projects / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
re PR c++/60572 (ICE deriving from class with invalid member)
[gcc.git] / gcc / vtable-verify.c
1 /* Copyright (C) 2013-2014 Free Software Foundation, Inc.
2
3 This file is part of GCC.
4
5 GCC is free software; you can redistribute it and/or modify it under
6 the terms of the GNU General Public License as published by the Free
7 Software Foundation; either version 3, or (at your option) any later
8 version.
9
10 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
11 WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GCC; see the file COPYING3. If not see
17 <http://www.gnu.org/licenses/>. */
18
19 /* Virtual Table Pointer Security Pass - Detect corruption of vtable pointers
20 before using them for virtual method dispatches. */
21
22 /* This file is part of the vtable security feature implementation.
23 The vtable security feature is designed to detect when a virtual
24 call is about to be made through an invalid vtable pointer
25 (possibly due to data corruption or malicious attacks). The
26 compiler finds every virtual call, and inserts a verification call
27 before the virtual call. The verification call takes the actual
28 vtable pointer value in the object through which the virtual call
29 is being made, and compares the vtable pointer against a set of all
30 valid vtable pointers that the object could contain (this set is
31 based on the declared type of the object). If the pointer is in
32 the valid set, execution is allowed to continue; otherwise the
33 program is halted.
34
35 There are several pieces needed in order to make this work: 1. For
36 every virtual class in the program (i.e. a class that contains
37 virtual methods), we need to build the set of all possible valid
38 vtables that an object of that class could point to. This includes
39 vtables for any class(es) that inherit from the class under
40 consideration. 2. For every such data set we build up, we need a
41 way to find and reference the data set. This is complicated by the
42 fact that the real vtable addresses are not known until runtime,
43 when the program is loaded into memory, but we need to reference the
44 sets at compile time when we are inserting verification calls into
45 the program. 3. We need to find every virtual call in the program,
46 and insert the verification call (with the appropriate arguments)
47 before the virtual call. 4. We need some runtime library pieces:
48 the code to build up the data sets at runtime; the code to actually
49 perform the verification using the data sets; and some code to set
50 protections on the data sets, so they themselves do not become
51 hacker targets.
52
53 To find and reference the set of valid vtable pointers for any given
54 virtual class, we create a special global variable for each virtual
55 class. We refer to this as the "vtable map variable" for that
56 class. The vtable map variable has the type "void *", and is
57 initialized by the compiler to NULL. At runtime when the set of
58 valid vtable pointers for a virtual class, e.g. class Foo, is built,
59 the vtable map variable for class Foo is made to point to the set.
60 During compile time, when the compiler is inserting verification
61 calls into the program, it passes the vtable map variable for the
62 appropriate class to the verification call, so that at runtime the
63 verification call can find the appropriate data set.
64
65 The actual set of valid vtable pointers for a virtual class,
66 e.g. class Foo, cannot be built until runtime, when the vtables get
67 loaded into memory and their addresses are known. But the knowledge
68 about which vtables belong in which class' hierarchy is only known
69 at compile time. Therefore at compile time we collect class
70 hierarchy and vtable information about every virtual class, and we
71 generate calls to build up the data sets at runtime. To build the
72 data sets, we call one of the functions we add to the runtime
73 library, __VLTRegisterPair. __VLTRegisterPair takes two arguments,
74 a vtable map variable and the address of a vtable. If the vtable
75 map variable is currently NULL, it creates a new data set (hash
76 table), makes the vtable map variable point to the new data set, and
77 inserts the vtable address into the data set. If the vtable map
78 variable is not NULL, it just inserts the vtable address into the
79 data set. In order to make sure that our data sets are built before
80 any verification calls happen, we create a special constructor
81 initialization function for each compilation unit, give it a very
82 high initialization priority, and insert all of our calls to
83 __VLTRegisterPair into our special constructor initialization
84 function.
