12b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling//===-- StackProtector.cpp - Stack Protector Insertion --------------------===// 22b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// 32b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// The LLVM Compiler Infrastructure 42b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// 52b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// This file is distributed under the University of Illinois Open Source 62b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// License. See LICENSE.TXT for details. 72b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// 82b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling//===----------------------------------------------------------------------===// 92b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// 1080a320d974dae7666157e80b141d7ff97e5f6544Bill Wendling// This pass inserts stack protectors into functions which need them. A variable 1180a320d974dae7666157e80b141d7ff97e5f6544Bill Wendling// with a random value in it is stored onto the stack before the local variables 1280a320d974dae7666157e80b141d7ff97e5f6544Bill Wendling// are allocated. Upon exiting the block, the stored value is checked. If it's 132b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// changed, then there was some sort of violation and the program aborts. 142b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling// 152b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling//===----------------------------------------------------------------------===// 162b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 172b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling#define DEBUG_TYPE "stack-protector" 182b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling#include "llvm/CodeGen/Passes.h" 19e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling#include "llvm/ADT/SmallPtrSet.h" 20e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling#include "llvm/ADT/Statistic.h" 21d04a8d4b33ff316ca4cf961e06c9e312eff8e64fChandler Carruth#include "llvm/ADT/Triple.h" 2280f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich#include "llvm/Analysis/Dominators.h" 230b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/Attributes.h" 240b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/Constants.h" 250b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/DataLayout.h" 260b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/DerivedTypes.h" 270b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/Function.h" 2862ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola#include "llvm/IR/GlobalValue.h" 2962ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola#include "llvm/IR/GlobalVariable.h" 300b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/Instructions.h" 310b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/Intrinsics.h" 320b8c9a80f20772c3793201ab5b251d3520b9cea3Chandler Carruth#include "llvm/IR/Module.h" 332b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling#include "llvm/Pass.h" 342b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling#include "llvm/Support/CommandLine.h" 3580a320d974dae7666157e80b141d7ff97e5f6544Bill Wendling#include "llvm/Target/TargetLowering.h" 360dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling#include <cstdlib> 372b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendlingusing namespace llvm; 382b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 39e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill WendlingSTATISTIC(NumFunProtected, "Number of functions protected"); 40e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill WendlingSTATISTIC(NumAddrTaken, "Number of local variables that have their address" 41e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling " taken."); 42e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling 432b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendlingnamespace { 446726b6d75a8b679068a58cb954ba97cf9d1690baNick Lewycky class StackProtector : public FunctionPass { 45ea44281d5da5096de50ce1cb358ff0c6f20e1a2aBill Wendling const TargetMachine *TM; 46ea44281d5da5096de50ce1cb358ff0c6f20e1a2aBill Wendling 4780a320d974dae7666157e80b141d7ff97e5f6544Bill Wendling /// TLI - Keep a pointer of a TargetLowering to consult for determining 4880a320d974dae7666157e80b141d7ff97e5f6544Bill Wendling /// target type sizes. 49ea44281d5da5096de50ce1cb358ff0c6f20e1a2aBill Wendling const TargetLoweringBase *TLI; 5062ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola const Triple Trip; 512b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 522b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling Function *F; 532b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling Module *M; 542b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 556d86f3cdfc8d750d73f4a711ec74300fcb8644cbBill Wendling DominatorTree *DT; 5680f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich 570dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling /// \brief The minimum size of buffers that will receive stack smashing 580dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling /// protection when -fstack-protection is used. 590dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling unsigned SSPBufferSize; 600dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling 61e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling /// VisitedPHIs - The set of PHI nodes visited when determining 62e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling /// if a variable's reference has been taken. This set 63e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling /// is maintained to ensure we don't visit the same PHI node multiple 64e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling /// times. 65e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling SmallPtrSet<const PHINode*, 16> VisitedPHIs; 66e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling 67613f77439eb6e1f660e615e0e851187da13255aeBill Wendling /// InsertStackProtectors - Insert code into the prologue and epilogue of 68613f77439eb6e1f660e615e0e851187da13255aeBill Wendling /// the function. 69613f77439eb6e1f660e615e0e851187da13255aeBill Wendling /// 70613f77439eb6e1f660e615e0e851187da13255aeBill Wendling /// - The prologue code loads and stores the stack guard onto the stack. 