projects / gcc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
coretypes.h: Include machmode.h...
[gcc.git] / gcc / vtable-verify.c
1 /* Copyright (C) 2013-2015 Free Software Foundation, Inc.
2
3 This file is part of GCC.
4
5 GCC is free software; you can redistribute it and/or modify it under
6 the terms of the GNU General Public License as published by the Free
7 Software Foundation; either version 3, or (at your option) any later
8 version.
9
10 GCC is distributed in the hope that it will be useful, but WITHOUT ANY
11 WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 for more details.
14
15 You should have received a copy of the GNU General Public License
16 along with GCC; see the file COPYING3. If not see
17 <http://www.gnu.org/licenses/>. */
18
19 /* Virtual Table Pointer Security Pass - Detect corruption of vtable pointers
20 before using them for virtual method dispatches. */
21
22 /* This file is part of the vtable security feature implementation.
23 The vtable security feature is designed to detect when a virtual
24 call is about to be made through an invalid vtable pointer
25 (possibly due to data corruption or malicious attacks). The
26 compiler finds every virtual call, and inserts a verification call
27 before the virtual call. The verification call takes the actual
28 vtable pointer value in the object through which the virtual call
29 is being made, and compares the vtable pointer against a set of all
30 valid vtable pointers that the object could contain (this set is
31 based on the declared type of the object). If the pointer is in
32 the valid set, execution is allowed to continue; otherwise the
33 program is halted.
34
35 There are several pieces needed in order to make this work: 1. For
36 every virtual class in the program (i.e. a class that contains
37 virtual methods), we need to build the set of all possible valid
38 vtables that an object of that class could point to. This includes
39 vtables for any class(es) that inherit from the class under
40 consideration. 2. For every such data set we build up, we need a
41 way to find and reference the data set. This is complicated by the
42 fact that the real vtable addresses are not known until runtime,
43 when the program is loaded into memory, but we need to reference the
44 sets at compile time when we are inserting verification calls into
45 the program. 3. We need to find every virtual call in the program,
46 and insert the verification call (with the appropriate arguments)
47 before the virtual call. 4. We need some runtime library pieces:
48 the code to build up the data sets at runtime; the code to actually
49 perform the verification using the data sets; and some code to set
50 protections on the data sets, so they themselves do not become
51 hacker targets.
52
53 To find and reference the set of valid vtable pointers for any given
54 virtual class, we create a special global variable for each virtual
55 class. We refer to this as the "vtable map variable" for that
56 class. The vtable map variable has the type "void *", and is
57 initialized by the compiler to NULL. At runtime when the set of
58 valid vtable pointers for a virtual class, e.g. class Foo, is built,
59 the vtable map variable for class Foo is made to point to the set.
60 During compile time, when the compiler is inserting verification
61 calls into the program, it passes the vtable map variable for the
62 appropriate class to the verification call, so that at runtime the
63 verification call can find the appropriate data set.
64
65 The actual set of valid vtable pointers for a virtual class,
66 e.g. class Foo, cannot be built until runtime, when the vtables get
67 loaded into memory and their addresses are known. But the knowledge
68 about which vtables belong in which class' hierarchy is only known
69 at compile time. Therefore at compile time we collect class
70 hierarchy and vtable information about every virtual class, and we
71 generate calls to build up the data sets at runtime. To build the
72 data sets, we call one of the functions we add to the runtime
73 library, __VLTRegisterPair. __VLTRegisterPair takes two arguments,
74 a vtable map variable and the address of a vtable. If the vtable
75 map variable is currently NULL, it creates a new data set (hash
76 table), makes the vtable map variable point to the new data set, and
77 inserts the vtable address into the data set. If the vtable map
78 variable is not NULL, it just inserts the vtable address into the
79 data set. In order to make sure that our data sets are built before
80 any verification calls happen, we create a special constructor
81 initialization function for each compilation unit, give it a very
82 high initialization priority, and insert all of our calls to
83 __VLTRegisterPair into our special constructor initialization
84 function.
