+++ /dev/null
-diff -uNr gcc-3.4.3.orig/gcc/calls.c gcc-3.4.3/gcc/calls.c
---- gcc-3.4.3.orig/gcc/calls.c 2004-06-24 09:26:50.000000000 +0200
-+++ gcc-3.4.3/gcc/calls.c 2004-11-24 18:35:31.000000000 +0100
-@@ -2321,8 +2321,12 @@
- {
- /* For variable-sized objects, we must be called with a target
- specified. If we were to allocate space on the stack here,
-- we would have no way of knowing when to free it. */
-- rtx d = assign_temp (TREE_TYPE (exp), 1, 1, 1);
-+ we would have no way of knowing when to free it.
-+
-+ This is the structure of a function return object and it isn't
-+ a character array for the stack protection, so it is
-+ marked using the assignment of the KEEP argument to 5. */
-+ rtx d = assign_temp (TREE_TYPE (exp), 5, 1, 1);
-
- mark_temp_addr_taken (d);
- structure_value_addr = XEXP (d, 0);
-diff -uNr gcc-3.4.3.orig/gcc/c-cppbuiltin.c gcc-3.4.3/gcc/c-cppbuiltin.c
---- gcc-3.4.3.orig/gcc/c-cppbuiltin.c 2004-03-04 11:24:54.000000000 +0100
-+++ gcc-3.4.3/gcc/c-cppbuiltin.c 2004-11-24 18:35:31.000000000 +0100
-@@ -408,6 +408,12 @@
- if (c_dialect_objc () && flag_next_runtime)
- cpp_define (pfile, "__NEXT_RUNTIME__");
-
-+ /* Make the choice of the stack protector runtime visible to source code. */
-+ if (flag_propolice_protection)
-+ cpp_define (pfile, "__SSP__=1");
-+ if (flag_stack_protection)
-+ cpp_define (pfile, "__SSP_ALL__=2");
-+
- /* A straightforward target hook doesn't work, because of problems
- linking that hook's body when part of non-C front ends. */
- # define preprocessing_asm_p() (cpp_get_options (pfile)->lang == CLK_ASM)
-diff -uNr gcc-3.4.3.orig/gcc/combine.c gcc-3.4.3/gcc/combine.c
---- gcc-3.4.3.orig/gcc/combine.c 2004-10-13 01:35:29.000000000 +0200
-+++ gcc-3.4.3/gcc/combine.c 2004-11-24 18:35:31.000000000 +0100
-@@ -1401,6 +1401,10 @@
- && ! fixed_regs[REGNO (dest)]
- && CLASS_LIKELY_SPILLED_P (REGNO_REG_CLASS (REGNO (dest))))))
- return 1;
-+ /* Never combine loads and stores protecting argument that use set insn
-+ with used flag on. */
-+ if (SET_VOLATILE_P (set))
-+ return 1;
-
- return 0;
- }
-@@ -3781,7 +3785,20 @@
- rtx inner_op0 = XEXP (XEXP (x, 0), 1);
- rtx inner_op1 = XEXP (x, 1);
- rtx inner;
--
-+
-+#ifndef FRAME_GROWS_DOWNWARD
-+ /* For the case where the frame grows upward,
-+ the stack protector keeps the offset of the frame pointer
-+ positive integer. */
-+ if (flag_propolice_protection
-+ && code == PLUS
-+ && other == frame_pointer_rtx
-+ && GET_CODE (inner_op0) == CONST_INT
-+ && GET_CODE (inner_op1) == CONST_INT
-+ && INTVAL (inner_op0) > 0
-+ && INTVAL (inner_op0) + INTVAL (inner_op1) <= 0)
-+ return x;
-+#endif
- /* Make sure we pass the constant operand if any as the second
- one if this is a commutative operation. */
- if (CONSTANT_P (inner_op0) && GET_RTX_CLASS (code) == 'c')
-@@ -4146,6 +4163,13 @@
- they are now checked elsewhere. */
- if (GET_CODE (XEXP (x, 0)) == PLUS
- && CONSTANT_ADDRESS_P (XEXP (XEXP (x, 0), 1)))
-+#ifndef FRAME_GROWS_DOWNWARD
-+ /* The stack protector keeps the addressing style of a local variable
-+ to be able to change its stack position. */
-+ if (! (flag_propolice_protection
-+ && XEXP (XEXP (x, 0), 0) == frame_pointer_rtx
-+ && GET_CODE (XEXP (XEXP (x, 0), 1)) == CONST_INT))
-+#endif
- return gen_binary (PLUS, mode,
- gen_binary (PLUS, mode, XEXP (XEXP (x, 0), 0),
- XEXP (x, 1)),
-@@ -4273,8 +4297,14 @@
- }
-
- /* Canonicalize (minus A (plus B C)) to (minus (minus A B) C) for
-- integers. */
-- if (GET_CODE (XEXP (x, 1)) == PLUS && INTEGRAL_MODE_P (mode))
-+ integers.
-+
-+ The stack protector keeps the addressing style of
-+ a local variable. */
-+ if (GET_CODE (XEXP (x, 1)) == PLUS && INTEGRAL_MODE_P (mode)
-+ && (! (flag_propolice_protection
-+ && XEXP (XEXP (x, 1), 0) == frame_pointer_rtx
-+ && GET_CODE (XEXP (XEXP (x, 1), 1)) == CONST_INT)))
- return gen_binary (MINUS, mode,
- gen_binary (MINUS, mode, XEXP (x, 0),
- XEXP (XEXP (x, 1), 0)),
-diff -uNr gcc-3.4.3.orig/gcc/common.opt gcc-3.4.3/gcc/common.opt
---- gcc-3.4.3.orig/gcc/common.opt 2004-11-24 18:04:19.000000000 +0100
-+++ gcc-3.4.3/gcc/common.opt 2004-11-24 18:35:31.000000000 +0100
-@@ -152,6 +152,10 @@
- Common
- Warn when a variable is unused
-
-+Wstack-protector
-+Common
-+Warn when not issuing stack smashing protection for some reason
-+
- aux-info
- Common Separate
- -aux-info <file> Emit declaration information into <file>
-@@ -743,6 +747,14 @@
- Common
- Put zero initialized data in the bss section
-
-+fstack-protector
-+Common
-+Enables stack protection
-+
-+fstack-protector-all
-+Common
-+Enables stack protection of every function
-+
- g
- Common JoinedOrMissing
- Generate debug information in default format
-diff -uNr gcc-3.4.3.orig/gcc/config/arm/arm.md gcc-3.4.3/gcc/config/arm/arm.md
---- gcc-3.4.3.orig/gcc/config/arm/arm.md 2004-08-25 17:46:19.000000000 +0200
-+++ gcc-3.4.3/gcc/config/arm/arm.md 2004-11-24 18:35:31.000000000 +0100
-@@ -3840,7 +3840,13 @@
- (match_operand:DI 1 "general_operand" ""))]
- "TARGET_EITHER"
- "
-- if (TARGET_THUMB)
-+ if (TARGET_ARM)
-+ {
-+ /* Everything except mem = const or mem = mem can be done easily */
-+ if (GET_CODE (operands[0]) == MEM)
-+ operands[1] = force_reg (DImode, operands[1]);
-+ }
-+ else /* TARGET_THUMB.... */
- {
- if (!no_new_pseudos)
- {
-diff -uNr gcc-3.4.3.orig/gcc/config/t-linux gcc-3.4.3/gcc/config/t-linux
---- gcc-3.4.3.orig/gcc/config/t-linux 2003-09-23 20:55:57.000000000 +0200
-+++ gcc-3.4.3/gcc/config/t-linux 2004-11-24 18:35:31.000000000 +0100
-@@ -1,7 +1,7 @@
- # Compile crtbeginS.o and crtendS.o with pic.
- CRTSTUFF_T_CFLAGS_S = $(CRTSTUFF_T_CFLAGS) -fPIC
- # Compile libgcc2.a with pic.
--TARGET_LIBGCC2_CFLAGS = -fPIC
-+TARGET_LIBGCC2_CFLAGS = -fPIC -DHAVE_SYSLOG
-
- # Override t-slibgcc-elf-ver to export some libgcc symbols with
- # the symbol versions that glibc used.
-diff -uNr gcc-3.4.3.orig/gcc/configure gcc-3.4.3/gcc/configure
---- gcc-3.4.3.orig/gcc/configure 2004-11-05 05:14:05.000000000 +0100
-+++ gcc-3.4.3/gcc/configure 2004-11-24 18:44:13.000000000 +0100
-@@ -4809,6 +4809,9 @@
- fi;
-
-
-+ENABLESSP=""
-+
-+
- # -------------------------
- # Checks for other programs
- # -------------------------
-@@ -13036,6 +13039,7 @@
- s,@TARGET_SYSTEM_ROOT_DEFINE@,$TARGET_SYSTEM_ROOT_DEFINE,;t t
- s,@CROSS_SYSTEM_HEADER_DIR@,$CROSS_SYSTEM_HEADER_DIR,;t t
- s,@onestep@,$onestep,;t t
-+s,@ENABLESSP@,$ENABLESSP,;t t
- s,@SET_MAKE@,$SET_MAKE,;t t
- s,@AWK@,$AWK,;t t
- s,@LN@,$LN,;t t
-diff -uNr gcc-3.4.3.orig/gcc/configure.ac gcc-3.4.3/gcc/configure.ac
---- gcc-3.4.3.orig/gcc/configure.ac 2004-11-24 18:04:19.000000000 +0100
-+++ gcc-3.4.3/gcc/configure.ac 2004-11-24 18:46:57.000000000 +0100
-@@ -613,6 +613,9 @@
- [onestep=""])
- AC_SUBST(onestep)
-
-+ENABLESSP=""
-+AC_SUBST(ENABLESSP)
-+
- # -------------------------
- # Checks for other programs
- # -------------------------
-diff -uNr gcc-3.4.3.orig/gcc/cse.c gcc-3.4.3/gcc/cse.c
---- gcc-3.4.3.orig/gcc/cse.c 2004-10-26 20:05:42.000000000 +0200
-+++ gcc-3.4.3/gcc/cse.c 2004-11-24 18:35:31.000000000 +0100
-@@ -4212,7 +4212,14 @@
-
- if (new_const == 0)
- break;
--
-+#ifndef FRAME_GROWS_DOWNWARD
-+ if (flag_propolice_protection
-+ && GET_CODE (y) == PLUS
-+ && XEXP (y, 0) == frame_pointer_rtx
-+ && INTVAL (inner_const) > 0
-+ && INTVAL (new_const) <= 0)
-+ break;
-+#endif
- /* If we are associating shift operations, don't let this
- produce a shift of the size of the object or larger.
- This could occur when we follow a sign-extend by a right
-@@ -4744,6 +4751,14 @@
- if (SET_DEST (x) == pc_rtx
- && GET_CODE (SET_SRC (x)) == LABEL_REF)
- ;
-+ /* cut the reg propagation of stack-protected argument. */
-+ else if (SET_VOLATILE_P (x)) {
-+ rtx x1 = SET_DEST (x);
-+ if (GET_CODE (x1) == SUBREG && GET_CODE (SUBREG_REG (x1)) == REG)
-+ x1 = SUBREG_REG (x1);
-+ if (! REGNO_QTY_VALID_P(REGNO (x1)))
-+ make_new_qty (REGNO (x1), GET_MODE (x1));
-+ }
-
- /* Don't count call-insns, (set (reg 0) (call ...)), as a set.
- The hard function value register is used only once, to copy to
-diff -uNr gcc-3.4.3.orig/gcc/doc/invoke.texi gcc-3.4.3/gcc/doc/invoke.texi
---- gcc-3.4.3.orig/gcc/doc/invoke.texi 2004-11-24 18:04:19.000000000 +0100
-+++ gcc-3.4.3/gcc/doc/invoke.texi 2004-11-24 18:35:32.000000000 +0100
-@@ -228,7 +228,7 @@
- -Wno-multichar -Wnonnull -Wpacked -Wpadded @gol
- -Wparentheses -Wpointer-arith -Wredundant-decls @gol
- -Wreturn-type -Wsequence-point -Wshadow @gol
---Wsign-compare -Wstrict-aliasing @gol
-+-Wsign-compare -Wstack-protector -Wstrict-aliasing @gol
- -Wswitch -Wswitch-default -Wswitch-enum @gol
- -Wsystem-headers -Wtrigraphs -Wundef -Wuninitialized @gol
- -Wunknown-pragmas -Wunreachable-code @gol
-@@ -673,6 +673,7 @@
- -fshort-double -fshort-wchar @gol
- -fverbose-asm -fpack-struct -fstack-check @gol
- -fstack-limit-register=@var{reg} -fstack-limit-symbol=@var{sym} @gol
-+-fstack-protector -fstack-protector-all @gol
- -fargument-alias -fargument-noalias @gol
- -fargument-noalias-global -fleading-underscore @gol
- -ftls-model=@var{model} @gol
-@@ -3006,6 +3007,10 @@
- complex; GCC will refuse to optimize programs when the optimization
- itself is likely to take inordinate amounts of time.
-
-+@item -Wstack-protector
-+@opindex Wstack-protector
-+Warn when not issuing stack smashing protection for some reason.
-+
- @item -Werror
- @opindex Werror
- Make all warnings into errors.
-@@ -11202,6 +11207,24 @@
- @option{-Wl,--defsym,__stack_limit=0x7ffe0000} to enforce a stack limit
- of 128KB@. Note that this may only work with the GNU linker.
-
-+@item -fstack-protector
-+@item -fstack-protector-all
-+@opindex fstack-protector
-+@opindex fstack-protector-all
-+@opindex fno-stack-protector
-+Generate code to protect an application from a stack smashing
-+attack. The features are (1) the insertion of random value next to the
-+frame pointer to detect the integrity of the stack, (2) the reordering
-+of local variables to place buffers after pointers to avoid the
-+corruption of pointers that could be used to further corrupt arbitrary
-+memory locations, (3) the copying of pointers in function arguments to
-+an area preceding local variable buffers to prevent the corruption of
-+pointers that could be used to further corrupt arbitrary memory
-+locations, and the (4) omission of instrumentation code from some
-+functions to decrease the performance overhead. If the integrity
-+would be broken, the program is aborted. If stack-protector-all is
-+specified, instrumentation codes are generated at every functions.
-+
- @cindex aliasing of parameters
- @cindex parameters, aliased
- @item -fargument-alias
-diff -uNr gcc-3.4.3.orig/gcc/explow.c gcc-3.4.3/gcc/explow.c
---- gcc-3.4.3.orig/gcc/explow.c 2004-04-03 01:05:26.000000000 +0200
-+++ gcc-3.4.3/gcc/explow.c 2004-11-24 18:35:31.000000000 +0100
-@@ -84,7 +84,8 @@
- rtx tem;
- int all_constant = 0;
-
-- if (c == 0)
-+ if (c == 0
-+ && ! (flag_propolice_protection && x == virtual_stack_vars_rtx))
- return x;
-
- restart:
-@@ -185,7 +186,10 @@
- break;
- }
-
-- if (c != 0)
-+ /* For the use of stack protection, keep the frame and offset pattern
-+ even if the offset is zero. */
-+ if (c != 0
-+ || (flag_propolice_protection && x == virtual_stack_vars_rtx))
- x = gen_rtx_PLUS (mode, x, GEN_INT (c));
-
- if (GET_CODE (x) == SYMBOL_REF || GET_CODE (x) == LABEL_REF)
-@@ -474,6 +478,26 @@
- if (memory_address_p (mode, oldx))
- goto win2;
-
-+ /* The stack protector keeps the addressing style of a local variable.
-+ LEGITIMIZE_ADDRESS changes the addressing to the machine-dependent
-+ style, so the protector split the frame address to a register using
-+ force_reg. */
-+ if (flag_propolice_protection)
-+ {
-+#define FRAMEADDR_P(X) (GET_CODE (X) == PLUS \
-+ && XEXP (X, 0) == virtual_stack_vars_rtx \
-+ && GET_CODE (XEXP (X, 1)) == CONST_INT)
-+ rtx y;
-+ if (FRAMEADDR_P (x))
-+ goto win;
-+ for (y = x; y != 0 && GET_CODE (y) == PLUS; y = XEXP (y, 0))
-+ {
-+ if (FRAMEADDR_P (XEXP (y, 0)))
-+ XEXP (y, 0) = force_reg (GET_MODE (XEXP (y, 0)), XEXP (y, 0));
-+ if (FRAMEADDR_P (XEXP (y, 1)))
-+ XEXP (y, 1) = force_reg (GET_MODE (XEXP (y, 1)), XEXP (y, 1));
-+ }
-+ }
- /* Perform machine-dependent transformations on X
- in certain cases. This is not necessary since the code
- below can handle all possible cases, but machine-dependent
-diff -uNr gcc-3.4.3.orig/gcc/expr.c gcc-3.4.3/gcc/expr.c
---- gcc-3.4.3.orig/gcc/expr.c 2004-05-27 21:35:17.000000000 +0200
-+++ gcc-3.4.3/gcc/expr.c 2004-11-24 18:35:31.000000000 +0100
-@@ -48,6 +48,7 @@
- #include "intl.h"
- #include "tm_p.h"
- #include "target.h"
-+#include "protector.h"
-
- /* Decide whether a function's arguments should be processed
- from first to last or from last to first.
-@@ -1060,7 +1061,11 @@
-
- If ENDP is 0 return to, if ENDP is 1 return memory at the end ala
- mempcpy, and if ENDP is 2 return memory the end minus one byte ala
-- stpcpy. */
-+ stpcpy.
-+
-+ When the stack protector is used at the reverse move, it starts the move
-+ instruction from the address within the region of a variable.