85
86 The vtable verification feature is controlled by the flag
87 '-fvtable-verify='. There are three flavors of this:
88 '-fvtable-verify=std', '-fvtable-verify=preinit', and
89 '-fvtable-verify=none'. If the option '-fvtable-verfy=preinit' is
90 used, then our constructor initialization function gets put into the
91 preinit array. This is necessary if there are data sets that need
92 to be built very early in execution. If the constructor
93 initialization function gets put into the preinit array, the we also
94 add calls to __VLTChangePermission at the beginning and end of the
95 function. The call at the beginning sets the permissions on the
96 data sets and vtable map variables to read/write, and the one at the
97 end makes them read-only. If the '-fvtable-verify=std' option is
98 used, the constructor initialization functions are executed at their
99 normal time, and the __VLTChangePermission calls are handled
100 differently (see the comments in libstdc++-v3/libsupc++/vtv_rts.cc).
101 The option '-fvtable-verify=none' turns off vtable verification.
102
103 This file contains code for the tree pass that goes through all the
104 statements in each basic block, looking for virtual calls, and
105 inserting a call to __VLTVerifyVtablePointer (with appropriate
106 arguments) before each one. It also contains the hash table
107 functions for the data structures used for collecting the class
108 hierarchy data and building/maintaining the vtable map variable data
109 are defined in gcc/vtable-verify.h. These data structures are
110 shared with the code in the C++ front end that collects the class
111 hierarchy & vtable information and generates the vtable map
112 variables (see cp/vtable-class-hierarchy.c). This tree pass should
113 run just before the gimple is converted to RTL.
114
115 Some implementation details for this pass:
116
117 To find all of the virtual calls, we iterate through all the
118 gimple statements in each basic block, looking for any call
119 statement with the code "OBJ_TYPE_REF". Once we have found the
120 virtual call, we need to find the vtable pointer through which the
121 call is being made, and the type of the object containing the
122 pointer (to find the appropriate vtable map variable). We then use
123 these to build a call to __VLTVerifyVtablePointer, passing the
124 vtable map variable, and the vtable pointer. We insert the
125 verification call just after the gimple statement that gets the
126 vtable pointer out of the object, and we update the next
127 statement to depend on the result returned from
128 __VLTVerifyVtablePointer (the vtable pointer value), to ensure
129 subsequent compiler phases don't remove or reorder the call (it's no
130 good to have the verification occur after the virtual call, for
131 example). To find the vtable pointer being used (and the type of
132 the object) we search backwards through the def_stmts chain from the
133 virtual call (see verify_bb_vtables for more details). */
134
135 #include "config.h"
136 #include "system.h"
137 #include "coretypes.h"
138 #include "tree.h"
139 #include "basic-block.h"
140 #include "tree-ssa-alias.h"
141 #include "internal-fn.h"
142 #include "gimple-expr.h"
143 #include "is-a.h"
144 #include "gimple.h"
145 #include "gimple-iterator.h"
146 #include "gimple-ssa.h"
147 #include "tree-phinodes.h"
148 #include "ssa-iterators.h"
149 #include "stringpool.h"
150 #include "tree-ssanames.h"
151 #include "tree-pass.h"
152 #include "cfgloop.h"
153
154 #include "vtable-verify.h"
155
156 unsigned num_vtable_map_nodes = 0;
157 int total_num_virtual_calls = 0;
158 int total_num_verified_vcalls = 0;
159
160 extern GTY(()) tree verify_vtbl_ptr_fndecl;
161 tree verify_vtbl_ptr_fndecl = NULL_TREE;
162
163 /* Keep track of whether or not any virtual call were verified. */
164 static bool any_verification_calls_generated = false;
165
166 unsigned int vtable_verify_main (void);
167
168
169 /* The following few functions are for the vtbl pointer hash table
170 in the 'registered' field of the struct vtable_map_node. The hash
