From 1c6231c05bdccab3a21abcbb75e2094ea3e98782 Mon Sep 17 00:00:00 2001 From: liuhongt Date: Fri, 12 May 2023 15:15:08 +0800 Subject: [PATCH] Provide -fcf-protection=branch,return. Use EnumSet instead of EnumBitSet since CF_FULL is not power of 2. It is a bit tricky for sets classification, cf_branch and cf_return should be in different sets, but they both "conflicts" cf_full, cf_none. And current EnumSet don't handle this well. So in the current implementation, only cf_full,cf_none are exclusive to each other, but they can be combined with any cf_branch, cf_return, cf_check. It's not perfect, but still an improvement than original one. gcc/ChangeLog: PR target/89701 * common.opt: (fcf-protection=): Add EnumSet attribute to support combination of params. gcc/testsuite/ChangeLog: * c-c++-common/fcf-protection-10.c: New test. * c-c++-common/fcf-protection-11.c: New test. * c-c++-common/fcf-protection-12.c: New test. * c-c++-common/fcf-protection-8.c: New test. * c-c++-common/fcf-protection-9.c: New test. * gcc.target/i386/pr89701-1.c: New test. * gcc.target/i386/pr89701-2.c: New test. * gcc.target/i386/pr89701-3.c: New test. --- gcc/common.opt | 12 ++++++------ gcc/testsuite/c-c++-common/fcf-protection-10.c | 2 ++ gcc/testsuite/c-c++-common/fcf-protection-11.c | 2 ++ gcc/testsuite/c-c++-common/fcf-protection-12.c | 2 ++ gcc/testsuite/c-c++-common/fcf-protection-8.c | 2 ++ gcc/testsuite/c-c++-common/fcf-protection-9.c | 2 ++ gcc/testsuite/gcc.target/i386/pr89701-1.c | 4 ++++ gcc/testsuite/gcc.target/i386/pr89701-2.c | 4 ++++ gcc/testsuite/gcc.target/i386/pr89701-3.c | 4 ++++ 9 files changed, 28 insertions(+), 6 deletions(-) create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-10.c create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-11.c create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-12.c create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-8.c create mode 100644 gcc/testsuite/c-c++-common/fcf-protection-9.c create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-1.c create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-2.c create mode 100644 gcc/testsuite/gcc.target/i386/pr89701-3.c diff --git a/gcc/common.opt b/gcc/common.opt index 25f650e2dae..0888c15b88f 100644 --- a/gcc/common.opt +++ b/gcc/common.opt @@ -1908,7 +1908,7 @@ fcf-protection Common RejectNegative Alias(fcf-protection=,full) fcf-protection= -Common Joined RejectNegative Enum(cf_protection_level) Var(flag_cf_protection) Init(CF_NONE) +Common Joined RejectNegative Enum(cf_protection_level) EnumSet Var(flag_cf_protection) Init(CF_NONE) -fcf-protection=[full|branch|return|none|check] Instrument functions with checks to verify jump/call/return control-flow transfer instructions have valid targets. @@ -1916,19 +1916,19 @@ Enum Name(cf_protection_level) Type(enum cf_protection_level) UnknownError(unknown Control-Flow Protection Level %qs) EnumValue -Enum(cf_protection_level) String(full) Value(CF_FULL) +Enum(cf_protection_level) String(full) Value(CF_FULL) Set(1) EnumValue -Enum(cf_protection_level) String(branch) Value(CF_BRANCH) +Enum(cf_protection_level) String(branch) Value(CF_BRANCH) Set(2) EnumValue -Enum(cf_protection_level) String(return) Value(CF_RETURN) +Enum(cf_protection_level) String(return) Value(CF_RETURN) Set(3) EnumValue -Enum(cf_protection_level) String(check) Value(CF_CHECK) +Enum(cf_protection_level) String(check) Value(CF_CHECK) Set(4) EnumValue -Enum(cf_protection_level) String(none) Value(CF_NONE) +Enum(cf_protection_level) String(none) Value(CF_NONE) Set(1) finstrument-functions Common Var(flag_instrument_function_entry_exit,1) diff --git a/gcc/testsuite/c-c++-common/fcf-protection-10.c b/gcc/testsuite/c-c++-common/fcf-protection-10.c new file mode 100644 index 00000000000..b271d134e52 --- /dev/null +++ b/gcc/testsuite/c-c++-common/fcf-protection-10.c @@ -0,0 +1,2 @@ +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ +/* { dg-options "-fcf-protection=branch,check" } */ diff --git a/gcc/testsuite/c-c++-common/fcf-protection-11.c b/gcc/testsuite/c-c++-common/fcf-protection-11.c new file mode 100644 index 00000000000..2e566350ccd --- /dev/null +++ b/gcc/testsuite/c-c++-common/fcf-protection-11.c @@ -0,0 +1,2 @@ +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ +/* { dg-options "-fcf-protection=branch,return" } */ diff --git a/gcc/testsuite/c-c++-common/fcf-protection-12.c b/gcc/testsuite/c-c++-common/fcf-protection-12.c new file mode 100644 index 00000000000..b39c2f8e25d --- /dev/null +++ b/gcc/testsuite/c-c++-common/fcf-protection-12.c @@ -0,0 +1,2 @@ +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ +/* { dg-options "-fcf-protection=return,branch" } */ diff --git a/gcc/testsuite/c-c++-common/fcf-protection-8.c b/gcc/testsuite/c-c++-common/fcf-protection-8.c new file mode 100644 index 00000000000..3b97095a92c --- /dev/null +++ b/gcc/testsuite/c-c++-common/fcf-protection-8.c @@ -0,0 +1,2 @@ +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ +/* { dg-options "-fcf-protection=branch,none" } */ diff --git a/gcc/testsuite/c-c++-common/fcf-protection-9.c b/gcc/testsuite/c-c++-common/fcf-protection-9.c new file mode 100644 index 00000000000..6a37e749fcb --- /dev/null +++ b/gcc/testsuite/c-c++-common/fcf-protection-9.c @@ -0,0 +1,2 @@ +/* { dg-do compile { target { "i?86-*-* x86_64-*-*" } } } */ +/* { dg-options "-fcf-protection=branch,full" } */ diff --git a/gcc/testsuite/gcc.target/i386/pr89701-1.c b/gcc/testsuite/gcc.target/i386/pr89701-1.c new file mode 100644 index 00000000000..1879c9ab4d8 --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/pr89701-1.c @@ -0,0 +1,4 @@ +/* { dg-do compile { target *-*-linux* } } */ +/* { dg-options "-fcf-protection=branch,return" } */ +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ +/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */ diff --git a/gcc/testsuite/gcc.target/i386/pr89701-2.c b/gcc/testsuite/gcc.target/i386/pr89701-2.c new file mode 100644 index 00000000000..d5100575028 --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/pr89701-2.c @@ -0,0 +1,4 @@ +/* { dg-do compile { target *-*-linux* } } */ +/* { dg-options "-fcf-protection=return,branch" } */ +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ +/* { dg-final { scan-assembler-times ".long 0x3" 1 } } */ diff --git a/gcc/testsuite/gcc.target/i386/pr89701-3.c b/gcc/testsuite/gcc.target/i386/pr89701-3.c new file mode 100644 index 00000000000..88afb546fbf --- /dev/null +++ b/gcc/testsuite/gcc.target/i386/pr89701-3.c @@ -0,0 +1,4 @@ +/* { dg-do compile { target *-*-linux* } } */ +/* { dg-options "-fcf-protection=return,none" } */ +/* { dg-final { scan-assembler-times ".note.gnu.property" 1 } } */ +/* { dg-final { scan-assembler-times ".long 0x2" 1 } } */