1/* AddressSanitizer, a fast memory error detector.
2 Copyright (C) 2011-2017 Free Software Foundation, Inc.
3 Contributed by Kostya Serebryany <kcc@google.com>
4
5This file is part of GCC.
6
7GCC is free software; you can redistribute it and/or modify it under
8the terms of the GNU General Public License as published by the Free
9Software Foundation; either version 3, or (at your option) any later
10version.
11
12GCC is distributed in the hope that it will be useful, but WITHOUT ANY
13WARRANTY; without even the implied warranty of MERCHANTABILITY or
14FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15for more details.
16
17You should have received a copy of the GNU General Public License
18along with GCC; see the file COPYING3. If not see
19<http://www.gnu.org/licenses/>. */
20
21#ifndef TREE_ASAN
22#define TREE_ASAN
23
24extern void asan_function_start (void);
25extern void asan_finish_file (void);
26extern rtx_insn *asan_emit_stack_protection (rtx, rtx, unsigned int,
27 HOST_WIDE_INT *, tree *, int);
28extern rtx_insn *asan_emit_allocas_unpoison (rtx, rtx, rtx_insn *);
29extern bool asan_protect_global (tree, bool ignore_decl_rtl_set_p = false);
30extern void initialize_sanitizer_builtins (void);
31extern tree asan_dynamic_init_call (bool);
32extern bool asan_expand_check_ifn (gimple_stmt_iterator *, bool);
33extern bool asan_expand_mark_ifn (gimple_stmt_iterator *);
34extern bool asan_expand_poison_ifn (gimple_stmt_iterator *, bool *,
35 hash_map<tree, tree> &);
36
37extern gimple_stmt_iterator create_cond_insert_point
38 (gimple_stmt_iterator *, bool, bool, bool, basic_block *, basic_block *);
39
40/* Alias set for accessing the shadow memory. */
41extern alias_set_type asan_shadow_set;
42
43/* Hash set of labels that are either used in a goto, or their address
44 has been taken. */
45extern hash_set <tree> *asan_used_labels;
46
47/* Shadow memory is found at
48 (address >> ASAN_SHADOW_SHIFT) + asan_shadow_offset (). */
49#define ASAN_SHADOW_SHIFT 3
50#define ASAN_SHADOW_GRANULARITY (1UL << ASAN_SHADOW_SHIFT)
51
52/* Red zone size, stack and global variables are padded by ASAN_RED_ZONE_SIZE
53 up to 2 * ASAN_RED_ZONE_SIZE - 1 bytes. */
54#define ASAN_RED_ZONE_SIZE 32
55
56/* Shadow memory values for stack protection. Left is below protected vars,
57 the first pointer in stack corresponding to that offset contains
58 ASAN_STACK_FRAME_MAGIC word, the second pointer to a string describing
59 the frame. Middle is for padding in between variables, right is
60 above the last protected variable and partial immediately after variables
61 up to ASAN_RED_ZONE_SIZE alignment. */
62#define ASAN_STACK_MAGIC_LEFT 0xf1
63#define ASAN_STACK_MAGIC_MIDDLE 0xf2
64#define ASAN_STACK_MAGIC_RIGHT 0xf3
65#define ASAN_STACK_MAGIC_USE_AFTER_RET 0xf5
66#define ASAN_STACK_MAGIC_USE_AFTER_SCOPE 0xf8
67
68#define ASAN_STACK_FRAME_MAGIC 0x41b58ab3
69#define ASAN_STACK_RETIRED_MAGIC 0x45e0360e
70
71#define ASAN_USE_AFTER_SCOPE_ATTRIBUTE "use after scope memory"
72
73/* Various flags for Asan builtins. */
