1 /* AddressSanitizer, a fast memory error detector. 2 Copyright (C) 2011-2020 Free Software Foundation, Inc. 3 Contributed by Kostya Serebryany <kcc@google.com> 4 5 This file is part of GCC. 6 7 GCC is free software; you can redistribute it and/or modify it under 8 the terms of the GNU General Public License as published by the Free 9 Software Foundation; either version 3, or (at your option) any later 10 version. 11 12 GCC is distributed in the hope that it will be useful, but WITHOUT ANY 13 WARRANTY; without even the implied warranty of MERCHANTABILITY or 14 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 15 for more details. 16 17 You should have received a copy of the GNU General Public License 18 along with GCC; see the file COPYING3. If not see 19 <http://www.gnu.org/licenses/>. */ 20 21 #ifndef TREE_ASAN 22 #define TREE_ASAN 23 24 extern void asan_function_start (void); 25 extern void asan_finish_file (void); 26 extern rtx_insn *asan_emit_stack_protection (rtx, rtx, unsigned int, 27 HOST_WIDE_INT *, tree *, int); 28 extern rtx_insn *asan_emit_allocas_unpoison (rtx, rtx, rtx_insn *); 29 extern bool asan_protect_global (tree, bool ignore_decl_rtl_set_p = false); 30 extern void initialize_sanitizer_builtins (void); 31 extern tree asan_dynamic_init_call (bool); 32 extern bool asan_expand_check_ifn (gimple_stmt_iterator *, bool); 33 extern bool asan_expand_mark_ifn (gimple_stmt_iterator *); 34 extern bool asan_expand_poison_ifn (gimple_stmt_iterator *, bool *, 35 hash_map<tree, tree> &); 36 37 extern gimple_stmt_iterator create_cond_insert_point 38 (gimple_stmt_iterator *, bool, bool, bool, basic_block *, basic_block *); 39 40 /* Alias set for accessing the shadow memory. */ 41 extern alias_set_type asan_shadow_set; 42 43 /* Hash set of labels that are either used in a goto, or their address 44 has been taken. */ 45 extern hash_set <tree> *asan_used_labels; 46 47 /* Shadow memory is found at 48 (address >> ASAN_SHADOW_SHIFT) + asan_shadow_offset (). */ 49 #define ASAN_SHADOW_SHIFT 3 50 #define ASAN_SHADOW_GRANULARITY (1UL << ASAN_SHADOW_SHIFT) 51 52 /* Red zone size, stack and global variables are padded by ASAN_RED_ZONE_SIZE 53 up to 2 * ASAN_RED_ZONE_SIZE - 1 bytes. */ 54 #define ASAN_RED_ZONE_SIZE 32 55 56 /* Stack variable use more compact red zones. The size includes also 57 size of variable itself. */ 58 59 #define ASAN_MIN_RED_ZONE_SIZE 16 60 61 /* Shadow memory values for stack protection. Left is below protected vars, 62 the first pointer in stack corresponding to that offset contains 63 ASAN_STACK_FRAME_MAGIC word, the second pointer to a string describing 64 the frame. Middle is for padding in between variables, right is 65 above the last protected variable and partial immediately after variables 66 up to ASAN_RED_ZONE_SIZE alignment. */ 67 #define ASAN_STACK_MAGIC_LEFT 0xf1 68 #define ASAN_STACK_MAGIC_MIDDLE 0xf2 69 #define ASAN_STACK_MAGIC_RIGHT 0xf3 70 #define ASAN_STACK_MAGIC_USE_AFTER_RET 0xf5 71 #define ASAN_STACK_MAGIC_USE_AFTER_SCOPE 0xf8 72 73 #define ASAN_STACK_FRAME_MAGIC 0x41b58ab3 74 #define ASAN_STACK_RETIRED_MAGIC 0x45e0360e 75 76 #define ASAN_USE_AFTER_SCOPE_ATTRIBUTE "use after scope memory" 77 78 /* Various flags for Asan builtins. */ 79 enum asan_check_flags 80 { 81 ASAN_CHECK_STORE = 1 << 0, 82 ASAN_CHECK_SCALAR_ACCESS = 1 << 1, 83 ASAN_CHECK_NON_ZERO_LEN = 1 << 2, 84 ASAN_CHECK_LAST = 1 << 3 85 }; 86 87 /* Flags for Asan