-+ So it eliminates the first address decrement instruction. */
-
- rtx
- move_by_pieces (rtx to, rtx from, unsigned HOST_WIDE_INT len,
-@@ -1123,6 +1128,8 @@
-
- if (USE_LOAD_PRE_DECREMENT (mode) && data.reverse && ! data.autinc_from)
- {
-+ if (flag_propolice_protection)
-+ len = len - GET_MODE_SIZE (mode);
- data.from_addr = copy_addr_to_reg (plus_constant (from_addr, len));
- data.autinc_from = 1;
- data.explicit_inc_from = -1;
-@@ -1137,6 +1144,8 @@
- data.from_addr = copy_addr_to_reg (from_addr);
- if (USE_STORE_PRE_DECREMENT (mode) && data.reverse && ! data.autinc_to)
- {
-+ if (flag_propolice_protection)
-+ len = len - GET_MODE_SIZE (mode);
- data.to_addr = copy_addr_to_reg (plus_constant (to_addr, len));
- data.autinc_to = 1;
- data.explicit_inc_to = -1;
-@@ -1280,11 +1289,15 @@
- from1 = adjust_address (data->from, mode, data->offset);
-
- if (HAVE_PRE_DECREMENT && data->explicit_inc_to < 0)
-- emit_insn (gen_add2_insn (data->to_addr,
-- GEN_INT (-(HOST_WIDE_INT)size)));
-+ /* The stack protector skips the first address decrement instruction
-+ at the reverse move. */
-+ if (!flag_propolice_protection || data->explicit_inc_to < -1)
-+ emit_insn (gen_add2_insn (data->to_addr,
-+ GEN_INT (-(HOST_WIDE_INT)size)));
- if (HAVE_PRE_DECREMENT && data->explicit_inc_from < 0)
-- emit_insn (gen_add2_insn (data->from_addr,
-- GEN_INT (-(HOST_WIDE_INT)size)));
-+ if (!flag_propolice_protection || data->explicit_inc_from < -1)
-+ emit_insn (gen_add2_insn (data->from_addr,
-+ GEN_INT (-(HOST_WIDE_INT)size)));
-
- if (data->to)
- emit_insn ((*genfun) (to1, from1));
-@@ -2475,7 +2488,12 @@
-
- if (USE_STORE_PRE_DECREMENT (mode) && data->reverse && ! data->autinc_to)
- {
-- data->to_addr = copy_addr_to_reg (plus_constant (to_addr, data->len));
-+ int len = data->len;
-+ /* The stack protector starts the store instruction from
-+ the address within the region of a variable. */
-+ if (flag_propolice_protection)
-+ len -= GET_MODE_SIZE (mode);
-+ data->to_addr = copy_addr_to_reg (plus_constant (to_addr, len));
- data->autinc_to = 1;
- data->explicit_inc_to = -1;
- }
-@@ -2544,8 +2562,11 @@
- to1 = adjust_address (data->to, mode, data->offset);
-
- if (HAVE_PRE_DECREMENT && data->explicit_inc_to < 0)
-- emit_insn (gen_add2_insn (data->to_addr,
-- GEN_INT (-(HOST_WIDE_INT) size)));
-+ /* The stack protector skips the first address decrement instruction
-+ at the reverse store. */
-+ if (!flag_propolice_protection || data->explicit_inc_to < -1)
-+ emit_insn (gen_add2_insn (data->to_addr,
-+ GEN_INT (-(HOST_WIDE_INT) size)));
-
- cst = (*data->constfun) (data->constfundata, data->offset, mode);
- emit_insn ((*genfun) (to1, cst));
-@@ -5701,7 +5722,9 @@
- && GET_CODE (XEXP (value, 0)) == PLUS
- && GET_CODE (XEXP (XEXP (value, 0), 0)) == REG
- && REGNO (XEXP (XEXP (value, 0), 0)) >= FIRST_VIRTUAL_REGISTER
-- && REGNO (XEXP (XEXP (value, 0), 0)) <= LAST_VIRTUAL_REGISTER)
-+ && REGNO (XEXP (XEXP (value, 0), 0)) <= LAST_VIRTUAL_REGISTER
-+ && (!flag_propolice_protection
-+ || XEXP (XEXP (value, 0), 0) != virtual_stack_vars_rtx))
- {
- rtx temp = expand_simple_binop (GET_MODE (value), code,
- XEXP (XEXP (value, 0), 0), op2,
-diff -uNr gcc-3.4.3.orig/gcc/flags.h gcc-3.4.3/gcc/flags.h
---- gcc-3.4.3.orig/gcc/flags.h 2004-11-24 18:04:19.000000000 +0100
-+++ gcc-3.4.3/gcc/flags.h 2004-11-24 18:35:31.492689688 +0100
-@@ -210,6 +210,10 @@
-
- extern bool warn_strict_aliasing;
-
-+/* Warn when not issuing stack smashing protection for some reason. */
-+
-+extern bool warn_stack_protector;
-+
- /* Nonzero if generating code to do profiling. */
-
- extern int profile_flag;
-@@ -795,4 +799,12 @@
- #define HONOR_SIGN_DEPENDENT_ROUNDING(MODE) \
- (MODE_HAS_SIGN_DEPENDENT_ROUNDING (MODE) && flag_rounding_math)
-
-+/* Nonzero means use propolice as a stack protection method. */
-+
-+extern int flag_propolice_protection;
-+
-+/* Nonzero means use a stack protection method for every function. */
-+
-+extern int flag_stack_protection;
-+
- #endif /* ! GCC_FLAGS_H */
-diff -uNr gcc-3.4.3.orig/gcc/function.c gcc-3.4.3/gcc/function.c
---- gcc-3.4.3.orig/gcc/function.c 2004-10-14 01:18:13.000000000 +0200
-+++ gcc-3.4.3/gcc/function.c 2004-11-24 18:35:31.542682088 +0100
-@@ -63,6 +63,7 @@
- #include "integrate.h"
- #include "langhooks.h"
- #include "target.h"
-+#include "protector.h"
-
- #ifndef TRAMPOLINE_ALIGNMENT
- #define TRAMPOLINE_ALIGNMENT FUNCTION_BOUNDARY
-@@ -155,6 +156,10 @@
- /* Array of INSN_UIDs to hold the INSN_UIDs for each sibcall epilogue
- in this function. */
- static GTY(()) varray_type sibcall_epilogue;
-+
-+/* Current boundary mark for character arrays. */
-+static int temp_boundary_mark = 0;
-+
- \f
- /* In order to evaluate some expressions, such as function calls returning
- structures in memory, we need to temporarily allocate stack locations.
-@@ -208,6 +213,8 @@
- /* The size of the slot, including extra space for alignment. This
- info is for combine_temp_slots. */
- HOST_WIDE_INT full_size;
-+ /* Boundary mark of a character array and the others. This info is for propolice. */
-+ int boundary_mark;
- };
- \f
- /* This structure is used to record MEMs or pseudos used to replace VAR, any
-@@ -638,6 +645,7 @@
- whose lifetime is controlled by CLEANUP_POINT_EXPRs. KEEP is 3
- if we are to allocate something at an inner level to be treated as
- a variable in the block (e.g., a SAVE_EXPR).
-+ KEEP is 5 if we allocate a place to return structure.
-
- TYPE is the type that will be used for the stack slot. */
-
-@@ -648,6 +656,8 @@
- unsigned int align;
- struct temp_slot *p, *best_p = 0;
- rtx slot;
-+ int char_array = (flag_propolice_protection
-+ && keep == 1 && search_string_def (type));
-
- /* If SIZE is -1 it means that somebody tried to allocate a temporary
- of a variable size. */
-@@ -673,7 +683,8 @@
- && ! p->in_use
- && objects_must_conflict_p (p->type, type)
- && (best_p == 0 || best_p->size > p->size
-- || (best_p->size == p->size && best_p->align > p->align)))
-+ || (best_p->size == p->size && best_p->align > p->align))
-+ && (! char_array || p->boundary_mark != 0))
- {
- if (p->align == align && p->size == size)
- {
-@@ -708,6 +719,7 @@
- p->address = 0;
- p->rtl_expr = 0;
- p->type = best_p->type;
-+ p->boundary_mark = best_p->boundary_mark;
- p->next = temp_slots;
- temp_slots = p;
-
-@@ -768,6 +780,7 @@
- p->full_size = frame_offset - frame_offset_old;
- #endif
- p->address = 0;
-+ p->boundary_mark = char_array ? ++temp_boundary_mark : 0;
- p->next = temp_slots;
- temp_slots = p;
- }
-@@ -932,14 +945,16 @@
- int delete_q = 0;
- if (! q->in_use && GET_MODE (q->slot) == BLKmode)
- {
-- if (p->base_offset + p->full_size == q->base_offset)
-+ if (p->base_offset + p->full_size == q->base_offset &&
-+ p->boundary_mark == q->boundary_mark)
- {
- /* Q comes after P; combine Q into P. */
- p->size += q->size;
- p->full_size += q->full_size;
- delete_q = 1;
- }
-- else if (q->base_offset + q->full_size == p->base_offset)
-+ else if (q->base_offset + q->full_size == p->base_offset &&
-+ p->boundary_mark == q->boundary_mark)
- {
- /* P comes after Q; combine P into Q. */
- q->size += p->size;
-@@ -1449,7 +1464,9 @@
- }
-
- if (new == 0)
-- new = assign_stack_local_1 (decl_mode, GET_MODE_SIZE (decl_mode), 0, func);
-+ new = function ?
-+ assign_stack_local_1 (decl_mode, GET_MODE_SIZE (decl_mode), 0, func)
-+ : assign_stack_local_for_pseudo_reg (decl_mode, GET_MODE_SIZE (decl_mode), 0);
-
- PUT_CODE (reg, MEM);
- PUT_MODE (reg, decl_mode);
-@@ -3937,10 +3954,13 @@
- }
-
- /* Otherwise copy the new constant into a register and replace
-- constant with that register. */
-+ constant with that register.
-+ At the use of stack protection, stop to replace the frame
-+ offset with a register. */
- temp = gen_reg_rtx (Pmode);
- XEXP (x, 0) = new;
-- if (validate_change (object, &XEXP (x, 1), temp, 0))
-+ if (validate_change (object, &XEXP (x, 1), temp, 0)
-+ && !flag_propolice_protection)
- emit_insn_before (gen_move_insn (temp, new_offset), object);
- else
- {
-diff -uNr gcc-3.4.3.orig/gcc/gcse.c gcc-3.4.3/gcc/gcse.c
---- gcc-3.4.3.orig/gcc/gcse.c 2004-10-30 20:02:53.000000000 +0200
-+++ gcc-3.4.3/gcc/gcse.c 2004-11-24 18:35:31.583675856 +0100
-@@ -4176,9 +4176,13 @@
- continue;
-
- /* Find an assignment that sets reg_used and is available
-- at the start of the block. */
-+ at the start of the block.
-+
-+ Skip the copy propagation not to eliminate the register that is
-+ the duplicated pointer of a function argument. It is used for
-+ the function argument protection. */
- set = find_avail_set (regno, insn);
-- if (! set)
-+ if (! set || SET_VOLATILE_P (set->expr))
- continue;
-
- pat = set->expr;
-diff -uNr gcc-3.4.3.orig/gcc/integrate.c gcc-3.4.3/gcc/integrate.c
---- gcc-3.4.3.orig/gcc/integrate.c 2004-01-24 00:36:00.000000000 +0100
-+++ gcc-3.4.3/gcc/integrate.c 2004-11-24 18:35:31.603672816 +0100
-@@ -393,6 +393,11 @@
- /* These args would always appear unused, if not for this. */
- TREE_USED (copy) = 1;
-
-+ /* The inlined variable is marked as INLINE not to change the location
-+ by stack protector. */
-+ if (flag_propolice_protection && TREE_CODE (copy) == VAR_DECL)
-+ DECL_COPIED (copy) = 1;
-+
- /* Set the context for the new declaration. */
- if (!DECL_CONTEXT (decl))
- /* Globals stay global. */
-@@ -1970,6 +1975,12 @@
-
- seq = get_insns ();
- end_sequence ();
-+#ifdef ARGS_GROWS_DOWNWARD
-+ /* Mark this pointer as the top of the argument
-+ block. The pointer minus one is in the block. */
-+ if (flag_propolice_protection && GET_CODE (seq) == SET)
-+ RTX_INTEGRATED_P (SET_SRC (seq)) = 1;
-+#endif
- emit_insn_after (seq, map->insns_at_start);
- return temp;
- }
-diff -uNr gcc-3.4.3.orig/gcc/libgcc2.c gcc-3.4.3/gcc/libgcc2.c
---- gcc-3.4.3.orig/gcc/libgcc2.c 2004-09-26 22:47:14.000000000 +0200
-+++ gcc-3.4.3/gcc/libgcc2.c 2004-11-24 18:35:31.627669168 +0100
-@@ -1678,3 +1678,124 @@
- #endif /* no INIT_SECTION_ASM_OP and not CTOR_LISTS_DEFINED_EXTERNALLY */
- #endif /* L_ctors */
-
-+\f
-+#ifdef L_stack_smash_handler
-+#ifndef _LIBC_PROVIDES_SSP_
-+#include <stdio.h>
-+#include <string.h>
-+#include <fcntl.h>
-+#include <unistd.h>
-+
-+#ifdef _POSIX_SOURCE
-+#include <signal.h>
-+#endif
-+
-+#if defined(HAVE_SYSLOG)
-+#include <sys/types.h>
-+#include <sys/socket.h>
-+#include <sys/un.h>
-+
-+#include <sys/syslog.h>
-+#ifndef _PATH_LOG
-+#define _PATH_LOG "/dev/log"
-+#endif
-+#endif
-+
-+long __guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
-+static void __guard_setup (void) __attribute__ ((constructor));
-+
-+static void
-+__guard_setup (void)
-+{
-+ int fd;
-+ if (__guard[0] != 0)
-+ return;
-+ fd = open ("/dev/urandom", 0);
-+ if (fd != -1) {
-+ ssize_t size = read (fd, (char*)&__guard, sizeof(__guard));
-+ close (fd) ;
-+ if (size == sizeof(__guard))
-+ return;
-+ }
-+ /* If a random generator can't be used, the protector switches the guard
-+ to the "terminator canary". */
-+ ((char*)__guard)[0] = 0;
-+ ((char*)__guard)[1] = 0;
-+ ((char*)__guard)[2] = '\n';
-+ ((char*)__guard)[3] = 255;
-+}
-+
-+extern void __stack_smash_handler (char func[], ATTRIBUTE_UNUSED int damaged);
-+void
-+__stack_smash_handler (char func[], ATTRIBUTE_UNUSED int damaged)
-+{
-+#if defined (__GNU_LIBRARY__)
-+ extern char * __progname;
-+#endif
-+ const char message[] = ": stack smashing attack in function ";
-+ int bufsz = 256, len;
-+ char buf[bufsz];
-+#if defined(HAVE_SYSLOG)
-+ int log_file;
-+ struct sockaddr_un sys_log_addr; /* AF_UNIX address of local logger. */
-+#endif
-+#ifdef _POSIX_SOURCE
-+ {
-+ sigset_t mask;
-+ sigfillset (&mask);
-+ /* Block all signal handlers except SIGABRT. */
-+ sigdelset (&mask, SIGABRT);
-+ sigprocmask (SIG_BLOCK, &mask, NULL);
-+ }
-+#endif
-+
-+ /* send LOG_CRIT. */
-+ strcpy (buf, "<2>"); len=3;
-+#if defined (__GNU_LIBRARY__)
-+ strncat (buf, __progname, bufsz - len - 1);
-+ len = strlen (buf);
-+#endif
-+ if (bufsz > len)
-+ {
-+ strncat (buf, message, bufsz - len - 1);
-+ len = strlen (buf);
-+ }
-+ if (bufsz > len)
-+ {
-+ strncat (buf, func, bufsz - len - 1);
-+ len = strlen (buf);
-+ }
-+
-+ /* Print error message. */
-+ write (STDERR_FILENO, buf + 3, len - 3);
-+#if defined(HAVE_SYSLOG)
-+ if ((log_file = socket (AF_UNIX, SOCK_DGRAM, 0)) != -1)
-+ {
-+
-+ /* Send "found" message to the "/dev/log" path. */
-+ sys_log_addr.sun_family = AF_UNIX;
-+ (void)strncpy (sys_log_addr.sun_path, _PATH_LOG,
-+ sizeof (sys_log_addr.sun_path) - 1);
-+ sys_log_addr.sun_path[sizeof (sys_log_addr.sun_path) - 1] = '\0';
-+ sendto(log_file, buf, len, 0, (struct sockaddr *)&sys_log_addr,
-+ sizeof (sys_log_addr));
-+ }
-+#endif
-+
-+#ifdef _POSIX_SOURCE
-+ {
-+ /* Make sure the default handler is associated with SIGABRT. */
-+ struct sigaction sa;
-+
-+ memset (&sa, 0, sizeof(struct sigaction));
-+ sigfillset (&sa.sa_mask); /* Block all signals. */
-+ sa.sa_flags = 0;
-+ sa.sa_handler = SIG_DFL;
-+ sigaction (SIGABRT, &sa, NULL);
-+ (void)kill (getpid(), SIGABRT);
-+ }
-+#endif
-+ _exit (127);
-+}
-+#endif /* _LIBC_PROVIDES_SSP_ */
-+#endif /* L_stack_smash_handler */
-diff -uNr gcc-3.4.3.orig/gcc/libgcc-std.ver gcc-3.4.3/gcc/libgcc-std.ver
---- gcc-3.4.3.orig/gcc/libgcc-std.ver 2004-09-01 21:14:33.000000000 +0200
-+++ gcc-3.4.3/gcc/libgcc-std.ver 2004-11-24 18:35:31.620670232 +0100
-@@ -174,6 +174,12 @@
- _Unwind_SjLj_RaiseException
- _Unwind_SjLj_ForcedUnwind
- _Unwind_SjLj_Resume
-+
-+%if !defined(_LIBC_PROVIDES_SSP_)
-+ # stack smash handler symbols
-+ __guard
-+ __stack_smash_handler
-+%endif
- }
-
- %inherit GCC_3.3 GCC_3.0
-diff -uNr gcc-3.4.3.orig/gcc/loop.c gcc-3.4.3/gcc/loop.c
---- gcc-3.4.3.orig/gcc/loop.c 2004-07-13 17:29:08.000000000 +0200
-+++ gcc-3.4.3/gcc/loop.c 2004-11-24 18:35:31.680661112 +0100
-@@ -6514,6 +6514,14 @@
- if (GET_CODE (*mult_val) == USE)
- *mult_val = XEXP (*mult_val, 0);
-
-+#ifndef FRAME_GROWS_DOWNWARD
-+ if (flag_propolice_protection
-+ && GET_CODE (*add_val) == PLUS
-+ && (XEXP (*add_val, 0) == frame_pointer_rtx
-+ || XEXP (*add_val, 1) == frame_pointer_rtx))
-+ return 0;
-+#endif
-+
- if (is_addr)
- *pbenefit += address_cost (orig_x, addr_mode) - reg_address_cost;
- else
-diff -uNr gcc-3.4.3.orig/gcc/Makefile.in gcc-3.4.3/gcc/Makefile.in
---- gcc-3.4.3.orig/gcc/Makefile.in 2004-11-24 18:04:18.000000000 +0100
-+++ gcc-3.4.3/gcc/Makefile.in 2004-11-24 18:35:31.038758696 +0100
-@@ -867,7 +867,7 @@
- sibcall.o simplify-rtx.o sreal.o stmt.o stor-layout.o stringpool.o \
- targhooks.o timevar.o toplev.o tracer.o tree.o tree-dump.o unroll.o \
- varasm.o varray.o version.o vmsdbgout.o xcoffout.o alloc-pool.o \
-- et-forest.o cfghooks.o bt-load.o pretty-print.o $(GGC) web.o
-+ et-forest.o cfghooks.o bt-load.o pretty-print.o $(GGC) web.o protector.o
-
- OBJS-md = $(out_object_file)
- OBJS-archive = $(EXTRA_OBJS) $(host_hook_obj) hashtable.o tree-inline.o \
-@@ -1549,7 +1549,7 @@
- langhooks.h insn-flags.h cfglayout.h real.h cfgloop.h \
- hosthooks.h $(LANGHOOKS_DEF_H) cgraph.h $(COVERAGE_H) alloc-pool.h
- $(CC) $(ALL_CFLAGS) $(ALL_CPPFLAGS) $(INCLUDES) \
-- -DTARGET_NAME=\"$(target_noncanonical)\" \
-+ -DTARGET_NAME=\"$(target_noncanonical)\" @ENABLESSP@ \
- -c $(srcdir)/toplev.c $(OUTPUT_OPTION)
- main.o : main.c $(CONFIG_H) $(SYSTEM_H) coretypes.h $(TM_H) toplev.h
-
-@@ -1852,6 +1852,10 @@
- params.o : params.c $(CONFIG_H) $(SYSTEM_H) coretypes.h $(TM_H) $(PARAMS_H) toplev.h
- hooks.o: hooks.c $(CONFIG_H) $(SYSTEM_H) coretypes.h $(TM_H) $(HOOKS_H)
- pretty-print.o: $(CONFIG_H) $(SYSTEM_H) pretty-print.c $(PRETTY_PRINT_H)
-+protector.o : protector.c $(CONFIG_H) $(SYSTEM_H) coretypes.h $(TM_H) $(RTL_H) $(TREE_H) \
-+ flags.h function.h $(EXPR_H) $(OPTABS_H) $(REGS_H) toplev.h hard-reg-set.h \
-+ insn-config.h insn-flags.h $(RECOG_H) output.h toplev.h except.h reload.h \
-+ $(TM_P_H) conditions.h $(INSN_ATTR_H) real.h protector.h
-
- $(out_object_file): $(out_file) $(CONFIG_H) coretypes.h $(TM_H) $(TREE_H) $(GGC_H) \
- $(RTL_H) $(REGS_H) hard-reg-set.h real.h insn-config.h conditions.h \
-diff -uNr gcc-3.4.3.orig/gcc/mklibgcc.in gcc-3.4.3/gcc/mklibgcc.in
---- gcc-3.4.3.orig/gcc/mklibgcc.in 2004-10-18 18:00:43.000000000 +0200
-+++ gcc-3.4.3/gcc/mklibgcc.in 2004-11-24 18:35:31.699658224 +0100
-@@ -57,7 +57,7 @@
- _enable_execute_stack _trampoline __main _absvsi2 _absvdi2 _addvsi3
- _addvdi3 _subvsi3 _subvdi3 _mulvsi3 _mulvdi3 _negvsi2 _negvdi2 _ctors
- _ffssi2 _ffsdi2 _clz _clzsi2 _clzdi2 _ctzsi2 _ctzdi2 _popcount_tab
-- _popcountsi2 _popcountdi2 _paritysi2 _paritydi2'
-+ _popcountsi2 _popcountdi2 _paritysi2 _paritydi2 _stack_smash_handler'
-
- # Disable SHLIB_LINK if shared libgcc not enabled.