171 table keeps track of which vtable pointers have been used in
172 calls to __VLTRegisterPair with that particular vtable map variable. */
173
174 /* This function checks to see if a particular VTABLE_DECL and OFFSET are
175 already in the 'registered' hash table for NODE. */
176
177 bool
178 vtbl_map_node_registration_find (struct vtbl_map_node *node,
179 tree vtable_decl,
180 unsigned offset)
181 {
182 struct vtable_registration key;
183 struct vtable_registration **slot;
184
185 gcc_assert (node && node->registered.is_created ());
186
187 key.vtable_decl = vtable_decl;
188 slot = (struct vtable_registration **) node->registered.find_slot (&key,
189 NO_INSERT);
190
191 if (slot && (*slot))
192 {
193 unsigned i;
194 for (i = 0; i < ((*slot)->offsets).length (); ++i)
195 if ((*slot)->offsets[i] == offset)
196 return true;
197 }
198
199 return false;
200 }
201
202 /* This function inserts VTABLE_DECL and OFFSET into the 'registered'
203 hash table for NODE. It returns a boolean indicating whether or not
204 it actually inserted anything. */
205
206 bool
207 vtbl_map_node_registration_insert (struct vtbl_map_node *node,
208 tree vtable_decl,
209 unsigned offset)
210 {
211 struct vtable_registration key;
212 struct vtable_registration **slot;
213 bool inserted_something = false;
214
215 if (!node || !node->registered.is_created ())
216 return false;
217
218 key.vtable_decl = vtable_decl;
219 slot = (struct vtable_registration **) node->registered.find_slot (&key,
220 INSERT);
221
222 if (! *slot)
223 {
224 struct vtable_registration *node;
225 node = XNEW (struct vtable_registration);
226 node->vtable_decl = vtable_decl;
227
228 (node->offsets).create (10);
229 (node->offsets).safe_push (offset);
230 *slot = node;
231 inserted_something = true;
232 }
233 else
234 {
235 /* We found the vtable_decl slot; we need to see if it already
236 contains the offset. If not, we need to add the offset. */
237 unsigned i;
238 bool found = false;
239 for (i = 0; i < ((*slot)->offsets).length () && !found; ++i)
240 if ((*slot)->offsets[i] == offset)
241 found = true;
242
243 if (!found)
244 {
245 ((*slot)->offsets).safe_push (offset);
246 inserted_something = true;
247 }
248 }
249 return inserted_something;
250 }
251
252 /* Hashtable functions for vtable_registration hashtables. */
253
254 inline hashval_t
255 registration_hasher::hash (const value_type *p)
256 {
257 const struct vtable_registration *n = (const struct vtable_registration *) p;
258 return (hashval_t) (DECL_UID (n->vtable_decl));
259 }
260
261 inline bool
262 registration_hasher::equal (const value_type *p1, const compare_type *p2)
263 {
264 const struct vtable_registration *n1 =
265 (const struct vtable_registration *) p1;
266 const struct vtable_registration *n2 =
267 (const struct vtable_registration *) p2;
268 return (DECL_UID (n1->vtable_decl) == DECL_UID (n2->vtable_decl));
269 }
270
271 /* End of hashtable functions for "registered" hashtables. */
272
273
274
275 /* Hashtable definition and functions for vtbl_map_hash. */
276
277 struct vtbl_map_hasher : typed_noop_remove <struct vtbl_map_node>
278 {
279 typedef struct vtbl_map_node value_type;
280 typedef struct vtbl_map_node compare_type;
281 static inline hashval_t hash (const value_type *);
282 static inline bool equal (const value_type *, const compare_type *);
283 };
284
285 /* Returns a hash code for P. */
286
287 inline hashval_t
288 vtbl_map_hasher::hash (const value_type *p)
289 {
290 const struct vtbl_map_node n = *((const struct vtbl_map_node *) p);
291 return (hashval_t) IDENTIFIER_HASH_VALUE (n.class_name);
292 }
293
294 /* Returns nonzero if P1 and P2 are equal. */
295
296 inline bool
297 vtbl_map_hasher::equal (const value_type *p1, const compare_type *p2)
298 {
299 const struct vtbl_map_node n1 = *((const struct vtbl_map_node *) p1);
300 const struct vtbl_map_node n2 = *((const struct vtbl_map_node *) p2);
301 return (IDENTIFIER_HASH_VALUE (n1.class_name) ==
302 IDENTIFIER_HASH_VALUE (n2.class_name));
303 }
304
305 /* Here are the two structures into which we insert vtable map nodes.
