diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-08-12 22:49:30 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-08-12 22:49:30 -0400 |
commit | 5aee5450202ce0b4dc63ea988f6d945d20f2fb54 (patch) | |
tree | 15e7374d08da29c53b8a555bc562035004f87773 /2.6.32 | |
parent | Grsec/PaX: 2.9.1-3.5.1-201208091728 (diff) | |
download | hardened-patchset-5aee5450202ce0b4dc63ea988f6d945d20f2fb54.tar.gz hardened-patchset-5aee5450202ce0b4dc63ea988f6d945d20f2fb54.tar.bz2 hardened-patchset-5aee5450202ce0b4dc63ea988f6d945d20f2fb54.zip |
Grsec/PaX: 2.9.1-{2.6.32.59,3.2.27,3.5.1}-20120812090720120812
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208120916.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208062015.patch) | 1308 |
2 files changed, 1036 insertions, 274 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index 80a0bc5..81c756c 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -30,7 +30,7 @@ Patch: 1058_linux-2.6.32.59.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208062015.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.59-201208120916.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208062015.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208120916.patch index d00e268..2f59e3d 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208062015.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.59-201208120916.patch @@ -817,7 +817,7 @@ index b68faef..6dd1496 100644 select HAVE_KRETPROBES if (HAVE_KPROBES) select HAVE_FUNCTION_TRACER if (!XIP_KERNEL) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index d0daeab..1b01223 100644 +index d0daeab..638f5e8 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -971,7 +971,7 @@ index d0daeab..1b01223 100644 -"1: ldrex %0, [%2]\n" -" sub %0, %0, %3\n" +"1: ldrex %1, [%2]\n" -+" sub %0, %1, %3\n" ++" subs %0, %1, %3\n" + +#ifdef CONFIG_PAX_REFCOUNT +" bvc 3f\n" @@ -20150,15 +20150,15 @@ index 7d35d0f..03f1d52 100644 * Shouldnt happen, we returned above if in_interrupt(): */ diff --git a/arch/x86/kernel/kdebugfs.c b/arch/x86/kernel/kdebugfs.c -index e444357..437b4c5 100644 +index e444357..e21e51e 100644 --- a/arch/x86/kernel/kdebugfs.c +++ b/arch/x86/kernel/kdebugfs.c -@@ -27,6 +27,8 @@ struct setup_data_node { +@@ -26,7 +26,7 @@ struct setup_data_node { + u32 len; }; - static ssize_t setup_data_read(struct file *file, char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t setup_data_read(struct file *file, char __user *user_buf, +-static ssize_t setup_data_read(struct file *file, char __user *user_buf, ++static ssize_t __size_overflow(3) setup_data_read(struct file *file, char __user *user_buf, size_t count, loff_t *ppos) { struct setup_data_node *node = file->private_data; @@ -25434,7 +25434,7 @@ index bf9a7d5..fb06ab5 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index 1f118d4..a99a1eb 100644 +index 1f118d4..7d522b8 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -43,7 +43,7 @@ do { \ @@ -25550,7 +25550,7 @@ index 1f118d4..a99a1eb 100644 ".section .fixup,\"ax\"\n" "101: lea 0(%%eax,%0,4),%0\n" " jmp 100b\n" -@@ -334,46 +340,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -334,46 +340,153 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) } static unsigned long @@ -25660,9 +25660,7 @@ index 1f118d4..a99a1eb 100644 + return size; +} + -+static unsigned long -+__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long ++static unsigned long __size_overflow(3) __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) { int d0, d1; @@ -25724,7 +25722,7 @@ index 1f118d4..a99a1eb 100644 " movl %%eax, 56(%3)\n" " movl %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -385,9 +500,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -385,9 +498,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -25736,12 +25734,12 @@ index 1f118d4..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -434,47 +549,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -433,48 +546,48 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) + * hyoshiok@miraclelinux.com */ - static unsigned long __copy_user_zeroing_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_zeroing_intel_nocache(void *to, +-static unsigned long __copy_user_zeroing_intel_nocache(void *to, ++static unsigned long __size_overflow(3) __copy_user_zeroing_intel_nocache(void *to, const void __user *from, unsigned long size) { int d0, d1; @@ -25804,7 +25802,7 @@ index 1f118d4..a99a1eb 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -487,9 +604,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -487,9 +600,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -25816,12 +25814,12 @@ index 1f118d4..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -531,47 +648,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -530,48 +643,48 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, + return size; } - static unsigned long __copy_user_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_intel_nocache(void *to, +-static unsigned long __copy_user_intel_nocache(void *to, ++static unsigned long __size_overflow(3) __copy_user_intel_nocache(void *to, const void __user *from, unsigned long size) { int d0, d1; @@ -25884,7 +25882,7 @@ index 1f118d4..a99a1eb 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -584,9 +703,9 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -584,9 +697,9 @@ static unsigned long __copy_user_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -25896,7 +25894,7 @@ index 1f118d4..a99a1eb 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -629,32 +748,36 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -629,32 +742,36 @@ static unsigned long __copy_user_intel_nocache(void *to, */ unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size); @@ -25938,7 +25936,7 @@ index 1f118d4..a99a1eb 100644 ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ " jmp 2b\n" \ -@@ -682,14 +805,14 @@ do { \ +@@ -682,14 +799,14 @@ do { \ " negl %0\n" \ " andl $7,%0\n" \ " subl %0,%3\n" \ @@ -25956,7 +25954,7 @@ index 1f118d4..a99a1eb 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -775,9 +898,9 @@ survive: +@@ -775,9 +892,9 @@ survive: } #endif if (movsl_is_ok(to, from, n)) @@ -25968,7 +25966,7 @@ index 1f118d4..a99a1eb 100644 return n; } EXPORT_SYMBOL(__copy_to_user_ll); -@@ -797,10 +920,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, +@@ -797,10 +914,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, unsigned long n) { if (movsl_is_ok(to, from, n)) @@ -25981,7 +25979,7 @@ index 1f118d4..a99a1eb 100644 return n; } EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -827,59 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -827,59 +943,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -72306,7 +72304,7 @@ index ec88ff3..b843a82 100644 cache->c_bucket_bits = bucket_bits; #ifdef MB_CACHE_INDEXES_COUNT diff --git a/fs/namei.c b/fs/namei.c -index b0afbd4..6579ccc 100644 +index b0afbd4..e3fc8f4 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -224,6 +224,14 @@ int generic_permission(struct inode *inode, int mask, @@ -72362,7 +72360,7 @@ index b0afbd4..6579ccc 100644 dentry->d_inode->i_op->put_link(dentry, nd, cookie); } + -+ if (!error && gr_handle_symlink_owner(path, nd->path.dentry->d_inode)) ++ if (!error && !