2010-02-15 17:45:33 +02:00
|
|
|
/*
|
|
|
|
|
* Compile LLVM bytecode to ClamAV bytecode.
|
|
|
|
|
*
|
2013-08-15 16:47:25 -04:00
|
|
|
* Copyright (C) 2009-2013 Sourcefire, Inc.
|
2010-02-15 17:45:33 +02:00
|
|
|
*
|
|
|
|
|
* Authors: Török Edvin
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
|
|
|
* published by the Free Software Foundation.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
|
|
|
* MA 02110-1301, USA.
|
|
|
|
|
*/
|
|
|
|
|
#define DEBUG_TYPE "clambc-rtcheck"
|
|
|
|
|
#include "ClamBCModule.h"
|
2010-05-13 12:41:01 +03:00
|
|
|
#include "ClamBCDiagnostics.h"
|
2010-03-30 23:22:23 +03:00
|
|
|
#include "llvm/ADT/DenseSet.h"
|
2010-02-15 17:45:33 +02:00
|
|
|
#include "llvm/ADT/PostOrderIterator.h"
|
2010-03-30 23:22:23 +03:00
|
|
|
#include "llvm/ADT/SCCIterator.h"
|
|
|
|
|
#include "llvm/Analysis/CallGraph.h"
|
2010-02-15 17:45:33 +02:00
|
|
|
#include "llvm/Analysis/Verifier.h"
|
2010-03-30 23:22:23 +03:00
|
|
|
#include "llvm/Analysis/DebugInfo.h"
|
2010-02-15 17:45:33 +02:00
|
|
|
#include "llvm/Analysis/Dominators.h"
|
|
|
|
|
#include "llvm/Analysis/ConstantFolding.h"
|
2011-05-06 15:18:32 +03:00
|
|
|
//#include "llvm/Analysis/LiveValues.h"
|
|
|
|
|
//
|
|
|
|
|
#ifdef LLVM29
|
|
|
|
|
#include "llvm/Analysis/ValueTracking.h"
|
|
|
|
|
#include "PointerTracking.h"
|
|
|
|
|
#else
|
2010-02-15 17:45:33 +02:00
|
|
|
#include "llvm/Analysis/PointerTracking.h"
|
2011-05-06 15:18:32 +03:00
|
|
|
#endif
|
2010-02-15 17:45:33 +02:00
|
|
|
#include "llvm/Analysis/ScalarEvolution.h"
|
|
|
|
|
#include "llvm/Analysis/ScalarEvolutionExpressions.h"
|
|
|
|
|
#include "llvm/Analysis/ScalarEvolutionExpander.h"
|
|
|
|
|
#include "llvm/Config/config.h"
|
|
|
|
|
#include "llvm/DerivedTypes.h"
|
|
|
|
|
#include "llvm/Instructions.h"
|
|
|
|
|
#include "llvm/IntrinsicInst.h"
|
|
|
|
|
#include "llvm/Intrinsics.h"
|
2010-03-30 23:22:23 +03:00
|
|
|
#include "llvm/LLVMContext.h"
|
2010-02-15 17:45:33 +02:00
|
|
|
#include "llvm/Module.h"
|
|
|
|
|
#include "llvm/Pass.h"
|
|
|
|
|
#include "llvm/Support/CommandLine.h"
|
|
|
|
|
#include "llvm/Support/DataFlow.h"
|
|
|
|
|
#include "llvm/Support/InstIterator.h"
|
|
|
|
|
#include "llvm/Support/InstVisitor.h"
|
|
|
|
|
#include "llvm/Support/GetElementPtrTypeIterator.h"
|
|
|
|
|
#include "llvm/ADT/DepthFirstIterator.h"
|
|
|
|
|
#include "llvm/Target/TargetData.h"
|
|
|
|
|
#include "llvm/Transforms/Scalar.h"
|
|
|
|
|
#include "llvm/Transforms/Utils/BasicBlockUtils.h"
|
|
|
|
|
#include "llvm/Support/Debug.h"
|
2011-09-30 11:48:49 +03:00
|
|
|
#include "llvm30_compat.h"
|
2010-02-15 17:45:33 +02:00
|
|
|
|
2011-05-06 15:18:32 +03:00
|
|
|
#ifndef LLVM28
|
2010-11-06 14:41:10 +02:00
|
|
|
#define LLVM28
|
2011-05-06 15:18:32 +03:00
|
|
|
#endif
|
2010-09-28 19:24:14 +03:00
|
|
|
#ifdef LLVM28
|
|
|
|
|
#define DEFINEPASS(passname) passname() : FunctionPass(ID)
|
|
|
|
|
#else
|
|
|
|
|
#define DEFINEPASS(passname) passname() : FunctionPass(&ID)
|
|
|
|
|
#endif
|
2011-05-06 15:18:32 +03:00
|
|
|
|
2010-02-15 17:45:33 +02:00
|
|
|
using namespace llvm;
|
2011-05-06 15:18:32 +03:00
|
|
|
#ifndef LLVM29
|
|
|
|
|
static Value *GetUnderlyingObject(Value *P, TargetData *TD)
|
|
|
|
|
{
|
|
|
|
|
return P->getUnderlyingObject();
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2011-09-30 11:48:49 +03:00
|
|
|
namespace llvm {
|
|
|
|
|
class PtrVerifier;
|
|
|
|
|
|
|
|
|
|
#ifdef LLVM30
|
|
|
|
|
void initializePtrVerifierPass(PassRegistry&);
|
|
|
|
|
#endif
|
2010-02-15 17:45:33 +02:00
|
|
|
|
|
|
|
|
class PtrVerifier : public FunctionPass {
|
2010-03-30 23:22:23 +03:00
|
|
|
private:
|
|
|
|
|
DenseSet<Function*> badFunctions;
|
|
|
|
|
CallGraphNode *rootNode;
|
2010-02-15 17:45:33 +02:00
|
|
|
public:
|
|
|
|
|
static char ID;
|
2013-08-15 16:47:25 -04:00
|
|
|
DEFINEPASS(PtrVerifier), rootNode(0), PT(), TD(), SE(), DT(),
|
|
|
|
|
AbrtBB(), EP() {
|
2011-09-30 11:48:49 +03:00
|
|
|
#ifdef LLVM30
|
|
|
|
|
initializePtrVerifierPass(*PassRegistry::getPassRegistry());
|
|
|
|
|
#endif
|
2013-08-15 16:47:25 -04:00
|
|
|
Changed = false;
|
|
|
|
|
valid = false;
|
2011-09-30 11:48:49 +03:00
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
|
|
|
|
|
virtual bool runOnFunction(Function &F) {
|
2010-09-28 19:24:14 +03:00
|
|
|
DEBUG(errs() << "Running on " << F.getName() << "\n");
|
2010-02-15 17:45:33 +02:00
|
|
|
DEBUG(F.dump());
|
|
|
|
|
Changed = false;
|
|
|
|
|
BaseMap.clear();
|
|
|
|
|
BoundsMap.clear();
|
|
|
|
|
AbrtBB = 0;
|
|
|
|
|
valid = true;
|
|
|
|
|
|
2010-03-30 23:22:23 +03:00
|
|
|
if (!rootNode) {
|
|
|
|
|
rootNode = getAnalysis<CallGraph>().getRoot();
|
|
|
|
|
// No recursive functions for now.