71613f77439eb6e1f660e615e0e851187da13255aeBill Wendling /// - The epilogue checks the value stored in the prologue against the 72613f77439eb6e1f660e615e0e851187da13255aeBill Wendling /// original value. It calls __stack_chk_fail if they differ. 73613f77439eb6e1f660e615e0e851187da13255aeBill Wendling bool InsertStackProtectors(); 742b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 752b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling /// CreateFailBB - Create a basic block to jump to when the stack protector 762b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling /// check fails. 77613f77439eb6e1f660e615e0e851187da13255aeBill Wendling BasicBlock *CreateFailBB(); 782b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 79a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling /// ContainsProtectableArray - Check whether the type either is an array or 80a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling /// contains an array of sufficient size so that we need stack protectors 81a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling /// for it. 82e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling bool ContainsProtectableArray(Type *Ty, bool Strong = false, 83e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling bool InStruct = false) const; 84e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling 85e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling /// \brief Check whether a stack allocation has its address taken. 86e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling bool HasAddressTaken(const Instruction *AI); 87a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling 882b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling /// RequiresStackProtector - Check whether or not this function needs a 892b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling /// stack protector based upon the stack protector level. 90e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling bool RequiresStackProtector(); 912b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling public: 922b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling static char ID; // Pass identification, replacement for typeid. 930dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling StackProtector() : FunctionPass(ID), TM(0), TLI(0), SSPBufferSize(0) { 94081c34b725980f995be9080eaec24cd3dfaaf065Owen Anderson initializeStackProtectorPass(*PassRegistry::getPassRegistry()); 95081c34b725980f995be9080eaec24cd3dfaaf065Owen Anderson } 96ea44281d5da5096de50ce1cb358ff0c6f20e1a2aBill Wendling StackProtector(const TargetMachine *TM) 970dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling : FunctionPass(ID), TM(TM), TLI(0), Trip(TM->getTargetTriple()), 980dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling SSPBufferSize(8) { 996d86f3cdfc8d750d73f4a711ec74300fcb8644cbBill Wendling initializeStackProtectorPass(*PassRegistry::getPassRegistry()); 1006d86f3cdfc8d750d73f4a711ec74300fcb8644cbBill Wendling } 1012b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 10280f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich virtual void getAnalysisUsage(AnalysisUsage &AU) const { 10380f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich AU.addPreserved<DominatorTree>(); 10480f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich } 10580f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich 1062b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling virtual bool runOnFunction(Function &Fn); 1072b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling }; 1082b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling} // end anonymous namespace 1092b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 1102b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendlingchar StackProtector::ID = 0; 111d13db2c59cc94162d6cf0a04187d408bfef6d4a7Owen AndersonINITIALIZE_PASS(StackProtector, "stack-protector", 112ce665bd2e2b581ab0858d1afe359192bac96b868Owen Anderson "Insert stack protectors", false, false) 1132b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 114ea44281d5da5096de50ce1cb358ff0c6f20e1a2aBill WendlingFunctionPass *llvm::createStackProtectorPass(const TargetMachine *TM) { 115ea44281d5da5096de50ce1cb358ff0c6f20e1a2aBill Wendling return new StackProtector(TM); 1162b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling} 1172b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 1182b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendlingbool StackProtector::runOnFunction(Function &Fn) { 1192b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling F = &Fn; 1202b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling M = F->getParent(); 12180f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich DT = getAnalysisIfAvailable<DominatorTree>(); 122ea44281d5da5096de50ce1cb358ff0c6f20e1a2aBill Wendling TLI = TM->getTargetLowering(); 1232b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 1242b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling if (!RequiresStackProtector()) return false; 1256d86f3cdfc8d750d73f4a711ec74300fcb8644cbBill Wendling 1260dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling Attribute Attr = 1270dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling Fn.getAttributes().getAttribute(AttributeSet::FunctionIndex, 1280dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling "stack-protector-buffer-size"); 1290dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling if (Attr.isStringAttribute()) 1300dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling SSPBufferSize = atoi(Attr.getValueAsString().data()); 1310dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling 132e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling ++NumFunProtected; 133613f77439eb6e1f660e615e0e851187da13255aeBill Wendling return InsertStackProtectors(); 1342b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling} 1352b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 136a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling/// ContainsProtectableArray - Check whether the type either is an array or 137a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling/// contains a char array of sufficient size