(nd->flags & LOOKUP_PARENT) && gr_handle_symlink_owner(path, nd->path.dentry->d_inode)) + error = -EACCES; + path_put(path); @@ -84526,7 +84524,7 @@ index 0000000..13e8574 +} diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c new file mode 100644 -index 0000000..35a96d1 +index 0000000..a023dcf --- /dev/null +++ b/grsecurity/grsec_link.c @@ -0,0 +1,59 @@ @@ -84543,7 +84541,7 @@ index 0000000..35a96d1 + + if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) && + /* ignore root-owned links, e.g. /proc/self */ -+ link_inode->i_uid && ++ link_inode->i_uid && target && + link_inode->i_uid != target->i_uid) { + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid); + return 1; @@ -91013,7 +91011,7 @@ index 850d057..aa58075 100644 ret = kmem_cache_alloc_node_notrace(cachep, flags, node); diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h -index 0ec00b3..39cb7fc 100644 +index 0ec00b3..22b4715 100644 --- a/include/linux/slob_def.h +++ b/include/linux/slob_def.h @@ -9,7 +9,7 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep, @@ -91025,16 +91023,17 @@ index 0ec00b3..39cb7fc 100644 static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) { -@@ -29,6 +29,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) +@@ -29,7 +29,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) return __kmalloc_node(size, flags, -1); } -+static __always_inline void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *__kmalloc(size_t size, gfp_t flags) +-static __always_inline void *__kmalloc(size_t size, gfp_t flags) ++static __always_inline __size_overflow(1) void *__kmalloc(size_t size, gfp_t flags) { return kmalloc(size, flags); + } diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index 5ad70a6..08563d8 100644 +index 5ad70a6..108e1dc 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -86,7 +86,7 @@ struct kmem_cache { @@ -91046,15 +91045,16 @@ index 5ad70a6..08563d8 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -145,6 +145,7 @@ extern struct kmem_cache kmalloc_caches[SLUB_PAGE_SHIFT]; +@@ -145,7 +145,7 @@ extern struct kmem_cache kmalloc_caches[SLUB_PAGE_SHIFT]; * Sorry that the following has to be that ugly but some versions of GCC * have trouble with constant propagation and loops. */ -+static __always_inline int kmalloc_index(size_t size) __size_overflow(1); - static __always_inline int kmalloc_index(size_t size) +-static __always_inline int kmalloc_index(size_t size) ++static __always_inline __size_overflow(1) int kmalloc_index(size_t size) { if (!size) -@@ -215,7 +216,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) + return 0; +@@ -215,7 +215,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) #endif void *kmem_cache_alloc(struct kmem_cache *, gfp_t); @@ -91063,15 +91063,16 @@ index 5ad70a6..08563d8 100644 #ifdef CONFIG_KMEMTRACE extern void *kmem_cache_alloc_notrace(struct kmem_cache *s, gfp_t gfpflags); -@@ -227,6 +228,7 @@ kmem_cache_alloc_notrace(struct kmem_cache *s, gfp_t gfpflags) +@@ -227,7 +227,7 @@ kmem_cache_alloc_notrace(struct kmem_cache *s, gfp_t gfpflags) } #endif -+static __always_inline void *kmalloc_large(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc_large(size_t size, gfp_t flags) +-static __always_inline void *kmalloc_large(size_t size, gfp_t flags) ++static __always_inline __size_overflow(1) void *kmalloc_large(size_t size, gfp_t flags) { unsigned int order = get_order(size); -@@ -263,7 +265,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) + void *ret = (void *) __get_free_pages(flags | __GFP_COMP, order); +@@ -263,7 +263,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) } #ifdef CONFIG_NUMA @@ -102671,7 +102672,7 @@ index e48b493..24a601d 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index f34ffd0..6a3753d 100644 +index f34ffd0..95dd843 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -40,8 +40,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -102815,18 +102816,16 @@ index f34ffd0..6a3753d 100644 p = &(*p)->rb_right; else BUG(); -@@ -326,6 +368,10 @@ static void purge_vmap_area_lazy(void); - static struct vmap_area *alloc_vmap_area(unsigned long size, +@@ -323,7 +365,7 @@ static void purge_vmap_area_lazy(void); + * Allocate a region of KVA of the specified size and alignment, within the + * vstart and vend. + */ +-static struct vmap_area *alloc_vmap_area(unsigned long size, ++static __size_overflow(1) struct vmap_area *alloc_vmap_area(unsigned long size, unsigned long align, unsigned long vstart, unsigned long vend, -+ int node, gfp_t gfp_mask) __size_overflow(1); -+static struct vmap_area *alloc_vmap_area(unsigned long size, -+ unsigned long align, -+ unsigned long vstart, unsigned long vend, int node, gfp_t gfp_mask) - { - struct vmap_area *va; -@@ -1245,6 +1291,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1245,6 +1287,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -102843,7 +102842,7 @@ index f34ffd0..6a3753d 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1484,6 +1540,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1484,6 +1536,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -102855,17 +102854,7 @@ index f34ffd0..6a3753d 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1584,6 +1645,9 @@ void *__vmalloc_area(struct vm_struct *area, gfp_t gfp_mask, pgprot_t prot) - */ - static void *__vmalloc_node(unsigned long size, unsigned long align, - gfp_t gfp_mask, pgprot_t prot, -+ int node, void *caller) __size_overflow(1); -+static void *__vmalloc_node(unsigned long size, unsigned long align, -+ gfp_t gfp_mask, pgprot_t prot, - int node, void *caller) - { - struct vm_struct *area; -@@ -1594,6 +1658,14 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, +@@ -1594,6 +1651,14 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) return NULL; @@ -102880,7 +102869,7 @@ index f34ffd0..6a3753d 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, VMALLOC_START, VMALLOC_END, node, gfp_mask, caller); -@@ -1698,10 +1770,9 @@ EXPORT_SYMBOL(vmalloc_node); +@@ -1698,10 +1763,9 @@ EXPORT_SYMBOL(vmalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -102892,7 +102881,7 @@ index f34ffd0..6a3753d 100644 -1, __builtin_return_address(0)); } -@@ -1998,6 +2069,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -1998,6 +2062,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -102901,7 +102890,7 @@ index f34ffd0..6a3753d 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2250,8 +2323,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, +@@ -2250,8 +2316,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets, return NULL; } @@ -111240,10 +111229,10 @@ index 0000000..b8008f7 +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..eb35e4a +index 0000000..42bbc4f --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,1851 @@ +@@ -0,0 +1,2270 @@ +_000001_hash alloc_dr 2 65495 _000001_hash NULL +_000002_hash __copy_from_user 3 10918 _000002_hash NULL +_000003_hash __copy_from_user_inatomic 3 4365 _000003_hash NULL @@ -111253,7 +111242,7 @@ index 0000000..eb35e4a +_000007_hash do_xip_mapping_read 5 60297 _000007_hash NULL +_000008_hash hugetlbfs_read 3 11268 _000008_hash NULL +_000009_hash __kmalloc 1 23231 _000009_hash NULL -+_000010_hash kmalloc 1 60432 _000010_hash NULL ++_000010_hash kmalloc 1 60432 _002402_hash NULL nohasharray +_000011_hash kmalloc_slab 1 11917 _000011_hash NULL +_000012_hash kmemdup 2 64015 _000012_hash NULL +_000013_hash __krealloc 2 14857 _000657_hash NULL nohasharray @@ -111428,7 +111417,7 @@ index 0000000..eb35e4a +_000187_hash ipc_rcu_alloc 1 21208 _000566_hash NULL nohasharray +_000188_hash ip_vs_create_timeout_table 2 64478 _000188_hash NULL +_000189_hash ipw_queue_tx_init 3 49161 _000189_hash NULL -+_000190_hash irias_new_octseq_value 2 13596 _000190_hash NULL ++_000190_hash irias_new_octseq_value 2 13596 _002230_hash NULL nohasharray +_000191_hash isdn_add_channels 3 40905 _000191_hash NULL +_000192_hash isdn_ppp_fill_rq 2 41428 _000192_hash NULL +_000193_hash isdn_read 3 50021 _000193_hash NULL @@ -111443,7 +111432,7 @@ index 0000000..eb35e4a +_000203_hash keyctl_instantiate_key 3 41855 _000203_hash NULL +_000204_hash keyctl_update_key 3 26061 _000204_hash NULL +_000205_hash kfifo_alloc 1 65242 _000205_hash NULL -+_000206_hash kmalloc_node 1 50163 _000206_hash NULL ++_000206_hash kmalloc_node 1 50163 _002227_hash NULL nohasharray +_000207_hash kmem_alloc 1 31920 _000207_hash NULL +_000208_hash kmsg_write 3 26398 _000208_hash NULL +_000209_hash kobj_map 2-3 9566 _000209_hash NULL @@ -111453,7 +111442,7 @@ index 0000000..eb35e4a +_000214_hash lane2_associate_req 4 45398 _000214_hash NULL +_000215_hash lbs_debugfs_write 3 48413 _000215_hash NULL +_000216_hash ldm_frag_add 2 5611 _000216_hash NULL -+_000217_hash libipw_alloc_txb 1 27579 _000217_hash NULL ++_000217_hash libipw_alloc_txb 1-3-2 27579 _000217_hash NULL +_000218_hash listxattr 3 12769 _000218_hash NULL +_000219_hash load_module 2 60056 _000219_hash NULL +_000220_hash load_msg 2 95 _000220_hash NULL @@ -111525,7 +111514,7 @@ index 0000000..eb35e4a +_000289_hash restore_i387_fxsave 2 17528 _000289_hash NULL +_000290_hash rndis_add_response 2 58544 _000290_hash NULL +_000291_hash rndis_set_oid 4 6547 _000291_hash NULL -+_000292_hash rngapi_reset 3 34366 _000292_hash NULL ++_000292_hash rngapi_reset 3 34366 _002129_hash NULL nohasharray +_000293_hash rpc_malloc 2 43573 _000293_hash NULL +_000294_hash rvmalloc 1 46873 _000294_hash NULL +_000295_hash rw_copy_check_uvector 3 45748 _000295_hash NULL @@ -111560,7 +111549,7 @@ index 0000000..eb35e4a +_000324_hash sl_realloc_bufs 2 64086 _000324_hash NULL +_000325_hash smb_do_alloc_request 2 43708 _000325_hash NULL +_000326_hash snd_ctl_elem_user_tlv 3 11695 _000326_hash NULL -+_000327_hash snd_emu10k1_fx8010_read 5-6 9605 _000327_hash NULL ++_000327_hash snd_emu10k1_fx8010_read 5-6 9605 _002373_hash NULL nohasharray +_000329_hash snd_midi_channel_init_set 1 30092 _000329_hash NULL +_000330_hash snd_midi_event_new 1 9893 _000465_hash NULL nohasharray +_000331_hash snd_opl4_mem_proc_read 5-6 63774 _000331_hash NULL @@ -111630,7 +111619,7 @@ index 0000000..eb35e4a +_000400_hash zd_usb_rfwrite 3 42300 _000400_hash NULL +_000401_hash zoran_write 3 22404 _000401_hash NULL +_000402_hash acpi_battery_write_alarm 3 1240 _000402_hash NULL -+_000403_hash acpi_ex_allocate_name_string 2 7685 _000403_hash NULL ++_000403_hash acpi_ex_allocate_name_string 2 7685 _002079_hash NULL nohasharray +_000404_hash acpi_fan_write_state 3 39818 _000404_hash NULL +_000405_hash acpi_os_allocate_zeroed 1 37422 _000405_hash NULL +_000406_hash acpi_processor_write_limit 3 23201 _000406_hash NULL @@ -111674,7 +111663,7 @@ index 0000000..eb35e4a +_000448_hash asd_store_update_bios 4 10165 _000448_hash NULL +_000449_hash ata_host_alloc 2 46094 _000449_hash NULL +_000450_hash ath_descdma_setup 5 22128 _000450_hash NULL -+_000451_hash ati_create_gatt_pages 1 4722 _000451_hash NULL ++_000451_hash ati_create_gatt_pages 1 4722 _002368_hash NULL nohasharray +_000452_hash au0828_init_isoc 2-3 61917 _000452_hash NULL +_000454_hash audio_write 4 54261 _001280_hash NULL nohasharray +_000455_hash audit_init_entry 1 38644 _000455_hash NULL @@ -111786,7 +111775,7 @@ index 0000000..eb35e4a +_000572_hash garmin_read_process 3 27509 _000572_hash NULL +_000573_hash garp_request_join 4 7471 _000573_hash NULL +_000574_hash get_arg 3 5694 _000574_hash NULL -+_000575_hash get_entry 4 16003 _000575_hash NULL ++_000575_hash get_entry 4 16003 _002030_hash NULL nohasharray +_000576_hash get_free_de 2 33714 _000576_hash NULL +_000577_hash get_new_cssid 2 51665 _000577_hash NULL +_000578_hash get_ucode_user 3 38202 _000578_hash NULL @@ -111865,7 +111854,7 @@ index 0000000..eb35e4a +_000657_hash lcd_write 3 14857 _000657_hash &_000013_hash +_000658_hash leaf_dealloc 3 24706 _000658_hash NULL +_000659_hash __lgread 4 31668 _000659_hash NULL -+_000660_hash linear_conf 2 23485 _000660_hash NULL ++_000660_hash linear_conf 2 23485 _002341_hash NULL nohasharray +_000661_hash LoadBitmap 2 19658 _000661_hash NULL +_000662_hash lpfc_sli4_queue_alloc 3 62646 _000662_hash NULL +_000663_hash lp_write 3 9511 _000663_hash NULL @@ -111982,7 +111971,7 @@ index 0000000..eb35e4a +_000782_hash sctp_setsockopt_rtoinfo 3 30941 _000782_hash NULL +_000783_hash sctp_tsnmap_init 2 36446 _000783_hash NULL +_000784_hash security_context_to_sid 2 19839 _000784_hash NULL -+_000785_hash security_context_to_sid_default 2 3492 _000785_hash NULL ++_000785_hash security_context_to_sid_default 2 3492 _002278_hash NULL nohasharray +_000786_hash security_context_to_sid_force 2 20724 _000786_hash NULL +_000787_hash sel_commit_bools_write 3 46077 _000787_hash NULL +_000788_hash sel_write_access 3 51704 _000788_hash NULL @@ -112045,7 +112034,7 @@ index 0000000..eb35e4a +_000848_hash spidev_message 3 5518 _000848_hash NULL +_000849_hash spidev_write 3 44510 _000849_hash NULL +_000850_hash squashfs_cache_init 2 41656 _000850_hash NULL -+_000851_hash squashfs_read_table 4 29235 _000851_hash NULL ++_000851_hash squashfs_read_table 4 29235 _002237_hash NULL nohasharray +_000852_hash srp_alloc_iu 