projects / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
coretypes.h: Include input.h and as-a.h.
[gcc.git] / gcc / vtable-verify.c
1 /* Copyright (C) 2013-2015 Free Software Foundation, Inc.
2
3 This file is part of GCC.
4
5 GCC is free software; you can redistribute it and/or modify it under
6 the terms of the GNU General Public License as published by the Free
7 Software Foundation; either version 3, or (at your option) any later
8 version.
9
10 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
11 WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GCC; see the file COPYING3. If not see
17 <http://www.gnu.org/licenses/>. */
18
19 /* Virtual Table Pointer Security Pass - Detect corruption of vtable pointers
20 before using them for virtual method dispatches. */
21
22 /* This file is part of the vtable security feature implementation.
23 The vtable security feature is designed to detect when a virtual
24 call is about to be made through an invalid vtable pointer
25 (possibly due to data corruption or malicious attacks). The
26 compiler finds every virtual call, and inserts a verification call
27 before the virtual call. The verification call takes the actual
28 vtable pointer value in the object through which the virtual call
29 is being made, and compares the vtable pointer against a set of all
30 valid vtable pointers that the object could contain (this set is
31 based on the declared type of the object). If the pointer is in
32 the valid set, execution is allowed to continue; otherwise the
33 program is halted.
34
35 There are several pieces needed in order to make this work: 1. For
36 every virtual class in the program (i.e. a class that contains
37 virtual methods), we need to build the set of all possible valid
38 vtables that an object of that class could point to. This includes
39 vtables for any class(es) that inherit from the class under
40 consideration. 2. For every such data set we build up, we need a
41 way to find and reference the data set. This is complicated by the
42 fact that the real vtable addresses are not known until runtime,
43 when the program is loaded into memory, but we need to reference the
44 sets at compile time when we are inserting verification calls into
45 the program. 3. We need to find every virtual call in the program,
46 and insert the verification call (with the appropriate arguments)
47 before the virtual call. 4. We need some runtime library pieces:
48 the code to build up the data sets at runtime; the code to actually
49 perform the verification using the data sets; and some code to set
50 protections on the data sets, so they themselves do not become
51 hacker targets.
52
53 To find and reference the set of valid vtable pointers for any given
54 virtual class, we create a special global variable for each virtual
55 class. We refer to this as the "vtable map variable" for that
56 class. The vtable map variable has the type "void *", and is
57 initialized by the compiler to NULL. At runtime when the set of
58 valid vtable pointers for a virtual class, e.g. class Foo, is built,
59 the vtable map variable for class Foo is made to point to the set.
60 During compile time, when the compiler is inserting verification
61 calls into the program, it passes the vtable map variable for the
62 appropriate class to the verification call, so that at runtime the
63 verification call can find the appropriate data set.
64
65 The actual set of valid vtable pointers for a virtual class,
66 e.g. class Foo, cannot be built until runtime, when the vtables get
67 loaded into memory and their addresses are known. But the knowledge
68 about which vtables belong in which class' hierarchy is only known
69 at compile time. Therefore at compile time we collect class
70 hierarchy and vtable information about every virtual class, and we
71 generate calls to build up the data sets at runtime. To build the
72 data sets, we call one of the functions we add to the runtime
73 library, __VLTRegisterPair. __VLTRegisterPair takes two arguments,
74 a vtable map variable and the address of a vtable. If the vtable
75 map variable is currently NULL, it creates a new data set (hash
76 table), makes the vtable map variable point to the new data set, and
77 inserts the vtable address into the data set. If the vtable map
78 variable is not NULL, it just inserts the vtable address into the
79 data set. In order to make sure that our data sets are built before
80 any verification calls happen, we create a special constructor
81 initialization function for each compilation unit, give it a very
82 high initialization priority, and insert all of our calls to
83 __VLTRegisterPair into our special constructor initialization
84 function.
