public inbox for gcc-cvs@sourceware.org
help / color / mirror / Atom feed
* [gcc(refs/users/giulianob/heads/pfe_backport_dirty)] Backport Add generic part for Intel CET enabling. The spec is available at
@ 2021-10-14 13:01 Giuliano Belinassi
0 siblings, 0 replies; only message in thread
From: Giuliano Belinassi @ 2021-10-14 13:01 UTC (permalink / raw)
To: gcc-cvs
https://gcc.gnu.org/g:35326cf88ca29fae05862a92a12e41c5ac0b1d2d
commit 35326cf88ca29fae05862a92a12e41c5ac0b1d2d
Author: Igor Tsimbalist <igor.v.tsimbalist@intel.com>
Date: Fri Oct 20 15:09:38 2017 +0200
Backport Add generic part for Intel CET enabling. The spec is available at
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
A proposal is to introduce a target independent flag
-fcf-protection=[none|branch|return|full] with a semantic to
instrument a code to control validness or integrity of control-flow
transfers using jump and call instructions. The main goal is to detect
and block a possible malware execution through transfer the execution
to unknown target address. Implementation could be either software or
target based. Any target platforms can provide their implementation
for instrumentation under this option.
The compiler should instrument any control-flow transfer points in a
program (ex. call/jmp/ret) as well as any landing pads, which are
targets of control-flow transfers.
A new 'nocf_check' attribute is introduced to provide hand tuning
support. The attribute directs the compiler to skip a call to a
function and a function's landing pad from instrumentation. The
attribute can be used for function and pointer to function types,
otherwise it will be ignored.
Currently all platforms except i386 will report the error and do no
instrumentation. i386 will provide the implementation based on a
specification published by Intel for a new technology called
Control-flow Enforcement Technology (CET).
gcc/c-family/
* c-attribs.c (handle_nocf_check_attribute): New function.
(c_common_attribute_table): Add 'nocf_check' handling.
gcc/c/
* gimple-parser.c: Add second argument NULL to
gimple_build_call_from_tree.
gcc/
* attrib.c (comp_type_attributes): Check nocf_check attribute.
* cfgexpand.c (expand_call_stmt): Set REG_CALL_NOCF_CHECK for
call insn.
* combine.c (distribute_notes): Add REG_CALL_NOCF_CHECK handling.
* common.opt: Add fcf-protection flag.
* emit-rtl.c (try_split): Add REG_CALL_NOCF_CHECK handling.
* flag-types.h: Add enum cf_protection_level.
* gimple.c (gimple_build_call_from_tree): Add second parameter.
Add 'nocf_check' attribute propagation to gimple call.
* gimple.h (gf_mask): Add GF_CALL_NOCF_CHECK.
(gimple_build_call_from_tree): Update prototype.
(gimple_call_nocf_check_p): New function.
(gimple_call_set_nocf_check): Likewise.
* gimplify.c: Add second argument to gimple_build_call_from_tree.
* ipa-icf.c: Add nocf_check attribute in statement hash.
* recog.c (peep2_attempt): Add REG_CALL_NOCF_CHECK handling.
* reg-notes.def: Add REG_NOTE (CALL_NOCF_CHECK).
* toplev.c (process_options): Add flag_cf_protection handling.
Diff:
---
gcc/ChangeLog | 28 +++++
gcc/attribs.c | 295 +++++++++++++++++++++++++++++++++++++++++++++++
gcc/c-family/c-attribs.c | 27 +++++
gcc/c/gimple-parser.c | 4 +-
gcc/cfgexpand.c | 16 +++
gcc/combine.c | 1 +
gcc/common.opt | 23 ++++
gcc/emit-rtl.c | 1 +
gcc/flag-types.h | 9 ++
gcc/gimple.c | 19 ++-
gcc/gimple.h | 22 +++-
gcc/gimplify.c | 6 +-
gcc/ipa-icf.c | 6 +
gcc/recog.c | 1 +
gcc/reg-notes.def | 7 ++
gcc/toplev.c | 26 +++++
16 files changed, 483 insertions(+), 8 deletions(-)
diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index 9d3a9a2fe18..951e9985417 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,31 @@
+2021-10-13 Giuliano Belinassi <gbelinassi@suse.de>
+
+ Backport from mainline
+ 2017-10-20 Igor Tsimbalist <igor.v.tsimbalist@intel.com>
+
+ * c-attribs.c (handle_nocf_check_attribute): New function.
