From: liuhongt <hongtao.liu@intel.com>
To: gcc-patches@gcc.gnu.org
Cc: crazylht@gmail.com, hjl.tools@gmail.com
Subject: [PATCH V2] Provide -fcf-protection=branch,return.
Date: Sat, 13 May 2023 17:20:42 +0800 [thread overview]
Message-ID: <20230513092042.3927038-1-hongtao.liu@intel.com> (raw)
In-Reply-To: <CAMZc-bxNdnzPecb6nO7gWXG27ChDU-dGwdSeJc0TiVvhdbumew@mail.gmail.com>
> I think this could be simplified if you use either EnumSet or
> EnumBitSet instead in common.opt for `-fcf-protection=`.
Use EnumSet instead of EnumBitSet since CF_FULL is not power of 2.
It is a bit tricky for sets classification, cf_branch and cf_return
should be in different sets, but they both "conflicts" cf_full,
cf_none. And current EnumSet don't handle this well.
So in the current implementation, only cf_full,cf_none are exclusive
to each other, but they can be combined with any cf_branch, cf_return,
cf_check. It's not perfect, but still an improvement than original
one.
gcc/ChangeLog:
* common.opt: (fcf-protection=): Add EnumSet attribute to
support combination of params.
gcc/testsuite/ChangeLog:
* c-c++-common/fcf-protection-10.c: New test.
* c-c++-common/fcf-protection-11.c: New test.
* c-c++-common/fcf-protection-12.c: New test.
* c-c++-common/fcf-protection-8.c: New test.
* c-c++-common/fcf-protection-9.c: New test.
* gcc.target/i386/pr89701-1.c: New test.
* gcc.target/i386/pr89701-2.c: New test.
* gcc.target/i386/pr89701-3.c: New test.
---
gcc/common.opt | 12 ++++++------
gcc/testsuite/c-c++-common/fcf-protection-10.c | 2 ++
gcc/testsuite/c-c++-common/fcf-protection-11.c | 2 ++
gcc/testsuite/c-c++-common/fcf-protection-12.c | 2 ++
gcc/testsuite/c-c++-common/fcf-protection-8.c | 2 ++
gcc/testsuite/c-c++-common/fcf-protection-9.c | 2 ++
gcc/testsuite/gcc.target/i386/pr89701-1.c | 4 ++++
gcc/testsuite/gcc.target/i386/pr89701-2.c | 4 ++++
gcc/testsuite/gcc.target/i386/pr89701-3.c | 4 ++++
9 files changed, 28 insertions(+), 6 deletions(-)
create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-10.c
create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-11.c
create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-12.c
create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-8.c
create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-9.c
create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-1.c
create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-2.c
create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-3.c
diff --git a/gcc/common.opt b/gcc/common.opt
index a28ca13385a..02f2472959a 100644
--- a/gcc/common.opt
+++ b/gcc/common.opt
@@ -1886,7 +1886,7 @@ fcf-protection
Common RejectNegative Alias(fcf-protection=,full)
fcf-protection=
-Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_NONE)
+Common Joined RejectNegative Enum(cf_protection_level) EnumSet Var(flag_cf_protection) Init(CF_NONE)
-fcf-protection=[full|branch|return|none|check] Instrument functions with checks to verify jump/call/return control-flow transfer
instructions have valid targets.