85
86 The vtable verification feature is controlled by the flag
87 '-fvtable-verify='. There are three flavors of this:
88 '-fvtable-verify=std', '-fvtable-verify=preinit', and
89 '-fvtable-verify=none'. If the option '-fvtable-verfy=preinit' is
90 used, then our constructor initialization function gets put into the
91 preinit array. This is necessary if there are data sets that need
92 to be built very early in execution. If the constructor
93 initialization function gets put into the preinit array, the we also
94 add calls to __VLTChangePermission at the beginning and end of the
95 function. The call at the beginning sets the permissions on the
96 data sets and vtable map variables to read/write, and the one at the
97 end makes them read-only. If the '-fvtable-verify=std' option is
98 used, the constructor initialization functions are executed at their
99 normal time, and the __VLTChangePermission calls are handled
100 differently (see the comments in libstdc++-v3/libsupc++/vtv_rts.cc).
101 The option '-fvtable-verify=none' turns off vtable verification.
102
103 This file contains code for the tree pass that goes through all the
104 statements in each basic block, looking for virtual calls, and
105 inserting a call to __VLTVerifyVtablePointer (with appropriate
106 arguments) before each one. It also contains the hash table
107 functions for the data structures used for collecting the class
108 hierarchy data and building/maintaining the vtable map variable data
109 are defined in gcc/vtable-verify.h. These data structures are
110 shared with the code in the C++ front end that collects the class
111 hierarchy & vtable information and generates the vtable map
112 variables (see cp/vtable-class-hierarchy.c). This tree pass should
113 run just before the gimple is converted to RTL.
114
115 Some implementation details for this pass:
116
117 To find all of the virtual calls, we iterate through all the
118 gimple statements in each basic block, looking for any call
119 statement with the code "OBJ_TYPE_REF". Once we have found the
120 virtual call, we need to find the vtable pointer through which the
121 call is being made, and the type of the object containing the
122 pointer (to find the appropriate vtable map variable). We then use
123 these to build a call to __VLTVerifyVtablePointer, passing the
124 vtable map variable, and the vtable pointer. We insert the
125 verification call just after the gimple statement that gets the
126 vtable pointer out of the object, and we update the next
127 statement to depend on the result returned from
128 __VLTVerifyVtablePointer (the vtable pointer value), to ensure
129 subsequent compiler phases don't remove or reorder the call (it's no
130 good to have the verification occur after the virtual call, for
131 example). To find the vtable pointer being used (and the type of
132 the object) we search backwards through the def_stmts chain from the
133 virtual call (see verify_bb_vtables for more details). */
134
135 #include "config.h"
136 #include "system.h"
137 #include "coretypes.h"
138 #include "alias.h"
139 #include "symtab.h"
140 #include "options.h"
141 #include "tree.h"
142 #include "fold-const.h"
143 #include "predict.h"
144 #include "tm.h"
145 #include "hard-reg-set.h"
146 #include "function.h"
147 #include "dominance.h"
148 #include "cfg.h"
149 #include "basic-block.h"
150 #include "tree-ssa-alias.h"
151 #include "internal-fn.h"
152 #include "gimple-expr.h"
153 #include "gimple.h"
154 #include "gimple-iterator.h"
155 #include "gimple-ssa.h"
156 #include "tree-phinodes.h"
157 #include "ssa-iterators.h"
158 #include "stringpool.h"
159 #include "tree-ssanames.h"
160 #include "tree-pass.h"
161 #include "cfgloop.h"
162
163 #include "vtable-verify.h"
164
165 unsigned num_vtable_map_nodes = 0;
166 int total_num_virtual_calls = 0;
167 int total_num_verified_vcalls = 0;
168
169 extern GTY(()) tree verify_vtbl_ptr_fndecl;
170 tree verify_vtbl_ptr_fndecl = NULL_TREE;
171
172 /* Keep track of whether or not any virtual call were verified. */
173 static bool any_verification_calls_generated = false;
174
175 unsigned int vtable_verify_main (void);
176
177