|
|
|
|
|
// In the future we may insert runtime checks for stack depth.
|
|
|
|
|
for (scc_iterator<CallGraphNode*> SCCI = scc_begin(rootNode),
|
|
|
|
|
E = scc_end(rootNode); SCCI != E; ++SCCI) {
|
|
|
|
|
const std::vector<CallGraphNode*> &nextSCC = *SCCI;
|
|
|
|
|
if (nextSCC.size() > 1 || SCCI.hasLoop()) {
|
|
|
|
|
errs() << "INVALID: Recursion detected, callgraph SCC components: ";
|
|
|
|
|
for (std::vector<CallGraphNode*>::const_iterator I = nextSCC.begin(),
|
|
|
|
|
E = nextSCC.end(); I != E; ++I) {
|
|
|
|
|
Function *FF = (*I)->getFunction();
|
|
|
|
|
if (FF) {
|
|
|
|
|
errs() << FF->getName() << ", ";
|
|
|
|
|
badFunctions.insert(FF);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (SCCI.hasLoop())
|
|
|
|
|
errs() << "(self-loop)";
|
|
|
|
|
errs() << "\n";
|
|
|
|
|
}
|
|
|
|
|
// we could also have recursion via function pointers, but we don't
|
|
|
|
|
// allow calls to unknown functions, see runOnFunction() below
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-15 17:45:33 +02:00
|
|
|
BasicBlock::iterator It = F.getEntryBlock().begin();
|
|
|
|
|
while (isa<AllocaInst>(It) || isa<PHINode>(It)) ++It;
|
|
|
|
|
EP = &*It;
|
|
|
|
|
|
|
|
|
|
TD = &getAnalysis<TargetData>();
|
|
|
|
|
SE = &getAnalysis<ScalarEvolution>();
|
|
|
|
|
PT = &getAnalysis<PointerTracking>();
|
|
|
|
|
DT = &getAnalysis<DominatorTree>();
|
|
|
|
|
|
|
|
|
|
std::vector<Instruction*> insns;
|
|
|
|
|
|
2011-01-10 23:51:32 +02:00
|
|
|
BasicBlock *LastBB = 0;
|
|
|
|
|
bool skip = false;
|
2010-02-15 17:45:33 +02:00
|
|
|
for (inst_iterator I=inst_begin(F),E=inst_end(F); I != E;++I) {
|
|
|
|
|
Instruction *II = &*I;
|
2011-01-10 23:51:32 +02:00
|
|
|
if (II->getParent() != LastBB) {
|
|
|
|
|
LastBB = II->getParent();
|
|
|
|
|
skip = DT->getNode(LastBB) == 0;
|
|
|
|
|
}
|
|
|
|
|
if (skip)
|
|
|
|
|
continue;
|
2010-02-15 17:45:33 +02:00
|
|
|
if (isa<LoadInst>(II) || isa<StoreInst>(II) || isa<MemIntrinsic>(II))
|
|
|
|
|
insns.push_back(II);
|
2010-03-30 23:22:23 +03:00
|
|
|
if (CallInst *CI = dyn_cast<CallInst>(II)) {
|
|
|
|
|
Value *V = CI->getCalledValue()->stripPointerCasts();
|
|
|
|
|
Function *F = dyn_cast<Function>(V);
|
|
|
|
|
if (!F) {
|
2010-05-13 12:41:01 +03:00
|
|
|
printLocation(CI, true);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << "Could not determine call target\n";
|
|
|
|
|
valid = 0;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
if (!F->isDeclaration())
|
|
|
|
|
continue;
|
|
|
|
|
insns.push_back(CI);
|
|
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
|
|
|
|
while (!insns.empty()) {
|
|
|
|
|
Instruction *II = insns.back();
|
|
|
|
|
insns.pop_back();
|
|
|
|
|
DEBUG(dbgs() << "checking " << *II << "\n");
|
|
|
|
|
if (LoadInst *LI = dyn_cast<LoadInst>(II)) {
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *Ty = LI->getType();
|
2010-02-15 17:45:33 +02:00
|
|
|
valid &= validateAccess(LI->getPointerOperand(),
|
|
|
|
|
TD->getTypeAllocSize(Ty), LI);
|
|
|
|
|
} else if (StoreInst *SI = dyn_cast<StoreInst>(II)) {
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *Ty = SI->getOperand(0)->getType();
|
2010-02-15 17:45:33 +02:00
|
|
|
valid &= validateAccess(SI->getPointerOperand(),
|
|
|
|
|
TD->getTypeAllocSize(Ty), SI);
|
|
|
|
|
} else if (MemIntrinsic *MI = dyn_cast<MemIntrinsic>(II)) {
|
|
|
|
|
valid &= validateAccess(MI->getDest(), MI->getLength(), MI);
|
|
|
|
|
if (MemTransferInst *MTI = dyn_cast<MemTransferInst>(MI)) {
|
|
|
|
|
valid &= validateAccess(MTI->getSource(), MI->getLength(), MI);
|
|
|
|
|
}
|
2010-03-30 23:22:23 +03:00
|
|
|
} else if (CallInst *CI = dyn_cast<CallInst>(II)) {
|
|
|
|
|
Value *V = CI->getCalledValue()->stripPointerCasts();
|
|
|
|
|
Function *F = cast<Function>(V);
|
|
|
|
|
const FunctionType *FTy = F->getFunctionType();
|
2010-08-04 13:58:31 +03:00
|
|
|
CallSite CS(CI);
|
|
|
|
|
|
2010-03-30 23:22:23 +03:00
|
|
|
if (F->getName().equals("memcmp") && FTy->getNumParams() == 3) {
