Coverage Report

Created: 2019-07-24 05:18

/Users/buildslave/jenkins/workspace/clang-stage2-coverage-R/llvm/lib/CodeGen/StackProtector.cpp
Line
Count
Source (jump to first uncovered line)
1
//===- StackProtector.cpp - Stack Protector Insertion ---------------------===//
2
//
3
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4
// See https://llvm.org/LICENSE.txt for license information.
5
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6
//
7
//===----------------------------------------------------------------------===//
8
//
9
// This pass inserts stack protectors into functions which need them. A variable
10
// with a random value in it is stored onto the stack before the local variables
11
// are allocated. Upon exiting the block, the stored value is checked. If it's
12
// changed, then there was some sort of violation and the program aborts.
13
//
14
//===----------------------------------------------------------------------===//
15
16
#include "llvm/CodeGen/StackProtector.h"
17
#include "llvm/ADT/SmallPtrSet.h"
18
#include "llvm/ADT/Statistic.h"
19
#include "llvm/Analysis/BranchProbabilityInfo.h"
20
#include "llvm/Analysis/CaptureTracking.h"
21
#include "llvm/Analysis/EHPersonalities.h"
22
#include "llvm/Analysis/OptimizationRemarkEmitter.h"
23
#include "llvm/CodeGen/Passes.h"
24
#include "llvm/CodeGen/TargetLowering.h"
25
#include "llvm/CodeGen/TargetPassConfig.h"
26
#include "llvm/CodeGen/TargetSubtargetInfo.h"
27
#include "llvm/IR/Attributes.h"
28
#include "llvm/IR/BasicBlock.h"
29
#include "llvm/IR/Constants.h"
30
#include "llvm/IR/DataLayout.h"
31
#include "llvm/IR/DebugInfo.h"
32
#include "llvm/IR/DebugLoc.h"
33
#include "llvm/IR/DerivedTypes.h"
34
#include "llvm/IR/Dominators.h"
35
#include "llvm/IR/Function.h"
36
#include "llvm/IR/IRBuilder.h"
37
#include "llvm/IR/Instruction.h"
38
#include "llvm/IR/Instructions.h"
39
#include "llvm/IR/IntrinsicInst.h"
40
#include "llvm/IR/Intrinsics.h"
41
#include "llvm/IR/MDBuilder.h"
42
#include "llvm/IR/Module.h"
43
#include "llvm/IR/Type.h"
44
#include "llvm/IR/User.h"
45
#include "llvm/Pass.h"
46
#include "llvm/Support/Casting.h"
47
#include "llvm/Support/CommandLine.h"
48
#include "llvm/Target/TargetMachine.h"
49
#include "llvm/Target/TargetOptions.h"
50
#include <utility>
51
52
using namespace llvm;
53
54
32
#define DEBUG_TYPE "stack-protector"
55
56
STATISTIC(NumFunProtected, "Number of functions protected");
57
STATISTIC(NumAddrTaken, "Number of local variables that have their address"
58
                        " taken.");
59
60
static cl::opt<bool> EnableSelectionDAGSP("enable-selectiondag-sp",
61
                                          cl::init(true), cl::Hidden);
62
63
char StackProtector::ID = 0;
64
65
49.1k
INITIALIZE_PASS_BEGIN(StackProtector, DEBUG_TYPE,
66
49.1k
                      "Insert stack protectors", false, true)
67
49.1k
INITIALIZE_PASS_DEPENDENCY(TargetPassConfig)
68
49.1k
INITIALIZE_PASS_END(StackProtector, DEBUG_TYPE,
69
                    "Insert stack protectors", false, true)
70
71
36.3k
FunctionPass *llvm::createStackProtectorPass() { return new StackProtector(); }
72
73
36.1k
void StackProtector::getAnalysisUsage(AnalysisUsage &AU) const {
74
36.1k
  AU.addRequired<TargetPassConfig>();
75
36.1k
  AU.addPreserved<DominatorTreeWrapperPass>();
76
36.1k
}
77
78
499k
bool StackProtector::runOnFunction(Function &Fn) {
79
499k
  F = &Fn;
80
499k
  M = F->getParent();
81
499k
  DominatorTreeWrapperPass *DTWP =
82
499k
      getAnalysisIfAvailable<DominatorTreeWrapperPass>();
83
499k
  DT = DTWP ? 
