This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

Re: gcc stack-smashing protector (for gcc-ss-20001101)


This patch introduces -fstack-protector option, which is a stack-smashing 
protection mechanism to the latest snapshot (gcc-ss-20001101).
This patch and new files (protector.h and protector.c) are bootstraped
and tested on i686-pc-linux-gnu and powerpc-ibm-aix4.4.0.

Please see the web page
(http://www.trl.ibm.co.jp/projects/security/propolice/) for details and
what is a stack-smashing protection.

Hiroaki Etoh,  Tokyo Research Laboratory, IBM Japan

2000-11-02  Hiroaki Etoh  <etoh@jp.ibm.com>

	* Add -fstack-protector option, which enables generating the stack
	protection code to detect buffer overflow and the stop its
	execution
	
	* protector.c: New file
	* protector.h: New file

	* Makefile.in: Add new file protector.c and new library member
	_stack_smash_handler in libgcc2.c
	* builtins.c (get_memory_rtx): Specify EXPAND_NORMAL as an argument of
	expand_expr in the case of using stack smashing protection
	* cse.c (cse_insn): Don't record equivalence of the register that
	duplicates a pointer in a function argument to prevent the corruption
	of buffer overflow
	* dbxout.c (dbxout_parms): Change the debug info of duplicated
	pointer argument in the case of using stack smashing protection
	* expr.c (expand_expr):  Specify ro_modifier in stead of EXPAND_SUM as
	an argument of expand_expr in the case of stack smashing protection
	* function.c (assign_stack_temp_for_type, combine_temp_slots): Add the
	special handling of character buffer for the reuse of
	allocated stack space
	* function.c (put_reg_into_stack): Change the location of allocated
	stack area for the spilled-out pseuso register in the case of stack
	smashing protection
	* gcse.c (cprop_insn): Don't eliminate the register that duplicates
	a pointer in a function argument to prevent the corruption
	of buffer overflow
	* integrate.c (expand_inline_function): Specify EXPAND_NORMAL as an
	argument of expand_expr in the case of using stack smashing protection
	* libgcc2.c (__guard_setup, __stack_smash_handler): New function.
	* reload1.c (alter_reg): Change the location of allocated stack area
	for the spilled-out pseuso register in the case of
	stack smashing protection
	* toplev.c (rest_of_compilation, f_options): Add the function of
	stack smashing protection

Index: gcc/Makefile.in
===================================================================
RCS file: /cvs/gcc/egcs/gcc/Makefile.in,v
retrieving revision 1.532
diff -c -r1.532 Makefile.in
*** Makefile.in	2000/10/28 17:59:04	1.532
--- Makefile.in	2000/11/02 12:56:34
***************
*** 734,740 ****
   profile.o insn-attrtab.o $(out_object_file) $(EXTRA_OBJS) convert.o	      \
   mbchar.o splay-tree.o graph.o sbitmap.o resource.o hash.o predict.o	      \
   lists.o ggc-common.o $(GGC) simplify-rtx.o ssa.o bb-reorder.o		      \
!  sibcall.o conflict.o timevar.o ifcvt.o dependence.o dce.o
  
  BACKEND = toplev.o libbackend.a
  
--- 734,740 ----
   profile.o insn-attrtab.o $(out_object_file) $(EXTRA_OBJS) convert.o	      \
   mbchar.o splay-tree.o graph.o sbitmap.o resource.o hash.o predict.o	      \
   lists.o ggc-common.o $(GGC) simplify-rtx.o ssa.o bb-reorder.o		      \
!  sibcall.o conflict.o timevar.o ifcvt.o dependence.o dce.o protector.o
  
  BACKEND = toplev.o libbackend.a
  
***************
*** 783,789 ****
      _bb _shtab _clear_cache _trampoline __main _exit \
      _absvsi2 _absvdi2 _addvsi3 _addvdi3 _subvsi3 _subvdi3 \
      _mulvsi3 _mulvdi3 _negvsi2 _negvdi2 \
!     _ctors
  
  LIB2FUNCS_EH = _eh
  
--- 783,789 ----
      _bb _shtab _clear_cache _trampoline __main _exit \
      _absvsi2 _absvdi2 _addvsi3 _addvdi3 _subvsi3 _subvdi3 \
      _mulvsi3 _mulvdi3 _negvsi2 _negvdi2 \
!     _ctors _stack_smash_handler
  
  LIB2FUNCS_EH = _eh
  
Index: gcc/builtins.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/builtins.c,v
retrieving revision 1.62
diff -c -r1.62 builtins.c
*** builtins.c	2000/11/01 03:22:21	1.62
--- builtins.c	2000/11/02 12:56:36
***************
*** 40,45 ****
--- 40,46 ----
  #include "defaults.h"
  #include "toplev.h"
  #include "tm_p.h"
+ #include "protector.h"
  
  #define CALLED_AS_BUILT_IN(NODE) \
     (!strncmp (IDENTIFIER_POINTER (DECL_NAME (NODE)), "__builtin_", 10))
***************
*** 552,558 ****
    rtx mem = gen_rtx_MEM (BLKmode,
  			 memory_address (BLKmode,
  					 expand_expr (exp, NULL_RTX,
! 						      ptr_mode, EXPAND_SUM)));
  
    /* Get an expression we can use to find the attributes to assign to MEM.
       If it is an ADDR_EXPR, use the operand.  Otherwise, dereference it if
--- 553,559 ----
    rtx mem = gen_rtx_MEM (BLKmode,
  			 memory_address (BLKmode,
  					 expand_expr (exp, NULL_RTX,
! 						      ptr_mode, flag_propolice_protection?EXPAND_NORMAL:EXPAND_SUM)));
  
    /* Get an expression we can use to find the attributes to assign to MEM.
       If it is an ADDR_EXPR, use the operand.  Otherwise, dereference it if
Index: gcc/cse.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/cse.c,v
retrieving revision 1.163
diff -c -r1.163 cse.c
*** cse.c	2000/10/26 00:17:53	1.163
--- cse.c	2000/11/02 12:56:41
***************
*** 38,43 ****
--- 38,44 ----
  #include "toplev.h"
  #include "output.h"
  #include "ggc.h"
+ #include "protector.h"
  
  /* The basic idea of common subexpression elimination is to go
     through the code, keeping a record of expressions that would
***************
*** 4748,4753 ****
--- 4749,4757 ----
        if (SET_DEST (x) == pc_rtx
  	  && GET_CODE (SET_SRC (x)) == LABEL_REF)
  	;
+       /* cut the reg propagation of stack-protected argument */
+       else if (x->volatil)
+ 	make_new_qty (REGNO (SET_DEST (x)), GET_MODE (SET_DEST (x)));
  
        /* Don't count call-insns, (set (reg 0) (call ...)), as a set.
  	 The hard function value register is used only once, to copy to
***************
*** 6235,6240 ****
--- 6239,6248 ----
  	      rtx dest = SET_DEST (sets[0].rtl);
  	      rtx src = SET_SRC (sets[0].rtl);
  	      rtx note = find_reg_note (prev, REG_EQUIV, NULL_RTX);
+ 
+ 	      /* update the debug info of stack-protected argument */
+ 	      if (PATTERN (prev)->volatil)
+ 		set_debuginfo_of_escaped_arg (dest,SET_DEST (PATTERN (prev)));
  
  	      validate_change (prev, &SET_DEST (PATTERN (prev)), dest, 1);
  	      validate_change (insn, &SET_DEST (sets[0].rtl), src, 1);
Index: gcc/dbxout.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/dbxout.c,v
retrieving revision 1.66
diff -c -r1.66 dbxout.c
*** dbxout.c	2000/10/10 00:13:09	1.66
--- dbxout.c	2000/11/02 12:56:42
***************
*** 2302,2307 ****
--- 2302,2310 ----
    for (; parms; parms = TREE_CHAIN (parms))
      if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
        {
+ 	/* change the debug info of escaped argument for stack protection */
+ 	update_debuginfo_using_escaped_arg_list (parms);
+ 	
  	dbxout_prepare_symbol (parms);
  
  	/* Perform any necessary register eliminations on the parameter's rtl,
Index: gcc/expr.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/expr.c,v
retrieving revision 1.274
diff -c -r1.274 expr.c
*** expr.c	2000/10/31 16:02:44	1.274
--- expr.c	2000/11/02 12:56:49
***************
*** 44,49 ****
--- 44,50 ----
  #include "ggc.h"
  #include "intl.h"
  #include "tm_p.h"
+ #include "protector.h"
  
  #ifndef ACCUMULATE_OUTGOING_ARGS
  #define ACCUMULATE_OUTGOING_ARGS 0
***************
*** 6513,6519 ****
   	  return
  	    GEN_INT (TREE_STRING_POINTER (string)[TREE_INT_CST_LOW (index)]);
  
! 	op0 = expand_expr (exp1, NULL_RTX, VOIDmode, EXPAND_SUM);
  	op0 = memory_address (mode, op0);
  
  	if (cfun && current_function_check_memory_usage
--- 6514,6520 ----
   	  return
  	    GEN_INT (TREE_STRING_POINTER (string)[TREE_INT_CST_LOW (index)]);
  
! 	op0 = expand_expr (exp1, NULL_RTX, VOIDmode, flag_propolice_protection?ro_modifier:EXPAND_SUM);
  	op0 = memory_address (mode, op0);
  
  	if (cfun && current_function_check_memory_usage
Index: gcc/function.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/function.c,v
retrieving revision 1.227
diff -c -r1.227 function.c
*** function.c	2000/10/20 18:49:24	1.227
--- function.c	2000/11/02 12:56:53
***************
*** 59,64 ****
--- 59,65 ----
  #include "hash.h"
  #include "ggc.h"
  #include "tm_p.h"
+ #include "protector.h"
  
  #ifndef ACCUMULATE_OUTGOING_ARGS
  #define ACCUMULATE_OUTGOING_ARGS 0
***************
*** 161,166 ****
--- 162,171 ----
  /* Array of INSN_UIDs to hold the INSN_UIDs for each sibcall epilogue
     in this function.  */
  static varray_type sibcall_epilogue;
+ 
+ /* Current boundary mark for character arrays.  */
+ int temp_boundary_mark = 0;
+ 
  
  /* In order to evaluate some expressions, such as function calls returning
     structures in memory, we need to temporarily allocate stack locations.
***************
*** 220,225 ****
--- 225,232 ----
    /* The size of the slot, including extra space for alignment.  This
       info is for combine_temp_slots.  */
    HOST_WIDE_INT full_size;
+   /* Boundary mark of a character array and the others. This info is for ProPolice */
+   int boundary_mark;
  };
  
