diff options
| author | ctice <ctice@138bc75d-0d04-0410-961f-82ee72b054a4> | 2013-08-07 03:38:59 +0000 |
|---|---|---|
| committer | ctice <ctice@138bc75d-0d04-0410-961f-82ee72b054a4> | 2013-08-07 03:38:59 +0000 |
| commit | b710ec859aae2bc828140010517b8b5855ace5ef (patch) | |
| tree | 2799c94bc06794956a20aaa9db224f64c5e35e4d /gcc/vtable-verify.h | |
| parent | 4abac0f08bce5ceb85a67ab4554d61a29248859a (diff) | |
| download | gcc-b710ec859aae2bc828140010517b8b5855ace5ef.tar.gz | |
Commit the vtable verification feature. This feature is designed to
detect, at run time, if/when the vtable pointer in a C++ object has
been corrupted, before allowing virtual calls through that pointer.
If pointer corruption is detected, execution of the program is halted.
libstdc++-v3 ChangeLog:
2013-08-06 Caroline Tice <cmtice@google.com>
* fragment.am: Add XTEMPLATE_FLAGS.
* configure.ac: Add definitions for --enable-vtable-verify.
* acinclude.m4: Add --enable-vtable-verify and
--disable-vtable-verify; define --enable-vtable-verify; define
VTV_CXXFLAGS, VTV_PCH_CXXFLAGS and VTV_CXXLINKFLAGS.
* config/abi/pre/gnu.ver: Export symbols for vtable verification.
* libsupc++/Makefile.am: Define vtv_sources and add it to
libsupc___la_SOURCES and libsupc__convenience_la_SOURCES.
* libsupc++/vtv_stubs.cc: New file.
* include/Makefile.am: Add VTV_PCH_CXXFLAGS to PCHFLAGS.
* src/Makefile.am: Add VTV_CXXFLAGS to AM_CXXFLAGS; add
VTV_CXXLINKFLAGS to CXXLINK.
* src/c++98/Makefile.am: Comment out XTEMPLATE_FLAGS; add VTV_CXXFLAGS
to AM_CXXFLAGS; add VTV_CXXXLINKFLAGS to CXXLINK.
* src/C++11/Makefile.am: Ditto.
* doc/xml/manual/configure.xml: Add entry for --enable-vtable-verify.
* scripts/testsuite_flags.in: Add cxxvtvflags to Usage; cause
cxxvtvflags to use VTV_CXXFLAGS and VTV_CXXLINKFLAGS.
* testsuite/lib/libstdc++.exp: Add cxxvtvflags; add code to locate
libvtv if --enable-vtable-verify was used; set cxxvtvflags; add
cxxvtvflags to cxx_final.
* testsuite/18_support/bad_exception/23591_thread-1.c: Add
-fvtable-verify=none to compiler flags.
* testsuite/17_intro/freestanding.cc: Add -fvtable-verify=none
to compiler flags.
* configure: Regenerated.
* Makefile.in: Regenerated.
* python/Makefile.in: Regenerated.
* include/Makefile.in: Regenerated.
* libsupc++/Makefile.in: Regenerated.
* config.h.in: Regenerated.
* po/Makefile.in: Regenerated.
* src/Makefile.in: Regenerated.
* src/c++98/Makefile.in: Regenerated.
* src/c++11/Makefile.in: Regenerated.
* doc/Makefile.in: Regenerated.
* testsuite/Makefile.in: Regenerated.
top level ChangeLog:
2013-08-06 Caroline Tice <cmtice@google.com>
* configure.ac: Add target-libvtv to target_libraries; disable libvtv
on non-linux systems; add target-libvtv to noconfigdirs; add
libsupc++/.libs to C++ library search paths.
* configure: Regenerated.
* Makefile.def: Add libvtv to target_modules; make libvtv depend on
libstdc++ and libgcc.
* Makefile.in: Regenerated.
include/ChangeLog:
2013-08-06 Caroline Tice <cmtice@google.com>
* vtv-change-permission.h: New file.
contrib/ChangeLog:
2013-08-06 Caroline Tice4 <cmtice@google.com>
* gcc_update: Add libvtv files.
libgcc/ChangeLog:
2013-08-06 Caroline Tice <cmtice@google.com>
config.host (extra_parts): Add vtv_start.o, vtv_end.o
vtv_start_preinit.o and vtv_end_preinit.o.
configure.ac: Add code to check/set enable_vtable_verify.
