From patchwork Mon Jul 15 07:20:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Martin Uecker X-Patchwork-Id: 93923 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C96F5386481D for ; Mon, 15 Jul 2024 07:21:55 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mailrelay.tugraz.at (mailrelay.tugraz.at [129.27.2.202]) by sourceware.org (Postfix) with ESMTPS id A291C386482E for ; Mon, 15 Jul 2024 07:20:22 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A291C386482E Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=tugraz.at Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tugraz.at ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A291C386482E Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=129.27.2.202 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1721028025; cv=none; b=rtnc6a/y5DUQKi6JARZpfO/3CZXi3zpK9anDh6unFJIqUIR3I53fr1KqY/hvU3favz0Mc1nReVZnfX7q2rqsT1oY4fJaSvbiBgerV6rmdXclmWnoUr1jp5zU5l5ONtkoyjbUL2iyd/2OhjhScF6IX/up29xgM+58JA4tLc64gKo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1721028025; c=relaxed/simple; bh=3zxvOJbTd4OyKQ7njWThH9IM62F8sxe8dZKHZyvXx2k=; h=DKIM-Signature:Message-ID:Subject:From:To:Date:MIME-Version; b=HVd0MbgrVYBDLwmkiu4aLcaQCWDExikbnMTg4NlxkdOOeM45yw2M4zcTb6Ll5KAEVYnItzLM8JByRKUUvLBwHK43kQeX8BlTLuYwnbXSFZ4/HAEuaxaTbRs9t4ACWSYHUBHSNwq1JbTdsfdbI55afn5u0+m9humv+XpeRksX/Co= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from vra-172-50.tugraz.at (vra-172-50.tugraz.at [129.27.172.50]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4WMtrc1nTGz1HNLR; Mon, 15 Jul 2024 09:20:16 +0200 (CEST) DKIM-Filter: OpenDKIM Filter v2.11.0 mailrelay.tugraz.at 4WMtrc1nTGz1HNLR DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1721028016; bh=3zxvOJbTd4OyKQ7njWThH9IM62F8sxe8dZKHZyvXx2k=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=IIMDsn2AO1oM1kJVj+Kx9uU61Bc1h48tEwXZodsHcJKZY/XUok4/RiZhHCnrZHkes Q2N77WnLswJYum5a7zlrt3f9VSJB6pMrfr0C82AvM0xmsMLDyZxVbCsI88xaBfsGsQ ZJ/OlmWZAkIk+xeVlPyZjuomf1mOBPI3luUpyjxc= Message-ID: <3cfb57e4cf401fce4a171fdf0a4ade0ac6c3a3e2.camel@tugraz.at> Subject: [PATCH v3 3/4] c: runtime checking for assigment of VM types From: Martin Uecker To: gcc-patches@gcc.gnu.org Cc: Joseph Myers , Siddhesh Poyarekar , kees Cook , Marek Polacek Date: Mon, 15 Jul 2024 09:20:15 +0200 In-Reply-To: References: User-Agent: Evolution 3.46.4-2 MIME-Version: 1.0 X-TUG-Backscatter-control: G/VXY7/6zeyuAY/PU2/0qw X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -1.9 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.116 X-Spam-Status: No, score=-11.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces~patchwork=sourceware.org@gcc.gnu.org Support instrumentation of functions called via pointers. To do so, record the declaration with the parameter types, so that it can be retrieved later. gcc/c: c-decl.cc (get_parm_info): Record function declaration for arguments. c-typeck.cc (process_vm_constraints): Instrument functions called via pointers. gcc/testsuide/gcc.dg: * vla-bounds-func-1.c: Add warning. * vla-bounds-fnptr-1.c: New test. * vla-bounds-fnptr-2.c: New test. * vla-bounds-fnptr-3.c: New test. --- gcc/c/c-decl.cc | 4 ++++ gcc/c/c-typeck.cc | 14 ++++++++++-- gcc/testsuite/gcc.dg/vla-bounds-fnptr-1.c | 24 ++++++++++++++++++++ gcc/testsuite/gcc.dg/vla-bounds-fnptr-2.c | 27 +++++++++++++++++++++++ gcc/testsuite/gcc.dg/vla-bounds-fnptr-3.c | 25 +++++++++++++++++++++ gcc/testsuite/gcc.dg/vla-bounds-func-1.c | 2 +- 6 files changed, 93 insertions(+), 3 