|
2010-08-04 13:58:31 +03:00
|
|
|
valid &= validateAccess(CS.getArgument(0), CS.getArgument(2), CI);
|
|
|
|
|
valid &= validateAccess(CS.getArgument(1), CS.getArgument(2), CI);
|
2010-03-30 23:22:23 +03:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
unsigned i;
|
|
|
|
|
#ifdef CLAMBC_COMPILER
|
|
|
|
|
i = 0;
|
|
|
|
|
#else
|
|
|
|
|
i = 1;// skip hidden ctx*
|
|
|
|
|
#endif
|
|
|
|
|
for (;i<FTy->getNumParams();i++) {
|
|
|
|
|
if (isa<PointerType>(FTy->getParamType(i))) {
|
2010-08-04 13:58:31 +03:00
|
|
|
Value *Ptr = CS.getArgument(i);
|
2010-03-30 23:22:23 +03:00
|
|
|
if (i+1 >= FTy->getNumParams()) {
|
2010-05-13 12:41:01 +03:00
|
|
|
printLocation(CI, false);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << "Call to external function with pointer parameter last cannot be analyzed\n";
|
|
|
|
|
errs() << *CI << "\n";
|
|
|
|
|
valid = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
2010-08-04 13:58:31 +03:00
|
|
|
Value *Size = CS.getArgument(i+1);
|
2010-03-30 23:22:23 +03:00
|
|
|
if (!Size->getType()->isIntegerTy()) {
|
2010-05-13 12:41:01 +03:00
|
|
|
printLocation(CI, false);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << "Pointer argument must be followed by integer argument representing its size\n";
|
|
|
|
|
errs() << *CI << "\n";
|
|
|
|
|
valid = 0;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
valid &= validateAccess(Ptr, Size, CI);
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
|
|
|
|
}
|
2010-03-30 23:22:23 +03:00
|
|
|
if (badFunctions.count(&F))
|
|
|
|
|
valid = 0;
|
2010-02-15 17:45:33 +02:00
|
|
|
|
|
|
|
|
if (!valid) {
|
2010-03-12 13:13:08 +02:00
|
|
|
DEBUG(F.dump());
|
2010-09-01 10:04:36 +03:00
|
|
|
ClamBCModule::stop("Verification found errors!", &F);
|
2010-02-15 17:45:33 +02:00
|
|
|
// replace function with call to abort
|
2011-09-30 11:48:49 +03:00
|
|
|
std::vector<constType*>args;
|
2010-02-15 17:45:33 +02:00
|
|
|
FunctionType* abrtTy = FunctionType::get(
|
|
|
|
|
Type::getVoidTy(F.getContext()),args,false);
|
|
|
|
|
Constant *func_abort =
|
|
|
|
|
F.getParent()->getOrInsertFunction("abort", abrtTy);
|
|
|
|
|
|
|
|
|
|
BasicBlock *BB = &F.getEntryBlock();
|
|
|
|
|
Instruction *I = &*BB->begin();
|
|
|
|
|
Instruction *UI = new UnreachableInst(F.getContext(), I);
|
|
|
|
|
CallInst *AbrtC = CallInst::Create(func_abort, "", UI);
|
|
|
|
|
AbrtC->setCallingConv(CallingConv::C);
|
|
|
|
|
AbrtC->setTailCall(true);
|
|
|
|
|
AbrtC->setDoesNotReturn(true);
|
|
|
|
|
AbrtC->setDoesNotThrow(true);
|
|
|
|
|
// remove all instructions from entry
|
|
|
|
|
BasicBlock::iterator BBI = I, BBE=BB->end();
|
|
|
|
|
while (BBI != BBE) {
|
|
|
|
|
if (!BBI->use_empty())
|
|
|
|
|
BBI->replaceAllUsesWith(UndefValue::get(BBI->getType()));
|
|
|
|
|
BB->getInstList().erase(BBI++);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return Changed;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-30 23:22:23 +03:00
|
|
|
virtual void releaseMemory() {
|
|
|
|
|
badFunctions.clear();
|
|
|
|
|
}
|
|
|
|
|
|
2010-02-15 17:45:33 +02:00
|
|
|
virtual void getAnalysisUsage(AnalysisUsage &AU) const {
|
|
|
|
|
AU.addRequired<TargetData>();
|
|
|
|
|
AU.addRequired<DominatorTree>();
|
|
|
|
|
AU.addRequired<ScalarEvolution>();
|
|
|
|
|
AU.addRequired<PointerTracking>();
|
2010-03-30 23:22:23 +03:00
|
|
|
AU.addRequired<CallGraph>();
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool isValid() const { return valid; }
|
|
|
|
|
private:
|
|
|
|
|
PointerTracking *PT;
|
|
|
|
|
TargetData *TD;
|
|
|
|
|
ScalarEvolution *SE;
|
|
|
|
|
DominatorTree *DT;
|
|
|
|
|
DenseMap<Value*, Value*> BaseMap;
|
|
|
|
|
DenseMap<Value*, Value*> BoundsMap;
|
|
|
|
|
BasicBlock *AbrtBB;
|
|
|
|
|
bool Changed;
|
|
|
|
|
bool valid;
|
|
|
|
|
Instruction *EP;
|
|
|
|
|
|
|
|
|
|
Instruction *getInsertPoint(Value *V)
|
|
|
|
|
{
|
|
|
|
|
BasicBlock::iterator It = EP;
|
|
|
|
|
if (Instruction *I = dyn_cast<Instruction>(V)) {
|
|