+ (c_common_attribute_table): Add 'nocf_check' handling.
+ * gimple-parser.c: Add second argument NULL to
+ gimple_build_call_from_tree.
+ * attrib.c (comp_type_attributes): Check nocf_check attribute.
+ * cfgexpand.c (expand_call_stmt): Set REG_CALL_NOCF_CHECK for
+ call insn.
+ * combine.c (distribute_notes): Add REG_CALL_NOCF_CHECK handling.
+ * common.opt: Add fcf-protection flag.
+ * emit-rtl.c (try_split): Add REG_CALL_NOCF_CHECK handling.
+ * flag-types.h: Add enum cf_protection_level.
+ * gimple.c (gimple_build_call_from_tree): Add second parameter.
+ Add 'nocf_check' attribute propagation to gimple call.
+ * gimple.h (gf_mask): Add GF_CALL_NOCF_CHECK.
+ (gimple_build_call_from_tree): Update prototype.
+ (gimple_call_nocf_check_p): New function.
+ (gimple_call_set_nocf_check): Likewise.
+ * gimplify.c: Add second argument to gimple_build_call_from_tree.
+ * ipa-icf.c: Add nocf_check attribute in statement hash.
+ * recog.c (peep2_attempt): Add REG_CALL_NOCF_CHECK handling.
+ * reg-notes.def: Add REG_NOTE (CALL_NOCF_CHECK).
+ * toplev.c (process_options): Add flag_cf_protection handling.
+
2021-10-13 Giuliano Belinassi <gbelinassi@suse.de>
Backport from mainline
diff --git a/gcc/attribs.c b/gcc/attribs.c
index 55b21271b39..0f9b2333983 100644
--- a/gcc/attribs.c
+++ b/gcc/attribs.c
@@ -690,3 +690,298 @@ make_attribute (const char *name, const char *arg_name, tree chain)
attr = tree_cons (attr_name, attr_args, chain);
return attr;
}
+
+\f
+/* Common functions used for target clone support. */
+
+/* Comparator function to be used in qsort routine to sort attribute
+ specification strings to "target". */
+
+static int
+attr_strcmp (const void *v1, const void *v2)
+{
+ const char *c1 = *(char *const*)v1;
+ const char *c2 = *(char *const*)v2;
+ return strcmp (c1, c2);
+}
+
+/* ARGLIST is the argument to target attribute. This function tokenizes
+ the comma separated arguments, sorts them and returns a string which
+ is a unique identifier for the comma separated arguments. It also
+ replaces non-identifier characters "=,-" with "_". */
+
+char *
+sorted_attr_string (tree arglist)
+{
+ tree arg;
+ size_t str_len_sum = 0;
+ char **args = NULL;
+ char *attr_str, *ret_str;
+ char *attr = NULL;
+ unsigned int argnum = 1;
+ unsigned int i;
+
+ for (arg = arglist; arg; arg = TREE_CHAIN (arg))
+ {
+ const char *str = TREE_STRING_POINTER (TREE_VALUE (arg));
+ size_t len = strlen (str);
+ str_len_sum += len + 1;
+ if (arg != arglist)
+ argnum++;
+ for (i = 0; i < strlen (str); i++)
+ if (str[i] == ',')
+ argnum++;
+ }
+
+ attr_str = XNEWVEC (char, str_len_sum);
+ str_len_sum = 0;
+ for (arg = arglist; arg; arg = TREE_CHAIN (arg))
+ {
+ const char *str = TREE_STRING_POINTER (TREE_VALUE (arg));
+ size_t len = strlen (str);
+ memcpy (attr_str + str_len_sum, str, len);
+ attr_str[str_len_sum + len] = TREE_CHAIN (arg) ? ',' : '\0';
+ str_len_sum += len + 1;
+ }
+
+ /* Replace "=,-" with "_". */
+ for (i = 0; i < strlen (attr_str); i++)
+ if (attr_str[i] == '=' || attr_str[i]== '-')
+ attr_str[i] = '_';
+
+ if (argnum == 1)
+ return attr_str;
+
+ args = XNEWVEC (char *, argnum);
+
+ i = 0;
+ attr = strtok (attr_str, ",");
+ while (attr != NULL)
+ {
+ args[i] = attr;
+ i++;
