From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-yb1-xb2f.google.com (mail-yb1-xb2f.google.com [IPv6:2607:f8b0:4864:20::b2f]) by sourceware.org (Postfix) with ESMTPS id 57F7C3858C33 for ; Wed, 19 Jul 2023 08:30:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 57F7C3858C33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-yb1-xb2f.google.com with SMTP id 3f1490d57ef6-cabf1dbafc4so6638323276.2 for ; Wed, 19 Jul 2023 01:30:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1689755455; x=1692347455; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=waAVnhbr9sJsturrO9tl2V3VHasRVTnjXU26vUV+7mY=; b=U3zwhjYhSxMXTQTAP24gAScZrMzFuSt3bGfylLGzIJ9Zrl73GS3TyA2016ZaWt6Gx2 epXAhK7EIZwuYJnM6XdxvqWCs35agCHbf8Y3cS11R3eX2yD3WqHkFXviig9A9vruvyJw XxltuC5pHhVkamyxwy094JNI967lGJHEhl3E6YraIeuY81PKvRlB5VQVQG545lWtYiI+ h7dlpPx4ohDQ41Lmxo8VEU71fGRDtcLrkvti25CgvTOSyCWaFg2IeggokK+TqZzduzgt bEjl0EmcXZ/kkph98j/WJnMTHktEMqykbj8QE0gS5TmadlUwMur2KR7ECrMs3+VaFuH/ GNIg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689755455; x=1692347455; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=waAVnhbr9sJsturrO9tl2V3VHasRVTnjXU26vUV+7mY=; b=kpD1gKASAHorEl3BtH+m5nO7gkfA+0m9xbfZA14H0U+7YCuRZpsFH3fjXn8uxKzCIL tNvqGPuJjVtTyUypWpbFC+f4lFtfhVaOdt/M02dYhJG1CaRMg9K/wuNgNoK/mQPkAtOj g5uvE6l/npU6g94ySLLonJAZTk7qIfPbmN7CzlQ4UmDblLUhzGSxTMvAd1Mz8EZgWiGw Aescxf/b9a3gl0sDXXXugExtiniuc7ZxkvpProaAMRrBJDyk12d8EMPlpagMhXeYEWOy JdKJ9Pj+Y5e1q+XTJarvPsXjUJw50J+WraLMvRoZFUoBKiITQcLXt8uTHrHHKSfJpLu6 dmHQ== X-Gm-Message-State: ABy/qLYUZh78OgKtiDe1f4OpqDSikJMZ/DU20IelPOw9gAsbluTu60Ck lpeStfQY0tmwF9VU5A2yYi9D4QQ8e5XCGN+4g8U= X-Google-Smtp-Source: APBJJlFIc40xVmql3lVpI9kf88MuJXwwJrtRaydGMvdgMnt5Mee9drwnmGI7zUay7IZDwge0zxLUFlGmpP4n1rgwncU= X-Received: by 2002:a25:abc1:0:b0:ceb:3473:cfd1 with SMTP id v59-20020a25abc1000000b00ceb3473cfd1mr1564861ybi.43.1689755454945; Wed, 19 Jul 2023 01:30:54 -0700 (PDT) MIME-Version: 1.0 References: <20230513092042.3927038-1-hongtao.liu@intel.com> In-Reply-To: From: Hongtao Liu Date: Wed, 19 Jul 2023 16:37:48 +0800 Message-ID: Subject: Re: [PATCH V2] Provide -fcf-protection=branch,return. To: liuhongt Cc: gcc-patches@gcc.gnu.org, hjl.tools@gmail.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-7.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,KAM_SHORT,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Wed, Jul 12, 2023 at 3:27=E2=80=AFPM Hongtao Liu wr= ote: > > ping. > > On Mon, May 22, 2023 at 4:08=E2=80=AFPM Hongtao Liu = wrote: > > > > ping. > > > > On Sat, May 13, 2023 at 5:20=E2=80=AFPM liuhongt wrote: > > > > > > > I think this could be simplified if you use either EnumSet or > > > > EnumBitSet instead in common.opt for `-fcf-protection=3D`. > > > > > > Use EnumSet instead of EnumBitSet since CF_FULL is not power of 2. > > > It is a bit tricky for sets classification, cf_branch and cf_return > > > should be in different sets, but they both "conflicts" cf_full, > > > cf_none. And current EnumSet don't handle this well. > > > > > > So in the current implementation, only cf_full,cf_none are exclusive > > > to each other, but they can be combined with any cf_branch, cf_return= , > > > cf_check. It's not perfect, but still an improvement than original > > > one. > > > I'm going to commit this patch if there's no objection, it's just a refactor of option -fcf-protection=3D. If there's any regression observed, I will fix(or revert the patch). > > > gcc/ChangeLog: > > > > > > * common.opt: (fcf-protection=3D): Add