306 We use two data structures because of the vastly different ways we need
307 to find the nodes for various tasks (see comments in vtable-verify.h
308 for more details. */
309
310 typedef hash_table <vtbl_map_hasher> vtbl_map_table_type;
311 typedef vtbl_map_table_type::iterator vtbl_map_iterator_type;
312
313 /* Vtable map variable nodes stored in a hash table. */
314 static vtbl_map_table_type vtbl_map_hash;
315
316 /* Vtable map variable nodes stored in a vector. */
317 vec<struct vtbl_map_node *> vtbl_map_nodes_vec;
318
319 /* Return vtbl_map node for CLASS_NAME without creating a new one. */
320
321 struct vtbl_map_node *
322 vtbl_map_get_node (tree class_type)
323 {
324 struct vtbl_map_node key;
325 struct vtbl_map_node **slot;
326
327 tree class_type_decl;
328 tree class_name;
329 unsigned int type_quals;
330
331 if (!vtbl_map_hash.is_created ())
332 return NULL;
333
334 gcc_assert (TREE_CODE (class_type) == RECORD_TYPE);
335
336
337 /* Find the TYPE_DECL for the class. */
338 class_type_decl = TYPE_NAME (class_type);
339
340 /* Verify that there aren't any qualifiers on the type. */
341 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
342 gcc_assert (type_quals == TYPE_UNQUALIFIED);
343
344 /* Get the mangled name for the unqualified type. */
345 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
346 class_name = DECL_ASSEMBLER_NAME (class_type_decl);
347
348 key.class_name = class_name;
349 slot = (struct vtbl_map_node **) vtbl_map_hash.find_slot (&key,
350 NO_INSERT);
351 if (!slot)
352 return NULL;
353 return *slot;
354 }
355
356 /* Return vtbl_map node assigned to BASE_CLASS_TYPE. Create new one
357 when needed. */
358
359 struct vtbl_map_node *
360 find_or_create_vtbl_map_node (tree base_class_type)
361 {
362 struct vtbl_map_node key;
363 struct vtbl_map_node *node;
364 struct vtbl_map_node **slot;
365 tree class_type_decl;
366 unsigned int type_quals;
367
368 if (!vtbl_map_hash.is_created ())
369 vtbl_map_hash.create (10);
370
371 /* Find the TYPE_DECL for the class. */
372 class_type_decl = TYPE_NAME (base_class_type);
373
374 /* Verify that there aren't any type qualifiers on type. */
375 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
376 gcc_assert (type_quals == TYPE_UNQUALIFIED);
377
378 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
379 key.class_name = DECL_ASSEMBLER_NAME (class_type_decl);
380 slot = (struct vtbl_map_node **) vtbl_map_hash.find_slot (&key,
381 INSERT);
382
383 if (*slot)
384 return *slot;
385
386 node = XNEW (struct vtbl_map_node);
387 node->vtbl_map_decl = NULL_TREE;
388 node->class_name = key.class_name;
389 node->uid = num_vtable_map_nodes++;
390
391 node->class_info = XNEW (struct vtv_graph_node);
392 node->class_info->class_type = base_class_type;
393 node->class_info->class_uid = node->uid;
394 node->class_info->num_processed_children = 0;
395
396 (node->class_info->parents).create (4);
397 (node->class_info->children).create (4);
398
399 node->registered.create (16);
400
401 node->is_used = false;
402
403 vtbl_map_nodes_vec.safe_push (node);
404 gcc_assert (vtbl_map_nodes_vec[node->uid] == node);
405
406 *slot = node;
407 return node;
408 }
409
410 /* End of hashtable functions for vtable_map variables hash table. */
411
412 /* Given a gimple STMT, this function checks to see if the statement
413 is an assignment, the rhs of which is getting the vtable pointer
414 value out of an object. (i.e. it's the value we need to verify
415 because its the vtable pointer that will be used for a virtual
