src/llvm/include/llvm/CodeGen/ForwardControlFlowIntegrity.h

   1 //===-- ForwardControlFlowIntegrity.h: Forward-Edge CFI ---------*- C++ -*-===//
   2 //
   3 // This file is distributed under the University of Illinois Open Source
   4 // License. See LICENSE.TXT for details.
   5 //
   6 //===----------------------------------------------------------------------===//
   7 //
   8 // This pass instruments indirect calls with checks to ensure that these calls
   9 // pass through the appropriate jump-instruction table generated by
  10 // JumpInstrTables.
  11 //
  12 //===----------------------------------------------------------------------===//
  13
  14 #ifndef LLVM_CODEGEN_FORWARDCONTROLFLOWINTEGRITY_H
  15 #define LLVM_CODEGEN_FORWARDCONTROLFLOWINTEGRITY_H
  16
  17 #include "llvm/ADT/DenseMap.h"
  18 #include "llvm/ADT/SmallVector.h"
  19 #include "llvm/Pass.h"
  20 #include "llvm/Target/TargetOptions.h"
  21 #include <string>
  22
  23 namespace llvm {
  24
  25 class AnalysisUsage;
  26 class BasicBlock;
  27 class Constant;
  28 class Function;
  29 class Instruction;
  30 class Module;
  31 class Value;
  32
  33 /// ForwardControlFlowIntegrity uses the information from JumpInstrTableInfo to
  34 /// prepend checks to indirect calls to make sure that these calls target valid
  35 /// locations.
  36 class ForwardControlFlowIntegrity : public ModulePass {
  37 public:
  38   static char ID;
  39
  40   ForwardControlFlowIntegrity();
  41   ForwardControlFlowIntegrity(JumpTable::JumpTableType JTT,
  42                               CFIntegrity CFIType,
  43                               bool CFIEnforcing, std::string CFIFuncName);
  44   ~ForwardControlFlowIntegrity() override;
  45
  46   /// Runs the CFI pass on a given module. This works best if the module in
  47   /// question is the result of link-time optimization (see lib/LTO).
  48   bool runOnModule(Module &M) override;
  49   const char *getPassName() const override {
  50     return "Forward Control-Flow Integrity";
  51   }
  52   void getAnalysisUsage(AnalysisUsage &AU) const override;
  53
  54 private:
  55   typedef SmallVector<Instruction *, 64> CallSet;
  56
  57   /// A structure that is used to keep track of constant table information.
  58   struct CFIConstants {
  59     Constant *StartValue;
  60     Constant *MaskValue;
  61     Constant *Size;
  62   };
  63
  64   /// A map from function type to the base of the table for this type and a mask
  65   /// for the table
  66   typedef DenseMap<FunctionType *, CFIConstants> CFITables;
  67
  68   CallSet IndirectCalls;
  69
  70   /// The type of jumptable implementation.
  71   JumpTable::JumpTableType JTType;
  72
  73   /// The type of CFI check to add before each indirect call.
  74   CFIntegrity CFIType;
  75
  76   /// A value that controls whether or not CFI violations cause a halt.
  77   bool CFIEnforcing;
  78
  79   /// The name of the function to call in case of a CFI violation when
  80   /// CFIEnforcing is false. There is a default function that ignores
  81   /// violations.
  82   std::string CFIFuncName;
  83
  84   /// The alignment of each entry in the table, from JumpInstrTableInfo. The
  85   /// JumpInstrTableInfo class always makes this a power of two.
  86   uint64_t ByteAlignment;
  87
  88   /// The base-2 logarithm of ByteAlignment, needed for some of the transforms
  89   /// (like CFIntegrity::Ror)
  90   unsigned LogByteAlignment;
  91
  92   /// Adds checks to each indirect call site to make sure that it is calling a
  93   /// function in our jump table.
  94   void updateIndirectCalls(Module &M, CFITables &CFIT);
  95
  96   /// Walks the instructions to find all the indirect calls.
  97   void getIndirectCalls(Module &M);
  98
  99   /// Adds a function that handles violations in non-enforcing mode
 100   /// (!CFIEnforcing). The default warning function simply returns, since the
 101   /// exact details of how to handle CFI violations depend on the application.
 102   void addWarningFunction(Module &M);
 103
 104   /// Rewrites a function pointer in a call/invoke instruction to force it into
 105   /// a table.
 106   void rewriteFunctionPointer(Module &M, Instruction *I, Value *FunPtr,
 107                               Constant *JumpTableStart, Constant *JumpTableMask,
 108                               Constant *JumpTableSize);
 109
 110   /// Inserts a check and a call to a warning function at a given instruction
 111   /// that must be an indirect call.
 112   void insertWarning(Module &M, BasicBlock *Block, Instruction *I,
 113                      Value *FunPtr);
 114 };
 115
 116 ModulePass *
 117 createForwardControlFlowIntegrityPass(JumpTable::JumpTableType JTT,
 118                                       CFIntegrity CFIType,
 119                                       bool CFIEnforcing, StringRef CFIFuncName);
 120 }
 121
 122 #endif // LLVM_CODEGEN_FORWARDCONTROLFLOWINTEGRITY_H