+ attr = strtok (NULL, ",");
+ }
+
+ qsort (args, argnum, sizeof (char *), attr_strcmp);
+
+ ret_str = XNEWVEC (char, str_len_sum);
+ str_len_sum = 0;
+ for (i = 0; i < argnum; i++)
+ {
+ size_t len = strlen (args[i]);
+ memcpy (ret_str + str_len_sum, args[i], len);
+ ret_str[str_len_sum + len] = i < argnum - 1 ? '_' : '\0';
+ str_len_sum += len + 1;
+ }
+
+ XDELETEVEC (args);
+ XDELETEVEC (attr_str);
+ return ret_str;
+}
+
+
+/* This function returns true if FN1 and FN2 are versions of the same function,
+ that is, the target strings of the function decls are different. This assumes
+ that FN1 and FN2 have the same signature. */
+
+bool
+common_function_versions (tree fn1, tree fn2)
+{
+ tree attr1, attr2;
+ char *target1, *target2;
+ bool result;
+
+ if (TREE_CODE (fn1) != FUNCTION_DECL
+ || TREE_CODE (fn2) != FUNCTION_DECL)
+ return false;
+
+ attr1 = lookup_attribute ("target", DECL_ATTRIBUTES (fn1));
+ attr2 = lookup_attribute ("target", DECL_ATTRIBUTES (fn2));
+
+ /* At least one function decl should have the target attribute specified. */
+ if (attr1 == NULL_TREE && attr2 == NULL_TREE)
+ return false;
+
+ /* Diagnose missing target attribute if one of the decls is already
+ multi-versioned. */
+ if (attr1 == NULL_TREE || attr2 == NULL_TREE)
+ {
+ if (DECL_FUNCTION_VERSIONED (fn1) || DECL_FUNCTION_VERSIONED (fn2))
+ {
+ if (attr2 != NULL_TREE)
+ {
+ std::swap (fn1, fn2);
+ attr1 = attr2;
+ }
+ error_at (DECL_SOURCE_LOCATION (fn2),
+ "missing %<target%> attribute for multi-versioned %qD",
+ fn2);
+ inform (DECL_SOURCE_LOCATION (fn1),
+ "previous declaration of %qD", fn1);
+ /* Prevent diagnosing of the same error multiple times. */
+ DECL_ATTRIBUTES (fn2)
+ = tree_cons (get_identifier ("target"),
+ copy_node (TREE_VALUE (attr1)),
+ DECL_ATTRIBUTES (fn2));
+ }
+ return false;
+ }
+
+ target1 = sorted_attr_string (TREE_VALUE (attr1));
+ target2 = sorted_attr_string (TREE_VALUE (attr2));
+
+ /* The sorted target strings must be different for fn1 and fn2
+ to be versions. */
+ if (strcmp (target1, target2) == 0)
+ result = false;
+ else
+ result = true;
+
+ XDELETEVEC (target1);
+ XDELETEVEC (target2);
+
+ return result;
+}
+
+/* Return a new name by appending SUFFIX to the DECL name. If make_unique
+ is true, append the full path name of the source file. */
+
+char *
+make_unique_name (tree decl, const char *suffix, bool make_unique)
+{
+ char *global_var_name;
+ int name_len;
+ const char *name;
+ const char *unique_name = NULL;
+
+ name = IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (decl));
+
+ /* Get a unique name that can be used globally without any chances
+ of collision at link time. */
+ if (make_unique)
+ unique_name = IDENTIFIER_POINTER (get_file_function_name ("\0"));
+
+ name_len = strlen (name) + strlen (suffix) + 2;
+
+ if (make_unique)
+ name_len += strlen (unique_name) + 1;
+ global_var_name = XNEWVEC (char, name_len);
+
+ /* Use '.' to concatenate names as it is demangler friendly. */
+ if (make_unique)
+ snprintf (global_var_name, name_len, "%s.%s.%s", name, unique_name,
+ suffix);
+ else
+ snprintf (global_var_name, name_len, "%s.%s", name, suffix);
+
+ return global_var_name;
+}
+
+/* Make a dispatcher declaration for the multi-versioned function DECL.