178 /* The following few functions are for the vtbl pointer hash table
179 in the 'registered' field of the struct vtable_map_node. The hash
180 table keeps track of which vtable pointers have been used in
181 calls to __VLTRegisterPair with that particular vtable map variable. */
182
183 /* This function checks to see if a particular VTABLE_DECL and OFFSET are
184 already in the 'registered' hash table for NODE. */
185
186 bool
187 vtbl_map_node_registration_find (struct vtbl_map_node *node,
188 tree vtable_decl,
189 unsigned offset)
190 {
191 struct vtable_registration key;
192 struct vtable_registration **slot;
193
194 gcc_assert (node && node->registered);
195
196 key.vtable_decl = vtable_decl;
197 slot = node->registered->find_slot (&key, NO_INSERT);
198
199 if (slot && (*slot))
200 {
201 unsigned i;
202 for (i = 0; i < ((*slot)->offsets).length (); ++i)
203 if ((*slot)->offsets[i] == offset)
204 return true;
205 }
206
207 return false;
208 }
209
210 /* This function inserts VTABLE_DECL and OFFSET into the 'registered'
211 hash table for NODE. It returns a boolean indicating whether or not
212 it actually inserted anything. */
213
214 bool
215 vtbl_map_node_registration_insert (struct vtbl_map_node *node,
216 tree vtable_decl,
217 unsigned offset)
218 {
219 struct vtable_registration key;
220 struct vtable_registration **slot;
221 bool inserted_something = false;
222
223 if (!node || !node->registered)
224 return false;
225
226 key.vtable_decl = vtable_decl;
227 slot = node->registered->find_slot (&key, INSERT);
228
229 if (! *slot)
230 {
231 struct vtable_registration *node;
232 node = XNEW (struct vtable_registration);
233 node->vtable_decl = vtable_decl;
234
235 (node->offsets).create (10);
236 (node->offsets).safe_push (offset);
237 *slot = node;
238 inserted_something = true;
239 }
240 else
241 {
242 /* We found the vtable_decl slot; we need to see if it already
243 contains the offset. If not, we need to add the offset. */
244 unsigned i;
245 bool found = false;
246 for (i = 0; i < ((*slot)->offsets).length () && !found; ++i)
247 if ((*slot)->offsets[i] == offset)
248 found = true;
249
250 if (!found)
251 {
252 ((*slot)->offsets).safe_push (offset);
253 inserted_something = true;
254 }
255 }
256 return inserted_something;
257 }
258
259 /* Hashtable functions for vtable_registration hashtables. */
260
261 inline hashval_t
262 registration_hasher::hash (const vtable_registration *p)
263 {
264 const struct vtable_registration *n = (const struct vtable_registration *) p;
265 return (hashval_t) (DECL_UID (n->vtable_decl));
266 }
267
268 inline bool
269 registration_hasher::equal (const vtable_registration *p1,
270 const vtable_registration *p2)
271 {
272 const struct vtable_registration *n1 =
273 (const struct vtable_registration *) p1;
274 const struct vtable_registration *n2 =
275 (const struct vtable_registration *) p2;
276 return (DECL_UID (n1->vtable_decl) == DECL_UID (n2->vtable_decl));
277 }
278
279 /* End of hashtable functions for "registered" hashtables. */
280
281
282
283 /* Hashtable definition and functions for vtbl_map_hash. */
284
285 struct vtbl_map_hasher : typed_noop_remove <struct vtbl_map_node>
286 {
287 typedef struct vtbl_map_node *value_type;
288 typedef struct vtbl_map_node *compare_type;
289 static inline hashval_t hash (const vtbl_map_node *);
290 static inline bool equal (const vtbl_map_node *, const vtbl_map_node *);
291 };
292
293 /* Returns a hash code for P. */
294
295 inline hashval_t
296 vtbl_map_hasher::hash (const vtbl_map_node *p)
297 {
298 const struct vtbl_map_node n = *((const struct vtbl_map_node *) p);
299 return (hashval_t) IDENTIFIER_HASH_VALUE (n.class_name);
300 }
301
302 /* Returns nonzero if P1 and P2 are equal. */
303
304 inline bool
305 vtbl_map_hasher::equal (const vtbl_map_node *p1, const vtbl_map_node *p2)
306 {
307 const struct vtbl_map_node n1 = *((const struct vtbl_map_node *) p1);
308 const struct vtbl_map_node n2 = *((const struct vtbl_map_node *) p2);
309 return (IDENTIFIER_HASH_VALUE (n1.class_name) ==
310 IDENTIFIER_HASH_VALUE (n2.class_name));
311 }
312
313 /* Here are the two structures into which we insert vtable map nodes.