74enum asan_check_flags
75{
76 ASAN_CHECK_STORE = 1 << 0,
77 ASAN_CHECK_SCALAR_ACCESS = 1 << 1,
78 ASAN_CHECK_NON_ZERO_LEN = 1 << 2,
79 ASAN_CHECK_LAST = 1 << 3
80};
81
82/* Flags for Asan check builtins. */
83#define IFN_ASAN_MARK_FLAGS DEF(POISON), DEF(UNPOISON)
84
85enum asan_mark_flags
86{
87#define DEF(X) ASAN_MARK_##X
88 IFN_ASAN_MARK_FLAGS
89#undef DEF
90};
91
92/* Return true if STMT is ASAN_MARK with FLAG as first argument. */
93extern bool asan_mark_p (gimple *stmt, enum asan_mark_flags flag);
94
95/* Return the size of padding needed to insert after a protected
96 decl of SIZE. */
97
98static inline unsigned int
99asan_red_zone_size (unsigned int size)
100{
101 unsigned int c = size & (ASAN_RED_ZONE_SIZE - 1);
102 return c ? 2 * ASAN_RED_ZONE_SIZE - c : ASAN_RED_ZONE_SIZE;
103}
104
105extern bool set_asan_shadow_offset (const char *);
106
107extern void set_sanitized_sections (const char *);
108
109extern bool asan_sanitize_stack_p (void);
110
111extern bool asan_sanitize_allocas_p (void);
112
113/* Return TRUE if builtin with given FCODE will be intercepted by
114 libasan. */
115
116static inline bool
117asan_intercepted_p (enum built_in_function fcode)
118{
119 return fcode == BUILT_IN_INDEX
120 || fcode == BUILT_IN_MEMCHR
121 || fcode == BUILT_IN_MEMCMP
122 || fcode == BUILT_IN_MEMCPY
123 || fcode == BUILT_IN_MEMMOVE
124 || fcode == BUILT_IN_MEMSET
125 || fcode == BUILT_IN_STRCASECMP
126 || fcode == BUILT_IN_STRCAT
127 || fcode == BUILT_IN_STRCHR
128 || fcode == BUILT_IN_STRCMP
129 || fcode == BUILT_IN_STRCPY
130 || fcode == BUILT_IN_STRDUP
131 || fcode == BUILT_IN_STRLEN
132 || fcode == BUILT_IN_STRNCASECMP
133 || fcode == BUILT_IN_STRNCAT
134 || fcode == BUILT_IN_STRNCMP
135 || fcode == BUILT_IN_STRCSPN
136 || fcode == BUILT_IN_STRPBRK
137 || fcode == BUILT_IN_STRSPN
138 || fcode == BUILT_IN_STRSTR
139 || fcode == BUILT_IN_STRNCPY;
140}
141
142/* Return TRUE if we should instrument for use-after-scope sanity checking. */
143
144static inline bool
145asan_sanitize_use_after_scope (void)
146{
147 return (flag_sanitize_address_use_after_scope && asan_sanitize_stack_p ());
148}
149
150/* Return true if DECL should be guarded on the stack. */
151
152static inline bool
153asan_protect_stack_decl (tree decl)
154{
155 return DECL_P (decl)
156 && (!DECL_ARTIFICIAL (decl)
157 || (asan_sanitize_use_after_scope () && TREE_ADDRESSABLE (decl)));
158}
159
160/* Return true when flag_sanitize & FLAG is non-zero. If FN is non-null,
161 remove all flags mentioned in "no_sanitize" of DECL_ATTRIBUTES. */
162
163static inline bool
164sanitize_flags_p (unsigned int flag, const_tree fn = current_function_decl)
165{
166 unsigned int result_flags = flag_sanitize & flag;
167 if (result_flags == 0)
168 return false;
169
170 if (fn != NULL_TREE)
171 {
172 tree value = lookup_attribute ("no_sanitize", DECL_ATTRIBUTES (fn));
173 if (value)
174 result_flags &= ~tree_to_uhwi (TREE_VALUE (value));
175 }
176
177 return result_flags;
178}
179
180#endif /* TREE_ASAN */
181