  /* This structure is used to record MEMs or pseudos used to replace VAR, any
***************
*** 658,663 ****
--- 665,671 ----
    int align;
    HOST_WIDE_INT alias_set;
    struct temp_slot *p, *best_p = 0;
+   int char_array = type && (TREE_TYPE (type)==char_type_node);
  
    /* If SIZE is -1 it means that somebody tried to allocate a temporary
       of a variable size.  */
***************
*** 692,698 ****
  	&& (! flag_strict_aliasing
  	    || (alias_set && p->alias_set == alias_set))
  	&& (best_p == 0 || best_p->size > p->size
! 	    || (best_p->size == p->size && best_p->align > p->align)))
        {
  	if (p->align == align && p->size == size)
  	  {
--- 700,707 ----
  	&& (! flag_strict_aliasing
  	    || (alias_set && p->alias_set == alias_set))
  	&& (best_p == 0 || best_p->size > p->size
! 	    || (best_p->size == p->size && best_p->align > p->align))
! 	&& (! char_array || p->boundary_mark != 0))
        {
  	if (p->align == align && p->size == size)
  	  {
***************
*** 727,732 ****
--- 736,742 ----
  	      p->address = 0;
  	      p->rtl_expr = 0;
  	      p->alias_set = best_p->alias_set;
+ 	      p->boundary_mark = best_p->boundary_mark;
  	      p->next = temp_slots;
  	      temp_slots = p;
  
***************
*** 788,793 ****
--- 798,804 ----
        p->full_size = frame_offset - frame_offset_old;
  #endif
        p->address = 0;
+       p->boundary_mark = char_array?++temp_boundary_mark:0;
        p->next = temp_slots;
        temp_slots = p;
      }
***************
*** 922,935 ****
  	    int delete_q = 0;
  	    if (! q->in_use && GET_MODE (q->slot) == BLKmode)
  	      {
! 		if (p->base_offset + p->full_size == q->base_offset)
  		  {
  		    /* Q comes after P; combine Q into P.  */
  		    p->size += q->size;
  		    p->full_size += q->full_size;
  		    delete_q = 1;
  		  }
! 		else if (q->base_offset + q->full_size == p->base_offset)
  		  {
  		    /* P comes after Q; combine P into Q.  */
  		    q->size += p->size;
--- 933,948 ----
  	    int delete_q = 0;
  	    if (! q->in_use && GET_MODE (q->slot) == BLKmode)
  	      {
! 		if (p->base_offset + p->full_size == q->base_offset &&
! 		    p->boundary_mark == q->boundary_mark)
  		  {
  		    /* Q comes after P; combine Q into P.  */
  		    p->size += q->size;
  		    p->full_size += q->full_size;
  		    delete_q = 1;
  		  }
! 		else if (q->base_offset + q->full_size == p->base_offset &&
! 			 p->boundary_mark == q->boundary_mark)
  		  {
  		    /* P comes after Q; combine P into Q.  */
  		    q->size += p->size;
***************
*** 1481,1487 ****
      new = func->x_parm_reg_stack_loc[regno];
  
    if (new == 0)
!     new = assign_stack_local_1 (decl_mode, GET_MODE_SIZE (decl_mode), 0, func);
  
    PUT_CODE (reg, MEM);
    PUT_MODE (reg, decl_mode);
--- 1494,1502 ----
      new = func->x_parm_reg_stack_loc[regno];
  
    if (new == 0)
!     new = function ?
! 	assign_stack_local_1 (decl_mode, GET_MODE_SIZE (decl_mode), 0, func):
! 	assign_stack_local_for_pseudo_reg (decl_mode, GET_MODE_SIZE (decl_mode), 0);
  
    PUT_CODE (reg, MEM);
    PUT_MODE (reg, decl_mode);
***************
*** 7375,7380 ****
--- 7390,7401 ----
  	}
      }
  #endif /* HAVE_prologue or HAVE_epilogue */
+ }
+ 
+ tree
+ query_trampoline_list()
+ {
+     return trampoline_list;
  }
  
  /* Mark T for GC.  */
Index: gcc/function.h
===================================================================
RCS file: /cvs/gcc/egcs/gcc/function.h,v
retrieving revision 1.57
diff -c -r1.57 function.h
*** function.h	2000/10/13 06:26:26	1.57
--- function.h	2000/11/02 12:56:53
***************
*** 600,605 ****
--- 600,608 ----
  /* Called once, at initialization, to initialize function.c.  */
  extern void init_function_once          PARAMS ((void));
  
+ /* List of trampolines, used in protector.c */
+ extern tree query_trampoline_list	PARAMS ((void));
+ 
  #ifdef rtx
  #undef rtx
  #endif
Index: gcc/gcse.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/gcse.c,v
retrieving revision 1.108
diff -c -r1.108 gcse.c
*** gcse.c	2000/10/24 22:49:39	1.108
--- gcse.c	2000/11/02 12:56:56
***************
*** 3894,3900 ****
        /* Find an assignment that sets reg_used and is available
  	 at the start of the block.  */
        set = find_avail_set (regno, insn);
!       if (! set)
  	continue;
    
        pat = set->expr;
--- 3894,3900 ----
        /* Find an assignment that sets reg_used and is available
  	 at the start of the block.  */
        set = find_avail_set (regno, insn);
!       if (! set || set->expr->volatil)
  	continue;
    
        pat = set->expr;
Index: gcc/integrate.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/integrate.c,v
retrieving revision 1.119
diff -c -r1.119 integrate.c
*** integrate.c	2000/10/29 09:14:22	1.119
--- integrate.c	2000/11/02 12:56:58
***************
*** 40,45 ****
--- 40,46 ----
  #include "toplev.h"
  #include "intl.h"
  #include "loop.h"
+ #include "protector.h"
  
  #include "obstack.h"
  #define	obstack_chunk_alloc	xmalloc
***************
*** 735,744 ****
  	    arg_vals[i] = convert_modes (GET_MODE (loc),
  					 TYPE_MODE (TREE_TYPE (arg)),
  					 expand_expr (arg, NULL_RTX, mode,
! 						      EXPAND_SUM),
  					 TREE_UNSIGNED (TREE_TYPE (formal)));
  	  else
! 	    arg_vals[i] = expand_expr (arg, NULL_RTX, mode, EXPAND_SUM);
  	}
        else
  	arg_vals[i] = 0;
--- 736,745 ----
  	    arg_vals[i] = convert_modes (GET_MODE (loc),
  					 TYPE_MODE (TREE_TYPE (arg)),
  					 expand_expr (arg, NULL_RTX, mode,
! 						      flag_propolice_protection?EXPAND_NORMAL:EXPAND_SUM),
  					 TREE_UNSIGNED (TREE_TYPE (formal)));
  	  else
! 	    arg_vals[i] = expand_expr (arg, NULL_RTX, mode, flag_propolice_protection?EXPAND_NORMAL:EXPAND_SUM);
  	}
        else
  	arg_vals[i] = 0;
Index: gcc/libgcc2.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/libgcc2.c,v
retrieving revision 1.106
diff -c -r1.106 libgcc2.c
*** libgcc2.c	2000/11/01 00:43:16	1.106
--- libgcc2.c	2000/11/02 12:56:59
***************
*** 4337,4339 ****
--- 4337,4369 ----
  #endif /* IA64_UNWIND_INFO  */
  
  #endif /* L_eh */
+ 
+ #ifdef L_stack_smash_handler
+ #include <fcntl.h>
+ char __guard[32] = "";
+ static void __guard_setup (void) __attribute__ ((constructor)) ;
+ static void __guard_setup (void)
+ {
+   int fd;
+   if (((int*)__guard)[0]!=0) return;
+   fd = open ("/dev/urandom", 0);
+   if (fd != -1) {
+     ssize_t size = read (fd, &__guard, sizeof(__guard));
+     close (fd) ;
+     if (size == sizeof(__guard)) return;
+   }
+   /* If a random generator can't be used, the protector switches the guard
+      to the "terminator canary" */
+   __guard[0] = 0; __guard[1] = 0; __guard[2] = '\n'; __guard[3] = 255;
+ }
+ void __stack_smash_handler (char func[], int damaged)
+ {
+   char *message = ": stack smashing attack? " ;
+   volatile char *faultloc;
+   write (STDERR_FILENO, func, strlen(func));
+   write (STDERR_FILENO, message, strlen(message));
+   faultloc = 0; *faultloc = *faultloc;
+   exit (666) ;
+ }
+ #endif
+ 
Index: gcc/reload1.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/reload1.c,v
retrieving revision 1.234
diff -c -r1.234 reload1.c
*** reload1.c	2000/10/28 19:36:04	1.234
--- reload1.c	2000/11/02 12:57:05
***************
*** 41,46 ****
--- 41,47 ----
  #include "cselib.h"
  #include "real.h"
  #include "toplev.h"
+ #include "protector.h"
  
  #if !defined PREFERRED_STACK_BOUNDARY && defined STACK_BOUNDARY
  #define PREFERRED_STACK_BOUNDARY STACK_BOUNDARY
***************
*** 1900,1906 ****
        if (from_reg == -1)
  	{
  	  /* No known place to spill from => no slot to reuse.  */
! 	  x = assign_stack_local (GET_MODE (regno_reg_rtx[i]), total_size,
  				  inherent_size == total_size ? 0 : -1);
  	  if (BYTES_BIG_ENDIAN)
  	    /* Cancel the  big-endian correction done in assign_stack_local.
--- 1901,1907 ----
        if (from_reg == -1)
  	{
  	  /* No known place to spill from => no slot to reuse.  */
! 	  x = assign_stack_local_for_pseudo_reg (GET_MODE (regno_reg_rtx[i]), total_size,
  				  inherent_size == total_size ? 0 : -1);
  	  if (BYTES_BIG_ENDIAN)
  	    /* Cancel the  big-endian correction done in assign_stack_local.
Index: gcc/toplev.c
===================================================================
RCS file: /cvs/gcc/egcs/gcc/toplev.c,v
retrieving revision 1.393
diff -c -r1.393 toplev.c
*** toplev.c	2000/10/31 10:09:34	1.393
--- toplev.c	2000/11/02 12:57:08
***************
*** 903,908 ****
--- 903,915 ----
  int align_functions;
  int align_functions_log;
  