- if [ "@enable_shared@" = "no" ]; then
-diff -uNr gcc-3.4.3.orig/gcc/optabs.c gcc-3.4.3/gcc/optabs.c
---- gcc-3.4.3.orig/gcc/optabs.c 2004-03-03 01:45:01.000000000 +0100
-+++ gcc-3.4.3/gcc/optabs.c 2004-11-24 18:35:31.739652144 +0100
-@@ -678,6 +678,27 @@
- if (target)
- target = protect_from_queue (target, 1);
-
-+ /* Keep the frame and offset pattern at the use of stack protection. */
-+ if (flag_propolice_protection
-+ && binoptab->code == PLUS
-+ && op0 == virtual_stack_vars_rtx
-+ && GET_CODE(op1) == CONST_INT)
-+ {
-+ int icode = (int) binoptab->handlers[(int) mode].insn_code;
-+ if (target)
-+ temp = target;
-+ else
-+ temp = gen_reg_rtx (mode);
-+
-+ if (! (*insn_data[icode].operand[0].predicate) (temp, mode)
-+ || GET_CODE (temp) != REG)
-+ temp = gen_reg_rtx (mode);
-+
-+ emit_insn (gen_rtx_SET (VOIDmode, temp,
-+ gen_rtx_PLUS (GET_MODE (op0), op0, op1)));
-+ return temp;
-+ }
-+
- if (flag_force_mem)
- {
- /* Load duplicate non-volatile operands once. */
-diff -uNr gcc-3.4.3.orig/gcc/opts.c gcc-3.4.3/gcc/opts.c
---- gcc-3.4.3.orig/gcc/opts.c 2004-11-24 18:04:19.000000000 +0100
-+++ gcc-3.4.3/gcc/opts.c 2004-11-24 18:35:31.762648648 +0100
-@@ -125,6 +125,9 @@
- bool warn_unused_variable;
- bool warn_unused_value;
-
-+/* Warn when not issuing stack smashing protection for some reason */
-+bool warn_stack_protector;
-+
- /* Hack for cooperation between set_Wunused and set_Wextra. */
- static bool maybe_warn_unused_parameter;
-
-@@ -804,6 +807,10 @@
- warn_unused_variable = value;
- break;
-
-+ case OPT_Wstack_protector:
-+ warn_stack_protector = value;
-+ break;
-+
- case OPT_aux_info:
- case OPT_aux_info_:
- aux_info_file_name = arg;
-@@ -1367,6 +1374,14 @@
- stack_limit_rtx = gen_rtx_SYMBOL_REF (Pmode, ggc_strdup (arg));
- break;
-
-+ case OPT_fstack_protector:
-+ flag_propolice_protection = value;
-+ break;
-+
-+ case OPT_fstack_protector_all:
-+ flag_stack_protection = value;
-+ break;
-+
- case OPT_fstrength_reduce:
- flag_strength_reduce = value;
- break;
-diff -uNr gcc-3.4.3.orig/gcc/protector.c gcc-3.4.3/gcc/protector.c
---- gcc-3.4.3.orig/gcc/protector.c 1970-01-01 01:00:00.000000000 +0100
-+++ gcc-3.4.3/gcc/protector.c 2004-09-02 11:36:11.000000000 +0200
-@@ -0,0 +1,2730 @@
-+/* RTL buffer overflow protection function for GNU C compiler
-+ Copyright (C) 2003 Free Software Foundation, Inc.
-+
-+This file is part of GCC.
-+
-+GCC is free software; you can redistribute it and/or modify it under
-+the terms of the GNU General Public License as published by the Free
-+Software Foundation; either version 2, or (at your option) any later
-+version.
-+
-+GCC is distributed in the hope that it will be useful, but WITHOUT ANY
-+WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+for more details.
-+
-+You should have received a copy of the GNU General Public License
-+along with GCC; see the file COPYING. If not, write to the Free
-+Software Foundation, 59 Temple Place - Suite 330, Boston, MA
-+02111-1307, USA. */
-+
-+/* This file contains several memory arrangement functions to protect
-+ the return address and the frame pointer of the stack
-+ from a stack-smashing attack. It also
-+ provides the function that protects pointer variables. */
-+
-+#include "config.h"
-+#include "system.h"
-+#include "coretypes.h"
-+#include "tm.h"
-+#include "machmode.h"
-+#include "real.h"
-+#include "rtl.h"
-+#include "tree.h"
-+#include "regs.h"
-+#include "flags.h"
-+#include "insn-config.h"
-+#include "insn-flags.h"
-+#include "expr.h"
-+#include "output.h"
-+#include "recog.h"
-+#include "hard-reg-set.h"
-+#include "except.h"
-+#include "function.h"
-+#include "toplev.h"
-+#include "tm_p.h"
-+#include "conditions.h"
-+#include "insn-attr.h"
-+#include "optabs.h"
-+#include "reload.h"
-+#include "protector.h"
-+
-+
-+/* Round a value to the lowest integer less than it that is a multiple of
-+ the required alignment. Avoid using division in case the value is
-+ negative. Assume the alignment is a power of two. */
-+#define FLOOR_ROUND(VALUE,ALIGN) ((VALUE) & ~((ALIGN) - 1))
-+
-+/* Similar, but round to the next highest integer that meets the
-+ alignment. */
-+#define CEIL_ROUND(VALUE,ALIGN) (((VALUE) + (ALIGN) - 1) & ~((ALIGN)- 1))
-+
-+
-+/* Nonzero if function being compiled can define string buffers that may be
-+ damaged by the stack-smash attack. */
-+static int current_function_defines_vulnerable_string;
-+static int current_function_defines_short_string;
-+static int current_function_has_variable_string;
-+static int current_function_defines_vsized_array;
-+static int current_function_is_inlinable;
-+
-+/* Nonzero if search_string_def finds the variable which contains an array. */
-+static int is_array;
-+
-+/* Nonzero if search_string_def finds a byte-pointer variable,
-+ which may be assigned to alloca output. */
-+static int may_have_alloca_pointer;
-+
-+static rtx guard_area, _guard;
-+static rtx function_first_insn, prologue_insert_point;
-+
-+/* Offset to end of sweeped area for gathering character arrays. */
-+static HOST_WIDE_INT sweep_frame_offset;
-+
-+/* Offset to end of allocated area for instantiating pseudo registers. */
-+static HOST_WIDE_INT push_allocated_offset = 0;
-+
-+/* Offset to end of assigned area for instantiating pseudo registers. */
-+static HOST_WIDE_INT push_frame_offset = 0;
-+
-+/* Set to 1 after cse_not_expected becomes nonzero. it is used to identify
-+ which stage assign_stack_local_for_pseudo_reg is called from. */
-+static int saved_cse_not_expected = 0;
-+
-+static int search_string_from_argsandvars (int);
-+static int search_string_from_local_vars (tree);
-+static int search_pointer_def (tree);
-+static int search_func_pointer (tree);
-+static int check_used_flag (rtx);
-+static void reset_used_flags_for_insns (rtx);
-+static void reset_used_flags_for_decls (tree);
-+static void reset_used_flags_of_plus (rtx);
-+static void rtl_prologue (rtx);
-+static void rtl_epilogue (rtx);
-+static void arrange_var_order (tree);
-+static void copy_args_for_protection (void);
-+static void sweep_string_variable (rtx, HOST_WIDE_INT);
-+static void sweep_string_in_decls (tree, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void sweep_string_in_args (tree, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void sweep_string_use_of_insns (rtx, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void sweep_string_in_operand (rtx, rtx *, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void move_arg_location (rtx, rtx, rtx, HOST_WIDE_INT);
-+static void change_arg_use_of_insns (rtx, rtx, rtx *, HOST_WIDE_INT);
-+static void change_arg_use_in_operand (rtx, rtx, rtx, rtx *, HOST_WIDE_INT);
-+static void validate_insns_of_varrefs (rtx);
-+static void validate_operand_of_varrefs (rtx, rtx *);
-+
-+/* Specify which size of buffers should be protected from a stack smashing
-+ attack. Because small buffers are not used in situations which may
-+ overflow buffer, the default size sets to the size of 64 bit register. */
-+#ifndef SUSPICIOUS_BUF_SIZE
-+#define SUSPICIOUS_BUF_SIZE 8
-+#endif
-+
-+#define AUTO_BASEPTR(X) \
-+ (GET_CODE (X) == PLUS ? XEXP (X, 0) : X)
-+#define AUTO_OFFSET(X) \
-+ (GET_CODE (X) == PLUS ? INTVAL (XEXP (X, 1)) : 0)
-+#undef PARM_PASSED_IN_MEMORY
-+#define PARM_PASSED_IN_MEMORY(PARM) \
-+ (GET_CODE (DECL_INCOMING_RTL (PARM)) == MEM)
-+#define TREE_VISITED(NODE) ((NODE)->common.unused_0)
-+
-+/* Argument values for calling search_string_from_argsandvars. */
-+#define CALL_FROM_PREPARE_STACK_PROTECTION 0
-+#define CALL_FROM_PUSH_FRAME 1
-+
-+
-+/* Prepare several stack protection instruments for the current function
-+ if the function has an array as a local variable, which may be vulnerable
-+ from a stack smashing attack, and it is not inlinable.
-+
-+ The overall steps are as follows;
-+ (1)search an array,
-+ (2)insert guard_area on the stack,
-+ (3)duplicate pointer arguments into local variables, and
-+ (4)arrange the location of local variables. */
-+void
-+prepare_stack_protection (int inlinable)
-+{
-+ tree blocks = DECL_INITIAL (current_function_decl);
-+ current_function_is_inlinable = inlinable && !flag_no_inline;
-+ push_frame_offset = push_allocated_offset = 0;
-+ saved_cse_not_expected = 0;
-+
-+ /* Skip the protection if the function has no block
-+ or it is an inline function. */
-+ if (current_function_is_inlinable)
-+ validate_insns_of_varrefs (get_insns ());
-+ if (! blocks || current_function_is_inlinable)
-+ return;
-+
-+ current_function_defines_vulnerable_string
-+ = search_string_from_argsandvars (CALL_FROM_PREPARE_STACK_PROTECTION);
-+
-+ if (current_function_defines_vulnerable_string
-+ || flag_stack_protection)
-+ {
-+ function_first_insn = get_insns ();
-+
-+ if (current_function_contains_functions)
-+ {
-+ if (warn_stack_protector)
-+ warning ("not protecting function: it contains functions");
-+ return;
-+ }
-+
-+ /* Initialize recognition, indicating that volatile is OK. */
-+ init_recog ();
-+
-+ sweep_frame_offset = 0;
-+
-+#ifdef STACK_GROWS_DOWNWARD
-+ /* frame_offset: offset to end of allocated area of stack frame.
-+ It is defined in the function.c. */
-+
-+ /* the location must be before buffers. */
-+ guard_area = assign_stack_local (BLKmode, UNITS_PER_GUARD, -1);
-+ PUT_MODE (guard_area, GUARD_m);
-+ MEM_VOLATILE_P (guard_area) = 1;
-+
-+#ifndef FRAME_GROWS_DOWNWARD
-+ sweep_frame_offset = frame_offset;
-+#endif
-+
-+ /* For making room for guard value, scan all insns and fix the offset
-+ address of the variable that is based on frame pointer.
-+ Scan all declarations of variables and fix the offset address
-+ of the variable that is based on the frame pointer. */
-+ sweep_string_variable (guard_area, UNITS_PER_GUARD);
-+
-+
-+ /* the location of guard area moves to the beginning of stack frame. */
-+ if (AUTO_OFFSET(XEXP (guard_area, 0)))
-+ XEXP (XEXP (guard_area, 0), 1)
-+ = gen_rtx_CONST_INT (VOIDmode, sweep_frame_offset);
-+
-+
-+ /* Insert prologue rtl instructions. */
-+ rtl_prologue (function_first_insn);
-+
-+ if (! current_function_has_variable_string)
-+ {
-+ /* Generate argument saving instruction. */
-+ copy_args_for_protection ();
-+
-+#ifndef FRAME_GROWS_DOWNWARD
-+ /* If frame grows upward, character arrays for protecting args
-+ may copy to the top of the guard variable.
-+ So sweep the guard variable again. */
-+ sweep_frame_offset = CEIL_ROUND (frame_offset,
-+ BIGGEST_ALIGNMENT / BITS_PER_UNIT);
-+ sweep_string_variable (guard_area, UNITS_PER_GUARD);
-+#endif
-+ }
-+ /* Variable can't be protected from the overflow of variable length
-+ buffer. But variable reordering is still effective against
-+ the overflow of fixed size character arrays. */
-+ else if (warn_stack_protector)
-+ warning ("not protecting variables: it has a variable length buffer");
-+#endif
-+#ifndef FRAME_GROWS_DOWNWARD
-+ if (STARTING_FRAME_OFFSET == 0)
-+ {
-+ /* This part may be only for alpha. */
-+ push_allocated_offset = BIGGEST_ALIGNMENT / BITS_PER_UNIT;
-+ assign_stack_local (BLKmode, push_allocated_offset, -1);
-+ sweep_frame_offset = frame_offset;
-+ sweep_string_variable (const0_rtx, -push_allocated_offset);
-+ sweep_frame_offset = AUTO_OFFSET (XEXP (guard_area, 0));
-+ }
-+#endif
-+
-+ /* Arrange the order of local variables. */
-+ arrange_var_order (blocks);
-+
-+#ifdef STACK_GROWS_DOWNWARD
-+ /* Insert epilogue rtl instructions. */
-+ rtl_epilogue (get_last_insn ());
-+#endif
-+ init_recog_no_volatile ();
-+ }
-+ else if (current_function_defines_short_string
-+ && warn_stack_protector)
-+ warning ("not protecting function: buffer is less than %d bytes long",
-+ SUSPICIOUS_BUF_SIZE);
-+}
-+
-+/*
-+ Search string from arguments and local variables.
-+ caller: CALL_FROM_PREPARE_STACK_PROTECTION (0)
-+ CALL_FROM_PUSH_FRAME (1)
-+*/
-+static int
-+search_string_from_argsandvars (int caller)
-+{
-+ tree blocks, parms;
-+ int string_p;
-+
-+ /* Saves a latest search result as a cached infomation. */
-+ static tree __latest_search_decl = 0;
-+ static int __latest_search_result = FALSE;
-+
-+ if (__latest_search_decl == current_function_decl)
-+ return __latest_search_result;
-+ else
-+ if (caller == CALL_FROM_PUSH_FRAME)
-+ return FALSE;
-+
-+ __latest_search_decl = current_function_decl;
-+ __latest_search_result = TRUE;
-+
-+ current_function_defines_short_string = FALSE;
-+ current_function_has_variable_string = FALSE;
-+ current_function_defines_vsized_array = FALSE;
-+ may_have_alloca_pointer = FALSE;
-+
-+ /* Search a string variable from local variables. */
-+ blocks = DECL_INITIAL (current_function_decl);
-+ string_p = search_string_from_local_vars (blocks);
-+
-+ if (! current_function_defines_vsized_array
-+ && may_have_alloca_pointer
-+ && current_function_calls_alloca)
-+ {
-+ current_function_has_variable_string = TRUE;
-+ return TRUE;
-+ }
-+
-+ if (string_p)
-+ return TRUE;
-+
-+#ifdef STACK_GROWS_DOWNWARD
-+ /* Search a string variable from arguments. */
-+ parms = DECL_ARGUMENTS (current_function_decl);
-+
-+ for (; parms; parms = TREE_CHAIN (parms))
-+ if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
-+ {
-+ if (PARM_PASSED_IN_MEMORY (parms))
-+ {
-+ string_p = search_string_def (TREE_TYPE(parms));
-+ if (string_p)
-+ return TRUE;
-+ }
-+ }
-+#endif
-+
-+ __latest_search_result = FALSE;
-+ return FALSE;
-+}
-+
-+
-+/* Search string from local variables in the specified scope. */
-+static int
-+search_string_from_local_vars (tree block)
-+{
-+ tree types;
-+ int found = FALSE;
-+
-+ while (block && TREE_CODE(block)==BLOCK)
-+ {
-+ for (types = BLOCK_VARS(block); types; types = TREE_CHAIN(types))
-+ {
-+ /* Skip the declaration that refers an external variable. */
-+ /* name: types.decl.name.identifier.id */
-+ if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types)
-+ && TREE_CODE (types) == VAR_DECL
-+ && ! DECL_ARTIFICIAL (types)
-+ && DECL_RTL_SET_P (types)
-+ && GET_CODE (DECL_RTL (types)) == MEM
-+
-+ && search_string_def (TREE_TYPE (types)))
-+ {
-+ rtx home = DECL_RTL (types);
-+
-+ if (GET_CODE (home) == MEM
-+ && (GET_CODE (XEXP (home, 0)) == MEM
-+ || (GET_CODE (XEXP (home, 0)) == REG
-+ && XEXP (home, 0) != virtual_stack_vars_rtx
-+ && REGNO (XEXP (home, 0)) != HARD_FRAME_POINTER_REGNUM
-+ && REGNO (XEXP (home, 0)) != STACK_POINTER_REGNUM
-+#if ARG_POINTER_REGNUM != HARD_FRAME_POINTER_REGNUM
-+ && REGNO (XEXP (home, 0)) != ARG_POINTER_REGNUM
-+#endif
-+ )))
-+ /* If the value is indirect by memory or by a register
-+ that isn't the frame pointer then it means the object is
-+ variable-sized and address through
-+ that register or stack slot.
-+ The protection has no way to hide pointer variables
-+ behind the array, so all we can do is staying
-+ the order of variables and arguments. */
-+ {
-+ current_function_has_variable_string = TRUE;
-+ }
-+
-+ /* Found character array. */
-+ found = TRUE;
-+ }
-+ }
-+
-+ if (search_string_from_local_vars (BLOCK_SUBBLOCKS (block)))
-+ {
-+ found = TRUE;
-+ }
-+
-+ block = BLOCK_CHAIN (block);
-+ }
-+
-+ return found;
-+}
-+
-+
-+/* Search a character array from the specified type tree. */
-+int
-+search_string_def (tree type)
-+{
-+ tree tem;
-+
-+ if (! type)
-+ return FALSE;
-+
-+ switch (TREE_CODE (type))
-+ {
-+ case ARRAY_TYPE:
-+ /* Check if the array is a variable-sized array. */
-+ if (TYPE_DOMAIN (type) == 0
-+ || (TYPE_MAX_VALUE (TYPE_DOMAIN (type)) != 0
-+ && TREE_CODE (TYPE_MAX_VALUE (TYPE_DOMAIN (type))) == NOP_EXPR))
-+ current_function_defines_vsized_array = TRUE;
-+
-+ /* Check if the array is related to char array. */
-+ if (TYPE_MAIN_VARIANT (TREE_TYPE(type)) == char_type_node
-+ || TYPE_MAIN_VARIANT (TREE_TYPE(type)) == signed_char_type_node
-+ || TYPE_MAIN_VARIANT (TREE_TYPE(type)) == unsigned_char_type_node)
-+ {
-+ /* Check if the string is a variable string. */
-+ if (TYPE_DOMAIN (type) == 0
-+ || (TYPE_MAX_VALUE (TYPE_DOMAIN (type)) != 0
-+ && TREE_CODE (TYPE_MAX_VALUE (TYPE_DOMAIN (type))) == NOP_EXPR))
-+ return TRUE;
-+
-+ /* Check if the string size is greater than SUSPICIOUS_BUF_SIZE. */
-+ if (TYPE_MAX_VALUE (TYPE_DOMAIN (type)) != 0
-+ && (TREE_INT_CST_LOW(TYPE_MAX_VALUE(TYPE_DOMAIN(type)))+1
-+ >= SUSPICIOUS_BUF_SIZE))
-+ return TRUE;
-+
-+ current_function_defines_short_string = TRUE;
-+ }
-+
-+ /* to protect every functions, sweep any arrays to the frame top. */
-+ is_array = TRUE;
-+
-+ return search_string_def(TREE_TYPE(type));
-+
-+ case UNION_TYPE:
-+ case QUAL_UNION_TYPE:
-+ case RECORD_TYPE:
-+ /* Check if each field has character arrays. */
-+ for (tem = TYPE_FIELDS (type); tem; tem = TREE_CHAIN (tem))
-+ {
-+ /* Omit here local type decls until we know how to support them. */
-+ if ((TREE_CODE (tem) == TYPE_DECL)
-+ || (TREE_CODE (tem) == VAR_DECL && TREE_STATIC (tem)))
-+ continue;
-+
-+ if (search_string_def(TREE_TYPE(tem)))
-+ return TRUE;
-+ }
-+ break;
-+
-+ case POINTER_TYPE:
-+ /* Check if pointer variables, which may be a pointer assigned
-+ by alloca function call, are declared. */
-+ if (TYPE_MAIN_VARIANT (TREE_TYPE(type)) == char_type_node
-+ || TYPE_MAIN_VARIANT (TREE_TYPE(type)) == signed_char_type_node
-+ || TYPE_MAIN_VARIANT (TREE_TYPE(type)) == unsigned_char_type_node)
-+ may_have_alloca_pointer = TRUE;
-+ break;
-+
-+ case REFERENCE_TYPE:
-+ case OFFSET_TYPE:
-+ default:
-+ break;
-+ }
-+
-+ return FALSE;
-+}
-+
-+
-+/* Examine whether the input contains frame pointer addressing. */
-+int
-+contains_fp (rtx op)
-+{
-+ enum rtx_code code;
-+ rtx x;
-+ int i, j;
-+ const char *fmt;
-+
-+ x = op;
-+ if (x == 0)
-+ return FALSE;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case CONST:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case REG:
-+ case ADDRESSOF:
-+ return FALSE;
-+
-+ case MEM:
-+ /* This case is not generated at the stack protection.