|
|
|
It = I;
|
|
|
|
|
++It;
|
|
|
|
|
}
|
|
|
|
|
return &*It;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Value *getPointerBase(Value *Ptr)
|
|
|
|
|
{
|
|
|
|
|
if (BaseMap.count(Ptr))
|
|
|
|
|
return BaseMap[Ptr];
|
|
|
|
|
Value *P = Ptr->stripPointerCasts();
|
|
|
|
|
if (BaseMap.count(P)) {
|
|
|
|
|
return BaseMap[Ptr] = BaseMap[P];
|
|
|
|
|
}
|
2011-05-06 15:18:32 +03:00
|
|
|
Value *P2 = GetUnderlyingObject(P, TD);
|
2010-02-15 17:45:33 +02:00
|
|
|
if (P2 != P) {
|
|
|
|
|
Value *V = getPointerBase(P2);
|
|
|
|
|
return BaseMap[Ptr] = V;
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *P8Ty =
|
2010-02-15 17:45:33 +02:00
|
|
|
PointerType::getUnqual(Type::getInt8Ty(Ptr->getContext()));
|
|
|
|
|
if (PHINode *PN = dyn_cast<PHINode>(Ptr)) {
|
|
|
|
|
BasicBlock::iterator It = PN;
|
|
|
|
|
++It;
|
2011-09-30 11:48:49 +03:00
|
|
|
PHINode *newPN = PHINode::Create(P8Ty, HINT(PN->getNumIncomingValues()) ".verif.base", &*It);
|
2010-02-15 17:45:33 +02:00
|
|
|
Changed = true;
|
|
|
|
|
BaseMap[Ptr] = newPN;
|
|
|
|
|
|
|
|
|
|
for (unsigned i=0;i<PN->getNumIncomingValues();i++) {
|
|
|
|
|
Value *Inc = PN->getIncomingValue(i);
|
|
|
|
|
Value *V = getPointerBase(Inc);
|
|
|
|
|
newPN->addIncoming(V, PN->getIncomingBlock(i));
|
|
|
|
|
}
|
|
|
|
|
return newPN;
|
|
|
|
|
}
|
2010-03-30 23:22:23 +03:00
|
|
|
if (SelectInst *SI = dyn_cast<SelectInst>(Ptr)) {
|
|
|
|
|
BasicBlock::iterator It = SI;
|
|
|
|
|
++It;
|
|
|
|
|
Value *TrueB = getPointerBase(SI->getTrueValue());
|
|
|
|
|
Value *FalseB = getPointerBase(SI->getFalseValue());
|
|
|
|
|
if (TrueB && FalseB) {
|
|
|
|
|
SelectInst *NewSI = SelectInst::Create(SI->getCondition(), TrueB,
|
|
|
|
|
FalseB, ".select.base", &*It);
|
|
|
|
|
Changed = true;
|
|
|
|
|
return BaseMap[Ptr] = NewSI;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
if (Ptr->getType() != P8Ty) {
|
|
|
|
|
if (Constant *C = dyn_cast<Constant>(Ptr))
|
|
|
|
|
Ptr = ConstantExpr::getPointerCast(C, P8Ty);
|
|
|
|
|
else {
|
|
|
|
|
Instruction *I = getInsertPoint(Ptr);
|
|
|
|
|
Ptr = new BitCastInst(Ptr, P8Ty, "", I);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return BaseMap[Ptr] = Ptr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Value* getPointerBounds(Value *Base) {
|
|
|
|
|
if (BoundsMap.count(Base))
|
|
|
|
|
return BoundsMap[Base];
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *I64Ty =
|
2010-02-15 17:45:33 +02:00
|
|
|
Type::getInt64Ty(Base->getContext());
|
2010-03-30 23:22:23 +03:00
|
|
|
#ifndef CLAMBC_COMPILER
|
|
|
|
|
// first arg is hidden ctx
|
|
|
|
|
if (Argument *A = dyn_cast<Argument>(Base)) {
|
|
|
|
|
if (A->getArgNo() == 0) {
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *Ty = cast<PointerType>(A->getType())->getElementType();
|
2010-03-30 23:22:23 +03:00
|
|
|
return ConstantInt::get(I64Ty, TD->getTypeAllocSize(Ty));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (LoadInst *LI = dyn_cast<LoadInst>(Base)) {
|
2011-05-06 15:18:32 +03:00
|
|
|
Value *V = GetUnderlyingObject(LI->getPointerOperand()->stripPointerCasts(), TD);
|
2010-03-30 23:22:23 +03:00
|
|
|
if (Argument *A = dyn_cast<Argument>(V)) {
|
|
|
|
|
if (A->getArgNo() == 0) {
|
|
|
|
|
// pointers from hidden ctx are trusted to be at least the
|
|
|
|
|
// size they say they are
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *Ty = cast<PointerType>(LI->getType())->getElementType();
|
2010-03-30 23:22:23 +03:00
|
|
|
return ConstantInt::get(I64Ty, TD->getTypeAllocSize(Ty));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2010-02-15 17:45:33 +02:00
|
|
|
if (PHINode *PN = dyn_cast<PHINode>(Base)) {
|
|
|
|
|
BasicBlock::iterator It = PN;
|
|
|
|
|
++It;
|
2011-09-30 11:48:49 +03:00
|
|
|
PHINode *newPN = PHINode::Create(I64Ty, HINT(PN->getNumIncomingValues()) ".verif.bounds", &*It);
|
2010-02-15 17:45:33 +02:00
|
|
|
Changed = true;
|
|
|
|
|
BoundsMap[Base] = newPN;
|
|
|
|
|
|
|
|
|
|
bool good = true;
|
|
|
|
|