+ #ifdef STACK_PROTECTOR
+ /* Nonzero means use ProPolice as a stack protection method */
+ int flag_propolice_protection = 1;
+ #else
+ int flag_propolice_protection = 0;
+ #endif
+ 
  /* Table of supported debugging formats.  */
  static struct
  {
***************
*** 1151,1156 ****
--- 1158,1167 ----
     "Report on permanent memory allocation at end of run"},
    { "trapv", &flag_trapv, 1,
      "Trap for signed overflow in addition / subtraction / multiplication." },
+   {"stack-protector", &flag_propolice_protection, 1,
+    "Enables stack protection" },
+   {"no-stack-protector", &flag_propolice_protection, 0,
+    "Disables stack protection" },
  };
  
  /* Table of language-specific options.  */
***************
*** 2778,2783 ****
--- 2789,2796 ----
  
        insns = get_insns ();
  
+       if (flag_propolice_protection) prepare_stack_protection ();
+   
        /* Dump the rtl code if we are dumping rtl.  */
  
        if (open_dump_file (DFI_rtl, decl))
*** /dev/null	Wed May  6 05:32:27 1998
--- protector.h	Tue Oct 31 11:32:25 2000
***************
*** 0 ****
--- 1,46 ----
+ /* Top level of GNU C compiler
+    Copyright (C) 1987, 88, 89, 92-7, 1998 Free Software Foundation, Inc.
+ 
+ This file is part of GNU CC.
+ 
+ GNU CC is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+ 
+ GNU CC is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ 
+ You should have received a copy of the GNU General Public License
+ along with GNU CC; see the file COPYING.  If not, write to
+ the Free Software Foundation, 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.  */
+ 
+ 
+ /* declaration of GUARD variable */
+ #define GUARD_m		SImode
+ #define UNITS_PER_GUARD GET_MODE_SIZE (GUARD_m)
+ 
+ 
+ #ifndef L_stack_smash_handler
+ 
+ /* insert a guard variable before a character buffer and change the order
+  of pointer variables, character buffers and pointer arguments */
+ 
+ extern void prepare_stack_protection  PARAMS ((void));
+ 
+ /* allocate a local variable in the stack area before character buffers
+    to avoid the corruption of it */
+ 
+ extern rtx assign_stack_local_for_pseudo_reg PARAMS ((enum machine_mode, HOST_WIDE_INT, int));
+ 
+ /* Update the debug information of the function argument pointed by 'old' */
+ extern void set_debuginfo_of_escaped_arg PARAMS ((rtx new, rtx old));
+ 
+ 
+ /* Nonzero means use propolice as a stack protection method */
+ extern int flag_propolice_protection;
+ 
+ #endif
*** /dev/null	Wed May  6 05:32:27 1998
--- protector.c	Wed Nov  1 14:36:13 2000
***************
*** 0 ****
--- 1,1722 ----
+ /* Top level of GNU C compiler
+    Copyright (C) 1987, 88, 89, 92-7, 1998 Free Software Foundation, Inc.
+ 
+ This file is part of GNU CC.
+ 
+ GNU CC is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2, or (at your option)
+ any later version.
+ 
+ GNU CC is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ 
+ You should have received a copy of the GNU General Public License
+ along with GNU CC; see the file COPYING.  If not, write to
+ the Free Software Foundation, 59 Temple Place - Suite 330,
+ Boston, MA 02111-1307, USA.  */
+ 
+ #include "config.h"
+ #include "system.h"
+ 
+ #include "rtl.h"
+ #include "tree.h"
+ #include "regs.h"
+ #include "flags.h"
+ #include "insn-config.h"
+ #include "insn-flags.h"
+ #include "expr.h"
+ #include "output.h"
+ #include "recog.h"
+ #include "hard-reg-set.h"
+ #include "real.h"
+ #include "except.h"
+ #include "function.h"
+ #include "toplev.h"
+ #include "conditions.h"
+ #include "insn-attr.h"
+ #include "c-tree.h"
+ #include "protector.h"
+ 
+ 
+ rtx assign_stack_local_for_pseudo_reg PARAMS ((enum machine_mode, HOST_WIDE_INT, int));
+ void set_debuginfo_of_escaped_arg PARAMS ((rtx old, rtx new));
+ void update_debuginfo_using_escaped_arg_list PARAMS ((tree parms));
+ 
+ 
+ /* Round a value to the lowest integer less than it that is a multiple of
+    the required alignment.  Avoid using division in case the value is
+    negative.  Assume the alignment is a power of two.  */
+ #define FLOOR_ROUND(VALUE,ALIGN) ((VALUE) & ~((ALIGN) - 1))
+ 
+ /* Similar, but round to the next highest integer that meets the
+    alignment.  */
+ #define CEIL_ROUND(VALUE,ALIGN)	(((VALUE) + (ALIGN) - 1) & ~((ALIGN)- 1))
+ 
+ 
+ /* Nonzero means use propolice as a stack protection method */
+ extern int flag_propolice_protection;
+ 
+ /* List of trampolines */
+ extern tree query_trampoline_list PARAMS ((void));
+ 
+ typedef struct { rtx original; rtx escaped; } arg_status;
+ 
+ /* This file contains several memory arrangement functions to protect
+    the return address and the frame pointer of the stack
+    from a stack-smashing attack. It also
+    provides the function that protects pointer variables. */
+ 
+ /* Nonzero if function being compiled can define string buffers that may be
+    damaged by the stack-smash attack */
+ static int current_function_defines_vulnerable_string;
+ static int current_function_has_variable_string;
+ 
+ static rtx guard_area, _guard;
+ static rtx function_first_insn, prologue_insert_point;
+ 
+ /*  */
+ static HOST_WIDE_INT sweep_frame_offset;
+ static arg_status* escaped_arg_list = 0;
+ static int escaped_arg_list_size = 0;
+ 
+ static int search_string_from_argsandvars PARAMS ((void));
+ static int search_string_from_local_vars PARAMS ((tree block));
+ static int search_string_def PARAMS ((tree names));
+ static int search_pointer_def PARAMS ((tree names));
+ static int search_func_pointer PARAMS ((tree type, int mark));
+ static void reset_used_flags_for_insns PARAMS ((rtx insn));
+ static void reset_used_flags_for_decls PARAMS ((tree block));
+ static void reset_used_flags_of_plus PARAMS ((rtx x));
+ static void rtl_prologue PARAMS ((rtx insn));
+ static void rtl_epilogue PARAMS ((rtx fnlastinsn));
+ static void arrange_var_order PARAMS ((tree blocks));
+ static void copy_args_for_protection PARAMS ((void));
+ static void sweep_string_variable PARAMS ((rtx sweep_var, int var_size));
+ static void sweep_string_in_decls PARAMS ((tree block, int sweep_offset, int size));
+ static void sweep_string_in_args PARAMS ((tree parms, int sweep_offset, int size));
+ static void sweep_string_use_of_insns PARAMS ((rtx insn, int sweep_offset, int size));
+ static void sweep_string_in_operand PARAMS ((rtx orig, int sweep_offset, int size));
+ static void move_arg_location PARAMS ((rtx insn, rtx orig, rtx new, int var_size));
+ static void change_arg_use_of_insns PARAMS ((rtx insn, rtx orig, rtx new, int size));
+ static void change_arg_use_in_operand PARAMS ((rtx x, rtx orig, rtx new, int size));
+ 
+ 
+ #define SUSPICIOUS_BUF_SIZE 8
+ 
+ #define DEBUGGER_AUTO_BASEPTR(X) \
+   (GET_CODE (X) == PLUS ? XEXP (X, 0) : X)
+ #define DEBUGGER_AUTO_OFFSET(X) \
+   (GET_CODE (X) == PLUS ? INTVAL (XEXP (X, 1)) : 0)
+ #define PARM_PASSED_IN_MEMORY(PARM) \
+  (GET_CODE (DECL_INCOMING_RTL (PARM)) == MEM)
+ 
+ 
+ 
+ void
+ prepare_stack_protection (void)
+ {
+   tree blocks = DECL_INITIAL (current_function_decl);
+   current_function_has_variable_string = FALSE;
+ 
+   /*
+     skip the protection if the function has no block or it is an inline function
+   */
+   if (! blocks || DECL_INLINE (current_function_decl)) return;
+ 
+   current_function_defines_vulnerable_string = search_string_from_argsandvars ();
+ 
+   if (current_function_defines_vulnerable_string)
+     {
+       HOST_WIDE_INT previous_frame_offset, offset;
+       function_first_insn = get_insns ();
+ 
+       if (query_trampoline_list ()) return;
+     
+       sweep_frame_offset = 0;
+ 	
+ #ifdef STACK_GROWS_DOWNWARD
+       /*
+ 	frame_offset: offset to end of allocated area of stack frame.
+ 	 It is defined in the function.c
+       */
+       previous_frame_offset = frame_offset;
+ 
+       /* the location must be before buffers */
+       guard_area = assign_stack_local (GUARD_m, UNITS_PER_GUARD, 0);
+       MEM_VOLATILE_P (guard_area) = 1;
+ 	
+ 	
+ #ifndef FRAME_GROWS_DOWNWARD
+       sweep_frame_offset = frame_offset;
+ #endif
+ 
+       /* For making room for guard value, scan all insns and fix the offset address
+ 	 of the variable that is based on frame pointer.
+ 	 Scan all declarations of variables and fix the offset address of the variable that
+ 	 is based on the frame pointer */
+       sweep_string_variable (guard_area, UNITS_PER_GUARD);
