From patchwork Mon Nov 24 14:09:37 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ilya Enkovich X-Patchwork-Id: 413745 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 0F867140168 for ; Tue, 25 Nov 2014 01:09:57 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; q=dns; s=default; b=ER/yFp0yv+rRCsccB I0wOoiwB2Jr/Jdjn7RDUXB1PAh3b71kF+toYry1IlmuiQNw+/blB+wd+YQR1Yy7/ qZPtkxlRuwgf4BQoFrJOKSfmnvkl4Qbq87StkB/lD22HSqS9QiI7NJhKi9GxM2Y9 q1+1DjRQZr2y6OQXe3M83IlmIM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=default; bh=a5aIPNVM/YFRyYcMkCEoow+ dL7A=; b=yuinM8JluPyUlrEsacRS8AWRPIilKHtimHCOCIIbU3CgB3Pe1P8snH/ ykmoVecgjHMkTlyXAT6FPKdH2vC0rGuQwRJlLGv0xyN9GDFaT+1MVxceT12uxXV9 NOzvqFZLQxAcwWzxSNoKEOt6preMUsU9ipZh2ac1K1693BaEv5OA= Received: (qmail 802 invoked by alias); 24 Nov 2014 14:09:49 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 785 invoked by uid 89); 24 Nov 2014 14:09:48 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.2 required=5.0 tests=AWL, BAYES_50, FREEMAIL_FROM, KAM_STOCKGEN, RCVD_IN_DNSWL_LOW, SPF_PASS autolearn=no version=3.3.2 X-HELO: mail-pa0-f50.google.com Received: from mail-pa0-f50.google.com (HELO mail-pa0-f50.google.com) (209.85.220.50) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES128-SHA encrypted) ESMTPS; Mon, 24 Nov 2014 14:09:46 +0000 Received: by mail-pa0-f50.google.com with SMTP id bj1so9636686pad.9 for ; Mon, 24 Nov 2014 06:09:44 -0800 (PST) X-Received: by 10.70.47.37 with SMTP id a5mr19969674pdn.93.1416838184324; Mon, 24 Nov 2014 06:09:44 -0800 (PST) Received: from msticlxl57.ims.intel.com ([192.55.55.41]) by mx.google.com with ESMTPSA id n2sm12608778pdg.2.2014.11.24.06.09.41 for (version=TLSv1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 24 Nov 2014 06:09:43 -0800 (PST) Date: Mon, 24 Nov 2014 17:09:37 +0300 From: Ilya Enkovich To: Joseph Myers Cc: Jeff Law , gcc-patches@gcc.gnu.org Subject: Re: [PATCH, MPX wrappers 2/3] Replace some function calls with wrapper calls during instrumentation Message-ID: <20141124140937.GC9490@msticlxl57.ims.intel.com> References: <20141114172932.GB20207@msticlxl57.ims.intel.com> <5466FDC1.6000806@redhat.com> <20141118151007.GA47331@msticlxl57.ims.intel.com> <20141118164211.GB47331@msticlxl57.ims.intel.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20141118164211.GB47331@msticlxl57.ims.intel.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-IsSubscribed: yes On 18 Nov 19:42, Ilya Enkovich wrote: > On 18 Nov 16:23, Joseph Myers wrote: > > On Tue, 18 Nov 2014, Ilya Enkovich wrote: > > > > > +@item -fcheck-pointer-bounds > > > +@opindex fcheck-pointer-bounds > > > +@opindex fno-check-pointer-bounds > > > +Enable Pointer Bounds Checker instrumentation. Each memory reference > > > +is instrumented with checks of pointer used for memory access against > > > +bounds associated with that pointer. Generated instrumentation may > > > +be controlled by various @option{-fchkp-*} options. > > > > If this is only operational given -mmpx and when the generated code is run > > on a processor supporting MPX, I think the documentation needs to make > > that clear. > > > > > +@item -fchkp-use-fast-string-functions > > > +@opindex fchkp-use-fast-string-functions > > > +@opindex fno-chkp-use-fast-string-functions > > > +Allow to use *_nobnd versions of string functions (not copying bounds) > > > +by Pointer Bounds Checker. Disabled by default. > > > > @code{*_nobnd}. > > > > > +@item -fchkp-use-nochk-string-functions > > > +@opindex fchkp-use-nochk-string-functions > > > +@opindex fno-chkp-use-nochk-string-functions > > > +Allow to use *_nochk versions of string functions (not checking bounds) > > > +by Pointer Bounds Checker. Disabled by default. > > > > @code{*_nochk). > > > > > +@item -fchkp-instrument-marked-only > > > +@opindex fchkp-instrument-marked-only > > > +@opindex fno-chkp-instrument-marked-only > > > +Instructs Pointer Bounds Checker to instrument only functions > > > +marked with bnd_instrument attribute. Disabled by default. > > > > @code{bnd_instrument}. > > > > > +@item -fchkp-use-wrappers > > > +@opindex fchkp-use-wrappers > > > +@opindex fno-chkp-use-wrappers > > > +Allows Pointer Bounds Checker to replace calls to builtin function > > > +with calls to