85
86 The vtable verification feature is controlled by the flag
87 '-fvtable-verify='. There are three flavors of this:
88 '-fvtable-verify=std', '-fvtable-verify=preinit', and
89 '-fvtable-verify=none'. If the option '-fvtable-verfy=preinit' is
90 used, then our constructor initialization function gets put into the
91 preinit array. This is necessary if there are data sets that need
92 to be built very early in execution. If the constructor
93 initialization function gets put into the preinit array, the we also
94 add calls to __VLTChangePermission at the beginning and end of the
95 function. The call at the beginning sets the permissions on the
96 data sets and vtable map variables to read/write, and the one at the
97 end makes them read-only. If the '-fvtable-verify=std' option is
98 used, the constructor initialization functions are executed at their
99 normal time, and the __VLTChangePermission calls are handled
100 differently (see the comments in libstdc++-v3/libsupc++/vtv_rts.cc).
101 The option '-fvtable-verify=none' turns off vtable verification.
102
103 This file contains code for the tree pass that goes through all the
104 statements in each basic block, looking for virtual calls, and
105 inserting a call to __VLTVerifyVtablePointer (with appropriate
106 arguments) before each one. It also contains the hash table
107 functions for the data structures used for collecting the class
108 hierarchy data and building/maintaining the vtable map variable data
109 are defined in gcc/vtable-verify.h. These data structures are
110 shared with the code in the C++ front end that collects the class
111 hierarchy & vtable information and generates the vtable map
112 variables (see cp/vtable-class-hierarchy.c). This tree pass should
113 run just before the gimple is converted to RTL.
114
115 Some implementation details for this pass:
116
117 To find all of the virtual calls, we iterate through all the
118 gimple statements in each basic block, looking for any call
119 statement with the code "OBJ_TYPE_REF". Once we have found the
120 virtual call, we need to find the vtable pointer through which the
121 call is being made, and the type of the object containing the
122 pointer (to find the appropriate vtable map variable). We then use
123 these to build a call to __VLTVerifyVtablePointer, passing the
124 vtable map variable, and the vtable pointer. We insert the
125 verification call just after the gimple statement that gets the
126 vtable pointer out of the object, and we update the next
127 statement to depend on the result returned from
128 __VLTVerifyVtablePointer (the vtable pointer value), to ensure
129 subsequent compiler phases don't remove or reorder the call (it's no
130 good to have the verification occur after the virtual call, for
131 example). To find the vtable pointer being used (and the type of
132 the object) we search backwards through the def_stmts chain from the
133 virtual call (see verify_bb_vtables for more details). */
134
135 #include "config.h"
136 #include "system.h"
137 #include "coretypes.h"
138 #include "hash-set.h"
139 #include "vec.h"
140 #include "input.h"
141 #include "alias.h"
142 #include "symtab.h"
143 #include "options.h"
144 #include "inchash.h"
145 #include "tree.h"
146 #include "fold-const.h"
147 #include "predict.h"
148 #include "tm.h"
149 #include "hard-reg-set.h"
150 #include "input.h"
151 #include "function.h"
152 #include "dominance.h"
153 #include "cfg.h"
154 #include "basic-block.h"
155 #include "tree-ssa-alias.h"
156 #include "internal-fn.h"
157 #include "gimple-expr.h"
158 #include "is-a.h"
159 #include "gimple.h"
160 #include "gimple-iterator.h"
161 #include "gimple-ssa.h"
162 #include "tree-phinodes.h"
163 #include "ssa-iterators.h"
164 #include "stringpool.h"
165 #include "tree-ssanames.h"
166 #include "tree-pass.h"
167 #include "cfgloop.h"
168
169 #include "vtable-verify.h"
170
171 unsigned num_vtable_map_nodes = 0;
172 int total_num_virtual_calls = 0;
173 int total_num_verified_vcalls = 0;
174
175 extern GTY(()) tree verify_vtbl_ptr_fndecl;
176 tree verify_vtbl_ptr_fndecl = NULL_TREE;
177
178 /* Keep track of whether or not any virtual call were verified. */
179 static bool any_verification_calls_generated = false;