for (unsigned i=0;i<PN->getNumIncomingValues();i++) {
|
|
|
|
|
Value *Inc = PN->getIncomingValue(i);
|
|
|
|
|
Value *B = getPointerBounds(Inc);
|
|
|
|
|
if (!B) {
|
|
|
|
|
good = false;
|
2010-03-30 23:22:23 +03:00
|
|
|
B = ConstantInt::get(newPN->getType(), 0);
|
2010-02-15 17:45:33 +02:00
|
|
|
DEBUG(dbgs() << "bounds not found while solving phi node: " << *Inc
|
|
|
|
|
<< "\n");
|
|
|
|
|
}
|
|
|
|
|
newPN->addIncoming(B, PN->getIncomingBlock(i));
|
|
|
|
|
}
|
|
|
|
|
if (!good)
|
|
|
|
|
newPN = 0;
|
|
|
|
|
return BoundsMap[Base] = newPN;
|
|
|
|
|
}
|
2010-03-30 23:22:23 +03:00
|
|
|
if (SelectInst *SI = dyn_cast<SelectInst>(Base)) {
|
|
|
|
|
BasicBlock::iterator It = SI;
|
|
|
|
|
++It;
|
|
|
|
|
Value *TrueB = getPointerBounds(SI->getTrueValue());
|
|
|
|
|
Value *FalseB = getPointerBounds(SI->getFalseValue());
|
|
|
|
|
if (TrueB && FalseB) {
|
|
|
|
|
SelectInst *NewSI = SelectInst::Create(SI->getCondition(), TrueB,
|
|
|
|
|
FalseB, ".select.bounds", &*It);
|
|
|
|
|
Changed = true;
|
|
|
|
|
return BoundsMap[Base] = NewSI;
|
|
|
|
|
}
|
|
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *Ty;
|
2010-02-15 17:45:33 +02:00
|
|
|
Value *V = PT->computeAllocationCountValue(Base, Ty);
|
2010-03-12 13:13:08 +02:00
|
|
|
if (!V) {
|
|
|
|
|
Base = Base->stripPointerCasts();
|
|
|
|
|
if (CallInst *CI = dyn_cast<CallInst>(Base)) {
|
|
|
|
|
Function *F = CI->getCalledFunction();
|
2010-03-30 23:22:23 +03:00
|
|
|
const FunctionType *FTy = F->getFunctionType();
|
|
|
|
|
// last operand is always size for this API call kind
|
|
|
|
|
if (F->isDeclaration() && FTy->getNumParams() > 0) {
|
2010-08-04 13:58:31 +03:00
|
|
|
CallSite CS(CI);
|
2010-03-30 23:22:23 +03:00
|
|
|
if (FTy->getParamType(FTy->getNumParams()-1)->isIntegerTy())
|
2010-08-04 13:58:31 +03:00
|
|
|
V = CS.getArgument(FTy->getNumParams()-1);
|
2010-03-30 23:22:23 +03:00
|
|
|
}
|
2010-03-12 13:13:08 +02:00
|
|
|
}
|
|
|
|
|
if (!V)
|
|
|
|
|
return BoundsMap[Base] = 0;
|
2010-03-30 23:22:23 +03:00
|
|
|
} else {
|
|
|
|
|
unsigned size = TD->getTypeAllocSize(Ty);
|
|
|
|
|
if (size > 1) {
|
|
|
|
|
Constant *C = cast<Constant>(V);
|
|
|
|
|
C = ConstantExpr::getMul(C,
|
|
|
|
|
ConstantInt::get(Type::getInt32Ty(C->getContext()),
|
|
|
|
|
size));
|
|
|
|
|
V = C;
|
|
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
|
|
|
|
if (V->getType() != I64Ty) {
|
|
|
|
|
if (Constant *C = dyn_cast<Constant>(V))
|
|
|
|
|
V = ConstantExpr::getZExt(C, I64Ty);
|
|
|
|
|
else {
|
|
|
|
|
Instruction *I = getInsertPoint(V);
|
|
|
|
|
V = new ZExtInst(V, I64Ty, "", I);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return BoundsMap[Base] = V;
|
|
|
|
|
}
|
|
|
|
|
|
2010-05-13 12:41:01 +03:00
|
|
|
MDNode *getLocation(Instruction *I, bool &Approximate, unsigned MDDbgKind)
|
|
|
|
|
{
|
|
|
|
|
Approximate = false;
|
|
|
|
|
if (MDNode *Dbg = I->getMetadata(MDDbgKind))
|
|
|
|
|
return Dbg;
|
|
|
|
|
if (!MDDbgKind)
|
|
|
|
|
return 0;
|
|
|
|
|
Approximate = true;
|
|
|
|
|
BasicBlock::iterator It = I;
|
|
|
|
|
while (It != I->getParent()->begin()) {
|
|
|
|
|
--It;
|
|
|
|
|
if (MDNode *Dbg = It->getMetadata(MDDbgKind))
|
|
|
|
|
return Dbg;
|
|
|
|
|
}
|
|
|
|
|
BasicBlock *BB = I->getParent();
|
|
|
|
|
while ((BB = BB->getUniquePredecessor())) {
|
|
|
|
|
It = BB->end();
|
|
|
|
|
while (It != BB->begin()) {
|
|
|
|
|
--It;
|
|
|
|
|
if (MDNode *Dbg = It->getMetadata(MDDbgKind))
|
|
|
|
|
return Dbg;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool insertCheck(const SCEV *Idx, const SCEV *Limit, Instruction *I,
|
|
|
|
|
bool strict)
|
2010-02-15 17:45:33 +02:00
|
|
|
{
|
|
|
|
|
if (isa<SCEVCouldNotCompute>(Idx) && isa<SCEVCouldNotCompute>(Limit)) {
|
|
|
|
|
errs() << "Could not compute the index and the limit!: \n" << *I << "\n";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (isa<SCEVCouldNotCompute>(Idx)) {
|
|
|
|
|
errs() << "Could not compute index: \n" << *I << "\n";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (isa<SCEVCouldNotCompute>(Limit)) {