deletions(-) create mode 100644 gcc/testsuite/gcc.dg/vla-bounds-fnptr-1.c create mode 100644 gcc/testsuite/gcc.dg/vla-bounds-fnptr-2.c create mode 100644 gcc/testsuite/gcc.dg/vla-bounds-fnptr-3.c diff --git a/gcc/c/c-decl.cc b/gcc/c/c-decl.cc index 97f1d346835..d328e3bd5ac 100644 --- a/gcc/c/c-decl.cc +++ b/gcc/c/c-decl.cc @@ -8628,6 +8628,10 @@ get_parm_info (bool ellipsis, tree expr) declared types. The back end may override this later. */ DECL_ARG_TYPE (decl) = type; types = tree_cons (0, type, types); + + /* Record the decl for use for VLA bounds checking. */ + if (flag_vla_bounds) + TREE_PURPOSE (types) = decl; } break; diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc index c0132a22e21..6ffa0c24e0c 100644 --- a/gcc/c/c-typeck.cc +++ b/gcc/c/c-typeck.cc @@ -3958,9 +3958,19 @@ process_vm_constraints (location_t location, } else { - /* Functions called via pointers are not yet supported. */ - return void_node; + while (TREE_CODE (function) != FUNCTION_TYPE) + function = TREE_TYPE (function); + + args = TREE_PURPOSE (TYPE_ARG_TYPES (function)); + + if (!args) + { + /* FIXME: this can happen when forming composite types for the + conditional operator. */ + return void_node; + } } + gcc_assert (TREE_CODE (args) == PARM_DECL); } for (struct instrument_data* d = *instr_vec; d; d = d->next) diff --git a/gcc/testsuite/gcc.dg/vla-bounds-fnptr-1.c b/gcc/testsuite/gcc.dg/vla-bounds-fnptr-1.c new file mode 100644 index 00000000000..61ff0dff1db --- /dev/null +++ b/gcc/testsuite/gcc.dg/vla-bounds-fnptr-1.c @@ -0,0 +1,24 @@ +/* { dg-do run } */ +/* { dg-options "-fvla-bounds" } */ + +#include +#include + +static void handler(int) { exit(0); } + +void foo1(void (*p)(int n, char (*a)[n])) +{ + char A0[3]; + (*p)(3, &A0); + (*p)(4, &A0); // 4 != 3 + abort(); +} + +void b0(int n, char (*a)[n]) { } + +int main() +{ + signal(SIGILL, handler); + + foo1(&b0); +} diff --git a/gcc/testsuite/gcc.dg/vla-bounds-fnptr-2.c b/gcc/testsuite/gcc.dg/vla-bounds-fnptr-2.c new file mode 100644 index 00000000000..0c01d4592ed --- /dev/null +++ b/gcc/testsuite/gcc.dg/vla-bounds-fnptr-2.c @@ -0,0 +1,27 @@ +/* { dg-do run } */ +/* { dg-options "-fvla-bounds" } */ + +#include +#include + +static void handler(int) { exit(0); } + +int n; + +void foo2(void (*p)(int n, char (*a)[n])) +{ + n = 4; + char A0[3]; + (*p)(3, &A0); + (*p)(4, &A0); + abort(); +} + +void b1(int n0, char (*a)[n]) { } + +int main() +{ + signal(SIGILL, handler); + + foo2(&b1); // we should diagnose mismatch +} diff --git a/gcc/testsuite/gcc.dg/vla-bounds-fnptr-3.c b/gcc/testsuite/gcc.dg/vla-bounds-fnptr-3.c new file mode 100644 index 00000000000..c239216cdfc --- /dev/null +++ b/gcc/testsuite/gcc.dg/vla-bounds-fnptr-3.c @@ -0,0 +1,25 @@ +/* { dg-do run } */ +/* { dg-options "-fvla-bounds" } */ + +#include +#include + +static void handler(int) { exit(0); } + +int n; + +void foo3(void (*p)(int n0, char (*a)[n])) +{ + n = 4; + char A0[3]; + (*p)(3, &A0); // 4 != 3 + abort(); +} + +void b1(int n0, char (*a)[n]) { } + +int main() +{ + signal(SIGILL, handler); + foo3(&b1); +} diff --git a/gcc/testsuite/gcc.dg/vla-bounds-func-1.c b/gcc/testsuite/gcc.dg/vla-bounds-func-1.c index 378c6073688..36072a372a3 100644 --- a/gcc/testsuite/gcc.dg/vla-bounds-func-1.c +++ b/gcc/testsuite/gcc.dg/vla-bounds-func-1.c @@ -30,7 +30,7 @@ void f(void) int u = 3; int v = 4; char a[u][v]; - (1 ? f1 : f2)(u, v, a); + (1 ? f1 : f2)(u, v, a); /* "Function call not instrumented." */ } /* size expression in parameter */ -- 2.39.2