ADDRESSABLE (var) = 0;
2058 DECL_ARTIFICIAL (var) = 1;
2059 DECL_READ_P (var) = 1;
2060 DECL_INITIAL (var) = targetm.chkp_make_bounds_constant (lb, ub);
2061 make_decl_one_only (var, DECL_ASSEMBLER_NAME (var));
2062 /* We may use this symbol during ctors generation in chkp_finish_file
2063 when all symbols are emitted. Force output to avoid undefined
2064 symbols in ctors. */
2065 node = varpool_node::get_create (var);
2066 node->force_output = 1;
2067
2068 varpool_node::finalize_decl (var);
2069
2070 return var;
2071 }
2072
2073 /* Generate code to make bounds with specified lower bound LB and SIZE.
2074 if AFTER is 1 then code is inserted after position pointed by ITER
2075 otherwise code is inserted before position pointed by ITER.
2076 If ITER is NULL then code is added to entry block. */
2077 static tree
2078 chkp_make_bounds (tree lb, tree size, gimple_stmt_iterator *iter, bool after)
2079 {
2080 gimple_seq seq;
2081 gimple_stmt_iterator gsi;
2082 gimple *stmt;
2083 tree bounds;
2084
2085 if (iter)
2086 gsi = *iter;
2087 else
2088 gsi = gsi_start_bb (chkp_get_entry_block ());
2089
2090 seq = NULL;
2091
2092 lb = chkp_force_gimple_call_op (lb, &seq);
2093 size = chkp_force_gimple_call_op (size, &seq);
2094
2095 stmt = gimple_build_call (chkp_bndmk_fndecl, 2, lb, size);
2096 chkp_mark_stmt (stmt);
2097
2098 bounds = chkp_get_tmp_reg (stmt);
2099 gimple_call_set_lhs (stmt, bounds);
2100
2101 gimple_seq_add_stmt (&seq, stmt);
2102
2103 if (iter && after)
2104 gsi_insert_seq_after (&gsi, seq, GSI_SAME_STMT);
2105 else
2106 gsi_insert_seq_before (&gsi, seq, GSI_SAME_STMT);
2107
2108 if (dump_file && (dump_flags & TDF_DETAILS))
2109 {
2110 fprintf (dump_file, "Made bounds: ");
2111 print_gimple_stmt (dump_file, stmt, 0, TDF_VOPS|TDF_MEMSYMS);
2112 if (iter)
2113 {
2114 fprintf (dump_file, " inserted before statement: ");
2115 print_gimple_stmt (dump_file, gsi_stmt (*iter), 0, TDF_VOPS|TDF_MEMSYMS);
2116 }
2117 else
2118 fprintf (dump_file, " at function entry\n");
2119 }
2120
2121 /* update_stmt (stmt); */
2122
2123 return bounds;
2124 }
2125
2126 /* Return var holding zero bounds. */
2127 tree
2128 chkp_get_zero_bounds_var (void)
2129 {
2130 if (!chkp_zero_bounds_var)
2131 chkp_zero_bounds_var
2132 = chkp_make_static_const_bounds (0, -1,
2133 CHKP_ZERO_BOUNDS_VAR_NAME);
2134 return chkp_zero_bounds_var;
2135 }
2136
2137 /* Return var holding none bounds. */
2138 tree
2139 chkp_get_none_bounds_var (void)
2140 {
2141 if (!chkp_none_bounds_var)
2142 chkp_none_bounds_var
2143 = chkp_make_static_const_bounds (-1, 0,
2144 CHKP_NONE_BOUNDS_VAR_NAME);
2145 return chkp_none_bounds_var;
2146 }
2147
2148 /* Return SSA_NAME used to represent zero bounds. */
2149 static tree
2150 chkp_get_zero_bounds (void)
2151 {
2152 if (zero_bounds)
2153 return zero_bounds;
2154
2155 if (dump_file && (dump_flags & TDF_DETAILS))
2156 fprintf (dump_file, "Creating zero bounds...");
2157
2158 if ((flag_chkp_use_static_bounds && flag_chkp_use_static_const_bounds)
2159 || flag_chkp_use_static_const_bounds > 0)
2160 {
2161 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
2162 gimple *stmt;
2163
2164 zero_bounds = chkp_get_tmp_reg (NULL);
2165 stmt = gimple_build_assign (zero_bounds, chkp_get_zero_bounds_var ());
2166 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
2167 }
2168 else
2169 zero_bounds = chkp_make_bounds (integer_zero_node,
2170 integer_zero_node,
2171 NULL,
2172 false);
2173
2174 return zero_bounds;
2175 }
2176
2177 /* Return SSA_NAME used to represent none bounds. */
2178 static tree
2179 chkp_get_none_bounds (void)
2180 {
2181 if (none_bounds)
2182 return none_bounds;
2183
2184 if (dump_file && (dump_flags & TDF_DETAILS))
2185 fprintf (dump_file, "Creating none bounds...");
2186
2187
2188 if ((flag_chkp_use_static_bounds && flag_chkp_use_static_const_bounds)
2189 || flag_chkp_use_static_const_bounds > 0)
2190 {
2191 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
2192 gimple *stmt;
2193
2194 none_bounds = chkp_get_tmp_reg (NULL);
2195 stmt = gimple_build_assign (none_bounds, chkp_get_none_bounds_var ());
2196 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
2197 }
2198 else
2199 none_bounds = chkp_make_bounds (integer_minus_one_node,
2200 build_int_cst (size_type_node, 2),
2201 NULL,
2202 false);
2203
2204 return none_bounds;
2205 }
2206
2207 /* Return bounds to be used as a result of operation which
2208 should not create poiunter (e.g. MULT_EXPR). */
2209 static tree
2210 chkp_get_invalid_op_bounds (void)
2211 {
2212 return chkp_get_zero_bounds ();
2213 }
2214
2215 /* Return bounds to be used for loads of non-pointer values. */
2216 static tree
2217 chkp_get_nonpointer_load_bounds (void)
2218 {
2219 return chkp_get_zero_bounds ();
2220 }
2221
2222 /* Return 1 if may use bndret call to get bounds for pointer
2223 returned by CALL. */
2224 static bool
2225 chkp_call_returns_bounds_p (gcall *call)
2226 {
2227 if (gimple_call_internal_p (call))
2228 {
2229 if (gimple_call_internal_fn (call) == IFN_VA_ARG)
2230 return true;
2231 return false;
2232 }
2233
2234 if (gimple_call_builtin_p (call, BUILT_IN_CHKP_NARROW_PTR_BOUNDS)
2235 || chkp_gimple_call_builtin_p (call, BUILT_IN_CHKP_NARROW))
2236 return true;
2237
2238 if (gimple_call_with_bounds_p (call))
2239 return true;
2240
2241 tree fndecl = gimple_call_fndecl (call);
2242
2243 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_MD)
2244 return false;
2245
2246 if (fndecl && !chkp_instrumentable_p (fndecl))
2247 return false;
2248
2249 if (fndecl && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL)
2250 {
2251 if (chkp_instrument_normal_builtin (fndecl))
2252 return true;
2253
2254 if (!lookup_attribute ("always_inline", DECL_ATTRIBUTES (fndecl)))
2255 return false;
2256
2257 struct cgraph_node *clone = chkp_maybe_create_clone (fndecl);
2258 return (clone && gimple_has_body_p (clone->decl));
2259 }
2260
2261 return true;
2262 }
2263
2264 /* Build bounds returned by CALL. */
2265 static tree
2266 chkp_build_returned_bound (gcall *call)
2267 {
2268 gimple_stmt_iterator gsi;
2269 tree bounds;
2270 gimple *stmt;
2271 tree fndecl = gimple_call_fndecl (call);
2272 unsigned int retflags;
2273 tree lhs = gimple_call_lhs (call);
2274
2275 /* To avoid fixing alloca expands in targets we handle
2276 it separately. */
2277 if (fndecl
2278 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2279 && ALLOCA_FUNCTION_CODE_P (DECL_FUNCTION_CODE (fndecl)))
2280 {
2281 tree size = gimple_call_arg (call, 0);
2282 gimple_stmt_iterator iter = gsi_for_stmt (call);
2283 bounds = chkp_make_bounds (lhs, size, &iter, true);
2284 }
2285 /* We know bounds returned by set_bounds builtin call. */
2286 else if (fndecl
2287 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2288 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_SET_PTR_BOUNDS)
2289 {
2290 tree lb = gimple_call_arg (call, 0);
2291 tree size = gimple_call_arg (call, 1);
2292 gimple_stmt_iterator iter = gsi_for_stmt (call);
2293 bounds = chkp_make_bounds (lb, size, &iter, true);
2294 }
2295 /* Detect bounds initialization calls. */
2296 else if (fndecl
2297 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2298 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_INIT_PTR_BOUNDS)
2299 bounds = chkp_get_zero_bounds ();
2300 /* Detect bounds nullification calls. */
2301 else if (fndecl
2302 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2303 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_NULL_PTR_BOUNDS)
2304 bounds = chkp_get_none_bounds ();
2305 /* Detect bounds copy calls. */
2306 else if (fndecl
2307 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
2308 && DECL_FUNCTION_CODE (fndecl) == BUILT_IN_CHKP_COPY_PTR_BOUNDS)
2309 {
2310 gimple_stmt_iterator iter = gsi_for_stmt (call);
2311 bounds = chkp_find_bounds (gimple_call_arg (call, 1), &iter);
2312 }
2313 /* Do not use retbnd when returned bounds are equal to some
2314 of passed bounds. */
2315 else if (((retflags = gimple_call_return_flags (call)) & ERF_RETURNS_ARG)
2316 && (retflags & ERF_RETURN_ARG_MASK) < gimple_call_num_args (call))
2317 {
2318 gimple_stmt_iterator iter = gsi_for_stmt (call);
2319 unsigned int retarg = retflags & ERF_RETURN_ARG_MASK, argno;
2320 if (gimple_call_with_bounds_p (call))
2321 {
2322 for (argno = 0; argno < gimple_call_num_args (call); argno++)
2323 if (!POINTER_BOUNDS_P (gimple_call_arg (call, argno)))
2324 {
2325 if (retarg)
2326 retarg--;
2327 else
2328 break;
2329 }
2330 }
2331 else
2332 argno = retarg;
2333
2334 bounds = chkp_find_bounds (gimple_call_arg (call, argno), &iter);
2335 }
2336 else if (chkp_call_returns_bounds_p (call)
2337 && BOUNDED_P (lhs))
2338 {
2339 gcc_assert (TREE_CODE (lhs) == SSA_NAME);
2340
2341 /* In general case build checker builtin call to
2342 obtain returned bounds. */
2343 stmt = gimple_build_call (chkp_ret_bnd_fndecl, 1,
2344 gimple_call_lhs (call));
2345 chkp_mark_stmt (stmt);
2346
2347 gsi = gsi_for_stmt (call);
2348 gsi_insert_after (&gsi, stmt, GSI_SAME_STMT);
2349
2350 bounds = chkp_get_tmp_reg (stmt);
2351 gimple_call_set_lhs (stmt, bounds);
2352
2353 update_stmt (stmt);
2354 }
2355 else
2356 bounds = chkp_get_zero_bounds ();
2357
2358 if (dump_file && (dump_flags & TDF_DETAILS))
2359 {
2360 fprintf (dump_file, "Built returned bounds (");
2361 print_generic_expr (dump_file, bounds);
2362 fprintf (dump_file, ") for call: ");
2363 print_gimple_stmt (dump_file, call, 0, TDF_VOPS | TDF_MEMSYMS);
2364 }
2365
2366 bounds = chkp_maybe_copy_and_register_bounds (lhs, bounds);
2367
2368 return bounds;
2369 }
2370
2371 /* Return bounds used as returned by call
2372 which produced SSA name VAL. */
2373 gcall *
2374 chkp_retbnd_call_by_val (tree val)
2375 {
2376 if (TREE_CODE (val) != SSA_NAME)
2377 return NULL;
2378
2379 gcc_assert (gimple_code (SSA_NAME_DEF_STMT (val)) == GIMPLE_CALL);
2380
2381 imm_use_iterator use_iter;
2382 use_operand_p use_p;
2383 FOR_EACH_IMM_USE_FAST (use_p, use_iter, val)
2384 if (chkp_gimple_call_builtin_p (USE_STMT (use_p), BUILT_IN_CHKP_BNDRET))
2385 return as_a <gcall *> (USE_STMT (use_p));
2386
2387 return NULL;
2388 }
2389
2390 /* Check the next parameter for the given PARM is bounds
2391 and return it's default SSA_NAME (create if required). */
2392 static tree
2393 chkp_get_next_bounds_parm (tree parm)
2394 {
2395 tree bounds = TREE_CHAIN (parm);
2396 gcc_assert (POINTER_BOUNDS_P (bounds));
2397 bounds = ssa_default_def (cfun, bounds);
2398 if (!bounds)
2399 {
2400 bounds = make_ssa_name (TREE_CHAIN (parm), gimple_build_nop ());
2401 set_ssa_default_def (cfun, TREE_CHAIN (parm), bounds);
2402 }
2403 return bounds;
2404 }
2405
2406 /* Return bounds to be used for input argument PARM. */
2407 static tree
2408 chkp_get_bound_for_parm (tree parm)
2409 {
2410 tree decl = SSA_NAME_VAR (parm);
2411 tree bounds;
2412
2413 gcc_assert (TREE_CODE (decl) == PARM_DECL);
2414
2415 bounds = chkp_get_registered_bounds (parm);
2416
2417 if (!bounds)
2418 bounds = chkp_get_registered_bounds (decl);
2419
2420 if (!bounds)
2421 {
2422 tree orig_decl = cgraph_node::get (cfun->decl)->orig_decl;
2423
2424 /* For static chain param we return zero bounds
2425 because currently we do not check dereferences
2426 of this pointer. */
2427 if (cfun->static_chain_decl == decl)
2428 bounds = chkp_get_zero_bounds ();
2429 /* If non instrumented runtime is used then it may be useful
2430 to use zero bounds for input arguments of main
2431 function. */
2432 else if (flag_chkp_zero_input_bounds_for_main
2433 && id_equal (DECL_ASSEMBLER_NAME (orig_decl), "main"))
2434 bounds = chkp_get_zero_bounds ();
2435 else if (BOUNDED_P (parm))
2436 {
2437 bounds = chkp_get_next_bounds_parm (decl);
2438 bounds = chkp_maybe_copy_and_register_bounds (decl, bounds);
2439
2440 if (dump_file && (dump_flags & TDF_DETAILS))
2441 {
2442 fprintf (dump_file, "Built arg bounds (");
2443 print_generic_expr (dump_file, bounds);
2444 fprintf (dump_file, ") for arg: ");
2445 print_node (dump_file, "", decl, 0);
2446 }
2447 }
2448 else
2449 bounds = chkp_get_zero_bounds ();
2450 }
2451
2452 if (!chkp_get_registered_bounds (parm))
2453 bounds = chkp_maybe_copy_and_register_bounds (parm, bounds);
2454
2455 if (dump_file && (dump_flags & TDF_DETAILS))
2456 {
2457 fprintf (dump_file, "Using bounds ");
2458 print_generic_expr (dump_file, bounds);
2459 fprintf (dump_file, " for parm ");
2460 print_generic_expr (dump_file, parm);
2461 fprintf (dump_file, " of type ");
2462 print_generic_expr (dump_file, TREE_TYPE (parm));
2463 fprintf (dump_file, ".\n");
2464 }
2465
2466 return bounds;
2467 }
2468
2469 /* Build and return CALL_EXPR for bndstx builtin with specified
2470 arguments. */
2471 tree
2472 chkp_build_bndldx_call (tree addr, tree ptr)
2473 {
2474 tree fn = build1 (ADDR_EXPR,
2475 build_pointer_type (TREE_TYPE (chkp_bndldx_fndecl)),
2476 chkp_bndldx_fndecl);
2477 tree call = build_call_nary (TREE_TYPE (TREE_TYPE (chkp_bndldx_fndecl)),
2478 fn, 2, addr, ptr);
2479 CALL_WITH_BOUNDS_P (call) = true;
2480 return call;
2481 }
2482
2483 /* Insert code to load bounds for PTR located by ADDR.
