]> git.ipfire.org Git - thirdparty/gcc.git/blob - gcc/vtable-verify.c
projects / thirdparty / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright years.
[thirdparty/gcc.git] / gcc / vtable-verify.c
1 /* Copyright (C) 2013-2015 Free Software Foundation, Inc.
2
3 This file is part of GCC.
4
5 GCC is free software; you can redistribute it and/or modify it under
6 the terms of the GNU General Public License as published by the Free
7 Software Foundation; either version 3, or (at your option) any later
8 version.
9
10 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
11 WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GCC; see the file COPYING3. If not see
17 <http://www.gnu.org/licenses/>. */
18
19 /* Virtual Table Pointer Security Pass - Detect corruption of vtable pointers
20 before using them for virtual method dispatches. */
21
22 /* This file is part of the vtable security feature implementation.
23 The vtable security feature is designed to detect when a virtual
24 call is about to be made through an invalid vtable pointer
25 (possibly due to data corruption or malicious attacks). The
26 compiler finds every virtual call, and inserts a verification call
27 before the virtual call. The verification call takes the actual
28 vtable pointer value in the object through which the virtual call
29 is being made, and compares the vtable pointer against a set of all
30 valid vtable pointers that the object could contain (this set is
31 based on the declared type of the object). If the pointer is in
32 the valid set, execution is allowed to continue; otherwise the
33 program is halted.
34
35 There are several pieces needed in order to make this work: 1. For
36 every virtual class in the program (i.e. a class that contains
37 virtual methods), we need to build the set of all possible valid
38 vtables that an object of that class could point to. This includes
39 vtables for any class(es) that inherit from the class under
40 consideration. 2. For every such data set we build up, we need a
41 way to find and reference the data set. This is complicated by the
42 fact that the real vtable addresses are not known until runtime,
43 when the program is loaded into memory, but we need to reference the
44 sets at compile time when we are inserting verification calls into
45 the program. 3. We need to find every virtual call in the program,
46 and insert the verification call (with the appropriate arguments)
47 before the virtual call. 4. We need some runtime library pieces:
48 the code to build up the data sets at runtime; the code to actually
49 perform the verification using the data sets; and some code to set
50 protections on the data sets, so they themselves do not become
51 hacker targets.
52
53 To find and reference the set of valid vtable pointers for any given
54 virtual class, we create a special global variable for each virtual
55 class. We refer to this as the "vtable map variable" for that
56 class. The vtable map variable has the type "void *", and is
57 initialized by the compiler to NULL. At runtime when the set of
58 valid vtable pointers for a virtual class, e.g. class Foo, is built,
59 the vtable map variable for class Foo is made to point to the set.
60 During compile time, when the compiler is inserting verification
61 calls into the program, it passes the vtable map variable for the
62 appropriate class to the verification call, so that at runtime the
63 verification call can find the appropriate data set.
64
65 The actual set of valid vtable pointers for a virtual class,
66 e.g. class Foo, cannot be built until runtime, when the vtables get
67 loaded into memory and their addresses are known. But the knowledge
68 about which vtables belong in which class' hierarchy is only known
69 at compile time. Therefore at compile time we collect class
70 hierarchy and vtable information about every virtual class, and we
71 generate calls to build up the data sets at runtime. To build the
72 data sets, we call one of the functions we add to the runtime
73 library, __VLTRegisterPair. __VLTRegisterPair takes two arguments,
74 a vtable map variable and the address of a vtable. If the vtable
75 map variable is currently NULL, it creates a new data set (hash
76 table), makes the vtable map variable point to the new data set, and
77 inserts the vtable address into the data set. If the vtable map
78 variable is not NULL, it just inserts the vtable address into the
79 data set. In order to make sure that our data sets are built before
80 any verification calls happen, we create a special constructor
81 initialization function for each compilation unit, give it a very
82 high initialization priority, and insert all of our calls to
83 __VLTRegisterPair into our special constructor initialization
84 function.