-+ see plus_constant_wide and simplify_plus_minus function. */
-+ if (XEXP (x, 0) == virtual_stack_vars_rtx)
-+ abort ();
-+
-+ case PLUS:
-+ if (XEXP (x, 0) == virtual_stack_vars_rtx
-+ && GET_CODE (XEXP (x, 1)) == CONST_INT)
-+ return TRUE;
-+
-+ default:
-+ break;
-+ }
-+
-+ /* Scan all subexpressions. */
-+ fmt = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
-+ if (*fmt == 'e')
-+ {
-+ if (contains_fp (XEXP (x, i)))
-+ return TRUE;
-+ }
-+ else if (*fmt == 'E')
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ if (contains_fp (XVECEXP (x, i, j)))
-+ return TRUE;
-+
-+ return FALSE;
-+}
-+
-+
-+/* Examine whether the input contains any pointer. */
-+static int
-+search_pointer_def (tree type)
-+{
-+ tree tem;
-+
-+ if (! type)
-+ return FALSE;
-+
-+ switch (TREE_CODE (type))
-+ {
-+ case UNION_TYPE:
-+ case QUAL_UNION_TYPE:
-+ case RECORD_TYPE:
-+ /* Check if each field has a pointer. */
-+ for (tem = TYPE_FIELDS (type); tem; tem = TREE_CHAIN (tem))
-+ {
-+ if ((TREE_CODE (tem) == TYPE_DECL)
-+ || (TREE_CODE (tem) == VAR_DECL && TREE_STATIC (tem)))
-+ continue;
-+
-+ if (search_pointer_def (TREE_TYPE(tem)))
-+ return TRUE;
-+ }
-+ break;
-+
-+ case ARRAY_TYPE:
-+ return search_pointer_def (TREE_TYPE(type));
-+
-+ case POINTER_TYPE:
-+ case REFERENCE_TYPE:
-+ case OFFSET_TYPE:
-+ if (TYPE_READONLY (TREE_TYPE (type)))
-+ {
-+ /* If this pointer contains function pointer,
-+ it should be protected. */
-+ return search_func_pointer (TREE_TYPE (type));
-+ }
-+ return TRUE;
-+
-+ default:
-+ break;
-+ }
-+
-+ return FALSE;
-+}
-+
-+
-+/* Examine whether the input contains function pointer. */
-+static int
-+search_func_pointer (tree type)
-+{
-+ tree tem;
-+
-+ if (! type)
-+ return FALSE;
-+
-+ switch (TREE_CODE (type))
-+ {
-+ case UNION_TYPE:
-+ case QUAL_UNION_TYPE:
-+ case RECORD_TYPE:
-+ if (! TREE_VISITED (type))
-+ {
-+ /* Mark the type as having been visited already. */
-+ TREE_VISITED (type) = 1;
-+
-+ /* Check if each field has a function pointer. */
-+ for (tem = TYPE_FIELDS (type); tem; tem = TREE_CHAIN (tem))
-+ {
-+ if (TREE_CODE (tem) == FIELD_DECL
-+ && search_func_pointer (TREE_TYPE(tem)))
-+ {
-+ TREE_VISITED (type) = 0;
-+ return TRUE;
-+ }
-+ }
-+
-+ TREE_VISITED (type) = 0;
-+ }
-+ break;
-+
-+ case ARRAY_TYPE:
-+ return search_func_pointer (TREE_TYPE(type));
-+
-+ case POINTER_TYPE:
-+ case REFERENCE_TYPE:
-+ case OFFSET_TYPE:
-+ if (TREE_CODE (TREE_TYPE (type)) == FUNCTION_TYPE)
-+ return TRUE;
-+ return search_func_pointer (TREE_TYPE(type));
-+
-+ default:
-+ break;
-+ }
-+
-+ return FALSE;
-+}
-+
-+
-+/* Check whether the specified rtx contains PLUS rtx with used flag. */
-+static int
-+check_used_flag (rtx x)
-+{
-+ register int i, j;
-+ register enum rtx_code code;
-+ register const char *format_ptr;
-+
-+ if (x == 0)
-+ return FALSE;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ case REG:
-+ case QUEUED:
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case PC:
-+ case CC0:
-+ return FALSE;
-+
-+ case PLUS:
-+ if (x->used)
-+ return TRUE;
-+
-+ default:
-+ break;
-+ }
-+
-+ format_ptr = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++)
-+ {
-+ switch (*format_ptr++)
-+ {
-+ case 'e':
-+ if (check_used_flag (XEXP (x, i)))
-+ return TRUE;
-+ break;
-+
-+ case 'E':
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ if (check_used_flag (XVECEXP (x, i, j)))
-+ return TRUE;
-+ break;
-+ }
-+ }
-+
-+ return FALSE;
-+}
-+
-+
-+/* Reset used flag of every insns after the spcecified insn. */
-+static void
-+reset_used_flags_for_insns (rtx insn)
-+{
-+ int i, j;
-+ enum rtx_code code;
-+ const char *format_ptr;
-+
-+ for (; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
-+ || GET_CODE (insn) == CALL_INSN)
-+ {
-+ code = GET_CODE (insn);
-+ insn->used = 0;
-+ format_ptr = GET_RTX_FORMAT (code);
-+
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++)
-+ {
-+ switch (*format_ptr++)
-+ {
-+ case 'e':
-+ reset_used_flags_of_plus (XEXP (insn, i));
-+ break;
-+
-+ case 'E':
-+ for (j = 0; j < XVECLEN (insn, i); j++)
-+ reset_used_flags_of_plus (XVECEXP (insn, i, j));
-+ break;
-+ }
-+ }
-+ }
-+}
-+
-+
-+/* Reset used flag of every variables in the specified block. */
-+static void
-+reset_used_flags_for_decls (tree block)
-+{
-+ tree types;
-+ rtx home;
-+
-+ while (block && TREE_CODE(block)==BLOCK)
-+ {
-+ types = BLOCK_VARS(block);
-+
-+ for (types= BLOCK_VARS(block); types; types = TREE_CHAIN(types))
-+ {
-+ /* Skip the declaration that refers an external variable and
-+ also skip an global variable. */
-+ if (! DECL_EXTERNAL (types))
-+ {
-+ if (! DECL_RTL_SET_P (types))
-+ continue;
-+ home = DECL_RTL (types);
-+
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == PLUS
-+ && GET_CODE (XEXP (XEXP (home, 0), 1)) == CONST_INT)
-+ {
-+ XEXP (home, 0)->used = 0;
-+ }
-+ }
-+ }
-+
-+ reset_used_flags_for_decls (BLOCK_SUBBLOCKS (block));
-+
-+ block = BLOCK_CHAIN (block);
-+ }
-+}
-+
-+
-+/* Reset the used flag of every PLUS rtx derived from the specified rtx. */
-+static void
-+reset_used_flags_of_plus (rtx x)
-+{
-+ int i, j;
-+ enum rtx_code code;
-+ const char *format_ptr;
-+
-+ if (x == 0)
-+ return;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ /* These types may be freely shared so we needn't do any resetting
-+ for them. */
-+ case REG:
-+ case QUEUED:
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case PC:
-+ case CC0:
-+ return;
-+
-+ case INSN:
-+ case JUMP_INSN:
-+ case CALL_INSN:
-+ case NOTE:
-+ case LABEL_REF:
-+ case BARRIER:
-+ /* The chain of insns is not being copied. */
-+ return;
-+
-+ case PLUS:
-+ x->used = 0;
-+ break;
-+
-+ case CALL_PLACEHOLDER:
-+ reset_used_flags_for_insns (XEXP (x, 0));
-+ reset_used_flags_for_insns (XEXP (x, 1));
-+ reset_used_flags_for_insns (XEXP (x, 2));
-+ break;
-+
-+ default:
-+ break;
-+ }
-+
-+ format_ptr = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++)
-+ {
-+ switch (*format_ptr++)
-+ {
-+ case 'e':
-+ reset_used_flags_of_plus (XEXP (x, i));
-+ break;
-+
-+ case 'E':
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ reset_used_flags_of_plus (XVECEXP (x, i, j));
-+ break;
-+ }
-+ }
-+}
-+
-+
-+/* Generate the prologue insns of the protector into the specified insn. */
-+static void
-+rtl_prologue (rtx insn)
-+{
-+#if defined(INIT_SECTION_ASM_OP) && !defined(INVOKE__main)
-+#undef HAS_INIT_SECTION
-+#define HAS_INIT_SECTION
-+#endif
-+
-+ rtx _val;
-+
-+ for (; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == NOTE
-+ && NOTE_LINE_NUMBER (insn) == NOTE_INSN_FUNCTION_BEG)
-+ break;
-+
-+#if !defined (HAS_INIT_SECTION)
-+ /* If this function is `main', skip a call to `__main'
-+ to run guard instruments after global initializers, etc. */
-+ if (DECL_NAME (current_function_decl)
-+ && MAIN_NAME_P (DECL_NAME (current_function_decl))
-+ && DECL_CONTEXT (current_function_decl) == NULL_TREE)
-+ {
-+ rtx fbinsn = insn;
-+ for (; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == NOTE
-+ && NOTE_LINE_NUMBER (insn) == NOTE_INSN_BLOCK_BEG)
-+ break;
-+ if (insn == 0)
-+ insn = fbinsn;
-+ }
-+#endif
-+
-+ /* Mark the next insn of FUNCTION_BEG insn. */
-+ prologue_insert_point = NEXT_INSN (insn);
-+
-+ start_sequence ();
-+
-+ _guard = gen_rtx_MEM (GUARD_m, gen_rtx_SYMBOL_REF (Pmode, "__guard"));
-+ emit_move_insn ( guard_area, _guard);
-+
-+ _val = get_insns ();
-+ end_sequence ();
-+
-+ emit_insn_before (_val, prologue_insert_point);
-+}
-+
-+
-+/* Generate the epilogue insns of the protector into the specified insn. */
-+static void
-+rtl_epilogue (rtx insn)
-+{
-+ rtx if_false_label;
-+ rtx _val;
-+ rtx funcname;
-+ tree funcstr;
-+ int flag_have_return = FALSE;
-+
-+ start_sequence ();
-+
-+#ifdef HAVE_return
-+ if (HAVE_return)
-+ {
-+ rtx insn;
-+ return_label = gen_label_rtx ();
-+
-+ for (insn = prologue_insert_point; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == JUMP_INSN
-+ && GET_CODE (PATTERN (insn)) == RETURN
-+ && GET_MODE (PATTERN (insn)) == VOIDmode)
-+ {
-+ rtx pat = gen_rtx_SET (VOIDmode,
-+ pc_rtx,
-+ gen_rtx_LABEL_REF (VOIDmode,
-+ return_label));
-+ PATTERN (insn) = pat;
-+ flag_have_return = TRUE;
-+ }
-+
-+
-+ emit_label (return_label);
-+ }
-+#endif
-+
-+ /* if (guard_area != _guard) */
-+ compare_from_rtx (guard_area, _guard, NE, 0, GUARD_m, NULL_RTX);
-+
-+ if_false_label = gen_label_rtx (); /* { */
-+ emit_jump_insn ( gen_beq(if_false_label));
-+
-+ /* generate string for the current function name */
-+ funcstr = build_string (strlen(current_function_name ())+1,
-+ current_function_name ());
-+ TREE_TYPE (funcstr) = build_array_type (char_type_node, 0);
-+ funcname = output_constant_def (funcstr, 1);
-+
-+ emit_library_call (gen_rtx_SYMBOL_REF (Pmode, "__stack_smash_handler"),
-+ 0, VOIDmode, 2,
-+ XEXP (funcname, 0), Pmode, guard_area, GUARD_m);
-+
-+ /* generate RTL to return from the current function */
-+
-+ emit_barrier (); /* } */
-+ emit_label (if_false_label);
-+
-+ /* generate RTL to return from the current function */
-+ if (DECL_RTL_SET_P (DECL_RESULT (current_function_decl)))
-+ use_return_register ();
-+
-+#ifdef HAVE_return
-+ if (HAVE_return && flag_have_return)
-+ {
-+ emit_jump_insn (gen_return ());
-+ emit_barrier ();
-+ }
-+#endif
-+
-+ _val = get_insns ();
-+ end_sequence ();
-+
-+ emit_insn_after (_val, insn);
-+}
-+
-+
-+/* For every variable which type is character array, moves its location
-+ in the stack frame to the sweep_frame_offset position. */
-+static void
-+arrange_var_order (tree block)
-+{
-+ tree types;
-+ HOST_WIDE_INT offset;
-+
-+ while (block && TREE_CODE(block)==BLOCK)
-+ {
-+ /* arrange the location of character arrays in depth first. */
-+ arrange_var_order (BLOCK_SUBBLOCKS (block));
-+
-+ for (types = BLOCK_VARS (block); types; types = TREE_CHAIN(types))
-+ {
-+ /* Skip the declaration that refers an external variable. */
-+ if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types)
-+ && TREE_CODE (types) == VAR_DECL
-+ && ! DECL_ARTIFICIAL (types)
-+ && DECL_RTL_SET_P (types)
-+ && GET_CODE (DECL_RTL (types)) == MEM
-+ && GET_MODE (DECL_RTL (types)) == BLKmode
-+
-+ && (is_array=0,
-+ search_string_def (TREE_TYPE (types))
-+ || (! current_function_defines_vulnerable_string && is_array)))
-+ {
-+ rtx home = DECL_RTL (types);
-+
-+ if (!(GET_CODE (home) == MEM
-+ && (GET_CODE (XEXP (home, 0)) == MEM
-+ || (GET_CODE (XEXP (home, 0)) == REG
-+ && XEXP (home, 0) != virtual_stack_vars_rtx
-+ && REGNO (XEXP (home, 0)) != HARD_FRAME_POINTER_REGNUM
-+ && REGNO (XEXP (home, 0)) != STACK_POINTER_REGNUM
-+#if ARG_POINTER_REGNUM != HARD_FRAME_POINTER_REGNUM
-+ && REGNO (XEXP (home, 0)) != ARG_POINTER_REGNUM
-+#endif
-+ ))))
-+ {
-+ /* Found a string variable. */
-+ HOST_WIDE_INT var_size =
-+ ((TREE_INT_CST_LOW (DECL_SIZE (types)) + BITS_PER_UNIT - 1)
-+ / BITS_PER_UNIT);
-+
-+ /* Confirmed it is BLKmode. */
-+ int alignment = BIGGEST_ALIGNMENT / BITS_PER_UNIT;
-+ var_size = CEIL_ROUND (var_size, alignment);
-+
-+ /* Skip the variable if it is top of the region
-+ specified by sweep_frame_offset. */
-+ offset = AUTO_OFFSET (XEXP (DECL_RTL (types), 0));
-+ if (offset == sweep_frame_offset - var_size)
-+ sweep_frame_offset -= var_size;
-+
-+ else if (offset < sweep_frame_offset - var_size)
-+ sweep_string_variable (DECL_RTL (types), var_size);
-+ }
-+ }
-+ }
-+
-+ block = BLOCK_CHAIN (block);
-+ }
-+}
-+
-+
-+/* To protect every pointer argument and move character arrays in the argument,
-+ Copy those variables to the top of the stack frame and move the location of
-+ character arrays to the posion of sweep_frame_offset. */
-+static void
-+copy_args_for_protection (void)
-+{
-+ tree parms = DECL_ARGUMENTS (current_function_decl);
-+ rtx temp_rtx;
-+
-+ parms = DECL_ARGUMENTS (current_function_decl);
-+ for (; parms; parms = TREE_CHAIN (parms))
-+ if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
-+ {
-+ if (PARM_PASSED_IN_MEMORY (parms) && DECL_NAME (parms))
-+ {
-+ int string_p;
-+ rtx seq;
-+
-+ string_p = search_string_def (TREE_TYPE(parms));
-+
-+ /* Check if it is a candidate to move. */
-+ if (string_p || search_pointer_def (TREE_TYPE (parms)))
-+ {
-+ int arg_size
-+ = ((TREE_INT_CST_LOW (DECL_SIZE (parms)) + BITS_PER_UNIT - 1)
-+ / BITS_PER_UNIT);
-+ tree passed_type = DECL_ARG_TYPE (parms);
-+ tree nominal_type = TREE_TYPE (parms);
-+
-+ start_sequence ();
-+
-+ if (GET_CODE (DECL_RTL (parms)) == REG)
-+ {
-+ rtx safe = 0;
-+
-+ change_arg_use_of_insns (prologue_insert_point,
-+ DECL_RTL (parms), &safe, 0);
-+ if (safe)
-+ {
-+ /* Generate codes for copying the content. */
-+ rtx movinsn = emit_move_insn (safe, DECL_RTL (parms));
-+
-+ /* Avoid register elimination in gcse.c. */
-+ PATTERN (movinsn)->volatil = 1;
-+
-+ /* Save debugger info. */
-+ SET_DECL_RTL (parms, safe);
-+ }
-+ }
-+ else if (GET_CODE (DECL_RTL (parms)) == MEM
-+ && GET_CODE (XEXP (DECL_RTL (parms), 0)) == ADDRESSOF)
-+ {
-+ rtx movinsn;
-+ rtx safe = gen_reg_rtx (GET_MODE (DECL_RTL (parms)));
-+
-+ /* Generate codes for copying the content. */
-+ movinsn = emit_move_insn (safe, DECL_INCOMING_RTL (parms));
-+ /* Avoid register elimination in gcse.c. */
-+ PATTERN (movinsn)->volatil = 1;
-+
-+ /* Change the addressof information to the newly
-+ allocated pseudo register. */
-+ emit_move_insn (DECL_RTL (parms), safe);
-+
-+ /* Save debugger info. */
-+ SET_DECL_RTL (parms, safe);
-+ }
-+
-+ /* See if the frontend wants to pass this by invisible
-+ reference. */
-+ else if (passed_type != nominal_type
-+ && POINTER_TYPE_P (passed_type)
-+ && TREE_TYPE (passed_type) == nominal_type)
-+ {
-+ rtx safe = 0, orig = XEXP (DECL_RTL (parms), 0);
-+
-+ change_arg_use_of_insns (prologue_insert_point,
-+ orig, &safe, 0);
-+ if (safe)
-+ {
-+ /* Generate codes for copying the content. */
-+ rtx movinsn = emit_move_insn (safe, orig);
-+
-+ /* Avoid register elimination in gcse.c */
-+ PATTERN (movinsn)->volatil = 1;
-+
-+ /* Save debugger info. */
-+ SET_DECL_RTL (parms, safe);
-+ }
-+ }
-+
-+ else
-+ {
-+ /* Declare temporary local variable for parms. */
-+ temp_rtx
-+ = assign_stack_local (DECL_MODE (parms), arg_size,
-+ DECL_MODE (parms) == BLKmode ?