&DTWP->getDomTree()3
:
nullptr499k
;
84
499k
  TM = &getAnalysis<TargetPassConfig>().getTM<TargetMachine>();
85
499k
  Trip = TM->getTargetTriple();
86
499k
  TLI = TM->getSubtargetImpl(Fn)->getTargetLowering();
87
499k
  HasPrologue = false;
88
499k
  HasIRCheck = false;
89
499k
90
499k
  Attribute Attr = Fn.getFnAttribute("stack-protector-buffer-size");
91
499k
  if (Attr.isStringAttribute() &&
92
499k
      
Attr.getValueAsString().getAsInteger(10, SSPBufferSize)263k
)
93
0
    return false; // Invalid integer string
94
499k
95
499k
  if (!RequiresStackProtector())
96
496k
    return false;
97
2.64k
98
2.64k
  // TODO(etienneb): Functions with funclets are not correctly supported now.
99
2.64k
  // Do nothing if this is funclet-based personality.
100
2.64k
  if (Fn.hasPersonalityFn()) {
101
316
    EHPersonality Personality = classifyEHPersonality(Fn.getPersonalityFn());
102
316
    if (isFuncletEHPersonality(Personality))
103
3
      return false;
104
2.64k
  }
105
2.64k
106
2.64k
  ++NumFunProtected;
107
2.64k
  return InsertStackProtectors();
108
2.64k
}
109
110
/// \param [out] IsLarge is set to true if a protectable array is found and
111
/// it is "large" ( >= ssp-buffer-size).  In the case of a structure with
112
/// multiple arrays, this gets set if any of them is large.
113
bool StackProtector::ContainsProtectableArray(Type *Ty, bool &IsLarge,
114
                                              bool Strong,
115
138k
                                              bool InStruct) const {
116
138k
  if (!Ty)
117
0
    return false;
118
138k
  if (ArrayType *AT = dyn_cast<ArrayType>(Ty)) {
119
12.2k
    if (!AT->getElementType()->isIntegerTy(8)) {
120
9.34k
      // If we're on a non-Darwin platform or we're inside of a structure, don't
121
9.34k
      // add stack protectors unless the array is a character array.
122
9.34k
      // However, in strong mode any array, regardless of type and size,
123
9.34k
      // triggers a protector.
124
9.34k
      if (!Strong && 
(9.26k
InStruct9.26k
||
!Trip.isOSDarwin()1.60k
))
125
7.67k
        return false;
126
4.54k
    }
127
4.54k
128
4.54k
    // If an array has more than SSPBufferSize bytes of allocated space, then we
129
4.54k
    // emit stack protectors.
130
4.54k
    if (SSPBufferSize <= M->getDataLayout().getTypeAllocSize(AT)) {
131
3.18k
      IsLarge = true;
132
3.18k
      return true;
133
3.18k
    }
134
1.36k
135
1.36k
    if (Strong)
136
92
      // Require a protector for all arrays in strong mode
137
92
      return true;
138
127k
  }
139
127k
140
127k
  const StructType *ST = dyn_cast<StructType>(Ty);
141
127k
  if (!ST)
142
63.9k
    return false;
143
63.9k
144
63.9k
  bool NeedsProtector = false;
145
63.9k
  for (StructType::element_iterator I = ST->element_begin(),
146
63.9k
                                    E = ST->element_end();
147
179k
       I != E; 
++I115k
)
148
116k
    if (ContainsProtectableArray(*I, IsLarge, Strong, true)) {
149
604
      // If the element is a protectable array and is large (>= SSPBufferSize)
150
604
      // then we are done.  If the protectable array is not large, then
151
604
      // keep looking in case a subsequent element is a large array.