85
86 The vtable verification feature is controlled by the flag
87 '-fvtable-verify='. There are three flavors of this:
88 '-fvtable-verify=std', '-fvtable-verify=preinit', and
89 '-fvtable-verify=none'. If the option '-fvtable-verfy=preinit' is
90 used, then our constructor initialization function gets put into the
91 preinit array. This is necessary if there are data sets that need
92 to be built very early in execution. If the constructor
93 initialization function gets put into the preinit array, the we also
94 add calls to __VLTChangePermission at the beginning and end of the
95 function. The call at the beginning sets the permissions on the
96 data sets and vtable map variables to read/write, and the one at the
97 end makes them read-only. If the '-fvtable-verify=std' option is
98 used, the constructor initialization functions are executed at their
99 normal time, and the __VLTChangePermission calls are handled
100 differently (see the comments in libstdc++-v3/libsupc++/vtv_rts.cc).
101 The option '-fvtable-verify=none' turns off vtable verification.
102
103 This file contains code for the tree pass that goes through all the
104 statements in each basic block, looking for virtual calls, and
105 inserting a call to __VLTVerifyVtablePointer (with appropriate
106 arguments) before each one. It also contains the hash table
107 functions for the data structures used for collecting the class
108 hierarchy data and building/maintaining the vtable map variable data
109 are defined in gcc/vtable-verify.h. These data structures are
110 shared with the code in the C++ front end that collects the class
111 hierarchy & vtable information and generates the vtable map
112 variables (see cp/vtable-class-hierarchy.c). This tree pass should
113 run just before the gimple is converted to RTL.
114
115 Some implementation details for this pass:
116
117 To find all of the virtual calls, we iterate through all the
118 gimple statements in each basic block, looking for any call
119 statement with the code "OBJ_TYPE_REF". Once we have found the
120 virtual call, we need to find the vtable pointer through which the
121 call is being made, and the type of the object containing the
122 pointer (to find the appropriate vtable map variable). We then use
123 these to build a call to __VLTVerifyVtablePointer, passing the
124 vtable map variable, and the vtable pointer. We insert the
125 verification call just after the gimple statement that gets the
126 vtable pointer out of the object, and we update the next
127 statement to depend on the result returned from
128 __VLTVerifyVtablePointer (the vtable pointer value), to ensure
129 subsequent compiler phases don't remove or reorder the call (it's no
130 good to have the verification occur after the virtual call, for
131 example). To find the vtable pointer being used (and the type of
132 the object) we search backwards through the def_stmts chain from the
133 virtual call (see verify_bb_vtables for more details). */
134
135 #include "config.h"
136 #include "system.h"
137 #include "coretypes.h"
138 #include "tree.h"
139 #include "predict.h"
140 #include "vec.h"
141 #include "hashtab.h"
142 #include "hash-set.h"
143 #include "machmode.h"
144 #include "tm.h"
145 #include "hard-reg-set.h"
146 #include "input.h"
147 #include "function.h"
148 #include "dominance.h"
149 #include "cfg.h"
150 #include "basic-block.h"
151 #include "tree-ssa-alias.h"
152 #include "internal-fn.h"
153 #include "gimple-expr.h"
154 #include "is-a.h"
155 #include "gimple.h"
156 #include "gimple-iterator.h"
157 #include "gimple-ssa.h"
158 #include "tree-phinodes.h"
159 #include "ssa-iterators.h"
160 #include "stringpool.h"
161 #include "tree-ssanames.h"
162 #include "tree-pass.h"
163 #include "cfgloop.h"
164
165 #include "vtable-verify.h"
166
167 unsigned num_vtable_map_nodes = 0;
168 int total_num_virtual_calls = 0;
169 int total_num_verified_vcalls = 0;
170
171 extern GTY(()) tree verify_vtbl_ptr_fndecl;
172 tree verify_vtbl_ptr_fndecl = NULL_TREE;
173
174 /* Keep track of whether or not any virtual call were verified. */
175 static bool any_verification_calls_generated = false;
176