-+ -1 : 0);
-+
-+ MEM_IN_STRUCT_P (temp_rtx)
-+ = AGGREGATE_TYPE_P (TREE_TYPE (parms));
-+ set_mem_alias_set (temp_rtx, get_alias_set (parms));
-+
-+ /* Generate codes for copying the content. */
-+ store_expr (parms, temp_rtx, 0);
-+
-+ /* Change the reference for each instructions. */
-+ move_arg_location (prologue_insert_point, DECL_RTL (parms),
-+ temp_rtx, arg_size);
-+
-+ /* Change the location of parms variable. */
-+ SET_DECL_RTL (parms, temp_rtx);
-+ }
-+
-+ seq = get_insns ();
-+ end_sequence ();
-+ emit_insn_before (seq, prologue_insert_point);
-+
-+#ifdef FRAME_GROWS_DOWNWARD
-+ /* Process the string argument. */
-+ if (string_p && DECL_MODE (parms) == BLKmode)
-+ {
-+ int alignment = BIGGEST_ALIGNMENT / BITS_PER_UNIT;
-+ arg_size = CEIL_ROUND (arg_size, alignment);
-+
-+ /* Change the reference for each instructions. */
-+ sweep_string_variable (DECL_RTL (parms), arg_size);
-+ }
-+#endif
-+ }
-+ }
-+ }
-+}
-+
-+
-+/* Sweep a string variable to the positon of sweep_frame_offset in the
-+ stack frame, that is a last position of string variables. */
-+static void
-+sweep_string_variable (rtx sweep_var, HOST_WIDE_INT var_size)
-+{
-+ HOST_WIDE_INT sweep_offset;
-+
-+ switch (GET_CODE (sweep_var))
-+ {
-+ case MEM:
-+ if (GET_CODE (XEXP (sweep_var, 0)) == ADDRESSOF
-+ && GET_CODE (XEXP (XEXP (sweep_var, 0), 0)) == REG)
-+ return;
-+ sweep_offset = AUTO_OFFSET(XEXP (sweep_var, 0));
-+ break;
-+ case CONST_INT:
-+ sweep_offset = INTVAL (sweep_var);
-+ break;
-+ default:
-+ abort ();
-+ }
-+
-+ /* Scan all declarations of variables and fix the offset address of
-+ the variable based on the frame pointer. */
-+ sweep_string_in_decls (DECL_INITIAL (current_function_decl),
-+ sweep_offset, var_size);
-+
-+ /* Scan all argument variable and fix the offset address based on
-+ the frame pointer. */
-+ sweep_string_in_args (DECL_ARGUMENTS (current_function_decl),
-+ sweep_offset, var_size);
-+
-+ /* For making room for sweep variable, scan all insns and
-+ fix the offset address of the variable that is based on frame pointer. */
-+ sweep_string_use_of_insns (function_first_insn, sweep_offset, var_size);
-+
-+
-+ /* Clear all the USED bits in operands of all insns and declarations of
-+ local variables. */
-+ reset_used_flags_for_decls (DECL_INITIAL (current_function_decl));
-+ reset_used_flags_for_insns (function_first_insn);
-+
-+ sweep_frame_offset -= var_size;
-+}
-+
-+
-+
-+/* Move an argument to the local variable addressed by frame_offset. */
-+static void
-+move_arg_location (rtx insn, rtx orig, rtx new, HOST_WIDE_INT var_size)
-+{
-+ /* For making room for sweep variable, scan all insns and
-+ fix the offset address of the variable that is based on frame pointer. */
-+ change_arg_use_of_insns (insn, orig, &new, var_size);
-+
-+
-+ /* Clear all the USED bits in operands of all insns and declarations
-+ of local variables. */
-+ reset_used_flags_for_insns (insn);
-+}
-+
-+
-+/* Sweep character arrays declared as local variable. */
-+static void
-+sweep_string_in_decls (tree block, HOST_WIDE_INT sweep_offset,
-+ HOST_WIDE_INT sweep_size)
-+{
-+ tree types;
-+ HOST_WIDE_INT offset;
-+ rtx home;
-+
-+ while (block && TREE_CODE(block)==BLOCK)
-+ {
-+ for (types = BLOCK_VARS(block); types; types = TREE_CHAIN(types))
-+ {
-+ /* Skip the declaration that refers an external variable and
-+ also skip an global variable. */
-+ if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types)) {
-+
-+ if (! DECL_RTL_SET_P (types))
-+ continue;
-+
-+ home = DECL_RTL (types);
-+
-+ /* Process for static local variable. */
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == SYMBOL_REF)
-+ continue;
-+
-+ if (GET_CODE (home) == MEM
-+ && XEXP (home, 0) == virtual_stack_vars_rtx)
-+ {
-+ offset = 0;
-+
-+ /* the operand related to the sweep variable. */
-+ if (sweep_offset <= offset
-+ && offset < sweep_offset + sweep_size)
-+ {
-+ offset = sweep_frame_offset - sweep_size - sweep_offset;
-+
-+ XEXP (home, 0) = plus_constant (virtual_stack_vars_rtx,
-+ offset);
-+ XEXP (home, 0)->used = 1;
-+ }
-+ else if (sweep_offset <= offset
-+ && offset < sweep_frame_offset)
-+ {
-+ /* the rest of variables under sweep_frame_offset,
-+ shift the location. */
-+ XEXP (home, 0) = plus_constant (virtual_stack_vars_rtx,
-+ -sweep_size);
-+ XEXP (home, 0)->used = 1;
-+ }
-+ }
-+
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == MEM)
-+ {
-+ /* Process for dynamically allocated array. */
-+ home = XEXP (home, 0);
-+ }
-+
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == PLUS
-+ && XEXP (XEXP (home, 0), 0) == virtual_stack_vars_rtx
-+ && GET_CODE (XEXP (XEXP (home, 0), 1)) == CONST_INT)
-+ {
-+ if (! XEXP (home, 0)->used)
-+ {
-+ offset = AUTO_OFFSET(XEXP (home, 0));
-+
-+ /* the operand related to the sweep variable. */
-+ if (sweep_offset <= offset
-+ && offset < sweep_offset + sweep_size)
-+ {
-+
-+ offset
-+ += sweep_frame_offset - sweep_size - sweep_offset;
-+ XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode,
-+ offset);
-+
-+ /* mark */
-+ XEXP (home, 0)->used = 1;
-+ }
-+ else if (sweep_offset <= offset
-+ && offset < sweep_frame_offset)
-+ {
-+ /* the rest of variables under sweep_frame_offset,
-+ so shift the location. */
-+
-+ XEXP (XEXP (home, 0), 1)
-+ = gen_rtx_CONST_INT (VOIDmode, offset - sweep_size);
-+
-+ /* mark */
-+ XEXP (home, 0)->used = 1;
-+ }
-+ }
-+ }
-+ }
-+ }
-+
-+ sweep_string_in_decls (BLOCK_SUBBLOCKS (block),
-+ sweep_offset, sweep_size);
-+
-+ block = BLOCK_CHAIN (block);
-+ }
-+}
-+
-+
-+/* Sweep character arrays declared as argument. */
-+static void
-+sweep_string_in_args (tree parms, HOST_WIDE_INT sweep_offset,
-+ HOST_WIDE_INT sweep_size)
-+{
-+ rtx home;
-+ HOST_WIDE_INT offset;
-+
-+ for (; parms; parms = TREE_CHAIN (parms))
-+ if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
-+ {
-+ if (PARM_PASSED_IN_MEMORY (parms) && DECL_NAME (parms))
-+ {
-+ home = DECL_INCOMING_RTL (parms);
-+
-+ if (XEXP (home, 0)->used)
-+ continue;
-+
-+ offset = AUTO_OFFSET(XEXP (home, 0));
-+
-+ /* the operand related to the sweep variable. */
-+ if (AUTO_BASEPTR (XEXP (home, 0)) == virtual_stack_vars_rtx)
-+ {
-+ if (sweep_offset <= offset
-+ && offset < sweep_offset + sweep_size)
-+ {
-+ offset += sweep_frame_offset - sweep_size - sweep_offset;
-+ XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode,
-+ offset);
-+
-+ /* mark */
-+ XEXP (home, 0)->used = 1;
-+ }
-+ else if (sweep_offset <= offset
-+ && offset < sweep_frame_offset)
-+ {
-+ /* the rest of variables under sweep_frame_offset,
-+ shift the location. */
-+ XEXP (XEXP (home, 0), 1)
-+ = gen_rtx_CONST_INT (VOIDmode, offset - sweep_size);
-+
-+ /* mark */
-+ XEXP (home, 0)->used = 1;
-+ }
-+ }
-+ }
-+ }
-+}
-+
-+
-+/* Set to 1 when the instruction contains virtual registers. */
-+static int has_virtual_reg;
-+
-+/* Sweep the specified character array for every insns. The array starts from
-+ the sweep_offset and its size is sweep_size. */
-+static void
-+sweep_string_use_of_insns (rtx insn, HOST_WIDE_INT sweep_offset,
-+ HOST_WIDE_INT sweep_size)
-+{
-+ for (; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
-+ || GET_CODE (insn) == CALL_INSN)
-+ {
-+ has_virtual_reg = FALSE;
-+ sweep_string_in_operand (insn, &PATTERN (insn),
-+ sweep_offset, sweep_size);
-+ sweep_string_in_operand (insn, ®_NOTES (insn),
-+ sweep_offset, sweep_size);
-+ }
-+}
-+
-+
-+/* Sweep the specified character array, which starts from the sweep_offset and
-+ its size is sweep_size.
-+
-+ When a pointer is given,
-+ if it points the address higher than the array, it stays.
-+ if it points the address inside the array, it changes to point inside
-+ the sweeped array.
-+ if it points the address lower than the array, it shifts higher address by
-+ the sweep_size. */
-+static void
-+sweep_string_in_operand (rtx insn, rtx *loc,
-+ HOST_WIDE_INT sweep_offset, HOST_WIDE_INT sweep_size)
-+{
-+ rtx x = *loc;
-+ enum rtx_code code;
-+ int i, j, k = 0;
-+ HOST_WIDE_INT offset;
-+ const char *fmt;
-+
-+ if (x == 0)
-+ return;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case CONST:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case PC:
-+ case CC0:
-+ case ASM_INPUT:
-+ case ADDR_VEC:
-+ case ADDR_DIFF_VEC:
-+ case RETURN:
-+ case ADDRESSOF:
-+ return;
-+
-+ case REG:
-+ if (x == virtual_incoming_args_rtx
-+ || x == virtual_stack_vars_rtx
-+ || x == virtual_stack_dynamic_rtx
-+ || x == virtual_outgoing_args_rtx
-+ || x == virtual_cfa_rtx)
-+ has_virtual_reg = TRUE;
-+ return;
-+
-+ case SET:
-+ /*
-+ skip setjmp setup insn and setjmp restore insn
-+ Example:
-+ (set (MEM (reg:SI xx)) (virtual_stack_vars_rtx)))
-+ (set (virtual_stack_vars_rtx) (REG))
-+ */
-+ if (GET_CODE (XEXP (x, 0)) == MEM
-+ && XEXP (x, 1) == virtual_stack_vars_rtx)
-+ return;
-+ if (XEXP (x, 0) == virtual_stack_vars_rtx
-+ && GET_CODE (XEXP (x, 1)) == REG)
-+ return;
-+ break;
-+
-+ case PLUS:
-+ /* Handle typical case of frame register plus constant. */
-+ if (XEXP (x, 0) == virtual_stack_vars_rtx
-+ && GET_CODE (XEXP (x, 1)) == CONST_INT)
-+ {
-+ if (x->used)
-+ goto single_use_of_virtual_reg;
-+
-+ offset = AUTO_OFFSET(x);
-+
-+ /* When arguments grow downward, the virtual incoming
-+ args pointer points to the top of the argument block,
-+ so block is identified by the pointer - 1.
-+ The flag is set at the copy_rtx_and_substitute in integrate.c */
-+ if (RTX_INTEGRATED_P (x))
-+ k = -1;
-+
-+ /* the operand related to the sweep variable. */
-+ if (sweep_offset <= offset + k
-+ && offset + k < sweep_offset + sweep_size)
-+ {
-+ offset += sweep_frame_offset - sweep_size - sweep_offset;
-+
-+ XEXP (x, 0) = virtual_stack_vars_rtx;
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
-+ x->used = 1;
-+ }
-+ else if (sweep_offset <= offset + k
-+ && offset + k < sweep_frame_offset)
-+ {
-+ /* the rest of variables under sweep_frame_offset,
-+ shift the location. */
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset - sweep_size);
-+ x->used = 1;
-+ }
-+
-+ single_use_of_virtual_reg:
-+ if (has_virtual_reg) {
-+ /* excerpt from insn_invalid_p in recog.c */
-+ int icode = recog_memoized (insn);
-+
-+ if (icode < 0 && asm_noperands (PATTERN (insn)) < 0)
-+ {
-+ rtx temp, seq;
-+
-+ start_sequence ();
-+ temp = force_operand (x, NULL_RTX);
-+ seq = get_insns ();
-+ end_sequence ();
-+
-+ emit_insn_before (seq, insn);
-+ if (! validate_change (insn, loc, temp, 0)
-+ && !validate_replace_rtx (x, temp, insn))
-+ fatal_insn ("sweep_string_in_operand", insn);
-+ }
-+ }
-+
-+ has_virtual_reg = TRUE;
-+ return;
-+ }
-+
-+#ifdef FRAME_GROWS_DOWNWARD
-+ /* Alert the case of frame register plus constant given by reg. */
-+ else if (XEXP (x, 0) == virtual_stack_vars_rtx
-+ && GET_CODE (XEXP (x, 1)) == REG)
-+ fatal_insn ("sweep_string_in_operand: unknown addressing", insn);
-+#endif
-+
-+ /*
-+ process further subtree:
-+ Example: (plus:SI (mem/s:SI (plus:SI (reg:SI 17) (const_int 8)))
-+ (const_int 5))
-+ */
-+ break;
-+
-+ case CALL_PLACEHOLDER:
-+ for (i = 0; i < 3; i++)
-+ {
-+ rtx seq = XEXP (x, i);
-+ if (seq)
-+ {
-+ push_to_sequence (seq);
-+ sweep_string_use_of_insns (XEXP (x, i),
-+ sweep_offset, sweep_size);
-+ XEXP (x, i) = get_insns ();
-+ end_sequence ();
-+ }
-+ }
-+ break;
-+
-+ default:
-+ break;
-+ }
-+
-+ /* Scan all subexpressions. */
-+ fmt = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
-+ if (*fmt == 'e')
-+ {
-+ /*
-+ virtual_stack_vars_rtx without offset
-+ Example:
-+ (set (reg:SI xx) (reg:SI 78))
-+ (set (reg:SI xx) (MEM (reg:SI 78)))
-+ */
-+ if (XEXP (x, i) == virtual_stack_vars_rtx)
-+ fatal_insn ("sweep_string_in_operand: unknown fp usage", insn);
-+ sweep_string_in_operand (insn, &XEXP (x, i), sweep_offset, sweep_size);
-+ }
-+ else if (*fmt == 'E')
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ sweep_string_in_operand (insn, &XVECEXP (x, i, j), sweep_offset, sweep_size);
-+}
-+
-+
-+/* Change the use of an argument to the use of the duplicated variable for
-+ every insns, The variable is addressed by new rtx. */
-+static void
-+change_arg_use_of_insns (rtx insn, rtx orig, rtx *new, HOST_WIDE_INT size)
-+{
-+ for (; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
-+ || GET_CODE (insn) == CALL_INSN)
-+ {
-+ rtx seq;
-+
-+ start_sequence ();
-+ change_arg_use_in_operand (insn, PATTERN (insn), orig, new, size);
-+
-+ seq = get_insns ();
-+ end_sequence ();
-+ emit_insn_before (seq, insn);
-+
-+ /* load_multiple insn from virtual_incoming_args_rtx have several
-+ load insns. If every insn change the load address of arg
-+ to frame region, those insns are moved before the PARALLEL insn
-+ and remove the PARALLEL insn. */
-+ if (GET_CODE (PATTERN (insn)) == PARALLEL
-+ && XVECLEN (PATTERN (insn), 0) == 0)
-+ delete_insn (insn);
-+ }
-+}
-+
-+
-+/* Change the use of an argument to the use of the duplicated variable for
-+ every rtx derived from the x. */
-+static void
-+change_arg_use_in_operand (rtx insn, rtx x, rtx orig, rtx *new, HOST_WIDE_INT size)
-+{
-+ enum rtx_code code;
-+ int i, j;
-+ HOST_WIDE_INT offset;
-+ const char *fmt;
-+
-+ if (x == 0)
-+ return;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case CONST:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case PC:
-+ case CC0:
-+ case ASM_INPUT:
-+ case ADDR_VEC:
-+ case ADDR_DIFF_VEC:
-+ case RETURN:
-+ case REG:
-+ case ADDRESSOF:
-+ return;
-+
-+ case MEM:
-+ /* Handle special case of MEM (incoming_args). */
-+ if (GET_CODE (orig) == MEM
-+ && XEXP (x, 0) == virtual_incoming_args_rtx)
-+ {
-+ offset = 0;
-+
-+ /* the operand related to the sweep variable. */
-+ if (AUTO_OFFSET(XEXP (orig, 0)) <= offset &&
-+ offset < AUTO_OFFSET(XEXP (orig, 0)) + size) {
-+
-+ offset = AUTO_OFFSET(XEXP (*new, 0))
-+ + (offset - AUTO_OFFSET(XEXP (orig, 0)));
-+
-+ XEXP (x, 0) = plus_constant (virtual_stack_vars_rtx, offset);
-+ XEXP (x, 0)->used = 1;
-+
-+ return;
-+ }
-+ }
-+ break;
-+
-+ case PLUS:
-+ /* Handle special case of frame register plus constant. */
-+ if (GET_CODE (orig) == MEM
-+ && XEXP (x, 0) == virtual_incoming_args_rtx
-+ && GET_CODE (XEXP (x, 1)) == CONST_INT
-+ && ! x->used)
-+ {
-+ offset = AUTO_OFFSET(x);
-+
-+ /* the operand related to the sweep variable. */
-+ if (AUTO_OFFSET(XEXP (orig, 0)) <= offset &&
-+ offset < AUTO_OFFSET(XEXP (orig, 0)) + size)
-+ {
-+
-+ offset = (AUTO_OFFSET(XEXP (*new, 0))
-+ + (offset - AUTO_OFFSET(XEXP (orig, 0))));
-+
-+ XEXP (x, 0) = virtual_stack_vars_rtx;
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
-+ x->used = 1;
-+
-+ return;
-+ }
-+
-+ /*
-+ process further subtree:
-+ Example: (plus:SI (mem/s:SI (plus:SI (reg:SI 17) (const_int 8)))
-+ (const_int 5))
-+ */
-+ }
-+ break;
-+
-+ case SET:
-+ /* Handle special case of "set (REG or MEM) (incoming_args)".
