1 //===- StackProtector.h - Stack Protector Insertion -------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This pass inserts stack protectors into functions which need them. A variable
10 // with a random value in it is stored onto the stack before the local variables
11 // are allocated. Upon exiting the block, the stored value is checked. If it's
12 // changed, then there was some sort of violation and the program aborts.
13 //
14 //===----------------------------------------------------------------------===//
15 
16 #ifndef LLVM_CODEGEN_STACKPROTECTOR_H
17 #define LLVM_CODEGEN_STACKPROTECTOR_H
18 
19 #include "llvm/ADT/SmallPtrSet.h"
20 #include "llvm/ADT/Triple.h"
21 #include "llvm/CodeGen/MachineFrameInfo.h"
22 #include "llvm/IR/Instructions.h"
23 #include "llvm/IR/ValueMap.h"
24 #include "llvm/Pass.h"
25 
26 namespace llvm {
27 
28 class BasicBlock;
29 class DominatorTree;
30 class Function;
31 class Instruction;
32 class Module;
33 class TargetLoweringBase;
34 class TargetMachine;
35 class Type;
36 
37 class StackProtector : public FunctionPass {
38 private:
39   /// A mapping of AllocaInsts to their required SSP layout.
40   using SSPLayoutMap = DenseMap<const AllocaInst *,
41                                 MachineFrameInfo::SSPLayoutKind>;
42 
43   const TargetMachine *TM = nullptr;
44 
45   /// TLI - Keep a pointer of a TargetLowering to consult for determining
46   /// target type sizes.
47   const TargetLoweringBase *TLI = nullptr;
48   Triple Trip;
49 
50   Function *F;
51   Module *M;
52 
53   DominatorTree *DT;
54 
55   /// Layout - Mapping of allocations to the required SSPLayoutKind.
56   /// StackProtector analysis will update this map when determining if an
57   /// AllocaInst triggers a stack protector.
58   SSPLayoutMap Layout;
59 
60   /// The minimum size of buffers that will receive stack smashing
61   /// protection when -fstack-protection is used.
62   unsigned SSPBufferSize = 0;
63 
64   /// VisitedPHIs - The set of PHI nodes visited when determining
65   /// if a variable's reference has been taken.  This set
66   /// is maintained to ensure we don't visit the same PHI node multiple
67   /// times.
68   SmallPtrSet<const PHINode *, 16> VisitedPHIs;
69 
70   // A prologue is generated.
71   bool HasPrologue = false;
72 
73   // IR checking code is generated.
74   bool HasIRCheck = false;
75 
76   /// InsertStackProtectors - Insert code into the prologue and epilogue of
77   /// the function.
78   ///
79   ///  - The prologue code loads and stores the stack guard onto the stack.
80   ///  - The epilogue checks the value stored in the prologue against the
81   ///    original value. It calls __stack_chk_fail if they differ.
82   bool InsertStackProtectors();
83 
84   /// CreateFailBB - Create a basic block to jump to when the stack protector
85   /// check fails.
86   BasicBlock *CreateFailBB();
87 
88   /// ContainsProtectableArray - Check whether the type either is an array or
89   /// contains an array of sufficient size so that we need stack protectors
90   /// for it.
91   /// \param [out] IsLarge is set to true if a protectable array is found and
92   /// it is "large" ( >= ssp-buffer-size).  In the case of a structure with
93   /// multiple arrays, this gets set if any of them is large.
94   bool ContainsProtectableArray(Type *Ty, bool &IsLarge, bool Strong = false,
95                                 bool InStruct = false) const;
96 
97   /// Check whether a stack allocation has its address taken.
98   bool HasAddressTaken(const Instruction *AI, uint64_t AllocSize);
99 
100   /// RequiresStackProtector - Check whether or not this function needs a
101   /// stack protector based upon the stack protector level.
102   bool RequiresStackProtector();
103 
104 public:
105   static char ID; // Pass identification, replacement for typeid.
106 
107   StackProtector();
108 
109   void getAnalysisUsage(AnalysisUsage &AU) const override;
110 
111   // Return true if StackProtector is supposed to be handled by SelectionDAG.
112   bool shouldEmitSDCheck(const BasicBlock &BB) const;
113 
114   bool runOnFunction(Function &Fn) override;
115 
116   void copyToMachineFrameInfo(MachineFrameInfo &MFI) const;
117 };
118 
119 } // end namespace llvm
120 
121 #endif // LLVM_CODEGEN_STACKPROTECTOR_H
122