so that we need stack protectors 138a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling/// for it. 139e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendlingbool StackProtector::ContainsProtectableArray(Type *Ty, bool Strong, 140e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling bool InStruct) const { 141a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling if (!Ty) return false; 142a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling if (ArrayType *AT = dyn_cast<ArrayType>(Ty)) { 143e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // In strong mode any array, regardless of type and size, triggers a 144e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // protector 145e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (Strong) 146e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 147a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling if (!AT->getElementType()->isIntegerTy(8)) { 148a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling // If we're on a non-Darwin platform or we're inside of a structure, don't 149a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling // add stack protectors unless the array is a character array. 150a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling if (InStruct || !Trip.isOSDarwin()) 151a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling return false; 152a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling } 153a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling 154a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling // If an array has more than SSPBufferSize bytes of allocated space, then we 155a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling // emit stack protectors. 1560dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling if (SSPBufferSize <= TLI->getDataLayout()->getTypeAllocSize(AT)) 157a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling return true; 158a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling } 159a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling 160a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling const StructType *ST = dyn_cast<StructType>(Ty); 161a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling if (!ST) return false; 162a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling 163a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling for (StructType::element_iterator I = ST->element_begin(), 164a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling E = ST->element_end(); I != E; ++I) 165e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (ContainsProtectableArray(*I, Strong, true)) 166a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling return true; 167a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling 168a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling return false; 169a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling} 170a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling 171e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendlingbool StackProtector::HasAddressTaken(const Instruction *AI) { 172e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling for (Value::const_use_iterator UI = AI->use_begin(), UE = AI->use_end(); 173e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling UI != UE; ++UI) { 174e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling const User *U = *UI; 175e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (const StoreInst *SI = dyn_cast<StoreInst>(U)) { 176e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (AI == SI->getValueOperand()) 177e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 178e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } else if (const PtrToIntInst *SI = dyn_cast<PtrToIntInst>(U)) { 179e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (AI == SI->getOperand(0)) 180e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 181e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } else if (isa<CallInst>(U)) { 182e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 183e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } else if (isa<InvokeInst>(U)) { 184e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 185e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } else if (const SelectInst *SI = dyn_cast<SelectInst>(U)) { 186e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (HasAddressTaken(SI)) 187e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 188e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } else if (const PHINode *PN = dyn_cast<PHINode>(U)) { 189e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // Keep track of what PHI nodes we have already visited to ensure 190e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // they are only visited once. 191e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (VisitedPHIs.insert(PN)) 192e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (HasAddressTaken(PN)) 193e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 194e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } else if (const GetElementPtrInst *GEP = dyn_cast<GetElementPtrInst>(U)) { 195e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (HasAddressTaken(GEP)) 196e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 197e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } else if (const BitCastInst *BI = dyn_cast<BitCastInst>(U)) { 198e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (HasAddressTaken(BI)) 199e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 200e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } 201e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } 202e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return false; 203e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling} 204c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 205e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// \brief Check whether or not this function needs a stack protector based 206e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// upon the stack protector level. 207e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// 208e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// We use two heuristics: a standard (ssp) and strong (sspstrong). 