152
604
      if (IsLarge)
153
477
        return true;
154
127
      NeedsProtector = true;
155
127
    }
156
63.9k
157
63.9k
  
return NeedsProtector63.4k
;
158
63.9k
}
159
160
/// Search for the first call to the llvm.stackprotector intrinsic and return it
161
/// if present.
162
499k
static const CallInst *findStackProtectorIntrinsic(Function &F) {
163
499k
  for (const BasicBlock &BB : F)
164
2.56M
    for (const Instruction &I : BB)
165
15.5M
      if (const CallInst *CI = dyn_cast<CallInst>(&I))
166
1.86M
        if (CI->getCalledFunction() ==
167
1.86M
            Intrinsic::getDeclaration(F.getParent(), Intrinsic::stackprotector))
168
3
          return CI;
169
499k
  
return nullptr499k
;
170
499k
}
171
172
/// Check whether or not this function needs a stack protector based
173
/// upon the stack protector level.
174
///
175
/// We use two heuristics: a standard (ssp) and strong (sspstrong).
176
/// The standard heuristic which will add a guard variable to functions that
177
/// call alloca with a either a variable size or a size >= SSPBufferSize,
178
/// functions with character buffers larger than SSPBufferSize, and functions
179
/// with aggregates containing character buffers larger than SSPBufferSize. The
180
/// strong heuristic will add a guard variables to functions that call alloca
181
/// regardless of size, functions with any buffer regardless of type and size,
182
/// functions with aggregates that contain any buffer regardless of type and
183
/// size, and functions that contain stack-based variables that have had their
184
/// address taken.
185
499k
bool StackProtector::RequiresStackProtector() {
186
499k
  bool Strong = false;
187
499k
  bool NeedsProtector = false;
188
499k
  HasPrologue = findStackProtectorIntrinsic(*F);
189
499k
190
499k
  if (F->hasFnAttribute(Attribute::SafeStack))
191
12
    return false;
192
499k
193
499k
  // We are constructing the OptimizationRemarkEmitter on the fly rather than
194
499k
  // using the analysis pass to avoid building DominatorTree and LoopInfo which
195
499k
  // are not available this late in the IR pipeline.
196
499k
  OptimizationRemarkEmitter ORE(F);
197
499k
198
499k
  if (F->hasFnAttribute(Attribute::StackProtectReq)) {
199
235
    ORE.emit([&]() {
200
4
      return OptimizationRemark(DEBUG_TYPE, "StackProtectorRequested", F)
201
4
             << "Stack protection applied to function "
202
4
             << ore::NV("Function", F)
203
4
             << " due to a function attribute or command-line switch";
204
4
    });
205
235
    NeedsProtector = true;
206
235
    Strong = true; // Use the same heuristic as strong to determine SSPLayout
207
499k
  } else if (F->hasFnAttribute(Attribute::StackProtectStrong))
208
314
    Strong = true;
209
499k
  else if (HasPrologue)
210
2
    NeedsProtector = true;
211
499k
  else if (!F->hasFnAttribute(Attribute::StackProtect))
212
457k
    return false;
213
42.5k
214
608k
  
for (const BasicBlock &BB : *F)42.5k
{
215
4.67M
    for (const Instruction &I : BB) {
216
4.67M
      if (const AllocaInst *AI = dyn_cast<AllocaInst>(&I)) {
217
22.7k
        if (AI->isArrayAllocation()) {
218
242
          auto RemarkBuilder = [&]() {
219
8
            return OptimizationRemark(DEBUG_TYPE, "StackProtectorAllocaOrArray",
220
8
                                      &I)
221
8
                   << "Stack protection applied to function "
222
8
                   << ore::NV("Function", F)
223
8
                   << " due to a call to alloca or use of a variable length "
224
8
                      "array";
225
8
          };
226
242
          if (const auto *CI = dyn_cast<ConstantInt>(AI->getArraySize())) {
227
28
            if (CI->getLimitedValue(SSPBufferSize) >= SSPBufferSize) {
228
11
              // A call to alloca with size >= SSPBufferSize requires
229
11
              // stack protectors.