EnumSet attribute to > > > support combination of params. > > > > > > gcc/testsuite/ChangeLog: > > > > > > * c-c++-common/fcf-protection-10.c: New test. > > > * c-c++-common/fcf-protection-11.c: New test. > > > * c-c++-common/fcf-protection-12.c: New test. > > > * c-c++-common/fcf-protection-8.c: New test. > > > * c-c++-common/fcf-protection-9.c: New test. > > > * gcc.target/i386/pr89701-1.c: New test. > > > * gcc.target/i386/pr89701-2.c: New test. > > > * gcc.target/i386/pr89701-3.c: New test. > > > --- > > > gcc/common.opt | 12 ++++++------ > > > gcc/testsuite/c-c++-common/fcf-protection-10.c | 2 ++ > > > gcc/testsuite/c-c++-common/fcf-protection-11.c | 2 ++ > > > gcc/testsuite/c-c++-common/fcf-protection-12.c | 2 ++ > > > gcc/testsuite/c-c++-common/fcf-protection-8.c | 2 ++ > > > gcc/testsuite/c-c++-common/fcf-protection-9.c | 2 ++ > > > gcc/testsuite/gcc.target/i386/pr89701-1.c | 4 ++++ > > > gcc/testsuite/gcc.target/i386/pr89701-2.c | 4 ++++ > > > gcc/testsuite/gcc.target/i386/pr89701-3.c | 4 ++++ > > > 9 files changed, 28 insertions(+), 6 deletions(-) > > > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-10.c > > > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-11.c > > > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-12.c > > > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-8.c > > > create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-9.c > > > create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-1.c > > > create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-2.c > > > create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-3.c > > > > > > diff --git a/gcc/common.opt b/gcc/common.opt > > > index a28ca13385a..02f2472959a 100644 > > > --- a/gcc/common.opt > > > +++ b/gcc/common.opt > > > @@ -1886,7 +1886,7 @@ fcf-protection > > > Common RejectNegative Alias(fcf-protection=3D,full) > > > > > > fcf-protection=3D > > > -Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_p= rotection) Init(CF_NONE) > > > +Common Joined RejectNegative Enum(cf_protection_level) EnumSet Var(f= lag_cf_protection) Init(CF_NONE) > > > -fcf-protection=3D[full|branch|return|none|check] Instrument = functions with checks to verify jump/call/return control-flow transfer > > > instructions have valid targets. > > > > > > @@ -1894,19 +1894,19 @@ Enum > > > Name(cf_protection_level) Type(enum cf_protection_level) UnknownErro= r(unknown Control-Flow Protection Level %qs) > > > > > > EnumValue > > > -Enum(cf_protection_level) String(full) Value(CF_FULL) > > > +Enum(cf_protection_level) String(full) Value(CF_FULL) Set(1) > > > > > > EnumValue > > > -Enum(cf_protection_level) String(branch) Value(CF_BRANCH) > > > +Enum(cf_protection_level) String(branch) Value(CF_BRANCH) Set(2) > > > > > > EnumValue > > > -Enum(cf_protection_level) String(return) Value(CF_RETURN) > > > +Enum(cf_protection_level) String(return) Value(CF_RETURN) Set(3) > > > > > > EnumValue > > > -Enum(cf_protection_level) String(check) Value(CF_CHECK) > > > +Enum(cf_protection_level) String(check) Value(CF_CHECK) Set(4) > > > > > > EnumValue > > > -Enum(cf_protection_level) String(none) Value(CF_NONE) > > > +Enum(cf_protection_level) String(none) Value(CF_NONE) Set(1) > > > > > > finstrument-functions > > > Common Var(flag_instrument_function_entry_exit,1) > > > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-10.c b/gcc/tes= tsuite/c-c++-common/fcf-protection-10.c > > > new file mode 100644 > > > index 