LLVM  4.0.0
StackProtector.h
Go to the documentation of this file.
1 //===-- StackProtector.h - Stack Protector Insertion ----------------------===//
2 //
3 // The LLVM Compiler Infrastructure
4 //
5 // This file is distributed under the University of Illinois Open Source
6 // License. See LICENSE.TXT for details.
7 //
8 //===----------------------------------------------------------------------===//
9 //
10 // This pass inserts stack protectors into functions which need them. A variable
11 // with a random value in it is stored onto the stack before the local variables
12 // are allocated. Upon exiting the block, the stored value is checked. If it's
13 // changed, then there was some sort of violation and the program aborts.
14 //
15 //===----------------------------------------------------------------------===//
16 
17 #ifndef LLVM_CODEGEN_STACKPROTECTOR_H
18 #define LLVM_CODEGEN_STACKPROTECTOR_H
19 
20 #include "llvm/ADT/SmallPtrSet.h"
21 #include "llvm/ADT/Triple.h"
22 #include "llvm/IR/Dominators.h"
23 #include "llvm/IR/ValueMap.h"
24 #include "llvm/Pass.h"
26 
27 namespace llvm {
28 class Function;
29 class Module;
30 class PHINode;
31 
32 class StackProtector : public FunctionPass {
33 public:
34  /// SSPLayoutKind. Stack Smashing Protection (SSP) rules require that
35  /// vulnerable stack allocations are located close the stack protector.
37  SSPLK_None, ///< Did not trigger a stack protector. No effect on data
38  ///< layout.
39  SSPLK_LargeArray, ///< Array or nested array >= SSP-buffer-size. Closest
40  ///< to the stack protector.
41  SSPLK_SmallArray, ///< Array or nested array < SSP-buffer-size. 2nd closest
42  ///< to the stack protector.
43  SSPLK_AddrOf ///< The address of this allocation is exposed and
44  ///< triggered protection. 3rd closest to the protector.
45  };
46 
47  /// A mapping of AllocaInsts to their required SSP layout.
49 
50 private:
51  const TargetMachine *TM;
52 
53  /// TLI - Keep a pointer of a TargetLowering to consult for determining
54  /// target type sizes.
55  const TargetLoweringBase *TLI;
56  const Triple Trip;
57 
58  Function *F;
59  Module *M;
60 
61  DominatorTree *DT;
62 
63  /// Layout - Mapping of allocations to the required SSPLayoutKind.
64  /// StackProtector analysis will update this map when determining if an
65  /// AllocaInst triggers a stack protector.
66  SSPLayoutMap Layout;
67 
68  /// \brief The minimum size of buffers that will receive stack smashing
69  /// protection when -fstack-protection is used.
70  unsigned SSPBufferSize;
71 
72  /// VisitedPHIs - The set of PHI nodes visited when determining
73  /// if a variable's reference has been taken. This set
74  /// is maintained to ensure we don't visit the same PHI node multiple
75  /// times.
77 
78  // A prologue is generated.
79  bool HasPrologue = false;
80 
81  // IR checking code is generated.
82  bool HasIRCheck = false;
83 
84  /// InsertStackProtectors - Insert code into the prologue and epilogue of
85  /// the function.
86  ///
87  /// - The prologue code loads and stores the stack guard onto the stack.
88  /// - The epilogue checks the value stored in the prologue against the
89  /// original value. It calls __stack_chk_fail if they differ.
90  bool InsertStackProtectors();
91 
92  /// CreateFailBB - Create a basic block to jump to when the stack protector
93  /// check fails.
94  BasicBlock *CreateFailBB();
95 
96  /// ContainsProtectableArray - Check whether the type either is an array or
97  /// contains an array of sufficient size so that we need stack protectors
98  /// for it.
99  /// \param [out] IsLarge is set to true if a protectable array is found and
100  /// it is "large" ( >= ssp-buffer-size). In the case of a structure with
101  /// multiple arrays, this gets set if any of them is large.
102  bool ContainsProtectableArray(Type *Ty, bool &IsLarge, bool Strong = false,
103  bool InStruct = false) const;
104 
105  /// \brief Check whether a stack allocation has its address taken.
106  bool HasAddressTaken(const Instruction *AI);
107 
108  /// RequiresStackProtector - Check whether or not this function needs a
109  /// stack protector based upon the stack protector level.
110  bool RequiresStackProtector();
111 
112 public:
113  static char ID; // Pass identification, replacement for typeid.
115  : FunctionPass(ID), TM(nullptr), TLI(nullptr), SSPBufferSize(0) {
117  }
119  : FunctionPass(ID), TM(TM), TLI(nullptr), Trip(TM->getTargetTriple()),
120  SSPBufferSize(8) {
122  }
123 
124  void getAnalysisUsage(AnalysisUsage &AU) const override {
126  }
127 
128  SSPLayoutKind getSSPLayout(const AllocaInst *AI) const;
129 
130  // Return true if StackProtector is supposed to be handled by SelectionDAG.
131  bool shouldEmitSDCheck(const BasicBlock &BB) const;
132 
133  void adjustForColoring(const AllocaInst *From, const AllocaInst *To);
134 
135  bool runOnFunction(Function &Fn) override;
136 };
137 } // end namespace llvm
138 
139 #endif // LLVM_CODEGEN_STACKPROTECTOR_H
AnalysisUsage & addPreserved()
Add the specified Pass class to the set of analyses preserved by this pass.
static PassRegistry * getPassRegistry()
getPassRegistry - Access the global registry object, which is automatically initialized at applicatio...
A Module instance is used to store all the information related to an LLVM module. ...
Definition: Module.h:52
Did not trigger a stack protector.
The address of this allocation is exposed and triggered protection.
SSPLayoutKind
SSPLayoutKind.
Concrete subclass of DominatorTreeBase that is used to compute a normal dominator tree...
Definition: Dominators.h:96
bool runOnFunction(Function &Fn) override
runOnFunction - Virtual method overriden by subclasses to do the per-function processing of the pass...
bool shouldEmitSDCheck(const BasicBlock &BB) const
LLVM Basic Block Representation.
Definition: BasicBlock.h:51
The instances of the Type class are immutable: once they are created, they are never changed...
Definition: Type.h:45
void getAnalysisUsage(AnalysisUsage &AU) const override
getAnalysisUsage - This function should be overriden by passes that need analysis information to do t...
Represent the analysis usage information of a pass.
FunctionPass class - This class is used to implement most global optimizations.
Definition: Pass.h:298
void adjustForColoring(const AllocaInst *From, const AllocaInst *To)
SSPLayoutKind getSSPLayout(const AllocaInst *AI) const
Triple - Helper class for working with autoconf configuration names.
Definition: Triple.h:44
This base class for TargetLowering contains the SelectionDAG-independent parts that can be used from ...
SmallPtrSet - This class implements a set which is optimized for holding SmallSize or less elements...
Definition: SmallPtrSet.h:425
void initializeStackProtectorPass(PassRegistry &)
ValueMap< const AllocaInst *, SSPLayoutKind > SSPLayoutMap
A mapping of AllocaInsts to their required SSP layout.
Primary interface to the complete machine description for the target machine.
Legacy analysis pass which computes a DominatorTree.
Definition: Dominators.h:217
StackProtector(const TargetMachine *TM)
Array or nested array >= SSP-buffer-size.
Array or nested array < SSP-buffer-size.
This file describes how to lower LLVM code to machine code.
an instruction to allocate memory on the stack
Definition: Instructions.h:60