2 44227 _000852_hash NULL +_000853_hash srp_iu_pool_alloc 2 17920 _000853_hash NULL +_000854_hash srp_ring_alloc 2 26760 _000854_hash NULL @@ -112124,7 +112113,7 @@ index 0000000..eb35e4a +_000932_hash wusb_ccm_mac 7 32199 _000932_hash NULL +_000933_hash _xfs_buf_get_pages 2 59472 _000933_hash NULL +_000934_hash xfs_da_buf_make 1 25303 _000934_hash NULL -+_000935_hash xfs_dir_cilookup_result 3 64288 _000935_hash NULL ++_000935_hash xfs_dir_cilookup_result 3 64288 _002349_hash NULL nohasharray +_000936_hash xfs_handle_to_dentry 3 12135 _000936_hash NULL +_000937_hash xfs_iext_add_indirect_multi 3 32400 _000937_hash NULL +_000938_hash xfs_iext_inline_to_direct 2 12384 _000938_hash NULL @@ -112178,11 +112167,11 @@ index 0000000..eb35e4a +_000988_hash construct_key_and_link 4 8321 _000988_hash NULL +_000989_hash copy_entries_to_user 1 52367 _000989_hash NULL +_000990_hash copy_from_buf 4 27308 _000990_hash NULL -+_000991_hash copy_oldmem_page 3 26164 _000991_hash NULL ++_000991_hash copy_oldmem_page 3-1 26164 _000991_hash NULL +_000992_hash copy_to_user_fromio 3 57432 _000992_hash NULL +_000993_hash create_rsb 3 42744 _000993_hash NULL +_000994_hash cryptd_hash_setkey 3 42781 _000994_hash NULL -+_000995_hash crypto_authenc_setkey 3 80 _000995_hash NULL ++_000995_hash crypto_authenc_setkey 3 80 _002298_hash NULL nohasharray +_000996_hash cx18_copy_buf_to_user 4 50990 _000996_hash NULL +_000997_hash cxio_init_resource_fifo 3 25429 _000997_hash NULL +_000998_hash cxio_init_resource_fifo_random 3 43814 _000998_hash NULL @@ -112207,7 +112196,7 @@ index 0000000..eb35e4a +_001017_hash drm_mode_create_tv_properties 2 23122 _001017_hash NULL +_001018_hash dv1394_read 3 21920 _001018_hash NULL +_001019_hash dvb_audio_write 3 51275 _001019_hash NULL -+_001020_hash dvb_ringbuffer_pkt_read_user 3-5 4303 _001020_hash NULL ++_001020_hash dvb_ringbuffer_pkt_read_user 3-5-2 4303 _001020_hash NULL +_001022_hash dvb_ringbuffer_read_user 3 56702 _001022_hash NULL +_001023_hash dvb_video_write 3 754 _001023_hash NULL +_001024_hash ecryptfs_filldir 3 6622 _001024_hash NULL @@ -112405,7 +112394,7 @@ index 0000000..eb35e4a +_001231_hash st_write 3 16874 _001231_hash NULL +_001232_hash subbuf_read_actor 3 2071 _001232_hash NULL +_001233_hash sys_bind 3 10799 _001233_hash NULL -+_001234_hash sys_connect 3 15291 _001234_hash NULL ++_001234_hash sys_connect 3 15291 _002287_hash NULL nohasharray +_001235_hash sysctl_ipc_registered_data 5 36266 _001235_hash NULL +_001236_hash sysctl_tcp_congestion_control 5 27564 _001236_hash NULL +_001237_hash sysctl_uts_string 5 17797 _001237_hash NULL @@ -112429,7 +112418,7 @@ index 0000000..eb35e4a +_001256_hash unix_stream_sendmsg 4 61455 _001256_hash NULL +_001257_hash usb_allocate_stream_buffers 3 8964 _001257_hash NULL +_001258_hash usbdev_read 3 45114 _001258_hash NULL -+_001259_hash usblp_read 3 57342 _001259_hash NULL ++_001259_hash usblp_read 3 57342 _002236_hash NULL nohasharray +_001260_hash usbtmc_read 3 32377 _001260_hash NULL +_001261_hash usbvideo_v4l_read 3 48274 _001261_hash NULL +_001262_hash usbvision_v4l2_read 3 34386 _001262_hash NULL @@ -112536,8 +112525,8 @@ index 0000000..eb35e4a +_001368_hash fuse_conn_limit_read 3 20084 _001368_hash NULL +_001369_hash fuse_conn_waiting_read 3 49762 _001369_hash NULL +_001370_hash generic_readlink 3 32654 _001370_hash NULL -+_001371_hash ht40allow_map_read 3 55209 _001371_hash NULL -+_001372_hash hysdn_conf_read 3 42324 _001372_hash NULL ++_001371_hash ht40allow_map_read 3 55209 _002056_hash NULL nohasharray ++_001372_hash hysdn_conf_read 3 42324 _002388_hash NULL nohasharray +_001373_hash i2400m_rx_stats_read 3 57706 _001373_hash NULL +_001374_hash i2400m_tx_stats_read 3 28527 _001374_hash NULL +_001375_hash idmouse_read 3 63374 _001375_hash NULL @@ -112627,7 +112616,7 @@ index 0000000..eb35e4a +_001459_hash mon_bin_read 3 6841 _001459_hash NULL +_001460_hash mon_stat_read 3 25238 _001460_hash NULL +_001461_hash mqueue_read_file 3 6228 _001461_hash NULL -+_001462_hash nfsd_vfs_read 6 62605 _001462_hash NULL ++_001462_hash nfsd_vfs_read 6 62605 _002206_hash NULL nohasharray +_001463_hash nfsd_vfs_write 6 54577 _001463_hash NULL +_001464_hash noack_read 3 63419 _001464_hash NULL +_001465_hash o2hb_debug_read 3 37851 _001465_hash NULL @@ -112781,7 +112770,7 @@ index 0000000..eb35e4a +_001621_hash stats_rx_handlers_drop_read 3 3284 _001621_hash NULL +_001622_hash stats_rx_handlers_drop_short_read 3 45391 _001622_hash NULL +_001623_hash stats_rx_handlers_fragments_read 3 10356 _001623_hash NULL -+_001624_hash stats_rx_handlers_queued_read 3 5922 _001624_hash NULL ++_001624_hash stats_rx_handlers_queued_read 3 5922 _002145_hash NULL nohasharray +_001625_hash stats_transmitted_fragment_count_read 3 28770 _001625_hash NULL +_001626_hash stats_transmitted_frame_count_read 3 33861 _001626_hash NULL +_001627_hash stats_tx_expand_skb_head_cloned_read 3 11107 _001627_hash NULL @@ -112849,7 +112838,7 @@ index 0000000..eb35e4a +_001689_hash xlog_get_bp 2 23229 _001689_hash NULL +_001690_hash aac_change_queue_depth 2 51753 _001690_hash NULL +_001691_hash add_sctp_bind_addr 3 12269 _001691_hash NULL -+_001692_hash agp_allocate_memory_wrap 1 16576 _001692_hash NULL ++_001692_hash agp_allocate_memory_wrap 1 16576 _002200_hash NULL nohasharray +_001693_hash arcmsr_adjust_disk_queue_depth 2 34916 _001693_hash NULL +_001694_hash atalk_recvmsg 4 22053 _001694_hash NULL +_001695_hash atomic_read_file 3 16227 _001695_hash NULL @@ -112894,7 +112883,7 @@ index 0000000..eb35e4a +_001736_hash ieee80211_if_read_force_unicast_rateidx 3 32147 _001736_hash NULL +_001737_hash ieee80211_if_read_fwded_frames 3 36520 _001737_hash NULL +_001738_hash ieee80211_if_read_fwded_mcast 3 39571 _001738_hash NULL -+_001739_hash ieee80211_if_read_fwded_unicast 3 59740 _001739_hash NULL ++_001739_hash ieee80211_if_read_fwded_unicast 3 59740 _002083_hash NULL nohasharray +_001740_hash ieee80211_if_read_max_ratectrl_rateidx 3 64369 _001740_hash NULL +_001741_hash ieee80211_if_read_min_discovery_timeout 3 13946 _001741_hash NULL +_001742_hash ieee80211_if_read_num_buffered_multicast 3 12716 _001742_hash NULL @@ -113091,16 +113080,435 @@ index 0000000..eb35e4a +_001944_hash vmemmap_alloc_block 1 43245 _001944_hash NULL +_001945_hash xpc_kmalloc_cacheline_aligned 1 42895 _001945_hash NULL +_001946_hash xpc_kzalloc_cacheline_aligned 1 65433 _001946_hash NULL -+_001947_hash create_table 2 16213 _001947_hash NULL -+_001948_hash acl_alloc 1 35979 _001948_hash NULL -+_001949_hash acl_alloc_stack_init 1 60630 _001949_hash NULL -+_001950_hash acl_alloc_num 1-2 60778 _001950_hash NULL ++_001947_hash alloc_fdtable 1 17389 _001947_hash NULL ++_001948_hash alloc_ldt 2 21972 _001948_hash NULL ++_001949_hash __alloc_skb 1 23940 _001949_hash