|
|
|
|
|
errs() << "Could not compute limit: " << *I << "\n";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
BasicBlock *BB = I->getParent();
|
|
|
|
|
BasicBlock::iterator It = I;
|
|
|
|
|
BasicBlock *newBB = SplitBlock(BB, &*It, this);
|
2010-03-30 23:22:23 +03:00
|
|
|
PHINode *PN;
|
2010-05-13 12:41:01 +03:00
|
|
|
unsigned MDDbgKind = I->getContext().getMDKindID("dbg");
|
2010-02-15 17:45:33 +02:00
|
|
|
//verifyFunction(*BB->getParent());
|
|
|
|
|
if (!AbrtBB) {
|
2011-09-30 11:48:49 +03:00
|
|
|
std::vector<constType*>args;
|
2010-02-15 17:45:33 +02:00
|
|
|
FunctionType* abrtTy = FunctionType::get(
|
|
|
|
|
Type::getVoidTy(BB->getContext()),args,false);
|
2010-03-30 23:22:23 +03:00
|
|
|
args.push_back(Type::getInt32Ty(BB->getContext()));
|
2010-05-13 12:41:01 +03:00
|
|
|
FunctionType* rterrTy = FunctionType::get(
|
|
|
|
|
Type::getInt32Ty(BB->getContext()),args,false);
|
2010-02-15 17:45:33 +02:00
|
|
|
Constant *func_abort =
|
|
|
|
|
BB->getParent()->getParent()->getOrInsertFunction("abort", abrtTy);
|
2010-05-13 12:41:01 +03:00
|
|
|
Constant *func_rterr =
|
|
|
|
|
BB->getParent()->getParent()->getOrInsertFunction("bytecode_rt_error", rterrTy);
|
2010-02-15 17:45:33 +02:00
|
|
|
AbrtBB = BasicBlock::Create(BB->getContext(), "", BB->getParent());
|
2011-09-30 11:48:49 +03:00
|
|
|
PN = PHINode::Create(Type::getInt32Ty(BB->getContext()),HINT(1) "",
|
2010-03-30 23:22:23 +03:00
|
|
|
AbrtBB);
|
2010-05-13 12:41:01 +03:00
|
|
|
if (MDDbgKind) {
|
|
|
|
|
CallInst *RtErrCall = CallInst::Create(func_rterr, PN, "", AbrtBB);
|
|
|
|
|
RtErrCall->setCallingConv(CallingConv::C);
|
|
|
|
|
RtErrCall->setTailCall(true);
|
|
|
|
|
RtErrCall->setDoesNotThrow(true);
|
|
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
CallInst* AbrtC = CallInst::Create(func_abort, "", AbrtBB);
|
|
|
|
|
AbrtC->setCallingConv(CallingConv::C);
|
|
|
|
|
AbrtC->setTailCall(true);
|
|
|
|
|
AbrtC->setDoesNotReturn(true);
|
|
|
|
|
AbrtC->setDoesNotThrow(true);
|
|
|
|
|
new UnreachableInst(BB->getContext(), AbrtBB);
|
|
|
|
|
DT->addNewBlock(AbrtBB, BB);
|
|
|
|
|
//verifyFunction(*BB->getParent());
|
2010-03-30 23:22:23 +03:00
|
|
|
} else {
|
|
|
|
|
PN = cast<PHINode>(AbrtBB->begin());
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
2010-03-30 23:22:23 +03:00
|
|
|
unsigned locationid = 0;
|
2010-05-13 12:41:01 +03:00
|
|
|
bool Approximate;
|
|
|
|
|
if (MDNode *Dbg = getLocation(I, Approximate, MDDbgKind)) {
|
2010-03-30 23:22:23 +03:00
|
|
|
DILocation Loc(Dbg);
|
|
|
|
|
locationid = Loc.getLineNumber() << 8;
|
|
|
|
|
unsigned col = Loc.getColumnNumber();
|
2010-05-13 12:41:01 +03:00
|
|
|
if (col > 254)
|
|
|
|
|
col = 254;
|
|
|
|
|
if (Approximate)
|
2010-03-30 23:22:23 +03:00
|
|
|
col = 255;
|
|
|
|
|
locationid |= col;
|
|
|
|
|
// Loc.getFilename();
|
2010-05-13 12:41:01 +03:00
|
|
|
} else {
|
|
|
|
|
static int wcounters = 100000;
|
|
|
|
|
locationid = (wcounters++)<<8;
|
|
|
|
|
/*errs() << "fake location: " << (locationid>>8) << "\n";
|
|
|
|
|
I->dump();
|
|
|
|
|
I->getParent()->dump();*/
|
2010-03-30 23:22:23 +03:00
|
|
|
}
|
|
|
|
|
PN->addIncoming(ConstantInt::get(Type::getInt32Ty(BB->getContext()),
|
|
|
|
|
locationid), BB);
|
|
|
|
|
|
2010-02-15 17:45:33 +02:00
|
|
|
TerminatorInst *TI = BB->getTerminator();
|
2011-09-30 11:48:49 +03:00
|
|
|
SCEVExpander expander(*SE OPT("SCEVexpander"));
|
2010-03-30 23:22:23 +03:00
|
|
|
Value *IdxV = expander.expandCodeFor(Idx, Limit->getType(), TI);
|
|
|
|
|
/* if (isa<PointerType>(IdxV->getType())) {
|
|
|
|
|
IdxV = new PtrToIntInst(IdxV, Idx->getType(), "", TI);
|
|
|
|
|
}*/
|
2010-02-15 17:45:33 +02:00
|
|
|
//verifyFunction(*BB->getParent());
|
|
|
|
|
Value *LimitV = expander.expandCodeFor(Limit, Limit->getType(), TI);
|
|
|
|
|
//verifyFunction(*BB->getParent());
|
2010-05-13 12:41:01 +03:00
|
|
|
Value *Cond = new ICmpInst(TI, strict ?
