diff mbox

[ARM] ARMv8-M Security Extensions: Warn for unused result for some intrinsics

Message ID 586CF2FF.30709@arm.com
State New
Headers show

Commit Message

Andre Vieira (lists) Jan. 4, 2017, 1:05 p.m. UTC 
On 04/01/17 11:30, Kyrill Tkachov wrote:
> Hi Andre,
> 
> On 04/01/17 11:21, Andre Vieira (lists) wrote:
>> Hello,
>>
>> This patch adds the attribute "warn_unused_result" to the following
>> intrinsics:
>> __cmse_TT{,A,AT,T}_fptr
>> cmse_TT{,A,AT,T}
>> cmse_nonsecure_caller
>> cmse_check_address_range
>>
>> If the result of these intrinsics is not used it means the result of the
>> checks they perform are never used and that could become the source of a
>> security vulnerability in the user's code.  We hope this will limit
>> these.
>>
>> Due to the current limitations of "warn_unused_result", adding them to
>> the __cmse_TT*_fptr intrinsics is pointless since the user will most
>> likely use the macro 'cmse_TT*_fptr' instead, which casts the result of
>> __cmse_TT*_fptr and that seems to be enough to count as a "use". I
>> decided to leave them in there anyway in case the warning becomes a bit
>> smarter in the future. Warnings for cmse_check_pointed_object will never
>> be issued for the same reason. Also if you assign the result of any of
>> these intrinsics to a variable you never use, you will only get a
>> warning about an unused variable, though this warning is not turned on
>> by default.
>>
>> Ran cmse regression tests for arm-none-eabi both ARMv8-M Baseline and
>> Mainline.
>>
>> Is this OK for stage 3?
>>
>> Cheers,
>> Andre
>>
>> gcc/ChangeLog:
>> 2017-01-04  Andre Vieira  <andre.simoesdiasvieira@arm.com>
>>
>>          * config/gcc/arm_cmse.h (__cmse_TT_fptr,__cmse_TTA_fptr,
>>          __cmse_TTAT_fptr,__cmse_TTT_fptr,cmse_TT, cmse_TTA, cmse_TTAT,
>>          cmse_TTT, cmse_nonsecure_caller, cmse_check_address_range):
>>          Add warn_unused_result attribute to function declaration.
>>
>> gcc/testsuite/ChangeLog:
>> 2017-01-04  Andre Vieira  <andre.simoesdiasvieira@arm.com>
>>
>>          * gcc.target/arm/cmse/cmse-3.c: Add warning tests for the
>>          warn_unused_result warning.
> 
> 
> diff --git a/gcc/config/arm/arm_cmse.h b/gcc/config/arm/arm_cmse.h
> index
> 82b58b1c4f4a12ba6062e2cc2632653788d0eeb7..d37f4e2b446c3c80d56af8b633323837f327973f
> 100644
> --- a/gcc/config/arm/arm_cmse.h
> +++ b/gcc/config/arm/arm_cmse.h
> @@ -116,11 +116,13 @@ typedef void (*__cmse_fptr)(void);
>  }
>  
>  __extension__ static __inline __attribute__ ((__always_inline__))
> +__attribute__ ((__warn_unused_result__))
> 
> Don't add a second __attribute__ annotation, change the first one to be:
>  __attribute__ ((__always_inline__, __warn_unused_result__))
> 
> 
> Ok with that change.
> Thanks,
> Kyrill
> 
Hi Kyrill,

Missed that for some reason...

Changes don't affect ChangeLogs.