230
11
              Layout.insert(std::make_pair(AI,
231
11
                                           MachineFrameInfo::SSPLK_LargeArray));
232
11
              ORE.emit(RemarkBuilder);
233
11
              NeedsProtector = true;
234
17
            } else if (Strong) {
235
6
              // Require protectors for all alloca calls in strong mode.
236
6
              Layout.insert(std::make_pair(AI,
237
6
                                           MachineFrameInfo::SSPLK_SmallArray));
238
6
              ORE.emit(RemarkBuilder);
239
6
              NeedsProtector = true;
240
6
            }
241
214
          } else {
242
214
            // A call to alloca with a variable size requires protectors.
243
214
            Layout.insert(std::make_pair(AI,
244
214
                                         MachineFrameInfo::SSPLK_LargeArray));
245
214
            ORE.emit(RemarkBuilder);
246
214
            NeedsProtector = true;
247
214
          }
248
242
          continue;
249
242
        }
250
22.5k
251
22.5k
        bool IsLarge = false;
252
22.5k
        if (ContainsProtectableArray(AI->getAllocatedType(), IsLarge, Strong)) {
253
3.27k
          Layout.insert(std::make_pair(AI, IsLarge
254
3.27k
                                       ? 
MachineFrameInfo::SSPLK_LargeArray3.18k
255
3.27k
                                       : 
MachineFrameInfo::SSPLK_SmallArray91
));
256
3.27k
          ORE.emit([&]() {
257
15
            return OptimizationRemark(DEBUG_TYPE, "StackProtectorBuffer", &I)
258
15
                   << "Stack protection applied to function "
259
15
                   << ore::NV("Function", F)
260
15
                   << " due to a stack allocated buffer or struct containing a "
261
15
                      "buffer";
262
15
          });
263
3.27k
          NeedsProtector = true;
264
3.27k
          continue;
265
3.27k
        }
266
19.2k
267
19.2k
        if (Strong && PointerMayBeCaptured(AI,
268
648
                                           /* ReturnCaptures */ false,
269
648
                                           /* StoreCaptures */ true)) {
270
307
          ++NumAddrTaken;
271
307
          Layout.insert(std::make_pair(AI, MachineFrameInfo::SSPLK_AddrOf));
272
307
          ORE.emit([&]() {
273
5
            return OptimizationRemark(DEBUG_TYPE, "StackProtectorAddressTaken",
274
5
                                      &I)
275
5
                   << "Stack protection applied to function "
276
5
                   << ore::NV("Function", F)
277
5
                   << " due to the address of a local variable being taken";
278
5
          });
279
307
          NeedsProtector = true;
280
307
        }
281
19.2k
      }
282
4.67M
    }
283
608k
  }
284
42.5k
285
42.5k
  return NeedsProtector;
286
42.5k
}
287
288
/// Create a stack guard loading and populate whether SelectionDAG SSP is
289
/// supported.
290
static Value *getStackGuard(const TargetLoweringBase *TLI, Module *M,
291
                            IRBuilder<> &B,
292
5.06k
                            bool *SupportsSelectionDAGSP = nullptr) {
293
5.06k
  if (Value *Guard = TLI->getIRStackGuard(B))
294
640
    return B.CreateLoad(B.getInt8PtrTy(), Guard, true, "StackGuard");
295
4.42k
296
4.42k
  // Use SelectionDAG SSP handling, since there isn't an IR guard.
297
4.42k
  //
298
4.42k
  // This is more or less weird, since we optionally output whether we
299
4.42k
  // should perform a SelectionDAG SP here. The reason is that it's strictly
300
4.42k
  // defined as !TLI->getIRStackGuard(B), where getIRStackGuard is also
301
4.42k
  // mutating. There is no way to get this bit without mutating the IR, so
302
4.42k
  // getting this bit has to happen in this right time.