416 call). */
417
418 static bool
419 is_vtable_assignment_stmt (gimple stmt)
420 {
421
422 if (gimple_code (stmt) != GIMPLE_ASSIGN)
423 return false;
424 else
425 {
426 tree lhs = gimple_assign_lhs (stmt);
427 tree rhs = gimple_assign_rhs1 (stmt);
428
429 if (TREE_CODE (lhs) != SSA_NAME)
430 return false;
431
432 if (TREE_CODE (rhs) != COMPONENT_REF)
433 return false;
434
435 if (! (TREE_OPERAND (rhs, 1))
436 || (TREE_CODE (TREE_OPERAND (rhs, 1)) != FIELD_DECL))
437 return false;
438
439 if (! DECL_VIRTUAL_P (TREE_OPERAND (rhs, 1)))
440 return false;
441 }
442
443 return true;
444 }
445
446 /* This function attempts to recover the declared class of an object
447 that is used in making a virtual call. We try to get the type from
448 the type cast in the gimple assignment statement that extracts the
449 vtable pointer from the object (DEF_STMT). The gimple statement
450 usually looks something like this:
451
452 D.2201_4 = MEM[(struct Event *)this_1(D)]._vptr.Event */
453
454 static tree
455 extract_object_class_type (tree rhs)
456 {
457 tree result = NULL_TREE;
458
459 /* Try to find and extract the type cast from that stmt. */
460 if (TREE_CODE (rhs) == COMPONENT_REF)
461 {
462 tree op0 = TREE_OPERAND (rhs, 0);
463 tree op1 = TREE_OPERAND (rhs, 1);
464
465 if (TREE_CODE (op1) == FIELD_DECL
466 && DECL_VIRTUAL_P (op1))
467 {
468 if (TREE_CODE (op0) == COMPONENT_REF
469 && TREE_CODE (TREE_OPERAND (op0, 0)) == MEM_REF
470 && TREE_CODE (TREE_TYPE (TREE_OPERAND (op0, 0)))== RECORD_TYPE)
471 result = TREE_TYPE (TREE_OPERAND (op0, 0));
472 else
473 result = TREE_TYPE (op0);
474 }
475 else if (TREE_CODE (op0) == COMPONENT_REF)
476 {
477 result = extract_object_class_type (op0);
478 if (result == NULL_TREE
479 && TREE_CODE (op1) == COMPONENT_REF)
480 result = extract_object_class_type (op1);
481 }
482 }
483
484 return result;
485 }
486
487 /* This function traces forward through the def-use chain of an SSA
488 variable to see if it ever gets used in a virtual function call. It
489 returns a boolean indicating whether or not it found a virtual call in
490 the use chain. */
491
492 static bool
493 var_is_used_for_virtual_call_p (tree lhs, int *mem_ref_depth)
494 {
495 imm_use_iterator imm_iter;
496 bool found_vcall = false;
497 use_operand_p use_p;
498
499 if (TREE_CODE (lhs) != SSA_NAME)
500 return false;
501
502 if (*mem_ref_depth > 2)
503 return false;
504
505 /* Iterate through the immediate uses of the current variable. If
506 it's a virtual function call, we're done. Otherwise, if there's
507 an LHS for the use stmt, add the ssa var to the work list
508 (assuming it's not already in the list and is not a variable
509 we've already examined. */
510
511 FOR_EACH_IMM_USE_FAST (use_p, imm_iter, lhs)
512 {
513 gimple stmt2 = USE_STMT (use_p);
514
515 if (is_gimple_call (stmt2))
516 {
517 tree fncall = gimple_call_fn (stmt2);
518 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
519 found_vcall = true;
520 else
521 return false;
522 }
523 else if (gimple_code (stmt2) == GIMPLE_PHI)
524 {
525 found_vcall = var_is_used_for_virtual_call_p
526 (gimple_phi_result (stmt2),
527 mem_ref_depth);
528 }
529 else if (is_gimple_assign (stmt2))
530 {
531 tree rhs = gimple_assign_rhs1 (stmt2);
532 if (TREE_CODE (rhs) == ADDR_EXPR
533 || TREE_CODE (rhs) == MEM_REF)
534 *mem_ref_depth = *mem_ref_depth + 1;
535
536 if (TREE_CODE (rhs) == COMPONENT_REF)
537 {
538 while (TREE_CODE (TREE_OPERAND (rhs, 0)) == COMPONENT_REF)
539 rhs = TREE_OPERAND (rhs, 0);
540