00000000000..b271d134e52 > > > --- /dev/null > > > +++ b/gcc/testsuite/c-c++-common/fcf-protection-10.c > > > @@ -0,0 +1,2 @@ > > > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > > > +/* { dg-options "-fcf-protection=3Dbranch,check" } */ > > > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-11.c b/gcc/tes= tsuite/c-c++-common/fcf-protection-11.c > > > new file mode 100644 > > > index 00000000000..2e566350ccd > > > --- /dev/null > > > +++ b/gcc/testsuite/c-c++-common/fcf-protection-11.c > > > @@ -0,0 +1,2 @@ > > > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > > > +/* { dg-options "-fcf-protection=3Dbranch,return" } */ > > > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-12.c b/gcc/tes= tsuite/c-c++-common/fcf-protection-12.c > > > new file mode 100644 > > > index 00000000000..b39c2f8e25d > > > --- /dev/null > > > +++ b/gcc/testsuite/c-c++-common/fcf-protection-12.c > > > @@ -0,0 +1,2 @@ > > > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > > > +/* { dg-options "-fcf-protection=3Dreturn,branch" } */ > > > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-8.c b/gcc/test= suite/c-c++-common/fcf-protection-8.c > > > new file mode 100644 > > > index 00000000000..3b97095a92c > > > --- /dev/null > > > +++ b/gcc/testsuite/c-c++-common/fcf-protection-8.c > > > @@ -0,0 +1,2 @@ > > > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > > > +/* { dg-options "-fcf-protection=3Dbranch,none" } */ > > > diff --git a/gcc/testsuite/c-c++-common/fcf-protection-9.c b/gcc/test= suite/c-c++-common/fcf-protection-9.c > > > new file mode 100644 > > > index 00000000000..6a37e749fcb > > > --- /dev/null > > > +++ b/gcc/testsuite/c-c++-common/fcf-protection-9.c > > > @@ -0,0 +1,2 @@ > > > +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ > > > +/* { dg-options "-fcf-protection=3Dbranch,full" } */ > > > diff --git a/gcc/testsuite/gcc.target/i386/pr89701-1.c b/gcc/testsuit= e/gcc.target/i386/pr89701-1.c > > > new file mode 100644 > > > index 00000000000..1879c9ab4d8 > > > --- /dev/null > > > +++ b/gcc/testsuite/gcc.target/i386/pr89701-1.c > > > @@ -0,0 +1,4 @@ > > > +/* { dg-do compile { target *-*-linux* } } */ > > > +/* { dg-options "-fcf-protection=3Dbranch,return" } */ > > > +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ > > > +/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */ > > > diff --git a/gcc/testsuite/gcc.target/i386/pr89701-2.c b/gcc/testsuit= e/gcc.target/i386/pr89701-2.c > > > new file mode 100644 > > > index 00000000000..d5100575028 > > > --- /dev/null > > > +++ b/gcc/testsuite/gcc.target/i386/pr89701-2.c > > > @@ -0,0 +1,4 @@ > > > +/* { dg-do compile { target *-*-linux* } } */ > > > +/* { dg-options "-fcf-protection=3Dreturn,branch" } */ > > > +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ > > > +/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */ > > > diff --git a/gcc/testsuite/gcc.target/i386/pr89701-3.c b/gcc/testsuit= e/gcc.target/i386/pr89701-3.c > > > new file mode 100644 > > > index 00000000000..88afb546fbf > > > --- /dev/null > > > +++ b/gcc/testsuite/gcc.target/i386/pr89701-3.c > > > @@ -0,0 +1,4 @@ > > > +/* { dg-do compile { target *-*-linux* } } */ > > > +/* { dg-options "-fcf-protection=3Dreturn,none" } */ > > > +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ > > > +/* { dg-final { scan-assembler-times ".long 0x2" 1 } } */ > > > -- > > > 2.39.1.388.g2fc9e9ca3c > > > > > > > > > -- > > BR, > > Hongtao > > > > -- > BR, > Hongtao --=20 BR, Hongtao