+ 
+ 	
+       /* the location of guard area moves to the beginning of stack frame */
+       offset = DEBUGGER_AUTO_OFFSET(XEXP (guard_area, 0));
+       XEXP (XEXP (guard_area, 0), 1) = gen_rtx_CONST_INT (VOIDmode, sweep_frame_offset);
+ 
+ 
+       /* Insert prologue rtl instructions */
+       rtl_prologue (function_first_insn);
+ 
+       if (! current_function_has_variable_string)
+ 	{
+ 	  /* Generate argument saving instruction */
+ 	  copy_args_for_protection ();
+ 
+ #ifndef FRAME_GROWS_DOWNWARD
+ 	  /* If frame grows upward, character string copied from an arg stays top of
+ 	     the guard variable. So sweep the guard variable again */
+ 	  sweep_frame_offset = frame_offset;
+ 	  sweep_string_variable (guard_area, UNITS_PER_GUARD);
+ #endif
+ 	}
+ #endif
+ 
+       if (! current_function_has_variable_string)
+ 	{
+ 	  /* Arrange the order of local variables */
+ 	  arrange_var_order (blocks);
+ 	}
+ 
+ #ifdef STACK_GROWS_DOWNWARD
+       /* Insert epilogue rtl instructions */
+       rtl_epilogue (get_last_insn ());
+ #endif
+     }
+ }
+ 
+ 
+ static int
+ search_string_from_argsandvars (void)
+ {
+   tree blocks, parms;
+   int string_p;
+ 
+   /*
+     search a string variable from local variables
+   */
+   blocks = DECL_INITIAL (current_function_decl);
+   string_p = search_string_from_local_vars (blocks);
+   if (string_p) return TRUE;
+ 
+ 
+ #ifdef FRAME_GROWS_DOWNWARD
+   /*
+     search a string variable from arguments
+   */
+   parms = DECL_ARGUMENTS (current_function_decl);
+ 
+   for (; parms; parms = TREE_CHAIN (parms))
+     if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
+       {
+ 	if (PARM_PASSED_IN_MEMORY (parms) && DECL_NAME (parms))
+ 	  {
+ 	    string_p = search_string_def (TREE_TYPE(parms));
+ 	    if (string_p) return TRUE;
+ 	  }
+       }
+ #endif
+ 
+   return FALSE;
+ }
+ 
+ 
+ static int
+ search_string_from_local_vars (block)
+      tree block;
+ {
+   tree types;
+   int found = FALSE;
+ 
+   while (block)
+     {
+       types = BLOCK_VARS(block);
+ 
+       while (types)
+ 	{
+ 	  /* skip the declaration that refers an external variable */
+ 	  if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types) &&
+ 	      (TREE_CODE (types) == VAR_DECL))
+ 	    {
+ 
+ 	      if (search_string_def (TREE_TYPE (types)))
+ 		{
+ 		  rtx home = DECL_RTL (types);
+ 
+ 		  if (GET_CODE (home) == MEM
+ 		      && (GET_CODE (XEXP (home, 0)) == MEM
+ 			  || (GET_CODE (XEXP (home, 0)) == REG
+ 			      && REGNO (XEXP (home, 0)) != HARD_FRAME_POINTER_REGNUM
+ 			      && REGNO (XEXP (home, 0)) != STACK_POINTER_REGNUM
+ #if ARG_POINTER_REGNUM != HARD_FRAME_POINTER_REGNUM
+ 			      && REGNO (XEXP (home, 0)) != ARG_POINTER_REGNUM
+ #endif
+ 			      )))
+ 		    /* If the value is indirect by memory or by a register
+ 		       that isn't the frame pointer
+ 		       then it means the object is variable-sized and address through
+ 		       that register or stack slot.  The protection has no way to hide pointer variables
+ 		       behind the array, so all we can do is staying the order of variables and arguments. */
+ 		    {
+ 		      current_function_has_variable_string = TRUE;
+ 		    }
+ 	    
+ 		  found = TRUE;
+ 		}
+ 	    }
+ 
+ 	  types = TREE_CHAIN(types);
+ 	}
+ 
+       if (search_string_from_local_vars (BLOCK_SUBBLOCKS (block)))
+ 	{
+ 	  found = TRUE;
+ 	}
+ 
+       block = BLOCK_CHAIN (block);
+     }
+     
+   return found;
+ }
+ 
+ static int
+ search_string_def (type)
+      tree type;
+ {
+   tree tem;
+     
+   /* Mark it as defined, so that if it is self-referent
+      we will not get into an infinite recursion of definitions.  */
+ 
+   switch (TREE_CODE (type))
+     {
+     case ARRAY_TYPE:
+       /* TREE_CODE( TREE_TYPE(type) ) == INTEGER_TYPE */
+       if (TREE_TYPE(type) == char_type_node)
+ 	{
+ 	  /* Check if the string is a variable string */
+ 	  if (TYPE_DOMAIN (type) == 0 ||
+ 	      TREE_CODE (TYPE_MAX_VALUE (TYPE_DOMAIN (type))) == NOP_EXPR)
+ 	    return TRUE;
+ 
+ 	  /* Check if the string size is greater than SUSPICIOUS_BUF_SIZE */
+ 	  if (TREE_INT_CST_LOW(TYPE_MAX_VALUE(TYPE_DOMAIN(type)))+1 >= SUSPICIOUS_BUF_SIZE)
+ 	    return TRUE;
+ 	}
+       return search_string_def(TREE_TYPE(type));
+ 	
+     case UNION_TYPE:
+     case QUAL_UNION_TYPE:
+     case RECORD_TYPE:
+       /* Output the name, type, position (in bits), size (in bits) of each
+ 	 field.  */
+       for (tem = TYPE_FIELDS (type); tem; tem = TREE_CHAIN (tem))
+ 	{
+ 	  /* Omit here local type decls until we know how to support them. */
+ 	  if ((TREE_CODE (tem) == TYPE_DECL)
+ 	      || (TREE_CODE (tem) == VAR_DECL && TREE_STATIC (tem)))
+ 	    continue;
+ 
+ 	  if (search_string_def(TREE_TYPE(tem))) return TRUE;
+ 	}
+       break;
+ 	
+     case POINTER_TYPE:
+     case REFERENCE_TYPE:
+       /* I'm not sure whether OFFSET_TYPE needs this treatment,
+ 	 so I'll play safe and return 1.  */
+     case OFFSET_TYPE:
+     default:
+       break;
+     }
+ 
+   return FALSE;
+ }
+ 
+ 
+ static int
+ search_pointer_def (type)
+      tree type;
+ {
+   tree tem;
+     
+   /* Mark it as defined, so that if it is self-referent
+      we will not get into an infinite recursion of definitions.  */
+ 
+   switch (TREE_CODE (type))
+     {
+     case UNION_TYPE:
+     case QUAL_UNION_TYPE:
+     case RECORD_TYPE:
+       /* Output the name, type, position (in bits), size (in bits) of each
+ 	 field.  */
+       for (tem = TYPE_FIELDS (type); tem; tem = TREE_CHAIN (tem))
+ 	{
+ 	  /* Omit here local type decls until we know how to support them. */
+ 	  if ((TREE_CODE (tem) == TYPE_DECL)
+ 	      || (TREE_CODE (tem) == VAR_DECL && TREE_STATIC (tem)))
+ 	    continue;
+ 
+ 	  if (search_pointer_def (TREE_TYPE(tem))) return TRUE;
+ 	}
+       break;
+ 
+     case ARRAY_TYPE:
+       return search_pointer_def (TREE_TYPE(type));
+ 	
+     case POINTER_TYPE:
+     case REFERENCE_TYPE:
+       /* I'm not sure whether OFFSET_TYPE needs this treatment,
+ 	 so I'll play safe and return 1.  */
+     case OFFSET_TYPE:
+       if (TYPE_READONLY (TREE_TYPE (type)))
+ 	{
+ 	  int funcp = search_func_pointer (TREE_TYPE (type), 1);
+ 	  /* Un-mark the type as having been visited already */
+ 	  search_func_pointer (TREE_TYPE (type), 0);
+ 	  return funcp;
+ 	}
+       return TRUE;
+ 	
+     default:
+       break;
+     }
+ 
+   return FALSE;
+ }
+ 
+ 
+ static int
+ search_func_pointer (type, mark)
+      tree type;
+      int mark;
+ {
+   tree tem;
+     
+   /* Mark it as defined, so that if it is self-referent
+      we will not get into an infinite recursion of definitions.  */
+ 
+   switch (TREE_CODE (type))
+     {
+     case UNION_TYPE:
+     case QUAL_UNION_TYPE:
+     case RECORD_TYPE:
+ 	if (TREE_ASM_WRITTEN (type) != mark)
+ 	  {
+ 	    /* mark the type as having been visited already */
+ 	    TREE_ASM_WRITTEN (type) = mark;
+ 
+ 	    /* Output the name, type, position (in bits), size (in bits) of
+ 	       each field.  */
+ 	    for (tem = TYPE_FIELDS (type); tem; tem = TREE_CHAIN (tem))
+ 	      {
+ 		/* Omit here local type decls until we know how to support them. */
+ 		if (TREE_CODE (tem) == FIELD_DECL
+ 		    && search_func_pointer (TREE_TYPE(tem), mark)) return TRUE;
+ 	      }
+ 	  }
+ 	break;
+ 
+     case ARRAY_TYPE:
+       return search_func_pointer (TREE_TYPE(type), mark);
+ 	
+     case POINTER_TYPE:
+     case REFERENCE_TYPE:
+       /* I'm not sure whether OFFSET_TYPE needs this treatment,
+ 	 so I'll play safe and return 1.  */
+     case OFFSET_TYPE:
+       return TREE_CODE (TREE_TYPE (type)) == FUNCTION_TYPE;
+ 	
+     default:
+       break;
+     }
+ 
+   return FALSE;
+ }
+ 
+ 
+ static void
+ reset_used_flags_for_insns (insn)
+      rtx insn;
+ {
+   register int i, j;
+   register enum rtx_code code;
+   register const char *format_ptr;
+ 
+   for (; insn; insn = NEXT_INSN (insn))
+     if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
+ 	|| GET_CODE (insn) == CALL_INSN)
+       {
+ 	code = GET_CODE (insn);
+ 	insn->used = 0;
+ 	format_ptr = GET_RTX_FORMAT (code);
+ 
+ 	for (i = 0; i < GET_RTX_LENGTH (code); i++)
+ 	  {
+ 	    switch (*format_ptr++) {
+ 	    case 'e':
+ 	      reset_used_flags_of_plus (XEXP (insn, i));
+ 	      break;
+ 			
+ 	    case 'E':
+ 	      for (j = 0; j < XVECLEN (insn, i); j++)