314 We use two data structures because of the vastly different ways we need
315 to find the nodes for various tasks (see comments in vtable-verify.h
316 for more details. */
317
318 typedef hash_table<vtbl_map_hasher> vtbl_map_table_type;
319 typedef vtbl_map_table_type::iterator vtbl_map_iterator_type;
320
321 /* Vtable map variable nodes stored in a hash table. */
322 static vtbl_map_table_type *vtbl_map_hash;
323
324 /* Vtable map variable nodes stored in a vector. */
325 vec<struct vtbl_map_node *> vtbl_map_nodes_vec;
326
327 /* Return vtbl_map node for CLASS_NAME without creating a new one. */
328
329 struct vtbl_map_node *
330 vtbl_map_get_node (tree class_type)
331 {
332 struct vtbl_map_node key;
333 struct vtbl_map_node **slot;
334
335 tree class_type_decl;
336 tree class_name;
337 unsigned int type_quals;
338
339 if (!vtbl_map_hash)
340 return NULL;
341
342 gcc_assert (TREE_CODE (class_type) == RECORD_TYPE);
343
344
345 /* Find the TYPE_DECL for the class. */
346 class_type_decl = TYPE_NAME (class_type);
347
348 /* Verify that there aren't any qualifiers on the type. */
349 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
350 gcc_assert (type_quals == TYPE_UNQUALIFIED);
351
352 /* Get the mangled name for the unqualified type. */
353 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
354 class_name = DECL_ASSEMBLER_NAME (class_type_decl);
355
356 key.class_name = class_name;
357 slot = (struct vtbl_map_node **) vtbl_map_hash->find_slot (&key, NO_INSERT);
358 if (!slot)
359 return NULL;
360 return *slot;
361 }
362
363 /* Return vtbl_map node assigned to BASE_CLASS_TYPE. Create new one
364 when needed. */
365
366 struct vtbl_map_node *
367 find_or_create_vtbl_map_node (tree base_class_type)
368 {
369 struct vtbl_map_node key;
370 struct vtbl_map_node *node;
371 struct vtbl_map_node **slot;
372 tree class_type_decl;
373 unsigned int type_quals;
374
375 if (!vtbl_map_hash)
376 vtbl_map_hash = new vtbl_map_table_type (10);
377
378 /* Find the TYPE_DECL for the class. */
379 class_type_decl = TYPE_NAME (base_class_type);
380
381 /* Verify that there aren't any type qualifiers on type. */
382 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
383 gcc_assert (type_quals == TYPE_UNQUALIFIED);
384
385 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
386 key.class_name = DECL_ASSEMBLER_NAME (class_type_decl);
387 slot = (struct vtbl_map_node **) vtbl_map_hash->find_slot (&key, INSERT);
388
389 if (*slot)
390 return *slot;
391
392 node = XNEW (struct vtbl_map_node);
393 node->vtbl_map_decl = NULL_TREE;
394 node->class_name = key.class_name;
395 node->uid = num_vtable_map_nodes++;
396
397 node->class_info = XNEW (struct vtv_graph_node);
398 node->class_info->class_type = base_class_type;
399 node->class_info->class_uid = node->uid;
400 node->class_info->num_processed_children = 0;
401
402 (node->class_info->parents).create (4);
403 (node->class_info->children).create (4);
404
405 node->registered = new register_table_type (16);
406
407 node->is_used = false;
408
409 vtbl_map_nodes_vec.safe_push (node);
410 gcc_assert (vtbl_map_nodes_vec[node->uid] == node);
411
412 *slot = node;
413 return node;
414 }
415
416 /* End of hashtable functions for vtable_map variables hash table. */
417
418 /* Given a gimple STMT, this function checks to see if the statement
419 is an assignment, the rhs of which is getting the vtable pointer
420 value out of an object. (i.e. it's the value we need to verify