2484 Code is inserted after position pointed by GSI.
2485 Loaded bounds are returned. */
2486 static tree
2487 chkp_build_bndldx (tree addr, tree ptr, gimple_stmt_iterator *gsi)
2488 {
2489 gimple_seq seq;
2490 gimple *stmt;
2491 tree bounds;
2492
2493 seq = NULL;
2494
2495 addr = chkp_force_gimple_call_op (addr, &seq);
2496 ptr = chkp_force_gimple_call_op (ptr, &seq);
2497
2498 stmt = gimple_build_call (chkp_bndldx_fndecl, 2, addr, ptr);
2499 chkp_mark_stmt (stmt);
2500 bounds = chkp_get_tmp_reg (stmt);
2501 gimple_call_set_lhs (stmt, bounds);
2502
2503 gimple_seq_add_stmt (&seq, stmt);
2504
2505 gsi_insert_seq_after (gsi, seq, GSI_CONTINUE_LINKING);
2506
2507 if (dump_file && (dump_flags & TDF_DETAILS))
2508 {
2509 fprintf (dump_file, "Generated bndldx for pointer ");
2510 print_generic_expr (dump_file, ptr);
2511 fprintf (dump_file, ": ");
2512 print_gimple_stmt (dump_file, stmt, 0, TDF_VOPS | TDF_MEMSYMS);
2513 }
2514
2515 return bounds;
2516 }
2517
2518 /* Build and return CALL_EXPR for bndstx builtin with specified
2519 arguments. */
2520 tree
2521 chkp_build_bndstx_call (tree addr, tree ptr, tree bounds)
2522 {
2523 tree fn = build1 (ADDR_EXPR,
2524 build_pointer_type (TREE_TYPE (chkp_bndstx_fndecl)),
2525 chkp_bndstx_fndecl);
2526 tree call = build_call_nary (TREE_TYPE (TREE_TYPE (chkp_bndstx_fndecl)),
2527 fn, 3, ptr, bounds, addr);
2528 CALL_WITH_BOUNDS_P (call) = true;
2529 return call;
2530 }
2531
2532 /* Insert code to store BOUNDS for PTR stored by ADDR.
2533 New statements are inserted after position pointed
2534 by GSI. */
2535 void
2536 chkp_build_bndstx (tree addr, tree ptr, tree bounds,
2537 gimple_stmt_iterator *gsi)
2538 {
2539 gimple_seq seq;
2540 gimple *stmt;
2541
2542 seq = NULL;
2543
2544 addr = chkp_force_gimple_call_op (addr, &seq);
2545 ptr = chkp_force_gimple_call_op (ptr, &seq);
2546
2547 stmt = gimple_build_call (chkp_bndstx_fndecl, 3, ptr, bounds, addr);
2548 chkp_mark_stmt (stmt);
2549 gimple_call_set_with_bounds (stmt, true);
2550
2551 gimple_seq_add_stmt (&seq, stmt);
2552
2553 gsi_insert_seq_after (gsi, seq, GSI_CONTINUE_LINKING);
2554
2555 if (dump_file && (dump_flags & TDF_DETAILS))
2556 {
2557 fprintf (dump_file, "Generated bndstx for pointer store ");
2558 print_gimple_stmt (dump_file, gsi_stmt (*gsi), 0, TDF_VOPS|TDF_MEMSYMS);
2559 print_gimple_stmt (dump_file, stmt, 2, TDF_VOPS|TDF_MEMSYMS);
2560 }
2561 }
2562
2563 /* This function is called when call statement
2564 is inlined and therefore we can't use bndret
2565 for its LHS anymore. Function fixes bndret
2566 call using new RHS value if possible. */
2567 void
2568 chkp_fixup_inlined_call (tree lhs, tree rhs)
2569 {
2570 tree addr, bounds;
2571 gcall *retbnd, *bndldx;
2572
2573 if (!BOUNDED_P (lhs))
2574 return;
2575
2576 /* Search for retbnd call. */
2577 retbnd = chkp_retbnd_call_by_val (lhs);
2578 if (!retbnd)
2579 return;
2580
2581 /* Currently only handle cases when call is replaced
2582 with a memory access. In this case bndret call
2583 may be replaced with bndldx call. Otherwise we
2584 have to search for bounds which may cause wrong
2585 result due to various optimizations applied. */
2586 switch (TREE_CODE (rhs))
2587 {
2588 case VAR_DECL:
2589 if (DECL_REGISTER (rhs))
2590 return;
2591 break;
2592
2593 case MEM_REF:
2594 break;
2595
2596 case ARRAY_REF:
2597 case COMPONENT_REF:
2598 addr = get_base_address (rhs);
2599 if (!DECL_P (addr)
2600 && TREE_CODE (addr) != MEM_REF)
2601 return;
2602 if (DECL_P (addr) && DECL_REGISTER (addr))
2603 return;
2604 break;
2605
2606 default:
2607 return;
2608 }
2609
2610 /* Create a new statements sequence with bndldx call. */
2611 gimple_stmt_iterator gsi = gsi_for_stmt (retbnd);
2612 addr = build_fold_addr_expr (rhs);
2613 chkp_build_bndldx (addr, lhs, &gsi);
2614 bndldx = as_a <gcall *> (gsi_stmt (gsi));
2615
2616 /* Remove bndret call. */
2617 bounds = gimple_call_lhs (retbnd);
2618 gsi = gsi_for_stmt (retbnd);
2619 gsi_remove (&gsi, true);
2620
2621 /* Link new bndldx call. */
2622 gimple_call_set_lhs (bndldx, bounds);
2623 update_stmt (bndldx);
2624 }
2625
2626 /* Compute bounds for pointer NODE which was assigned in
2627 assignment statement ASSIGN. Return computed bounds. */
2628 static tree
2629 chkp_compute_bounds_for_assignment (tree node, gimple *assign)
2630 {
2631 enum tree_code rhs_code = gimple_assign_rhs_code (assign);
2632 tree rhs1 = gimple_assign_rhs1 (assign);
2633 tree bounds = NULL_TREE;
2634 gimple_stmt_iterator iter = gsi_for_stmt (assign);
2635 tree base = NULL;
2636
2637 if (dump_file && (dump_flags & TDF_DETAILS))
2638 {
2639 fprintf (dump_file, "Computing bounds for assignment: ");
2640 print_gimple_stmt (dump_file, assign, 0, TDF_VOPS|TDF_MEMSYMS);
2641 }
2642
2643 switch (rhs_code)
2644 {
2645 case MEM_REF:
2646 case TARGET_MEM_REF:
2647 case COMPONENT_REF:
2648 case ARRAY_REF:
2649 /* We need to load bounds from the bounds table. */
2650 bounds = chkp_find_bounds_loaded (node, rhs1, &iter);
2651 break;
2652
2653 case VAR_DECL:
2654 case SSA_NAME:
2655 case ADDR_EXPR:
2656 case POINTER_PLUS_EXPR:
2657 case NOP_EXPR:
2658 case CONVERT_EXPR:
2659 case INTEGER_CST:
2660 /* Bounds are just propagated from RHS. */
2661 bounds = chkp_find_bounds (rhs1, &iter);
2662 base = rhs1;
2663 break;
2664
2665 case VIEW_CONVERT_EXPR:
2666 /* Bounds are just propagated from RHS. */
2667 bounds = chkp_find_bounds (TREE_OPERAND (rhs1, 0), &iter);
2668 break;
2669
2670 case PARM_DECL:
2671 if (BOUNDED_P (rhs1))
2672 {
2673 /* We need to load bounds from the bounds table. */
2674 bounds = chkp_build_bndldx (chkp_build_addr_expr (rhs1),
2675 node, &iter);
2676 TREE_ADDRESSABLE (rhs1) = 1;
2677 }
2678 else
2679 bounds = chkp_get_nonpointer_load_bounds ();
2680 break;
2681
2682 case MINUS_EXPR:
2683 case PLUS_EXPR:
2684 case BIT_AND_EXPR:
2685 case BIT_IOR_EXPR:
2686 case BIT_XOR_EXPR:
2687 {
2688 tree rhs2 = gimple_assign_rhs2 (assign);
2689 tree bnd1 = chkp_find_bounds (rhs1, &iter);
2690 tree bnd2 = chkp_find_bounds (rhs2, &iter);
2691
2692 /* First we try to check types of operands. If it
2693 does not help then look at bound values.
