Line data Source code
1 : /* AddressSanitizer, a fast memory error detector.
2 : Copyright (C) 2011-2026 Free Software Foundation, Inc.
3 : Contributed by Kostya Serebryany <kcc@google.com>
4 :
5 : This file is part of GCC.
6 :
7 : GCC is free software; you can redistribute it and/or modify it under
8 : the terms of the GNU General Public License as published by the Free
9 : Software Foundation; either version 3, or (at your option) any later
10 : version.
11 :
12 : GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13 : WARRANTY; without even the implied warranty of MERCHANTABILITY or
14 : FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 : for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with GCC; see the file COPYING3. If not see
19 : <http://www.gnu.org/licenses/>. */
20 :
21 : #ifndef TREE_ASAN
22 : #define TREE_ASAN
23 :
24 : extern void asan_function_start (void);
25 : extern void asan_finish_file (void);
26 : extern rtx_insn *asan_emit_stack_protection (rtx, rtx, unsigned int,
27 : HOST_WIDE_INT *, tree *, int);
28 : extern rtx_insn *asan_emit_allocas_unpoison (rtx, rtx, rtx_insn *);
29 : extern bool asan_protect_global (tree, bool ignore_decl_rtl_set_p = false);
30 : extern void initialize_sanitizer_builtins (void);
31 : extern tree asan_dynamic_init_call (bool);
32 : extern bool asan_expand_check_ifn (gimple_stmt_iterator *, bool);
33 : extern bool asan_expand_mark_ifn (gimple_stmt_iterator *);
34 : extern bool asan_expand_poison_ifn (gimple_stmt_iterator *, bool *,
35 : hash_map<tree, tree> &);
36 : extern rtx asan_memfn_rtl (tree);
37 :
38 : extern void
39 : asan_maybe_insert_dynamic_shadow_at_function_entry (function *);
40 :
41 : extern void hwasan_record_frame_init ();
42 : extern void hwasan_record_stack_var (rtx, rtx, poly_int64, poly_int64);
43 : extern void hwasan_emit_prologue ();
44 : extern rtx_insn *hwasan_emit_untag_frame (rtx, rtx);
45 : extern rtx hwasan_get_frame_extent ();
46 : extern rtx hwasan_frame_base ();
47 : extern void hwasan_maybe_emit_frame_base_init (void);
48 : extern bool stack_vars_base_reg_p (rtx);
49 : extern uint8_t hwasan_current_frame_tag ();
50 : extern void hwasan_increment_frame_tag ();
51 : extern rtx hwasan_truncate_to_tag_size (rtx, rtx);
52 : extern void hwasan_finish_file (void);
53 : extern bool hwasan_sanitize_p (void);
54 : extern bool hwasan_sanitize_stack_p (void);
55 : extern bool hwasan_sanitize_allocas_p (void);
56 : extern bool hwasan_expand_check_ifn (gimple_stmt_iterator *, bool);
57 : extern bool hwasan_expand_mark_ifn (gimple_stmt_iterator *);
58 : extern bool gate_hwasan (void);
59 :
60 : extern bool memtag_sanitize_p (void);
61 : extern bool memtag_sanitize_stack_p (void);
62 : extern bool memtag_sanitize_allocas_p (void);
63 : extern bool gate_memtag (void);
64 :
65 : bool hwassist_sanitize_p (void);
66 : bool hwassist_sanitize_stack_p (void);
67 :
68 : extern gimple_stmt_iterator create_cond_insert_point
69 : (gimple_stmt_iterator *, bool, bool, bool, basic_block *, basic_block *);
70 :
71 : /* Alias set for accessing the shadow memory. */
72 : extern alias_set_type asan_shadow_set;
73 :
74 : /* Hash set of labels that are either used in a goto, or their address
75 : has been taken. */
76 : extern hash_set <tree> *asan_used_labels;
77 :
78 : /* Shadow memory is found at
79 : (address >> ASAN_SHADOW_SHIFT) + asan_shadow_offset (). */
80 : #define ASAN_SHADOW_SHIFT 3
81 : #define ASAN_SHADOW_GRANULARITY (1UL << ASAN_SHADOW_SHIFT)
82 :
83 : /* Red zone size, stack and global variables are padded by ASAN_RED_ZONE_SIZE
84 : up to 2 * ASAN_RED_ZONE_SIZE - 1 bytes. */
