void
ubsan_expand_null_ifn (gimple_stmt_iterator gsi)
{
gimple stmt = gsi_stmt (gsi);
location_t loc = gimple_location (stmt);
gcc_assert (gimple_call_num_args (stmt) == 2);
tree ptr = gimple_call_arg (stmt, 0);
tree ckind = gimple_call_arg (stmt, 1);
basic_block cur_bb = gsi_bb (gsi);
/* Split the original block holding the pointer dereference. */
edge e = split_block (cur_bb, stmt);
/* Get a hold on the 'condition block', the 'then block' and the
'else block'. */
basic_block cond_bb = e->src;
basic_block fallthru_bb = e->dest;
basic_block then_bb = create_empty_bb (cond_bb);
add_bb_to_loop (then_bb, cond_bb->loop_father);
loops_state_set (LOOPS_NEED_FIXUP);
/* Make an edge coming from the 'cond block' into the 'then block';
this edge is unlikely taken, so set up the probability accordingly. */
e = make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
e->probability = PROB_VERY_UNLIKELY;
/* Connect 'then block' with the 'else block'. This is needed
as the ubsan routines we call in the 'then block' are not noreturn.
The 'then block' only has one outcoming edge. */
make_single_succ_edge (then_bb, fallthru_bb, EDGE_FALLTHRU);
/* Set up the fallthrough basic block. */
e = find_edge (cond_bb, fallthru_bb);
e->flags = EDGE_FALSE_VALUE;
e->count = cond_bb->count;
e->probability = REG_BR_PROB_BASE - PROB_VERY_UNLIKELY;
/* Update dominance info for the newly created then_bb; note that
fallthru_bb's dominance info has already been updated by
split_bock. */
if (dom_info_available_p (CDI_DOMINATORS))
set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);
/* Put the ubsan builtin call into the newly created BB. */
gimple g;
if (flag_sanitize_undefined_trap_on_error)
g = gimple_build_call (builtin_decl_implicit (BUILT_IN_TRAP), 0);
else
{
enum built_in_function bcode
= flag_sanitize_recover
? BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH
: BUILT_IN_UBSAN_HANDLE_TYPE_MISMATCH_ABORT;
tree fn = builtin_decl_implicit (bcode);
const struct ubsan_mismatch_data m
= { build_zero_cst (pointer_sized_int_node), ckind };
tree data
= ubsan_create_data ("__ubsan_null_data", &loc, &m,
ubsan_type_descriptor (TREE_TYPE (ptr),
UBSAN_PRINT_POINTER),
NULL_TREE);
data = build_fold_addr_expr_loc (loc, data);
g = gimple_build_call (fn, 2, data,
build_zero_cst (pointer_sized_int_node));
}
gimple_set_location (g, loc);
gimple_stmt_iterator gsi2 = gsi_start_bb (then_bb);
gsi_insert_after (&gsi2, g, GSI_NEW_STMT);
/* Unlink the UBSAN_NULLs vops before replacing it. */
unlink_stmt_vdef (stmt);
g = gimple_build_cond (EQ_EXPR, ptr, build_int_cst (TREE_TYPE (ptr), 0),
NULL_TREE, NULL_TREE);
gimple_set_location (g, loc);
/* Replace the UBSAN_NULL with a GIMPLE_COND stmt. */
gsi_replace (&gsi, g, false);
}
static void
mf_build_check_statement_for (tree base, tree limit,
gimple_stmt_iterator *instr_gsi,
location_t location, tree dirflag)
{
gimple_stmt_iterator gsi;
basic_block cond_bb, then_bb, join_bb;
edge e;
tree cond, t, u, v;
tree mf_base;
tree mf_elem;
tree mf_limit;
gimple g;
gimple_seq seq, stmts;
/* We first need to split the current basic block, and start altering
the CFG. This allows us to insert the statements we're about to
construct into the right basic blocks. */
cond_bb = gimple_bb (gsi_stmt (*instr_gsi));
gsi = *instr_gsi;
gsi_prev (&gsi);
if (! gsi_end_p (gsi))
e = split_block (cond_bb, gsi_stmt (gsi));
else
e = split_block_after_labels (cond_bb);
cond_bb = e->src;
join_bb = e->dest;
/* A recap at this point: join_bb is the basic block at whose head
is the gimple statement for which this check expression is being
built. cond_bb is the (possibly new, synthetic) basic block the
end of which will contain the cache-lookup code, and a
conditional that jumps to the cache-miss code or, much more
likely, over to join_bb. */
/* Create the bb that contains the cache-miss fallback block (mf_check). */
then_bb = create_empty_bb (cond_bb);
make_edge (cond_bb, then_bb, EDGE_TRUE_VALUE);
make_single_succ_edge (then_bb, join_bb, EDGE_FALLTHRU);
/* Mark the pseudo-fallthrough edge from cond_bb to join_bb. */