2694
2695 If some bounds are incomplete and other are
2696 not proven to be valid (i.e. also incomplete
2697 or invalid because value is not pointer) then
2698 resulting value is incomplete and will be
2699 recomputed later in chkp_finish_incomplete_bounds. */
2700 if (BOUNDED_P (rhs1)
2701 && !BOUNDED_P (rhs2))
2702 bounds = bnd1;
2703 else if (BOUNDED_P (rhs2)
2704 && !BOUNDED_P (rhs1)
2705 && rhs_code != MINUS_EXPR)
2706 bounds = bnd2;
2707 else if (chkp_incomplete_bounds (bnd1))
2708 if (chkp_valid_bounds (bnd2) && rhs_code != MINUS_EXPR
2709 && !chkp_incomplete_bounds (bnd2))
2710 bounds = bnd2;
2711 else
2712 bounds = incomplete_bounds;
2713 else if (chkp_incomplete_bounds (bnd2))
2714 if (chkp_valid_bounds (bnd1)
2715 && !chkp_incomplete_bounds (bnd1))
2716 bounds = bnd1;
2717 else
2718 bounds = incomplete_bounds;
2719 else if (!chkp_valid_bounds (bnd1))
2720 if (chkp_valid_bounds (bnd2) && rhs_code != MINUS_EXPR)
2721 bounds = bnd2;
2722 else if (bnd2 == chkp_get_zero_bounds ())
2723 bounds = bnd2;
2724 else
2725 bounds = bnd1;
2726 else if (!chkp_valid_bounds (bnd2))
2727 bounds = bnd1;
2728 else
2729 /* Seems both operands may have valid bounds
2730 (e.g. pointer minus pointer). In such case
2731 use default invalid op bounds. */
2732 bounds = chkp_get_invalid_op_bounds ();
2733
2734 base = (bounds == bnd1) ? rhs1 : (bounds == bnd2) ? rhs2 : NULL;
2735 }
2736 break;
2737
2738 case BIT_NOT_EXPR:
2739 case NEGATE_EXPR:
2740 case LSHIFT_EXPR:
2741 case RSHIFT_EXPR:
2742 case LROTATE_EXPR:
2743 case RROTATE_EXPR:
2744 case EQ_EXPR:
2745 case NE_EXPR:
2746 case LT_EXPR:
2747 case LE_EXPR:
2748 case GT_EXPR:
2749 case GE_EXPR:
2750 case MULT_EXPR:
2751 case RDIV_EXPR:
2752 case TRUNC_DIV_EXPR:
2753 case FLOOR_DIV_EXPR:
2754 case CEIL_DIV_EXPR:
2755 case ROUND_DIV_EXPR:
2756 case TRUNC_MOD_EXPR:
2757 case FLOOR_MOD_EXPR:
2758 case CEIL_MOD_EXPR:
2759 case ROUND_MOD_EXPR:
2760 case EXACT_DIV_EXPR:
2761 case FIX_TRUNC_EXPR:
2762 case FLOAT_EXPR:
2763 case REALPART_EXPR:
2764 case IMAGPART_EXPR:
2765 /* No valid bounds may be produced by these exprs. */
2766 bounds = chkp_get_invalid_op_bounds ();
2767 break;
2768
2769 case COND_EXPR:
2770 {
2771 tree val1 = gimple_assign_rhs2 (assign);
2772 tree val2 = gimple_assign_rhs3 (assign);
2773 tree bnd1 = chkp_find_bounds (val1, &iter);
2774 tree bnd2 = chkp_find_bounds (val2, &iter);
2775 gimple *stmt;
2776
2777 if (chkp_incomplete_bounds (bnd1) || chkp_incomplete_bounds (bnd2))
2778 bounds = incomplete_bounds;
2779 else if (bnd1 == bnd2)
2780 bounds = bnd1;
2781 else
2782 {
2783 rhs1 = unshare_expr (rhs1);
2784
2785 bounds = chkp_get_tmp_reg (assign);
2786 stmt = gimple_build_assign (bounds, COND_EXPR, rhs1, bnd1, bnd2);
2787 gsi_insert_after (&iter, stmt, GSI_SAME_STMT);
2788
2789 if (!chkp_valid_bounds (bnd1) && !chkp_valid_bounds (bnd2))
2790 chkp_mark_invalid_bounds (bounds);
2791 }
2792 }
2793 break;
2794
2795 case MAX_EXPR:
2796 case MIN_EXPR:
2797 {
2798 tree rhs2 = gimple_assign_rhs2 (assign);
2799 tree bnd1 = chkp_find_bounds (rhs1, &iter);
2800 tree bnd2 = chkp_find_bounds (rhs2, &iter);
2801
2802 if (chkp_incomplete_bounds (bnd1) || chkp_incomplete_bounds (bnd2))
2803 bounds = incomplete_bounds;
2804 else if (bnd1 == bnd2)
2805 bounds = bnd1;
2806 else
2807 {
2808 gimple *stmt;
2809 tree cond = build2 (rhs_code == MAX_EXPR ? GT_EXPR : LT_EXPR,
2810 boolean_type_node, rhs1, rhs2);
2811 bounds = chkp_get_tmp_reg (assign);
2812 stmt = gimple_build_assign (bounds, COND_EXPR, cond, bnd1, bnd2);
2813
2814 gsi_insert_after (&iter, stmt, GSI_SAME_STMT);
2815
2816 if (!chkp_valid_bounds (bnd1) && !chkp_valid_bounds (bnd2))
2817 chkp_mark_invalid_bounds (bounds);
2818 }
2819 }
2820 break;
2821
2822 default:
2823 bounds = chkp_get_zero_bounds ();
2824 warning (0, "pointer bounds were lost due to unexpected expression %s",
2825 get_tree_code_name (rhs_code));
2826 }
2827
2828 gcc_assert (bounds);
2829
2830 /* We may reuse bounds of other pointer we copy/modify. But it is not
2831 allowed for abnormal ssa names. If we produced a pointer using
2832 abnormal ssa name, we better make a bounds copy to avoid coalescing
2833 issues. */
2834 if (base
2835 && TREE_CODE (base) == SSA_NAME
2836 && SSA_NAME_OCCURS_IN_ABNORMAL_PHI (base))
2837 {
2838 gimple *stmt = gimple_build_assign (chkp_get_tmp_reg (NULL), bounds);
2839 gsi_insert_after (&iter, stmt, GSI_SAME_STMT);
2840 bounds = gimple_assign_lhs (stmt);
2841 }
2842
2843 if (node)
2844 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2845
2846 return bounds;
2847 }
2848
2849 /* Compute bounds for ssa name NODE defined by DEF_STMT pointed by ITER.
2850
2851 There are just few statement codes allowed: NOP (for default ssa names),
2852 ASSIGN, CALL, PHI, ASM.
2853
2854 Return computed bounds. */
2855 static tree
2856 chkp_get_bounds_by_definition (tree node, gimple *def_stmt,
2857 gphi_iterator *iter)
2858 {
2859 tree var, bounds;
2860 enum gimple_code code = gimple_code (def_stmt);
2861 gphi *stmt;
2862
2863 if (dump_file && (dump_flags & TDF_DETAILS))
2864 {
2865 fprintf (dump_file, "Searching for bounds for node: ");
2866 print_generic_expr (dump_file, node);
2867
2868 fprintf (dump_file, " using its definition: ");
2869 print_gimple_stmt (dump_file, def_stmt, 0, TDF_VOPS | TDF_MEMSYMS);
2870 }
2871
2872 switch (code)
2873 {
2874 case GIMPLE_NOP:
2875 var = SSA_NAME_VAR (node);
2876 switch (TREE_CODE (var))
2877 {
2878 case PARM_DECL:
2879 bounds = chkp_get_bound_for_parm (node);
2880 break;
2881
2882 case VAR_DECL:
2883 /* For uninitialized pointers use none bounds. */
2884 bounds = chkp_get_none_bounds ();
2885 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2886 break;
2887
2888 case RESULT_DECL:
2889 {
2890 tree base_type;
2891
2892 gcc_assert (TREE_CODE (TREE_TYPE (node)) == REFERENCE_TYPE);
2893
2894 base_type = TREE_TYPE (TREE_TYPE (node));
2895
2896 gcc_assert (TYPE_SIZE (base_type)
2897 && TREE_CODE (TYPE_SIZE (base_type)) == INTEGER_CST
2898 && tree_to_uhwi (TYPE_SIZE (base_type)) != 0);
2899
2900 bounds = chkp_make_bounds (node, TYPE_SIZE_UNIT (base_type),
2901 NULL, false);
2902 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2903 }
2904 break;
2905
2906 default:
2907 if (dump_file && (dump_flags & TDF_DETAILS))
2908 {
2909 fprintf (dump_file, "Unexpected var with no definition\n");
2910 print_generic_expr (dump_file, var);
2911 }
2912 internal_error ("chkp_get_bounds_by_definition: Unexpected var of type %s",
2913 get_tree_code_name (TREE_CODE (var)));
2914 }
2915 break;
2916
2917 case GIMPLE_ASSIGN:
2918 bounds = chkp_compute_bounds_for_assignment (node, def_stmt);
2919 break;
2920
2921 case GIMPLE_CALL:
2922 bounds = chkp_build_returned_bound (as_a <gcall *> (def_stmt));
2923 break;
2924
2925 case GIMPLE_PHI:
2926 if (SSA_NAME_OCCURS_IN_ABNORMAL_PHI (node))
2927 if (SSA_NAME_VAR (node))
2928 var = chkp_get_bounds_var (SSA_NAME_VAR (node));
2929 else
2930 var = make_temp_ssa_name (pointer_bounds_type_node,
2931 NULL,
2932 CHKP_BOUND_TMP_NAME);
2933 else
2934 var = chkp_get_tmp_var ();
2935 stmt = create_phi_node (var, gimple_bb (def_stmt));
2936 bounds = gimple_phi_result (stmt);
2937 *iter = gsi_for_phi (stmt);
2938
2939 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2940
2941 /* Created bounds do not have all phi args computed and
2942 therefore we do not know if there is a valid source
2943 of bounds for that node. Therefore we mark bounds
2944 as incomplete and then recompute them when all phi
2945 args are computed. */
2946 chkp_register_incomplete_bounds (bounds, node);
2947 break;
2948
2949 case GIMPLE_ASM:
2950 bounds = chkp_get_zero_bounds ();
2951 bounds = chkp_maybe_copy_and_register_bounds (node, bounds);
2952 break;
2953
2954 default:
2955 internal_error ("chkp_get_bounds_by_definition: Unexpected GIMPLE code %s",
2956 gimple_code_name[code]);
2957 }
2958
2959 return bounds;
2960 }
2961
2962 /* Return CALL_EXPR for bndmk with specified LOWER_BOUND and SIZE. */
2963 tree
2964 chkp_build_make_bounds_call (tree lower_bound, tree size)
2965 {
2966 tree call = build1 (ADDR_EXPR,
2967 build_pointer_type (TREE_TYPE (chkp_bndmk_fndecl)),
2968 chkp_bndmk_fndecl);
2969 return build_call_nary (TREE_TYPE (TREE_TYPE (chkp_bndmk_fndecl)),
2970 call, 2, lower_bound, size);
2971 }
2972
2973 /* Create static bounds var of specfified OBJ which is
2974 is either VAR_DECL or string constant. */
2975 static tree
2976 chkp_make_static_bounds (tree obj)
2977 {
2978 static int string_id = 1;
2979 static int var_id = 1;
2980 tree *slot;
2981 const char *var_name;
2982 char *bnd_var_name;
2983 tree bnd_var;
2984
2985 /* First check if we already have required var. */
2986 if (chkp_static_var_bounds)
2987 {
2988 /* For vars we use assembler name as a key in
2989 chkp_static_var_bounds map. It allows to
2990 avoid duplicating bound vars for decls
2991 sharing assembler name. */
2992 if (VAR_P (obj))
2993 {
2994 tree name = DECL_ASSEMBLER_NAME (obj);
2995 slot = chkp_static_var_bounds->get (name);
2996 if (slot)
2997 return *slot;
2998 }
2999 else
3000 {
3001 slot = chkp_static_var_bounds->get (obj);
3002 if (slot)
3003 return *slot;
3004 }
3005 }
3006
3007 /* Build decl for bounds var. */
3008 if (VAR_P (obj))
3009 {
3010 if (DECL_IGNORED_P (obj))
3011 {
3012 bnd_var_name = (char *) xmalloc (strlen (CHKP_VAR_BOUNDS_PREFIX) + 10);
3013 sprintf (bnd_var_name, "%s%d", CHKP_VAR_BOUNDS_PREFIX, var_id++);
3014 }
3015 else
3016 {
3017 var_name = IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (obj));
3018
3019 /* For hidden symbols we want to skip first '*' char. */
3020 if (*var_name == '*')
3021 var_name++;
3022
3023 bnd_var_name = (char *) xmalloc (strlen (var_name)
3024 + strlen (CHKP_BOUNDS_OF_SYMBOL_PREFIX) + 1);
3025 strcpy (bnd_var_name, CHKP_BOUNDS_OF_SYMBOL_PREFIX);
3026 strcat (bnd_var_name, var_name);
3027 }
3028
3029 bnd_var = build_decl (UNKNOWN_LOCATION, VAR_DECL,
3030 get_identifier (bnd_var_name),
3031 pointer_bounds_type_node);
3032
3033 /* Address of the obj will be used as lower bound. */
3034 TREE_ADDRESSABLE (obj) = 1;
3035 }
3036 else
3037 {
3038 bnd_var_name = (char *) xmalloc (strlen (CHKP_STRING_BOUNDS_PREFIX) + 10);
3039 sprintf (bnd_var_name, "%s%d", CHKP_STRING_BOUNDS_PREFIX, string_id++);
3040
3041 bnd_var = build_decl (UNKNOWN_LOCATION, VAR_DECL,
3042 get_identifier (bnd_var_name),
3043 pointer_bounds_type_node);
3044 }
3045
3046 free (bnd_var_name);
3047
3048 TREE_PUBLIC (bnd_var) = 0;
3049 TREE_USED (bnd_var) = 1;
3050 TREE_READONLY (bnd_var) = 0;
3051 TREE_STATIC (bnd_var) = 1;
3052 TREE_ADDRESSABLE (bnd_var) = 0;
3053 DECL_ARTIFICIAL (bnd_var) = 1;
3054 DECL_COMMON (bnd_var) = 1;
3055 DECL_COMDAT (bnd_var) = 1;
3056 DECL_READ_P (bnd_var) = 1;
3057 DECL_INITIAL (bnd_var) = chkp_build_addr_expr (obj);
3058 /* Force output similar to constant bounds.
