コード挿入

デバッグやプロファイルやセキュリティチェックなどを目的として、任意のコードを仕込みたいという需要は多いと思う。

やり方としては、GIMPLE レベルで仕込む方法と、MD レベルで仕込む方法の、主に　2 種類ぐらいがあるようだ。

GIMPLE レベルで何かを仕込むのは、rtx に対する知識が必要だし、最適化の過程でコードの順番などが入れ替わる可能性もある。

MD レベルの方が、最適化の後だし、基本的には　GCC のインラインアセンブラのような感じに記述できるので、比較的容易な気がする。

GCC の SSP (Stack Smashing Protector) は、セキュリティ用のコードを　MD ファイルで仕込んでいるらしい。

ちょっと　gcc-4.3.2/gcc/config/i386/i386.md を見てみる。

   ; SSP patterns
  (UNSPEC_SP_SET               100)
  (UNSPEC_SP_TEST              101)
  (UNSPEC_SP_TLS_SET           102)
  (UNSPEC_SP_TLS_TEST          103)
...

(define_expand "stack_protect_set"
 [(match_operand 0 "memory_operand" "")
  (match_operand 1 "memory_operand" "")]
 ""
{
#ifdef TARGET_THREAD_SSP_OFFSET
 if (TARGET_64BIT)
   emit_insn (gen_stack_tls_protect_set_di (operands[0],
                                       GEN_INT (TARGET_THREAD_SSP_OFFSET)));
 else
   emit_insn (gen_stack_tls_protect_set_si (operands[0],
                                       GEN_INT (TARGET_THREAD_SSP_OFFSET)));
#else
 if (TARGET_64BIT)
   emit_insn (gen_stack_protect_set_di (operands[0], operands[1]));
 else
   emit_insn (gen_stack_protect_set_si (operands[0], operands[1]));
#endif
 DONE;
})

(define_insn "stack_protect_set_si"
 [(set (match_operand:SI 0 "memory_operand" "=m")
       (unspec:SI [(match_operand:SI 1 "memory_operand" "m")] UNSPEC_SP_SET))
  (set (match_scratch:SI 2 "=&r") (const_int 0))
  (clobber (reg:CC FLAGS_REG))]
 ""
 "mov{l}\t{%1, %2|%2, %1}\;mov{l}\t{%2, %0|%0, %2}\;xor{l}\t%2, %2"
 [(set_attr "type" "multi")])

(define_insn "stack_protect_set_di"
 [(set (match_operand:DI 0 "memory_operand" "=m")
       (unspec:DI [(match_operand:DI 1 "memory_operand" "m")] UNSPEC_SP_SET))
  (set (match_scratch:DI 2 "=&r") (const_int 0))
  (clobber (reg:CC FLAGS_REG))]
 "TARGET_64BIT"
 "mov{q}\t{%1, %2|%2, %1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2"
 [(set_attr "type" "multi")])

(define_insn "stack_tls_protect_set_si"
 [(set (match_operand:SI 0 "memory_operand" "=m")
       (unspec:SI [(match_operand:SI 1 "const_int_operand" "i")] UNSPEC_SP_TLS_SET))
  (set (match_scratch:SI 2 "=&r") (const_int 0))
  (clobber (reg:CC FLAGS_REG))]
 ""
 "mov{l}\t{%%gs:%P1, %2|%2, DWORD PTR gs:%P1}\;mov{l}\t{%2, %0|%0, %2}\;xor{l}\t%2, %2"
 [(set_attr "type" "multi")])

(define_insn "stack_tls_protect_set_di"
 [(set (match_operand:DI 0 "memory_operand" "=m")
       (unspec:DI [(match_operand:DI 1 "const_int_operand" "i")] UNSPEC_SP_TLS_SET))
  (set (match_scratch:DI 2 "=&r") (const_int 0))
  (clobber (reg:CC FLAGS_REG))]
 "TARGET_64BIT"
 {
    /* The kernel uses a different segment register for performance reasons; a
       system call would not have to trash the userspace segment register,
       which would be expensive */
    if (ix86_cmodel != CM_KERNEL)
       return "mov{q}\t{%%fs:%P1, %2|%2, QWORD PTR fs:%P1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2";
    else
       return "mov{q}\t{%%gs:%P1, %2|%2, QWORD PTR gs:%P1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2";
 }
 [(set_attr "type" "multi")])