541 if (TREE_CODE (TREE_OPERAND (rhs, 0)) == ADDR_EXPR
542 || TREE_CODE (TREE_OPERAND (rhs, 0)) == MEM_REF)
543 *mem_ref_depth = *mem_ref_depth + 1;
544 }
545
546 if (*mem_ref_depth < 3)
547 found_vcall = var_is_used_for_virtual_call_p
548 (gimple_assign_lhs (stmt2),
549 mem_ref_depth);
550 }
551
552 else
553 break;
554
555 if (found_vcall)
556 return true;
557 }
558
559 return false;
560 }
561
562 /* Search through all the statements in a basic block (BB), searching
563 for virtual method calls. For each virtual method dispatch, find
564 the vptr value used, and the statically declared type of the
565 object; retrieve the vtable map variable for the type of the
566 object; generate a call to __VLTVerifyVtablePointer; and insert the
567 generated call into the basic block, after the point where the vptr
568 value is gotten out of the object and before the virtual method
569 dispatch. Make the virtual method dispatch depend on the return
570 value from the verification call, so that subsequent optimizations
571 cannot reorder the two calls. */
572
573 static void
574 verify_bb_vtables (basic_block bb)
575 {
576 gimple_seq stmts;
577 gimple stmt = NULL;
578 gimple_stmt_iterator gsi_vtbl_assign;
579 gimple_stmt_iterator gsi_virtual_call;
580
581 stmts = bb_seq (bb);
582 gsi_virtual_call = gsi_start (stmts);
583 for (; !gsi_end_p (gsi_virtual_call); gsi_next (&gsi_virtual_call))
584 {
585 stmt = gsi_stmt (gsi_virtual_call);
586
587 /* Count virtual calls. */
588 if (is_gimple_call (stmt))
589 {
590 tree fncall = gimple_call_fn (stmt);
591 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
592 total_num_virtual_calls++;
593 }
594
595 if (is_vtable_assignment_stmt (stmt))
596 {
597 tree lhs = gimple_assign_lhs (stmt);
598 tree vtbl_var_decl = NULL_TREE;
599 struct vtbl_map_node *vtable_map_node;
600 tree vtbl_decl = NULL_TREE;
601 gimple call_stmt;
602 const char *vtable_name = "<unknown>";
603 tree tmp0;
604 bool found;
605 int mem_ref_depth = 0;
606
607 /* Make sure this vptr field access is for a virtual call. */
608 if (!var_is_used_for_virtual_call_p (lhs, &mem_ref_depth))
609 continue;
610
611 /* Now we have found the virtual method dispatch and
612 the preceding access of the _vptr.* field... Next
613 we need to find the statically declared type of
614 the object, so we can find and use the right
615 vtable map variable in the verification call. */
616 tree class_type = extract_object_class_type
617 (gimple_assign_rhs1 (stmt));
618
619 gsi_vtbl_assign = gsi_for_stmt (stmt);
620
621 if (class_type
622 && (TREE_CODE (class_type) == RECORD_TYPE)
623 && TYPE_BINFO (class_type))
624 {
625 /* Get the vtable VAR_DECL for the type. */
626 vtbl_var_decl = BINFO_VTABLE (TYPE_BINFO (class_type));
627
628 if (TREE_CODE (vtbl_var_decl) == POINTER_PLUS_EXPR)
629 vtbl_var_decl = TREE_OPERAND (TREE_OPERAND (vtbl_var_decl, 0),
630 0);
631
632 gcc_assert (vtbl_var_decl);
633
634 vtbl_decl = vtbl_var_decl;
635 vtable_map_node = vtbl_map_get_node
636 (TYPE_MAIN_VARIANT (class_type));
637
638 gcc_assert (verify_vtbl_ptr_fndecl);
639
640 /* Given the vtable pointer for the base class of the
641 object, build the call to __VLTVerifyVtablePointer to
642 verify that the object's vtable pointer (contained in
643 lhs) is in the set of valid vtable pointers for the
644 base class. */
645
646 if (vtable_map_node && vtable_map_node->vtbl_map_decl)
647 {
648 vtable_map_node->is_used = true;
649 vtbl_var_decl = vtable_map_node->vtbl_map_decl;
650
651 if (TREE_CODE (vtbl_decl) == VAR_DECL)