+ Calls to DECL function will be replaced with calls to the dispatcher
+ by the front-end. Return the decl created. */
+
+tree
+make_dispatcher_decl (const tree decl)
+{
+ tree func_decl;
+ char *func_name;
+ tree fn_type, func_type;
+
+ func_name = xstrdup (IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (decl)));
+
+ fn_type = TREE_TYPE (decl);
+ func_type = build_function_type (TREE_TYPE (fn_type),
+ TYPE_ARG_TYPES (fn_type));
+
+ func_decl = build_fn_decl (func_name, func_type);
+ XDELETEVEC (func_name);
+ TREE_USED (func_decl) = 1;
+ DECL_CONTEXT (func_decl) = NULL_TREE;
+ DECL_INITIAL (func_decl) = error_mark_node;
+ DECL_ARTIFICIAL (func_decl) = 1;
+ /* Mark this func as external, the resolver will flip it again if
+ it gets generated. */
+ DECL_EXTERNAL (func_decl) = 1;
+ /* This will be of type IFUNCs have to be externally visible. */
+ TREE_PUBLIC (func_decl) = 1;
+
+ return func_decl;
+}
+
+/* Returns true if decl is multi-versioned and DECL is the default function,
+ that is it is not tagged with target specific optimization. */
+
+bool
+is_function_default_version (const tree decl)
+{
+ if (TREE_CODE (decl) != FUNCTION_DECL
+ || !DECL_FUNCTION_VERSIONED (decl))
+ return false;
+ tree attr = lookup_attribute ("target", DECL_ATTRIBUTES (decl));
+ gcc_assert (attr);
+ attr = TREE_VALUE (TREE_VALUE (attr));
+ return (TREE_CODE (attr) == STRING_CST
+ && strcmp (TREE_STRING_POINTER (attr), "default") == 0);
+}
+
+/* Compare two constructor-element-type constants. Return 1 if the lists
+ are known to be equal; otherwise return 0. */
+
+static bool
+simple_cst_list_equal (const_tree l1, const_tree l2)
+{
+ while (l1 != NULL_TREE && l2 != NULL_TREE)
+ {
+ if (simple_cst_equal (TREE_VALUE (l1), TREE_VALUE (l2)) != 1)
+ return false;
+
+ l1 = TREE_CHAIN (l1);
+ l2 = TREE_CHAIN (l2);
+ }
+
+ return l1 == l2;
+}
+
+/* Check if "omp declare simd" attribute arguments, CLAUSES1 and CLAUSES2, are
+ the same. */
+
+static bool
+omp_declare_simd_clauses_equal (tree clauses1, tree clauses2)
+{
+ tree cl1, cl2;
+ for (cl1 = clauses1, cl2 = clauses2;
+ cl1 && cl2;
+ cl1 = OMP_CLAUSE_CHAIN (cl1), cl2 = OMP_CLAUSE_CHAIN (cl2))
+ {
+ if (OMP_CLAUSE_CODE (cl1) != OMP_CLAUSE_CODE (cl2))
+ return false;
+ if (OMP_CLAUSE_CODE (cl1) != OMP_CLAUSE_SIMDLEN)
+ {
+ if (simple_cst_equal (OMP_CLAUSE_DECL (cl1),
+ OMP_CLAUSE_DECL (cl2)) != 1)
+ return false;
+ }
+ switch (OMP_CLAUSE_CODE (cl1))
+ {
+ case OMP_CLAUSE_ALIGNED:
+ if (simple_cst_equal (OMP_CLAUSE_ALIGNED_ALIGNMENT (cl1),
+ OMP_CLAUSE_ALIGNED_ALIGNMENT (cl2)) != 1)
+ return false;
+ break;
+ case OMP_CLAUSE_LINEAR:
+ if (simple_cst_equal (OMP_CLAUSE_LINEAR_STEP (cl1),
+ OMP_CLAUSE_LINEAR_STEP (cl2)) != 1)
+ return false;
+ break;
+ case OMP_CLAUSE_SIMDLEN:
+ if (simple_cst_equal (OMP_CLAUSE_SIMDLEN_EXPR (cl1),
+ OMP_CLAUSE_SIMDLEN_EXPR (cl2)) != 1)
+ return false;
+ default:
+ break;
+ }
+ }
+ return true;
+}
diff --git a/gcc/c-family/c-attribs.c b/gcc/c-family/c-attribs.c
index c01baffbc57..f0504d048eb 100644
--- a/gcc/c-family/c-attribs.c