NULL ++_001950_hash ata_scsi_change_queue_depth 2 37702 _001950_hash NULL ++_001951_hash ccid3_hc_rx_getsockopt 3 62331 _001951_hash NULL ++_001952_hash ccid3_hc_tx_getsockopt 3 16314 _001952_hash NULL ++_001953_hash cistpl_vers_1 4 15023 _001953_hash NULL ++_001954_hash cmm_read 3 57520 _001954_hash NULL ++_001955_hash cosa_read 3 25966 _001955_hash NULL ++_001956_hash csr1212_append_new_cache 2 32202 _001956_hash NULL ++_001957_hash dma_region_alloc 2 56079 _001957_hash NULL ++_001958_hash dm_table_create 3 35687 _001958_hash NULL ++_001959_hash do_write_orph_node 2 64343 _001959_hash NULL ++_001961_hash ep0_read 3 38095 _001961_hash NULL ++_001962_hash event_buffer_read 3 48772 _001962_hash NULL ++_001963_hash extract_entropy_user 3 26952 _001963_hash NULL ++_001964_hash get_fd_set 1 3866 _001964_hash NULL ++_001965_hash __get_vm_area_node 1 55305 _001965_hash NULL ++_001966_hash hpsb_alloc_packet 1 49798 _001966_hash NULL ++_001967_hash joydev_handle_JSIOCSAXMAP 3 48898 _002061_hash NULL nohasharray ++_001968_hash joydev_handle_JSIOCSBTNMAP 3 15643 _001968_hash NULL ++_001969_hash minstrel_stats_read 3 17290 _001969_hash NULL ++_001970_hash ntfs_rl_realloc 3 56831 _001970_hash NULL ++_001971_hash ntfs_rl_realloc_nofail 3 32173 _001971_hash NULL ++_001972_hash reqsk_queue_alloc 2 40272 _001972_hash NULL ++_001973_hash resize_info_buffer 2 62889 _001973_hash NULL ++_001974_hash rfkill_fop_write 3 64808 _001974_hash NULL ++_001975_hash sctp_getsockopt_active_key 2 45483 _001975_hash NULL ++_001976_hash sctp_getsockopt_adaptation_layer 2 45375 _001976_hash NULL ++_001977_hash sctp_getsockopt_associnfo 2 58169 _001977_hash NULL ++_001978_hash sctp_getsockopt_assoc_number 2 6384 _001978_hash NULL ++_001979_hash sctp_getsockopt_context 2 52490 _001979_hash NULL ++_001980_hash sctp_getsockopt_default_send_param 2 63056 _001980_hash NULL ++_001981_hash sctp_getsockopt_disable_fragments 2 12330 _001981_hash NULL ++_001982_hash sctp_getsockopt_events 2 3607 _001982_hash NULL ++_001983_hash sctp_getsockopt_fragment_interleave 2 51215 _001983_hash NULL ++_001984_hash sctp_getsockopt_initmsg 2 26042 _001984_hash NULL ++_001985_hash sctp_getsockopt_local_addrs_old 2 4220 _001985_hash NULL ++_001986_hash sctp_getsockopt_mappedv4 2 20044 _001986_hash NULL ++_001987_hash sctp_getsockopt_nodelay 2 9560 _001987_hash NULL ++_001988_hash sctp_getsockopt_partial_delivery_point 2 60952 _001988_hash NULL ++_001989_hash sctp_getsockopt_peeloff 2 59190 _001989_hash NULL ++_001990_hash sctp_getsockopt_peer_addr_info 2 6024 _001990_hash NULL ++_001991_hash sctp_getsockopt_peer_addr_params 2 53645 _001991_hash NULL ++_001992_hash sctp_getsockopt_peer_addrs_old 2 11565 _002138_hash NULL nohasharray ++_001993_hash sctp_getsockopt_primary_addr 2 24639 _001993_hash NULL ++_001994_hash sctp_getsockopt_rtoinfo 2 62027 _001994_hash NULL ++_001995_hash sctp_getsockopt_sctp_status 2 56540 _001995_hash NULL ++_001996_hash snd_mixart_BA0_read 5 45069 _001996_hash NULL ++_001997_hash snd_mixart_BA1_read 5 5082 _001997_hash NULL ++_001998_hash snd_pcm_oss_read2 3 54387 _001998_hash NULL ++_001999_hash tty_buffer_find 2 2443 _001999_hash NULL ++_002000_hash unix_bind 3 15668 _002000_hash NULL ++_002001_hash usbvideo_rvmalloc 1 17758 _002001_hash NULL ++_002002_hash usbvision_rvmalloc 1 19655 _002002_hash NULL ++_002003_hash alloc_skb 1 55439 _002003_hash NULL ++_002004_hash alloc_skb_fclone 1 3467 _002004_hash NULL ++_002005_hash core_sys_select 1 47494 _002005_hash NULL ++_002006_hash create_reply_packet 3 6789 _002006_hash NULL ++_002007_hash expand_fdtable 2 39273 _002007_hash NULL ++_002008_hash get_vm_area 1 18080 _002008_hash NULL ++_002009_hash __get_vm_area 1 61599 _002009_hash NULL ++_002010_hash get_vm_area_caller 1 10527 _002010_hash NULL ++_002011_hash __get_vm_area_caller 1 56416 _002233_hash NULL nohasharray ++_002012_hash get_vm_area_node 1 44507 _002012_hash NULL ++_002013_hash hpsb_make_readpacket 4 34181 _002013_hash NULL ++_002014_hash hpsb_make_streampacket 3 21071 _002014_hash NULL ++_002015_hash hpsb_make_writepacket 5 61656 _002015_hash NULL ++_002016_hash inet_csk_listen_start 2 38233 _002016_hash NULL ++_002017_hash __netdev_alloc_skb 2 18595 _002017_hash NULL ++_002018_hash ntfs_rl_append 2-4 6037 _002018_hash NULL ++_002020_hash ntfs_rl_insert 2-4 4931 _002020_hash NULL ++_002022_hash ntfs_rl_replace 2-4 14136 _002022_hash NULL ++_002024_hash ntfs_rl_split 2-4 52328 _002024_hash NULL ++_002026_hash random_read 3 13815 _002026_hash NULL ++_002027_hash tty_buffer_request_room 2 23228 _002027_hash NULL ++_002028_hash urandom_read 3 30462 _002028_hash NULL ++_002029_hash alloc_tx 2 32143 _002029_hash NULL ++_002030_hash alloc_vm_area 1 16003 _002030_hash &_000575_hash ++_002031_hash atm_alloc_charge 2 19517 _002100_hash NULL nohasharray ++_002032_hash ax25_output 2 22736 _002032_hash NULL ++_002033_hash bcsp_prepare_pkt 3 12961 _002033_hash NULL ++_002034_hash bt_skb_alloc 1 6404 _002034_hash NULL ++_002035_hash cxgb3_get_cpl_reply_skb 2 10620 _002035_hash NULL ++_002036_hash dccp_listen_start 2 35918 _002036_hash NULL ++_002037_hash __dev_alloc_skb 1 28681 _002037_hash NULL ++_002038_hash dn_alloc_skb 2 6631 _002038_hash NULL ++_002039_hash do_pselect 1 62061 _002039_hash NULL ++_002040_hash edge_tty_recv 4 18667 _002040_hash NULL ++_002041_hash expand_files 2 17080 _002041_hash NULL ++_002042_hash find_skb 2 20431 _002042_hash NULL ++_002043_hash gem_alloc_skb 1 59411 _002043_hash NULL ++_002044_hash get_packet 3 41914 _002044_hash NULL ++_002045_hash get_packet 3 5747 _002045_hash NULL ++_002046_hash get_packet_pg 4 28023 _002046_hash NULL ++_002047_hash get_skb 2 63008 _002047_hash NULL ++_002048_hash hidp_queue_report 3 1881 _002048_hash NULL ++_002049_hash __hidp_send_ctrl_message 4 28303 _002049_hash NULL ++_002050_hash hpsb_read 6 29049 _002050_hash NULL ++_002051_hash hpsb_write 6 49217 _002051_hash NULL ++_002052_hash i2400m_net_rx 5 27170 _002052_hash NULL ++_002053_hash igmpv3_newpack 2 35912 _002053_hash NULL ++_002054_hash inet_listen 2 14723 _002054_hash NULL ++_002055_hash __ioremap_caller 2-1 21800 _002055_hash NULL ++_002056_hash isdn_net_ciscohdlck_alloc_skb 2 55209 _002056_hash &_001371_hash ++_002057_hash isdn_ppp_ccp_xmit_reset 6 63297 _002057_hash NULL ++_002058_hash _l2_alloc_skb 1 11883 _002058_hash NULL ++_002059_hash l3_alloc_skb 1 32289 _002059_hash NULL ++_002060_hash llc_alloc_frame 4 64366 _002060_hash NULL ++_002061_hash mac_drv_rx_init 2 48898 _002061_hash &_001967_hash ++_002062_hash mI_alloc_skb 1 24770 _002062_hash NULL ++_002063_hash module_alloc 1 63630 _002063_hash NULL ++_002064_hash netdev_alloc_skb 2 62437 _002064_hash NULL ++_002065_hash new_skb 1 21148 _002065_hash NULL ++_002066_hash nfulnl_alloc_skb 2 65207 _002066_hash NULL ++_002067_hash ni65_alloc_mem 3 10664 _002067_hash NULL ++_002068_hash pep_reply 5 50582 _002068_hash NULL ++_002069_hash pn_raw_send 2 54330 _002069_hash NULL ++_002070_hash refill_pool 2 19477 _002070_hash NULL ++_002071_hash rfcomm_wmalloc 2 58090 _002071_hash NULL ++_002072_hash rtl8169_alloc_rx_skb 4-5 25392 _002072_hash NULL ++_002074_hash rx 4 57944 _002074_hash NULL ++_002075_hash sbp2util_node_write_no_wait 4 7510 _002075_hash NULL ++_002076_hash sctp_ulpevent_new 1 33377 _002076_hash NULL ++_002077_hash send_command 4 10832 _002077_hash NULL ++_002078_hash send_to_tty 3 45141 _002078_hash NULL ++_002079_hash skb_copy_expand 2-3 7685 _002079_hash &_000403_hash ++_002081_hash sk_stream_alloc_skb 2 57622 _002081_hash NULL ++_002082_hash sock_alloc_send_pskb 2 21246 _002082_hash NULL ++_002083_hash sock_rmalloc 2 59740 _002083_hash &_001739_hash ++_002084_hash sock_wmalloc 2 16472 _002084_hash NULL ++_002085_hash solos_param_store 4 34755 _002085_hash NULL ++_002086_hash sys_select 1 38827 _002086_hash NULL ++_002087_hash tcp_collapse 5-6 63294 _002087_hash NULL ++_002089_hash tipc_cfg_reply_alloc 1 27606 _002089_hash NULL ++_002090_hash ti_recv 4 22027 _002090_hash NULL ++_002091_hash tty_prepare_flip_string 3 39955 _002091_hash NULL ++_002092_hash tty_prepare_flip_string_flags 4 59240 _002092_hash NULL ++_002093_hash ulog_alloc_skb 1 23427 _002093_hash NULL ++_002094_hash vmap 2 15025 _002094_hash NULL ++_002095_hash alloc_fd 1 37637 _002095_hash NULL ++_002096_hash _alloc_mISDN_skb 3 52232 _002096_hash NULL ++_002097_hash ath_rxbuf_alloc 2 24745 _002097_hash NULL ++_002098_hash ax25_send_frame 2 19964 _002098_hash NULL ++_002099_hash console_store 4 36007 _002099_hash NULL ++_002100_hash dev_alloc_skb 1 19517 _002100_hash &_002031_hash ++_002101_hash dn_nsp_do_disc 2-6 49474 _002101_hash NULL ++_002103_hash dsp_cmx_send_member 2 15625 _002103_hash NULL ++_002104_hash enic_rq_alloc_skb 2 17220 _002104_hash NULL ++_002105_hash hci_send_cmd 3 43810 _002105_hash NULL ++_002106_hash hci_si_event 3 1404 _002106_hash NULL ++_002107_hash hfcpci_empty_bfifo 4 62323 _002107_hash NULL ++_002108_hash hidp_send_ctrl_message 4 43702 _002108_hash NULL ++_002109_hash hpsb_node_read 4 53963 _002109_hash NULL ++_002110_hash hpsb_node_write 4 52928 _002110_hash NULL ++_002111_hash inet_dccp_listen 2 28565 _002111_hash NULL ++_002112_hash ioremap_cache 2-1 47189 _002112_hash NULL ++_002113_hash ioremap_default 2-1 64667 _002113_hash NULL ++_002114_hash ioremap_nocache 2-1 2439 _002114_hash NULL ++_002115_hash ioremap_prot 2-1 51764 _002115_hash NULL ++_002116_hash ioremap_wc 2-1 62695 _002116_hash NULL ++_002117_hash ip6_append_data 4-5 60501 _002117_hash NULL ++_002118_hash ip_append_data 4-5 41234 _002118_hash NULL ++_002119_hash l1oip_socket_recv 6 56537 _002119_hash NULL ++_002120_hash l2cap_build_cmd 4 48676 _002120_hash NULL ++_002121_hash l2down_create 4 21755 _002121_hash NULL ++_002122_hash l2up_create 3 6430 _002122_hash NULL ++_002125_hash lro_gen_skb 6 2644 _002125_hash NULL ++_002126_hash module_alloc_update_bounds 1 47205 _002126_hash NULL ++_002127_hash netpoll_send_udp 3 58955 _002127_hash NULL ++_002128_hash nfqnl_mangle 2 14583 _002128_hash NULL ++_002129_hash p54_alloc_skb 3 34366 _002129_hash &_000292_hash ++_002130_hash process_rcvd_data 3 6679 _002130_hash NULL ++_002131_hash receive_copy 3 12216 _002131_hash NULL ++_002132_hash rfcomm_tty_write 3 51603 _002132_hash NULL ++_002133_hash rtl8169_try_rx_copy 3 55465 _002133_hash NULL ++_002134_hash send_mpa_reject 3 7135 _002134_hash NULL ++_002135_hash send_mpa_reply 3 32372 _002135_hash NULL ++_002136_hash sge_rx 3 50594 _002136_hash NULL ++_002137_hash sis190_try_rx_copy 3 57069 _002137_hash NULL ++_002138_hash skb_cow_data 2 11565 _002138_hash &_001992_hash ++_002139_hash skge_rx_get 3 40598 _002139_hash NULL ++_002140_hash sock_alloc_send_skb 2 23720 _002140_hash NULL ++_002141_hash sys_dup3 2 33421 _002141_hash NULL ++_002142_hash sys_pselect6 1 57449 _002142_hash NULL ++_002143_hash tcp_fragment 3 20436 _002143_hash NULL ++_002144_hash teiup_create 3 43201 _002144_hash NULL ++_002145_hash ttm_bo_kmap_ttm 3 5922 _002145_hash &_001624_hash ++_002146_hash tun_alloc_skb 2-4-3 41216 _002146_hash NULL ++_002148_hash use_pool 2 64607 _002148_hash NULL ++_002149_hash velocity_rx_copy 2 34583 _002149_hash NULL ++_002150_hash vxge_rx_alloc 3 52024 _002150_hash NULL ++_002151_hash add_rx_skb 3 8257 _002151_hash NULL ++_002152_hash ar9170_rx_copy_data 2 35787 _002152_hash NULL ++_002153_hash arlan_rx_interrupt 4 10184 _002153_hash NULL ++_002154_hash br_send_bpdu 3 29669 _002154_hash NULL ++_002155_hash bt_skb_send_alloc 2 6581 _002155_hash NULL ++_002156_hash cosa_net_setup_rx 2 38594 _002156_hash NULL ++_002157_hash deliver_packet 3 767 _002157_hash NULL ++_002158_hash devm_ioremap_nocache 3-2 2036 _002158_hash NULL ++_002159_hash dn_alloc_send_pskb 2 4465 _002159_hash NULL ++_002160_hash dn_nsp_return_disc 2 60296 _002160_hash NULL ++_002161_hash dn_nsp_send_disc 2 23469 _002161_hash NULL ++_002162_hash do_fcntl 3 31468 _002162_hash NULL ++_002163_hash dsp_tone_hw_message 3 17678 _002163_hash NULL ++_002164_hash dvb_net_sec 3 37884 _002164_hash NULL ++_002165_hash ether1394_data_handler 5 2481 _002165_hash NULL ++_002166_hash fast_rx_path 3 59214 _002166_hash NULL ++_002167_hash __fc_frame_alloc 1 23432 _002167_hash NULL ++_002168_hash fwnet_incoming_packet 3 40380 _002168_hash NULL ++_002169_hash fwnet_pd_new 4 39947 _002169_hash NULL ++_002170_hash got_frame 2 16028 _002170_hash NULL ++_002171_hash hdlcdev_rx 3 997 _002171_hash NULL ++_002172_hash HDLC_Encode 2-3 7186 _002172_hash NULL ++_002174_hash hfc_empty_fifo 2 57972 _002174_hash NULL ++_002175_hash hfcpci_empty_fifo 4 2427 _002175_hash NULL ++_002176_hash hysdn_rx_netpkt 3 16136 _002176_hash NULL ++_002177_hash ieee80211_fragment 4 33112 _002177_hash NULL ++_002178_hash ieee80211_send_auth 5 60865 _002178_hash NULL ++_002179_hash ieee80211_send_probe_req 6 49265 _002179_hash NULL ++_002180_hash ioremap 2-1 23172 _002180_hash NULL ++_002181_hash ip6_ufo_append_data 5-7-6 40301 _002181_hash NULL ++_002184_hash ip_send_reply 4 46635 _002184_hash NULL ++_002185_hash ip_ufo_append_data 5-7-6 27187 _002185_hash NULL ++_002188_hash ipw_packet_received_skb 2 1230 _002188_hash NULL ++_002189_hash iraw_encode 2-3 18099 _002189_hash NULL ++_002191_hash iwch_reject_cr 3 23901 _002191_hash NULL ++_002192_hash iwm_rx_packet_alloc 3 9898 _002192_hash NULL ++_002193_hash l1oip_socket_parse 4 4507 _002193_hash NULL ++_002194_hash l2cap_send_cmd 4 3678 _002194_hash NULL ++_002196_hash mcs_unwrap_fir 3 25733 _002196_hash NULL ++_002197_hash mcs_unwrap_mir 3 9455 _002197_hash NULL ++_002198_hash mga_ioremap 2-1 8571 _002198_hash