3059 See chkp_make_static_const_bounds. */
3060 varpool_node::get_create (bnd_var)->force_output = 1;
3061 /* Mark symbol as requiring bounds initialization. */
3062 varpool_node::get_create (bnd_var)->need_bounds_init = 1;
3063 varpool_node::finalize_decl (bnd_var);
3064
3065 /* Add created var to the map to use it for other references
3066 to obj. */
3067 if (!chkp_static_var_bounds)
3068 chkp_static_var_bounds = new hash_map<tree, tree>;
3069
3070 if (VAR_P (obj))
3071 {
3072 tree name = DECL_ASSEMBLER_NAME (obj);
3073 chkp_static_var_bounds->put (name, bnd_var);
3074 }
3075 else
3076 chkp_static_var_bounds->put (obj, bnd_var);
3077
3078 return bnd_var;
3079 }
3080
3081 /* When var has incomplete type we cannot get size to
3082 compute its bounds. In such cases we use checker
3083 builtin call which determines object size at runtime. */
3084 static tree
3085 chkp_generate_extern_var_bounds (tree var)
3086 {
3087 tree bounds, size_reloc, lb, size, max_size, cond;
3088 gimple_stmt_iterator gsi;
3089 gimple_seq seq = NULL;
3090 gimple *stmt;
3091
3092 /* If instrumentation is not enabled for vars having
3093 incomplete type then just return zero bounds to avoid
3094 checks for this var. */
3095 if (!flag_chkp_incomplete_type)
3096 return chkp_get_zero_bounds ();
3097
3098 if (dump_file && (dump_flags & TDF_DETAILS))
3099 {
3100 fprintf (dump_file, "Generating bounds for extern symbol '");
3101 print_generic_expr (dump_file, var);
3102 fprintf (dump_file, "'\n");
3103 }
3104
3105 stmt = gimple_build_call (chkp_sizeof_fndecl, 1, var);
3106
3107 size_reloc = create_tmp_reg (chkp_uintptr_type, CHKP_SIZE_TMP_NAME);
3108 gimple_call_set_lhs (stmt, size_reloc);
3109
3110 gimple_seq_add_stmt (&seq, stmt);
3111
3112 lb = chkp_build_addr_expr (var);
3113 size = make_ssa_name (chkp_get_size_tmp_var ());
3114
3115 if (flag_chkp_zero_dynamic_size_as_infinite)
3116 {
3117 /* We should check that size relocation was resolved.
3118 If it was not then use maximum possible size for the var. */
3119 max_size = build2 (MINUS_EXPR, chkp_uintptr_type, integer_zero_node,
3120 fold_convert (chkp_uintptr_type, lb));
3121 max_size = chkp_force_gimple_call_op (max_size, &seq);
3122
3123 cond = build2 (NE_EXPR, boolean_type_node,
3124 size_reloc, integer_zero_node);
3125 stmt = gimple_build_assign (size, COND_EXPR, cond, size_reloc, max_size);
3126 gimple_seq_add_stmt (&seq, stmt);
3127 }
3128 else
3129 {
3130 stmt = gimple_build_assign (size, size_reloc);
3131 gimple_seq_add_stmt (&seq, stmt);
3132 }
3133
3134 gsi = gsi_start_bb (chkp_get_entry_block ());
3135 gsi_insert_seq_after (&gsi, seq, GSI_CONTINUE_LINKING);
3136
3137 bounds = chkp_make_bounds (lb, size, &gsi, true);
3138
3139 return bounds;
3140 }
3141
3142 /* Return 1 if TYPE has fields with zero size or fields
3143 marked with chkp_variable_size attribute. */
3144 bool
3145 chkp_variable_size_type (tree type)
3146 {
3147 bool res = false;
3148 tree field;
3149
3150 if (RECORD_OR_UNION_TYPE_P (type))
3151 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
3152 {
3153 if (TREE_CODE (field) == FIELD_DECL)
3154 res = res
3155 || lookup_attribute ("bnd_variable_size", DECL_ATTRIBUTES (field))
3156 || chkp_variable_size_type (TREE_TYPE (field));
3157 }
3158 else
3159 res = !TYPE_SIZE (type)
3160 || TREE_CODE (TYPE_SIZE (type)) != INTEGER_CST
3161 || tree_to_uhwi (TYPE_SIZE (type)) == 0;
3162
3163 return res;
3164 }
3165
3166 /* Compute and return bounds for address of DECL which is
3167 one of VAR_DECL, PARM_DECL, RESULT_DECL. */
3168 static tree
3169 chkp_get_bounds_for_decl_addr (tree decl)
3170 {
3171 tree bounds;
3172
3173 gcc_assert (VAR_P (decl)
3174 || TREE_CODE (decl) == PARM_DECL
3175 || TREE_CODE (decl) == RESULT_DECL);
3176
3177 bounds = chkp_get_registered_addr_bounds (decl);
3178
3179 if (bounds)
3180 return bounds;
3181
3182 if (dump_file && (dump_flags & TDF_DETAILS))
3183 {
3184 fprintf (dump_file, "Building bounds for address of decl ");
3185 print_generic_expr (dump_file, decl);
3186 fprintf (dump_file, "\n");
3187 }
3188
3189 /* Use zero bounds if size is unknown and checks for
3190 unknown sizes are restricted. */
3191 if ((!DECL_SIZE (decl)
3192 || (chkp_variable_size_type (TREE_TYPE (decl))
3193 && (TREE_STATIC (decl)
3194 || DECL_EXTERNAL (decl)
3195 || TREE_PUBLIC (decl))))
3196 && !flag_chkp_incomplete_type)
3197 return chkp_get_zero_bounds ();
3198
3199 if (VOID_TYPE_P (TREE_TYPE (decl)))
3200 return chkp_get_zero_bounds ();
3201
3202 if (flag_chkp_use_static_bounds
3203 && VAR_P (decl)
3204 && (TREE_STATIC (decl)
3205 || DECL_EXTERNAL (decl)
3206 || TREE_PUBLIC (decl))
3207 && !DECL_THREAD_LOCAL_P (decl))
3208 {
3209 tree bnd_var = chkp_make_static_bounds (decl);
3210 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
3211 gimple *stmt;
3212
3213 bounds = chkp_get_tmp_reg (NULL);
3214 stmt = gimple_build_assign (bounds, bnd_var);
3215 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
3216 }
3217 else if (!DECL_SIZE (decl)
3218 || (chkp_variable_size_type (TREE_TYPE (decl))
3219 && (TREE_STATIC (decl)
3220 || DECL_EXTERNAL (decl)
3221 || TREE_PUBLIC (decl))))
3222 {
3223 gcc_assert (VAR_P (decl));
3224 bounds = chkp_generate_extern_var_bounds (decl);
3225 }
3226 else
3227 {
3228 tree lb = chkp_build_addr_expr (decl);
3229 bounds = chkp_make_bounds (lb, DECL_SIZE_UNIT (decl), NULL, false);
3230 }
3231
3232 return bounds;
3233 }
3234
3235 /* Compute and return bounds for constant string. */
3236 static tree
3237 chkp_get_bounds_for_string_cst (tree cst)
3238 {
3239 tree bounds;
3240 tree lb;
3241 tree size;
3242
3243 gcc_assert (TREE_CODE (cst) == STRING_CST);
3244
3245 bounds = chkp_get_registered_bounds (cst);
3246
3247 if (bounds)
3248 return bounds;
3249
3250 if ((flag_chkp_use_static_bounds && flag_chkp_use_static_const_bounds)
3251 || flag_chkp_use_static_const_bounds > 0)
3252 {
3253 tree bnd_var = chkp_make_static_bounds (cst);
3254 gimple_stmt_iterator gsi = gsi_start_bb (chkp_get_entry_block ());
3255 gimple *stmt;
3256
3257 bounds = chkp_get_tmp_reg (NULL);
3258 stmt = gimple_build_assign (bounds, bnd_var);
3259 gsi_insert_before (&gsi, stmt, GSI_SAME_STMT);
3260 }
3261 else
3262 {
3263 lb = chkp_build_addr_expr (cst);
3264 size = build_int_cst (chkp_uintptr_type, TREE_STRING_LENGTH (cst));
3265 bounds = chkp_make_bounds (lb, size, NULL, false);
3266 }
3267
3268 bounds = chkp_maybe_copy_and_register_bounds (cst, bounds);
3269
3270 return bounds;
3271 }
3272
3273 /* Generate code to instersect bounds BOUNDS1 and BOUNDS2 and
3274 return the result. if ITER is not NULL then Code is inserted
3275 before position pointed by ITER. Otherwise code is added to
3276 entry block. */
3277 static tree
3278 chkp_intersect_bounds (tree bounds1, tree bounds2, gimple_stmt_iterator *iter)
3279 {
3280 if (!bounds1 || bounds1 == chkp_get_zero_bounds ())
3281 return bounds2 ? bounds2 : bounds1;
3282 else if (!bounds2 || bounds2 == chkp_get_zero_bounds ())
3283 return bounds1;
3284 else
3285 {
3286 gimple_seq seq;
3287 gimple *stmt;
3288 tree bounds;
3289
3290 seq = NULL;
3291
3292 stmt = gimple_build_call (chkp_intersect_fndecl, 2, bounds1, bounds2);
3293 chkp_mark_stmt (stmt);
3294
3295 bounds = chkp_get_tmp_reg (stmt);
3296 gimple_call_set_lhs (stmt, bounds);
3297
3298 gimple_seq_add_stmt (&seq, stmt);
3299
3300 /* We are probably doing narrowing for constant expression.