+++ b/gcc/c-family/c-attribs.c
@@ -62,6 +62,7 @@ static tree handle_asan_odr_indicator_attribute (tree *, tree, tree, int,
static tree handle_stack_protect_attribute (tree *, tree, tree, int, bool *);
static tree handle_noinline_attribute (tree *, tree, tree, int, bool *);
static tree handle_noclone_attribute (tree *, tree, tree, int, bool *);
+static tree handle_nocf_check_attribute (tree *, tree, tree, int, bool *);
static tree handle_noicf_attribute (tree *, tree, tree, int, bool *);
static tree handle_leaf_attribute (tree *, tree, tree, int, bool *);
static tree handle_always_inline_attribute (tree *, tree, tree, int,
@@ -350,6 +351,8 @@ const struct attribute_spec c_common_attribute_table[] =
{ "patchable_function_entry", 1, 2, true, false, false,
handle_patchable_function_entry_attribute,
false },
+ { "nocf_check", 0, 0, false, true, true,
+ handle_nocf_check_attribute, true },
{ NULL, 0, 0, false, false, false, NULL, false }
};
@@ -675,6 +678,30 @@ handle_noclone_attribute (tree *node, tree name,
return NULL_TREE;
}
+/* Handle a "nocf_check" attribute; arguments as in
+ struct attribute_spec.handler. */
+
+static tree
+handle_nocf_check_attribute (tree *node, tree name,
+ tree ARG_UNUSED (args),
+ int ARG_UNUSED (flags), bool *no_add_attrs)
+{
+ if (TREE_CODE (*node) != FUNCTION_TYPE
+ && TREE_CODE (*node) != METHOD_TYPE)
+ {
+ warning (OPT_Wattributes, "%qE attribute ignored", name);
+ *no_add_attrs = true;
+ }
+ else if (!(flag_cf_protection & CF_BRANCH))
+ {
+ warning (OPT_Wattributes, "%qE attribute ignored. Use "
+ "-fcf-protection option to enable it", name);
+ *no_add_attrs = true;
+ }
+
+ return NULL_TREE;
+}
+
/* Handle a "no_icf" attribute; arguments as in
struct attribute_spec.handler. */
diff --git a/gcc/c/gimple-parser.c b/gcc/c/gimple-parser.c
index 0d6384b55c2..7a84c89131f 100644
--- a/gcc/c/gimple-parser.c
+++ b/gcc/c/gimple-parser.c
@@ -277,7 +277,7 @@ c_parser_gimple_statement (c_parser *parser, gimple_seq *seq)
&& TREE_CODE (lhs.value) == CALL_EXPR)
{
gimple *call;
- call = gimple_build_call_from_tree (lhs.value);
+ call = gimple_build_call_from_tree (lhs.value, NULL);
gimple_seq_add_stmt (seq, call);
gimple_set_location (call, loc);
return;
@@ -408,7 +408,7 @@ c_parser_gimple_statement (c_parser *parser, gimple_seq *seq)
rhs = c_parser_gimple_unary_expression (parser);
if (rhs.value != error_mark_node)
{
- gimple *call = gimple_build_call_from_tree (rhs.value);
+ gimple *call = gimple_build_call_from_tree (rhs.value, NULL);
gimple_call_set_lhs (call, lhs.value);
gimple_seq_add_stmt (seq, call);
gimple_set_location (call, loc);
diff --git a/gcc/cfgexpand.c b/gcc/cfgexpand.c
index 2a603823a71..fa5a8b9fff9 100644
--- a/gcc/cfgexpand.c
+++ b/gcc/cfgexpand.c
@@ -2651,12 +2651,28 @@ expand_call_stmt (gcall *stmt)
}
}
+ rtx_insn *before_call = get_last_insn ();
lhs = gimple_call_lhs (stmt);
if (lhs)
expand_assignment (lhs, exp, false);
else
expand_expr (exp, const0_rtx, VOIDmode, EXPAND_NORMAL);
+ /* If the gimple call is an indirect call and has 'nocf_check'
