[PATCH][ARM] ARMv8-M Security Extensions: Warn for unused result for some intrinsics

Andre Vieira (lists) Wed, 04 Jan 2017 03:22:47 -0800

Hello,

This patch adds the attribute "warn_unused_result" to the following
intrinsics:
__cmse_TT{,A,AT,T}_fptr
cmse_TT{,A,AT,T}
cmse_nonsecure_caller
cmse_check_address_range


If the result of these intrinsics is not used it means the result of the
checks they perform are never used and that could become the source of a
security vulnerability in the user's code.  We hope this will limit these.

Due to the current limitations of "warn_unused_result", adding them to
the __cmse_TT*_fptr intrinsics is pointless since the user will most
likely use the macro 'cmse_TT*_fptr' instead, which casts the result of
__cmse_TT*_fptr and that seems to be enough to count as a "use". I
decided to leave them in there anyway in case the warning becomes a bit
smarter in the future. Warnings for cmse_check_pointed_object will never
be issued for the same reason. Also if you assign the result of any of
these intrinsics to a variable you never use, you will only get a
warning about an unused variable, though this warning is not turned on
by default.

Ran cmse regression tests for arm-none-eabi both ARMv8-M Baseline and
Mainline.

Is this OK for stage 3?

Cheers,
Andre

gcc/ChangeLog:
2017-01-04  Andre Vieira  <andre.simoesdiasvie...@arm.com>

        * config/gcc/arm_cmse.h (__cmse_TT_fptr,__cmse_TTA_fptr,
        __cmse_TTAT_fptr,__cmse_TTT_fptr,cmse_TT, cmse_TTA, cmse_TTAT,
        cmse_TTT, cmse_nonsecure_caller, cmse_check_address_range):
        Add warn_unused_result attribute to function declaration.

gcc/testsuite/ChangeLog:
2017-01-04  Andre Vieira  <andre.simoesdiasvie...@arm.com>

        * gcc.target/arm/cmse/cmse-3.c: Add warning tests for the
        warn_unused_result warning.

diff --git a/gcc/config/arm/arm_cmse.h b/gcc/config/arm/arm_cmse.h
index 
82b58b1c4f4a12ba6062e2cc2632653788d0eeb7..d37f4e2b446c3c80d56af8b633323837f327973f
 100644
--- a/gcc/config/arm/arm_cmse.h
+++ b/gcc/config/arm/arm_cmse.h
@@ -116,11 +116,13 @@ typedef void (*__cmse_fptr)(void);
 }
 
 __extension__ static __inline __attribute__ ((__always_inline__))
+__attribute__ ((__warn_unused_result__))
 cmse_address_info_t
 __cmse_TT_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM ()
 
 __extension__ static __inline __attribute__ ((__always_inline__))
+__attribute__ ((__warn_unused_result__))
 cmse_address_info_t
 cmse_TT (void *__p)
 __CMSE_TT_ASM ()
@@ -128,11 +130,13 @@ __CMSE_TT_ASM ()
 #define cmse_TTT_fptr(p) (__cmse_TTT_fptr ((__cmse_fptr)(p)))
 
 __extension__ static __inline __attribute__ ((__always_inline__))
+__attribute__ ((__warn_unused_result__))
 cmse_address_info_t
 __cmse_TTT_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM (t)
 
 __extension__ static __inline __attribute__ ((__always_inline__))
+__attribute__ ((__warn_unused_result__))
 cmse_address_info_t
 cmse_TTT (void *__p)
 __CMSE_TT_ASM (t)
@@ -142,11 +146,13 @@ __CMSE_TT_ASM (t)
 #define cmse_TTA_fptr(p) (__cmse_TTA_fptr ((__cmse_fptr)(p)))
 
 __extension__ static __inline __attribute__ ((__always_inline__))
+__attribute__ ((__warn_unused_result__))
 cmse_address_info_t
 __cmse_TTA_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM (a)
 
 __extension__ static __inline __attribute__ ((__always_inline__))
+__attribute__ ((__warn_unused_result__))
 cmse_address_info_t
 cmse_TTA (void *__p)
 __CMSE_TT_ASM (a)
@@ -154,17 +160,18 @@ __CMSE_TT_ASM (a)
 #define cmse_TTAT_fptr(p) (__cmse_TTAT_fptr ((__cmse_fptr)(p)))
 
 __extension__ static __inline cmse_address_info_t
-__attribute__ ((__always_inline__))
+__attribute__ ((__always_inline__, __warn_unused_result__))
 __cmse_TTAT_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM (at)
 
 __extension__ static __inline cmse_address_info_t
-__attribute__ ((__always_inline__))
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_TTAT (void *__p)
 __CMSE_TT_ASM (at)
 
 /* FIXME: diagnose use outside cmse_nonsecure_entry functions.  */
-__extension__ static __inline int __attribute__ ((__always_inline__))
+__extension__ static __inline int
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_nonsecure_caller (void)
 {
   return __builtin_arm_cmse_nonsecure_caller ();
@@ -184,7 +191,7 @@ cmse_nonsecure_caller (void)
 #define CMSE_MPU_READWRITE     1
 #define CMSE_MPU_READ          8
 
-__extension__ void *
+__extension__ void * __attribute__ ((__warn_unused_result__))
 cmse_check_address_range (void *, size_t, int);
 
 #define cmse_check_pointed_object(p, f) \
diff --git a/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c 
b/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c
index 
7f92a4c28b3333e4c8fdc256211f3ed74a383cd4..fd3cd282546b9eee10b7d5730f9096084502c492
 100644
--- a/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c
+++ b/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c
@@ -43,3 +43,12 @@ typedef void __attribute__ ((cmse_nonsecure_call)) baz2 
(long long a, int b, str
 typedef struct span __attribute__ ((cmse_nonsecure_call)) qux2 (void); /* { 
dg-error "not available to functions that return value on the stack" } */
 
 typedef void __attribute__ ((cmse_nonsecure_call)) norf2 (int a, ...); /* { 
dg-error "not available to functions with variable number of arguments" } */
+
+#include <arm_cmse.h>
+
+void foo3 (void * p, size_t s, int r)
+{
+  cmse_TT (p); /* { dg-warning "ignoring return value of" } */
+  cmse_check_address_range (p, s, r); /* { dg-warning "ignoring return value 
of" } */
+  cmse_nonsecure_caller (); /* { dg-warning "ignoring return value of" } */
+}

[PATCH][ARM] ARMv8-M Security Extensions: Warn for unused result for some intrinsics

Reply via email to