+ 		reset_used_flags_of_plus (XVECEXP (insn, i, j));
+ 	      break;
+ 	    }
+ 	  }
+       }
+ }
+ 
+ static void
+ reset_used_flags_for_decls (block)
+      tree block;
+ {
+   tree types;
+   rtx home;
+ 
+   while (block)
+     {
+       types = BLOCK_VARS(block);
+ 	
+       while (types)
+ 	{
+ 	  /* skip the declaration that refers an external variable and
+ 	     also skip an global variable */
+ 	  if (! DECL_EXTERNAL (types))
+ 	    {
+ 	      home = DECL_RTL (types);
+ 	      if (home == 0) goto next;
+ 
+ 	      if (GET_CODE (home) == MEM
+ 		  && GET_CODE (XEXP (home, 0)) == PLUS
+ 		  && GET_CODE (XEXP (XEXP (home, 0), 1)) == CONST_INT)
+ 		{
+ 		  XEXP (home, 0)->used = 0;
+ 		}
+ 	    }
+ 	next:
+ 	  types = TREE_CHAIN(types);
+ 	}
+ 
+       reset_used_flags_for_decls (BLOCK_SUBBLOCKS (block));
+ 
+       block = BLOCK_CHAIN (block);
+     }
+ }
+ 
+ /* Clear the USED bits only of type PLUS in X */
+ 
+ static void
+ reset_used_flags_of_plus (x)
+      rtx x;
+ {
+   register int i, j;
+   register enum rtx_code code;
+   register const char *format_ptr;
+ 
+   if (x == 0)
+     return;
+ 
+   code = GET_CODE (x);
+ 
+   /* These types may be freely shared so we needn't do any resetting
+      for them.  */
+ 
+   switch (code)
+     {
+     case REG:
+     case QUEUED:
+     case CONST_INT:
+     case CONST_DOUBLE:
+     case SYMBOL_REF:
+     case CODE_LABEL:
+     case PC:
+     case CC0:
+       return;
+ 
+     case INSN:
+     case JUMP_INSN:
+     case CALL_INSN:
+     case NOTE:
+     case LABEL_REF:
+     case BARRIER:
+       /* The chain of insns is not being copied.  */
+       return;
+       
+     case PLUS:
+       x->used = 0;
+       break;
+ 
+     case CALL_PLACEHOLDER:
+       reset_used_flags_for_insns (XEXP (x, 0));
+       reset_used_flags_for_insns (XEXP (x, 1));
+       reset_used_flags_for_insns (XEXP (x, 2));
+       break;
+ 
+     default:
+       break;
+     }
+ 
+   format_ptr = GET_RTX_FORMAT (code);
+   for (i = 0; i < GET_RTX_LENGTH (code); i++)
+     {
+       switch (*format_ptr++)
+ 	{
+ 	case 'e':
+ 	  reset_used_flags_of_plus (XEXP (x, i));
+ 	  break;
+ 
+ 	case 'E':
+ 	  for (j = 0; j < XVECLEN (x, i); j++)
+ 	    reset_used_flags_of_plus (XVECEXP (x, i, j));
+ 	  break;
+ 	}
+     }
+ }
+ 
+ 
+ static void
+ rtl_prologue (insn)
+      rtx insn;
+ {
+   for (; insn; insn = NEXT_INSN (insn))
+     if (GET_CODE (insn) == NOTE && NOTE_LINE_NUMBER (insn) == NOTE_INSN_FUNCTION_BEG)
+       {
+ 	rtx _val;
+ 
+ 	prologue_insert_point = NEXT_INSN (insn);	/* mark the next insn of FUNCTION_BEG insn */
+ 		
+ 	start_sequence ();
+ 
+ 	_guard = gen_rtx_MEM (GUARD_m, gen_rtx_SYMBOL_REF (Pmode, "__guard"));
+ 	emit_move_insn ( guard_area, _guard);
+ 
+ 	_val = gen_sequence ();
+ 	end_sequence ();
+ 
+ 	emit_insn_before (_val, prologue_insert_point);
+ 	break;
+       }
+ }
+ 
+ static void
+ rtl_epilogue (insn)
+      rtx insn;
+ {
+   /* Like STACK_BOUNDARY but in units of bytes, not bits.  */
+ #define STACK_BYTES (STACK_BOUNDARY / BITS_PER_UNIT)
+ 
+   rtx if_false_label;
+   rtx _val, handler, funcname, addr;
+   tree funcstr;
+   HOST_WIDE_INT args_size;
+   enum machine_mode arg1mode;
+   rtx return_reg = DECL_RTL (DECL_RESULT (current_function_decl));
+ 		
+   handler = gen_rtx_MEM (FUNCTION_MODE, gen_rtx (SYMBOL_REF, Pmode, "__stack_smash_handler"));
+ 
+   start_sequence ();
+ 
+   compare_from_rtx (guard_area, _guard, NE, 0, GUARD_m, 0, 0);	/* if (guard_area != _guard) */
+ 
+   if_false_label = gen_label_rtx ();				/* { */
+   emit_jump_insn ( gen_beq(if_false_label));
+ 
+   /*
+     In the function force_const_mem in varasm.c of egcs-1.1.2-30, there is a 
+     failure to assign the guard_area variable to eax register, which destroys 
+     the return value of the function.
+ 
+     The BUG preceding comment is an apropriate processes.
+     When the bug is fixed, removes the comment
+   */
+ 
+   /* generate string for the current function name */
+   funcstr = build_string (strlen(current_function_name)+1, current_function_name);
+   TREE_TYPE (funcstr) = build_array_type (char_type_node, 0);/* = char_array_type_node;*/
+   funcname = output_constant_def (funcstr);
+ 
+   addr = gen_push_operand ();
+   emit_move_insn (gen_rtx_MEM (GUARD_m, addr), guard_area);		/* push the value of guard area */
+ 
+   arg1mode = GET_MODE (XEXP (funcname, 0));
+   addr = gen_push_operand ();
+   emit_move_insn (gen_rtx_MEM (arg1mode, addr), XEXP (funcname, 0));	/* push current_function_name */
+ 
+   /* calculate the stack size of two arguments */
+   args_size = GET_MODE_SIZE (arg1mode) + GET_MODE_SIZE (GUARD_m);
+ #ifdef PUSH_ROUNDING
+   args_size = PUSH_ROUNDING (GET_MODE_SIZE (arg1mode)) + PUSH_ROUNDING (GET_MODE_SIZE (GUARD_m));
+ #endif
+ #ifdef STACK_BOUNDARY
+   args_size = (((args_size + (STACK_BYTES - 1)) / STACK_BYTES) * STACK_BYTES);
+ #endif
+ 
+   /* jump to the stack smash handler */
+   emit_call_insn (GEN_CALL (handler, GEN_INT (args_size), const0_rtx, const0_rtx));
+ 
+   /* generate RTL to return from the current function */
+ 		
+   emit_barrier ();						/* } */
+   emit_label (if_false_label);
+ 
+   /* generate RTL to return from the current function */
+   if (return_reg)
+     use_return_register ();
+ 
+   _val = gen_sequence ();
+   end_sequence ();
+ 
+   emit_insn_after (_val, insn);
+ }
+ 
+ 
+ static void
+ arrange_var_order (block)
+      tree block;
+ {
+   tree types;
+   int offset;
+     
+   while (block)
+     {
+       types = BLOCK_VARS (block);
+ 
+       while (types)
+ 	{
+ 	  /* skip the declaration that refers an external variable */
+ 	  if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types)
+ 	      && (TREE_CODE (types) == VAR_DECL))
+ 	    {
+ 	      if (search_string_def (TREE_TYPE (types)))
+ 		{
+ 		  /* found a string variable */
+ 		  int var_size =
+ 		    ((TREE_INT_CST_LOW (DECL_SIZE (types)) + BITS_PER_UNIT - 1)
+ 		     / BITS_PER_UNIT);
+ 
+ 		  if (GET_MODE (DECL_RTL (types)) == BLKmode)
+ 		    {
+ 		      int alignment = BIGGEST_ALIGNMENT / BITS_PER_UNIT;
+ 		      var_size = CEIL_ROUND (var_size, alignment);
+ 		    }
+ 
+ 		  /* skip the variable if it is top of the region
+ 		     specified by sweep_frame_offset */
+ 		  offset = DEBUGGER_AUTO_OFFSET (XEXP (DECL_RTL (types), 0));
+ 		  if (offset >= sweep_frame_offset - var_size)
+ 		    sweep_frame_offset -= var_size;
+ 
+ 		  else
+ 		    sweep_string_variable (DECL_RTL (types), var_size);
+ 		}
+ 	    }
+ 
+ 	  types = TREE_CHAIN(types);
+ 	}
+ 
+       arrange_var_order (BLOCK_SUBBLOCKS (block));
+ 
+       block = BLOCK_CHAIN (block);
+     }
+ }
+ 
+ 
+ static void
+ copy_args_for_protection (void)
+ {
+   tree parms = DECL_ARGUMENTS (current_function_decl);
+   rtx temp_rtx;
+   int idx;
+ 
+   escaped_arg_list_size = 0;
+ 
+   /* count the number of argument passed in memory */
+   for (; parms; parms = TREE_CHAIN (parms))
+     if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
+       {
+ 	if (PARM_PASSED_IN_MEMORY (parms))
+ 	  escaped_arg_list_size ++;
+       }
+ 
+   if (escaped_arg_list) free (escaped_arg_list);
+   escaped_arg_list = xmalloc (sizeof (arg_status) * escaped_arg_list_size);
+   
+   parms = DECL_ARGUMENTS (current_function_decl);
+   for (idx = 0; parms; parms = TREE_CHAIN (parms), idx++)
+     if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
+       {
+ 	if (PARM_PASSED_IN_MEMORY (parms) && DECL_NAME (parms))
+ 	  {
+ 	    int string_p;
+ 
+ 	    /*
+ 	      skip arguemnt protection if the last argument is used
+ 	      for the variable argument
+ 	    */
+ 	    /*
+ 	      tree fntype;
+ 	      if (TREE_CHAIN (parms) == 0)
+ 	      {
+ 	        fntype = TREE_TYPE (current_function_decl);
+ 
+ 	        if ((TYPE_ARG_TYPES (fntype) != 0 &&
+ 	             TREE_VALUE (tree_last (TYPE_ARG_TYPES (fntype))) != void_type_node)
+ 	             || current_function_varargs)
+ 	          continue;
+ 	      }
+ 	    */
+ 
+ 	    escaped_arg_list[idx].original = 0;
+ 	    escaped_arg_list[idx].escaped = 0;
+ 		
+ 	    string_p = search_string_def (TREE_TYPE(parms));
+ 
+ 	    /* check if it is a candidate to move */
+ 	    if (string_p || search_pointer_def (TREE_TYPE (parms)))
+ 	      {
+ 		int arg_size
+ 		  = ((TREE_INT_CST_LOW (DECL_SIZE (parms)) + BITS_PER_UNIT - 1)