+ attribute find a generated CALL insn to mark it as no
+ control-flow verification is needed. */
+ if (gimple_call_nocf_check_p (stmt)
+ && !gimple_call_fndecl (stmt))
+ {
+ rtx_insn *last = get_last_insn ();
+ while (!CALL_P (last)
+ && last != before_call)
+ last = PREV_INSN (last);
+
+ if (last != before_call)
+ add_reg_note (last, REG_CALL_NOCF_CHECK, const0_rtx);
+ }
+
mark_transaction_restart_calls (stmt);
}
diff --git a/gcc/combine.c b/gcc/combine.c
index 7e9aedb0020..b72e3ed1276 100644
--- a/gcc/combine.c
+++ b/gcc/combine.c
@@ -14093,6 +14093,7 @@ distribute_notes (rtx notes, rtx_insn *from_insn, rtx_insn *i3, rtx_insn *i2,
case REG_SETJMP:
case REG_TM:
case REG_CALL_DECL:
+ case REG_CALL_NOCF_CHECK:
/* These notes must remain with the call. It should not be
possible for both I2 and I3 to be a call. */
if (CALL_P (i3))
diff --git a/gcc/common.opt b/gcc/common.opt
index ca1613b6808..b66a52da08d 100644
--- a/gcc/common.opt
+++ b/gcc/common.opt
@@ -1598,6 +1598,29 @@ finline-atomics
Common Report Var(flag_inline_atomics) Init(1) Optimization
Inline __atomic operations when a lock free instruction sequence is available.
+fcf-protection
+Common RejectNegative Alias(fcf-protection=,full)
+
+fcf-protection=
+Common Report Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_NONE)
+-fcf-protection=[full|branch|return|none] Instrument functions with checks to verify jump/call/return control-flow transfer
+instructions have valid targets.
+
+Enum
+Name(cf_protection_level) Type(enum cf_protection_level) UnknownError(unknown Cotrol-Flow Protection Level %qs)
+
+EnumValue
+Enum(cf_protection_level) String(full) Value(CF_FULL)
+
+EnumValue
+Enum(cf_protection_level) String(branch) Value(CF_BRANCH)
+
+EnumValue
+Enum(cf_protection_level) String(return) Value(CF_RETURN)
+
+EnumValue
+Enum(cf_protection_level) String(none) Value(CF_NONE)
+
finstrument-functions
Common Report Var(flag_instrument_function_entry_exit)
Instrument function entry and exit with profiling calls.
diff --git a/gcc/emit-rtl.c b/gcc/emit-rtl.c
index 3d47559ec0f..f78b0b131ab 100644
--- a/gcc/emit-rtl.c
+++ b/gcc/emit-rtl.c
@@ -3773,6 +3773,7 @@ try_split (rtx pat, rtx_insn *trial, int last)
case REG_NORETURN:
case REG_SETJMP:
case REG_TM:
+ case REG_CALL_NOCF_CHECK:
for (insn = insn_last; insn != NULL_RTX; insn = PREV_INSN (insn))
{
if (CALL_P (insn))
diff --git a/gcc/flag-types.h b/gcc/flag-types.h
index 27a38efdc8e..62df3b4f1aa 100644
--- a/gcc/flag-types.h
+++ b/gcc/flag-types.h
@@ -308,4 +308,13 @@ enum gfc_convert
};
+/* Control-Flow Protection values. */
+enum cf_protection_level
+{
+ CF_NONE = 0,
+ CF_BRANCH = 1 << 0,
+ CF_RETURN = 1 << 1,
+ CF_FULL = CF_BRANCH | CF_RETURN,
+ CF_SET = 1 << 2
+};
#endif /* ! GCC_FLAG_TYPES_H */
diff --git a/gcc/gimple.c b/gcc/gimple.c
index 479f90c54c9..2501a77e9e4 100644
--- a/gcc/gimple.c
+++ b/gcc/gimple.c
@@ -344,7 +344,7 @@ gimple_build_call_internal_vec (enum internal_fn fn, vec<tree> args)
this fact. */
gcall *
-gimple_build_call_from_tree (tree t)
+gimple_build_call_from_tree (tree t, tree fnptrtype)