209e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// The standard heuristic which will add a guard variable to functions that 210e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// call alloca with a either a variable size or a size >= SSPBufferSize, 211e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// functions with character buffers larger than SSPBufferSize, and functions 212e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// with aggregates containing character buffers larger than SSPBufferSize. The 213e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// strong heuristic will add a guard variables to functions that call alloca 214e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// regardless of size, functions with any buffer regardless of type and size, 215e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// functions with aggregates that contain any buffer regardless of type and 216e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// size, and functions that contain stack-based variables that have had their 217e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling/// address taken. 218e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendlingbool StackProtector::RequiresStackProtector() { 219e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling bool Strong = false; 220114baee1fa017daefad2339c77b45b9ca3d79a41Bill Wendling if (F->getAttributes().hasAttribute(AttributeSet::FunctionIndex, 221e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling Attribute::StackProtectReq)) 222114baee1fa017daefad2339c77b45b9ca3d79a41Bill Wendling return true; 223e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling else if (F->getAttributes().hasAttribute(AttributeSet::FunctionIndex, 224e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling Attribute::StackProtectStrong)) 225e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling Strong = true; 226e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling else if (!F->getAttributes().hasAttribute(AttributeSet::FunctionIndex, 227e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling Attribute::StackProtect)) 228c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling return false; 229c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 230c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling for (Function::iterator I = F->begin(), E = F->end(); I != E; ++I) { 231c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling BasicBlock *BB = I; 232c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 233c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling for (BasicBlock::iterator 234e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling II = BB->begin(), IE = BB->end(); II != IE; ++II) { 235c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling if (AllocaInst *AI = dyn_cast<AllocaInst>(II)) { 236e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (AI->isArrayAllocation()) { 237e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // SSP-Strong: Enable protectors for any call to alloca, regardless 238e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // of size. 239e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (Strong) 240e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 241e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling 242e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (const ConstantInt *CI = 243e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling dyn_cast<ConstantInt>(AI->getArraySize())) { 2440dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling if (CI->getLimitedValue(SSPBufferSize) >= SSPBufferSize) 245e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // A call to alloca with size >= SSPBufferSize requires 246e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling // stack protectors. 247e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 2480dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling } else { 2490dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling // A call to alloca with a variable size requires protectors. 250e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling return true; 2510dcba2fadb990ba2298ba43d76372c754b240ceeBill Wendling } 252e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } 253e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling 254e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (ContainsProtectableArray(AI->getAllocatedType(), Strong)) 255c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling return true; 256c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 257e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling if (Strong && HasAddressTaken(AI)) { 258e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling ++NumAddrTaken; 259a67eda76c0224ec272e2cc7cf919f4e6e213e275Bill Wendling return true; 260e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } 261c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling } 262e4957fb9b77a4fbdf711b9e5a722d107d86ccc50Bill Wendling } 263c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling } 264c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 265c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling return false; 266c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling} 267c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 268c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// Insert code into the entry block that stores the __stack_chk_guard 269c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// variable onto the stack: 270c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// 271c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// entry: 272c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// StackGuardSlot = alloca i8* 273c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// StackGuard = load __stack_chk_guard 274c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// call void @llvm.stackprotect.create(StackGuard, StackGuardSlot) 275c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman/// 276c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesmanstatic void CreatePrologue(Function *F, Module *M, ReturnInst *RI, 277c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman const TargetLoweringBase *TLI, const Triple &Trip, 278c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman AllocaInst *&AI, Value *&StackGuardVar) { 279c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman PointerType *PtrTy = Type::getInt8PtrTy(RI->getContext()); 280c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman unsigned AddressSpace, Offset; 281c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman if (TLI->getStackCookieLocation(AddressSpace, Offset)) { 282c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman Constant *OffsetVal = 283c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman ConstantInt::get(Type::getInt32Ty(RI->getContext()), Offset); 284c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman 285c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman StackGuardVar = ConstantExpr::getIntToPtr(OffsetVal, 286c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman PointerType::get(PtrTy, 287c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman AddressSpace)); 288c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman } else if (Trip.getOS() == llvm::Triple::OpenBSD) { 289c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman StackGuardVar = M->getOrInsertGlobal("__guard_local", PtrTy); 290c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman cast<GlobalValue>(StackGuardVar) 291c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman ->setVisibility(GlobalValue::HiddenVisibility); 292c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman } else { 293c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman StackGuardVar = M->getOrInsertGlobal("__stack_chk_guard", PtrTy); 294c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman } 295c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman 296c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman BasicBlock &Entry = F->getEntryBlock(); 297c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman Instruction *InsPt = &Entry.front(); 298c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman 299c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman AI = new AllocaInst(PtrTy, "StackGuardSlot", InsPt); 300c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman LoadInst *LI = new LoadInst(StackGuardVar, "StackGuard", false, InsPt); 301c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman 302c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman Value *Args[] = { LI, AI }; 303c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman CallInst:: 304c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman Create(Intrinsic::getDeclaration(M, Intrinsic::stackprotector), 305c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman Args, "", InsPt); 306c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman} 307c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman 308613f77439eb6e1f660e615e0e851187da13255aeBill Wendling/// InsertStackProtectors - Insert code into the prologue and epilogue of the 309613f77439eb6e1f660e615e0e851187da13255aeBill Wendling/// function. 310613f77439eb6e1f660e615e0e851187da13255aeBill Wendling/// 311613f77439eb6e1f660e615e0e851187da13255aeBill Wendling/// - The prologue code loads and stores the stack guard onto the stack. 312613f77439eb6e1f660e615e0e851187da13255aeBill Wendling/// - The epilogue checks the value stored in the prologue against the original 313613f77439eb6e1f660e615e0e851187da13255aeBill Wendling/// value. It calls __stack_chk_fail if they differ. 314613f77439eb6e1f660e615e0e851187da13255aeBill Wendlingbool StackProtector::InsertStackProtectors() { 315b7c6ebcb4732302310cfaca81e1d26c3802c1646Bill Wendling BasicBlock *FailBB = 0; // The basic block to jump to if check fails. 31680f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich BasicBlock *FailBBDom = 0; // FailBB's dominator. 317b7c6ebcb4732302310cfaca81e1d26c3802c1646Bill Wendling AllocaInst *AI = 0; // Place on stack that stores the stack guard. 318f7a0c7bf8bc8318ed28d889c9a56437ab3e91385Eric Christopher Value *StackGuardVar = 0; // The stack guard variable. 319b7c6ebcb4732302310cfaca81e1d26c3802c1646Bill Wendling 3207205677a46d02867004826218942dab3b466c926Bill Wendling for (Function::iterator I = F->begin(), E = F->end(); I != E; ) { 321c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling BasicBlock *BB = I++; 322c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling ReturnInst *RI = dyn_cast<ReturnInst>(BB->getTerminator()); 323c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling if (!RI) continue; 324c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 325c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling if (!FailBB) { 326c03d5ec32041892734324f4dc635e7644aebd672Michael Gottesman CreatePrologue(F, M, RI, TLI, Trip, AI, StackGuardVar); 327c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // Create the basic block to jump to when the guard check fails. 328c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling FailBB = CreateFailBB(); 3291fb615f820ee0ff415e78b25ef583a430c86a743Bill Wendling } 330c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 331c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // For each block with a return instruction, convert this: 332c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // 333c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // return: 334c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // ... 335c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // ret ... 336c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // 337c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // into this: 338c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // 339c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // return: 340c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // ... 341c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // %1 = load __stack_chk_guard 342733bbc5320ac9d729caa8c0fe741dd516e7eda0bBill Wendling // %2 = load StackGuardSlot 343c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // %3 = cmp i1 %1, %2 344c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // br i1 %3, label %SP_return, label %CallStackCheckFailBlk 345c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // 346c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // SP_return: 347c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // ret ... 