Makefile.in: Add rules to build vtv_*.o, if enable_vtable_verify is
true.
vtv_start_preinit.c: New file.
vtv_end_preinit.c: New file.
vtv_start.c: New file.
vtv_end.c: New file.
configure: Regenerated.
gcc/ChangeLog:
2013-08-06 Caroline Tice <cmtice@google.com>
* gcc.c (VTABLE_VERIFICATION_SPEC): New definition.
(LINK_COMMAND_SPEC): Add VTABLE_VERIFICATION_SPEC.
* tree-pass.h: Add pass_vtable_verify.
* varasm.c (assemble_variable): Add code to properly set the comdat
section and name for the .vtable_map_vars section.
(assemble_vtyv_preinit_initializer): New function.
(default_sectin_type_flags): Make sure .vtable_map_vars section has
LINK_ONCE flag.
* output.h: Add function decl for assemble_vtv_preinit_initializer.
* vtable-verify.c: New file.
* vtable-verify.h: New file.
* flag-types.h (enum vtv_priority): Defintions for flag_vtable_verify
initialiation levels.
* timevar.def (TV_VTABLE_VERIFICATION): New definition.
* passes.def: Insert pass_vtable_verify.
* aclocal.m4: Reorder includes.
* doc/invoke.texi: Add documentation for the flags -fvtable-verify=,
-fvtv-debug and -fvtv-counts.
* config/gnu-user.h (GNU_USER_TARGET_STARTFILE_SPEC): Add vtv_start*.o,
as appropriate, if -fvtable-verify=... is used.
(GNU_USER_TARGET_ENDFILE_SPEC): Add vtv_end*.o as appropriate, if
-fvtable-verify=... is used.
* Makefile.in (OBJS): Add vtable-verify.o to list.
(vtable-verify.o): Add new build rule.
(GTFILES): Add vtable-verify.c to list.
* common.opt (fvtable-verify=): New flag.
(vtv_priority): Values for fvtable-verify= flag.
(fvtv-counts): New flag.
(fvtv-debug): New flag.
* tree.h (save_vtable_map_decl): New extern function decl.
gcc/cp/ChangeLog:
2013-08-06 Caroline Tice <cmtice@google.com>
* Make-lang.in (*CXX_AND_OBJCXX_OBJS): Add vtable-class-hierarchy.o to
list.
(vtable-class-hierarchy.o): Add build rule.
* cp-tree.h (vtv_start_verification_constructor_init_function): New
extern function decl.
(vtv_finish_verification_constructor_init_function): New extern
function decl.
(build_vtbl_address): New extern function decl.
(get_mangled_vtable_map_var_name): New extern function decl.
(vtv_compute_class_hierarchy_transitive_closure): New extern function
decl.
(vtv_generate_init_routine): New extern function decl.
(vtv_save_class_info): New extern function decl.
(vtv_recover_class_info): New extern function decl.
(vtv_build_vtable_verify_fndecl): New extern function decl.
* class.c (finish_struct_1): Add call to vtv_save_class_info if
flag_vtable_verify is true.
* config-lang.in: Add vtable-class-hierarchy.c to gtfiles list.
* vtable-class-hierarchy.c: New file.
* mangle.c (get_mangled_vtable_map_var_name): New function.
* decl2.c (start_objects): Update function comment.
(cp_write_global_declarations): Call vtv_recover_class_info,
vtv_compute_class_hierarchy_transitive_closure and
vtv_build_vtable_verify_fndecl, before calling
finalize_compilation_unit, and call vtv_generate_init_rount after, IFF
flag_vtable_verify is true.
(vtv_start_verification_constructor_init_function): New function.
(vtv_finish_verification_constructor_init_function): New function.
* init.c (build_vtbl_address): Remove static qualifier from function.
libvtv/ChangeLog:
2013-08-06 Caroline Tice <cmtice@google.com>
Initial check-in of new vtable verification feature.
* configure.ac : New file.
* acinclude.m4 : New file.