{
unsigned i, nargs;
gcall *call;
@@ -378,6 +378,23 @@ gimple_build_call_from_tree (tree t)
gimple_set_no_warning (call, TREE_NO_WARNING (t));
gimple_call_set_with_bounds (call, CALL_WITH_BOUNDS_P (t));
+ if (fnptrtype)
+ {
+ gimple_call_set_fntype (call, TREE_TYPE (fnptrtype));
+
+ /* Check if it's an indirect CALL and the type has the
+ nocf_check attribute. In that case propagate the information
+ to the gimple CALL insn. */
+ if (!fndecl)
+ {
+ gcc_assert (POINTER_TYPE_P (fnptrtype));
+ tree fntype = TREE_TYPE (fnptrtype);
+
+ if (lookup_attribute ("nocf_check", TYPE_ATTRIBUTES (fntype)))
+ gimple_call_set_nocf_check (call, TRUE);
+ }
+ }
+
return call;
}
diff --git a/gcc/gimple.h b/gcc/gimple.h
index 7e9e0bd38a3..ce83584b70e 100644
--- a/gcc/gimple.h
+++ b/gcc/gimple.h
@@ -148,6 +148,7 @@ enum gf_mask {
GF_CALL_WITH_BOUNDS = 1 << 8,
GF_CALL_MUST_TAIL_CALL = 1 << 9,
GF_CALL_BY_DESCRIPTOR = 1 << 10,
+ GF_CALL_NOCF_CHECK = 1 << 11,
GF_OMP_PARALLEL_COMBINED = 1 << 0,
GF_OMP_PARALLEL_GRID_PHONY = 1 << 1,
GF_OMP_TASK_TASKLOOP = 1 << 0,
@@ -1426,7 +1427,7 @@ gcall *gimple_build_call (tree, unsigned, ...);
gcall *gimple_build_call_valist (tree, unsigned, va_list);
gcall *gimple_build_call_internal (enum internal_fn, unsigned, ...);
gcall *gimple_build_call_internal_vec (enum internal_fn, vec<tree> );
-gcall *gimple_build_call_from_tree (tree);
+gcall *gimple_build_call_from_tree (tree, tree);
gassign *gimple_build_assign (tree, tree CXX_MEM_STAT_INFO);
gassign *gimple_build_assign (tree, enum tree_code,
tree, tree, tree CXX_MEM_STAT_INFO);
@@ -2898,6 +2899,25 @@ gimple_call_set_with_bounds (gimple *gs, bool with_bounds)
}
+/* Return true if call GS is marked as nocf_check. */
+
+static inline bool
+gimple_call_nocf_check_p (const gcall *gs)
+{
+ return (gs->subcode & GF_CALL_NOCF_CHECK) != 0;
+}
+
+/* Mark statement GS as nocf_check call. */
+
+static inline void
+gimple_call_set_nocf_check (gcall *gs, bool nocf_check)
+{
+ if (nocf_check)
+ gs->subcode |= GF_CALL_NOCF_CHECK;
+ else
+ gs->subcode &= ~GF_CALL_NOCF_CHECK;
+}
+
/* Return the target of internal call GS. */
static inline enum internal_fn
diff --git a/gcc/gimplify.c b/gcc/gimplify.c
index 79ca26ee872..55ae3869e48 100644
--- a/gcc/gimplify.c
+++ b/gcc/gimplify.c
@@ -3341,8 +3341,7 @@ gimplify_call_expr (tree *expr_p, gimple_seq *pre_p, bool want_value)
/* The CALL_EXPR in *EXPR_P is already in GIMPLE form, so all we
have to do is replicate it as a GIMPLE_CALL tuple. */
gimple_stmt_iterator gsi;
- call = gimple_build_call_from_tree (*expr_p);
- gimple_call_set_fntype (call, TREE_TYPE (fnptrtype));
+ call = gimple_build_call_from_tree (*expr_p, fnptrtype);
notice_special_calls (call);
gimplify_seq_add_stmt (pre_p, call);
gsi = gsi_last (*pre_p);
@@ -5620,8 +5619,7 @@ gimplify_modify_expr (tree *expr_p, gimple_seq *pre_p, gimple_seq *post_p,
CALL_EXPR_ARG (*from_p, 2));
else
{
- call_stmt = gimple_build_call_from_tree (*from_p);
- gimple_call_set_fntype (call_stmt, TREE_TYPE (fnptrtype));
