diff options
| author | itsimbal <itsimbal@138bc75d-0d04-0410-961f-82ee72b054a4> | 2017-10-20 13:09:38 +0000 |
|---|---|---|
| committer | itsimbal <itsimbal@138bc75d-0d04-0410-961f-82ee72b054a4> | 2017-10-20 13:09:38 +0000 |
| commit | 3c0f15b4cebccdbb6388a8df5933e69c9b773149 (patch) | |
| tree | 07ee35844abbf2889c4ed953d998c4fe78bf9dd9 /gcc/gimple.h | |
| parent | 3ebb1bac73fedb02994e61b48f1d7e4facf7e17c (diff) | |
| download | gcc-3c0f15b4cebccdbb6388a8df5933e69c9b773149.tar.gz | |
Add generic part for Intel CET enabling. The spec is available at
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
A proposal is to introduce a target independent flag
-fcf-protection=[none|branch|return|full] with a semantic to
instrument a code to control validness or integrity of control-flow
transfers using jump and call instructions. The main goal is to detect
and block a possible malware execution through transfer the execution
to unknown target address. Implementation could be either software or
target based. Any target platforms can provide their implementation
for instrumentation under this option.
The compiler should instrument any control-flow transfer points in a
program (ex. call/jmp/ret) as well as any landing pads, which are
targets of control-flow transfers.
A new 'nocf_check' attribute is introduced to provide hand tuning
support. The attribute directs the compiler to skip a call to a
function and a function's landing pad from instrumentation. The
attribute can be used for function and pointer to function types,
otherwise it will be ignored.
Currently all platforms except i386 will report the error and do no
instrumentation. i386 will provide the implementation based on a
specification published by Intel for a new technology called
Control-flow Enforcement Technology (CET).
gcc/c-family/
* c-attribs.c (handle_nocf_check_attribute): New function.
(c_common_attribute_table): Add 'nocf_check' handling.
gcc/c/
* gimple-parser.c: Add second argument NULL to
gimple_build_call_from_tree.
gcc/
* attrib.c (comp_type_attributes): Check nocf_check attribute.
* cfgexpand.c (expand_call_stmt): Set REG_CALL_NOCF_CHECK for
call insn.
* combine.c (distribute_notes): Add REG_CALL_NOCF_CHECK handling.
* common.opt: Add fcf-protection flag.
* emit-rtl.c (try_split): Add REG_CALL_NOCF_CHECK handling.
* flag-types.h: Add enum cf_protection_level.
* gimple.c (gimple_build_call_from_tree): Add second parameter.
Add 'nocf_check' attribute propagation to gimple call.
* gimple.h (gf_mask): Add GF_CALL_NOCF_CHECK.
(gimple_build_call_from_tree): Update prototype.
(gimple_call_nocf_check_p): New function.
(gimple_call_set_nocf_check): Likewise.
* gimplify.c: Add second argument to gimple_build_call_from_tree.
* ipa-icf.c: Add nocf_check attribute in statement hash.
* recog.c (peep2_attempt): Add REG_CALL_NOCF_CHECK handling.
* reg-notes.def: Add REG_NOTE (CALL_NOCF_CHECK).
* toplev.c (process_options): Add flag_cf_protection handling.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@253936 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'gcc/gimple.h')
| -rw-r--r-- | gcc/gimple.h | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/gcc/gimple.h b/gcc/gimple.h index 6213c49b91f..334def89398 100644 --- a/gcc/gimple.h +++ b/gcc/gimple.h @@ -148,6 +148,7 @@ enum gf_mask { GF_CALL_WITH_BOUNDS = 1 << 8, GF_CALL_MUST_TAIL_CALL = 1 << 9, GF_CALL_BY_DESCRIPTOR = 1 << 10, + GF_CALL_NOCF_CHECK = 1 << 11, GF_OMP_PARALLEL_COMBINED = 1 << 0, GF_OMP_PARALLEL_GRID_PHONY = 1 << 1, GF_OMP_TASK_TASKLOOP = 1 << 0, @@ -1425,7 +1426,7 @@ gcall *gimple_build_call (tree, unsigned, ...); gcall *gimple_build_call_valist (tree, unsigned, va_list); gcall *gimple_build_call_internal (enum internal_fn, unsigned, ...); gcall *gimple_build_call_internal_vec (enum internal_fn, vec<tree> ); -gcall *gimple_build_call_from_tree (tree); +gcall *gimple_build_call_from_tree (tree, tree); gassign *gimple_build_assign (tree, tree CXX_MEM_STAT_INFO); gassign *gimple_build_assign (tree, enum tree_code, tree, tree, tree CXX_MEM_STAT_INFO); @@ -2893,6 +2894,25 @@ gimple_call_set_with_bounds (gimple *gs, bool with_bounds) } +/* Return true if call GS is marked as nocf_check. */ + +static inline bool +gimple_call_nocf_check_p (const gcall *gs) +{ + return (gs->subcode & GF_CALL_NOCF_CHECK) != 0; +} + +/* Mark statement GS as nocf_check call. */ + +static inline void +gimple_call_set_nocf_check (gcall *gs, bool nocf_check) +{ + if (nocf_check) + gs->subcode |= GF_CALL_NOCF_CHECK; + else + gs->subcode &= ~GF_CALL_NOCF_CHECK; +} + /* Return the target of internal call GS. */ static inline enum internal_fn |