|
|
|
|
|
ICmpInst::ICMP_ULT :
|
|
|
|
|
ICmpInst::ICMP_ULE, IdxV, LimitV);
|
2010-02-15 17:45:33 +02:00
|
|
|
//verifyFunction(*BB->getParent());
|
|
|
|
|
BranchInst::Create(newBB, AbrtBB, Cond, TI);
|
|
|
|
|
TI->eraseFromParent();
|
|
|
|
|
// Update dominator info
|
|
|
|
|
BasicBlock *DomBB =
|
|
|
|
|
DT->findNearestCommonDominator(BB,
|
|
|
|
|
DT->getNode(AbrtBB)->getIDom()->getBlock());
|
|
|
|
|
DT->changeImmediateDominator(AbrtBB, DomBB);
|
|
|
|
|
//verifyFunction(*BB->getParent());
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void MakeCompatible(ScalarEvolution *SE, const SCEV*& LHS, const SCEV*& RHS)
|
|
|
|
|
{
|
|
|
|
|
if (const SCEVZeroExtendExpr *ZL = dyn_cast<SCEVZeroExtendExpr>(LHS))
|
|
|
|
|
LHS = ZL->getOperand();
|
|
|
|
|
if (const SCEVZeroExtendExpr *ZR = dyn_cast<SCEVZeroExtendExpr>(RHS))
|
|
|
|
|
RHS = ZR->getOperand();
|
|
|
|
|
|
2011-09-30 11:48:49 +03:00
|
|
|
constType* LTy = SE->getEffectiveSCEVType(LHS->getType());
|
|
|
|
|
constType *RTy = SE->getEffectiveSCEVType(RHS->getType());
|
2010-02-15 17:45:33 +02:00
|
|
|
if (SE->getTypeSizeInBits(RTy) > SE->getTypeSizeInBits(LTy))
|
|
|
|
|
LTy = RTy;
|
|
|
|
|
LHS = SE->getNoopOrZeroExtend(LHS, LTy);
|
|
|
|
|
RHS = SE->getNoopOrZeroExtend(RHS, LTy);
|
|
|
|
|
}
|
2010-05-14 14:44:10 +03:00
|
|
|
bool checkCond(Instruction *ICI, Instruction *I, bool equal)
|
|
|
|
|
{
|
|
|
|
|
for (Value::use_iterator JU=ICI->use_begin(),JUE=ICI->use_end();
|
|
|
|
|
JU != JUE; ++JU) {
|
2010-08-04 13:59:31 +03:00
|
|
|
Value *JU_V = *JU;
|
|
|
|
|
if (BranchInst *BI = dyn_cast<BranchInst>(JU_V)) {
|
2010-05-14 14:44:10 +03:00
|
|
|
if (!BI->isConditional())
|
|
|
|
|
continue;
|
|
|
|
|
BasicBlock *S = BI->getSuccessor(equal);
|
|
|
|
|
if (DT->dominates(S, I->getParent()))
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2010-08-04 13:59:31 +03:00
|
|
|
if (BinaryOperator *BI = dyn_cast<BinaryOperator>(JU_V)) {
|
2010-05-14 14:44:10 +03:00
|
|
|
if (BI->getOpcode() == Instruction::Or &&
|
|
|
|
|
checkCond(BI, I, equal))
|
|
|
|
|
return true;
|
|
|
|
|
if (BI->getOpcode() == Instruction::And &&
|
|
|
|
|
checkCond(BI, I, !equal))
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool checkCondition(Instruction *CI, Instruction *I)
|
2010-03-10 12:20:06 +02:00
|
|
|
{
|
|
|
|
|
for (Value::use_iterator U=CI->use_begin(),UE=CI->use_end();
|
|
|
|
|
U != UE; ++U) {
|
2010-08-04 13:59:31 +03:00
|
|
|
Value *U_V = *U;
|
|
|
|
|
if (ICmpInst *ICI = dyn_cast<ICmpInst>(U_V)) {
|
2010-03-10 12:20:06 +02:00
|
|
|
if (ICI->getOperand(0)->stripPointerCasts() == CI &&
|
|
|
|
|
isa<ConstantPointerNull>(ICI->getOperand(1))) {
|
2010-05-14 14:44:10 +03:00
|
|
|
if (checkCond(ICI, I, ICI->getPredicate() == ICmpInst::ICMP_EQ))
|
|
|
|
|
return true;
|
2010-03-10 12:20:06 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2010-03-30 23:22:23 +03:00
|
|
|
|
2010-02-15 17:45:33 +02:00
|
|
|
bool validateAccess(Value *Pointer, Value *Length, Instruction *I)
|
|
|
|
|
{
|
|
|
|
|
// get base
|
|
|
|
|
Value *Base = getPointerBase(Pointer);
|
|
|
|
|
|
2010-03-12 13:13:08 +02:00
|
|
|
Value *SBase = Base->stripPointerCasts();
|
2010-02-15 17:45:33 +02:00
|
|
|
// get bounds
|
2010-03-12 13:13:08 +02:00
|
|
|
Value *Bounds = getPointerBounds(SBase);
|
2010-02-15 17:45:33 +02:00
|
|
|
if (!Bounds) {
|
2010-05-13 12:41:01 +03:00
|
|
|
printLocation(I, true);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << "no bounds for base ";
|
2010-05-13 12:41:01 +03:00
|
|
|
printValue(SBase);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << " while checking access to ";
|
2010-05-13 12:41:01 +03:00
|
|
|
printValue(Pointer);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << " of length ";
|
2010-05-13 12:41:01 +03:00
|
|
|
printValue(Length);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << "\n";
|
2010-02-15 17:45:33 +02:00
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2010-03-10 12:20:06 +02:00
|
|
|
if (CallInst *CI = dyn_cast<CallInst>(Base->stripPointerCasts())) {
|
|
|
|
|
if (I->getParent() == CI->getParent()) {
|
2010-05-13 12:41:01 +03:00
|
|
|
printLocation(I, true);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << "no null pointer check of pointer ";
|
2010-05-13 12:41:01 +03:00
|
|
|