3301 In such case iter may be undefined. */
3302 if (!iter)
3303 {
3304 gimple_stmt_iterator gsi = gsi_last_bb (chkp_get_entry_block ());
3305 iter = &gsi;
3306 gsi_insert_seq_after (iter, seq, GSI_SAME_STMT);
3307 }
3308 else
3309 gsi_insert_seq_before (iter, seq, GSI_SAME_STMT);
3310
3311 if (dump_file && (dump_flags & TDF_DETAILS))
3312 {
3313 fprintf (dump_file, "Bounds intersection: ");
3314 print_gimple_stmt (dump_file, stmt, 0, TDF_VOPS|TDF_MEMSYMS);
3315 fprintf (dump_file, " inserted before statement: ");
3316 print_gimple_stmt (dump_file, gsi_stmt (*iter), 0,
3317 TDF_VOPS|TDF_MEMSYMS);
3318 }
3319
3320 return bounds;
3321 }
3322 }
3323
3324 /* Return 1 if we are allowed to narrow bounds for addressed FIELD
3325 and 0 othersize. REF is reference to the field. */
3326
3327 static bool
3328 chkp_may_narrow_to_field (tree ref, tree field)
3329 {
3330 return DECL_SIZE (field) && TREE_CODE (DECL_SIZE (field)) == INTEGER_CST
3331 && tree_to_uhwi (DECL_SIZE (field)) != 0
3332 && !(flag_chkp_flexible_struct_trailing_arrays
3333 && array_at_struct_end_p (ref))
3334 && (!DECL_FIELD_OFFSET (field)
3335 || TREE_CODE (DECL_FIELD_OFFSET (field)) == INTEGER_CST)
3336 && (!DECL_FIELD_BIT_OFFSET (field)
3337 || TREE_CODE (DECL_FIELD_BIT_OFFSET (field)) == INTEGER_CST)
3338 && !lookup_attribute ("bnd_variable_size", DECL_ATTRIBUTES (field))
3339 && !chkp_variable_size_type (TREE_TYPE (field));
3340 }
3341
3342 /* Return 1 if bounds for FIELD should be narrowed to
3343 field's own size. REF is reference to the field. */
3344
3345 static bool
3346 chkp_narrow_bounds_for_field (tree ref, tree field)
3347 {
3348 HOST_WIDE_INT offs;
3349 HOST_WIDE_INT bit_offs;
3350
3351 if (!chkp_may_narrow_to_field (ref, field))
3352 return false;
3353
3354 /* Access to compiler generated fields should not cause
3355 bounds narrowing. */
3356 if (DECL_ARTIFICIAL (field))
3357 return false;
3358
3359 offs = tree_to_uhwi (DECL_FIELD_OFFSET (field));
3360 bit_offs = tree_to_uhwi (DECL_FIELD_BIT_OFFSET (field));
3361
3362 return (flag_chkp_narrow_bounds
3363 && (flag_chkp_first_field_has_own_bounds
3364 || offs
3365 || bit_offs));
3366 }
3367
3368 /* Perform narrowing for BOUNDS of an INNER reference. Shift boundary
3369 by OFFSET bytes and limit to SIZE bytes. Newly created statements are
3370 added to ITER. */
3371
3372 static tree
3373 chkp_narrow_size_and_offset (tree bounds, tree inner, tree offset,
3374 tree size, gimple_stmt_iterator *iter)
3375 {
3376 tree addr = chkp_build_addr_expr (unshare_expr (inner));
3377 tree t = TREE_TYPE (addr);
3378
3379 gimple *stmt = gimple_build_assign (NULL_TREE, addr);
3380 addr = make_temp_ssa_name (t, stmt, CHKP_BOUND_TMP_NAME);
3381 gimple_assign_set_lhs (stmt, addr);
3382 gsi_insert_seq_before (iter, stmt, GSI_SAME_STMT);
3383
3384 stmt = gimple_build_assign (NULL_TREE, POINTER_PLUS_EXPR, addr, offset);
3385 tree shifted = make_temp_ssa_name (t, stmt, CHKP_BOUND_TMP_NAME);
3386 gimple_assign_set_lhs (stmt, shifted);
3387 gsi_insert_seq_before (iter, stmt, GSI_SAME_STMT);
3388
3389 tree bounds2 = chkp_make_bounds (shifted, size, iter, false);
3390
3391 return chkp_intersect_bounds (bounds, bounds2, iter);
3392 }
3393
3394 /* Perform narrowing for BOUNDS using bounds computed for field
3395 access COMPONENT. ITER meaning is the same as for
3396 chkp_intersect_bounds. */
3397
3398 static tree
3399 chkp_narrow_bounds_to_field (tree bounds, tree component,
3400 gimple_stmt_iterator *iter)
3401 {
3402 tree field = TREE_OPERAND (component, 1);
3403 tree size = DECL_SIZE_UNIT (field);
3404 tree field_ptr = chkp_build_addr_expr (component);
3405 tree field_bounds;
3406
3407 field_bounds = chkp_make_bounds (field_ptr, size, iter, false);
3408
3409 return chkp_intersect_bounds (field_bounds, bounds, iter);
3410 }
3411
3412 /* Parse field or array access NODE.
3413
3414 PTR ouput parameter holds a pointer to the outermost
3415 object.
3416
3417 BITFIELD output parameter is set to 1 if bitfield is
3418 accessed and to 0 otherwise. If it is 1 then ELT holds
3419 outer component for accessed bit field.
3420
3421 SAFE outer parameter is set to 1 if access is safe and
3422 checks are not required.
3423
3424 BOUNDS outer parameter holds bounds to be used to check
3425 access (may be NULL).
3426
3427 If INNERMOST_BOUNDS is 1 then try to narrow bounds to the
3428 innermost accessed component. */
3429 static void
3430 chkp_parse_array_and_component_ref (tree node, tree *ptr,
3431 tree *elt, bool *safe,
3432 bool *bitfield,
3433 tree *bounds,
3434 gimple_stmt_iterator *iter,
3435 bool innermost_bounds)
3436 {
3437 tree comp_to_narrow = NULL_TREE;
3438 tree last_comp = NULL_TREE;
3439 bool array_ref_found = false;
3440 tree *nodes;
3441 tree var;
3442 int len;
3443 int i;
3444
3445 /* Compute tree height for expression. */
3446 var = node;
3447 len = 1;
3448 while (TREE_CODE (var) == COMPONENT_REF
3449 || TREE_CODE (var) == ARRAY_REF
3450 || TREE_CODE (var) == VIEW_CONVERT_EXPR
3451 || TREE_CODE (var) == BIT_FIELD_REF)
3452 {
3453 var = TREE_OPERAND (var, 0);
3454 len++;
3455 }
3456
3457 gcc_assert (len > 1);
3458
3459 /* It is more convenient for us to scan left-to-right,
3460 so walk tree again and put all node to nodes vector
3461 in reversed order. */
3462 nodes = XALLOCAVEC (tree, len);
3463 nodes[len - 1] = node;
3464 for (i = len - 2; i >= 0; i--)
3465 nodes[i] = TREE_OPERAND (nodes[i + 1], 0);
3466
3467 if (bounds)
3468 *bounds = NULL;
3469 *safe = true;
3470 *bitfield = ((TREE_CODE (node) == COMPONENT_REF
3471 && DECL_BIT_FIELD_TYPE (TREE_OPERAND (node, 1)))
3472 || TREE_CODE (node) == BIT_FIELD_REF);
3473 /* To get bitfield address we will need outer element. */
3474 if (*bitfield)
3475 *elt = nodes[len - 2];
3476 else
3477 *elt = NULL_TREE;
3478
3479 /* If we have indirection in expression then compute
3480 outermost structure bounds. Computed bounds may be
3481 narrowed later. */
3482 if (TREE_CODE (nodes[0]) == MEM_REF || INDIRECT_REF_P (nodes[0]))
3483 {
3484 *safe = false;
3485 *ptr = TREE_OPERAND (nodes[0], 0);
3486 if (bounds)
3487 *bounds = chkp_find_bounds (*ptr, iter);
3488 }
3489 else
3490 {
3491 gcc_assert (VAR_P (var)
3492 || TREE_CODE (var) == PARM_DECL
3493 || TREE_CODE (var) == RESULT_DECL
3494 || TREE_CODE (var) == STRING_CST
3495 || TREE_CODE (var) == SSA_NAME);
3496
3497 *ptr = chkp_build_addr_expr (var);
3498
3499 /* For hard register cases chkp_build_addr_expr returns INTEGER_CST
3500 and later on chkp_find_bounds will fail to find proper bounds.
3501 In order to avoid that, we find/create bounds right aways using
3502 the var itself. */
3503 if (VAR_P (var) && DECL_HARD_REGISTER (var))
3504 *bounds = chkp_make_addressed_object_bounds (var, iter);
3505 }
3506
3507 /* In this loop we are trying to find a field access
3508 requiring narrowing. There are two simple rules
3509 for search:
3510 1. Leftmost array_ref is chosen if any.
3511 2. Rightmost suitable component_ref is chosen if innermost
3512 bounds are required and no array_ref exists. */
3513 for (i = 1; i < len; i++)
3514 {
3515 var = nodes[i];
3516
3517 if (TREE_CODE (var) == ARRAY_REF)
3518 {
3519 *safe = false;
3520 array_ref_found = true;
3521 if (flag_chkp_narrow_bounds
3522 && !flag_chkp_narrow_to_innermost_arrray
3523 && (!last_comp
3524 || chkp_may_narrow_to_field (var,
3525 TREE_OPERAND (last_comp, 1))))
3526 {
3527 comp_to_narrow = last_comp;
3528 break;
3529 }
3530 }
3531 else if (TREE_CODE (var) == COMPONENT_REF)
3532 {
3533 tree field = TREE_OPERAND (var, 1);
3534
3535 if (innermost_bounds
3536 && !array_ref_found
3537 && chkp_narrow_bounds_for_field (var, field))
3538 comp_to_narrow = var;
3539 last_comp = var;
3540
3541 if (flag_chkp_narrow_bounds
3542 && flag_chkp_narrow_to_innermost_arrray
3543 && TREE_CODE (TREE_TYPE (field)) == ARRAY_TYPE)
3544 {
3545 if (bounds)
3546 *bounds = chkp_narrow_bounds_to_field (*bounds, var, iter);
3547 comp_to_narrow = NULL;
3548 }
3549 }
3550 else if (TREE_CODE (var) == BIT_FIELD_REF)
3551 {
3552 if (flag_chkp_narrow_bounds && bounds)
3553 {
3554 tree offset, size;
3555 chkp_parse_bit_field_ref (var, UNKNOWN_LOCATION, &offset, &size);
3556 *bounds
3557 = chkp_narrow_size_and_offset (*bounds, TREE_OPERAND (var, 0),
3558 offset, size, iter);
3559 }
3560 }
3561 else if (TREE_CODE (var) == VIEW_CONVERT_EXPR)
3562 /* Nothing to do for it. */
3563 ;
3564 else
3565 gcc_unreachable ();
3566 }
3567
3568 if (comp_to_narrow && DECL_SIZE (TREE_OPERAND (comp_to_narrow, 1)) && bounds)
3569 *bounds = chkp_narrow_bounds_to_field (*bounds, comp_to_narrow, iter);
3570
3571 if (innermost_bounds && bounds && !*bounds)
3572 *bounds = chkp_find_bounds (*ptr, iter);
3573 }
3574
3575 /* Parse BIT_FIELD_REF to a NODE for a given location LOC. Return OFFSET
3576 and SIZE in bytes. */
3577
3578 static
3579 void chkp_parse_bit_field_ref (tree node, location_t loc, tree *offset,
3580 tree *size)
3581 {
3582 tree bpu = fold_convert (size_type_node, bitsize_int (BITS_PER_UNIT));
3583 tree offs = fold_convert (size_type_node, TREE_OPERAND (node, 2));
3584 tree rem = size_binop_loc (loc, TRUNC_MOD_EXPR, offs, bpu);
3585 offs = size_binop_loc (loc, TRUNC_DIV_EXPR, offs, bpu);
3586
3587 tree s = fold_convert (size_type_node, TREE_OPERAND (node, 1));
3588 s = size_binop_loc (loc, PLUS_EXPR, s, rem);
3589 s = size_binop_loc (loc, CEIL_DIV_EXPR, s, bpu);
3590 s = fold_convert (size_type_node, s);
3591
3592 *offset = offs;
3593 *size = s;
3594 }
3595
3596 /* Compute and return bounds for address of OBJ. */
3597 static tree
3598 chkp_make_addressed_object_bounds (tree obj, gimple_stmt_iterator *iter)
3599 {
3600 tree bounds = chkp_get_registered_addr_bounds (obj);
3601
3602 if (bounds)
3603 return bounds;
3604
3605 switch (TREE_CODE (obj))
3606 {
3607 case VAR_DECL:
3608 case PARM_DECL:
3609 case RESULT_DECL:
3610 bounds = chkp_get_bounds_for_decl_addr (obj);
3611 break;
3612
3613 case STRING_CST:
3614 bounds = chkp_get_bounds_for_string_cst (obj);
3615 break;
3616
3617 case ARRAY_REF:
3618 case COMPONENT_REF:
3619 case BIT_FIELD_REF:
3620 {
3621 tree elt;
3622 tree ptr;
3623 bool safe;
3624 bool bitfield;
3625
3626 chkp_parse_array_and_component_ref (obj, &ptr, &elt, &safe,
3627 &bitfield, &bounds, iter, true);
3628
3629 gcc_assert (bounds);
3630 }
3631 break;
3632
3633 case FUNCTION_DECL:
3634 case LABEL_DECL:
3635 bounds = chkp_get_zero_bounds ();
3636 break;
3637
3638 case MEM_REF:
3639 bounds = chkp_find_bounds (TREE_OPERAND (obj, 0), iter);
3640 break;
3641
3642 case REALPART_EXPR:
3643 case IMAGPART_EXPR:
3644 bounds = chkp_make_addressed_object_bounds (TREE_OPERAND (obj, 0), iter);
3645 break;
3646
3647 default:
3648 if (dump_file && (dump_flags & TDF_DETAILS))
3649 {
3650 fprintf (dump_file, "chkp_make_addressed_object_bounds: "
3651 "unexpected object of type %s\n",
3652 get_tree_code_name (TREE_CODE (obj)));
3653 print_node (dump_file, "", obj, 0);
3654 }
3655 internal_error ("chkp_make_addressed_object_bounds: "
3656 "Unexpected tree code %s",
3657 get_tree_code_name (TREE_CODE (obj)));
3658 }
3659
3660 chkp_register_addr_bounds (obj, bounds);
3661
3662 return bounds;
3663 }
3664
3665 /* Compute bounds for pointer PTR loaded from PTR_SRC. Generate statements
3666 to compute bounds if required. Computed bounds should be available at
3667 position pointed by ITER.