303
4.42k
  //
304
4.42k
  // We could have define a new function TLI::supportsSelectionDAGSP(), but that
305
4.42k
  // will put more burden on the backends' overriding work, especially when it
306
4.42k
  // actually conveys the same information getIRStackGuard() already gives.
307
4.42k
  if (SupportsSelectionDAGSP)
308
2.31k
    *SupportsSelectionDAGSP = true;
309
4.42k
  TLI->insertSSPDeclarations(*M);
310
4.42k
  return B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackguard));
311
4.42k
}
312
313
/// Insert code into the entry block that stores the stack guard
314
/// variable onto the stack:
315
///
316
///   entry:
317
///     StackGuardSlot = alloca i8*
318
///     StackGuard = <stack guard>
319
///     call void @llvm.stackprotector(StackGuard, StackGuardSlot)
320
///
321
/// Returns true if the platform/triple supports the stackprotectorcreate pseudo
322
/// node.
323
static bool CreatePrologue(Function *F, Module *M, ReturnInst *RI,
324
2.62k
                           const TargetLoweringBase *TLI, AllocaInst *&AI) {
325
2.62k
  bool SupportsSelectionDAGSP = false;
326
2.62k
  IRBuilder<> B(&F->getEntryBlock().front());
327
2.62k
  PointerType *PtrTy = Type::getInt8PtrTy(RI->getContext());
328
2.62k
  AI = B.CreateAlloca(PtrTy, nullptr, "StackGuardSlot");
329
2.62k
330
2.62k
  Value *GuardSlot = getStackGuard(TLI, M, B, &SupportsSelectionDAGSP);
331
2.62k
  B.CreateCall(Intrinsic::getDeclaration(M, Intrinsic::stackprotector),
332
2.62k
               {GuardSlot, AI});
333
2.62k
  return SupportsSelectionDAGSP;
334
2.62k
}
335
336
/// InsertStackProtectors - Insert code into the prologue and epilogue of the
337
/// function.
338
///
339
///  - The prologue code loads and stores the stack guard onto the stack.
340
///  - The epilogue checks the value stored in the prologue against the original
341
///    value. It calls __stack_chk_fail if they differ.
342
2.64k
bool StackProtector::InsertStackProtectors() {
343
2.64k
  // If the target wants to XOR the frame pointer into the guard value, it's
344
2.64k
  // impossible to emit the check in IR, so the target *must* support stack
345
2.64k
  // protection in SDAG.
346
2.64k
  bool SupportsSelectionDAGSP =
347
2.64k
      TLI->useStackGuardXorFP() ||
348
2.64k
      
(2.51k
EnableSelectionDAGSP2.51k
&&
!TM->Options.EnableFastISel2.50k
&&
349
2.51k
       
!TM->Options.EnableGlobalISel2.48k
);
350
2.64k
  AllocaInst *AI = nullptr;       // Place on stack that stores the stack guard.
351
2.64k
352
115k
  for (Function::iterator I = F->begin(), E = F->end(); I != E;) {
353
113k
    BasicBlock *BB = &*I++;
354
113k
    ReturnInst *RI = dyn_cast<ReturnInst>(BB->getTerminator());
355
113k
    if (!RI)
356
110k
      continue;
357
2.91k
358
2.91k
    // Generate prologue instrumentation if not already generated.
359
2.91k
    if (!HasPrologue) {
360
2.62k
      HasPrologue = true;
361
2.62k
      SupportsSelectionDAGSP &= CreatePrologue(F, M, RI, TLI, AI);
362
2.62k
    }
363
2.91k
364
2.91k
    // SelectionDAG based code generation. Nothing else needs to be done here.
365
2.91k
    // The epilogue instrumentation is postponed to SelectionDAG.