-+ It means that the the address of the 1st argument is stored. */
-+ if (GET_CODE (orig) == MEM
-+ && XEXP (x, 1) == virtual_incoming_args_rtx)
-+ {
-+ offset = 0;
-+
-+ /* the operand related to the sweep variable. */
-+ if (AUTO_OFFSET(XEXP (orig, 0)) <= offset &&
-+ offset < AUTO_OFFSET(XEXP (orig, 0)) + size)
-+ {
-+ offset = (AUTO_OFFSET(XEXP (*new, 0))
-+ + (offset - AUTO_OFFSET(XEXP (orig, 0))));
-+
-+ XEXP (x, 1) = force_operand (plus_constant (virtual_stack_vars_rtx,
-+ offset), NULL_RTX);
-+ XEXP (x, 1)->used = 1;
-+
-+ return;
-+ }
-+ }
-+ break;
-+
-+ case CALL_PLACEHOLDER:
-+ for (i = 0; i < 3; i++)
-+ {
-+ rtx seq = XEXP (x, i);
-+ if (seq)
-+ {
-+ push_to_sequence (seq);
-+ change_arg_use_of_insns (XEXP (x, i), orig, new, size);
-+ XEXP (x, i) = get_insns ();
-+ end_sequence ();
-+ }
-+ }
-+ break;
-+
-+ case PARALLEL:
-+ for (j = 0; j < XVECLEN (x, 0); j++)
-+ {
-+ change_arg_use_in_operand (insn, XVECEXP (x, 0, j), orig, new, size);
-+ }
-+ if (recog_memoized (insn) < 0)
-+ {
-+ for (i = 0, j = 0; j < XVECLEN (x, 0); j++)
-+ {
-+ /* if parallel insn has a insn used virtual_incoming_args_rtx,
-+ the insn is removed from this PARALLEL insn. */
-+ if (check_used_flag (XVECEXP (x, 0, j)))
-+ {
-+ emit_insn (XVECEXP (x, 0, j));
-+ XVECEXP (x, 0, j) = NULL;
-+ }
-+ else
-+ XVECEXP (x, 0, i++) = XVECEXP (x, 0, j);
-+ }
-+ PUT_NUM_ELEM (XVEC (x, 0), i);
-+ }
-+ return;
-+
-+ default:
-+ break;
-+ }
-+
-+ /* Scan all subexpressions. */
-+ fmt = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
-+ if (*fmt == 'e')
-+ {
-+ if (XEXP (x, i) == orig)
-+ {
-+ if (*new == 0)
-+ *new = gen_reg_rtx (GET_MODE (orig));
-+ XEXP (x, i) = *new;
-+ continue;
-+ }
-+ change_arg_use_in_operand (insn, XEXP (x, i), orig, new, size);
-+ }
-+ else if (*fmt == 'E')
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ {
-+ if (XVECEXP (x, i, j) == orig)
-+ {
-+ if (*new == 0)
-+ *new = gen_reg_rtx (GET_MODE (orig));
-+ XVECEXP (x, i, j) = *new;
-+ continue;
-+ }
-+ change_arg_use_in_operand (insn, XVECEXP (x, i, j), orig, new, size);
-+ }
-+}
-+
-+
-+/* Validate every instructions from the specified instruction.
-+
-+ The stack protector prohibits to generate machine specific frame addressing
-+ for the first rtl generation. The prepare_stack_protection must convert
-+ machine independent frame addressing to machine specific frame addressing,
-+ so instructions for inline functions, which skip the conversion of
-+ the stack protection, validate every instructions. */
-+static void
-+validate_insns_of_varrefs (rtx insn)
-+{
-+ rtx next;
-+
-+ /* Initialize recognition, indicating that volatile is OK. */
-+ init_recog ();
-+
-+ for (; insn; insn = next)
-+ {
-+ next = NEXT_INSN (insn);
-+ if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
-+ || GET_CODE (insn) == CALL_INSN)
-+ {
-+ /* excerpt from insn_invalid_p in recog.c */
-+ int icode = recog_memoized (insn);
-+
-+ if (icode < 0 && asm_noperands (PATTERN (insn)) < 0)
-+ validate_operand_of_varrefs (insn, &PATTERN (insn));
-+ }
-+ }
-+
-+ init_recog_no_volatile ();
-+}
-+
-+
-+/* Validate frame addressing of the rtx and covert it to machine specific one. */
-+static void
-+validate_operand_of_varrefs (rtx insn, rtx *loc)
-+{
-+ enum rtx_code code;
-+ rtx x, temp, seq;
-+ int i, j;
-+ const char *fmt;
-+
-+ x = *loc;
-+ if (x == 0)
-+ return;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ case USE:
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case CONST:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case PC:
-+ case CC0:
-+ case ASM_INPUT:
-+ case ADDR_VEC:
-+ case ADDR_DIFF_VEC:
-+ case RETURN:
-+ case REG:
-+ case ADDRESSOF:
-+ return;
-+
-+ case PLUS:
-+ /* validate insn of frame register plus constant. */
-+ if (GET_CODE (x) == PLUS
-+ && XEXP (x, 0) == virtual_stack_vars_rtx
-+ && GET_CODE (XEXP (x, 1)) == CONST_INT)
-+ {
-+ start_sequence ();
-+
-+ { /* excerpt from expand_binop in optabs.c */
-+ optab binoptab = add_optab;
-+ enum machine_mode mode = GET_MODE (x);
-+ int icode = (int) binoptab->handlers[(int) mode].insn_code;
-+ enum machine_mode mode1 = insn_data[icode].operand[2].mode;
-+ rtx pat;
-+ rtx xop0 = XEXP (x, 0), xop1 = XEXP (x, 1);
-+ temp = gen_reg_rtx (mode);
-+
-+ /* Now, if insn's predicates don't allow offset operands,
-+ put them into pseudo regs. */
-+
-+ if (! (*insn_data[icode].operand[2].predicate) (xop1, mode1)
-+ && mode1 != VOIDmode)
-+ xop1 = copy_to_mode_reg (mode1, xop1);
-+
-+ pat = GEN_FCN (icode) (temp, xop0, xop1);
-+ if (pat)
-+ emit_insn (pat);
-+ else
-+ abort (); /* there must be add_optab handler. */
-+ }
-+ seq = get_insns ();
-+ end_sequence ();
-+
-+ emit_insn_before (seq, insn);
-+ if (! validate_change (insn, loc, temp, 0))
-+ abort ();
-+ return;
-+ }
-+ break;
-+
-+
-+ case CALL_PLACEHOLDER:
-+ for (i = 0; i < 3; i++)
-+ {
-+ rtx seq = XEXP (x, i);
-+ if (seq)
-+ {
-+ push_to_sequence (seq);
-+ validate_insns_of_varrefs (XEXP (x, i));
-+ XEXP (x, i) = get_insns ();
-+ end_sequence ();
-+ }
-+ }
-+ break;
-+
-+ default:
-+ break;
-+ }
-+
-+ /* Scan all subexpressions. */
-+ fmt = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
-+ if (*fmt == 'e')
-+ validate_operand_of_varrefs (insn, &XEXP (x, i));
-+ else if (*fmt == 'E')
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ validate_operand_of_varrefs (insn, &XVECEXP (x, i, j));
-+}
-+
-+
-+
-+/* Return size that is not allocated for stack frame. It will be allocated
-+ to modify the home of pseudo registers called from global_alloc. */
-+HOST_WIDE_INT
-+get_frame_free_size (void)
-+{
-+ if (! flag_propolice_protection)
-+ return 0;
-+
-+ return push_allocated_offset - push_frame_offset;
-+}
-+
-+
-+/* The following codes are invoked after the instantiation of pseudo registers.
-+
-+ Reorder local variables to place a peudo register after buffers to avoid
-+ the corruption of local variables that could be used to further corrupt
-+ arbitrary memory locations. */
-+#if !defined(FRAME_GROWS_DOWNWARD) && defined(STACK_GROWS_DOWNWARD)
-+static void push_frame (HOST_WIDE_INT, HOST_WIDE_INT);
-+static void push_frame_in_decls (tree, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void push_frame_in_args (tree, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void push_frame_of_insns (rtx, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void push_frame_in_operand (rtx, rtx, HOST_WIDE_INT, HOST_WIDE_INT);
-+static void push_frame_of_reg_equiv_memory_loc (HOST_WIDE_INT, HOST_WIDE_INT);
-+static void push_frame_of_reg_equiv_constant (HOST_WIDE_INT, HOST_WIDE_INT);
-+static void reset_used_flags_for_push_frame (void);
-+static int check_out_of_frame_access (rtx, HOST_WIDE_INT);
-+static int check_out_of_frame_access_in_operand (rtx, HOST_WIDE_INT);
-+#endif
-+
-+
-+/* Assign stack local at the stage of register allocater. if a pseudo reg is
-+ spilled out from such an allocation, it is allocated on the stack.
-+ The protector keep the location be lower stack region than the location of
-+ sweeped arrays. */
-+rtx
-+assign_stack_local_for_pseudo_reg (enum machine_mode mode,
-+ HOST_WIDE_INT size, int align)
-+{
-+#if defined(FRAME_GROWS_DOWNWARD) || !defined(STACK_GROWS_DOWNWARD)
-+ return assign_stack_local (mode, size, align);
-+#else
-+ tree blocks = DECL_INITIAL (current_function_decl);
-+ rtx new;
-+ HOST_WIDE_INT saved_frame_offset, units_per_push, starting_frame;
-+ int first_call_from_purge_addressof, first_call_from_global_alloc;
-+
-+ if (! flag_propolice_protection
-+ || size == 0
-+ || ! blocks
-+ || current_function_is_inlinable
-+ || ! search_string_from_argsandvars (CALL_FROM_PUSH_FRAME)
-+ || current_function_contains_functions)
-+ return assign_stack_local (mode, size, align);
-+
-+ first_call_from_purge_addressof = !push_frame_offset && !cse_not_expected;
-+ first_call_from_global_alloc = !saved_cse_not_expected && cse_not_expected;
-+ saved_cse_not_expected = cse_not_expected;
-+
-+ starting_frame = ((STARTING_FRAME_OFFSET)
-+ ? STARTING_FRAME_OFFSET : BIGGEST_ALIGNMENT / BITS_PER_UNIT);
-+ units_per_push = MAX (BIGGEST_ALIGNMENT / BITS_PER_UNIT,
-+ GET_MODE_SIZE (mode));
-+
-+ if (first_call_from_purge_addressof)
-+ {
-+ push_frame_offset = push_allocated_offset;
-+ if (check_out_of_frame_access (get_insns (), starting_frame))
-+ {
-+ /* After the purge_addressof stage, there may be an instruction which
-+ have the pointer less than the starting_frame.
-+ if there is an access below frame, push dummy region to seperate
-+ the address of instantiated variables. */
-+ push_frame (GET_MODE_SIZE (DImode), 0);
-+ assign_stack_local (BLKmode, GET_MODE_SIZE (DImode), -1);
-+ }
-+ }
-+
-+ if (first_call_from_global_alloc)
-+ {
-+ push_frame_offset = push_allocated_offset = 0;
-+ if (check_out_of_frame_access (get_insns (), starting_frame))
-+ {
-+ if (STARTING_FRAME_OFFSET)
-+ {
-+ /* if there is an access below frame, push dummy region
-+ to seperate the address of instantiated variables. */
-+ push_frame (GET_MODE_SIZE (DImode), 0);
-+ assign_stack_local (BLKmode, GET_MODE_SIZE (DImode), -1);
-+ }
-+ else
-+ push_allocated_offset = starting_frame;
-+ }
-+ }
-+
-+ saved_frame_offset = frame_offset;
-+ frame_offset = push_frame_offset;
-+
-+ new = assign_stack_local (mode, size, align);
-+
-+ push_frame_offset = frame_offset;
-+ frame_offset = saved_frame_offset;
-+
-+ if (push_frame_offset > push_allocated_offset)
-+ {
-+ push_frame (units_per_push,
-+ push_allocated_offset + STARTING_FRAME_OFFSET);
-+
-+ assign_stack_local (BLKmode, units_per_push, -1);
-+ push_allocated_offset += units_per_push;
-+ }
-+
-+ /* At the second call from global alloc, alpha push frame and assign
-+ a local variable to the top of the stack. */
-+ if (first_call_from_global_alloc && STARTING_FRAME_OFFSET == 0)
-+ push_frame_offset = push_allocated_offset = 0;
-+
-+ return new;
-+#endif
-+}
-+
-+
-+#if !defined(FRAME_GROWS_DOWNWARD) && defined(STACK_GROWS_DOWNWARD)
-+
-+/* push frame infomation for instantiating pseudo register at the top of stack.
-+ This is only for the "frame grows upward", it means FRAME_GROWS_DOWNWARD is
-+ not defined.
-+
-+ It is called by purge_addressof function and global_alloc (or reload)
-+ function. */
-+static void
-+push_frame (HOST_WIDE_INT var_size, HOST_WIDE_INT boundary)
-+{
-+ reset_used_flags_for_push_frame();
-+
-+ /* Scan all declarations of variables and fix the offset address of
-+ the variable based on the frame pointer. */
-+ push_frame_in_decls (DECL_INITIAL (current_function_decl),
-+ var_size, boundary);
-+
-+ /* Scan all argument variable and fix the offset address based on
-+ the frame pointer. */
-+ push_frame_in_args (DECL_ARGUMENTS (current_function_decl),
-+ var_size, boundary);
-+
-+ /* Scan all operands of all insns and fix the offset address
-+ based on the frame pointer. */
-+ push_frame_of_insns (get_insns (), var_size, boundary);
-+
-+ /* Scan all reg_equiv_memory_loc and reg_equiv_constant. */
-+ push_frame_of_reg_equiv_memory_loc (var_size, boundary);
-+ push_frame_of_reg_equiv_constant (var_size, boundary);
-+
-+ reset_used_flags_for_push_frame();
-+}
-+
-+
-+/* Reset used flag of every insns, reg_equiv_memory_loc,
-+ and reg_equiv_constant. */
-+static void
-+reset_used_flags_for_push_frame(void)
-+{
-+ int i;
-+ extern rtx *reg_equiv_memory_loc;
-+ extern rtx *reg_equiv_constant;
-+
-+ /* Clear all the USED bits in operands of all insns and declarations of
-+ local vars. */
-+ reset_used_flags_for_decls (DECL_INITIAL (current_function_decl));
-+ reset_used_flags_for_insns (get_insns ());
-+
-+
-+ /* The following codes are processed if the push_frame is called from
-+ global_alloc (or reload) function. */
-+ if (reg_equiv_memory_loc == 0)
-+ return;
-+
-+ for (i=LAST_VIRTUAL_REGISTER+1; i < max_regno; i++)
-+ if (reg_equiv_memory_loc[i])
-+ {
-+ rtx x = reg_equiv_memory_loc[i];
-+
-+ if (GET_CODE (x) == MEM
-+ && GET_CODE (XEXP (x, 0)) == PLUS
-+ && AUTO_BASEPTR (XEXP (x, 0)) == frame_pointer_rtx)
-+ {
-+ /* reset */
-+ XEXP (x, 0)->used = 0;
-+ }
-+ }
-+
-+
-+ if (reg_equiv_constant == 0)
-+ return;
-+
-+ for (i=LAST_VIRTUAL_REGISTER+1; i < max_regno; i++)
-+ if (reg_equiv_constant[i])
-+ {
-+ rtx x = reg_equiv_constant[i];
-+
-+ if (GET_CODE (x) == PLUS
-+ && AUTO_BASEPTR (x) == frame_pointer_rtx)
-+ {
-+ /* reset */
-+ x->used = 0;
-+ }
-+ }
-+}
-+
-+
-+/* Push every variables declared as a local variable and make a room for
-+ instantiated register. */
-+static void
-+push_frame_in_decls (tree block, HOST_WIDE_INT push_size,
-+ HOST_WIDE_INT boundary)
-+{
-+ tree types;
-+ HOST_WIDE_INT offset;
-+ rtx home;
-+
-+ while (block && TREE_CODE(block)==BLOCK)
-+ {
-+ for (types = BLOCK_VARS(block); types; types = TREE_CHAIN(types))
-+ {
-+ /* Skip the declaration that refers an external variable and
-+ also skip an global variable. */
-+ if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types))
-+ {
-+ if (! DECL_RTL_SET_P (types))
-+ continue;
-+
-+ home = DECL_RTL (types);
-+
-+ /* Process for static local variable. */
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == SYMBOL_REF)
-+ continue;
-+
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == REG)
-+ {
-+ if (XEXP (home, 0) != frame_pointer_rtx
-+ || boundary != 0)
-+ continue;
-+
-+ XEXP (home, 0) = plus_constant (frame_pointer_rtx,
-+ push_size);
-+
-+ /* mark */
-+ XEXP (home, 0)->used = 1;
-+ }
-+
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == MEM)
-+ {
-+ /* Process for dynamically allocated array. */
-+ home = XEXP (home, 0);
-+ }
-+
-+ if (GET_CODE (home) == MEM
-+ && GET_CODE (XEXP (home, 0)) == PLUS
-+ && GET_CODE (XEXP (XEXP (home, 0), 1)) == CONST_INT)
-+ {
-+ offset = AUTO_OFFSET(XEXP (home, 0));
-+
-+ if (! XEXP (home, 0)->used
-+ && offset >= boundary)
-+ {
-+ offset += push_size;
-+ XEXP (XEXP (home, 0), 1)
-+ = gen_rtx_CONST_INT (VOIDmode, offset);
-+
-+ /* mark */
-+ XEXP (home, 0)->used = 1;
-+ }
-+ }
-+ }
-+ }
-+
-+ push_frame_in_decls (BLOCK_SUBBLOCKS (block), push_size, boundary);
-+ block = BLOCK_CHAIN (block);
-+ }
-+}
-+
-+
-+/* Push every variables declared as an argument and make a room for
-+ instantiated register. */
-+static void
-+push_frame_in_args (tree parms, HOST_WIDE_INT push_size,
-+ HOST_WIDE_INT boundary)
-+{
-+ rtx home;
-+ HOST_WIDE_INT offset;
-+
-+ for (; parms; parms = TREE_CHAIN (parms))
-+ if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
-+ {
-+ if (PARM_PASSED_IN_MEMORY (parms))
-+ {
-+ home = DECL_INCOMING_RTL (parms);
-+ offset = AUTO_OFFSET(XEXP (home, 0));
-+
-+ if (XEXP (home, 0)->used || offset < boundary)
-+ continue;
-+
-+ /* the operand related to the sweep variable. */
-+ if (AUTO_BASEPTR (XEXP (home, 0)) == frame_pointer_rtx)
-+ {
-+ if (XEXP (home, 0) == frame_pointer_rtx)
-+ XEXP (home, 0) = plus_constant (frame_pointer_rtx,
-+ push_size);
-+ else {
-+ offset += push_size;
-+ XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode,
-+ offset);
-+ }
-+
-+ /* mark */
-+ XEXP (home, 0)->used = 1;
-+ }
-+ }
-+ }
-+}
-+
-+
-+/* Set to 1 when the instruction has the reference to be pushed. */
-+static int insn_pushed;
-+
-+/* Tables of equivalent registers with frame pointer. */
-+static int *fp_equiv = 0;
-+
-+
-+/* Push the frame region to make a room for allocated local variable. */
-+static void
-+push_frame_of_insns (rtx insn, HOST_WIDE_INT push_size, HOST_WIDE_INT boundary)
-+{
-+ /* init fp_equiv */
-+ fp_equiv = (int *) xcalloc (max_reg_num (), sizeof (int));
-+
-+ for (; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
-+ || GET_CODE (insn) == CALL_INSN)
-+ {
-+ rtx last;
-+
-+ insn_pushed = FALSE;
-+
-+ /* Push frame in INSN operation. */
-+ push_frame_in_operand (insn, PATTERN (insn), push_size, boundary);
-+
-+ /* Push frame in NOTE. */
-+ push_frame_in_operand (insn, REG_NOTES (insn), push_size, boundary);
-+
-+ /* Push frame in CALL EXPR_LIST. */
-+ if (GET_CODE (insn) == CALL_INSN)
-+ push_frame_in_operand (insn, CALL_INSN_FUNCTION_USAGE (insn),
-+ push_size, boundary);
-+
-+ /* Pushed frame addressing style may not be machine specific one.
