111
|
1 /* AddressSanitizer, a fast memory error detector.
|
131
|
2 Copyright (C) 2011-2018 Free Software Foundation, Inc.
|
111
|
3 Contributed by Kostya Serebryany <kcc@google.com>
|
|
4
|
|
5 This file is part of GCC.
|
|
6
|
|
7 GCC is free software; you can redistribute it and/or modify it under
|
|
8 the terms of the GNU General Public License as published by the Free
|
|
9 Software Foundation; either version 3, or (at your option) any later
|
|
10 version.
|
|
11
|
|
12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
13 WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
15 for more details.
|
|
16
|
|
17 You should have received a copy of the GNU General Public License
|
|
18 along with GCC; see the file COPYING3. If not see
|
|
19 <http://www.gnu.org/licenses/>. */
|
|
20
|
|
21 #ifndef TREE_ASAN
|
|
22 #define TREE_ASAN
|
|
23
|
|
24 extern void asan_function_start (void);
|
|
25 extern void asan_finish_file (void);
|
|
26 extern rtx_insn *asan_emit_stack_protection (rtx, rtx, unsigned int,
|
|
27 HOST_WIDE_INT *, tree *, int);
|
|
28 extern rtx_insn *asan_emit_allocas_unpoison (rtx, rtx, rtx_insn *);
|
131
|
29 extern bool asan_protect_global (tree, bool ignore_decl_rtl_set_p = false);
|
111
|
30 extern void initialize_sanitizer_builtins (void);
|
|
31 extern tree asan_dynamic_init_call (bool);
|
|
32 extern bool asan_expand_check_ifn (gimple_stmt_iterator *, bool);
|
|
33 extern bool asan_expand_mark_ifn (gimple_stmt_iterator *);
|
|
34 extern bool asan_expand_poison_ifn (gimple_stmt_iterator *, bool *,
|
|
35 hash_map<tree, tree> &);
|
|
36
|
|
37 extern gimple_stmt_iterator create_cond_insert_point
|
|
38 (gimple_stmt_iterator *, bool, bool, bool, basic_block *, basic_block *);
|
|
39
|
|
40 /* Alias set for accessing the shadow memory. */
|
|
41 extern alias_set_type asan_shadow_set;
|
|
42
|
|
43 /* Hash set of labels that are either used in a goto, or their address
|
|
44 has been taken. */
|
|
45 extern hash_set <tree> *asan_used_labels;
|
|
46
|
|
47 /* Shadow memory is found at
|
|
48 (address >> ASAN_SHADOW_SHIFT) + asan_shadow_offset (). */
|
|
49 #define ASAN_SHADOW_SHIFT 3
|
|
50 #define ASAN_SHADOW_GRANULARITY (1UL << ASAN_SHADOW_SHIFT)
|
|
51
|
|
52 /* Red zone size, stack and global variables are padded by ASAN_RED_ZONE_SIZE
|
|
53 up to 2 * ASAN_RED_ZONE_SIZE - 1 bytes. */
|
|
54 #define ASAN_RED_ZONE_SIZE 32
|
|
55
|
|
56 /* Shadow memory values for stack protection. Left is below protected vars,
|
|
57 the first pointer in stack corresponding to that offset contains
|
|
58 ASAN_STACK_FRAME_MAGIC word, the second pointer to a string describing
|
|
59 the frame. Middle is for padding in between variables, right is
|
|
60 above the last protected variable and partial immediately after variables
|
|
61 up to ASAN_RED_ZONE_SIZE alignment. */
|
|
62 #define ASAN_STACK_MAGIC_LEFT 0xf1
|
|
63 #define ASAN_STACK_MAGIC_MIDDLE 0xf2
|
|
64 #define ASAN_STACK_MAGIC_RIGHT 0xf3
|
|
65 #define ASAN_STACK_MAGIC_USE_AFTER_RET 0xf5
|
|
66 #define ASAN_STACK_MAGIC_USE_AFTER_SCOPE 0xf8
|
|
67
|
|
68 #define ASAN_STACK_FRAME_MAGIC 0x41b58ab3
|
|
69 #define ASAN_STACK_RETIRED_MAGIC 0x45e0360e
|
|
70
|
|
71 #define ASAN_USE_AFTER_SCOPE_ATTRIBUTE "use after scope memory"
|
|
72
|
|
73 /* Various flags for Asan builtins. */
|
|
74 enum asan_check_flags
|
|
75 {
|
|
76 ASAN_CHECK_STORE = 1 << 0,
|
|
77 ASAN_CHECK_SCALAR_ACCESS = 1 << 1,
|
|