* Makefile.am : New file.
* aclocal.m4 : New file.
* configure.tgt : New file.
* configure: New file (generated).
* Makefile.in: New file (generated).
* vtv_set.h : New file.
* vtv_utils.cc : New file.
* vtv_utils.h : New file.
* vtv_malloc.cc : New file.
* vtv_rts.cc : New file.
* vtv_malloc.h : New file.
* vtv_rts.h : New file.
* vtv_fail.cc : New file.
* vtv_fail.h : New file.
* vtv_map.h : New file.
* scripts/run-testsuite.sh : New file.
* scripts/sum-vtv-counts.c : New file.
* testsuite/parts-test-main.h : New file.
* testusite/dataentry.cc : New file.
* testsuite/temp_deriv.cc : New file.
* testsuite/register_pair.cc : New file.
* testsuite/virtual_inheritance.cc : New file.
* testsuite/field-test.cc : New file.
* testsuite/nested_vcall_test.cc : New file.
* testsuite/template-list-iostream.cc : New file.
* testsuite/register_pair_inserts.cc : New file.
* testsuite/register_pair_inserts_mt.cc : New file.
* testsuite/event.list : New file.
* testsuite/parts-test-extra-parts-views.cc : New file.
* testsuite/parts-test-extra-parts-views.h : New file.
* testsuite/environment-fail-32.s : New file.
* testsuite/parts-test-extra-parts.h : New file.
* testsuite/temp_deriv2.cc : New file.
* testsuite/dlopen_mt.cc : New file.
* testsuite/event.h : New file.
* testsuite/template-list.cc : New file.
* testsuite/replace-fail.cc : New file.
* testsuite/Makefile.am : New file.
* testsuite/Makefile.in: New file (generated).
* testsuite/mempool_negative.c : New file.
* testsuite/parts-test-main.cc : New file.
* testsuite/event-private.cc : New file.
* testsuite/thunk.cc : New file.
* testsuite/event-defintiions.cc : New file.
* testsuite/event-private.h : New file.
* testsuite/parts-test.list : New file.
* testusite/register_pair_mt.cc : New file.
* testsuite/povray-derived.cc : New file.
* testsuite/event-main.cc : New file.
* testsuite/environment.cc : New file.
* testsuite/template-list2.cc : New file.
* testsuite/thunk_vtable_map_attack.cc : New file.
* testsuite/parts-test-extra-parts.cc : New file.
* testsuite/environment-fail-64.s : New file.
* testsuite/dlopen.cc : New file.
* testsuite/so.cc : New file.
* testsuite/temp_deriv3.cc : New file.
* testsuite/const_vtable.cc : New file.
* testsuite/mempool_positive.c : New file.
* testsuite/dup_name.cc : New file.
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@201555 138bc75d-0d04-0410-961f-82ee72b054a4
Diffstat (limited to 'gcc/vtable-verify.h')
| -rw-r--r-- | gcc/vtable-verify.h | 141 |
1 files changed, 141 insertions, 0 deletions
diff --git a/gcc/vtable-verify.h b/gcc/vtable-verify.h new file mode 100644 index 00000000000..7ac487bef52 --- /dev/null +++ b/gcc/vtable-verify.h @@ -0,0 +1,141 @@ +/* Copyright (C) 2013 + Free Software Foundation, Inc. + +This file is part of GCC. + +GCC is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 3, or (at your option) any later +version. + +GCC is distributed in the hope that it will be useful, but WITHOUT ANY +WARRANTY; without even the implied warranty of MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +You should have received a copy of the GNU General Public License +along with GCC; see the file COPYING3. If not see +<http://www.gnu.org/licenses/>. */ + +/* Virtual Table Pointer Security. */ + +#ifndef VTABLE_VERIFY_H +#define VTABLE_VERIFY_H + +#include "sbitmap.h" +#include "hash-table.h" + +/* The function decl used to create calls to __VLTVtableVerify. It must + be global because it needs to be initialized in the C++ front end, but + used in the middle end (in the vtable verification pass). */ + +extern tree verify_vtbl_ptr_fndecl; + +/* Global variable keeping track of how many vtable map variables we + have created. */ +extern unsigned num_vtable_map_nodes; + +/* Keep track of how many virtual calls we are actually verifying. */ +extern int total_num_virtual_calls; +extern int total_num_verified_vcalls; + +/* Each vtable map variable corresponds to a virtual class. Each + vtable map variable has a hash table associated with it, that keeps + track of the vtable pointers for which we have generated a call to + __VLTRegisterPair (with the current vtable map variable). This is + the hash table node that is used for each entry in this hash table + of vtable pointers. + + Sometimes there are multiple valid vtable pointer entries that use + the same vtable pointer decl with different offsets. Therefore, + for each vtable pointer in the hash table, there is also an array + of offsets used with that vtable. */ + +struct vtable_registration +{ + tree vtable_decl; /* The var decl of the vtable. */ + vec<unsigned> offsets; /* The offsets array. */ +}; + +struct registration_hasher : typed_noop_remove <struct vtable_registration> +{ + typedef struct vtable_registration value_type; + typedef struct vtable_registration compare_type; + static inline hashval_t hash (const value_type *); + static inline bool equal (const value_type *, const compare_type *); +}; + +typedef hash_table <registration_hasher> register_table_type; +typedef register_table_type::iterator registration_iterator_type; + +/* This struct is used to represent the class hierarchy information + that we need. Each vtable map variable has an associated class + hierarchy node (struct vtv_graph_node). Note: In this struct, + 'children' means immediate descendants in the class hierarchy; + 'descendant' means any descendant however many levels deep. */ + +struct vtv_graph_node { + tree class_type; /* The record_type of the class. */ + unsigned class_uid; /* A unique, monotonically + ascending id for class node. + Each vtable map node also has + an id. The class uid is the + same as the vtable map node id + for nodes corresponding to the + same class. */ + unsigned num_processed_children; /* # of children for whom we have + computed the class hierarchy + transitive closure. */ + vec<struct vtv_graph_node *> parents; /* Vector of parents in the graph. */ + vec<struct vtv_graph_node *> children; /* Vector of children in the graph.*/ + sbitmap descendants; /* Bitmap representing all this node's + descendants in the graph. */ +}; + +/* This is the node used for our hashtable of vtable map variable + information. When we create a vtable map variable (var decl) we + put it into one of these nodes; create a corresponding + vtv_graph_node for our class hierarchy info and store that in this + node; generate a unique (monotonically ascending) id for both the + vtbl_map_node and the vtv_graph_node; and insert the node into two + data structures (to make it easy to find in several different + ways): 1). A hash table ("vtbl_map_hash" in vtable-verify.c). + This gives us an easy way to check to see if we already have a node + for the vtable map variable or not; and 2). An array (vector) of + vtbl_map_nodes, where the array index corresponds to the unique id + of the vtbl_map_node, which gives us an easy way to use bitmaps to + represent and find the vtable map nodes. */ + +struct vtbl_map_node { + tree vtbl_map_decl; /* The var decl for the vtable map + variable. */ + tree class_name; /* The DECL_ASSEMBLER_NAME of the + class. */ + struct vtv_graph_node *class_info; /* Our class hierarchy info for the + class. */ + unsigned uid; /* The unique id for the vtable map + variable. */ + struct vtbl_map_node *next, *prev; /* Pointers for the linked list + structure. */ + register_table_type registered; /* Hashtable of vtable pointers for which + we have generated a _VLTRegisterPair + call with this vtable map variable. */ + bool is_used; /* Boolean indicating if we used this vtable map + variable in a call to __VLTVerifyVtablePointer. */ +}; + +/* Controls debugging for vtable verification. */ +extern bool vtv_debug; + +/* The global vector of vtbl_map_nodes. */ +extern vec<struct vtbl_map_node *> vtbl_map_nodes_vec; + +extern struct vtbl_map_node *vtbl_map_get_node (tree); +extern struct vtbl_map_node *find_or_create_vtbl_map_node (tree); +extern void vtbl_map_node_class_insert (struct vtbl_map_node *, unsigned); +extern bool vtbl_map_node_registration_find (struct vtbl_map_node *, + tree, unsigned); +extern bool vtbl_map_node_registration_insert (struct vtbl_map_node *, + tree, unsigned); + +#endif /* VTABLE_VERIFY_H */ |