180
181 unsigned int vtable_verify_main (void);
182
183
184 /* The following few functions are for the vtbl pointer hash table
185 in the 'registered' field of the struct vtable_map_node. The hash
186 table keeps track of which vtable pointers have been used in
187 calls to __VLTRegisterPair with that particular vtable map variable. */
188
189 /* This function checks to see if a particular VTABLE_DECL and OFFSET are
190 already in the 'registered' hash table for NODE. */
191
192 bool
193 vtbl_map_node_registration_find (struct vtbl_map_node *node,
194 tree vtable_decl,
195 unsigned offset)
196 {
197 struct vtable_registration key;
198 struct vtable_registration **slot;
199
200 gcc_assert (node && node->registered);
201
202 key.vtable_decl = vtable_decl;
203 slot = node->registered->find_slot (&key, NO_INSERT);
204
205 if (slot && (*slot))
206 {
207 unsigned i;
208 for (i = 0; i < ((*slot)->offsets).length (); ++i)
209 if ((*slot)->offsets[i] == offset)
210 return true;
211 }
212
213 return false;
214 }
215
216 /* This function inserts VTABLE_DECL and OFFSET into the 'registered'
217 hash table for NODE. It returns a boolean indicating whether or not
218 it actually inserted anything. */
219
220 bool
221 vtbl_map_node_registration_insert (struct vtbl_map_node *node,
222 tree vtable_decl,
223 unsigned offset)
224 {
225 struct vtable_registration key;
226 struct vtable_registration **slot;
227 bool inserted_something = false;
228
229 if (!node || !node->registered)
230 return false;
231
232 key.vtable_decl = vtable_decl;
233 slot = node->registered->find_slot (&key, INSERT);
234
235 if (! *slot)
236 {
237 struct vtable_registration *node;
238 node = XNEW (struct vtable_registration);
239 node->vtable_decl = vtable_decl;
240
241 (node->offsets).create (10);
242 (node->offsets).safe_push (offset);
243 *slot = node;
244 inserted_something = true;
245 }
246 else
247 {
248 /* We found the vtable_decl slot; we need to see if it already
249 contains the offset. If not, we need to add the offset. */
250 unsigned i;
251 bool found = false;
252 for (i = 0; i < ((*slot)->offsets).length () && !found; ++i)
253 if ((*slot)->offsets[i] == offset)
254 found = true;
255
256 if (!found)
257 {
258 ((*slot)->offsets).safe_push (offset);
259 inserted_something = true;
260 }
261 }
262 return inserted_something;
263 }
264
265 /* Hashtable functions for vtable_registration hashtables. */
266
267 inline hashval_t
268 registration_hasher::hash (const vtable_registration *p)
269 {
270 const struct vtable_registration *n = (const struct vtable_registration *) p;
271 return (hashval_t) (DECL_UID (n->vtable_decl));
272 }
273
274 inline bool
275 registration_hasher::equal (const vtable_registration *p1,
276 const vtable_registration *p2)
277 {
278 const struct vtable_registration *n1 =
279 (const struct vtable_registration *) p1;
280 const struct vtable_registration *n2 =
281 (const struct vtable_registration *) p2;
282 return (DECL_UID (n1->vtable_decl) == DECL_UID (n2->vtable_decl));
283 }
284
285 /* End of hashtable functions for "registered" hashtables. */
286
287
288
289 /* Hashtable definition and functions for vtbl_map_hash. */
290
291 struct vtbl_map_hasher : typed_noop_remove <struct vtbl_map_node>
292 {
293 typedef struct vtbl_map_node *value_type;
294 typedef struct vtbl_map_node *compare_type;
295 static inline hashval_t hash (const vtbl_map_node *);
296 static inline bool equal (const vtbl_map_node *, const vtbl_map_node *);
297 };
298
299 /* Returns a hash code for P. */
300
301 inline hashval_t
302 vtbl_map_hasher::hash (const vtbl_map_node *p)
303 {
304 const struct vtbl_map_node n = *((const struct vtbl_map_node *) p);
305 return (hashval_t) IDENTIFIER_HASH_VALUE (n.class_name);
306 }
307
308 /* Returns nonzero if P1 and P2 are equal. */
309
310 inline bool
311 vtbl_map_hasher::equal (const vtbl_map_node *p1, const vtbl_map_node *p2)
312 {
313 const struct vtbl_map_node n1 = *((const struct vtbl_map_node *) p1);
314 const struct vtbl_map_node n2 = *((const struct vtbl_map_node *) p2);
315 return (IDENTIFIER_HASH_VALUE (n1.class_name) ==
316 IDENTIFIER_HASH_VALUE (n2.class_name));
317 }
318
319 /* Here are the two structures into which we insert vtable map nodes.
