1 //===- StackProtector.h - Stack Protector Insertion -------------*- C++ -*-===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This pass inserts stack protectors into functions which need them. A variable
10 // with a random value in it is stored onto the stack before the local variables
11 // are allocated. Upon exiting the block, the stored value is checked. If it's
12 // changed, then there was some sort of violation and the program aborts.
13 //
14 //===----------------------------------------------------------------------===//
15 
16 #ifndef LLVM_CODEGEN_STACKPROTECTOR_H
17 #define LLVM_CODEGEN_STACKPROTECTOR_H
18 
19 #include "llvm/ADT/SmallPtrSet.h"
20 #include "llvm/ADT/Triple.h"
21 #include "llvm/CodeGen/MachineFrameInfo.h"
22 #include "llvm/IR/Instructions.h"
23 #include "llvm/Pass.h"
24 
25 namespace llvm {
26 
27 class BasicBlock;
28 class DominatorTree;
29 class Function;
30 class Instruction;
31 class Module;
32 class TargetLoweringBase;
33 class TargetMachine;
34 class Type;
35 
36 class StackProtector : public FunctionPass {
37 private:
38   /// A mapping of AllocaInsts to their required SSP layout.
39   using SSPLayoutMap = DenseMap<const AllocaInst *,
40                                 MachineFrameInfo::SSPLayoutKind>;
41 
42   const TargetMachine *TM = nullptr;
43 
44   /// TLI - Keep a pointer of a TargetLowering to consult for determining
45   /// target type sizes.
46   const TargetLoweringBase *TLI = nullptr;
47   Triple Trip;
48 
49   Function *F;
50   Module *M;
51 
52   DominatorTree *DT;
53 
54   /// Layout - Mapping of allocations to the required SSPLayoutKind.
55   /// StackProtector analysis will update this map when determining if an
56   /// AllocaInst triggers a stack protector.
57   SSPLayoutMap Layout;
58 
59   /// The minimum size of buffers that will receive stack smashing
60   /// protection when -fstack-protection is used.
61   unsigned SSPBufferSize = 0;
62 
63   /// VisitedPHIs - The set of PHI nodes visited when determining
64   /// if a variable's reference has been taken.  This set
65   /// is maintained to ensure we don't visit the same PHI node multiple
66   /// times.
67   SmallPtrSet<const PHINode *, 16> VisitedPHIs;
68 
69   // A prologue is generated.
70   bool HasPrologue = false;
71 
72   // IR checking code is generated.
73   bool HasIRCheck = false;
74 
75   /// InsertStackProtectors - Insert code into the prologue and epilogue of
76   /// the function.
77   ///
78   ///  - The prologue code loads and stores the stack guard onto the stack.
79   ///  - The epilogue checks the value stored in the prologue against the
80   ///    original value. It calls __stack_chk_fail if they differ.
81   bool InsertStackProtectors();
82 
83   /// CreateFailBB - Create a basic block to jump to when the stack protector
84   /// check fails.
85   BasicBlock *CreateFailBB();
86 
87   /// ContainsProtectableArray - Check whether the type either is an array or
88   /// contains an array of sufficient size so that we need stack protectors
89   /// for it.
90   /// \param [out] IsLarge is set to true if a protectable array is found and
91   /// it is "large" ( >= ssp-buffer-size).  In the case of a structure with
92   /// multiple arrays, this gets set if any of them is large.
93   bool ContainsProtectableArray(Type *Ty, bool &IsLarge, bool Strong = false,
94                                 bool InStruct = false) const;
95 
96   /// Check whether a stack allocation has its address taken.
97   bool HasAddressTaken(const Instruction *AI, TypeSize AllocSize);
98 
99   /// RequiresStackProtector - Check whether or not this function needs a
100   /// stack protector based upon the stack protector level.
101   bool RequiresStackProtector();
102 
103 public:
104   static char ID; // Pass identification, replacement for typeid.
105 
106   StackProtector();
107 
108   void getAnalysisUsage(AnalysisUsage &AU) const override;
109 
110   // Return true if StackProtector is supposed to be handled by SelectionDAG.
111   bool shouldEmitSDCheck(const BasicBlock &BB) const;
112 
113   bool runOnFunction(Function &Fn) override;
114 
115   void copyToMachineFrameInfo(MachineFrameInfo &MFI) const;
116 };
117 
118 } // end namespace llvm
119 
120 #endif // LLVM_CODEGEN_STACKPROTECTOR_H
121