366
2.91k
    if (SupportsSelectionDAGSP)
367
472
      break;
368
2.44k
369
2.44k
    // Find the stack guard slot if the prologue was not created by this pass
370
2.44k
    // itself via a previous call to CreatePrologue().
371
2.44k
    if (!AI) {
372
1
      const CallInst *SPCall = findStackProtectorIntrinsic(*F);
373
1
      assert(SPCall && "Call to llvm.stackprotector is missing");
374
1
      AI = cast<AllocaInst>(SPCall->getArgOperand(1));
375
1
    }
376
2.44k
377
2.44k
    // Set HasIRCheck to true, so that SelectionDAG will not generate its own
378
2.44k
    // version. SelectionDAG called 'shouldEmitSDCheck' to check whether
379
2.44k
    // instrumentation has already been generated.
380
2.44k
    HasIRCheck = true;
381
2.44k
382
2.44k
    // Generate epilogue instrumentation. The epilogue intrumentation can be
383
2.44k
    // function-based or inlined depending on which mechanism the target is
384
2.44k
    // providing.
385
2.44k
    if (Function *GuardCheck = TLI->getSSPStackGuardCheck(*M)) {
386
1
      // Generate the function-based epilogue instrumentation.
387
1
      // The target provides a guard check function, generate a call to it.
388
1
      IRBuilder<> B(RI);
389
1
      LoadInst *Guard = B.CreateLoad(B.getInt8PtrTy(), AI, true, "Guard");
390
1
      CallInst *Call = B.CreateCall(GuardCheck, {Guard});
391
1
      Call->setAttributes(GuardCheck->getAttributes());
392
1
      Call->setCallingConv(GuardCheck->getCallingConv());
393
2.43k
    } else {
394
2.43k
      // Generate the epilogue with inline instrumentation.
395
2.43k
      // If we do not support SelectionDAG based tail calls, generate IR level
396
2.43k
      // tail calls.
397
2.43k
      //
398
2.43k
      // For each block with a return instruction, convert this:
399
2.43k
      //
400
2.43k
      //   return:
401
2.43k
      //     ...
402
2.43k
      //     ret ...
403
2.43k
      //
404
2.43k
      // into this:
405
2.43k
      //
406
2.43k
      //   return:
407
2.43k
      //     ...
408
2.43k
      //     %1 = <stack guard>
409
2.43k
      //     %2 = load StackGuardSlot
410
2.43k
      //     %3 = cmp i1 %1, %2
411
2.43k
      //     br i1 %3, label %SP_return, label %CallStackCheckFailBlk
412
2.43k
      //
413
2.43k
      //   SP_return:
414
2.43k
      //     ret ...
415
2.43k
      //
416
2.43k
      //   CallStackCheckFailBlk:
417
2.43k
      //     call void @__stack_chk_fail()
418
2.43k
      //     unreachable
419
2.43k
420
2.43k
      // Create the FailBB. We duplicate the BB every time since the MI tail
421
2.43k
      // merge pass will merge together all of the various BB into one including
422
2.43k
      // fail BB generated by the stack protector pseudo instruction.
423
2.43k
      BasicBlock *FailBB = CreateFailBB();
424
2.43k
425
2.43k
      // Split the basic block before the return instruction.
426
2.43k
      BasicBlock *NewBB = BB->splitBasicBlock(RI->getIterator(), "SP_return");
427
2.43k
428
2.43k
      // Update the dominator tree if we need to.
429
2.43k
      if (DT && 
DT->isReachableFromEntry(BB)0
) {
430
0
        DT->addNewBlock(NewBB, BB);
431
0
        DT->addNewBlock(FailBB, BB);
432
0
      }
433
2.43k
434
2.43k
      // Remove default branch instruction to the new BB.
435
2.43k
      BB->getTerminator()->eraseFromParent();
436
2.43k
437
2.43k
      // Move the newly created basic block to the point right after the old
438
2.43k
      // basic block so that it's in the "fall through" position.