@@ -1894,19 +1894,19 @@ Enum
Name(cf_protection_level) Type(enum cf_protection_level) UnknownError(unknown Control-Flow Protection Level %qs)
EnumValue
-Enum(cf_protection_level) String(full) Value(CF_FULL)
+Enum(cf_protection_level) String(full) Value(CF_FULL) Set(1)
EnumValue
-Enum(cf_protection_level) String(branch) Value(CF_BRANCH)
+Enum(cf_protection_level) String(branch) Value(CF_BRANCH) Set(2)
EnumValue
-Enum(cf_protection_level) String(return) Value(CF_RETURN)
+Enum(cf_protection_level) String(return) Value(CF_RETURN) Set(3)
EnumValue
-Enum(cf_protection_level) String(check) Value(CF_CHECK)
+Enum(cf_protection_level) String(check) Value(CF_CHECK) Set(4)
EnumValue
-Enum(cf_protection_level) String(none) Value(CF_NONE)
+Enum(cf_protection_level) String(none) Value(CF_NONE) Set(1)
finstrument-functions
Common Var(flag_instrument_function_entry_exit,1)
diff --git a/gcc/testsuite/c-c++-common/fcf-protection-10.c b/gcc/testsuite/c-c++-common/fcf-protection-10.c
new file mode 100644
index 00000000000..b271d134e52
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fcf-protection-10.c
@@ -0,0 +1,2 @@
+/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */
+/* { dg-options "-fcf-protection=branch,check" } */
diff --git a/gcc/testsuite/c-c++-common/fcf-protection-11.c b/gcc/testsuite/c-c++-common/fcf-protection-11.c
new file mode 100644
index 00000000000..2e566350ccd
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fcf-protection-11.c
@@ -0,0 +1,2 @@
+/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */
+/* { dg-options "-fcf-protection=branch,return" } */
diff --git a/gcc/testsuite/c-c++-common/fcf-protection-12.c b/gcc/testsuite/c-c++-common/fcf-protection-12.c
new file mode 100644
index 00000000000..b39c2f8e25d
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fcf-protection-12.c
@@ -0,0 +1,2 @@
+/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */
+/* { dg-options "-fcf-protection=return,branch" } */
diff --git a/gcc/testsuite/c-c++-common/fcf-protection-8.c b/gcc/testsuite/c-c++-common/fcf-protection-8.c
new file mode 100644
index 00000000000..3b97095a92c
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fcf-protection-8.c
@@ -0,0 +1,2 @@
+/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */
+/* { dg-options "-fcf-protection=branch,none" } */
diff --git a/gcc/testsuite/c-c++-common/fcf-protection-9.c b/gcc/testsuite/c-c++-common/fcf-protection-9.c
new file mode 100644
index 00000000000..6a37e749fcb
--- /dev/null
+++ b/gcc/testsuite/c-c++-common/fcf-protection-9.c
@@ -0,0 +1,2 @@
+/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */
+/* { dg-options "-fcf-protection=branch,full" } */
diff --git a/gcc/testsuite/gcc.target/i386/pr89701-1.c b/gcc/testsuite/gcc.target/i386/pr89701-1.c
new file mode 100644
index 00000000000..1879c9ab4d8
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr89701-1.c
@@ -0,0 +1,4 @@
+/* { dg-do compile { target *-*-linux* } } */
+/* { dg-options "-fcf-protection=branch,return" } */
+/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */
+/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/pr89701-2.c b/gcc/testsuite/gcc.target/i386/pr89701-2.c
new file mode 100644
index 00000000000..d5100575028
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr89701-2.c
@@ -0,0 +1,4 @@
+/* { dg-do compile { target *-*-linux* } } */
+/* { dg-options "-fcf-protection=return,branch" } */
+/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */
+/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */
diff --git a/gcc/testsuite/gcc.target/i386/pr89701-3.c b/gcc/testsuite/gcc.target/i386/pr89701-3.c
new file mode 100644
index 00000000000..88afb546fbf
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/pr89701-3.c
@@ -0,0 +1,4 @@
+/* { dg-do compile { target *-*-linux* } } */
+/* { dg-options "-fcf-protection=return,none" } */
+/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */
+/* { dg-final { scan-assembler-times ".long 0x2" 1 } } */
--
2.39.1.388.g2fc9e9ca3c
next prev parent reply other threads:[~2023-05-13 9:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-12 5:42 [PATCH] " liuhongt
2023-05-12 5:49 ` Andrew Pinski
2023-05-12 6:21 ` Hongtao Liu
2023-05-13 9:20 ` liuhongt [this message]
2023-05-22 8:08 ` [PATCH V2] " Hongtao Liu
2023-07-12 7:27 ` Hongtao Liu
2023-07-19 8:37 ` Hongtao Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230513092042.3927038-1-hongtao.liu@intel.com \
--to=hongtao.liu@intel.com \
--cc=crazylht@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=hjl.tools@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).