85 : #define ASAN_RED_ZONE_SIZE 32
86 :
87 : /* Stack variable use more compact red zones. The size includes also
88 : size of variable itself. */
89 :
90 : #define ASAN_MIN_RED_ZONE_SIZE 16
91 :
92 : /* Shadow memory values for stack protection. Left is below protected vars,
93 : the first pointer in stack corresponding to that offset contains
94 : ASAN_STACK_FRAME_MAGIC word, the second pointer to a string describing
95 : the frame. Middle is for padding in between variables, right is
96 : above the last protected variable and partial immediately after variables
97 : up to ASAN_RED_ZONE_SIZE alignment. */
98 : #define ASAN_STACK_MAGIC_LEFT 0xf1
99 : #define ASAN_STACK_MAGIC_MIDDLE 0xf2
100 : #define ASAN_STACK_MAGIC_RIGHT 0xf3
101 : #define ASAN_STACK_MAGIC_USE_AFTER_RET 0xf5
102 : #define ASAN_STACK_MAGIC_USE_AFTER_SCOPE 0xf8
103 :
104 : #define ASAN_STACK_FRAME_MAGIC 0x41b58ab3
105 : #define ASAN_STACK_RETIRED_MAGIC 0x45e0360e
106 :
107 : #define ASAN_USE_AFTER_SCOPE_ATTRIBUTE "use after scope memory"
108 :
109 : /* NOTE: The values below and the hooks under targetm.memtag define an ABI and
110 : are hard-coded to these values in libhwasan, hence they can't be changed
111 : independently here. */
112 : /* How many bits are used to store a tag in a pointer.
113 : The default version uses the entire top byte of a pointer (i.e. 8 bits). */
114 : #define HWASAN_TAG_SIZE targetm.memtag.tag_bitsize ()
115 : /* Tag Granule of HWASAN shadow stack.
116 : This is the size in real memory that each byte in the shadow memory refers
117 : to. I.e. if a variable is X bytes long in memory then its tag in shadow
118 : memory will span X / HWASAN_TAG_GRANULE_SIZE bytes.
119 : Most variables will need to be aligned to this amount since two variables
120 : that are neighbors in memory and share a tag granule would need to share the
121 : same tag (the shared tag granule can only store one tag). */
122 : #define HWASAN_TAG_GRANULE_SIZE targetm.memtag.granule_size ()
123 : /* Define the tag for the stack background.
124 : This defines what tag the stack pointer will be and hence what tag all
125 : variables that are not given special tags are (e.g. spilled registers,
126 : and parameters passed on the stack). */
127 : #define HWASAN_STACK_BACKGROUND gen_int_mode (0, QImode)
128 :
129 : /* Various flags for Asan builtins. */
130 : enum asan_check_flags
131 : {
132 : ASAN_CHECK_STORE = 1 << 0,
133 : ASAN_CHECK_SCALAR_ACCESS = 1 << 1,
134 : ASAN_CHECK_NON_ZERO_LEN = 1 << 2,
135 : ASAN_CHECK_LAST = 1 << 3
136 : };
137 :
138 : /* Flags for Asan check builtins. */
139 : #define IFN_ASAN_MARK_FLAGS DEF(POISON), DEF(UNPOISON)
140 :
141 : enum asan_mark_flags
142 : {
143 : #define DEF(X) ASAN_MARK_##X
144 : IFN_ASAN_MARK_FLAGS
145 : #undef DEF
146 : };
147 :
148 : /* Return true if STMT is ASAN_MARK with FLAG as first argument. */
149 : extern bool asan_mark_p (gimple *stmt, enum asan_mark_flags flag);
150 :
151 : /* Return the size of padding needed to insert after a protected
152 : decl of SIZE. */
153 :
154 : inline unsigned int
155 7816 : asan_red_zone_size (unsigned int size)
156 : {
157 7816 : unsigned int c = size & (ASAN_RED_ZONE_SIZE - 1);
158 7816 : return c ? 2 * ASAN_RED_ZONE_SIZE - c : ASAN_RED_ZONE_SIZE;
159 : }
160 :
161 : /* Return how much a stack variable occupis on a stack
162 : including a space for red zone. */
163 :
164 : inline unsigned HOST_WIDE_INT
165 2998 : asan_var_and_redzone_size (unsigned HOST_WIDE_INT size)
166 : {
167 2998 : if (size <= 4)
168 : return 16;
169 1746 : else if (size <= 16)
170 : return 32;