NULL ++_002199_hash mld_newpack 2 50950 _002199_hash NULL ++_002200_hash new_partial_datagram 4 16576 _002200_hash &_001692_hash ++_002201_hash node_read 4 45634 _002201_hash NULL ++_002202_hash node_write 4 29878 _002202_hash NULL ++_002203_hash p54_download_eeprom 4 43842 _002203_hash NULL ++_002204_hash pci_iomap 3 47575 _002204_hash NULL ++_002205_hash ppp_tx_cp 5 62044 _002205_hash NULL ++_002206_hash prism2_send_mgmt 4 62605 _002206_hash &_001462_hash ++_002207_hash prism2_sta_send_mgmt 5 43916 _002207_hash NULL ++_002208_hash _queue_data 4 54983 _002208_hash NULL ++_002209_hash read_fifo 3 826 _002209_hash NULL ++_002210_hash rx_data 4 60442 _002210_hash NULL ++_002211_hash sbp2util_notify_fetch_agent 4 40494 _002211_hash NULL ++_002212_hash set_rxd_buffer_pointer 8 9950 _002212_hash NULL ++_002213_hash sky2_receive 2 13407 _002213_hash NULL ++_002214_hash smctr_process_rx_packet 2 13270 _002214_hash NULL ++_002215_hash sys_dup2 2 25284 _002215_hash NULL ++_002216_hash tcp_mark_head_lost 2 50087 _002216_hash NULL ++_002217_hash tcp_match_skb_to_sack 3-4 23568 _002217_hash NULL ++_002219_hash tso_fragment 3 12539 _002219_hash NULL ++_002220_hash ttm_bo_ioremap 4-3-2 40854 _002220_hash NULL ++_002221_hash ttm_bo_kmap 3 60118 _002221_hash NULL ++_002222_hash udp_sendmsg 4 4492 _002222_hash NULL ++_002223_hash udpv6_sendmsg 4 22316 _002223_hash NULL ++_002224_hash wl1271_rx_handle_data 2 47827 _002224_hash NULL ++_002225_hash wv_packet_read 3 39140 _002225_hash NULL ++_002226_hash zd_mac_rx 3 38296 _002226_hash NULL ++_002227_hash aac_nark_ioremap 2 50163 _002227_hash &_000206_hash ++_002228_hash aac_rkt_ioremap 2 3333 _002228_hash NULL ++_002229_hash aac_rx_ioremap 2 52410 _002229_hash NULL ++_002230_hash aac_sa_ioremap 2 13596 _002230_hash &_000190_hash ++_002231_hash acpi_os_map_memory 2-1 11161 _002231_hash NULL ++_002232_hash acpi_os_read_memory 3-1 54186 _002232_hash NULL ++_002233_hash acpi_os_write_memory 3-1 56416 _002233_hash &_002011_hash ++_002234_hash ar9170_handle_mpdu 3 37956 _002234_hash NULL ++_002235_hash check586 2 29914 _002235_hash NULL ++_002236_hash check_mirror 2-1 57342 _002236_hash &_001259_hash ++_002237_hash devm_ioremap 3-2 29235 _002237_hash &_000851_hash ++_002238_hash dma_declare_coherent_memory 4-2 14244 _002238_hash NULL ++_002239_hash dvb_net_sec_callback 2 28786 _002239_hash NULL ++_002240_hash ether1394_write 6 6180 _002240_hash NULL ++_002241_hash _fc_frame_alloc 2 28865 _002241_hash NULL ++_002242_hash fc_frame_alloc_fill 2 59394 _002242_hash NULL ++_002243_hash fwnet_receive_packet 10 46054 _002243_hash NULL ++_002244_hash handle_rx_packet 3 58993 _002244_hash NULL ++_002245_hash hysdn_sched_rx 3 60533 _002245_hash NULL ++_002250_hash ipwireless_network_packet_received 4 51277 _002250_hash NULL ++_002251_hash isp1760_register 2-1 14408 _002251_hash NULL ++_002252_hash iwm_ntf_rx_packet 3 60452 _002252_hash NULL ++_002253_hash mthca_map_reg 3-2 5664 _002253_hash NULL ++_002254_hash pcim_iomap 3 58334 _002254_hash NULL ++_002255_hash ppp_cp_event 6 2965 _002255_hash NULL ++_002256_hash register_device 3-2 60015 _002256_hash NULL ++_002257_hash remap_pci_mem 1-2 15966 _002257_hash NULL ++_002259_hash sfi_map_memory 2-1 5183 _002259_hash NULL ++_002260_hash sriov_enable_migration 2 14889 _002260_hash NULL ++_002261_hash sys_fcntl 3 19267 _002261_hash NULL ++_002262_hash sys_fcntl64 3 29031 _002262_hash NULL ++_002263_hash tcp_sacktag_walk 5-6 26339 _002263_hash NULL ++_002265_hash tcp_update_scoreboard 2 21639 _002265_hash NULL ++_002266_hash tcp_write_xmit 2 39755 _002266_hash NULL ++_002267_hash tpm_tis_init 3-2 15304 _002267_hash NULL ++_002268_hash acpi_ex_system_memory_space_handler 2 31192 _002268_hash NULL ++_002269_hash dmam_declare_coherent_memory 4-2 43679 _002269_hash NULL ++_002270_hash fc_frame_alloc 2 1596 _002270_hash NULL ++_002271_hash sriov_enable 2 59689 _002271_hash NULL ++_002272_hash tcp_push_one 2 48816 _002272_hash NULL ++_002273_hash __tcp_push_pending_frames 2 48148 _002273_hash NULL ++_002274_hash pci_enable_sriov 2 35745 _002274_hash NULL ++_002275_hash tcp_push 3 10680 _002275_hash NULL ++_002276_hash msix_map_region 3 3411 _002276_hash NULL ++_002277_hash compat_sys_fcntl64 3 60256 _002277_hash NULL ++_002278_hash efi_ioremap 2-1 3492 _002278_hash &_000785_hash ++_002279_hash snd_nm256_capture_copy 5 28622 _002279_hash NULL ++_002280_hash snd_nm256_playback_copy 5 38567 _002280_hash NULL ++_002281_hash compat_sys_fcntl 3 15654 _002281_hash NULL ++_002287_hash xlate_dev_mem_ptr 1 15291 _002287_hash &_001234_hash ++_002288_hash a4t_cs_init 3 27734 _002288_hash NULL ++_002292_hash atyfb_setup_generic 3 49151 _002292_hash NULL ++_002293_hash c101_run 2 37279 _002293_hash NULL ++_002295_hash cru_detect 1 11272 _002295_hash NULL ++_002296_hash cs553x_init_one 3 58886 _002296_hash NULL ++_002297_hash cycx_setup 4 47562 _002297_hash NULL ++_002298_hash DepcaSignature 2 80 _002298_hash &_000995_hash ++_002301_hash doc_probe 1 23285 _002301_hash NULL ++_002302_hash DoC_Probe 1 57534 _002302_hash NULL ++_002303_hash gdth_init_isa 1 28091 _002303_hash NULL ++_002304_hash gdth_search_isa 1 58595 _002304_hash NULL ++_002307_hash n2_run 3 53459 _002307_hash NULL ++_002308_hash probe_bios 1 17467 _002308_hash NULL ++_002311_hash ssb_bus_scan 2 36578 _002311_hash NULL ++_002312_hash ssb_ioremap 2 5228 _002312_hash NULL ++_002313_hash acpi_tb_check_xsdt 1 21862 _002313_hash NULL ++_002314_hash acpi_tb_install_table 1 12988 _002314_hash NULL ++_002315_hash acpi_tb_parse_root_table 1 53455 _002315_hash NULL ++_002316_hash com90xx_found 3 13974 _002316_hash NULL ++_002318_hash gdth_isa_probe_one 1 48925 _002318_hash NULL ++_002319_hash sfi_map_table 1 5462 _002319_hash NULL ++_002320_hash ssb_bus_register 3 65183 _002320_hash NULL ++_002321_hash sfi_check_table 1 6772 _002321_hash NULL ++_002322_hash ssb_bus_pcmciabus_register 3 56020 _002322_hash NULL ++_002323_hash ssb_bus_ssbbus_register 2 2217 _002323_hash NULL ++_002326_hash iommu_map_mmio_space 1 30919 _002326_hash NULL ++_002327_hash allocate_probes 1 40204 _002327_hash NULL ++_002328_hash b1_alloc_card 1 36155 _002328_hash NULL ++_002329_hash blk_dropped_read 3 4168 _002329_hash NULL ++_002330_hash blk_msg_write 3 13655 _002330_hash NULL ++_002331_hash capinc_tty_write 3 28539 _002331_hash NULL ++_002332_hash capi_write 3 35104 _002332_hash NULL ++_002333_hash cmtp_add_msgpart 4 9252 _002333_hash NULL ++_002334_hash cmtp_send_interopmsg 7 376 _002334_hash NULL ++_002335_hash dccpprobe_read 3 52549 _002335_hash NULL ++_002336_hash __devres_alloc 2 25598 _002336_hash NULL ++_002337_hash diva_os_alloc_message_buffer 1 64568 _002337_hash NULL ++_002338_hash diva_os_copy_from_user 4 7792 _002338_hash NULL ++_002339_hash diva_os_copy_to_user 