+ call_stmt = gimple_build_call_from_tree (*from_p, fnptrtype);
}
}
notice_special_calls (call_stmt);
diff --git a/gcc/ipa-icf.c b/gcc/ipa-icf.c
index c8ca9566cb7..c43c9f8d4b9 100644
--- a/gcc/ipa-icf.c
+++ b/gcc/ipa-icf.c
@@ -1436,6 +1436,7 @@ sem_function::init (void)
}
}
+ hstate.commit_flag ();
gcode_hash = hstate.end ();
bb_sizes.safe_push (nondbg_stmt_count);
@@ -1658,6 +1659,11 @@ sem_function::hash_stmt (gimple *stmt, inchash::hash &hstate)
if (gimple_op (stmt, i))
add_type (TREE_TYPE (gimple_op (stmt, i)), hstate);
}
+ /* Consider nocf_check attribute in hash as it affects code
+ generation. */
+ if (code == GIMPLE_CALL
+ && flag_cf_protection & CF_BRANCH)
+ hstate.add_flag (gimple_call_nocf_check_p (as_a <gcall *> (stmt)));
default:
break;
}
diff --git a/gcc/recog.c b/gcc/recog.c
index 63cdc237240..16268ef7696 100644
--- a/gcc/recog.c
+++ b/gcc/recog.c
@@ -3387,6 +3387,7 @@ peep2_attempt (basic_block bb, rtx_insn *insn, int match_len, rtx_insn *attempt)
case REG_NORETURN:
case REG_SETJMP:
case REG_TM:
+ case REG_CALL_NOCF_CHECK:
add_reg_note (new_insn, REG_NOTE_KIND (note),
XEXP (note, 0));
break;
diff --git a/gcc/reg-notes.def b/gcc/reg-notes.def
index 8734d26e5b4..bda6d935094 100644
--- a/gcc/reg-notes.def
+++ b/gcc/reg-notes.def
@@ -227,3 +227,10 @@ REG_NOTE (RETURNED)
The decl might not be available in the call due to splitting of the call
insn. This note is a SYMBOL_REF. */
REG_NOTE (CALL_DECL)
+
+/* Indicate that a call should not be verified for control-flow consistency.
+ The target address of the call is assumed as a valid address and no check
+ to validate a branch to the target address is needed. The call is marked
+ when a called function has a 'notrack' attribute. This note is used by the
+ compiler when the option -fcf-protection=branch is specified. */
+REG_NOTE (CALL_NOCF_CHECK)
diff --git a/gcc/toplev.c b/gcc/toplev.c
index 7d3aa280f15..1ff46bb9cb1 100644
--- a/gcc/toplev.c
+++ b/gcc/toplev.c
@@ -1265,6 +1265,32 @@ process_options (void)
"-floop-parallelize-all)");
#endif
+ if (flag_cf_protection != CF_NONE
+ && !(flag_cf_protection & CF_SET))
+ {
+ if (flag_cf_protection == CF_FULL)
+ {
+ error_at (UNKNOWN_LOCATION,
+ "%<-fcf-protection=full%> is not supported for this "
+ "target");
+ flag_cf_protection = CF_NONE;
+ }
+ if (flag_cf_protection == CF_BRANCH)
+ {
+ error_at (UNKNOWN_LOCATION,
+ "%<-fcf-protection=branch%> is not supported for this "
+ "target");
+ flag_cf_protection = CF_NONE;
+ }
+ if (flag_cf_protection == CF_RETURN)
+ {
+ error_at (UNKNOWN_LOCATION,
+ "%<-fcf-protection=return%> is not supported for this "
+ "target");
+ flag_cf_protection = CF_NONE;
+ }
+ }
+
if (flag_check_pointer_bounds)
{
if (targetm.chkp_bound_mode () == VOIDmode)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-10-14 13:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-14 13:01 [gcc(refs/users/giulianob/heads/pfe_backport_dirty)] Backport Add generic part for Intel CET enabling. The spec is available at Giuliano Belinassi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).