3668
3669 If PTR_SRC is NULL_TREE then pointer definition is identified.
3670
3671 If PTR_SRC is not NULL_TREE then ITER points to statements which loads
3672 PTR. If PTR is a any memory reference then ITER points to a statement
3673 after which bndldx will be inserterd. In both cases ITER will be updated
3674 to point to the inserted bndldx statement. */
3675
3676 static tree
3677 chkp_find_bounds_1 (tree ptr, tree ptr_src, gimple_stmt_iterator *iter)
3678 {
3679 tree addr = NULL_TREE;
3680 tree bounds = NULL_TREE;
3681
3682 if (!ptr_src)
3683 ptr_src = ptr;
3684
3685 bounds = chkp_get_registered_bounds (ptr_src);
3686
3687 if (bounds)
3688 return bounds;
3689
3690 switch (TREE_CODE (ptr_src))
3691 {
3692 case MEM_REF:
3693 case VAR_DECL:
3694 if (BOUNDED_P (ptr_src))
3695 if (VAR_P (ptr) && DECL_REGISTER (ptr))
3696 bounds = chkp_get_zero_bounds ();
3697 else
3698 {
3699 addr = chkp_build_addr_expr (ptr_src);
3700 bounds = chkp_build_bndldx (addr, ptr, iter);
3701 }
3702 else
3703 bounds = chkp_get_nonpointer_load_bounds ();
3704 break;
3705
3706 case ARRAY_REF:
3707 case COMPONENT_REF:
3708 addr = get_base_address (ptr_src);
3709 if (VAR_P (addr) && DECL_HARD_REGISTER (addr))
3710 {
3711 bounds = chkp_get_zero_bounds ();
3712 break;
3713 }
3714 if (DECL_P (addr)
3715 || TREE_CODE (addr) == MEM_REF
3716 || TREE_CODE (addr) == TARGET_MEM_REF)
3717 {
3718 if (BOUNDED_P (ptr_src))
3719 if (VAR_P (ptr) && DECL_REGISTER (ptr))
3720 bounds = chkp_get_zero_bounds ();
3721 else
3722 {
3723 addr = chkp_build_addr_expr (ptr_src);
3724 bounds = chkp_build_bndldx (addr, ptr, iter);
3725 }
3726 else
3727 bounds = chkp_get_nonpointer_load_bounds ();
3728 }
3729 else
3730 {
3731 gcc_assert (TREE_CODE (addr) == SSA_NAME);
3732 bounds = chkp_find_bounds (addr, iter);
3733 }
3734 break;
3735
3736 case PARM_DECL:
3737 /* Handled above but failed. */
3738 bounds = chkp_get_invalid_op_bounds ();
3739 break;
3740
3741 case TARGET_MEM_REF:
3742 addr = chkp_build_addr_expr (ptr_src);
3743 bounds = chkp_build_bndldx (addr, ptr, iter);
3744 break;
3745
3746 case SSA_NAME:
3747 bounds = chkp_get_registered_bounds (ptr_src);
3748 if (!bounds)
3749 {
3750 gimple *def_stmt = SSA_NAME_DEF_STMT (ptr_src);
3751 gphi_iterator phi_iter;
3752
3753 bounds = chkp_get_bounds_by_definition (ptr_src, def_stmt, &phi_iter);
3754
3755 gcc_assert (bounds);
3756
3757 if (gphi *def_phi = dyn_cast <gphi *> (def_stmt))
3758 {
3759 unsigned i;
3760
3761 for (i = 0; i < gimple_phi_num_args (def_phi); i++)
3762 {
3763 tree arg = gimple_phi_arg_def (def_phi, i);
3764 tree arg_bnd;
3765 gphi *phi_bnd;
3766
3767 arg_bnd = chkp_find_bounds (arg, NULL);
3768
3769 /* chkp_get_bounds_by_definition created new phi
3770 statement and phi_iter points to it.
3771
3772 Previous call to chkp_find_bounds could create
3773 new basic block and therefore change phi statement
3774 phi_iter points to. */
3775 phi_bnd = phi_iter.phi ();
3776
3777 add_phi_arg (phi_bnd, arg_bnd,
3778 gimple_phi_arg_edge (def_phi, i),
3779 UNKNOWN_LOCATION);
3780 }
3781
3782 /* If all bound phi nodes have their arg computed
3783 then we may finish its computation. See
3784 chkp_finish_incomplete_bounds for more details. */
3785 if (chkp_may_finish_incomplete_bounds ())
3786 chkp_finish_incomplete_bounds ();
3787 }
3788
3789 gcc_assert (bounds == chkp_get_registered_bounds (ptr_src)
3790 || chkp_incomplete_bounds (bounds));
3791 }
3792 break;
3793
3794 case ADDR_EXPR:
3795 case WITH_SIZE_EXPR:
3796 bounds = chkp_make_addressed_object_bounds (TREE_OPERAND (ptr_src, 0), iter);
3797 break;
3798
3799 case INTEGER_CST:
3800 case COMPLEX_CST:
3801 case VECTOR_CST:
3802 if (integer_zerop (ptr_src))
3803 bounds = chkp_get_none_bounds ();
3804 else
3805 bounds = chkp_get_invalid_op_bounds ();
3806 break;
3807
3808 default:
3809 if (dump_file && (dump_flags & TDF_DETAILS))
3810 {
3811 fprintf (dump_file, "chkp_find_bounds: unexpected ptr of type %s\n",
3812 get_tree_code_name (TREE_CODE (ptr_src)));
3813 print_node (dump_file, "", ptr_src, 0);
3814 }
3815 internal_error ("chkp_find_bounds: Unexpected tree code %s",
3816 get_tree_code_name (TREE_CODE (ptr_src)));
3817 }
3818
3819 if (!bounds)
3820 {
3821 if (dump_file && (dump_flags & TDF_DETAILS))
3822 {
3823 fprintf (stderr, "chkp_find_bounds: cannot find bounds for pointer\n");
3824 print_node (dump_file, "", ptr_src, 0);
3825 }
3826 internal_error ("chkp_find_bounds: Cannot find bounds for pointer");
3827 }
3828
3829 return bounds;
3830 }
3831
3832 /* Normal case for bounds search without forced narrowing. */
3833 static tree
3834 chkp_find_bounds (tree ptr, gimple_stmt_iterator *iter)
3835 {
3836 return chkp_find_bounds_1 (ptr, NULL_TREE, iter);
3837 }
3838
3839 /* Search bounds for pointer PTR loaded from PTR_SRC
3840 by statement *ITER points to. */
3841 static tree
3842 chkp_find_bounds_loaded (tree ptr, tree ptr_src, gimple_stmt_iterator *iter)
3843 {
3844 return chkp_find_bounds_1 (ptr, ptr_src, iter);
3845 }
3846
3847 /* Helper function which checks type of RHS and finds all pointers in
3848 it. For each found pointer we build it's accesses in LHS and RHS
3849 objects and then call HANDLER for them. Function is used to copy
3850 or initilize bounds for copied object. */
3851 static void
3852 chkp_walk_pointer_assignments (tree lhs, tree rhs, void *arg,
3853 assign_handler handler)
3854 {
3855 tree type = TREE_TYPE (lhs);
3856
3857 /* We have nothing to do with clobbers. */
3858 if (TREE_CLOBBER_P (rhs))
3859 return;
3860
3861 if (BOUNDED_TYPE_P (type))
3862 handler (lhs, rhs, arg);
3863 else if (RECORD_OR_UNION_TYPE_P (type))
3864 {
3865 tree field;
3866
3867 if (TREE_CODE (rhs) == CONSTRUCTOR)
3868 {
3869 unsigned HOST_WIDE_INT cnt;
3870 tree val;
3871
3872 FOR_EACH_CONSTRUCTOR_ELT (CONSTRUCTOR_ELTS (rhs), cnt, field, val)
3873 {
3874 if (field && chkp_type_has_pointer (TREE_TYPE (field)))
3875 {
3876 tree lhs_field = chkp_build_component_ref (lhs, field);
3877 chkp_walk_pointer_assignments (lhs_field, val, arg, handler);
3878 }
3879 }
3880 }
3881 else
3882 for (field = TYPE_FIELDS (type); field; field = DECL_CHAIN (field))
3883 if (TREE_CODE (field) == FIELD_DECL
3884 && chkp_type_has_pointer (TREE_TYPE (field)))
3885 {
3886 tree rhs_field = chkp_build_component_ref (rhs, field);
3887 tree lhs_field = chkp_build_component_ref (lhs, field);
3888 chkp_walk_pointer_assignments (lhs_field, rhs_field, arg, handler);
3889 }
3890 }
3891 else if (TREE_CODE (type) == ARRAY_TYPE)
3892 {
3893 unsigned HOST_WIDE_INT cur = 0;
3894 tree maxval = TYPE_MAX_VALUE (TYPE_DOMAIN (type));
3895 tree etype = TREE_TYPE (type);
3896 tree esize = TYPE_SIZE (etype);
3897
3898 if (TREE_CODE (rhs) == CONSTRUCTOR)
3899 {
3900 unsigned HOST_WIDE_INT cnt;
3901 tree purp, val, lhs_elem;
3902
3903 FOR_EACH_CONSTRUCTOR_ELT (CONSTRUCTOR_ELTS (rhs), cnt, purp, val)
3904 {
3905 if (purp && TREE_CODE (purp) == RANGE_EXPR)
3906 {
3907 tree lo_index = TREE_OPERAND (purp, 0);
3908 tree hi_index = TREE_OPERAND (purp, 1);
3909
3910 for (cur = (unsigned)tree_to_uhwi (lo_index);
3911 cur <= (unsigned)tree_to_uhwi (hi_index);
3912 cur++)
3913 {
3914 lhs_elem = chkp_build_array_ref (lhs, etype, esize, cur);
3915 chkp_walk_pointer_assignments (lhs_elem, val, arg, handler);
3916 }
3917 }
3918 else
3919 {
3920 if (purp)
3921 {
3922 gcc_assert (TREE_CODE (purp) == INTEGER_CST);
3923 cur = tree_to_uhwi (purp);
3924 }
3925
3926 lhs_elem = chkp_build_array_ref (lhs, etype, esize, cur++);
3927
3928 chkp_walk_pointer_assignments (lhs_elem, val, arg, handler);
3929 }
3930 }
3931 }
3932 /* Copy array only when size is known. */
3933 else if (maxval && !integer_minus_onep (maxval))
3934 for (cur = 0; cur <= TREE_INT_CST_LOW (maxval); cur++)
3935 {
3936 tree lhs_elem = chkp_build_array_ref (lhs, etype, esize, cur);
3937 tree rhs_elem = chkp_build_array_ref (rhs, etype, esize, cur);
3938 chkp_walk_pointer_assignments (lhs_elem, rhs_elem, arg, handler);
3939 }
3940 }
3941 else
3942 internal_error("chkp_walk_pointer_assignments: unexpected RHS type: %s",
3943 get_tree_code_name (TREE_CODE (type)));
3944 }
3945
3946 /* Add code to copy bounds for assignment of RHS to LHS.
3947 ARG is an iterator pointing ne code position. */
3948 static void
3949 chkp_copy_bounds_for_elem (tree lhs, tree rhs, void *arg)
3950 {
3951 gimple_stmt_iterator *iter = (gimple_stmt_iterator *)arg;
3952 tree bounds = chkp_find_bounds (rhs, iter);
3953 tree addr = chkp_build_addr_expr(lhs);
3954
3955 chkp_build_bndstx (addr, rhs, bounds, iter);
3956 }
3957
3958 /* Emit static bound initilizers and size vars. */
3959 void
3960 chkp_finish_file (void)
3961 {
3962 struct varpool_node *node;
3963 struct chkp_ctor_stmt_list stmts;
3964
3965 if (seen_error ())
3966 return;
3967
3968 /* Iterate through varpool and generate bounds initialization
3969 constructors for all statically initialized pointers. */
3970 stmts.avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
3971 stmts.stmts = NULL;
3972 FOR_EACH_VARIABLE (node)
3973 /* Check that var is actually emitted and we need and may initialize
3974 its bounds. */
3975 if (node->need_bounds_init
3976 && !POINTER_BOUNDS_P (node->decl)
3977 && DECL_RTL (node->decl)
3978 && MEM_P (DECL_RTL (node->decl))
3979 && TREE_ASM_WRITTEN (node->decl))
3980 {
3981 chkp_walk_pointer_assignments (node->decl,
3982 DECL_INITIAL (node->decl),
3983 &stmts,
3984 chkp_add_modification_to_stmt_list);
3985
3986 if (stmts.avail <= 0)
3987 {
3988 cgraph_build_static_cdtor ('P', stmts.stmts,
3989 MAX_RESERVED_INIT_PRIORITY + 3);
3990 stmts.avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
3991 stmts.stmts = NULL;
3992 }
3993 }
3994
3995 if (stmts.stmts)
3996 cgraph_build_static_cdtor ('P', stmts.stmts,
3997 MAX_RESERVED_INIT_PRIORITY + 3);
3998
3999 /* Iterate through varpool and generate bounds initialization
4000 constructors for all static bounds vars. */
4001 stmts.avail = MAX_STMTS_IN_STATIC_CHKP_CTOR;
4002 stmts.stmts = NULL;
4003 FOR_EACH_VARIABLE (node)
4004 if (node->need_bounds_init
4005 && POINTER_BOUNDS_P (node->decl)
4006 && TREE_ASM_WRITTEN (node->decl))
4007 {
4008 tree bnd = node->decl;
4009 tree var;
4010
4011 gcc_assert (DECL_INITIAL (bnd)
4012 && TREE_CODE (DECL_INITIAL (bnd)) == ADDR_EXPR);
4013
4014 var = TREE_OPERAND (DECL_INITIAL (bnd), 0);
4015 chkp_output_static_bounds (bnd, var, &stmts);
4016 }
4017
4018 if (stmts.stmts)
4019 cgraph_build_static_cdtor ('B', stmts.stmts,
4020 MAX_RESERVED_INIT_PRIORITY + 2);
4021
4022 delete chkp_static_var_bounds;
4023 delete chkp_bounds_map;
4024 }
4025
4026 /* An instrumentation function which is called for each statement
4027 having memory access we want to instrument. It inserts check
4028 code and bounds copy code.