439
2.43k
      NewBB->moveAfter(BB);
440
2.43k
441
2.43k
      // Generate the stack protector instructions in the old basic block.
442
2.43k
      IRBuilder<> B(BB);
443
2.43k
      Value *Guard = getStackGuard(TLI, M, B);
444
2.43k
      LoadInst *LI2 = B.CreateLoad(B.getInt8PtrTy(), AI, true);
445
2.43k
      Value *Cmp = B.CreateICmpEQ(Guard, LI2);
446
2.43k
      auto SuccessProb =
447
2.43k
          BranchProbabilityInfo::getBranchProbStackProtector(true);
448
2.43k
      auto FailureProb =
449
2.43k
          BranchProbabilityInfo::getBranchProbStackProtector(false);
450
2.43k
      MDNode *Weights = MDBuilder(F->getContext())
451
2.43k
                            .createBranchWeights(SuccessProb.getNumerator(),
452
2.43k
                                                 FailureProb.getNumerator());
453
2.43k
      B.CreateCondBr(Cmp, NewBB, FailBB, Weights);
454
2.43k
    }
455
2.44k
  }
456
2.64k
457
2.64k
  // Return if we didn't modify any basic blocks. i.e., there are no return
458
2.64k
  // statements in the function.
459
2.64k
  return HasPrologue;
460
2.64k
}
461
462
/// CreateFailBB - Create a basic block to jump to when the stack protector
463
/// check fails.
464
2.43k
BasicBlock *StackProtector::CreateFailBB() {
465
2.43k
  LLVMContext &Context = F->getContext();
466
2.43k
  BasicBlock *FailBB = BasicBlock::Create(Context, "CallStackCheckFailBlk", F);
467
2.43k
  IRBuilder<> B(FailBB);
468
2.43k
  B.SetCurrentDebugLocation(DebugLoc::get(0, 0, F->getSubprogram()));
469
2.43k
  if (Trip.isOSOpenBSD()) {
470
62
    FunctionCallee StackChkFail = M->getOrInsertFunction(
471
62
        "__stack_smash_handler", Type::getVoidTy(Context),
472
62
        Type::getInt8PtrTy(Context));
473
62
474
62
    B.CreateCall(StackChkFail, B.CreateGlobalStringPtr(F->getName(), "SSH"));
475
2.37k
  } else {
476
2.37k
    FunctionCallee StackChkFail =
477
2.37k
        M->getOrInsertFunction("__stack_chk_fail", Type::getVoidTy(Context));
478
2.37k
479
2.37k
    B.CreateCall(StackChkFail, {});
480
2.37k
  }
481
2.43k
  B.CreateUnreachable();
482
2.43k
  return FailBB;
483
2.43k
}
484
485
1.20M
bool StackProtector::shouldEmitSDCheck(const BasicBlock &BB) const {
486
1.20M
  return HasPrologue && 
!HasIRCheck51.6k
&&
isa<ReturnInst>(BB.getTerminator())2.53k
;
487
1.20M
}
488
489
515k
void StackProtector::copyToMachineFrameInfo(MachineFrameInfo &MFI) const {
490
515k
  if (Layout.empty())
491
499k
    return;
492
16.4k
493
36.3k
  
for (int I = 0, E = MFI.getObjectIndexEnd(); 16.4k
I != E;
++I19.9k
) {
494
19.9k
    if (MFI.isDeadObjectIndex(I))
495
40
      continue;
496
19.8k
497
19.8k
    const AllocaInst *AI = MFI.getObjectAllocation(I);
498
19.8k
    if (!AI)
499
32
      continue;
500
19.8k
501
19.8k
    SSPLayoutMap::const_iterator LI = Layout.find(AI);
502
19.8k
    if (LI == Layout.end())
503
15.4k
      continue;
504
4.41k
505
4.41k
    MFI.setObjectSSPLayout(I, LI->second);
506
4.41k
  }
507
16.4k
}