320 We use two data structures because of the vastly different ways we need
321 to find the nodes for various tasks (see comments in vtable-verify.h
322 for more details. */
323
324 typedef hash_table<vtbl_map_hasher> vtbl_map_table_type;
325 typedef vtbl_map_table_type::iterator vtbl_map_iterator_type;
326
327 /* Vtable map variable nodes stored in a hash table. */
328 static vtbl_map_table_type *vtbl_map_hash;
329
330 /* Vtable map variable nodes stored in a vector. */
331 vec<struct vtbl_map_node *> vtbl_map_nodes_vec;
332
333 /* Return vtbl_map node for CLASS_NAME without creating a new one. */
334
335 struct vtbl_map_node *
336 vtbl_map_get_node (tree class_type)
337 {
338 struct vtbl_map_node key;
339 struct vtbl_map_node **slot;
340
341 tree class_type_decl;
342 tree class_name;
343 unsigned int type_quals;
344
345 if (!vtbl_map_hash)
346 return NULL;
347
348 gcc_assert (TREE_CODE (class_type) == RECORD_TYPE);
349
350
351 /* Find the TYPE_DECL for the class. */
352 class_type_decl = TYPE_NAME (class_type);
353
354 /* Verify that there aren't any qualifiers on the type. */
355 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
356 gcc_assert (type_quals == TYPE_UNQUALIFIED);
357
358 /* Get the mangled name for the unqualified type. */
359 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
360 class_name = DECL_ASSEMBLER_NAME (class_type_decl);
361
362 key.class_name = class_name;
363 slot = (struct vtbl_map_node **) vtbl_map_hash->find_slot (&key, NO_INSERT);
364 if (!slot)
365 return NULL;
366 return *slot;
367 }
368
369 /* Return vtbl_map node assigned to BASE_CLASS_TYPE. Create new one
370 when needed. */
371
372 struct vtbl_map_node *
373 find_or_create_vtbl_map_node (tree base_class_type)
374 {
375 struct vtbl_map_node key;
376 struct vtbl_map_node *node;
377 struct vtbl_map_node **slot;
378 tree class_type_decl;
379 unsigned int type_quals;
380
381 if (!vtbl_map_hash)
382 vtbl_map_hash = new vtbl_map_table_type (10);
383
384 /* Find the TYPE_DECL for the class. */
385 class_type_decl = TYPE_NAME (base_class_type);
386
387 /* Verify that there aren't any type qualifiers on type. */
388 type_quals = TYPE_QUALS (TREE_TYPE (class_type_decl));
389 gcc_assert (type_quals == TYPE_UNQUALIFIED);
390
391 gcc_assert (HAS_DECL_ASSEMBLER_NAME_P (class_type_decl));
392 key.class_name = DECL_ASSEMBLER_NAME (class_type_decl);
393 slot = (struct vtbl_map_node **) vtbl_map_hash->find_slot (&key, INSERT);
394
395 if (*slot)
396 return *slot;
397
398 node = XNEW (struct vtbl_map_node);
399 node->vtbl_map_decl = NULL_TREE;
400 node->class_name = key.class_name;
401 node->uid = num_vtable_map_nodes++;
402
403 node->class_info = XNEW (struct vtv_graph_node);
404 node->class_info->class_type = base_class_type;
405 node->class_info->class_uid = node->uid;
406 node->class_info->num_processed_children = 0;
407
408 (node->class_info->parents).create (4);
409 (node->class_info->children).create (4);
410
411 node->registered = new register_table_type (16);
412
413 node->is_used = false;
414
415 vtbl_map_nodes_vec.safe_push (node);
416 gcc_assert (vtbl_map_nodes_vec[node->uid] == node);
417
418 *slot = node;
419 return node;
420 }
421
422 /* End of hashtable functions for vtable_map variables hash table. */
423
424 /* Given a gimple STMT, this function checks to see if the statement
425 is an assignment, the rhs of which is getting the vtable pointer
426 value out of an object. (i.e. it's the value we need to verify