4029
4030 ITER points to statement to instrument.
4031
4032 NODE holds memory access in statement to check.
4033
4034 LOC holds the location information for statement.
4035
4036 DIRFLAGS determines whether access is read or write.
4037
4038 ACCESS_OFFS should be added to address used in NODE
4039 before check.
4040
4041 ACCESS_SIZE holds size of checked access.
4042
4043 SAFE indicates if NODE access is safe and should not be
4044 checked. */
4045 static void
4046 chkp_process_stmt (gimple_stmt_iterator *iter, tree node,
4047 location_t loc, tree dirflag,
4048 tree access_offs, tree access_size,
4049 bool safe)
4050 {
4051 tree node_type = TREE_TYPE (node);
4052 tree size = access_size ? access_size : TYPE_SIZE_UNIT (node_type);
4053 tree addr_first = NULL_TREE; /* address of the first accessed byte */
4054 tree addr_last = NULL_TREE; /* address of the last accessed byte */
4055 tree ptr = NULL_TREE; /* a pointer used for dereference */
4056 tree bounds = NULL_TREE;
4057 bool reg_store = false;
4058
4059 /* We do not need instrumentation for clobbers. */
4060 if (dirflag == integer_one_node
4061 && gimple_code (gsi_stmt (*iter)) == GIMPLE_ASSIGN
4062 && TREE_CLOBBER_P (gimple_assign_rhs1 (gsi_stmt (*iter))))
4063 return;
4064
4065 switch (TREE_CODE (node))
4066 {
4067 case ARRAY_REF:
4068 case COMPONENT_REF:
4069 {
4070 bool bitfield;
4071 tree elt;
4072
4073 if (safe)
4074 {
4075 /* We are not going to generate any checks, so do not
4076 generate bounds as well. */
4077 addr_first = chkp_build_addr_expr (node);
4078 break;
4079 }
4080
4081 chkp_parse_array_and_component_ref (node, &ptr, &elt, &safe,
4082 &bitfield, &bounds, iter, false);
4083
4084 /* Break if there is no dereference and operation is safe. */
4085
4086 if (bitfield)
4087 {
4088 tree field = TREE_OPERAND (node, 1);
4089
4090 if (TREE_CODE (DECL_SIZE_UNIT (field)) == INTEGER_CST)
4091 size = DECL_SIZE_UNIT (field);
4092
4093 if (elt)
4094 elt = chkp_build_addr_expr (elt);
4095 addr_first = fold_convert_loc (loc, ptr_type_node, elt ? elt : ptr);
4096 addr_first = fold_build_pointer_plus_loc (loc,
4097 addr_first,
4098 byte_position (field));
4099 }
4100 else
4101 addr_first = chkp_build_addr_expr (node);
4102 }
4103 break;
4104
4105 case INDIRECT_REF:
4106 ptr = TREE_OPERAND (node, 0);
4107 addr_first = ptr;
4108 break;
4109
4110 case MEM_REF:
4111 ptr = TREE_OPERAND (node, 0);
4112 addr_first = chkp_build_addr_expr (node);
4113 break;
4114
4115 case TARGET_MEM_REF:
4116 ptr = TMR_BASE (node);
4117 addr_first = chkp_build_addr_expr (node);
4118 break;
4119
4120 case ARRAY_RANGE_REF:
4121 printf("ARRAY_RANGE_REF\n");
4122 debug_gimple_stmt(gsi_stmt(*iter));
4123 debug_tree(node);
4124 gcc_unreachable ();
4125 break;
4126
4127 case BIT_FIELD_REF:
4128 {
4129 tree offset, size;
4130
4131 gcc_assert (!access_offs);
4132 gcc_assert (!access_size);
4133
4134 chkp_parse_bit_field_ref (node, loc, &offset, &size);
4135
4136 chkp_process_stmt (iter, TREE_OPERAND (node, 0), loc,
4137 dirflag, offset, size, safe);
4138 return;
4139 }
4140 break;
4141
4142 case VAR_DECL:
4143 case RESULT_DECL:
4144 case PARM_DECL:
4145 if (dirflag != integer_one_node
4146 || DECL_REGISTER (node))
4147 return;
4148
4149 safe = true;
4150 addr_first = chkp_build_addr_expr (node);
4151 break;
4152
4153 default:
4154 return;
4155 }
4156
4157 /* If addr_last was not computed then use (addr_first + size - 1)
4158 expression to compute it. */
4159 if (!addr_last)
4160 {
4161 addr_last = fold_build_pointer_plus_loc (loc, addr_first, size);
4162 addr_last = fold_build_pointer_plus_hwi_loc (loc, addr_last, -1);
4163 }
4164
4165 /* Shift both first_addr and last_addr by access_offs if specified. */
4166 if (access_offs)
4167 {
4168 addr_first = fold_build_pointer_plus_loc (loc, addr_first, access_offs);
4169 addr_last = fold_build_pointer_plus_loc (loc, addr_last, access_offs);
4170 }
4171
4172 if (dirflag == integer_one_node)
4173 {
4174 tree base = get_base_address (node);
4175 if (VAR_P (base) && DECL_HARD_REGISTER (base))
4176 reg_store = true;
4177 }
4178
4179 /* Generate bndcl/bndcu checks if memory access is not safe. */
4180 if (!safe)
4181 {
4182 gimple_stmt_iterator stmt_iter = *iter;
4183
4184 if (!bounds)
4185 bounds = chkp_find_bounds (ptr, iter);
4186
4187 chkp_check_mem_access (addr_first, addr_last, bounds,
4188 stmt_iter, loc, dirflag);
4189 }
4190
4191 /* We need to store bounds in case pointer is stored. */
4192 if (dirflag == integer_one_node
4193 && !reg_store
4194 && chkp_type_has_pointer (node_type)
4195 && flag_chkp_store_bounds)
4196 {
4197 gimple *stmt = gsi_stmt (*iter);
4198 tree rhs1 = gimple_assign_rhs1 (stmt);
4199 enum tree_code rhs_code = gimple_assign_rhs_code (stmt);
4200
4201 if (get_gimple_rhs_class (rhs_code) == GIMPLE_SINGLE_RHS)
4202 chkp_walk_pointer_assignments (node, rhs1, iter,
4203 chkp_copy_bounds_for_elem);
4204 else
4205 {
4206 bounds = chkp_compute_bounds_for_assignment (NULL_TREE, stmt);
4207 chkp_build_bndstx (addr_first, rhs1, bounds, iter);
4208 }
4209 }
4210 }
4211
4212 /* Add code to copy bounds for all pointers copied
4213 in ASSIGN created during inline of EDGE. */
4214 void
4215 chkp_copy_bounds_for_assign (gimple *assign, struct cgraph_edge *edge)
4216 {
4217 tree lhs = gimple_assign_lhs (assign);
4218 tree rhs = gimple_assign_rhs1 (assign);
4219 gimple_stmt_iterator iter = gsi_for_stmt (assign);
4220
4221 if (!flag_chkp_store_bounds)
4222 return;
4223
4224 chkp_walk_pointer_assignments (lhs, rhs, &iter, chkp_copy_bounds_for_elem);
4225
4226 /* We should create edges for all created calls to bndldx and bndstx. */
4227 while (gsi_stmt (iter) != assign)
4228 {
4229 gimple *stmt = gsi_stmt (iter);
4230 if (gimple_code (stmt) == GIMPLE_CALL)
4231 {
4232 tree fndecl = gimple_call_fndecl (stmt);
4233 struct cgraph_node *callee = cgraph_node::get_create (fndecl);
4234 struct cgraph_edge *new_edge;
4235
4236 gcc_assert (chkp_gimple_call_builtin_p (stmt, BUILT_IN_CHKP_BNDSTX)
4237 || chkp_gimple_call_builtin_p (stmt, BUILT_IN_CHKP_BNDLDX)
4238 || chkp_gimple_call_builtin_p (stmt, BUILT_IN_CHKP_BNDRET));
4239
4240 new_edge = edge->caller->create_edge (callee,
4241 as_a <gcall *> (stmt),
4242 edge->count,
4243 edge->frequency);
4244 new_edge->frequency = compute_call_stmt_bb_frequency
4245 (edge->caller->decl, gimple_bb (stmt));
4246 }
4247 gsi_prev (&iter);
4248 }
4249 }
4250
4251 /* Some code transformation made during instrumentation pass
4252 may put code into inconsistent state. Here we find and fix
4253 such flaws. */
4254 void
4255 chkp_fix_cfg ()
4256 {
4257 basic_block bb;
4258 gimple_stmt_iterator i;
4259
4260 /* We could insert some code right after stmt which ends bb.
4261 We wanted to put this code on fallthru edge but did not
4262 add new edges from the beginning because it may cause new
4263 phi node creation which may be incorrect due to incomplete
4264 bound phi nodes. */
4265 FOR_ALL_BB_FN (bb, cfun)
4266 for (i = gsi_start_bb (bb); !gsi_end_p (i); gsi_next (&i))
4267 {
4268 gimple *stmt = gsi_stmt (i);
4269 gimple_stmt_iterator next = i;
4270
4271 gsi_next (&next);
4272
4273 if (stmt_ends_bb_p (stmt)
4274 && !gsi_end_p (next))
4275 {
4276 edge fall = find_fallthru_edge (bb->succs);
4277 basic_block dest = NULL;
4278 int flags = 0;
4279
4280 gcc_assert (fall);
4281
4282 /* We cannot split abnormal edge. Therefore we
4283 store its params, make it regular and then
4284 rebuild abnormal edge after split. */
4285 if (fall->flags & EDGE_ABNORMAL)
4286 {
4287 flags = fall->flags & ~EDGE_FALLTHRU;
4288 dest = fall->dest;
4289
4290 fall->flags &= ~EDGE_COMPLEX;
4291 }
4292
4293 while (!gsi_end_p (next))
4294 {
4295 gimple *next_stmt = gsi_stmt (next);
4296 gsi_remove (&next, false);
4297 gsi_insert_on_edge (fall, next_stmt);
4298 }
4299
4300 gsi_commit_edge_inserts ();
4301
4302 /* Re-create abnormal edge. */
4303 if (dest)
4304 make_edge (bb, dest, flags);
4305 }
4306 }
4307 }
4308
4309 /* Walker callback for chkp_replace_function_pointers. Replaces
4310 function pointer in the specified operand with pointer to the
4311 instrumented function version. */
4312 static tree
4313 chkp_replace_function_pointer (tree *op, int *walk_subtrees,
4314 void *data ATTRIBUTE_UNUSED)
4315 {
4316 if (TREE_CODE (*op) == FUNCTION_DECL
4317 && chkp_instrumentable_p (*op)
4318 && (DECL_BUILT_IN_CLASS (*op) == NOT_BUILT_IN
4319 /* For builtins we replace pointers only for selected
4320 function and functions having definitions. */
4321 || (DECL_BUILT_IN_CLASS (*op) == BUILT_IN_NORMAL
4322 && (chkp_instrument_normal_builtin (*op)
4323 || gimple_has_body_p (*op)))))
4324 {
4325 struct cgraph_node *node = cgraph_node::get_create (*op);
4326 struct cgraph_node *clone = NULL;
4327
4328 if (!node->instrumentation_clone)
4329 clone = chkp_maybe_create_clone (*op);
4330
4331 if (clone)
4332 *op = clone->decl;
4333 *walk_subtrees = 0;
4334 }
4335
4336 return NULL;
4337 }
4338
4339 /* This function searches for function pointers in statement
4340 pointed by GSI and replaces them with pointers to instrumented
4341 function versions. */
4342 static void
4343 chkp_replace_function_pointers (gimple_stmt_iterator *gsi)
4344 {
4345 gimple *stmt = gsi_stmt (*gsi);
4346 /* For calls we want to walk call args only. */
4347 if (gimple_code (stmt) == GIMPLE_CALL)
4348 {
4349 unsigned i;
4350 for (i = 0; i < gimple_call_num_args (stmt); i++)
4351 walk_tree (gimple_call_arg_ptr (stmt, i),
4352 chkp_replace_function_pointer, NULL, NULL);
4353 }
4354 else
4355 walk_gimple_stmt (gsi, NULL, chkp_replace_function_pointer, NULL);
4356 }
4357
4358 /* This function instruments all statements working with memory,
4359 calls and rets.