421 because its the vtable pointer that will be used for a virtual
422 call). */
423
424 static bool
425 is_vtable_assignment_stmt (gimple stmt)
426 {
427
428 if (gimple_code (stmt) != GIMPLE_ASSIGN)
429 return false;
430 else
431 {
432 tree lhs = gimple_assign_lhs (stmt);
433 tree rhs = gimple_assign_rhs1 (stmt);
434
435 if (TREE_CODE (lhs) != SSA_NAME)
436 return false;
437
438 if (TREE_CODE (rhs) != COMPONENT_REF)
439 return false;
440
441 if (! (TREE_OPERAND (rhs, 1))
442 || (TREE_CODE (TREE_OPERAND (rhs, 1)) != FIELD_DECL))
443 return false;
444
445 if (! DECL_VIRTUAL_P (TREE_OPERAND (rhs, 1)))
446 return false;
447 }
448
449 return true;
450 }
451
452 /* This function attempts to recover the declared class of an object
453 that is used in making a virtual call. We try to get the type from
454 the type cast in the gimple assignment statement that extracts the
455 vtable pointer from the object (DEF_STMT). The gimple statement
456 usually looks something like this:
457
458 D.2201_4 = MEM[(struct Event *)this_1(D)]._vptr.Event */
459
460 static tree
461 extract_object_class_type (tree rhs)
462 {
463 tree result = NULL_TREE;
464
465 /* Try to find and extract the type cast from that stmt. */
466 if (TREE_CODE (rhs) == COMPONENT_REF)
467 {
468 tree op0 = TREE_OPERAND (rhs, 0);
469 tree op1 = TREE_OPERAND (rhs, 1);
470
471 if (TREE_CODE (op1) == FIELD_DECL
472 && DECL_VIRTUAL_P (op1))
473 {
474 if (TREE_CODE (op0) == COMPONENT_REF
475 && TREE_CODE (TREE_OPERAND (op0, 0)) == MEM_REF
476 && TREE_CODE (TREE_TYPE (TREE_OPERAND (op0, 0)))== RECORD_TYPE)
477 result = TREE_TYPE (TREE_OPERAND (op0, 0));
478 else
479 result = TREE_TYPE (op0);
480 }
481 else if (TREE_CODE (op0) == COMPONENT_REF)
482 {
483 result = extract_object_class_type (op0);
484 if (result == NULL_TREE
485 && TREE_CODE (op1) == COMPONENT_REF)
486 result = extract_object_class_type (op1);
487 }
488 }
489
490 return result;
491 }
492
493 /* This function traces forward through the def-use chain of an SSA
494 variable to see if it ever gets used in a virtual function call. It
495 returns a boolean indicating whether or not it found a virtual call in
496 the use chain. */
497
498 static bool
499 var_is_used_for_virtual_call_p (tree lhs, int *mem_ref_depth)
500 {
501 imm_use_iterator imm_iter;
502 bool found_vcall = false;
503 use_operand_p use_p;
504
505 if (TREE_CODE (lhs) != SSA_NAME)
506 return false;
507
508 if (*mem_ref_depth > 2)
509 return false;
510
511 /* Iterate through the immediate uses of the current variable. If
512 it's a virtual function call, we're done. Otherwise, if there's
513 an LHS for the use stmt, add the ssa var to the work list
514 (assuming it's not already in the list and is not a variable
515 we've already examined. */
516
517 FOR_EACH_IMM_USE_FAST (use_p, imm_iter, lhs)
518 {
519 gimple stmt2 = USE_STMT (use_p);
520
521 if (is_gimple_call (stmt2))
522 {
523 tree fncall = gimple_call_fn (stmt2);
524 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
525 found_vcall = true;
526 else
527 return false;
528 }
529 else if (gimple_code (stmt2) == GIMPLE_PHI)
530 {
531 found_vcall = var_is_used_for_virtual_call_p
532 (gimple_phi_result (stmt2),
533 mem_ref_depth);
534 }
535 else if (is_gimple_assign (stmt2))
536 {
537 tree rhs = gimple_assign_rhs1 (stmt2);
538 if (TREE_CODE (rhs) == ADDR_EXPR
539 || TREE_CODE (rhs) == MEM_REF)
540 *mem_ref_depth = *mem_ref_depth + 1;
541
542 if (TREE_CODE (rhs) == COMPONENT_REF)