652 vtable_name = IDENTIFIER_POINTER (DECL_NAME (vtbl_decl));
653
654 /* Call different routines if we are interested in
655 trace information to debug problems. */
656 if (flag_vtv_debug)
657 {
658 int len1 = IDENTIFIER_LENGTH
659 (DECL_NAME (vtbl_var_decl));
660 int len2 = strlen (vtable_name);
661
662 call_stmt = gimple_build_call
663 (verify_vtbl_ptr_fndecl, 4,
664 build1 (ADDR_EXPR,
665 TYPE_POINTER_TO
666 (TREE_TYPE (vtbl_var_decl)),
667 vtbl_var_decl),
668 lhs,
669 build_string_literal
670 (len1 + 1,
671 IDENTIFIER_POINTER
672 (DECL_NAME
673 (vtbl_var_decl))),
674 build_string_literal (len2 + 1,
675 vtable_name));
676 }
677 else
678 call_stmt = gimple_build_call
679 (verify_vtbl_ptr_fndecl, 2,
680 build1 (ADDR_EXPR,
681 TYPE_POINTER_TO
682 (TREE_TYPE (vtbl_var_decl)),
683 vtbl_var_decl),
684 lhs);
685
686
687 /* Create a new SSA_NAME var to hold the call's
688 return value, and make the call_stmt use the
689 variable for that purpose. */
690 tmp0 = make_temp_ssa_name (TREE_TYPE (lhs), NULL, "VTV");
691 gimple_call_set_lhs (call_stmt, tmp0);
692 update_stmt (call_stmt);
693
694 /* Replace all uses of lhs with tmp0. */
695 found = false;
696 imm_use_iterator iterator;
697 gimple use_stmt;
698 FOR_EACH_IMM_USE_STMT (use_stmt, iterator, lhs)
699 {
700 use_operand_p use_p;
701 if (use_stmt == call_stmt)
702 continue;
703 FOR_EACH_IMM_USE_ON_STMT (use_p, iterator)
704 SET_USE (use_p, tmp0);
705 update_stmt (use_stmt);
706 found = true;
707 }
708
709 gcc_assert (found);
710
711 /* Insert the new verification call just after the
712 statement that gets the vtable pointer out of the
713 object. */
714 gcc_assert (gsi_stmt (gsi_vtbl_assign) == stmt);
715 gsi_insert_after (&gsi_vtbl_assign, call_stmt,
716 GSI_NEW_STMT);
717
718 any_verification_calls_generated = true;
719 total_num_verified_vcalls++;
720 }
721 }
722 }
723 }
724 }
725
726 /* Main function, called from pass->excute(). Loop through all the
727 basic blocks in the current function, passing them to
728 verify_bb_vtables, which searches for virtual calls, and inserts
729 calls to __VLTVerifyVtablePointer. */
730
731 unsigned int
732 vtable_verify_main (void)
733 {
734 unsigned int ret = 1;
735 basic_block bb;
736
737 FOR_ALL_BB_FN (bb, cfun)
738 verify_bb_vtables (bb);
739
740 return ret;
741 }
742
743 /* Gate function for the pass. */
744
745 static bool
746 gate_tree_vtable_verify (void)
747 {
748 return (flag_vtable_verify);
749 }
750
751 /* Definition of this optimization pass. */
752
753 namespace {
754
755 const pass_data pass_data_vtable_verify =
756 {
757 GIMPLE_PASS, /* type */
758 "vtable-verify", /* name */
759 OPTGROUP_NONE, /* optinfo_flags */
760 true, /* has_gate */
761 true, /* has_execute */
762 TV_VTABLE_VERIFICATION, /* tv_id */
763 ( PROP_cfg | PROP_ssa ), /* properties_required */
764 0, /* properties_provided */
765 0, /* properties_destroyed */
766 0, /* todo_flags_start */
767 TODO_update_ssa, /* todo_flags_finish */
768 };
769
770 class pass_vtable_verify : public gimple_opt_pass
771 {
772 public:
773 pass_vtable_verify (gcc::context *ctxt)
774 : gimple_opt_pass (pass_data_vtable_verify, ctxt)
775 {}
776
777 /* opt_pass methods: */
778 bool gate () { return gate_tree_vtable_verify (); }
779 unsigned int execute () { return vtable_verify_main (); }
780
781 }; // class pass_vtable_verify
782
783 } // anon namespace
784
785 gimple_opt_pass *
786 make_pass_vtable_verify (gcc::context *ctxt)
787 {
788 return new pass_vtable_verify (ctxt);
789 }
790
791 #include "gt-vtable-verify.h"