427 because its the vtable pointer that will be used for a virtual
428 call). */
429
430 static bool
431 is_vtable_assignment_stmt (gimple stmt)
432 {
433
434 if (gimple_code (stmt) != GIMPLE_ASSIGN)
435 return false;
436 else
437 {
438 tree lhs = gimple_assign_lhs (stmt);
439 tree rhs = gimple_assign_rhs1 (stmt);
440
441 if (TREE_CODE (lhs) != SSA_NAME)
442 return false;
443
444 if (TREE_CODE (rhs) != COMPONENT_REF)
445 return false;
446
447 if (! (TREE_OPERAND (rhs, 1))
448 || (TREE_CODE (TREE_OPERAND (rhs, 1)) != FIELD_DECL))
449 return false;
450
451 if (! DECL_VIRTUAL_P (TREE_OPERAND (rhs, 1)))
452 return false;
453 }
454
455 return true;
456 }
457
458 /* This function attempts to recover the declared class of an object
459 that is used in making a virtual call. We try to get the type from
460 the type cast in the gimple assignment statement that extracts the
461 vtable pointer from the object (DEF_STMT). The gimple statement
462 usually looks something like this:
463
464 D.2201_4 = MEM[(struct Event *)this_1(D)]._vptr.Event */
465
466 static tree
467 extract_object_class_type (tree rhs)
468 {
469 tree result = NULL_TREE;
470
471 /* Try to find and extract the type cast from that stmt. */
472 if (TREE_CODE (rhs) == COMPONENT_REF)
473 {
474 tree op0 = TREE_OPERAND (rhs, 0);
475 tree op1 = TREE_OPERAND (rhs, 1);
476
477 if (TREE_CODE (op1) == FIELD_DECL
478 && DECL_VIRTUAL_P (op1))
479 {
480 if (TREE_CODE (op0) == COMPONENT_REF
481 && TREE_CODE (TREE_OPERAND (op0, 0)) == MEM_REF
482 && TREE_CODE (TREE_TYPE (TREE_OPERAND (op0, 0)))== RECORD_TYPE)
483 result = TREE_TYPE (TREE_OPERAND (op0, 0));
484 else
485 result = TREE_TYPE (op0);
486 }
487 else if (TREE_CODE (op0) == COMPONENT_REF)
488 {
489 result = extract_object_class_type (op0);
490 if (result == NULL_TREE
491 && TREE_CODE (op1) == COMPONENT_REF)
492 result = extract_object_class_type (op1);
493 }
494 }
495
496 return result;
497 }
498
499 /* This function traces forward through the def-use chain of an SSA
500 variable to see if it ever gets used in a virtual function call. It
501 returns a boolean indicating whether or not it found a virtual call in
502 the use chain. */
503
504 static bool
505 var_is_used_for_virtual_call_p (tree lhs, int *mem_ref_depth)
506 {
507 imm_use_iterator imm_iter;
508 bool found_vcall = false;
509 use_operand_p use_p;
510
511 if (TREE_CODE (lhs) != SSA_NAME)
512 return false;
513
514 if (*mem_ref_depth > 2)
515 return false;
516
517 /* Iterate through the immediate uses of the current variable. If
518 it's a virtual function call, we're done. Otherwise, if there's
519 an LHS for the use stmt, add the ssa var to the work list
520 (assuming it's not already in the list and is not a variable
521 we've already examined. */
522
523 FOR_EACH_IMM_USE_FAST (use_p, imm_iter, lhs)
524 {
525 gimple stmt2 = USE_STMT (use_p);
526
527 if (is_gimple_call (stmt2))
528 {
529 tree fncall = gimple_call_fn (stmt2);
530 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
531 found_vcall = true;
532 else
533 return false;
534 }
535 else if (gimple_code (stmt2) == GIMPLE_PHI)
536 {
537 found_vcall = var_is_used_for_virtual_call_p
538 (gimple_phi_result (stmt2),
539 mem_ref_depth);
540 }
541 else if (is_gimple_assign (stmt2))
542 {
543 tree rhs = gimple_assign_rhs1 (stmt2);
544 if (TREE_CODE (rhs) == ADDR_EXPR
545 || TREE_CODE (rhs) == MEM_REF)
546 *mem_ref_depth = *mem_ref_depth + 1;
547
548 if (TREE_CODE (rhs) == COMPONENT_REF)