+ 		     / BITS_PER_UNIT);
+ 		
+ 		start_sequence ();
+ 
+ 		if (GET_CODE (DECL_RTL (parms)) == REG)
+ 		  {
+ 		    rtx movinsn;
+ 		    rtx safe = gen_reg_rtx (GET_MODE (DECL_RTL (parms)));
+ 
+ 		    /* generate codes for copying the content */
+ 		    movinsn = emit_move_insn (safe, DECL_RTL (parms));
+ 		    PATTERN (movinsn)->volatil = 1;	/* avoid register elimination in gcse.c (COPY-PROP)*/
+ 
+ 		    change_arg_use_of_insns (prologue_insert_point, DECL_RTL (parms), safe, 0);
+ 
+ 		    /* save debugger info */
+ 		    escaped_arg_list[idx].original = DECL_RTL (parms);
+ 		    escaped_arg_list[idx].escaped = safe;
+ 		  }
+ 
+ 		else if (GET_CODE (DECL_RTL (parms)) == MEM
+ 			 && GET_CODE (XEXP (DECL_RTL (parms), 0)) == ADDRESSOF)
+ 		  {
+ 		    rtx movinsn;
+ 		    rtx safe = gen_reg_rtx (GET_MODE (DECL_RTL (parms)));
+ 
+ 		    /* generate codes for copying the content */
+ 		    movinsn = emit_move_insn (safe, DECL_INCOMING_RTL (parms));
+ 		    PATTERN (movinsn)->volatil = 1;	/* avoid register elimination in gcse.c (COPY-PROP)*/
+ 
+ 		    /* change the addressof information to the newly allocated pseudo register */
+ 		    emit_move_insn (DECL_RTL (parms), safe);
+ 
+ 		    /* save debugger info */
+ 		    escaped_arg_list[idx].original = DECL_RTL (parms);
+ 		    escaped_arg_list[idx].escaped = safe;
+ 		  }
+ 			
+ 		else
+ 		  {
+ 		    /* declare temporary local variable DECL_NAME (parms) for it */
+ 		    temp_rtx
+ 		      = assign_stack_local (DECL_MODE (parms), arg_size,
+ 					    DECL_MODE (parms) == BLKmode ? -1 : 0);
+ 		    
+ 		    MEM_IN_STRUCT_P (temp_rtx) = AGGREGATE_TYPE_P (TREE_TYPE (parms));
+ 		    MEM_ALIAS_SET (temp_rtx) = get_alias_set (parms);
+ 
+ 		    /* generate codes for copying the content */
+ 		    store_expr (parms, temp_rtx, 0);
+ 
+ 		    /* change the reference for each instructions */
+ 		    move_arg_location (prologue_insert_point, DECL_RTL (parms),
+ 				       temp_rtx, arg_size);
+ 
+ 		    /* change the location of parms variable */
+ 		    DECL_RTL (parms) = temp_rtx;
+ 
+ 		    /* change debugger info */
+ 		    DECL_INCOMING_RTL (parms) = temp_rtx;
+ 		  }
+ 
+ 		emit_insn_before (gen_sequence (), prologue_insert_point);
+ 		end_sequence ();
+ 
+ #ifndef FRAME_GROWS_DOWNWARD
+ 		/* process the string argument */
+ 		if (string_p)
+ 		  {
+ 		    if (DECL_MODE (parms) == BLKmode)
+ 		      {
+ 			int alignment = BIGGEST_ALIGNMENT / BITS_PER_UNIT;
+ 			arg_size = CEIL_ROUND (arg_size, alignment);
+ 		      }
+ 			
+ 		    /* change the reference for each instructions */
+ 		    sweep_string_variable (DECL_RTL (parms), arg_size);
+ 		  }
+ #endif
+ 	      }
+ 	  }
+       }
+ }
+ 
+ 
+ /*
+   sweep a string variable to the local variable addressed by sweep_frame_offset, that is
+   a last position of string variables.
+ */
+ static void
+ sweep_string_variable (sweep_var, var_size)
+      int var_size;
+      rtx sweep_var;
+ {
+   int sweep_offset = DEBUGGER_AUTO_OFFSET(XEXP (sweep_var, 0));
+ 
+   /* scan all declarations of variables and fix the offset address of
+      the variable based on the frame pointer */
+   sweep_string_in_decls (DECL_INITIAL (current_function_decl), sweep_offset, var_size);
+ 
+   /* scan all argument variable and fix the offset address based on the frame pointer */
+   sweep_string_in_args (DECL_ARGUMENTS (current_function_decl), sweep_offset, var_size);
+ 
+   /* For making room for sweep variable, scan all insns and fix the offset address
+      of the variable that is based on frame pointer*/
+   sweep_string_use_of_insns (function_first_insn, sweep_offset, var_size);
+ 
+ 
+   /* Clear all the USED bits in operands of all insns and declarations of local vars */
+   reset_used_flags_for_decls (DECL_INITIAL (current_function_decl));
+   reset_used_flags_for_insns (function_first_insn);
+ 
+   sweep_frame_offset -= var_size;
+ }
+ 
+ 
+ 
+ /*
+   move an argument to the local variable addressed by frame_offset
+ */
+ static void
+ move_arg_location (insn, orig, new, var_size)
+      rtx  insn, orig, new;
+      int var_size;
+ {
+   /* For making room for sweep variable, scan all insns and fix the offset address
+      of the variable that is based on frame pointer*/
+   change_arg_use_of_insns (insn, orig, new, var_size);
+ 
+ 
+   /* Clear all the USED bits in operands of all insns and declarations of local vars */
+   reset_used_flags_for_insns (insn);
+ }
+ 
+ 
+ static void
+ sweep_string_in_decls (block, sweep_offset, sweep_size)
+      tree block;
+      int sweep_offset, sweep_size;
+ {
+   tree types;
+   HOST_WIDE_INT offset;
+   rtx home;
+ 
+   while (block)
+     {
+       types = BLOCK_VARS(block);
+ 	
+       while (types)
+ 	{
+ 	  /* skip the declaration that refers an external variable and
+ 	     also skip an global variable */
+ 	  if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types)) {
+ 	    
+ 	    home = DECL_RTL (types);
+ 	    if (home == 0) goto next;
+ 
+ 	    /* process for static local variable */
+ 	    if (GET_CODE (home) == MEM
+ 		&& GET_CODE (XEXP (home, 0)) == SYMBOL_REF)
+ 	      goto next;
+ 
+ 	    if (GET_CODE (home) == MEM
+ 		&& GET_CODE (XEXP (home, 0)) == REG)
+ 	      {
+ 		goto next;
+ 	      }
+ 		
+ 	    if (GET_CODE (home) == MEM
+ 		&& GET_CODE (XEXP (home, 0)) == MEM)
+ 	      {
+ 		/* process for dynamically allocated aray */
+ 		home = XEXP (home, 0);
+ 	      }
+ 		
+ 	    if (GET_CODE (home) == MEM
+ 		&& GET_CODE (XEXP (home, 0)) == PLUS
+ 		&& GET_CODE (XEXP (XEXP (home, 0), 1)) == CONST_INT)
+ 	      {
+ 		if (! XEXP (home, 0)->used)
+ 		  {
+ 		    offset = DEBUGGER_AUTO_OFFSET(XEXP (home, 0));
+ 
+ 		    /* the operand related to the sweep variable */
+ 		    if (sweep_offset <= offset
+ 			&& offset < sweep_offset + sweep_size)
+ 		      {
+ 
+ 			offset += sweep_frame_offset - sweep_size - sweep_offset;
+ 			XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 
+ 			/* mark */
+ 			XEXP (home, 0)->used = 1;
+ 		      }
+ 		    else if (sweep_offset <= offset
+ 			     && offset < sweep_frame_offset)
+ 		      {	/* the rest of variables under sweep_frame_offset,
+ 			   so shift the location */
+ 
+ 			XEXP (XEXP (home, 0), 1)
+ 			  = gen_rtx_CONST_INT (VOIDmode, offset - sweep_size);
+ 
+ 			/* mark */
+ 			XEXP (home, 0)->used = 1;
+ 		      }
+ 		  }
+ 	      }
+ 
+ 	  }
+ 	next:
+ 	  types = TREE_CHAIN(types);
+ 	}
+ 
+       sweep_string_in_decls (BLOCK_SUBBLOCKS (block), sweep_offset, sweep_size);
+       block = BLOCK_CHAIN (block);
+     }
+ }
+ 
+ 
+ static void
+ sweep_string_in_args (parms, sweep_offset, sweep_size)
+      tree parms;
+      int sweep_offset, sweep_size;
+ {
+   rtx home;
+   HOST_WIDE_INT offset;
+     
+   for (; parms; parms = TREE_CHAIN (parms))
+     if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
+       {
+ 	if (PARM_PASSED_IN_MEMORY (parms) && DECL_NAME (parms))
+ 	  {
+ 	    home = DECL_INCOMING_RTL (parms);
+ 
+ 	    if (XEXP (home, 0)->used) continue;
+ 
+ 	    offset = DEBUGGER_AUTO_OFFSET(XEXP (home, 0));
+ 
+ 	    /* the operand related to the sweep variable */
+ 	    if (DEBUGGER_AUTO_BASEPTR (XEXP (home, 0)) == virtual_stack_vars_rtx)
+ 	      {
+ 		if (sweep_offset <= offset
+ 		    && offset < sweep_offset + sweep_size)
+ 		  {
+ 		    offset += sweep_frame_offset - sweep_size - sweep_offset;
+ 		    XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 
+ 		    /* mark */
+ 		    XEXP (home, 0)->used = 1;
+ 		  }
+ 		else if (sweep_offset <= offset
+ 			 && offset < sweep_frame_offset)
+ 		  {	/* the rest of variables under sweep_frame_offset, so shift the location */
+ 		    XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset - sweep_size);
+ 
+ 		    /* mark */
+ 		    XEXP (home, 0)->used = 1;
+ 		  }
+ 	      }
+ 	  }
+       }
+ }
+ 
+ 
+ static void
+ sweep_string_use_of_insns (insn, sweep_offset, sweep_size)
+      rtx insn;
+      int sweep_offset, sweep_size;
+ {
+   for (; insn; insn = NEXT_INSN (insn))
+     if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
+ 	|| GET_CODE (insn) == CALL_INSN)
+       {
+ 	sweep_string_in_operand (PATTERN (insn), sweep_offset, sweep_size);
+       }
+ }
+ 
+ 
+ static void
+ sweep_string_in_operand (orig, sweep_offset, sweep_size)
+      rtx orig;
+      int sweep_offset, sweep_size;
+ {
+   register rtx x = orig;
