+2017-10-20 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
+
+ * extend.texi: Add 'nocf_check' documentation.
+ * gimple.texi: Add second parameter to
+ gimple_build_call_from_tree.
+ * invoke.texi: Add -fcf-protection documentation.
+ * rtl.texi: Add REG_CALL_NOTRACK documenation.
+
2017-10-20 Richard Biener <rguenther@suse.de>
PR tree-optimization/82473
@code{target("fpmath=sse,387")} option as
@code{target("fpmath=sse+387")} because the comma would separate
different options.
+
+@item nocf_check
+@cindex @code{nocf_check} function attribute
+The @code{nocf_check} attribute on a function is used to inform the
+compiler that the function's prologue should not be instrumented when
+compiled with the @option{-fcf-protection=branch} option. The
+compiler assumes that the function's address is a valid target for a
+control-flow transfer.
+
+The @code{nocf_check} attribute on a type of pointer to function is
+used to inform the compiler that a call through the pointer should
+not be instrumented when compiled with the
+@option{-fcf-protection=branch} option. The compiler assumes
+that the function's address from the pointer is a valid target for
+a control-flow transfer. A direct function call through a function
+name is assumed to be a safe call thus direct calls are not
+instrumented by the compiler.
+
+The @code{nocf_check} attribute is applied to an object's type.
+In case of assignment of a function address or a function pointer to
+another pointer, the attribute is not carried over from the right-hand
+object's type; the type of left-hand object stays unchanged. The
+compiler checks for @code{nocf_check} attribute mismatch and reports
+a warning in case of mismatch.
+
+@smallexample
+@{
+int foo (void) __attribute__(nocf_check);
+void (*foo1)(void) __attribute__(nocf_check);
+void (*foo2)(void);
+
+int
+foo (void) /* The function's address is assumed to be valid. */
+
+ /* This call site is not checked for control-flow validity. */
+ (*foo1)();
+
+ foo1 = foo2; /* A warning is printed about attribute mismatch. */
+ /* This call site is still not checked for control-flow validity. */
+ (*foo1)();
+
+ /* This call site is checked for control-flow validity. */
+ (*foo2)();
+
+ foo2 = foo1; /* A warning is printed about attribute mismatch. */
+ /* This call site is still checked for control-flow validity. */
+ (*foo2)();
+
+ return 0;
+@}
+@end smallexample
+
@end table
On the x86, the inliner does not inline a
@end deftypefn
-@deftypefn {GIMPLE function} gcall *gimple_build_call_from_tree (tree call_expr)
-Build a @code{GIMPLE_CALL} from a @code{CALL_EXPR} node. The arguments and the
-function are taken from the expression directly. This routine
-assumes that @code{call_expr} is already in GIMPLE form. That is, its
-operands are GIMPLE values and the function call needs no further
+@deftypefn {GIMPLE function} gcall *gimple_build_call_from_tree (tree call_expr, @
+tree fnptrtype)
+Build a @code{GIMPLE_CALL} from a @code{CALL_EXPR} node. The arguments
+and the function are taken from the expression directly. The type of the
+@code{GIMPLE_CALL} is set from the second parameter passed by a caller.
+This routine assumes that @code{call_expr} is already in GIMPLE form.
+That is, its operands are GIMPLE values and the function call needs no further
simplification. All the call flags in @code{call_expr} are copied over
to the new @code{GIMPLE_CALL}.
@end deftypefn
-fchkp-check-read -fchkp-check-write -fchkp-store-bounds @gol
-fchkp-instrument-calls -fchkp-instrument-marked-only @gol
-fchkp-use-wrappers -fchkp-flexible-struct-trailing-arrays@gol
+-fcf-protection==@r{[}full@r{|}branch@r{|}return@r{|}none@r{]} @gol
-fstack-protector -fstack-protector-all -fstack-protector-strong @gol
-fstack-protector-explicit -fstack-check @gol
-fstack-limit-register=@var{reg} -fstack-limit-symbol=@var{sym} @gol
against @file{libmpxwrappers}. See also @option{-static-libmpxwrappers}.
Enabled by default.
+@item -fcf-protection==@r{[}full@r{|}branch@r{|}return@r{|}none@r{]}
+@opindex fcf-protection
+Enable code instrumentation of control-flow transfers to increase
+program security by checking that target addresses of control-flow
+transfer instructions (such as indirect function call, function return,
+indirect jump) are valid. This prevents diverting the flow of control
+to an unexpected target. This is intended to protect against such
+threats as Return-oriented Programming (ROP), and similarly
+call/jmp-oriented programming (COP/JOP).
+
+The value @code{branch} tells the compiler to implement checking of
+validity of control-flow transfer at the point of indirect branch
+instructions, i.e. call/jmp instructions. The value @code{return}
+implements checking of validity at the point of returning from a
+function. The value @code{full} is an alias for specifying both
+@code{branch} and @code{return}. The value @code{none} turns off
+instrumentation.
+
+You can also use the @code{nocf_check} attribute to identify
+which functions and calls should be skipped from instrumentation
+(@pxref{Function Attributes}).
+
@item -fstack-protector
@opindex fstack-protector
Emit extra code to check for buffer overflows, such as stack smashing
the pattern is either complex or misleading.
@end table
+The note @code{REG_CALL_NOCF_CHECK} is used in conjunction with the
+@option{-fcf-protection=branch} option. The note is set if a
+@code{nocf_check} attribute is specified for a function type or a
+pointer to function type. The note is stored in the @code{REG_NOTES}
+field of an insn.
+
+@table @code
+@findex REG_CALL_NOCF_CHECK
+@item REG_CALL_NOCF_CHECK
+Users have control through the @code{nocf_check} attribute to identify
+which calls to a function should be skipped from control-flow instrumentation
+when the option @option{-fcf-protection=branch} is specified. The compiler
+puts a @code{REG_CALL_NOCF_CHECK} note on each @code{CALL_INSN} instruction
+that has a function type marked with a @code{nocf_check} attribute.
+@end table
+
For convenience, the machine mode in an @code{insn_list} or
@code{expr_list} is printed using these symbolic codes in debugging dumps.
projects / gcc.git / commitdiff