549 {
550 while (TREE_CODE (TREE_OPERAND (rhs, 0)) == COMPONENT_REF)
551 rhs = TREE_OPERAND (rhs, 0);
552
553 if (TREE_CODE (TREE_OPERAND (rhs, 0)) == ADDR_EXPR
554 || TREE_CODE (TREE_OPERAND (rhs, 0)) == MEM_REF)
555 *mem_ref_depth = *mem_ref_depth + 1;
556 }
557
558 if (*mem_ref_depth < 3)
559 found_vcall = var_is_used_for_virtual_call_p
560 (gimple_assign_lhs (stmt2),
561 mem_ref_depth);
562 }
563
564 else
565 break;
566
567 if (found_vcall)
568 return true;
569 }
570
571 return false;
572 }
573
574 /* Search through all the statements in a basic block (BB), searching
575 for virtual method calls. For each virtual method dispatch, find
576 the vptr value used, and the statically declared type of the
577 object; retrieve the vtable map variable for the type of the
578 object; generate a call to __VLTVerifyVtablePointer; and insert the
579 generated call into the basic block, after the point where the vptr
580 value is gotten out of the object and before the virtual method
581 dispatch. Make the virtual method dispatch depend on the return
582 value from the verification call, so that subsequent optimizations
583 cannot reorder the two calls. */
584
585 static void
586 verify_bb_vtables (basic_block bb)
587 {
588 gimple_seq stmts;
589 gimple stmt = NULL;
590 gimple_stmt_iterator gsi_vtbl_assign;
591 gimple_stmt_iterator gsi_virtual_call;
592
593 stmts = bb_seq (bb);
594 gsi_virtual_call = gsi_start (stmts);
595 for (; !gsi_end_p (gsi_virtual_call); gsi_next (&gsi_virtual_call))
596 {
597 stmt = gsi_stmt (gsi_virtual_call);
598
599 /* Count virtual calls. */
600 if (is_gimple_call (stmt))
601 {
602 tree fncall = gimple_call_fn (stmt);
603 if (fncall && TREE_CODE (fncall) == OBJ_TYPE_REF)
604 total_num_virtual_calls++;
605 }
606
607 if (is_vtable_assignment_stmt (stmt))
608 {
609 tree lhs = gimple_assign_lhs (stmt);
610 tree vtbl_var_decl = NULL_TREE;
611 struct vtbl_map_node *vtable_map_node;
612 tree vtbl_decl = NULL_TREE;
613 gcall *call_stmt;
614 const char *vtable_name = "<unknown>";
615 tree tmp0;
616 bool found;
617 int mem_ref_depth = 0;
618
619 /* Make sure this vptr field access is for a virtual call. */
620 if (!var_is_used_for_virtual_call_p (lhs, &mem_ref_depth))
621 continue;
622
623 /* Now we have found the virtual method dispatch and
624 the preceding access of the _vptr.* field... Next
625 we need to find the statically declared type of
626 the object, so we can find and use the right
627 vtable map variable in the verification call. */
628 tree class_type = extract_object_class_type
629 (gimple_assign_rhs1 (stmt));
630
631 gsi_vtbl_assign = gsi_for_stmt (stmt);
632
633 if (class_type
634 && (TREE_CODE (class_type) == RECORD_TYPE)
635 && TYPE_BINFO (class_type))
636 {
637 /* Get the vtable VAR_DECL for the type. */
638 vtbl_var_decl = BINFO_VTABLE (TYPE_BINFO (class_type));
639
640 if (TREE_CODE (vtbl_var_decl) == POINTER_PLUS_EXPR)
641 vtbl_var_decl = TREE_OPERAND (TREE_OPERAND (vtbl_var_decl, 0),
642 0);
643
644 gcc_assert (vtbl_var_decl);
645
646 vtbl_decl = vtbl_var_decl;
647 vtable_map_node = vtbl_map_get_node
648 (TYPE_MAIN_VARIANT (class_type));
649
650 gcc_assert (verify_vtbl_ptr_fndecl);
651
652 /* Given the vtable pointer for the base class of the
653 object, build the call to __VLTVerifyVtablePointer to
654 verify that the object's vtable pointer (contained in
655 lhs) is in the set of valid vtable pointers for the
656 base class. */
657
658 if (vtable_map_node && vtable_map_node->vtbl_map_decl)