177 unsigned int vtable_verify_main (void);
178
179
180 /* The following few functions are for the vtbl pointer hash table
181 in the 'registered' field of the struct vtable_map_node. The hash
182 table keeps track of which vtable pointers have been used in
183 calls to __VLTRegisterPair with that particular vtable map variable. */
184
185 /* This function checks to see if a particular VTABLE_DECL and OFFSET are
186 already in the 'registered' hash table for NODE. */
187
188 bool
189 vtbl_map_node_registration_find (struct vtbl_map_node *node,
190 tree vtable_decl,
191 unsigned offset)
192 {
193 struct vtable_registration key;
194 struct vtable_registration **slot;
195
196 gcc_assert (node && node->registered);
197
198 key.vtable_decl = vtable_decl;
199 slot = node->registered->find_slot (&key, NO_INSERT);
200
201 if (slot && (*slot))
202 {
203 unsigned i;
204 for (i = 0; i < ((*slot)->offsets).length (); ++i)
205 if ((*slot)->offsets[i] == offset)
206 return true;
207 }
208
209 return false;
210 }
211
212 /* This function inserts VTABLE_DECL and OFFSET into the 'registered'
213 hash table for NODE. It returns a boolean indicating whether or not
214 it actually inserted anything. */
215
216 bool
217 vtbl_map_node_registration_insert (struct vtbl_map_node *node,
218 tree vtable_decl,
219 unsigned offset)
220 {
221 struct vtable_registration key;
222 struct vtable_registration **slot;
223 bool inserted_something = false;
224
225 if (!node || !node->registered)
226 return false;
227
228 key.vtable_decl = vtable_decl;
229 slot = node->registered->find_slot (&key, INSERT);
230
231 if (! *slot)
232 {
233 struct vtable_registration *node;
234 node = XNEW (struct vtable_registration);
235 node->vtable_decl = vtable_decl;
236
237 (node->offsets).create (10);
238 (node->offsets).safe_push (offset);
239 *slot = node;
240 inserted_something = true;
241 }
242 else
243 {
244 /* We found the vtable_decl slot; we need to see if it already
245 contains the offset. If not, we need to add the offset. */
246 unsigned i;
247 bool found = false;
248 for (i = 0; i < ((*slot)->offsets).length () && !found; ++i)
249 if ((*slot)->offsets[i] == offset)
250 found = true;
251
252 if (!found)
253 {
254 ((*slot)->offsets).safe_push (offset);
255 inserted_something = true;
256 }
257 }
258 return inserted_something;
259 }
260
261 /* Hashtable functions for vtable_registration hashtables. */
262
263 inline hashval_t
264 registration_hasher::hash (const value_type *p)
265 {
266 const struct vtable_registration *n = (const struct vtable_registration *) p;
267 return (hashval_t) (DECL_UID (n->vtable_decl));
268 }
269
270 inline bool
271 registration_hasher::equal (const value_type *p1, const compare_type *p2)
272 {
273 const struct vtable_registration *n1 =
274 (const struct vtable_registration *) p1;
275 const struct vtable_registration *n2 =
276 (const struct vtable_registration *) p2;
277 return (DECL_UID (n1->vtable_decl) == DECL_UID (n2->vtable_decl));
278 }
279
280 /* End of hashtable functions for "registered" hashtables. */
281
282
283
284 /* Hashtable definition and functions for vtbl_map_hash. */
285
286 struct vtbl_map_hasher : typed_noop_remove <struct vtbl_map_node>
287 {
288 typedef struct vtbl_map_node value_type;
289 typedef struct vtbl_map_node compare_type;
290 static inline hashval_t hash (const value_type *);
291 static inline bool equal (const value_type *, const compare_type *);
292 };
293
294 /* Returns a hash code for P. */
295
296 inline hashval_t
297 vtbl_map_hasher::hash (const value_type *p)
298 {
299 const struct vtbl_map_node n = *((const struct vtbl_map_node *) p);
300 return (hashval_t) IDENTIFIER_HASH_VALUE (n.class_name);
301 }
302
303 /* Returns nonzero if P1 and P2 are equal. */
304
305 inline bool
306 vtbl_map_hasher::equal (const value_type *p1, const compare_type *p2)
307 {
308 const struct vtbl_map_node n1 = *((const struct vtbl_map_node *) p1);
309 const struct vtbl_map_node n2 = *((const struct vtbl_map_node *) p2);
310 return (IDENTIFIER_HASH_VALUE (n1.class_name) ==
311 IDENTIFIER_HASH_VALUE (n2.class_name));
312 }
313
314 /* Here are the two structures into which we insert vtable map nodes.