wrapper functions. Enabled by default. > > > > "built-in functions". > > > > -- > > Joseph S. Myers > > joseph@codesourcery.com > > Thank you for comments! Below is a fixed version. > > Ilya > -- Here is a version with updated documentation. Added -static-libmpx and -static-libmpxwrappers options. Added description on runtime library dependencies. Thanks, Ilya --- 2014-11-24 Ilya Enkovich * c-family/c.opt (fchkp-use-wrappers): New. * ipa-chkp.c (CHKP_WRAPPER_SYMBOL_PREFIX): New. (chkp_wrap_function): New. (chkp_build_instrumented_fndecl): Support wrapped functions. * doc/invoke.texi (-fcheck-pointer-bounds): New. (-fchkp-check-incomplete-type): New. (-fchkp-first-field-has-own-bounds): New. (-fchkp-narrow-bounds): New. (-fchkp-narrow-to-innermost-array): New. (-fchkp-optimize): New. (-fchkp-use-fast-string-functions): New. (-fchkp-use-nochk-string-functions): New. (-fchkp-use-static-bounds): New. (-fchkp-use-static-const-bounds): New. (-fchkp-treat-zero-dynamic-size-as-infinite): New. (-fchkp-check-read): New. (-fchkp-check-write): New. (-fchkp-store-bounds): New. (-fchkp-instrument-calls): New. (-fchkp-instrument-marked-only): New. (-fchkp-use-wrappers): New. (-static-libmpx): New. (-static-libmpxwrappers): New. diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt index 283c632..3426059 100644 --- a/gcc/c-family/c.opt +++ b/gcc/c-family/c.opt @@ -1040,6 +1040,10 @@ fchkp-instrument-marked-only C ObjC C++ ObjC++ LTO Report Var(flag_chkp_instrument_marked_only) Init(0) Instrument only functions marked with bnd_instrument attribute. +fchkp-use-wrappers +C ObjC C++ ObjC++ LTO Report Var(flag_chkp_use_wrappers) Init(1) +Transform instrumented builtin calls into calls to wrappers. + static-libmpx Driver diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi index 89edddb..cae40b8 100644 --- a/gcc/doc/invoke.texi +++ b/gcc/doc/invoke.texi @@ -299,6 +299,15 @@ Objective-C and Objective-C++ Dialects}. @gccoptlist{-d@var{letters} -dumpspecs -dumpmachine -dumpversion @gol -fsanitize=@var{style} -fsanitize-recover -fsanitize-recover=@var{style} @gol -fasan-shadow-offset=@var{number} -fsanitize-undefined-trap-on-error @gol +-fcheck-pointer-bounds -fchkp-check-incomplete-type @gol +-fchkp-first-field-has-own-bounds -fchkp-narrow-bounds @gol +-fchkp-narrow-to-innermost-array -fchkp-optimize @gol +-fchkp-use-fast-string-functions -fchkp-use-nochk-string-functions @gol +-fchkp-use-static-bounds -fchkp-use-static-const-bounds @gol +-fchkp-treat-zero-dynamic-size-as-infinite -fchkp-check-read @gol +-fchkp-check-read -fchkp-check-write -fchkp-store-bounds @gol +-fchkp-instrument-calls -fchkp-instrument-marked-only @gol +-fchkp-use-wrappers @gol -fdbg-cnt-list -fdbg-cnt=@var{counter-value-list} @gol -fdisable-ipa-@var{pass_name} @gol -fdisable-rtl-@var{pass_name} @gol @@ -469,6 +478,7 @@ Objective-C and Objective-C++ Dialects}. -nostartfiles -nodefaultlibs -nostdlib -pie -rdynamic @gol -s -static -static-libgcc -static-libstdc++ @gol -static-libasan -static-libtsan -static-liblsan -static-libubsan @gol +-static-libmpx -static-libmpxwrappers @gol -shared -shared-libgcc -symbolic @gol -T @var{script} -Wl,@var{option} -Xlinker @var{option} @gol -u @var{symbol} -z @var{keyword}} @@ -5693,6 +5703,135 @@ a @code{libubsan} library routine. The advantage of this is that the @code{libubsan} library is not needed and will not be linked in, so this is usable even for use in freestanding environments. +@item -fcheck-pointer-bounds +@opindex fcheck-pointer-bounds +@opindex fno-check-pointer-bounds +Enable Pointer Bounds Checker instrumentation. Each memory reference +is instrumented with checks of pointer used for memory access against +bounds associated with that pointer. Generated instrumentation may +be controlled by various @option{-fchkp-*} options. Currently there +is only Intel MPX based implementation available, thus i386 target +and @option{-mmpx} are required. MPX based instrumentation requires +a runtime library to enable MPX in a hardware and handle bounds +violation signals. By default when @option{-fcheck-pointer-bounds} +and @option{-mmpx} options are used to link a program, the GCC driver +links against @option{libmpx} runtime library. MPX based instrumentation +may be used