171 950 : else if (size <= 128)
172 738 : return size + 32;
173 212 : else if (size <= 512)
174 89 : return size + 64;
175 123 : else if (size <= 4096)
176 40 : return size + 128;
177 : else
178 83 : return size + 256;
179 : }
180 :
181 : extern bool set_asan_shadow_offset (const char *);
182 :
183 : extern bool asan_shadow_offset_set_p ();
184 :
185 : extern void set_sanitized_sections (const char *);
186 :
187 : extern bool asan_sanitize_stack_p (void);
188 :
189 : extern bool asan_sanitize_allocas_p (void);
190 :
191 : extern hash_set<tree> *asan_handled_variables;
192 :
193 : /* Return TRUE if builtin with given FCODE will be intercepted by
194 : libasan. */
195 :
196 : inline bool
197 26988 : asan_intercepted_p (enum built_in_function fcode)
198 : {
199 : /* This list should be kept up-to-date with upstream's version at
200 : compiler-rt/lib/hwasan/hwasan_platform_interceptors.h. */
201 26988 : if (hwasan_sanitize_p ())
202 642 : return fcode == BUILT_IN_MEMCMP
203 : || fcode == BUILT_IN_MEMCPY
204 642 : || fcode == BUILT_IN_MEMMOVE
205 642 : || fcode == BUILT_IN_MEMSET;
206 :
207 26346 : return fcode == BUILT_IN_INDEX
208 : || fcode == BUILT_IN_MEMCHR
209 : || fcode == BUILT_IN_MEMCMP
210 : || fcode == BUILT_IN_MEMCPY
211 26346 : || fcode == BUILT_IN_MEMMOVE
212 26346 : || fcode == BUILT_IN_MEMSET
213 : || fcode == BUILT_IN_STRCASECMP
214 : || fcode == BUILT_IN_STRCAT
215 : || fcode == BUILT_IN_STRCHR
216 : || fcode == BUILT_IN_STRCMP
217 : || fcode == BUILT_IN_STRCPY
218 : || fcode == BUILT_IN_STRDUP
219 : || fcode == BUILT_IN_STRLEN
220 : || fcode == BUILT_IN_STRNCASECMP
221 : || fcode == BUILT_IN_STRNCAT
222 : || fcode == BUILT_IN_STRNCMP
223 : || fcode == BUILT_IN_STRCSPN
224 : || fcode == BUILT_IN_STRPBRK
225 : || fcode == BUILT_IN_STRSPN
226 : || fcode == BUILT_IN_STRSTR
227 : || fcode == BUILT_IN_STRNCPY;
228 : }
229 :
230 : /* Return TRUE if we should instrument for use-after-scope sanity checking. */
231 :
232 : inline bool
233 22717746 : asan_sanitize_use_after_scope (void)
234 : {
235 22717746 : return (flag_sanitize_address_use_after_scope
236 22717746 : && (asan_sanitize_stack_p () || hwassist_sanitize_stack_p ()));
237 : }
238 :
239 : /* Return true if DECL should be guarded on the stack. */
240 :
241 : inline bool
242 6595 : asan_protect_stack_decl (tree decl)
243 : {
244 6595 : return DECL_P (decl)
245 6595 : && (!DECL_ARTIFICIAL (decl)
246 1678 : || (asan_sanitize_use_after_scope () && TREE_ADDRESSABLE (decl)));
247 : }
248 :
249 : /* Return true when flag_sanitize & FLAG is non-zero. If FN is non-null,
250 : remove all flags mentioned in "no_sanitize" of DECL_ATTRIBUTES. */
251 :
252 : inline bool
253 884418413 : sanitize_flags_p (sanitize_code_type flag,
254 : const_tree fn = current_function_decl)
255 : {
256 884418413 : sanitize_code_type result_flags = flag_sanitize & flag;
257 884418413 : if (result_flags == 0)
258 : return false;
259 :
260 800313 : if (fn != NULL_TREE)
261 : {
262 793099 : tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
263 793099 : if (value)
264 2963 : result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
265 : }
266 :
267 800313 : return result_flags;
268 : }
269 :
270 : /* Return true when coverage sanitization should happend for FN function. */
271 :
272 : inline bool
273 69872791 : sanitize_coverage_p (const_tree fn = current_function_decl)
274 : {
275 69872791 : return (flag_sanitize_coverage
276 69872791 : && (fn == NULL_TREE
277 305 : || lookup_attribute ("no_sanitize_coverage",
278 305 : DECL_ATTRIBUTES (fn)) == NULL_TREE));
279 : }
280 :
281 : #endif /* TREE_ASAN */
|