315 We use two data structures because of the vastly different ways we need
316 to find the nodes for various tasks (see comments in vtable-verify.h
317 for more details. */
318
319 typedef hash_table<vtbl_map_hasher> vtbl_map_table_type;
320 typedef vtbl_map_table_type::iterator vtbl_map_iterator_type;
321
322 /* Vtable map variable nodes stored in a hash table. */
323 static vtbl_map_table_type *vtbl_map_hash;
324
325 /* Vtable map variable nodes stored in a vector. */
326 vec<struct vtbl_map_node *> vtbl_map_nodes_vec;
327
328 /* Return vtbl_map node for CLASS_NAME without creating a new one. */
329
330 struct vtbl_map_node *
331 vtbl_map_get_node (tree class_type)
332 {
333 struct vtbl_map_node key;
334 struct vtbl_map_node **slot;
335
336 tree class_type_decl;
337 tree class_name;
338 unsigned int type_quals;
339
340 if (!vtbl_map_hash)
341 return NULL;
342
343 gcc_assert (TREE_CODE (class_type) == RECORD_TYPE);
344
345
346 /* Find the TYPE_DECL for the class. */
347 class_type_decl = TYPE_NAME (class_type);
348
349 /* Verify that there aren't any qualifiers on the type. */
350 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
351 gcc_assert (type_quals == TYPE_UNQUALIFIED);
352
353 /* Get the mangled name for the unqualified type. */
354 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
355 class_name = DECL_ASSEMBLER_NAME (class_type_decl);
356
357 key.class_name = class_name;
358 slot = (struct vtbl_map_node **) vtbl_map_hash->find_slot (&key, NO_INSERT);
359 if (!slot)
360 return NULL;
361 return *slot;
362 }
363
364 /* Return vtbl_map node assigned to BASE_CLASS_TYPE. Create new one
365 when needed. */
366
367 struct vtbl_map_node *
368 find_or_create_vtbl_map_node (tree base_class_type)
369 {
370 struct vtbl_map_node key;
371 struct vtbl_map_node *node;
372 struct vtbl_map_node **slot;
373 tree class_type_decl;
374 unsigned int type_quals;
375
376 if (!vtbl_map_hash)
377 vtbl_map_hash = new vtbl_map_table_type (10);
378
379 /* Find the TYPE_DECL for the class. */
380 class_type_decl = TYPE_NAME (base_class_type);
381
382 /* Verify that there aren't any type qualifiers on type. */
383 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
384 gcc_assert (type_quals == TYPE_UNQUALIFIED);
385
386 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
387 key.class_name = DECL_ASSEMBLER_NAME (class_type_decl);
388 slot = (struct vtbl_map_node **) vtbl_map_hash->find_slot (&key, INSERT);
389
390 if (*slot)
391 return *slot;
392
393 node = XNEW (struct vtbl_map_node);
394 node->vtbl_map_decl = NULL_TREE;
395 node->class_name = key.class_name;
396 node->uid = num_vtable_map_nodes++;
397
398 node->class_info = XNEW (struct vtv_graph_node);
399 node->class_info->class_type = base_class_type;
400 node->class_info->class_uid = node->uid;
401 node->class_info->num_processed_children = 0;
402
403 (node->class_info->parents).create (4);
404 (node->class_info->children).create (4);
405
406 node->registered = new register_table_type (16);
407
408 node->is_used = false;
409
410 vtbl_map_nodes_vec.safe_push (node);
411 gcc_assert (vtbl_map_nodes_vec[node->uid] == node);
412
413 *slot = node;
414 return node;
415 }
416
417 /* End of hashtable functions for vtable_map variables hash table. */
418
419 /* Given a gimple STMT, this function checks to see if the statement
420 is an assignment, the rhs of which is getting the vtable pointer
421 value out of an object. (i.e. it's the value we need to verify