+   register enum rtx_code code;
+   int offset, i, j;
+   const char *fmt;
+ 
+   if (x == 0)
+     return;
+ 
+   code = GET_CODE (x);
+ 
+   switch (code)
+     {
+     case CONST_INT:
+     case CONST_DOUBLE:
+     case CONST:
+     case SYMBOL_REF:
+     case CODE_LABEL:
+     case PC:
+     case CC0:
+     case ASM_INPUT:
+     case ADDR_VEC:
+     case ADDR_DIFF_VEC:
+     case RETURN:
+     case REG:
+     case ADDRESSOF:
+       return;
+ 	    
+     case SET:
+       break;
+ 	    
+     case PLUS:
+       /* Handle special case of frame register plus constant.  */
+       if (CONSTANT_P (XEXP (x, 1))
+ 	  && XEXP (x, 0) == virtual_stack_vars_rtx
+ 	  && ! x->used)
+ 	{
+ 	  offset = DEBUGGER_AUTO_OFFSET(x);
+ 
+ 	  /* the operand related to the sweep variable */
+ 	  if (sweep_offset <= offset
+ 	      && offset < sweep_offset + sweep_size)
+ 	    {
+ 	      offset += sweep_frame_offset - sweep_size - sweep_offset;
+ 
+ 	      XEXP (x, 0) = virtual_stack_vars_rtx;
+ 	      XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 	      x->used = 1;
+ 
+ 	      return;
+ 	    }
+ 	  else if (sweep_offset <= offset
+ 		   && offset < sweep_frame_offset)
+ 	    {	/* the rest of variables under sweep_frame_offset, so shift the location */
+ 	      XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset - sweep_size);
+ 	      x->used = 1;
+ 
+ 	      return;
+ 	    }
+ 
+ 	  /*
+ 	    process further subtree:
+ 	    Example:  (plus:SI (mem/s:SI (plus:SI (reg:SI 17) (const_int 8)))
+ 	    (const_int 5))
+ 	  */
+ 	}
+       break;
+ 
+     case CALL_PLACEHOLDER:
+       sweep_string_use_of_insns (XEXP (x, 0), sweep_offset, sweep_size);
+       sweep_string_use_of_insns (XEXP (x, 1), sweep_offset, sweep_size);
+       sweep_string_use_of_insns (XEXP (x, 2), sweep_offset, sweep_size);
+       break;
+ 
+     default:
+       break;
+     }
+ 
+   /* Scan all subexpressions.  */
+   fmt = GET_RTX_FORMAT (code);
+   for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
+     if (*fmt == 'e')
+       {
+ 	sweep_string_in_operand (XEXP (x, i), sweep_offset, sweep_size);
+       }
+     else if (*fmt == 'E')
+       for (j = 0; j < XVECLEN (x, i); j++)
+ 	sweep_string_in_operand (XVECEXP (x, i, j), sweep_offset, sweep_size);
+ }   
+ 
+ 
+ /*
+   change a argument variable to the local variable addressed by the "new" variable.
+ */
+ static void
+ change_arg_use_of_insns (insn, orig, new, size)
+      rtx insn, orig, new;
+      int size;
+ {
+   for (; insn; insn = NEXT_INSN (insn))
+     if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
+ 	|| GET_CODE (insn) == CALL_INSN)
+       {
+ 	change_arg_use_in_operand (PATTERN (insn), orig, new, size);
+       }
+ }
+ 
+ 
+ static void
+ change_arg_use_in_operand (x, orig, new, size)
+      rtx x, orig, new;
+      int size;
+ {
+   register enum rtx_code code;
+   int offset, i, j;
+   const char *fmt;
+ 
+   if (x == 0)
+     return;
+ 
+   code = GET_CODE (x);
+ 
+   switch (code)
+     {
+     case CONST_INT:
+     case CONST_DOUBLE:
+     case CONST:
+     case SYMBOL_REF:
+     case CODE_LABEL:
+     case PC:
+     case CC0:
+     case ASM_INPUT:
+     case ADDR_VEC:
+     case ADDR_DIFF_VEC:
+     case RETURN:
+     case REG:
+     case ADDRESSOF:
+       return;
+ 	    
+     case PLUS:
+       /* Handle special case of frame register plus constant.  */
+       if (GET_CODE (orig) == MEM /* skip if orig is register variable in the optimization */
+ 	  && XEXP (x, 0) == virtual_incoming_args_rtx && CONSTANT_P (XEXP (x, 1))
+ 	  && ! x->used)
+ 	{
+ 	  offset = DEBUGGER_AUTO_OFFSET(x);
+ 
+ 	  /* the operand related to the sweep variable */
+ 	  if (DEBUGGER_AUTO_OFFSET(XEXP (orig, 0)) <= offset &&
+ 	      offset < DEBUGGER_AUTO_OFFSET(XEXP (orig, 0)) + size) {
+ 
+ 	    offset += frame_offset - DEBUGGER_AUTO_OFFSET(XEXP (orig, 0));
+ 
+ 	    XEXP (x, 0) = virtual_stack_vars_rtx;
+ 	    XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 	    x->used = 1;
+ 
+ 	    return;
+ 	  }
+ 
+ 	  /*
+ 	    process further subtree:
+ 	    Example:  (plus:SI (mem/s:SI (plus:SI (reg:SI 17) (const_int 8)))
+ 	    (const_int 5))
+ 	  */
+ 	}
+       break;
+ 
+     case CALL_PLACEHOLDER:
+       change_arg_use_of_insns (XEXP (x, 0), orig, new, size);
+       change_arg_use_of_insns (XEXP (x, 1), orig, new, size);
+       change_arg_use_of_insns (XEXP (x, 2), orig, new, size);
+       break;
+ 
+     default:
+       break;
+     }
+ 
+   /* Scan all subexpressions.  */
+   fmt = GET_RTX_FORMAT (code);
+   for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
+     if (*fmt == 'e')
+       {
+ 	if (XEXP (x, i) == orig)
+ 	  {
+ 	    XEXP (x, i) = new;
+ 	    continue;
+ 	  }
+ 	change_arg_use_in_operand (XEXP (x, i), orig, new, size);
+       }
+     else if (*fmt == 'E')
+       for (j = 0; j < XVECLEN (x, i); j++)
+ 	{
+ 
+ 	  if (XVECEXP (x, i, j) == orig)
+ 	    {
+ 	      XVECEXP (x, i, j) = new;
+ 	      continue;
+ 	    }
+ 	  change_arg_use_in_operand (XVECEXP (x, i, j), orig, new, size);
+ 	}
+ }   
+ 
+ 
+ 
+ 
+ /*
+   The following codes are invoked after the instantiation of pseuso registers.
+ 
+   Reorder local variables to place a peudo register after buffers to avoid
+   the corruption of local variables that could be used to further corrupt
+   arbitrary memory locations.
+ */
+ #ifndef FRAME_GROWS_DOWNWARD
+ static void push_frame PARAMS ((int var_size));
+ static void push_frame_in_decls PARAMS ((tree block, int push_size));
+ static void push_frame_in_args PARAMS ((tree parms, int push_size));
+ static void push_frame_of_insns PARAMS ((rtx insn, int push_size));
+ static void push_frame_in_operand PARAMS ((rtx orig, int push_size));
+ static void push_frame_of_reg_equiv_memory_loc PARAMS ((int push_size));
+ static void push_frame_of_reg_equiv_constant PARAMS ((int push_size));
+ static void reset_used_flags_for_push_frame PARAMS ((void));
+ #endif
+ 
+ rtx
+ assign_stack_local_for_pseudo_reg (mode, size, align)
+      enum machine_mode mode;
+      HOST_WIDE_INT size;
+      int align;
+ {
+ #ifdef FRAME_GROWS_DOWNWARD
+   return assign_stack_local (mode, size, align);
+ #else
+   tree blocks = DECL_INITIAL (current_function_decl);
+   rtx new;
+   HOST_WIDE_INT previous_frame_offset, offset;
+ 
+   previous_frame_offset = frame_offset;
+   new = assign_stack_local (mode, size, align);
+   if (! flag_propolice_protection
+       || size == 0
+       || ! blocks
+       || DECL_INLINE (current_function_decl)
+       || ! search_string_from_argsandvars ()
+       || query_trampoline_list())
+     return new;
+ 
+   push_frame (frame_offset - previous_frame_offset);
+ 
+   /* If we have already instantiated virtual registers, return the actual
+      address relative to the frame pointer.  */
+ /*if (virtuals_instantiated) {*/
+     offset = DEBUGGER_AUTO_OFFSET(XEXP (new, 0));
+ 
+     offset -= previous_frame_offset;
+     XEXP (XEXP (new, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ /*}*/
+     
+   return new;
+ #endif
+ }
+ 
+ 
+ #ifndef FRAME_GROWS_DOWNWARD
+ /*
+   push frame infomation for instantiating pseudo register at the top of stack.
+   This is only for the "frame grows upward", it means FRAME_GROWS_DOWNWARD is 
+   not defined.
+ 
+   It is called by purge_addressof function and global_alloc (or reload)
+   function.
+ */
+ static void
+ push_frame (var_size)
+      int var_size;
+ {
+   reset_used_flags_for_push_frame();
+ 
+   /* scan all declarations of variables and fix the offset address of the variable based on the frame pointer */
+   push_frame_in_decls (DECL_INITIAL (current_function_decl), var_size);
+ 
+   /* scan all argument variable and fix the offset address based on the frame pointer */
+   push_frame_in_args (DECL_ARGUMENTS (current_function_decl), var_size);
+ 
+   /* scan all operands of all insns and fix the offset address based on the frame pointer */
+   push_frame_of_insns (get_insns (), var_size);
+ 
+   /* scan all reg_equiv_memory_loc and reg_equiv_constant*/
+   push_frame_of_reg_equiv_memory_loc (var_size);
+   push_frame_of_reg_equiv_constant (var_size);
+ 
+   reset_used_flags_for_push_frame();
+ }
+ 
+ static void
+ reset_used_flags_for_push_frame()
+ {
+   int i;
+   extern rtx *reg_equiv_memory_loc;
+   extern rtx *reg_equiv_constant;
+ 