4360
4361 It also removes excess statements from static initializers. */
4362 static void
4363 chkp_instrument_function (void)
4364 {
4365 basic_block bb, next;
4366 gimple_stmt_iterator i;
4367 enum gimple_rhs_class grhs_class;
4368 bool safe = lookup_attribute ("chkp ctor", DECL_ATTRIBUTES (cfun->decl));
4369
4370 bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb;
4371 do
4372 {
4373 next = bb->next_bb;
4374 for (i = gsi_start_bb (bb); !gsi_end_p (i); )
4375 {
4376 gimple *s = gsi_stmt (i);
4377
4378 /* Skip statement marked to not be instrumented. */
4379 if (chkp_marked_stmt_p (s))
4380 {
4381 gsi_next (&i);
4382 continue;
4383 }
4384
4385 chkp_replace_function_pointers (&i);
4386
4387 switch (gimple_code (s))
4388 {
4389 case GIMPLE_ASSIGN:
4390 chkp_process_stmt (&i, gimple_assign_lhs (s),
4391 gimple_location (s), integer_one_node,
4392 NULL_TREE, NULL_TREE, safe);
4393 chkp_process_stmt (&i, gimple_assign_rhs1 (s),
4394 gimple_location (s), integer_zero_node,
4395 NULL_TREE, NULL_TREE, safe);
4396 grhs_class = get_gimple_rhs_class (gimple_assign_rhs_code (s));
4397 if (grhs_class == GIMPLE_BINARY_RHS)
4398 chkp_process_stmt (&i, gimple_assign_rhs2 (s),
4399 gimple_location (s), integer_zero_node,
4400 NULL_TREE, NULL_TREE, safe);
4401 break;
4402
4403 case GIMPLE_RETURN:
4404 {
4405 greturn *r = as_a <greturn *> (s);
4406 if (gimple_return_retval (r) != NULL_TREE)
4407 {
4408 chkp_process_stmt (&i, gimple_return_retval (r),
4409 gimple_location (r),
4410 integer_zero_node,
4411 NULL_TREE, NULL_TREE, safe);
4412
4413 /* Additionally we need to add bounds
4414 to return statement. */
4415 chkp_add_bounds_to_ret_stmt (&i);
4416 }
4417 }
4418 break;
4419
4420 case GIMPLE_CALL:
4421 chkp_add_bounds_to_call_stmt (&i);
4422 break;
4423
4424 default:
4425 ;
4426 }
4427
4428 gsi_next (&i);
4429
4430 /* We do not need any actual pointer stores in checker
4431 static initializer. */
4432 if (lookup_attribute ("chkp ctor", DECL_ATTRIBUTES (cfun->decl))
4433 && gimple_code (s) == GIMPLE_ASSIGN
4434 && gimple_store_p (s))
4435 {
4436 gimple_stmt_iterator del_iter = gsi_for_stmt (s);
4437 gsi_remove (&del_iter, true);
4438 unlink_stmt_vdef (s);
4439 release_defs(s);
4440 }
4441 }
4442 bb = next;
4443 }
4444 while (bb);
4445
4446 /* Some input params may have bounds and be address taken. In this case
4447 we should store incoming bounds into bounds table. */
4448 tree arg;
4449 if (flag_chkp_store_bounds)
4450 for (arg = DECL_ARGUMENTS (cfun->decl); arg; arg = DECL_CHAIN (arg))
4451 if (TREE_ADDRESSABLE (arg))
4452 {
4453 if (BOUNDED_P (arg))
4454 {
4455 tree bounds = chkp_get_next_bounds_parm (arg);
4456 tree def_ptr = ssa_default_def (cfun, arg);
4457 gimple_stmt_iterator iter
4458 = gsi_start_bb (chkp_get_entry_block ());
4459 chkp_build_bndstx (chkp_build_addr_expr (arg),
4460 def_ptr ? def_ptr : arg,
4461 bounds, &iter);
4462
4463 /* Skip bounds arg. */
4464 arg = TREE_CHAIN (arg);
4465 }
4466 else if (chkp_type_has_pointer (TREE_TYPE (arg)))
4467 {
4468 tree orig_arg = arg;
4469 bitmap slots = BITMAP_ALLOC (NULL);
4470 gimple_stmt_iterator iter
4471 = gsi_start_bb (chkp_get_entry_block ());
4472 bitmap_iterator bi;
4473 unsigned bnd_no;
4474
4475 chkp_find_bound_slots (TREE_TYPE (arg), slots);
4476
4477 EXECUTE_IF_SET_IN_BITMAP (slots, 0, bnd_no, bi)
4478 {
4479 tree bounds = chkp_get_next_bounds_parm (arg);
4480 HOST_WIDE_INT offs = bnd_no * POINTER_SIZE / BITS_PER_UNIT;
4481 tree addr = chkp_build_addr_expr (orig_arg);
4482 tree ptr = build2 (MEM_REF, ptr_type_node, addr,
4483 build_int_cst (ptr_type_node, offs));
4484 chkp_build_bndstx (chkp_build_addr_expr (ptr), ptr,
4485 bounds, &iter);
4486
4487 arg = DECL_CHAIN (arg);
4488 }
4489 BITMAP_FREE (slots);
4490 }
4491 }
4492 }
4493
4494 /* Find init/null/copy_ptr_bounds calls and replace them
4495 with assignments. It should allow better code
4496 optimization. */
4497
4498 static void
4499 chkp_remove_useless_builtins ()
4500 {
4501 basic_block bb;
4502 gimple_stmt_iterator gsi;
4503
4504 FOR_EACH_BB_FN (bb, cfun)
4505 {
4506 for (gsi = gsi_start_bb (bb); !gsi_end_p (gsi); gsi_next (&gsi))
4507 {
4508 gimple *stmt = gsi_stmt (gsi);
4509 tree fndecl;
4510 enum built_in_function fcode;
4511
4512 /* Find builtins returning first arg and replace
4513 them with assignments. */
4514 if (gimple_code (stmt) == GIMPLE_CALL
4515 && (fndecl = gimple_call_fndecl (stmt))
4516 && DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL
4517 && (fcode = DECL_FUNCTION_CODE (fndecl))
4518 && (fcode == BUILT_IN_CHKP_INIT_PTR_BOUNDS
4519 || fcode == BUILT_IN_CHKP_NULL_PTR_BOUNDS
4520 || fcode == BUILT_IN_CHKP_COPY_PTR_BOUNDS
4521 || fcode == BUILT_IN_CHKP_SET_PTR_BOUNDS))
4522 {
4523 tree res = gimple_call_arg (stmt, 0);
4524 update_call_from_tree (&gsi, res);
4525 stmt = gsi_stmt (gsi);
4526 update_stmt (stmt);
4527 }
4528 }
4529 }
4530 }
4531
4532 /* Initialize pass. */
4533 static void
4534 chkp_init (void)
4535 {
4536 basic_block bb;
4537 gimple_stmt_iterator i;
4538
4539 in_chkp_pass = true;
4540
4541 for (bb = ENTRY_BLOCK_PTR_FOR_FN (cfun)->next_bb; bb; bb = bb->next_bb)
4542 for (i = gsi_start_bb (bb); !gsi_end_p (i); gsi_next (&i))
4543 chkp_unmark_stmt (gsi_stmt (i));
4544
4545 chkp_invalid_bounds = new hash_set<tree>;
4546 chkp_completed_bounds_set = new hash_set<tree>;
4547 delete chkp_reg_bounds;
4548 chkp_reg_bounds = new hash_map<tree, tree>;
4549 delete chkp_bound_vars;
4550 chkp_bound_vars = new hash_map<tree, tree>;
4551 chkp_reg_addr_bounds = new hash_map<tree, tree>;
4552 chkp_incomplete_bounds_map = new hash_map<tree, tree>;
4553 delete chkp_bounds_map;
4554 chkp_bounds_map = new hash_map<tree, tree>;
4555 chkp_abnormal_copies = BITMAP_GGC_ALLOC ();
4556
4557 entry_block = NULL;
4558 zero_bounds = NULL_TREE;
4559 none_bounds = NULL_TREE;
4560 incomplete_bounds = integer_zero_node;
4561 tmp_var = NULL_TREE;
4562 size_tmp_var = NULL_TREE;
4563
4564 chkp_uintptr_type = lang_hooks.types.type_for_mode (ptr_mode, true);
4565
4566 /* We create these constant bounds once for each object file.
4567 These symbols go to comdat section and result in single copy
4568 of each one in the final binary. */
4569 chkp_get_zero_bounds_var ();
4570 chkp_get_none_bounds_var ();
4571
4572 calculate_dominance_info (CDI_DOMINATORS);
4573 calculate_dominance_info (CDI_POST_DOMINATORS);
4574
4575 bitmap_obstack_initialize (NULL);
4576 }
4577
4578 /* Finalize instrumentation pass. */
4579 static void
4580 chkp_fini (void)
4581 {
4582 in_chkp_pass = false;
4583
4584 delete chkp_invalid_bounds;
4585 delete chkp_completed_bounds_set;
4586 delete chkp_reg_addr_bounds;
4587 delete chkp_incomplete_bounds_map;
4588
4589 free_dominance_info (CDI_DOMINATORS);
4590 free_dominance_info (CDI_POST_DOMINATORS);
4591
4592 bitmap_obstack_release (NULL);
4593
4594 entry_block = NULL;
4595 zero_bounds = NULL_TREE;
4596 none_bounds = NULL_TREE;
4597 }
4598
4599 /* Main instrumentation pass function. */
4600 static unsigned int
4601 chkp_execute (void)
4602 {
4603 chkp_init ();
4604
4605 chkp_instrument_function ();
4606
4607 chkp_remove_useless_builtins ();
4608
4609 chkp_function_mark_instrumented (cfun->decl);
4610
4611 chkp_fix_cfg ();
4612
4613 chkp_fini ();
4614
4615 return 0;
4616 }
4617
4618 /* Instrumentation pass gate. */
4619 static bool
4620 chkp_gate (void)
4621 {
4622 cgraph_node *node = cgraph_node::get (cfun->decl);
4623 return ((node != NULL
4624 && node->instrumentation_clone)
4625 || lookup_attribute ("chkp ctor", DECL_ATTRIBUTES (cfun->decl)));
4626 }
4627
4628 namespace {
4629
4630 const pass_data pass_data_chkp =
4631 {
4632 GIMPLE_PASS, /* type */
4633 "chkp", /* name */
4634 OPTGROUP_NONE, /* optinfo_flags */
4635 TV_NONE, /* tv_id */
4636 PROP_ssa | PROP_cfg, /* properties_required */
4637 0, /* properties_provided */
4638 0, /* properties_destroyed */
4639 0, /* todo_flags_start */
4640 TODO_verify_il
4641 | TODO_update_ssa /* todo_flags_finish */
4642 };
4643
4644 class pass_chkp : public gimple_opt_pass
4645 {
4646 public:
4647 pass_chkp (gcc::context *ctxt)
4648 : gimple_opt_pass (pass_data_chkp, ctxt)
4649 {}
4650
4651 /* opt_pass methods: */
4652 virtual opt_pass * clone ()
4653 {
4654 return new pass_chkp (m_ctxt);
4655 }
4656
4657 virtual bool gate (function *)
4658 {
4659 return chkp_gate ();
4660 }
4661
4662 virtual unsigned int execute (function *)
4663 {
4664 return chkp_execute ();
4665 }
4666
4667 }; // class pass_chkp
4668
4669 } // anon namespace
4670
4671 gimple_opt_pass *
4672 make_pass_chkp (gcc::context *ctxt)
4673 {
4674 return new pass_chkp (ctxt);
4675 }
4676
4677 #include "gt-tree-chkp.h"
Mirror of https://gcc.gnu.org/git/gcc.git