422 because its the vtable pointer that will be used for a virtual
423 call). */
424
425 static bool
426 is_vtable_assignment_stmt (gimple stmt)
427 {
428
429 if (gimple_code (stmt) != GIMPLE_ASSIGN)
430 return false;
431 else
432 {
433 tree lhs = gimple_assign_lhs (stmt);
434 tree rhs = gimple_assign_rhs1 (stmt);
435
436 if (TREE_CODE (lhs) != SSA_NAME)
437 return false;
438
439 if (TREE_CODE (rhs) != COMPONENT_REF)
440 return false;
441
442 if (! (TREE_OPERAND (rhs, 1))
443 || (TREE_CODE (TREE_OPERAND (rhs, 1)) != FIELD_DECL))
444 return false;
445
446 if (! DECL_VIRTUAL_P (TREE_OPERAND (rhs, 1)))
447 return false;
448 }
449
450 return true;
451 }
452
453 /* This function attempts to recover the declared class of an object
454 that is used in making a virtual call. We try to get the type from
455 the type cast in the gimple assignment statement that extracts the
456 vtable pointer from the object (DEF_STMT). The gimple statement
457 usually looks something like this:
458
459 D.2201_4 = MEM[(struct Event *)this_1(D)]._vptr.Event */
460
461 static tree
462 extract_object_class_type (tree rhs)
463 {
464 tree result = NULL_TREE;
465
466 /* Try to find and extract the type cast from that stmt. */
467 if (TREE_CODE (rhs) == COMPONENT_REF)
468 {
469 tree op0 = TREE_OPERAND (rhs, 0);
470 tree op1 = TREE_OPERAND (rhs, 1);
471
472 if (TREE_CODE (op1) == FIELD_DECL
473 && DECL_VIRTUAL_P (op1))
474 {
475 if (TREE_CODE (op0) == COMPONENT_REF
476 && TREE_CODE (TREE_OPERAND (op0, 0)) == MEM_REF
477 && TREE_CODE (TREE_TYPE (TREE_OPERAND (op0, 0)))== RECORD_TYPE)
478 result = TREE_TYPE (TREE_OPERAND (op0, 0));
479 else
480 result = TREE_TYPE (op0);
481 }
482 else if (TREE_CODE (op0) == COMPONENT_REF)
483 {
484 result = extract_object_class_type (op0);
485 if (result == NULL_TREE
486 && TREE_CODE (op1) == COMPONENT_REF)
487 result = extract_object_class_type (op1);
488 }
489 }
490
491 return result;
492 }
493
494 /* This function traces forward through the def-use chain of an SSA
495 variable to see if it ever gets used in a virtual function call. It
496 returns a boolean indicating whether or not it found a virtual call in
497 the use chain. */
498
499 static bool
500 var_is_used_for_virtual_call_p (tree lhs, int *mem_ref_depth)
501 {
502 imm_use_iterator imm_iter;
503 bool found_vcall = false;
504 use_operand_p use_p;
505
506 if (TREE_CODE (lhs) != SSA_NAME)
507 return false;
508
509 if (*mem_ref_depth > 2)
510 return false;
511
512 /* Iterate through the immediate uses of the current variable. If
513 it's a virtual function call, we're done. Otherwise, if there's
514 an LHS for the use stmt, add the ssa var to the work list
515 (assuming it's not already in the list and is not a variable
516 we've already examined. */
517
518 FOR_EACH_IMM_USE_FAST (use_p, imm_iter, lhs)
519 {
520 gimple stmt2 = USE_STMT (use_p);
521
522 if (is_gimple_call (stmt2))
523 {
524 tree fncall = gimple_call_fn (stmt2);
525 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
526 found_vcall = true;
527 else
528 return false;
529 }
530 else if (gimple_code (stmt2) == GIMPLE_PHI)
531 {
532 found_vcall = var_is_used_for_virtual_call_p
533 (gimple_phi_result (stmt2),
534 mem_ref_depth);
535 }
536 else if (is_gimple_assign (stmt2))
537 {
538 tree rhs = gimple_assign_rhs1 (stmt2);
539 if (TREE_CODE (rhs) == ADDR_EXPR
540 || TREE_CODE (rhs) == MEM_REF)
541 *mem_ref_depth = *mem_ref_depth + 1;
542
543 if (TREE_CODE (rhs) == COMPONENT_REF)
544 {