-+ so the instruction should be converted to use the machine specific
-+ frame addressing. */
-+ if (insn_pushed
-+ && (last = try_split (PATTERN (insn), insn, 1)) != insn)
-+ {
-+ rtx first = NEXT_INSN (insn);
-+ rtx trial = NEXT_INSN (first);
-+ rtx pattern = PATTERN (trial);
-+ rtx set;
-+
-+ /* Update REG_EQUIV info to the first splitted insn. */
-+ if ((set = single_set (insn))
-+ && find_reg_note (insn, REG_EQUIV, SET_SRC (set))
-+ && GET_CODE (PATTERN (first)) == SET)
-+ {
-+ REG_NOTES (first)
-+ = gen_rtx_EXPR_LIST (REG_EQUIV,
-+ SET_SRC (PATTERN (first)),
-+ REG_NOTES (first));
-+ }
-+
-+ /* copy the first insn of splitted insns to the original insn and
-+ delete the first insn,
-+ because the original insn is pointed from records:
-+ insn_chain, reg_equiv_init, used for global_alloc. */
-+ if (cse_not_expected)
-+ {
-+ add_insn_before (insn, first);
-+
-+ /* Copy the various flags, and other information. */
-+ memcpy (insn, first, sizeof (struct rtx_def) - sizeof (rtunion));
-+ PATTERN (insn) = PATTERN (first);
-+ INSN_CODE (insn) = INSN_CODE (first);
-+ LOG_LINKS (insn) = LOG_LINKS (first);
-+ REG_NOTES (insn) = REG_NOTES (first);
-+
-+ /* then remove the first insn of splitted insns. */
-+ remove_insn (first);
-+ INSN_DELETED_P (first) = 1;
-+ }
-+
-+ if (GET_CODE (pattern) == SET
-+ && GET_CODE (XEXP (pattern, 0)) == REG
-+ && GET_CODE (XEXP (pattern, 1)) == PLUS
-+ && XEXP (pattern, 0) == XEXP (XEXP (pattern, 1), 0)
-+ && GET_CODE (XEXP (XEXP (pattern, 1), 1)) == CONST_INT)
-+ {
-+ rtx offset = XEXP (XEXP (pattern, 1), 1);
-+ fp_equiv[REGNO (XEXP (pattern, 0))] = INTVAL (offset);
-+
-+ delete_insn (trial);
-+ }
-+
-+ insn = last;
-+ }
-+ }
-+
-+ /* Clean up. */
-+ free (fp_equiv);
-+}
-+
-+
-+/* Push the frame region by changing the operand that points the frame. */
-+static void
-+push_frame_in_operand (rtx insn, rtx orig,
-+ HOST_WIDE_INT push_size, HOST_WIDE_INT boundary)
-+{
-+ rtx x = orig;
-+ enum rtx_code code;
-+ int i, j;
-+ HOST_WIDE_INT offset;
-+ const char *fmt;
-+
-+ if (x == 0)
-+ return;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case CONST:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case PC:
-+ case CC0:
-+ case ASM_INPUT:
-+ case ADDR_VEC:
-+ case ADDR_DIFF_VEC:
-+ case RETURN:
-+ case REG:
-+ case ADDRESSOF:
-+ case USE:
-+ return;
-+
-+ case SET:
-+ /*
-+ Skip setjmp setup insn and setjmp restore insn
-+ alpha case:
-+ (set (MEM (reg:SI xx)) (frame_pointer_rtx)))
-+ (set (frame_pointer_rtx) (REG))
-+ */
-+ if (GET_CODE (XEXP (x, 0)) == MEM
-+ && XEXP (x, 1) == frame_pointer_rtx)
-+ return;
-+ if (XEXP (x, 0) == frame_pointer_rtx
-+ && GET_CODE (XEXP (x, 1)) == REG)
-+ return;
-+
-+ /*
-+ powerpc case: restores setjmp address
-+ (set (frame_pointer_rtx) (plus frame_pointer_rtx const_int -n))
-+ or
-+ (set (reg) (plus frame_pointer_rtx const_int -n))
-+ (set (frame_pointer_rtx) (reg))
-+ */
-+ if (GET_CODE (XEXP (x, 0)) == REG
-+ && GET_CODE (XEXP (x, 1)) == PLUS
-+ && XEXP (XEXP (x, 1), 0) == frame_pointer_rtx
-+ && GET_CODE (XEXP (XEXP (x, 1), 1)) == CONST_INT
-+ && INTVAL (XEXP (XEXP (x, 1), 1)) < 0)
-+ {
-+ x = XEXP (x, 1);
-+ offset = AUTO_OFFSET(x);
-+ if (x->used || -offset < boundary)
-+ return;
-+
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset - push_size);
-+ x->used = 1; insn_pushed = TRUE;
-+ return;
-+ }
-+
-+ /* Reset fp_equiv register. */
-+ else if (GET_CODE (XEXP (x, 0)) == REG
-+ && fp_equiv[REGNO (XEXP (x, 0))])
-+ fp_equiv[REGNO (XEXP (x, 0))] = 0;
-+
-+ /* Propagete fp_equiv register. */
-+ else if (GET_CODE (XEXP (x, 0)) == REG
-+ && GET_CODE (XEXP (x, 1)) == REG
-+ && fp_equiv[REGNO (XEXP (x, 1))])
-+ if (REGNO (XEXP (x, 0)) <= LAST_VIRTUAL_REGISTER
-+ || reg_renumber[REGNO (XEXP (x, 0))] > 0)
-+ fp_equiv[REGNO (XEXP (x, 0))] = fp_equiv[REGNO (XEXP (x, 1))];
-+ break;
-+
-+ case MEM:
-+ if (XEXP (x, 0) == frame_pointer_rtx
-+ && boundary == 0)
-+ {
-+ XEXP (x, 0) = plus_constant (frame_pointer_rtx, push_size);
-+ XEXP (x, 0)->used = 1; insn_pushed = TRUE;
-+ return;
-+ }
-+ break;
-+
-+ case PLUS:
-+ /* Handle special case of frame register plus constant. */
-+ if (GET_CODE (XEXP (x, 1)) == CONST_INT
-+ && XEXP (x, 0) == frame_pointer_rtx)
-+ {
-+ offset = AUTO_OFFSET(x);
-+
-+ if (x->used || offset < boundary)
-+ return;
-+
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset + push_size);
-+ x->used = 1; insn_pushed = TRUE;
-+
-+ return;
-+ }
-+ /*
-+ Handle alpha case:
-+ (plus:SI (subreg:SI (reg:DI 63 FP) 0) (const_int 64 [0x40]))
-+ */
-+ if (GET_CODE (XEXP (x, 1)) == CONST_INT
-+ && GET_CODE (XEXP (x, 0)) == SUBREG
-+ && SUBREG_REG (XEXP (x, 0)) == frame_pointer_rtx)
-+ {
-+ offset = AUTO_OFFSET(x);
-+
-+ if (x->used || offset < boundary)
-+ return;
-+
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset + push_size);
-+ x->used = 1; insn_pushed = TRUE;
-+
-+ return;
-+ }
-+ /*
-+ Handle powerpc case:
-+ (set (reg x) (plus fp const))
-+ (set (.....) (... (plus (reg x) (const B))))
-+ */
-+ else if (GET_CODE (XEXP (x, 1)) == CONST_INT
-+ && GET_CODE (XEXP (x, 0)) == REG
-+ && fp_equiv[REGNO (XEXP (x, 0))])
-+ {
-+ offset = AUTO_OFFSET(x);
-+
-+ if (x->used)
-+ return;
-+
-+ offset += fp_equiv[REGNO (XEXP (x, 0))];
-+
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
-+ x->used = 1; insn_pushed = TRUE;
-+
-+ return;
-+ }
-+ /*
-+ Handle special case of frame register plus reg (constant).
-+ (set (reg x) (const B))
-+ (set (....) (...(plus fp (reg x))))
-+ */
-+ else if (XEXP (x, 0) == frame_pointer_rtx
-+ && GET_CODE (XEXP (x, 1)) == REG
-+ && PREV_INSN (insn)
-+ && PATTERN (PREV_INSN (insn))
-+ && SET_DEST (PATTERN (PREV_INSN (insn))) == XEXP (x, 1)
-+ && GET_CODE (SET_SRC (PATTERN (PREV_INSN (insn)))) == CONST_INT)
-+ {
-+ offset = INTVAL (SET_SRC (PATTERN (PREV_INSN (insn))));
-+
-+ if (x->used || offset < boundary)
-+ return;
-+
-+ SET_SRC (PATTERN (PREV_INSN (insn)))
-+ = gen_rtx_CONST_INT (VOIDmode, offset + push_size);
-+ x->used = 1;
-+ XEXP (x, 1)->used = 1;
-+
-+ return;
-+ }
-+ /*
-+ Handle special case of frame register plus reg (used).
-+ The register already have a pushed offset, just mark this frame
-+ addressing.
-+ */
-+ else if (XEXP (x, 0) == frame_pointer_rtx
-+ && XEXP (x, 1)->used)
-+ {
-+ x->used = 1;
-+ return;
-+ }
-+ /*
-+ Process further subtree:
-+ Example: (plus:SI (mem/s:SI (plus:SI (FP) (const_int 8)))
-+ (const_int 5))
-+ */
-+ break;
-+
-+ case CALL_PLACEHOLDER:
-+ push_frame_of_insns (XEXP (x, 0), push_size, boundary);
-+ push_frame_of_insns (XEXP (x, 1), push_size, boundary);
-+ push_frame_of_insns (XEXP (x, 2), push_size, boundary);
-+ break;
-+
-+ default:
-+ break;
-+ }
-+
-+ /* Scan all subexpressions. */
-+ fmt = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
-+ if (*fmt == 'e')
-+ {
-+ if (XEXP (x, i) == frame_pointer_rtx && boundary == 0)
-+ fatal_insn ("push_frame_in_operand", insn);
-+ push_frame_in_operand (insn, XEXP (x, i), push_size, boundary);
-+ }
-+ else if (*fmt == 'E')
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ push_frame_in_operand (insn, XVECEXP (x, i, j), push_size, boundary);
-+}
-+
-+
-+/* Change the location pointed in reg_equiv_memory_loc. */
-+static void
-+push_frame_of_reg_equiv_memory_loc (HOST_WIDE_INT push_size,
-+ HOST_WIDE_INT boundary)
-+{
-+ int i;
-+ extern rtx *reg_equiv_memory_loc;
-+
-+ /* This function is processed if the push_frame is called from
-+ global_alloc (or reload) function. */
-+ if (reg_equiv_memory_loc == 0)
-+ return;
-+
-+ for (i=LAST_VIRTUAL_REGISTER+1; i < max_regno; i++)
-+ if (reg_equiv_memory_loc[i])
-+ {
-+ rtx x = reg_equiv_memory_loc[i];
-+ int offset;
-+
-+ if (GET_CODE (x) == MEM
-+ && GET_CODE (XEXP (x, 0)) == PLUS
-+ && XEXP (XEXP (x, 0), 0) == frame_pointer_rtx)
-+ {
-+ offset = AUTO_OFFSET(XEXP (x, 0));
-+
-+ if (! XEXP (x, 0)->used
-+ && offset >= boundary)
-+ {
-+ offset += push_size;
-+ XEXP (XEXP (x, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset);
-+
-+ /* mark */
-+ XEXP (x, 0)->used = 1;
-+ }
-+ }
-+ else if (GET_CODE (x) == MEM
-+ && XEXP (x, 0) == frame_pointer_rtx
-+ && boundary == 0)
-+ {
-+ XEXP (x, 0) = plus_constant (frame_pointer_rtx, push_size);
-+ XEXP (x, 0)->used = 1; insn_pushed = TRUE;
-+ }
-+ }
-+}
-+
-+
-+/* Change the location pointed in reg_equiv_constant. */
-+static void
-+push_frame_of_reg_equiv_constant (HOST_WIDE_INT push_size,
-+ HOST_WIDE_INT boundary)
-+{
-+ int i;
-+ extern rtx *reg_equiv_constant;
-+
-+ /* This function is processed if the push_frame is called from
-+ global_alloc (or reload) function. */
-+ if (reg_equiv_constant == 0)
-+ return;
-+
-+ for (i = LAST_VIRTUAL_REGISTER + 1; i < max_regno; i++)
-+ if (reg_equiv_constant[i])
-+ {
-+ rtx x = reg_equiv_constant[i];
-+ int offset;
-+
-+ if (GET_CODE (x) == PLUS
-+ && XEXP (x, 0) == frame_pointer_rtx)
-+ {
-+ offset = AUTO_OFFSET(x);
-+
-+ if (! x->used
-+ && offset >= boundary)
-+ {
-+ offset += push_size;
-+ XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
-+
-+ /* mark */
-+ x->used = 1;
-+ }
-+ }
-+ else if (x == frame_pointer_rtx
-+ && boundary == 0)
-+ {
-+ reg_equiv_constant[i]
-+ = plus_constant (frame_pointer_rtx, push_size);
-+ reg_equiv_constant[i]->used = 1; insn_pushed = TRUE;
-+ }
-+ }
-+}
-+
-+
-+/* Check every instructions if insn's memory reference is out of frame. */
-+static int
-+check_out_of_frame_access (rtx insn, HOST_WIDE_INT boundary)
-+{
-+ for (; insn; insn = NEXT_INSN (insn))
-+ if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
-+ || GET_CODE (insn) == CALL_INSN)
-+ {
-+ if (check_out_of_frame_access_in_operand (PATTERN (insn), boundary))
-+ return TRUE;
-+ }
-+ return FALSE;
-+}
-+
-+
-+/* Check every operands if the reference is out of frame. */
-+static int
-+check_out_of_frame_access_in_operand (rtx orig, HOST_WIDE_INT boundary)
-+{
-+ rtx x = orig;
-+ enum rtx_code code;
-+ int i, j;
-+ const char *fmt;
-+
-+ if (x == 0)
-+ return FALSE;
-+
-+ code = GET_CODE (x);
-+
-+ switch (code)
-+ {
-+ case CONST_INT:
-+ case CONST_DOUBLE:
-+ case CONST:
-+ case SYMBOL_REF:
-+ case CODE_LABEL:
-+ case PC:
-+ case CC0:
-+ case ASM_INPUT:
-+ case ADDR_VEC:
-+ case ADDR_DIFF_VEC:
-+ case RETURN:
-+ case REG:
-+ case ADDRESSOF:
-+ return FALSE;
-+
-+ case MEM:
-+ if (XEXP (x, 0) == frame_pointer_rtx)
-+ if (0 < boundary)
-+ return TRUE;
-+ break;
-+
-+ case PLUS:
-+ /* Handle special case of frame register plus constant. */
-+ if (GET_CODE (XEXP (x, 1)) == CONST_INT
-+ && XEXP (x, 0) == frame_pointer_rtx)
-+ {
-+ if (0 <= AUTO_OFFSET(x)
-+ && AUTO_OFFSET(x) < boundary)
-+ return TRUE;
-+ return FALSE;
-+ }
-+ /*
-+ Process further subtree:
-+ Example: (plus:SI (mem/s:SI (plus:SI (reg:SI 17) (const_int 8)))
-+ (const_int 5))
-+ */
-+ break;
-+
-+ case CALL_PLACEHOLDER:
-+ if (check_out_of_frame_access (XEXP (x, 0), boundary))
-+ return TRUE;
-+ if (check_out_of_frame_access (XEXP (x, 1), boundary))
-+ return TRUE;
-+ if (check_out_of_frame_access (XEXP (x, 2), boundary))
-+ return TRUE;
-+ break;
-+
-+ default:
-+ break;
-+ }
-+
-+ /* Scan all subexpressions. */
-+ fmt = GET_RTX_FORMAT (code);
-+ for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
-+ if (*fmt == 'e')
-+ {
-+ if (check_out_of_frame_access_in_operand (XEXP (x, i), boundary))
-+ return TRUE;
-+ }
-+ else if (*fmt == 'E')
-+ for (j = 0; j < XVECLEN (x, i); j++)
-+ if (check_out_of_frame_access_in_operand (XVECEXP (x, i, j), boundary))
-+ return TRUE;
-+
-+ return FALSE;
-+}
-+#endif
-diff -uNr gcc-3.4.3.orig/gcc/protector.h gcc-3.4.3/gcc/protector.h
---- gcc-3.4.3.orig/gcc/protector.h 1970-01-01 01:00:00.000000000 +0100
-+++ gcc-3.4.3/gcc/protector.h 2004-01-20 03:01:39.000000000 +0100
-@@ -0,0 +1,55 @@
-+/* RTL buffer overflow protection function for GNU C compiler
-+ Copyright (C) 2003 Free Software Foundation, Inc.
-+
-+This file is part of GCC.
-+
-+GCC is free software; you can redistribute it and/or modify it under
-+the terms of the GNU General Public License as published by the Free
-+Software Foundation; either version 2, or (at your option) any later
-+version.
-+
-+GCC is distributed in the hope that it will be useful, but WITHOUT ANY
-+WARRANTY; without even the implied warranty of MERCHANTABILITY or
-+FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
-+for more details.
-+
-+You should have received a copy of the GNU General Public License
-+along with GCC; see the file COPYING. If not, write to the Free
-+Software Foundation, 59 Temple Place - Suite 330, Boston, MA
-+02111-1307, USA. */
-+
-+
-+/* Declare GUARD variable. */
-+#define GUARD_m Pmode
-+#define UNITS_PER_GUARD \
-+ MAX(BIGGEST_ALIGNMENT / BITS_PER_UNIT, GET_MODE_SIZE (GUARD_m))
-+
-+#ifndef L_stack_smash_handler
-+
-+/* Insert a guard variable before a character buffer and change the order
-+ of pointer variables, character buffers and pointer arguments. */
-+
-+extern void prepare_stack_protection (int);
-+
-+#ifdef TREE_CODE
-+/* Search a character array from the specified type tree. */
-+
-+extern int search_string_def (tree);
-+#endif
-+
-+/* Examine whether the input contains frame pointer addressing. */
-+
-+extern int contains_fp (rtx);
-+
-+/* Return size that is not allocated for stack frame. It will be allocated
-+ to modify the home of pseudo registers called from global_alloc. */
-+
-+extern HOST_WIDE_INT get_frame_free_size (void);
-+
-+/* Allocate a local variable in the stack area before character buffers
-+ to avoid the corruption of it. */
-+
-+extern rtx assign_stack_local_for_pseudo_reg (enum machine_mode,
-+ HOST_WIDE_INT, int);
-+
-+#endif
-diff -uNr gcc-3.4.3.orig/gcc/reload1.c gcc-3.4.3/gcc/reload1.c
---- gcc-3.4.3.orig/gcc/reload1.c 2004-05-02 14:37:17.000000000 +0200
-+++ gcc-3.4.3/gcc/reload1.c 2004-11-24 18:35:31.812641048 +0100
-@@ -43,6 +43,7 @@
- #include "toplev.h"
- #include "except.h"
- #include "tree.h"
-+#include "protector.h"
-
- /* This file contains the reload pass of the compiler, which is
- run after register allocation has been done. It checks that
-@@ -891,7 +892,7 @@
- if (cfun->stack_alignment_needed)
- assign_stack_local (BLKmode, 0, cfun->stack_alignment_needed);
-
-- starting_frame_size = get_frame_size ();
-+ starting_frame_size = get_frame_size () - get_frame_free_size ();
-
- set_initial_elim_offsets ();
- set_initial_label_offsets ();
-@@ -955,7 +956,7 @@
- setup_save_areas ();
-
- /* If we allocated another stack slot, redo elimination bookkeeping. */
-- if (starting_frame_size != get_frame_size ())
-+ if (starting_frame_size != get_frame_size () - get_frame_free_size ())
- continue;
-
- if (caller_save_needed)
-@@ -974,7 +975,7 @@
-
- /* If we allocated any new memory locations, make another pass
- since it might have changed elimination offsets. */
-- if (starting_frame_size != get_frame_size ())
-+ if (starting_frame_size != get_frame_size () - get_frame_free_size ())
- something_changed = 1;
-
- {
-@@ -1066,11 +1067,11 @@
- if (insns_need_reload != 0 || something_needs_elimination
- || something_needs_operands_changed)
- {
-- HOST_WIDE_INT old_frame_size = get_frame_size ();
-+ HOST_WIDE_INT old_frame_size = get_frame_size () - get_frame_free_size ();
-
- reload_as_needed (global);
-
-- if (old_frame_size != get_frame_size ())
-+ if (old_frame_size != get_frame_size () - get_frame_free_size ())
- abort ();
-
- if (num_eliminable)
-@@ -1957,8 +1958,10 @@
- inherent space, and no less total space, then the previous slot. */
- if (from_reg == -1)
- {
-- /* No known place to spill from => no slot to reuse. */
-- x = assign_stack_local (GET_MODE (regno_reg_rtx[i]), total_size,
-+ /* No known place to spill from => no slot to reuse.