check builtins. */ 88 #define IFN_ASAN_MARK_FLAGS DEF(POISON), DEF(UNPOISON) 89 90 enum asan_mark_flags 91 { 92 #define DEF(X) ASAN_MARK_##X 93 IFN_ASAN_MARK_FLAGS 94 #undef DEF 95 }; 96 97 /* Return true if STMT is ASAN_MARK with FLAG as first argument. */ 98 extern bool asan_mark_p (gimple *stmt, enum asan_mark_flags flag); 99 100 /* Return the size of padding needed to insert after a protected 101 decl of SIZE. */ 102 103 static inline unsigned int 104 asan_red_zone_size (unsigned int size) 105 { 106 unsigned int c = size & (ASAN_RED_ZONE_SIZE - 1); 107 return c ? 2 * ASAN_RED_ZONE_SIZE - c : ASAN_RED_ZONE_SIZE; 108 } 109 110 /* Return how much a stack variable occupis on a stack 111 including a space for red zone. */ 112 113 static inline unsigned HOST_WIDE_INT 114 asan_var_and_redzone_size (unsigned HOST_WIDE_INT size) 115 { 116 if (size <= 4) 117 return 16; 118 else if (size <= 16) 119 return 32; 120 else if (size <= 128) 121 return size + 32; 122 else if (size <= 512) 123 return size + 64; 124 else if (size <= 4096) 125 return size + 128; 126 else 127 return size + 256; 128 } 129 130 extern bool set_asan_shadow_offset (const char *); 131 132 extern bool asan_shadow_offset_set_p (); 133 134 extern void set_sanitized_sections (const char *); 135 136 extern bool asan_sanitize_stack_p (void); 137 138 extern bool asan_sanitize_allocas_p (void); 139 140 extern hash_set<tree> *asan_handled_variables; 141 142 /* Return TRUE if builtin with given FCODE will be intercepted by 143 libasan. */ 144 145 static inline bool 146 asan_intercepted_p (enum built_in_function fcode) 147 { 148 return fcode == BUILT_IN_INDEX 149 || fcode == BUILT_IN_MEMCHR 150 || fcode == BUILT_IN_MEMCMP 151 || fcode == BUILT_IN_MEMCPY 152 || fcode == BUILT_IN_MEMMOVE 153 || fcode == BUILT_IN_MEMSET 154 || fcode == BUILT_IN_STRCASECMP 155 || fcode == BUILT_IN_STRCAT 156 || fcode == BUILT_IN_STRCHR 157 || fcode == BUILT_IN_STRCMP 158 || fcode == BUILT_IN_STRCPY 159 || fcode == BUILT_IN_STRDUP 160 || fcode == BUILT_IN_STRLEN 161 || fcode == BUILT_IN_STRNCASECMP 162 || fcode == BUILT_IN_STRNCAT 163 || fcode == BUILT_IN_STRNCMP 164 || fcode == BUILT_IN_STRCSPN 165 || fcode == BUILT_IN_STRPBRK 166 || fcode == BUILT_IN_STRSPN 167 || fcode == BUILT_IN_STRSTR 168 || fcode == BUILT_IN_STRNCPY; 169 } 170 171 /* Return TRUE if we should instrument for use-after-scope sanity checking. */ 172 173 static inline bool 174 asan_sanitize_use_after_scope (void) 175 { 176 return (flag_sanitize_address_use_after_scope && asan_sanitize_stack_p ()); 177 } 178 179 /* Return true if DECL should be guarded on the stack. */ 180 181 static inline bool 182 asan_protect_stack_decl (tree decl) 183 { 184 return DECL_P (decl) 185 && (!DECL_ARTIFICIAL (decl) 186 || (asan_sanitize_use_after_scope () && TREE_ADDRESSABLE (decl))); 187 } 188 189 /* Return true when flag_sanitize & FLAG is non-zero. If FN is non-null, 190 remove all flags mentioned in "no_sanitize" of DECL_ATTRIBUTES. */ 191 192 static inline bool 193 sanitize_flags_p (unsigned int flag, const_tree fn = current_function_decl) 194 { 195 unsigned int result_flags = flag_sanitize & flag; 196 if (result_flags == 0) 197 return false; 198 199 if (fn != NULL_TREE) 200 { 201 tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn)); 202 if (value) 203 result_flags &= ~tree_to_uhwi (TREE_VALUE (value)); 204 } 205 206 return result_flags; 207 } 208 209 #endif /* TREE_ASAN */ 210