545 while (TREE_CODE (TREE_OPERAND (rhs, 0)) == COMPONENT_REF)
546 rhs = TREE_OPERAND (rhs, 0);
547
548 if (TREE_CODE (TREE_OPERAND (rhs, 0)) == ADDR_EXPR
549 || TREE_CODE (TREE_OPERAND (rhs, 0)) == MEM_REF)
550 *mem_ref_depth = *mem_ref_depth + 1;
551 }
552
553 if (*mem_ref_depth < 3)
554 found_vcall = var_is_used_for_virtual_call_p
555 (gimple_assign_lhs (stmt2),
556 mem_ref_depth);
557 }
558
559 else
560 break;
561
562 if (found_vcall)
563 return true;
564 }
565
566 return false;
567 }
568
569 /* Search through all the statements in a basic block (BB), searching
570 for virtual method calls. For each virtual method dispatch, find
571 the vptr value used, and the statically declared type of the
572 object; retrieve the vtable map variable for the type of the
573 object; generate a call to __VLTVerifyVtablePointer; and insert the
574 generated call into the basic block, after the point where the vptr
575 value is gotten out of the object and before the virtual method
576 dispatch. Make the virtual method dispatch depend on the return
577 value from the verification call, so that subsequent optimizations
578 cannot reorder the two calls. */
579
580 static void
581 verify_bb_vtables (basic_block bb)
582 {
583 gimple_seq stmts;
584 gimple stmt = NULL;
585 gimple_stmt_iterator gsi_vtbl_assign;
586 gimple_stmt_iterator gsi_virtual_call;
587
588 stmts = bb_seq (bb);
589 gsi_virtual_call = gsi_start (stmts);
590 for (; !gsi_end_p (gsi_virtual_call); gsi_next (&gsi_virtual_call))
591 {
592 stmt = gsi_stmt (gsi_virtual_call);
593
594 /* Count virtual calls. */
595 if (is_gimple_call (stmt))
596 {
597 tree fncall = gimple_call_fn (stmt);
598 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
599 total_num_virtual_calls++;
600 }
601
602 if (is_vtable_assignment_stmt (stmt))
603 {
604 tree lhs = gimple_assign_lhs (stmt);
605 tree vtbl_var_decl = NULL_TREE;
606 struct vtbl_map_node *vtable_map_node;
607 tree vtbl_decl = NULL_TREE;
608 gcall *call_stmt;
609 const char *vtable_name = "<unknown>";
610 tree tmp0;
611 bool found;
612 int mem_ref_depth = 0;
613
614 /* Make sure this vptr field access is for a virtual call. */
615 if (!var_is_used_for_virtual_call_p (lhs, &mem_ref_depth))
616 continue;
617
618 /* Now we have found the virtual method dispatch and
619 the preceding access of the _vptr.* field... Next
620 we need to find the statically declared type of
621 the object, so we can find and use the right
622 vtable map variable in the verification call. */
623 tree class_type = extract_object_class_type
624 (gimple_assign_rhs1 (stmt));
625
626 gsi_vtbl_assign = gsi_for_stmt (stmt);
627
628 if (class_type
629 && (TREE_CODE (class_type) == RECORD_TYPE)
630 && TYPE_BINFO (class_type))
631 {
632 /* Get the vtable VAR_DECL for the type. */
633 vtbl_var_decl = BINFO_VTABLE (TYPE_BINFO (class_type));
634
635 if (TREE_CODE (vtbl_var_decl) == POINTER_PLUS_EXPR)
636 vtbl_var_decl = TREE_OPERAND (TREE_OPERAND (vtbl_var_decl, 0),
637 0);
638
639 gcc_assert (vtbl_var_decl);
640
641 vtbl_decl = vtbl_var_decl;
642 vtable_map_node = vtbl_map_get_node
643 (TYPE_MAIN_VARIANT (class_type));
644
645 gcc_assert (verify_vtbl_ptr_fndecl);
646
647 /* Given the vtable pointer for the base class of the
648 object, build the call to __VLTVerifyVtablePointer to
649 verify that the object's vtable pointer (contained in
650 lhs) is in the set of valid vtable pointers for the
651 base class. */
652
653 if (vtable_map_node && vtable_map_node->vtbl_map_decl)
654 {