-+ For the stack protection, an allocated slot should be placed in
-+ the safe region from the stack smaching attack. */
-+ x = assign_stack_local_for_pseudo_reg (GET_MODE (regno_reg_rtx[i]), total_size,
- inherent_size == total_size ? 0 : -1);
- if (BYTES_BIG_ENDIAN)
- /* Cancel the big-endian correction done in assign_stack_local.
-diff -uNr gcc-3.4.3.orig/gcc/rtl.h gcc-3.4.3/gcc/rtl.h
---- gcc-3.4.3.orig/gcc/rtl.h 2004-10-13 01:35:32.000000000 +0200
-+++ gcc-3.4.3/gcc/rtl.h 2004-11-24 18:35:31.830638312 +0100
-@@ -473,6 +473,18 @@
- __FUNCTION__); \
- _rtx; })
-
-+#define RTL_FLAG_CHECK9(NAME, RTX, C1, C2, C3, C4, C5, C6, C7, C8, C9) \
-+ __extension__ \
-+({ rtx const _rtx = (RTX); \
-+ if (GET_CODE(_rtx) != C1 && GET_CODE(_rtx) != C2 \
-+ && GET_CODE(_rtx) != C3 && GET_CODE(_rtx) != C4 \
-+ && GET_CODE(_rtx) != C5 && GET_CODE(_rtx) != C6 \
-+ && GET_CODE(_rtx) != C7 && GET_CODE(_rtx) != C8 \
-+ && GET_CODE(_rtx) != C9) \
-+ rtl_check_failed_flag (NAME, _rtx, __FILE__, __LINE__, \
-+ __FUNCTION__); \
-+ _rtx; })
-+
- extern void rtl_check_failed_flag (const char *, rtx, const char *,
- int, const char *)
- ATTRIBUTE_NORETURN
-@@ -488,6 +500,7 @@
- #define RTL_FLAG_CHECK6(NAME, RTX, C1, C2, C3, C4, C5, C6) (RTX)
- #define RTL_FLAG_CHECK7(NAME, RTX, C1, C2, C3, C4, C5, C6, C7) (RTX)
- #define RTL_FLAG_CHECK8(NAME, RTX, C1, C2, C3, C4, C5, C6, C7, C8) (RTX)
-+#define RTL_FLAG_CHECK9(NAME, RTX, C1, C2, C3, C4, C5, C6, C7, C8, C9) (RTX)
- #endif
-
- #define CLEAR_RTX_FLAGS(RTX) \
-@@ -583,9 +596,9 @@
- #define LOG_LINKS(INSN) XEXP(INSN, 7)
-
- #define RTX_INTEGRATED_P(RTX) \
-- (RTL_FLAG_CHECK8("RTX_INTEGRATED_P", (RTX), INSN, CALL_INSN, \
-+ (RTL_FLAG_CHECK9("RTX_INTEGRATED_P", (RTX), INSN, CALL_INSN, \
- JUMP_INSN, INSN_LIST, BARRIER, CODE_LABEL, CONST, \
-- NOTE)->integrated)
-+ PLUS, NOTE)->integrated)
- #define RTX_UNCHANGING_P(RTX) \
- (RTL_FLAG_CHECK3("RTX_UNCHANGING_P", (RTX), REG, MEM, CONCAT)->unchanging)
- #define RTX_FRAME_RELATED_P(RTX) \
-@@ -1125,6 +1138,10 @@
- (RTL_FLAG_CHECK3("MEM_VOLATILE_P", (RTX), MEM, ASM_OPERANDS, \
- ASM_INPUT)->volatil)
-
-+/* 1 if RTX is an SET rtx that is not eliminated for the stack protection. */
-+#define SET_VOLATILE_P(RTX) \
-+ (RTL_FLAG_CHECK1("SET_VOLATILE_P", (RTX), SET)->volatil)
-+
- /* 1 if RTX is a mem that refers to an aggregate, either to the
- aggregate itself of to a field of the aggregate. If zero, RTX may
- or may not be such a reference. */
-diff -uNr gcc-3.4.3.orig/gcc/simplify-rtx.c gcc-3.4.3/gcc/simplify-rtx.c
---- gcc-3.4.3.orig/gcc/simplify-rtx.c 2004-10-10 23:53:35.000000000 +0200
-+++ gcc-3.4.3/gcc/simplify-rtx.c 2004-11-24 18:35:31.858634056 +0100
-@@ -2287,6 +2287,7 @@
- int n_ops = 2, input_ops = 2, input_consts = 0, n_consts;
- int first, changed;
- int i, j;
-+ HOST_WIDE_INT fp_offset = 0;
-
- memset (ops, 0, sizeof ops);
-
-@@ -2312,6 +2313,10 @@
- switch (this_code)
- {
- case PLUS:
-+ if (flag_propolice_protection
-+ && XEXP (this_op, 0) == virtual_stack_vars_rtx
-+ && GET_CODE (XEXP (this_op, 1)) == CONST_INT)
-+ fp_offset = INTVAL (XEXP (this_op, 1));
- case MINUS:
- if (n_ops == 7)
- return NULL_RTX;
-@@ -2473,11 +2478,24 @@
- && GET_CODE (ops[n_ops - 1].op) == CONST_INT
- && CONSTANT_P (ops[n_ops - 2].op))
- {
-- rtx value = ops[n_ops - 1].op;
-- if (ops[n_ops - 1].neg ^ ops[n_ops - 2].neg)
-- value = neg_const_int (mode, value);
-- ops[n_ops - 2].op = plus_constant (ops[n_ops - 2].op, INTVAL (value));
-- n_ops--;
-+ if (!flag_propolice_protection)
-+ {
-+ rtx value = ops[n_ops - 1].op;
-+ if (ops[n_ops - 1].neg ^ ops[n_ops - 2].neg)
-+ value = neg_const_int (mode, value);
-+ ops[n_ops - 2].op = plus_constant (ops[n_ops - 2].op, INTVAL (value));
-+ n_ops--;
-+ }
-+ /* The stack protector keeps the addressing style of a local variable,
-+ so it doesn't use neg_const_int function not to change
-+ the offset value. */
-+ else {
-+ HOST_WIDE_INT value = INTVAL (ops[n_ops - 1].op);
-+ if (ops[n_ops - 1].neg ^ ops[n_ops - 2].neg)
-+ value = -value;
-+ ops[n_ops - 2].op = plus_constant (ops[n_ops - 2].op, value);
-+ n_ops--;
-+ }
- }
-
- /* Count the number of CONSTs that we generated. */
-@@ -2495,6 +2513,59 @@
- || (n_ops + n_consts == input_ops && n_consts <= input_consts)))
- return NULL_RTX;
-
-+ if (flag_propolice_protection)
-+ {
-+ /* keep the addressing style of local variables
-+ as (plus (virtual_stack_vars_rtx) (CONST_int x)).
-+ For the case array[r-1],
-+ converts from (+ (+VFP c1) (+r -1)) to (SET R (+VFP c1)) (+ R (+r -1)).
-+
-+ This loop finds ops[i] which is the register for the frame
-+ addressing, Then, makes the frame addressing using the register and
-+ the constant of ops[n_ops - 1]. */
-+ for (i = 0; i < n_ops; i++)
-+#ifdef FRAME_GROWS_DOWNWARD
-+ if (ops[i].op == virtual_stack_vars_rtx)
-+#else
-+ if (ops[i].op == virtual_stack_vars_rtx
-+ || ops[i].op == frame_pointer_rtx)
-+#endif
-+ {
-+ if (GET_CODE (ops[n_ops - 1].op) == CONST_INT)
-+ {
-+ HOST_WIDE_INT value = INTVAL (ops[n_ops - 1].op);
-+ if (value >= fp_offset)
-+ {
-+ ops[i].op = plus_constant (ops[i].op, value);
-+ n_ops--;
-+ }
-+ else
-+ {
-+ if (!force
-+ && (n_ops + 1 + n_consts > input_ops
-+ || (n_ops + 1 + n_consts == input_ops
-+ && n_consts <= input_consts)))
-+ return NULL_RTX;
-+ ops[n_ops - 1].op = GEN_INT (value-fp_offset);
-+ ops[i].op = plus_constant (ops[i].op, fp_offset);
-+ }
-+ }
-+ /* keep the following address pattern;
-+ (1) buf[BUFSIZE] is the first assigned variable.
-+ (+ (+ fp -BUFSIZE) BUFSIZE)
-+ (2) ((+ (+ fp 1) r) -1). */
-+ else if (fp_offset != 0)
-+ return NULL_RTX;
-+ /* keep the (+ fp 0) pattern for the following case;
-+ (1) buf[i]: i: REG, buf: (+ fp 0) in !FRAME_GROWS_DOWNWARD
-+ (2) argument: the address is (+ fp 0). */
-+ else if (fp_offset == 0)
-+ return NULL_RTX;
-+
-+ break;
-+ }
-+ }
-+
- /* Put a non-negated operand first, if possible. */
-
- for (i = 0; i < n_ops && ops[i].neg; i++)
-diff -uNr gcc-3.4.3.orig/gcc/testsuite/gcc.dg/ssp-warn.c gcc-3.4.3/gcc/testsuite/gcc.dg/ssp-warn.c
---- gcc-3.4.3.orig/gcc/testsuite/gcc.dg/ssp-warn.c 1970-01-01 01:00:00.000000000 +0100
-+++ gcc-3.4.3/gcc/testsuite/gcc.dg/ssp-warn.c 2003-11-21 09:41:19.000000000 +0100
-@@ -0,0 +1,32 @@
-+/* { dg-do compile } */
-+/* { dg-options "-fstack-protector" } */
-+void
-+test1()
-+{
-+ void intest1(int *a)
-+ {
-+ *a ++;
-+ }
-+
-+ char buf[80];
-+
-+ buf[0] = 0;
-+} /* { dg-bogus "not protecting function: it contains functions" } */
-+
-+void
-+test2(int n)
-+{
-+ char buf[80];
-+ char vbuf[n];
-+
-+ buf[0] = 0;
-+ vbuf[0] = 0;
-+} /* { dg-bogus "not protecting variables: it has a variable length buffer" } */
-+
-+void
-+test3()
-+{
-+ char buf[5];
-+
-+ buf[0] = 0;
-+} /* { dg-bogus "not protecting function: buffer is less than 8 bytes long" } */
-diff -uNr gcc-3.4.3.orig/gcc/testsuite/gcc.misc-tests/ssp-execute1.c gcc-3.4.3/gcc/testsuite/gcc.misc-tests/ssp-execute1.c
---- gcc-3.4.3.orig/gcc/testsuite/gcc.misc-tests/ssp-execute1.c 1970-01-01 01:00:00.000000000 +0100
-+++ gcc-3.4.3/gcc/testsuite/gcc.misc-tests/ssp-execute1.c 2004-02-16 06:15:39.000000000 +0100
-@@ -0,0 +1,54 @@
-+/* Test location changes of character array. */
-+
-+void
-+test(int i)
-+{
-+ int ibuf1[10];
-+ char buf[50];
-+ int ibuf2[10];
-+ char buf2[50000];
-+ int ibuf3[10];
-+ char *p;
-+
-+ /* c1: the frame offset of buf[0]
-+ c2: the frame offset of buf2[0]
-+ */
-+ p= &buf[0]; *p=1; /* expected rtl: (+ fp -c1) */
-+ if (*p != buf[0])
-+ abort();
-+ p= &buf[5]; *p=2; /* expected rtl: (+ fp -c1+5) */
-+ if (*p != buf[5])
-+ abort();
-+ p= &buf[-1]; *p=3; /* expected rtl: (+ (+ fp -c1) -1) */
-+ if (*p != buf[-1])
-+ abort();
-+ p= &buf[49]; *p=4; /* expected rtl: (+ fp -c1+49) */
-+ if (*p != buf[49])
-+ abort();
-+ p = &buf[i+5]; *p=5; /* expected rtl: (+ (+ fp -c1) (+ i 5)) */
-+ if (*p != buf[i+5])
-+ abort ();
-+ p = buf - 1; *p=6; /* expected rtl: (+ (+ fp -c1) -1) */
-+ if (*p != buf[-1])
-+ abort ();
-+ p = 1 + buf; *p=7; /* expected rtl: (+ (+ fp -c1) 1) */
-+ if (*p != buf[1])
-+ abort ();
-+ p = &buf[1] - 1; *p=8; /* expected rtl: (+ (+ fp -c1+1) -1) */
-+ if (*p != buf[0])
-+ abort ();
-+
-+ /* test big offset which is greater than the max value of signed 16 bit integer. */
-+ p = &buf2[45555]; *p=9; /* expected rtl: (+ fp -c2+45555) */
-+ if (*p != buf2[45555])
-+ abort ();
-+}
-+
-+int main()
-+{
-+ test(10);
-+ exit(0);
-+}
-+
-+
-+
-diff -uNr gcc-3.4.3.orig/gcc/testsuite/gcc.misc-tests/ssp-execute2.c gcc-3.4.3/gcc/testsuite/gcc.misc-tests/ssp-execute2.c
---- gcc-3.4.3.orig/gcc/testsuite/gcc.misc-tests/ssp-execute2.c 1970-01-01 01:00:00.000000000 +0100
-+++ gcc-3.4.3/gcc/testsuite/gcc.misc-tests/ssp-execute2.c 2003-11-22 09:44:33.000000000 +0100
-@@ -0,0 +1,49 @@
-+void
-+test(int i, char *j, int k)
-+{
-+ int a[10];
-+ char b;
-+ int c;
-+ long *d;
-+ char buf[50];
-+ long e[10];
-+ int n;
-+
-+ a[0] = 4;
-+ b = 5;
-+ c = 6;
-+ d = (long*)7;
-+ e[0] = 8;
-+
-+ /* overflow buffer */
-+ for (n = 0; n < 120; n++)
-+ buf[n] = 0;
-+
-+ if (j == 0 || *j != 2)
-+ abort ();
-+ if (a[0] == 0)
-+ abort ();
-+ if (b == 0)
-+ abort ();
-+ if (c == 0)
-+ abort ();
-+ if (d == 0)
-+ abort ();
-+ if (e[0] == 0)
-+ abort ();
-+
-+ exit (0);
-+}
-+
-+int main()
-+{
-+ int i, k;
-+ int j[40];
-+ i = 1;
-+ j[39] = 2;
-+ k = 3;
-+ test(i, &j[39], k);
-+}
-+
-+
-+
-diff -uNr gcc-3.4.3.orig/gcc/testsuite/gcc.misc-tests/ssp-execute.exp gcc-3.4.3/gcc/testsuite/gcc.misc-tests/ssp-execute.exp
---- gcc-3.4.3.orig/gcc/testsuite/gcc.misc-tests/ssp-execute.exp 1970-01-01 01:00:00.000000000 +0100
-+++ gcc-3.4.3/gcc/testsuite/gcc.misc-tests/ssp-execute.exp 2004-06-02 13:23:36.000000000 +0200
-@@ -0,0 +1,35 @@
-+# Copyright (C) 2003, 2004 Free Software Foundation, Inc.
-+
-+# This program is free software; you can redistribute it and/or modify
-+# it under the terms of the GNU General Public License as published by
-+# the Free Software Foundation; either version 2 of the License, or
-+# (at your option) any later version.
-+#
-+# This program is distributed in the hope that it will be useful,
-+# but WITHOUT ANY WARRANTY; without even the implied warranty of
-+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+# GNU General Public License for more details.
-+#
-+# You should have received a copy of the GNU General Public License
-+# along with this program; if not, write to the Free Software
-+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-+
-+if $tracelevel then {
-+ strace $tracelevel
-+}
-+
-+# Load support procs.
-+load_lib c-torture.exp
-+
-+#
-+# main test loop
-+#
-+
-+foreach src [lsort [glob -nocomplain $srcdir/$subdir/ssp-execute*.c]] {
-+ # If we're only testing specific files and this isn't one of them, skip it.
-+ if ![runtest_file_p $runtests $src] then {
-+ continue
-+ }
-+
-+ c-torture-execute $src -fstack-protector
-+}
-diff -uNr gcc-3.4.3.orig/gcc/toplev.c gcc-3.4.3/gcc/toplev.c
---- gcc-3.4.3.orig/gcc/toplev.c 2004-07-26 16:42:11.000000000 +0200
-+++ gcc-3.4.3/gcc/toplev.c 2004-11-24 18:35:31.000000000 +0100
-@@ -79,6 +79,7 @@
- #include "coverage.h"
- #include "value-prof.h"
- #include "alloc-pool.h"
-+#include "protector.h"
-
- #if defined (DWARF2_UNWIND_INFO) || defined (DWARF2_DEBUGGING_INFO)
- #include "dwarf2out.h"
-@@ -97,6 +98,10 @@
- declarations for e.g. AIX 4.x. */
- #endif
-
-+#ifdef STACK_PROTECTOR
-+#include "protector.h"
-+#endif
-+
- #ifndef HAVE_conditional_execution
- #define HAVE_conditional_execution 0
- #endif
-@@ -979,6 +984,15 @@
- minimum function alignment. Zero means no alignment is forced. */
- int force_align_functions_log;
-
-+#if defined(STACK_PROTECTOR) && defined(STACK_GROWS_DOWNWARD)
-+/* Nonzero means use propolice as a stack protection method */
-+int flag_propolice_protection = 1;
-+int flag_stack_protection = 0;
-+#else
-+int flag_propolice_protection = 0;
-+int flag_stack_protection = 0;
-+#endif
-+
- typedef struct
- {
- const char *const string;
-@@ -1154,7 +1168,9 @@
- {"mem-report", &mem_report, 1 },
- { "trapv", &flag_trapv, 1 },
- { "wrapv", &flag_wrapv, 1 },
-- { "new-ra", &flag_new_regalloc, 1 }
-+ { "new-ra", &flag_new_regalloc, 1 },
-+ {"stack-protector", &flag_propolice_protection, 1 },
-+ {"stack-protector-all", &flag_stack_protection, 1 }
- };
-
- /* Here is a table, controlled by the tm.h file, listing each -m switch
-@@ -2686,6 +2702,9 @@
-
- insns = get_insns ();
-
-+ if (flag_propolice_protection)
-+ prepare_stack_protection (inlinable);
-+
- /* Dump the rtl code if we are dumping rtl. */
-
- if (open_dump_file (DFI_rtl, decl))
-@@ -4483,6 +4502,12 @@
- /* The presence of IEEE signaling NaNs, implies all math can trap. */
- if (flag_signaling_nans)
- flag_trapping_math = 1;
-+
-+ /* This combination makes optimized frame addressings and causes
-+ a internal compilation error at prepare_stack_protection.
-+ so don't allow it. */
-+ if (flag_stack_protection && !flag_propolice_protection)
-+ flag_propolice_protection = TRUE;
- }
-
- /* Initialize the compiler back end. */
-diff -uNr gcc-3.4.3.orig/gcc/tree.h gcc-3.4.3/gcc/tree.h
---- gcc-3.4.3.orig/gcc/tree.h 2004-11-24 18:04:19.000000000 +0100
-+++ gcc-3.4.3/gcc/tree.h 2004-11-24 18:35:31.000000000 +0100
-@@ -1489,6 +1489,10 @@
- where it is called. */
- #define DECL_INLINE(NODE) (FUNCTION_DECL_CHECK (NODE)->decl.inline_flag)
-
-+/* In a VAR_DECL, nonzero if the declaration is copied for inlining.
-+ The stack protector should keep its location in the stack. */
-+#define DECL_COPIED(NODE) (VAR_DECL_CHECK (NODE)->decl.inline_flag)
-+
- /* Nonzero in a FUNCTION_DECL means that this function was declared inline,
- such as via the `inline' keyword in C/C++. This flag controls the linkage
- semantics of 'inline'; whether or not the function is inlined is