Cheers,
Andre
diff mbox

Patch

diff --git a/gcc/config/arm/arm_cmse.h b/gcc/config/arm/arm_cmse.h
index 82b58b1c4f4a12ba6062e2cc2632653788d0eeb7..04983582dac633b649d08ce673e0678c059acf05 100644
--- a/gcc/config/arm/arm_cmse.h
+++ b/gcc/config/arm/arm_cmse.h
@@ -115,24 +115,28 @@  typedef void (*__cmse_fptr)(void);
   return __result; \
 }
 
-__extension__ static __inline __attribute__ ((__always_inline__))
+__extension__ static __inline
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_address_info_t
 __cmse_TT_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM ()
 
-__extension__ static __inline __attribute__ ((__always_inline__))
+__extension__ static __inline
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_address_info_t
 cmse_TT (void *__p)
 __CMSE_TT_ASM ()
 
 #define cmse_TTT_fptr(p) (__cmse_TTT_fptr ((__cmse_fptr)(p)))
 
-__extension__ static __inline __attribute__ ((__always_inline__))
+__extension__ static __inline
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_address_info_t
 __cmse_TTT_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM (t)
 
-__extension__ static __inline __attribute__ ((__always_inline__))
+__extension__ static __inline
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_address_info_t
 cmse_TTT (void *__p)
 __CMSE_TT_ASM (t)
@@ -141,12 +145,14 @@  __CMSE_TT_ASM (t)
 
 #define cmse_TTA_fptr(p) (__cmse_TTA_fptr ((__cmse_fptr)(p)))
 
-__extension__ static __inline __attribute__ ((__always_inline__))
+__extension__ static __inline
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_address_info_t
 __cmse_TTA_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM (a)
 
-__extension__ static __inline __attribute__ ((__always_inline__))
+__extension__ static __inline
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_address_info_t
 cmse_TTA (void *__p)
 __CMSE_TT_ASM (a)
@@ -154,17 +160,18 @@  __CMSE_TT_ASM (a)
 #define cmse_TTAT_fptr(p) (__cmse_TTAT_fptr ((__cmse_fptr)(p)))
 
 __extension__ static __inline cmse_address_info_t
-__attribute__ ((__always_inline__))
+__attribute__ ((__always_inline__, __warn_unused_result__))
 __cmse_TTAT_fptr (__cmse_fptr __p)
 __CMSE_TT_ASM (at)
 
 __extension__ static __inline cmse_address_info_t
-__attribute__ ((__always_inline__))
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_TTAT (void *__p)
 __CMSE_TT_ASM (at)
 
 /* FIXME: diagnose use outside cmse_nonsecure_entry functions.  */
-__extension__ static __inline int __attribute__ ((__always_inline__))
+__extension__ static __inline int
+__attribute__ ((__always_inline__, __warn_unused_result__))
 cmse_nonsecure_caller (void)
 {
   return __builtin_arm_cmse_nonsecure_caller ();
@@ -184,7 +191,7 @@  cmse_nonsecure_caller (void)
 #define CMSE_MPU_READWRITE	1
 #define CMSE_MPU_READ		8
 
-__extension__ void *
+__extension__ void * __attribute__ ((__warn_unused_result__))
 cmse_check_address_range (void *, size_t, int);
 
 #define cmse_check_pointed_object(p, f) \
diff --git a/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c b/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c
index 7f92a4c28b3333e4c8fdc256211f3ed74a383cd4..fd3cd282546b9eee10b7d5730f9096084502c492 100644
--- a/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c
+++ b/gcc/testsuite/gcc.target/arm/cmse/cmse-3.c
@@ -43,3 +43,12 @@  typedef void __attribute__ ((cmse_nonsecure_call)) baz2 (long long a, int b, str
 typedef struct span __attribute__ ((cmse_nonsecure_call)) qux2 (void); /* { dg-error "not available to functions that return value on the stack" } */
 
 typedef void __attribute__ ((cmse_nonsecure_call)) norf2 (int a, ...); /* { dg-error "not available to functions with variable number of arguments" } */
+
+#include <arm_cmse.h>
+
+void foo3 (void * p, size_t s, int r)
+{
+  cmse_TT (p); /* { dg-warning "ignoring return value of" } */
+  cmse_check_address_range (p, s, r); /* { dg-warning "ignoring return value of" } */
+  cmse_nonsecure_caller (); /* { dg-warning "ignoring return value of" } */
+}