659 {
660 vtable_map_node->is_used = true;
661 vtbl_var_decl = vtable_map_node->vtbl_map_decl;
662
663 if (TREE_CODE (vtbl_decl) == VAR_DECL)
664 vtable_name = IDENTIFIER_POINTER (DECL_NAME (vtbl_decl));
665
666 /* Call different routines if we are interested in
667 trace information to debug problems. */
668 if (flag_vtv_debug)
669 {
670 int len1 = IDENTIFIER_LENGTH
671 (DECL_NAME (vtbl_var_decl));
672 int len2 = strlen (vtable_name);
673
674 call_stmt = gimple_build_call
675 (verify_vtbl_ptr_fndecl, 4,
676 build1 (ADDR_EXPR,
677 TYPE_POINTER_TO
678 (TREE_TYPE (vtbl_var_decl)),
679 vtbl_var_decl),
680 lhs,
681 build_string_literal
682 (len1 + 1,
683 IDENTIFIER_POINTER
684 (DECL_NAME
685 (vtbl_var_decl))),
686 build_string_literal (len2 + 1,
687 vtable_name));
688 }
689 else
690 call_stmt = gimple_build_call
691 (verify_vtbl_ptr_fndecl, 2,
692 build1 (ADDR_EXPR,
693 TYPE_POINTER_TO
694 (TREE_TYPE (vtbl_var_decl)),
695 vtbl_var_decl),
696 lhs);
697
698
699 /* Create a new SSA_NAME var to hold the call's
700 return value, and make the call_stmt use the
701 variable for that purpose. */
702 tmp0 = make_temp_ssa_name (TREE_TYPE (lhs), NULL, "VTV");
703 gimple_call_set_lhs (call_stmt, tmp0);
704 update_stmt (call_stmt);
705
706 /* Replace all uses of lhs with tmp0. */
707 found = false;
708 imm_use_iterator iterator;
709 gimple use_stmt;
710 FOR_EACH_IMM_USE_STMT (use_stmt, iterator, lhs)
711 {
712 use_operand_p use_p;
713 if (use_stmt == call_stmt)
714 continue;
715 FOR_EACH_IMM_USE_ON_STMT (use_p, iterator)
716 SET_USE (use_p, tmp0);
717 update_stmt (use_stmt);
718 found = true;
719 }
720
721 gcc_assert (found);
722
723 /* Insert the new verification call just after the
724 statement that gets the vtable pointer out of the
725 object. */
726 gcc_assert (gsi_stmt (gsi_vtbl_assign) == stmt);
727 gsi_insert_after (&gsi_vtbl_assign, call_stmt,
728 GSI_NEW_STMT);
729
730 any_verification_calls_generated = true;
731 total_num_verified_vcalls++;
732 }
733 }
734 }
735 }
736 }
737
738 /* Definition of this optimization pass. */
739
740 namespace {
741
742 const pass_data pass_data_vtable_verify =
743 {
744 GIMPLE_PASS, /* type */
745 "vtable-verify", /* name */
746 OPTGROUP_NONE, /* optinfo_flags */
747 TV_VTABLE_VERIFICATION, /* tv_id */
748 ( PROP_cfg | PROP_ssa ), /* properties_required */
749 0, /* properties_provided */
750 0, /* properties_destroyed */
751 0, /* todo_flags_start */
752 TODO_update_ssa, /* todo_flags_finish */
753 };
754
755 class pass_vtable_verify : public gimple_opt_pass
756 {
757 public:
758 pass_vtable_verify (gcc::context *ctxt)
759 : gimple_opt_pass (pass_data_vtable_verify, ctxt)
760 {}
761
762 /* opt_pass methods: */
763 virtual bool gate (function *) { return (flag_vtable_verify); }
764 virtual unsigned int execute (function *);
765
766 }; // class pass_vtable_verify
767
768 /* Loop through all the basic blocks in the current function, passing them to
769 verify_bb_vtables, which searches for virtual calls, and inserts
770 calls to __VLTVerifyVtablePointer. */
771
772 unsigned int
773 pass_vtable_verify::execute (function *fun)
774 {
775 unsigned int ret = 1;
776 basic_block bb;
777
778 FOR_ALL_BB_FN (bb, fun)
779 verify_bb_vtables (bb);
780
781 return ret;
782 }
783
784 } // anon namespace
785
786 gimple_opt_pass *
787 make_pass_vtable_verify (gcc::context *ctxt)
788 {
789 return new pass_vtable_verify (ctxt);
790 }
791
792 #include "gt-vtable-verify.h"