543 {
544 while (TREE_CODE (TREE_OPERAND (rhs, 0)) == COMPONENT_REF)
545 rhs = TREE_OPERAND (rhs, 0);
546
547 if (TREE_CODE (TREE_OPERAND (rhs, 0)) == ADDR_EXPR
548 || TREE_CODE (TREE_OPERAND (rhs, 0)) == MEM_REF)
549 *mem_ref_depth = *mem_ref_depth + 1;
550 }
551
552 if (*mem_ref_depth < 3)
553 found_vcall = var_is_used_for_virtual_call_p
554 (gimple_assign_lhs (stmt2),
555 mem_ref_depth);
556 }
557
558 else
559 break;
560
561 if (found_vcall)
562 return true;
563 }
564
565 return false;
566 }
567
568 /* Search through all the statements in a basic block (BB), searching
569 for virtual method calls. For each virtual method dispatch, find
570 the vptr value used, and the statically declared type of the
571 object; retrieve the vtable map variable for the type of the
572 object; generate a call to __VLTVerifyVtablePointer; and insert the
573 generated call into the basic block, after the point where the vptr
574 value is gotten out of the object and before the virtual method
575 dispatch. Make the virtual method dispatch depend on the return
576 value from the verification call, so that subsequent optimizations
577 cannot reorder the two calls. */
578
579 static void
580 verify_bb_vtables (basic_block bb)
581 {
582 gimple_seq stmts;
583 gimple stmt = NULL;
584 gimple_stmt_iterator gsi_vtbl_assign;
585 gimple_stmt_iterator gsi_virtual_call;
586
587 stmts = bb_seq (bb);
588 gsi_virtual_call = gsi_start (stmts);
589 for (; !gsi_end_p (gsi_virtual_call); gsi_next (&gsi_virtual_call))
590 {
591 stmt = gsi_stmt (gsi_virtual_call);
592
593 /* Count virtual calls. */
594 if (is_gimple_call (stmt))
595 {
596 tree fncall = gimple_call_fn (stmt);
597 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
598 total_num_virtual_calls++;
599 }
600
601 if (is_vtable_assignment_stmt (stmt))
602 {
603 tree lhs = gimple_assign_lhs (stmt);
604 tree vtbl_var_decl = NULL_TREE;
605 struct vtbl_map_node *vtable_map_node;
606 tree vtbl_decl = NULL_TREE;
607 gcall *call_stmt;
608 const char *vtable_name = "<unknown>";
609 tree tmp0;
610 bool found;
611 int mem_ref_depth = 0;
612
613 /* Make sure this vptr field access is for a virtual call. */
614 if (!var_is_used_for_virtual_call_p (lhs, &mem_ref_depth))
615 continue;
616
617 /* Now we have found the virtual method dispatch and
618 the preceding access of the _vptr.* field... Next
619 we need to find the statically declared type of
620 the object, so we can find and use the right
621 vtable map variable in the verification call. */
622 tree class_type = extract_object_class_type
623 (gimple_assign_rhs1 (stmt));
624
625 gsi_vtbl_assign = gsi_for_stmt (stmt);
626
627 if (class_type
628 && (TREE_CODE (class_type) == RECORD_TYPE)
629 && TYPE_BINFO (class_type))
630 {
631 /* Get the vtable VAR_DECL for the type. */
632 vtbl_var_decl = BINFO_VTABLE (TYPE_BINFO (class_type));
633
634 if (TREE_CODE (vtbl_var_decl) == POINTER_PLUS_EXPR)
635 vtbl_var_decl = TREE_OPERAND (TREE_OPERAND (vtbl_var_decl, 0),
636 0);
637
638 gcc_assert (vtbl_var_decl);
639
640 vtbl_decl = vtbl_var_decl;
641 vtable_map_node = vtbl_map_get_node
642 (TYPE_MAIN_VARIANT (class_type));
643
644 gcc_assert (verify_vtbl_ptr_fndecl);
645
646 /* Given the vtable pointer for the base class of the
647 object, build the call to __VLTVerifyVtablePointer to
648 verify that the object's vtable pointer (contained in
649 lhs) is in the set of valid vtable pointers for the
650 base class. */
651
652 if (vtable_map_node && vtable_map_node->vtbl_map_decl)