348c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // 349c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // CallStackCheckFailBlk: 350c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // call void @__stack_chk_fail() 351c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // unreachable 352c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 353c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // Split the basic block before the return instruction. 354c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling BasicBlock *NewBB = BB->splitBasicBlock(RI, "SP_return"); 3553c288b97879b975e75ae8eab69eee111f3bc3a43Bill Wendling 3563f782f4d7586a4e644850ad4d05ef6a027aabc04Bill Wendling if (DT && DT->isReachableFromEntry(BB)) { 35753aac15a607d66926e586c7fc57634f6be4ef443Cameron Zwarich DT->addNewBlock(NewBB, BB); 3583c288b97879b975e75ae8eab69eee111f3bc3a43Bill Wendling FailBBDom = FailBBDom ? DT->findNearestCommonDominator(FailBBDom, BB) :BB; 35980f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich } 360c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 3615601699d7c36b819179a7d89270100c34b3d0a32Bill Wendling // Remove default branch instruction to the new BB. 3625601699d7c36b819179a7d89270100c34b3d0a32Bill Wendling BB->getTerminator()->eraseFromParent(); 3635601699d7c36b819179a7d89270100c34b3d0a32Bill Wendling 364c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // Move the newly created basic block to the point right after the old basic 365c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // block so that it's in the "fall through" position. 366c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling NewBB->moveAfter(BB); 367c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling 368c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling // Generate the stack protector instructions in the old basic block. 369733bbc5320ac9d729caa8c0fe741dd516e7eda0bBill Wendling LoadInst *LI1 = new LoadInst(StackGuardVar, "", false, BB); 370733bbc5320ac9d729caa8c0fe741dd516e7eda0bBill Wendling LoadInst *LI2 = new LoadInst(AI, "", true, BB); 371333c40096561218bc3597cf153c0a3895274414cOwen Anderson ICmpInst *Cmp = new ICmpInst(*BB, CmpInst::ICMP_EQ, LI1, LI2, ""); 372c3348a77f7e1bdc8e52a9f70fd190555df34d7c1Bill Wendling BranchInst::Create(NewBB, FailBB, Cmp, BB); 3732b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling } 374613f77439eb6e1f660e615e0e851187da13255aeBill Wendling 3751fb615f820ee0ff415e78b25ef583a430c86a743Bill Wendling // Return if we didn't modify any basic blocks. I.e., there are no return 3761fb615f820ee0ff415e78b25ef583a430c86a743Bill Wendling // statements in the function. 3771fb615f820ee0ff415e78b25ef583a430c86a743Bill Wendling if (!FailBB) return false; 3781fb615f820ee0ff415e78b25ef583a430c86a743Bill Wendling 37953aac15a607d66926e586c7fc57634f6be4ef443Cameron Zwarich if (DT && FailBBDom) 38080f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich DT->addNewBlock(FailBB, FailBBDom); 38180f6a507d4e11ba066ad0e53e12ad25ad8cf07baCameron Zwarich 382613f77439eb6e1f660e615e0e851187da13255aeBill Wendling return true; 3832b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling} 3842b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling 3852b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling/// CreateFailBB - Create a basic block to jump to when the stack protector 3862b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling/// check fails. 387613f77439eb6e1f660e615e0e851187da13255aeBill WendlingBasicBlock *StackProtector::CreateFailBB() { 38862ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola LLVMContext &Context = F->getContext(); 38962ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola BasicBlock *FailBB = BasicBlock::Create(Context, "CallStackCheckFailBlk", F); 39062ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola if (Trip.getOS() == llvm::Triple::OpenBSD) { 39162ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola Constant *StackChkFail = M->getOrInsertFunction( 39262ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola "__stack_smash_handler", Type::getVoidTy(Context), 39362ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola Type::getInt8PtrTy(Context), NULL); 39462ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola 39562ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola Constant *NameStr = ConstantDataArray::getString(Context, F->getName()); 39662ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola Constant *FuncName = 39762ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola new GlobalVariable(*M, NameStr->getType(), true, 39862ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola GlobalVariable::PrivateLinkage, NameStr, "SSH"); 39962ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola 40062ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola SmallVector<Constant *, 2> IdxList; 40162ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola IdxList.push_back(ConstantInt::get(Type::getInt8Ty(Context), 0)); 40262ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola IdxList.push_back(ConstantInt::get(Type::getInt8Ty(Context), 0)); 40362ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola 40462ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola SmallVector<Value *, 1> Args; 40562ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola Args.push_back(ConstantExpr::getGetElementPtr(FuncName, IdxList)); 40662ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola 40762ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola CallInst::Create(StackChkFail, Args, "", FailBB); 40862ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola } else { 40962ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola Constant *StackChkFail = M->getOrInsertFunction( 41062ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola "__stack_chk_fail", Type::getVoidTy(Context), NULL); 41162ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola CallInst::Create(StackChkFail, "", FailBB); 41262ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola } 41362ed8d3e35d25853e32db946a0a60da0bbf862e1Rafael Espindola new UnreachableInst(Context, FailBB); 414613f77439eb6e1f660e615e0e851187da13255aeBill Wendling return FailBB; 4152b58ce5ab4e22e796303d68fb246d4031cb5d4caBill Wendling} 416