+   /* Clear all the USED bits in operands of all insns and declarations of local vars */
+   reset_used_flags_for_decls (DECL_INITIAL (current_function_decl));
+   reset_used_flags_for_insns (get_insns ());
+ 
+ 
+   /* The following codes are processed if the push_frame is called from 
+      global_alloc (or reload) function */
+   if (reg_equiv_memory_loc == 0) return;
+ 
+   for (i=LAST_VIRTUAL_REGISTER+1; i < max_regno; i++)
+     if (reg_equiv_memory_loc[i])
+       {
+ 	rtx x = reg_equiv_memory_loc[i];
+ 
+ 	if (GET_CODE (x) == MEM
+ 	    && GET_CODE (XEXP (x, 0)) == PLUS
+ 	    && DEBUGGER_AUTO_BASEPTR (XEXP (x, 0)) == frame_pointer_rtx)
+ 	  {
+ 	    /* reset */
+ 	    XEXP (x, 0)->used = 0;
+ 	  }
+       }
+ 
+   
+   if (reg_equiv_constant == 0) return;
+ 
+   for (i=LAST_VIRTUAL_REGISTER+1; i < max_regno; i++)
+     if (reg_equiv_constant[i])
+       {
+ 	rtx x = reg_equiv_constant[i];
+ 
+ 	if (GET_CODE (x) == PLUS
+ 	    && DEBUGGER_AUTO_BASEPTR (x) == frame_pointer_rtx)
+ 	  {
+ 	    /* reset */
+ 	    x->used = 0;
+ 	  }
+       }
+ }
+ 
+ static void
+ push_frame_in_decls (block, push_size)
+      tree block;
+      int push_size;
+ {
+   tree types;
+   HOST_WIDE_INT offset;
+   rtx home;
+ 
+   while (block)
+     {
+       types = BLOCK_VARS(block);
+ 	
+       while (types)
+ 	{
+ 	  /* skip the declaration that refers an external variable and
+ 	     also skip an global variable */
+ 	  if (! DECL_EXTERNAL (types) && ! TREE_STATIC (types))
+ 	    {
+ 	    
+ 	      home = DECL_RTL (types);
+ 	      if (home == 0) goto next;
+ 
+ 	      /* process for static local variable */
+ 	      if (GET_CODE (home) == MEM
+ 		  && GET_CODE (XEXP (home, 0)) == SYMBOL_REF)
+ 		goto next;
+ 
+ 	      if (GET_CODE (home) == MEM
+ 		  && GET_CODE (XEXP (home, 0)) == REG)
+ 		{
+ 		  goto next;
+ 		}
+ 		
+ 	      if (GET_CODE (home) == MEM
+ 		  && GET_CODE (XEXP (home, 0)) == MEM)
+ 		{
+ 
+ 		  /* process for dynamically allocated aray */
+ 		  home = XEXP (home, 0);
+ 		}
+ 		
+ 	      if (GET_CODE (home) == MEM
+ 		  && GET_CODE (XEXP (home, 0)) == PLUS
+ 		  && GET_CODE (XEXP (XEXP (home, 0), 1)) == CONST_INT)
+ 		{
+ 		  if (! XEXP (home, 0)->used)
+ 		    {
+ 		      offset = DEBUGGER_AUTO_OFFSET(XEXP (home, 0));
+ 
+ 		      offset += push_size;
+ 		      XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 
+ 		      /* mark */
+ 		      XEXP (home, 0)->used = 1;
+ 		    }
+ 		}
+ 
+ 	    }
+ 	next:
+ 	  types = TREE_CHAIN(types);
+ 	}
+ 
+       push_frame_in_decls (BLOCK_SUBBLOCKS (block), push_size);
+       block = BLOCK_CHAIN (block);
+     }
+ }
+ 
+ 
+ static void
+ push_frame_in_args (parms, push_size)
+      tree parms;
+      int push_size;
+ {
+   rtx home;
+   HOST_WIDE_INT offset;
+     
+   for (; parms; parms = TREE_CHAIN (parms))
+     if (DECL_NAME (parms) && TREE_TYPE (parms) != error_mark_node)
+       {
+ 	if (PARM_PASSED_IN_MEMORY (parms) && DECL_NAME (parms))
+ 	  {
+ 	    home = DECL_INCOMING_RTL (parms);
+ 
+ 	    if (XEXP (home, 0)->used) continue;
+ 
+ 	    offset = DEBUGGER_AUTO_OFFSET(XEXP (home, 0));
+ 
+ 	    /* the operand related to the sweep variable */
+ 	    if (DEBUGGER_AUTO_BASEPTR (XEXP (home, 0)) == frame_pointer_rtx)
+ 	      {
+ 		offset += push_size;
+ 		XEXP (XEXP (home, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 
+ 		/* mark */
+ 		XEXP (home, 0)->used = 1;
+ 	      }
+ 	  }
+       }
+ }
+ 
+ 
+ static void
+ push_frame_of_insns (insn, push_size)
+      rtx insn;
+      int push_size;
+ {
+   for (; insn; insn = NEXT_INSN (insn))
+     if (GET_CODE (insn) == INSN || GET_CODE (insn) == JUMP_INSN
+ 	|| GET_CODE (insn) == CALL_INSN)
+       {
+ 	push_frame_in_operand (PATTERN (insn), push_size);
+ 
+ 	/* push frame in NOTE */
+ 	push_frame_in_operand (REG_NOTES (insn), push_size);
+ 
+ 	/* push frame in CALL EXPR_LIST */
+ 	if (GET_CODE (insn) == CALL_INSN)
+ 	  push_frame_in_operand (CALL_INSN_FUNCTION_USAGE (insn), push_size);
+       }
+ }
+ 
+ 
+ static void
+ push_frame_in_operand (orig, push_size)
+      rtx orig;
+      int push_size;
+ {
+   register rtx x = orig;
+   register enum rtx_code code;
+   int offset, i, j;
+   const char *fmt;
+ 
+   if (x == 0)
+     return;
+ 
+   code = GET_CODE (x);
+ 
+   switch (code)
+     {
+     case CONST_INT:
+     case CONST_DOUBLE:
+     case CONST:
+     case SYMBOL_REF:
+     case CODE_LABEL:
+     case PC:
+     case CC0:
+     case ASM_INPUT:
+     case ADDR_VEC:
+     case ADDR_DIFF_VEC:
+     case RETURN:
+     case REG:
+     case ADDRESSOF:
+       return;
+ 	    
+     case SET:
+       break;
+ 	    
+     case PLUS:
+       /* Handle special case of frame register plus constant.  */
+       if (CONSTANT_P (XEXP (x, 1))
+ 	  && XEXP (x, 0) == frame_pointer_rtx
+ 	  && ! x->used)
+ 	{
+ 	  offset = DEBUGGER_AUTO_OFFSET(x);
+ 
+ 	  offset += push_size;
+ 
+ 	  /* XEXP (x, 0) is frame_pointer_rtx */
+ 	  XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 	  x->used = 1;
+ 
+ 	  return;
+ 	}
+       /*
+ 	process further subtree:
+ 	Example:  (plus:SI (mem/s:SI (plus:SI (reg:SI 17) (const_int 8)))
+ 	(const_int 5))
+       */
+       break;
+ 
+     case CALL_PLACEHOLDER:
+       push_frame_of_insns (XEXP (x, 0), push_size);
+       push_frame_of_insns (XEXP (x, 1), push_size);
+       push_frame_of_insns (XEXP (x, 2), push_size);
+       break;
+ 
+     default:
+       break;
+     }
+ 
+   /* Scan all subexpressions.  */
+   fmt = GET_RTX_FORMAT (code);
+   for (i = 0; i < GET_RTX_LENGTH (code); i++, fmt++)
+     if (*fmt == 'e')
+       {
+ 	push_frame_in_operand (XEXP (x, i), push_size);
+       }
+     else if (*fmt == 'E')
+       for (j = 0; j < XVECLEN (x, i); j++)
+ 	push_frame_in_operand (XVECEXP (x, i, j), push_size);
+ }   
+ 
+ static void
+ push_frame_of_reg_equiv_memory_loc (push_size)
+      int push_size;
+ {
+   int i;
+   extern rtx *reg_equiv_memory_loc;
+ 
+   /* This function is processed if the push_frame is called from 
+      global_alloc (or reload) function */
+   if (reg_equiv_memory_loc == 0) return;
+ 
+   for (i=LAST_VIRTUAL_REGISTER+1; i < max_regno; i++)
+     if (reg_equiv_memory_loc[i])
+       {
+ 	rtx x = reg_equiv_memory_loc[i];
+ 	int offset;
+ 
+ 	if (GET_CODE (x) == MEM
+ 	    && GET_CODE (XEXP (x, 0)) == PLUS
+ 	    && XEXP (XEXP (x, 0), 0) == frame_pointer_rtx)
+ 	  {
+ 	    if (! XEXP (x, 0)->used)
+ 	      {
+ 		offset = DEBUGGER_AUTO_OFFSET(XEXP (x, 0));
+ 
+ 		offset += push_size;
+ 		XEXP (XEXP (x, 0), 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 
+ 		/* mark */
+ 		XEXP (x, 0)->used = 1;
+ 	      }
+ 	  }
+       }
+ }
+ 
+ static void
+ push_frame_of_reg_equiv_constant (push_size)
+      int push_size;
+ {
+   int i;
+   extern rtx *reg_equiv_constant;
+ 
+   /* This function is processed if the push_frame is called from 
+      global_alloc (or reload) function */
+   if (reg_equiv_constant == 0) return;
+ 
+   for (i=LAST_VIRTUAL_REGISTER+1; i < max_regno; i++)
+     if (reg_equiv_constant[i])
+       {
+ 	rtx x = reg_equiv_constant[i];
+ 	int offset;
+ 
+ 	if (GET_CODE (x) == PLUS
+ 	    && XEXP (x, 0) == frame_pointer_rtx)
+ 	  {
+ 	    if (! x->used)
+ 	      {
+ 		offset = DEBUGGER_AUTO_OFFSET(x);
+ 
+ 		offset += push_size;
+ 		XEXP (x, 1) = gen_rtx_CONST_INT (VOIDmode, offset);
+ 
+ 		/* mark */
+ 		x->used = 1;
+ 	      }
+ 	  }
+       }
+ }
+ #endif
+ 
+ 
+ void
+ set_debuginfo_of_escaped_arg (rtx new, rtx old)
+ {
+   int idx;
+ 
+   if (flag_propolice_protection)
+     for (idx = 0; idx < escaped_arg_list_size; idx++)
+       if (escaped_arg_list[idx].original == old)
+ 	{
+ 	  /* change debugger info */
+ 	  escaped_arg_list[idx].escaped = new;
+ 	}
+ }
+ 
+ 
+ void
+ update_debuginfo_using_escaped_arg_list (tree parms)
+ {
+   rtx orig = DECL_RTL (parms);
+   int idx;
+ 
+   if (flag_propolice_protection && PARM_PASSED_IN_MEMORY (parms))
+     for (idx = 0; idx < escaped_arg_list_size; idx++)
+       if (escaped_arg_list[idx].original == orig)
+ 	{
+ 	  rtx escaped = escaped_arg_list[idx].escaped;
+ 
+ 	  /* skip in the case where the escaped register was deleted */
+ 	  if (GET_CODE (escaped) == REG
+ 	      && REGNO (escaped) >= FIRST_PSEUDO_REGISTER)
+ 	    break;
+ 
+ 	  DECL_INCOMING_RTL (parms) = escaped;
+ 	  break;
+ 	}
+ }

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]