for a debugging and also it may be included into a release +version to increase program security. Depending on usage you may +put different requirements to runtime library. Current version + of MPX runtime library is more oriented to be used as a debugging +tool. MPX runtime library usage implies @option{-lpthread}. See +also @option{-static-libmpx}. The runtime library behavior can be +influenced using various @env{CHKP_RT_*} environment variables. See +@uref{https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler} +for more details. + +@item -fchkp-check-incomplete-type +@opindex fchkp-check-incomplete-type +@opindex fno-chkp-check-incomplete-type +Generate pointer bounds checks for variables with incomplete type. +Enabled by default + +@item -fchkp-narrow-bounds +@opindex fchkp-narrow-bounds +@opindex fno-chkp-narrow-bounds +Controls bounds used by Pointer Bounds Checker for pointers to object +fields. If narrowing is enabled then field bounds are used. Otherwise +object bounds are used. See also @option{-fchkp-narrow-to-innermost-array} +and @option{-fchkp-first-field-has-own-bounds}. Enabled by default. + +@item -fchkp-first-field-has-own-bounds +@opindex fchkp-first-field-has-own-bounds +@opindex fno-chkp-first-field-has-own-bounds +Forces Pointer Bounds Checker to use narrowed bounds for address of the +first field in the structure. By default pointer to the first field has +the same bounds as pointer to the whole structure. + +@item -fchkp-narrow-to-innermost-array +@opindex fchkp-narrow-to-innermost-array +@opindex fno-chkp-narrow-to-innermost-array +Forces Pointer Bounds Checker to use bounds of the innermost arrays in +case of nested static arryas access. By default it is disabled and +bounds of the outermost array are used. + +@item -fchkp-optimize +@opindex fchkp-optimize +@opindex fno-chkp-optimize +Enables Pointer Bounds Checker optimizations. Enabled by default at +optimization levels @option{-O}, @option{-O2}, @option{-O3}. + +@item -fchkp-use-fast-string-functions +@opindex fchkp-use-fast-string-functions +@opindex fno-chkp-use-fast-string-functions +Allow to use @code{*_nobnd} versions of string functions (not copying bounds) +by Pointer Bounds Checker. Disabled by default. + +@item -fchkp-use-nochk-string-functions +@opindex fchkp-use-nochk-string-functions +@opindex fno-chkp-use-nochk-string-functions +Allow to use @code{*_nochk} versions of string functions (not checking bounds) +by Pointer Bounds Checker. Disabled by default. + +@item -fchkp-use-static-bounds +@opindex fchkp-use-static-bounds +@opindex fno-chkp-use-static-bounds +Allow Pointer Bounds Checker to generate static bounds holding +bounds of static variables. Enabled by default. + +@item -fchkp-use-static-const-bounds +@opindex fchkp-use-static-const-bounds +@opindex fno-chkp-use-static-const-bounds +Use statically initialized bounds for constant bounds instead of +generating them each time it is required. By default enabled when +@option{-fchkp-use-static-bounds} is enabled. + +@item -fchkp-treat-zero-dynamic-size-as-infinite +@opindex fchkp-treat-zero-dynamic-size-as-infinite +@opindex fno-chkp-treat-zero-dynamic-size-as-infinite +With this option zero size obtained dynamically for objects with +incomplete type will be treated as infinite by Pointer Bounds +Checker. It may be helpful if program is linked with a library +missing size information for some symbols. Disabled by default. + +@item -fchkp-check-read +@opindex fchkp-check-read +@opindex fno-chkp-check-read +Instructs Pointer Bounds Checker to generate checks for all read +accesses to memory. Enabled by default. + +@item -fchkp-check-write +@opindex fchkp-check-write +@opindex fno-chkp-check-write +Instructs Pointer Bounds Checker to generate checks for all write +accesses to memory. Enabled by default. + +@item -fchkp-store-bounds +@opindex fchkp-store-bounds +@opindex fno-chkp-store-bounds +Instructs Pointer Bounds Checker to generate bounds stores for +pointer writes. Enabled by default. + +@item -fchkp-instrument-calls +@opindex fchkp-instrument-calls +@opindex fno-chkp-instrument-calls +Instructs Pointer Bounds Checker to pass pointer bounds to calls. +Enabled by default. + +@item -fchkp-instrument-marked-only +@opindex fchkp-instrument-marked-only +@opindex fno-chkp-instrument-marked-only +Instructs Pointer Bounds Checker to instrument only functions +marked with @code{bnd_instrument} attribute. Disabled by default. + +@item -fchkp-use-wrappers +@opindex fchkp-use-wrappers +@opindex fno-chkp-use-wrappers +Allows Pointer Bounds Checker to replace calls to built-in function +with calls to wrapper functions. When the @option{-fchkp-use-wrappers} +is used to link a program, the GCC driver automatically links +agains @option{libmpxwrappers}. See also @option{-static-libmpxwrappers}. +Enabled by default. + @item -fdump-final-insns@r{[}=@var{file}@r{]} @opindex fdump-final-insns Dump the final internal representation (RTL) to @var{file}. If the @@ -10936,6 +11075,27 @@ option is not used, then this links against the shared version of driver to link @file{libubsan} statically, without necessarily linking other libraries statically. +@item -static-libmpx +@opindex static-libmpx +When @option{-fcheck-pointer bounds} and @option{-mmpx} options are +used to link a program, the GCC driver automatically links against +@option{libmpx}. If @file{libmpx} is available as a shared library, +and the @option{-static} option is not used, then this links against +the shared version of @file{libmpx}. The @option{-static-libmpx} +option directs the GCC driver to link @file{libmpx} statically, +without necessarily linking other libraries statically. + +@item -static-libmpxwrappers +@opindex static-libmpxwrappers +When @option{-fcheck-pointer bounds}, @option{-mmpx} options are used and +@option{-fno-chkp-use-wrappers} option is not used to link a program, the +GCC driver automatically links against @option{libmpxwrappers}. If +@file{libmpxwrappers} is available as a shared library, and the +@option{-static} option is not used, then this links against the shared +version of @file{libmpxwrappers}. The @option{-static-libmpxwrappers} +option directs the GCC driver to link @file{libmpxwrappers} statically, +without necessarily linking other libraries statically. + @item -static-libstdc++ @opindex static-libstdc++ When the @command{g++} program is used to link a C++ program, it diff --git a/gcc/ipa-chkp.c b/gcc/ipa-chkp.c index 46b2139..00b398a 100644 --- a/gcc/ipa-chkp.c +++ b/gcc/ipa-chkp.c @@ -89,6 +89,44 @@ along with GCC; see the file COPYING3. If not see removed. */ #define CHKP_BOUNDS_OF_SYMBOL_PREFIX "__chkp_bounds_of_" +#define CHKP_WRAPPER_SYMBOL_PREFIX "__mpx_wrapper_" + +/* Return 1 calls to FNDECL should be replaced with + a call to wrapper function. */ +static bool +chkp_wrap_function (tree fndecl) +{ + if (!flag_chkp_use_wrappers) + return false; + + if (DECL_BUILT_IN_CLASS (fndecl) == BUILT_IN_NORMAL) + { + switch (DECL_FUNCTION_CODE (fndecl)) + { + case BUILT_IN_STRLEN: + case BUILT_IN_STRCPY: + case BUILT_IN_STRNCPY: + case BUILT_IN_STPCPY: + case BUILT_IN_STPNCPY: + case BUILT_IN_STRCAT: + case BUILT_IN_STRNCAT: + case BUILT_IN_MEMCPY: + case BUILT_IN_MEMPCPY: + case BUILT_IN_MEMSET: + case BUILT_IN_MEMMOVE: + case BUILT_IN_BZERO: + case BUILT_IN_MALLOC: + case BUILT_IN_CALLOC: + case BUILT_IN_REALLOC: + return 1; + + default: + return 0; + } + } + + return false; +} /* Build a clone of FNDECL with a modified name. */ @@ -113,11 +151,20 @@ chkp_build_instrumented_fndecl (tree fndecl) because it conflicts with decl merging algorithms in LTO. Achieve the result by using transparent alias name for the instrumented version. */ - s = IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (fndecl)); - s += ".chkp"; - new_name = get_identifier (s.c_str ()); - IDENTIFIER_TRANSPARENT_ALIAS (new_name) = 1; - TREE_CHAIN (new_name) = DECL_ASSEMBLER_NAME (fndecl); + if (chkp_wrap_function(fndecl)) + { + s = CHKP_WRAPPER_SYMBOL_PREFIX; + s += IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (fndecl)); + new_name = get_identifier (s.c_str ()); + } + else + { + s = IDENTIFIER_POINTER (DECL_ASSEMBLER_NAME (fndecl)); + s += ".chkp"; + new_name = get_identifier (s.c_str ()); + IDENTIFIER_TRANSPARENT_ALIAS (new_name) = 1; + TREE_CHAIN (new_name) = DECL_ASSEMBLER_NAME (fndecl); + } SET_DECL_ASSEMBLER_NAME (new_decl, new_name); /* For functions with body versioning will make a copy of arguments.