e = find_edge (cond_bb, join_bb);
e->flags = EDGE_FALSE_VALUE;
e->count = cond_bb->count;
e->probability = REG_BR_PROB_BASE;
/* Update dominance info. Note that bb_join's data was
updated by split_block. */
if (dom_info_available_p (CDI_DOMINATORS))
{
set_immediate_dominator (CDI_DOMINATORS, then_bb, cond_bb);
set_immediate_dominator (CDI_DOMINATORS, join_bb, cond_bb);
}
/* Update loop info. */
if (current_loops)
add_bb_to_loop (then_bb, cond_bb->loop_father);
/* Build our local variables. */
mf_elem = create_tmp_reg (mf_cache_structptr_type, "__mf_elem");
mf_base = create_tmp_reg (mf_uintptr_type, "__mf_base");
mf_limit = create_tmp_reg (mf_uintptr_type, "__mf_limit");
/* Build: __mf_base = (uintptr_t) <base address expression>. */
seq = NULL;
t = fold_convert_loc (location, mf_uintptr_type,
unshare_expr (base));
t = force_gimple_operand (t, &stmts, false, NULL_TREE);
gimple_seq_add_seq (&seq, stmts);
g = gimple_build_assign (mf_base, t);
gimple_set_location (g, location);
gimple_seq_add_stmt (&seq, g);
/* Build: __mf_limit = (uintptr_t) <limit address expression>. */
t = fold_convert_loc (location, mf_uintptr_type,
unshare_expr (limit));
t = force_gimple_operand (t, &stmts, false, NULL_TREE);
gimple_seq_add_seq (&seq, stmts);
g = gimple_build_assign (mf_limit, t);
gimple_set_location (g, location);
gimple_seq_add_stmt (&seq, g);
/* Build: __mf_elem = &__mf_lookup_cache [(__mf_base >> __mf_shift)
& __mf_mask]. */
t = build2 (RSHIFT_EXPR, mf_uintptr_type, mf_base,
flag_mudflap_threads ? mf_cache_shift_decl
: mf_cache_shift_decl_l);
t = build2 (BIT_AND_EXPR, mf_uintptr_type, t,
flag_mudflap_threads ? mf_cache_mask_decl
: mf_cache_mask_decl_l);
t = build4 (ARRAY_REF,
TREE_TYPE (TREE_TYPE (mf_cache_array_decl)),
mf_cache_array_decl, t, NULL_TREE, NULL_TREE);
t = build1 (ADDR_EXPR, mf_cache_structptr_type, t);
t = force_gimple_operand (t, &stmts, false, NULL_TREE);
gimple_seq_add_seq (&seq, stmts);
g = gimple_build_assign (mf_elem, t);
gimple_set_location (g, location);
gimple_seq_add_stmt (&seq, g);
/* Quick validity check.
if (__mf_elem->low > __mf_base
|| (__mf_elem_high < __mf_limit))
{
__mf_check ();
... and only if single-threaded:
__mf_lookup_shift_1 = f...;
__mf_lookup_mask_l = ...;
}
It is expected that this body of code is rarely executed so we mark
the edge to the THEN clause of the conditional jump as unlikely. */
/* Construct t <-- '__mf_elem->low > __mf_base'. */
t = build3 (COMPONENT_REF, mf_uintptr_type,
build1 (INDIRECT_REF, mf_cache_struct_type, mf_elem),
TYPE_FIELDS (mf_cache_struct_type), NULL_TREE);
t = build2 (GT_EXPR, boolean_type_node, t, mf_base);
/* Construct '__mf_elem->high < __mf_limit'.
First build:
1) u <-- '__mf_elem->high'
2) v <-- '__mf_limit'.
Then build 'u <-- (u < v). */
u = build3 (COMPONENT_REF, mf_uintptr_type,
build1 (INDIRECT_REF, mf_cache_struct_type, mf_elem),
DECL_CHAIN (TYPE_FIELDS (mf_cache_struct_type)), NULL_TREE);
v = mf_limit;
u = build2 (LT_EXPR, boolean_type_node, u, v);
/* Build the composed conditional: t <-- 't || u'. Then store the
result of the evaluation of 't' in a temporary variable which we
can use as the condition for the conditional jump. */
t = build2 (TRUTH_OR_EXPR, boolean_type_node, t, u);
t = force_gimple_operand (t, &stmts, false, NULL_TREE);
gimple_seq_add_seq (&seq, stmts);
cond = create_tmp_reg (boolean_type_node, "__mf_unlikely_cond");
g = gimple_build_assign (cond, t);
gimple_set_location (g, location);
gimple_seq_add_stmt (&seq, g);
/* Build the conditional jump. 'cond' is just a temporary so we can
simply build a void COND_EXPR. We do need labels in both arms though. */
g = gimple_build_cond (NE_EXPR, cond, boolean_false_node, NULL_TREE,
NULL_TREE);
gimple_set_location (g, location);
gimple_seq_add_stmt (&seq, g);
/* At this point, after so much hard work, we have only constructed
the conditional jump,
if (__mf_elem->low > __mf_base
|| (__mf_elem_high < __mf_limit))
The lowered GIMPLE tree representing this code is in the statement
list starting at 'head'.