653 {
654 vtable_map_node->is_used = true;
655 vtbl_var_decl = vtable_map_node->vtbl_map_decl;
656
657 if (TREE_CODE (vtbl_decl) == VAR_DECL)
658 vtable_name = IDENTIFIER_POINTER (DECL_NAME (vtbl_decl));
659
660 /* Call different routines if we are interested in
661 trace information to debug problems. */
662 if (flag_vtv_debug)
663 {
664 int len1 = IDENTIFIER_LENGTH
665 (DECL_NAME (vtbl_var_decl));
666 int len2 = strlen (vtable_name);
667
668 call_stmt = gimple_build_call
669 (verify_vtbl_ptr_fndecl, 4,
670 build1 (ADDR_EXPR,
671 TYPE_POINTER_TO
672 (TREE_TYPE (vtbl_var_decl)),
673 vtbl_var_decl),
674 lhs,
675 build_string_literal
676 (len1 + 1,
677 IDENTIFIER_POINTER
678 (DECL_NAME
679 (vtbl_var_decl))),
680 build_string_literal (len2 + 1,
681 vtable_name));
682 }
683 else
684 call_stmt = gimple_build_call
685 (verify_vtbl_ptr_fndecl, 2,
686 build1 (ADDR_EXPR,
687 TYPE_POINTER_TO
688 (TREE_TYPE (vtbl_var_decl)),
689 vtbl_var_decl),
690 lhs);
691
692
693 /* Create a new SSA_NAME var to hold the call's
694 return value, and make the call_stmt use the
695 variable for that purpose. */
696 tmp0 = make_temp_ssa_name (TREE_TYPE (lhs), NULL, "VTV");
697 gimple_call_set_lhs (call_stmt, tmp0);
698 update_stmt (call_stmt);
699
700 /* Replace all uses of lhs with tmp0. */
701 found = false;
702 imm_use_iterator iterator;
703 gimple use_stmt;
704 FOR_EACH_IMM_USE_STMT (use_stmt, iterator, lhs)
705 {
706 use_operand_p use_p;
707 if (use_stmt == call_stmt)
708 continue;
709 FOR_EACH_IMM_USE_ON_STMT (use_p, iterator)
710 SET_USE (use_p, tmp0);
711 update_stmt (use_stmt);
712 found = true;
713 }
714
715 gcc_assert (found);
716
717 /* Insert the new verification call just after the
718 statement that gets the vtable pointer out of the
719 object. */
720 gcc_assert (gsi_stmt (gsi_vtbl_assign) == stmt);
721 gsi_insert_after (&gsi_vtbl_assign, call_stmt,
722 GSI_NEW_STMT);
723
724 any_verification_calls_generated = true;
725 total_num_verified_vcalls++;
726 }
727 }
728 }
729 }
730 }
731
732 /* Definition of this optimization pass. */
733
734 namespace {
735
736 const pass_data pass_data_vtable_verify =
737 {
738 GIMPLE_PASS, /* type */
739 "vtable-verify", /* name */
740 OPTGROUP_NONE, /* optinfo_flags */
741 TV_VTABLE_VERIFICATION, /* tv_id */
742 ( PROP_cfg | PROP_ssa ), /* properties_required */
743 0, /* properties_provided */
744 0, /* properties_destroyed */
745 0, /* todo_flags_start */
746 TODO_update_ssa, /* todo_flags_finish */
747 };
748
749 class pass_vtable_verify : public gimple_opt_pass
750 {
751 public:
752 pass_vtable_verify (gcc::context *ctxt)
753 : gimple_opt_pass (pass_data_vtable_verify, ctxt)
754 {}
755
756 /* opt_pass methods: */
757 virtual bool gate (function *) { return (flag_vtable_verify); }
758 virtual unsigned int execute (function *);
759
760 }; // class pass_vtable_verify
761
762 /* Loop through all the basic blocks in the current function, passing them to
763 verify_bb_vtables, which searches for virtual calls, and inserts
764 calls to __VLTVerifyVtablePointer. */
765
766 unsigned int
767 pass_vtable_verify::execute (function *fun)
768 {
769 unsigned int ret = 1;
770 basic_block bb;
771
772 FOR_ALL_BB_FN (bb, fun)
773 verify_bb_vtables (bb);
774
775 return ret;
776 }
777
778 } // anon namespace
779
780 gimple_opt_pass *
781 make_pass_vtable_verify (gcc::context *ctxt)
782 {
783 return new pass_vtable_verify (ctxt);
784 }
785
786 #include "gt-vtable-verify.h"