655 vtable_map_node->is_used = true;
656 vtbl_var_decl = vtable_map_node->vtbl_map_decl;
657
658 if (TREE_CODE (vtbl_decl) == VAR_DECL)
659 vtable_name = IDENTIFIER_POINTER (DECL_NAME (vtbl_decl));
660
661 /* Call different routines if we are interested in
662 trace information to debug problems. */
663 if (flag_vtv_debug)
664 {
665 int len1 = IDENTIFIER_LENGTH
666 (DECL_NAME (vtbl_var_decl));
667 int len2 = strlen (vtable_name);
668
669 call_stmt = gimple_build_call
670 (verify_vtbl_ptr_fndecl, 4,
671 build1 (ADDR_EXPR,
672 TYPE_POINTER_TO
673 (TREE_TYPE (vtbl_var_decl)),
674 vtbl_var_decl),
675 lhs,
676 build_string_literal
677 (len1 + 1,
678 IDENTIFIER_POINTER
679 (DECL_NAME
680 (vtbl_var_decl))),
681 build_string_literal (len2 + 1,
682 vtable_name));
683 }
684 else
685 call_stmt = gimple_build_call
686 (verify_vtbl_ptr_fndecl, 2,
687 build1 (ADDR_EXPR,
688 TYPE_POINTER_TO
689 (TREE_TYPE (vtbl_var_decl)),
690 vtbl_var_decl),
691 lhs);
692
693
694 /* Create a new SSA_NAME var to hold the call's
695 return value, and make the call_stmt use the
696 variable for that purpose. */
697 tmp0 = make_temp_ssa_name (TREE_TYPE (lhs), NULL, "VTV");
698 gimple_call_set_lhs (call_stmt, tmp0);
699 update_stmt (call_stmt);
700
701 /* Replace all uses of lhs with tmp0. */
702 found = false;
703 imm_use_iterator iterator;
704 gimple use_stmt;
705 FOR_EACH_IMM_USE_STMT (use_stmt, iterator, lhs)
706 {
707 use_operand_p use_p;
708 if (use_stmt == call_stmt)
709 continue;
710 FOR_EACH_IMM_USE_ON_STMT (use_p, iterator)
711 SET_USE (use_p, tmp0);
712 update_stmt (use_stmt);
713 found = true;
714 }
715
716 gcc_assert (found);
717
718 /* Insert the new verification call just after the
719 statement that gets the vtable pointer out of the
720 object. */
721 gcc_assert (gsi_stmt (gsi_vtbl_assign) == stmt);
722 gsi_insert_after (&gsi_vtbl_assign, call_stmt,
723 GSI_NEW_STMT);
724
725 any_verification_calls_generated = true;
726 total_num_verified_vcalls++;
727 }
728 }
729 }
730 }
731 }
732
733 /* Definition of this optimization pass. */
734
735 namespace {
736
737 const pass_data pass_data_vtable_verify =
738 {
739 GIMPLE_PASS, /* type */
740 "vtable-verify", /* name */
741 OPTGROUP_NONE, /* optinfo_flags */
742 TV_VTABLE_VERIFICATION, /* tv_id */
743 ( PROP_cfg | PROP_ssa ), /* properties_required */
744 0, /* properties_provided */
745 0, /* properties_destroyed */
746 0, /* todo_flags_start */
747 TODO_update_ssa, /* todo_flags_finish */
748 };
749
750 class pass_vtable_verify : public gimple_opt_pass
751 {
752 public:
753 pass_vtable_verify (gcc::context *ctxt)
754 : gimple_opt_pass (pass_data_vtable_verify, ctxt)
755 {}
756
757 /* opt_pass methods: */
758 virtual bool gate (function *) { return (flag_vtable_verify); }
759 virtual unsigned int execute (function *);
760
761 }; // class pass_vtable_verify
762
763 /* Loop through all the basic blocks in the current function, passing them to
764 verify_bb_vtables, which searches for virtual calls, and inserts
765 calls to __VLTVerifyVtablePointer. */
766
767 unsigned int
768 pass_vtable_verify::execute (function *fun)
769 {
770 unsigned int ret = 1;
771 basic_block bb;
772
773 FOR_ALL_BB_FN (bb, fun)
774 verify_bb_vtables (bb);
775
776 return ret;
777 }
778
779 } // anon namespace
780
781 gimple_opt_pass *
782 make_pass_vtable_verify (gcc::context *ctxt)
783 {
784 return new pass_vtable_verify (ctxt);
785 }
786
787 #include "gt-vtable-verify.h"
Mirror of https://gcc.gnu.org/git/gcc.git