printValue(Base, false, true);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << " obtained by function call";
|
|
|
|
|
errs() << " before use in same block\n";
|
2010-03-10 12:20:06 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
if (!checkCondition(CI, I)) {
|
2010-05-13 12:41:01 +03:00
|
|
|
printLocation(I, true);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << "no null pointer check of pointer ";
|
2010-05-13 12:41:01 +03:00
|
|
|
printValue(Base, false, true);
|
2010-03-30 23:22:23 +03:00
|
|
|
errs() << " obtained by function call";
|
|
|
|
|
errs() << " before use\n";
|
2010-03-10 12:20:06 +02:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2011-09-30 11:48:49 +03:00
|
|
|
constType *I64Ty =
|
2010-02-15 17:45:33 +02:00
|
|
|
Type::getInt64Ty(Base->getContext());
|
|
|
|
|
const SCEV *SLen = SE->getSCEV(Length);
|
|
|
|
|
const SCEV *OffsetP = SE->getMinusSCEV(SE->getSCEV(Pointer),
|
|
|
|
|
SE->getSCEV(Base));
|
|
|
|
|
SLen = SE->getNoopOrZeroExtend(SLen, I64Ty);
|
|
|
|
|
OffsetP = SE->getNoopOrZeroExtend(OffsetP, I64Ty);
|
|
|
|
|
const SCEV *Limit = SE->getSCEV(Bounds);
|
|
|
|
|
Limit = SE->getNoopOrZeroExtend(Limit, I64Ty);
|
|
|
|
|
|
|
|
|
|
DEBUG(dbgs() << "Checking access to " << *Pointer << " of length " <<
|
|
|
|
|
*Length << "\n");
|
2010-05-13 12:41:01 +03:00
|
|
|
if (OffsetP == Limit) {
|
|
|
|
|
printLocation(I, true);
|
|
|
|
|
errs() << "OffsetP == Limit: " << *OffsetP << "\n";
|
|
|
|
|
errs() << " while checking access to ";
|
|
|
|
|
printValue(Pointer);
|
|
|
|
|
errs() << " of length ";
|
|
|
|
|
printValue(Length);
|
|
|
|
|
errs() << "\n";
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2010-02-15 17:45:33 +02:00
|
|
|
|
|
|
|
|
if (SLen == Limit) {
|
|
|
|
|
if (const SCEVConstant *SC = dyn_cast<SCEVConstant>(OffsetP)) {
|
|
|
|
|
if (SC->isZero())
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
errs() << "SLen == Limit: " << *SLen << "\n";
|
|
|
|
|
errs() << " while checking access to " << *Pointer << " of length "
|
|
|
|
|
<< *Length << " at " << *I << "\n";
|
2010-05-13 12:41:01 +03:00
|
|
|
return false;
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
|
|
|
|
|
2010-05-13 12:41:01 +03:00
|
|
|
bool valid = true;
|
|
|
|
|
SLen = SE->getAddExpr(OffsetP, SLen);
|
|
|
|
|
// check that offset + slen <= limit;
|
|
|
|
|
// umax(offset+slen, limit) == limit is a sufficient (but not necessary
|
|
|
|
|
// condition)
|
2010-02-15 17:45:33 +02:00
|
|
|
const SCEV *MaxL = SE->getUMaxExpr(SLen, Limit);
|
|
|
|
|
if (MaxL != Limit) {
|
|
|
|
|
DEBUG(dbgs() << "MaxL != Limit: " << *MaxL << ", " << *Limit << "\n");
|
2010-05-13 12:41:01 +03:00
|
|
|
valid &= insertCheck(SLen, Limit, I, false);
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//TODO: nullpointer check
|
|
|
|
|
const SCEV *Max = SE->getUMaxExpr(OffsetP, Limit);
|
|
|
|
|
if (Max == Limit)
|
2010-05-13 12:41:01 +03:00
|
|
|
return valid;
|
2010-02-15 17:45:33 +02:00
|
|
|
DEBUG(dbgs() << "Max != Limit: " << *Max << ", " << *Limit << "\n");
|
2010-03-10 12:20:06 +02:00
|
|
|
|
2010-05-13 12:41:01 +03:00
|
|
|
// check that offset < limit
|
|
|
|
|
valid &= insertCheck(OffsetP, Limit, I, true);
|
|
|
|
|
return valid;
|
2010-02-15 17:45:33 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool validateAccess(Value *Pointer, unsigned size, Instruction *I)
|
|
|
|
|
{
|
|
|
|
|
return validateAccess(Pointer,
|
|
|
|
|
ConstantInt::get(Type::getInt32Ty(Pointer->getContext()),
|
|
|
|
|
size), I);
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
char PtrVerifier::ID;
|
|
|
|
|
|
|
|
|
|
}
|
2011-09-30 11:48:49 +03:00
|
|
|
#ifdef LLVM30
|
|
|
|
|
INITIALIZE_PASS_BEGIN(PtrVerifier, "", "", false, false)
|
|
|
|
|
INITIALIZE_PASS_DEPENDENCY(TargetData)
|
|
|
|
|
INITIALIZE_PASS_DEPENDENCY(DominatorTree)
|
|
|
|
|
INITIALIZE_PASS_DEPENDENCY(ScalarEvolution)
|
|
|
|
|
INITIALIZE_AG_DEPENDENCY(CallGraph)
|
|
|
|
|
INITIALIZE_PASS_DEPENDENCY(PointerTracking)
|
|
|
|
|
INITIALIZE_PASS_END(PtrVerifier, "clambcrtchecks", "ClamBC RTchecks", false, false)
|
|
|
|
|
#endif
|
|
|
|
|
|
2010-02-15 17:45:33 +02:00
|
|
|
|
|
|
|
|
llvm::Pass *createClamBCRTChecks()
|
|
|
|
|
{
|
|
|
|
|
return new PtrVerifier();
|
|
|
|
|
}
|
2011-09-30 11:48:49 +03:00
|
|
|
|