We can insert this now in the current basic block, i.e. the one that
the statement we're instrumenting was originally in. */
gsi = gsi_last_bb (cond_bb);
gsi_insert_seq_after (&gsi, seq, GSI_CONTINUE_LINKING);
/* Now build up the body of the cache-miss handling:
__mf_check();
refresh *_l vars.
This is the body of the conditional. */
seq = NULL;
/* u is a string, so it is already a gimple value. */
u = mf_file_function_line_tree (location);
/* NB: we pass the overall [base..limit] range to mf_check. */
v = fold_build2_loc (location, PLUS_EXPR, mf_uintptr_type,
fold_build2_loc (location,
MINUS_EXPR, mf_uintptr_type, mf_limit, mf_base),
build_int_cst (mf_uintptr_type, 1));
v = force_gimple_operand (v, &stmts, true, NULL_TREE);
gimple_seq_add_seq (&seq, stmts);
g = gimple_build_call (mf_check_fndecl, 4, mf_base, v, dirflag, u);
gimple_seq_add_stmt (&seq, g);
if (! flag_mudflap_threads)
{
if (stmt_ends_bb_p (g))
{
gsi = gsi_start_bb (then_bb);
gsi_insert_seq_after (&gsi, seq, GSI_CONTINUE_LINKING);
e = split_block (then_bb, g);
then_bb = e->dest;
seq = NULL;
}
g = gimple_build_assign (mf_cache_shift_decl_l, mf_cache_shift_decl);
gimple_seq_add_stmt (&seq, g);
g = gimple_build_assign (mf_cache_mask_decl_l, mf_cache_mask_decl);
gimple_seq_add_stmt (&seq, g);
}
/* Insert the check code in the THEN block. */
gsi = gsi_start_bb (then_bb);
gsi_insert_seq_after (&gsi, seq, GSI_CONTINUE_LINKING);
*instr_gsi = gsi_start_bb (join_bb);
}
void
copy_bbs (basic_block *bbs, unsigned n, basic_block *new_bbs,
edge *edges, unsigned n_edges, edge *new_edges,
struct loop *base)
{
unsigned i, j;
basic_block bb, new_bb, dom_bb;
edge e;
/* Duplicate bbs, update dominators, assign bbs to loops. */
for (i = 0; i < n; i++)
{
/* Duplicate. */
bb = bbs[i];
new_bb = new_bbs[i] = cfg_layout_duplicate_bb (bb, NULL);
bb->rbi->duplicated = 1;
/* Add to loop. */
add_bb_to_loop (new_bb, bb->loop_father->copy);
add_to_dominance_info (CDI_DOMINATORS, new_bb);
/* Possibly set header. */
if (bb->loop_father->header == bb && bb->loop_father != base)
new_bb->loop_father->header = new_bb;
/* Or latch. */
if (bb->loop_father->latch == bb && bb->loop_father != base)
new_bb->loop_father->latch = new_bb;
}
/* Set dominators. */
for (i = 0; i < n; i++)
{
bb = bbs[i];
new_bb = new_bbs[i];
dom_bb = get_immediate_dominator (CDI_DOMINATORS, bb);
if (dom_bb->rbi->duplicated)
{
dom_bb = dom_bb->rbi->copy;
set_immediate_dominator (CDI_DOMINATORS, new_bb, dom_bb);
}
}
/* Redirect edges. */
for (j = 0; j < n_edges; j++)
new_edges[j] = NULL;
for (i = 0; i < n; i++)
{
new_bb = new_bbs[i];
bb = bbs[i];
for (e = new_bb->succ; e; e = e->succ_next)
{
for (j = 0; j < n_edges; j++)
if (edges[j] && edges[j]->src == bb && edges[j]->dest == e->dest)
new_edges[j] = e;
if (!e->dest->rbi->duplicated)
continue;
redirect_edge_and_branch_force (e, e->dest->rbi->copy);
}
}
/* Clear information about duplicates. */
for (i = 0; i < n; i++)
bbs[i]->rbi->duplicated = 0;
}