78 ASAN_CHECK_NON_ZERO_LEN = 1 << 2,
|
|
79 ASAN_CHECK_LAST = 1 << 3
|
|
80 };
|
|
81
|
|
82 /* Flags for Asan check builtins. */
|
|
83 #define IFN_ASAN_MARK_FLAGS DEF(POISON), DEF(UNPOISON)
|
|
84
|
|
85 enum asan_mark_flags
|
|
86 {
|
|
87 #define DEF(X) ASAN_MARK_##X
|
|
88 IFN_ASAN_MARK_FLAGS
|
|
89 #undef DEF
|
|
90 };
|
|
91
|
|
92 /* Return true if STMT is ASAN_MARK with FLAG as first argument. */
|
|
93 extern bool asan_mark_p (gimple *stmt, enum asan_mark_flags flag);
|
|
94
|
|
95 /* Return the size of padding needed to insert after a protected
|
|
96 decl of SIZE. */
|
|
97
|
|
98 static inline unsigned int
|
|
99 asan_red_zone_size (unsigned int size)
|
|
100 {
|
|
101 unsigned int c = size & (ASAN_RED_ZONE_SIZE - 1);
|
|
102 return c ? 2 * ASAN_RED_ZONE_SIZE - c : ASAN_RED_ZONE_SIZE;
|
|
103 }
|
|
104
|
|
105 extern bool set_asan_shadow_offset (const char *);
|
|
106
|
|
107 extern void set_sanitized_sections (const char *);
|
|
108
|
|
109 extern bool asan_sanitize_stack_p (void);
|
|
110
|
|
111 extern bool asan_sanitize_allocas_p (void);
|
|
112
|
131
|
113 extern hash_set<tree> *asan_handled_variables;
|
|
114
|
111
|
115 /* Return TRUE if builtin with given FCODE will be intercepted by
|
|
116 libasan. */
|
|
117
|
|
118 static inline bool
|
|
119 asan_intercepted_p (enum built_in_function fcode)
|
|
120 {
|
|
121 return fcode == BUILT_IN_INDEX
|
|
122 || fcode == BUILT_IN_MEMCHR
|
|
123 || fcode == BUILT_IN_MEMCMP
|
|
124 || fcode == BUILT_IN_MEMCPY
|
|
125 || fcode == BUILT_IN_MEMMOVE
|
|
126 || fcode == BUILT_IN_MEMSET
|
|
127 || fcode == BUILT_IN_STRCASECMP
|
|
128 || fcode == BUILT_IN_STRCAT
|
|
129 || fcode == BUILT_IN_STRCHR
|
|
130 || fcode == BUILT_IN_STRCMP
|
|
131 || fcode == BUILT_IN_STRCPY
|
|
132 || fcode == BUILT_IN_STRDUP
|
|
133 || fcode == BUILT_IN_STRLEN
|
|
134 || fcode == BUILT_IN_STRNCASECMP
|
|
135 || fcode == BUILT_IN_STRNCAT
|
|
136 || fcode == BUILT_IN_STRNCMP
|
|
137 || fcode == BUILT_IN_STRCSPN
|
|
138 || fcode == BUILT_IN_STRPBRK
|
|
139 || fcode == BUILT_IN_STRSPN
|
|
140 || fcode == BUILT_IN_STRSTR
|
|
141 || fcode == BUILT_IN_STRNCPY;
|
|
142 }
|
|
143
|
|
144 /* Return TRUE if we should instrument for use-after-scope sanity checking. */
|
|
145
|
|
146 static inline bool
|
|
147 asan_sanitize_use_after_scope (void)
|
|
148 {
|
|
149 return (flag_sanitize_address_use_after_scope && asan_sanitize_stack_p ());
|
|
150 }
|
|
151
|
|
152 /* Return true if DECL should be guarded on the stack. */
|
|
153
|
|
154 static inline bool
|
|
155 asan_protect_stack_decl (tree decl)
|
|
156 {
|
|
157 return DECL_P (decl)
|
|
158 && (!DECL_ARTIFICIAL (decl)
|
|
159 || (asan_sanitize_use_after_scope () && TREE_ADDRESSABLE (decl)));
|
|
160 }
|
|
161
|
|
162 /* Return true when flag_sanitize & FLAG is non-zero. If FN is non-null,
|
|
163 remove all flags mentioned in "no_sanitize" of DECL_ATTRIBUTES. */
|
|
164
|
|
165 static inline bool
|
|
166 sanitize_flags_p (unsigned int flag, const_tree fn = current_function_decl)
|
|
167 {
|
|
168 unsigned int result_flags = flag_sanitize & flag;
|
|
169 if (result_flags == 0)
|
|
170 return false;
|
|
171
|
|
172 if (fn != NULL_TREE)
|
|
173 {
|
|
174 tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
|
|
175 if (value)
|
|
176 result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
|
|
177 }
|
|
178
|
|
179 return result_flags;
|
|
180 }
|
|
181
|
|
182 #endif /* TREE_ASAN */
|