(define_expand "stack_protect_test"
 [(match_operand 0 "memory_operand" "")
  (match_operand 1 "memory_operand" "")
  (match_operand 2 "" "")]
 ""
{
 rtx flags = gen_rtx_REG (CCZmode, FLAGS_REG);
 ix86_compare_op0 = operands[0];
 ix86_compare_op1 = operands[1];
 ix86_compare_emitted = flags;

#ifdef TARGET_THREAD_SSP_OFFSET
 if (TARGET_64BIT)
   emit_insn (gen_stack_tls_protect_test_di (flags, operands[0],
                                       GEN_INT (TARGET_THREAD_SSP_OFFSET)));
 else
   emit_insn (gen_stack_tls_protect_test_si (flags, operands[0],
                                       GEN_INT (TARGET_THREAD_SSP_OFFSET)));
#else
 if (TARGET_64BIT)
   emit_insn (gen_stack_protect_test_di (flags, operands[0], operands[1]));
 else
   emit_insn (gen_stack_protect_test_si (flags, operands[0], operands[1]));
#endif
 emit_jump_insn (gen_beq (operands[2]));
 DONE;
})

(define_insn "stack_protect_test_si"
 [(set (match_operand:CCZ 0 "flags_reg_operand" "")
       (unspec:CCZ [(match_operand:SI 1 "memory_operand" "m")
                    (match_operand:SI 2 "memory_operand" "m")]
                   UNSPEC_SP_TEST))
  (clobber (match_scratch:SI 3 "=&r"))]
 ""
 "mov{l}\t{%1, %3|%3, %1}\;xor{l}\t{%2, %3|%3, %2}"
 [(set_attr "type" "multi")])

(define_insn "stack_protect_test_di"
 [(set (match_operand:CCZ 0 "flags_reg_operand" "")
       (unspec:CCZ [(match_operand:DI 1 "memory_operand" "m")
                    (match_operand:DI 2 "memory_operand" "m")]
                   UNSPEC_SP_TEST))
  (clobber (match_scratch:DI 3 "=&r"))]
 "TARGET_64BIT"
 "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%2, %3|%3, %2}"
 [(set_attr "type" "multi")])

(define_insn "stack_tls_protect_test_si"
 [(set (match_operand:CCZ 0 "flags_reg_operand" "")
       (unspec:CCZ [(match_operand:SI 1 "memory_operand" "m")
                    (match_operand:SI 2 "const_int_operand" "i")]
                   UNSPEC_SP_TLS_TEST))
  (clobber (match_scratch:SI 3 "=r"))]
 ""
 "mov{l}\t{%1, %3|%3, %1}\;xor{l}\t{%%gs:%P2, %3|%3, DWORD PTR gs:%P2}"
 [(set_attr "type" "multi")])

(define_insn "stack_tls_protect_test_di"
 [(set (match_operand:CCZ 0 "flags_reg_operand" "")
       (unspec:CCZ [(match_operand:DI 1 "memory_operand" "m")
                    (match_operand:DI 2 "const_int_operand" "i")]
                   UNSPEC_SP_TLS_TEST))
  (clobber (match_scratch:DI 3 "=r"))]
 "TARGET_64BIT"
 {
    /* The kernel uses a different segment register for performance reasons; a
       system call would not have to trash the userspace segment register,
       which would be expensive */
    if (ix86_cmodel != CM_KERNEL)
       return "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%%fs:%P2, %3|%3, QWORD PTR fs:%P2}";
    else
       return "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%%gs:%P2, %3|%3, QWORD PTR gs:%P2}";
 }
 [(set_attr "type" "multi")])