4 48508 _002339_hash NULL ++_002340_hash diva_os_malloc 2 16406 _002340_hash NULL ++_002341_hash divasa_remap_pci_bar 3-4 23485 _002341_hash &_000660_hash ++_002343_hash do_test 1 15766 _002343_hash NULL ++_002344_hash event_enable_read 3 7074 _002344_hash NULL ++_002345_hash event_enable_write 3 45238 _002345_hash NULL ++_002346_hash event_filter_read 3 23494 _002346_hash NULL ++_002347_hash event_filter_write 3 56609 _002347_hash NULL ++_002348_hash event_format_read 3 54674 _002348_hash NULL ++_002349_hash event_id_read 3 64288 _002349_hash &_000935_hash ++_002350_hash ftrace_pid_read 3 14970 _002350_hash NULL ++_002351_hash ftrace_pid_write 3 39710 _002351_hash NULL ++_002352_hash ftrace_profile_read 3 21327 _002352_hash NULL ++_002353_hash ftrace_profile_write 3 53327 _002353_hash NULL ++_002354_hash hycapi_rx_capipkt 3 11602 _002354_hash NULL ++_002355_hash io_mapping_create_wc 1-2 1354 _002355_hash NULL ++_002357_hash kgdb_hex2mem 3 24755 _002357_hash NULL ++_002358_hash kgdb_mem2hex 3 1578 _002358_hash NULL ++_002359_hash __module_alloc 1 50004 _002359_hash NULL ++_002360_hash module_alloc_update_bounds_rw 1 63233 _002360_hash NULL ++_002361_hash module_alloc_update_bounds_rx 1 58634 _002361_hash NULL ++_002362_hash p9_client_read 5 19750 _002362_hash NULL ++_002363_hash pmcraid_copy_sglist 3 38431 _002363_hash NULL ++_002364_hash proc_fault_inject_read 3 36802 _002364_hash NULL ++_002365_hash proc_fault_inject_write 3 21058 _002365_hash NULL ++_002366_hash rb_simple_read 3 45972 _002366_hash NULL ++_002367_hash rb_simple_write 3 20890 _002367_hash NULL ++_002368_hash show_header 3 4722 _002368_hash &_000451_hash ++_002369_hash stack_max_size_read 3 1445 _002369_hash NULL ++_002370_hash stack_max_size_write 3 36068 _002370_hash NULL ++_002371_hash subsystem_filter_read 3 62310 _002371_hash NULL ++_002372_hash subsystem_filter_write 3 13022 _002372_hash NULL ++_002373_hash sysprof_sample_read 3 9605 _002373_hash &_000327_hash ++_002374_hash sysprof_sample_write 3 62489 _002374_hash NULL ++_002375_hash system_enable_read 3 25815 _002375_hash NULL ++_002376_hash system_enable_write 3 61396 _002376_hash NULL ++_002377_hash trace_options_core_read 3 47390 _002377_hash NULL ++_002378_hash trace_options_core_write 3 61551 _002378_hash NULL ++_002379_hash trace_options_read 3 11419 _002379_hash NULL ++_002380_hash trace_options_write 3 48275 _002380_hash NULL ++_002381_hash trace_parser_get_init 2 31379 _002381_hash NULL ++_002382_hash trace_seq_to_user 3 65398 _002382_hash NULL ++_002383_hash tracing_buffers_read 3 11124 _002383_hash NULL ++_002384_hash tracing_clock_read 3 39975 _002384_hash NULL ++_002385_hash tracing_clock_write 3 27961 _002385_hash NULL ++_002386_hash tracing_cpumask_read 3 7010 _002386_hash NULL ++_002387_hash tracing_ctrl_read 3 46922 _002387_hash NULL ++_002388_hash tracing_ctrl_write 3 42324 _002388_hash &_001372_hash ++_002389_hash tracing_entries_read 3 8345 _002389_hash NULL ++_002390_hash tracing_entries_write 3 60563 _002390_hash NULL ++_002391_hash tracing_mark_write 3 62143 _002391_hash NULL ++_002392_hash tracing_max_lat_read 3 8890 _002392_hash NULL ++_002393_hash tracing_max_lat_write 3 8728 _002393_hash NULL ++_002394_hash tracing_read_dyn_info 3 45468 _002394_hash NULL ++_002395_hash tracing_readme_read 3 16493 _002395_hash NULL ++_002396_hash tracing_saved_cmdlines_read 3 21434 _002396_hash NULL ++_002397_hash tracing_set_trace_read 3 44122 _002397_hash NULL ++_002398_hash tracing_set_trace_write 3 57096 _002398_hash NULL ++_002399_hash tracing_stats_read 3 34537 _002399_hash NULL ++_002400_hash tracing_trace_options_read 3 51405 _002400_hash NULL ++_002401_hash tracing_trace_options_write 3 153 _002401_hash NULL ++_002402_hash tstats_write 3 60432 _002402_hash &_000010_hash ++_002403_hash um_idi_write 3 18293 _002403_hash NULL ++_002404_hash __vmalloc_node 1 39308 _002404_hash NULL ++_002405_hash xdi_copy_from_user 4 8395 _002405_hash NULL ++_002406_hash xdi_copy_to_user 4 48900 _002406_hash NULL ++_002407_hash c4_add_card 3 54968 _002407_hash NULL ++_002408_hash mmio_read 4 40348 _002408_hash NULL ++_002409_hash tracing_read_pipe 3 35312 _002409_hash NULL ++_002410_hash v9fs_file_read 3 40858 _002410_hash NULL ++_002411_hash v9fs_file_readn 4 36353 _002411_hash NULL ++_002412_hash create_table 2 16213 _002412_hash NULL ++_002413_hash acl_alloc 1 35979 _002413_hash NULL ++_002414_hash acl_alloc_stack_init 1 60630 _002414_hash NULL ++_002415_hash acl_alloc_num 1-2 60778 _002415_hash NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..cc96254 +index 0000000..5af42b5 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1204 @@ +@@ -0,0 +1,1558 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -113151,6 +113559,8 @@ index 0000000..cc96254 +#define CREATE_NEW_VAR NULL_TREE +#define CODES_LIMIT 32 +#define MAX_PARAM 10 ++#define MY_STMT GF_PLF_1 ++#define NO_CAST_CHECK GF_PLF_2 + +#if BUILDING_GCC_VERSION == 4005 +#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE))) @@ -113160,20 +113570,30 @@ index 0000000..cc96254 +void debug_gimple_stmt(gimple gs); + +static tree expand(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var); -+static tree signed_size_overflow_type; -+static tree unsigned_size_overflow_type; +static tree report_size_overflow_decl; +static tree const_char_ptr_type_node; +static unsigned int handle_function(void); ++static void check_size_overflow(gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool *potentionally_overflowed, bool before); ++static tree get_size_overflow_type(gimple stmt, tree node); + +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120618beta", ++ .version = "20120811beta", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + +static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs) +{ -+ unsigned int arg_count = type_num_arguments(*node); ++ unsigned int arg_count; ++ ++ if (TREE_CODE(*node) == FUNCTION_DECL) ++ arg_count = type_num_arguments(TREE_TYPE(*node)); ++ else if (TREE_CODE(*node) == FUNCTION_TYPE || TREE_CODE(*node) == METHOD_TYPE) ++ arg_count = type_num_arguments(*node); ++ else { ++ *no_add_attrs = true; ++ error("%qE attribute only applies to functions", name); ++ return NULL_TREE; ++ } + + for (; args; args = TREE_CHAIN(args)) { + tree position = TREE_VALUE(args); @@ -113185,13 +113605,13 @@ index 0000000..cc96254 + return NULL_TREE; +} + -+static struct attribute_spec no_size_overflow_attr = { ++static struct attribute_spec size_overflow_attr = { + .name = "size_overflow", + .min_length = 1, + .max_length = -1, -+ .decl_required = false, -+ .type_required = true, -+ .function_type_required = true, ++ .decl_required = true, ++ .type_required = false, ++ .function_type_required = false, + .handler = handle_size_overflow_attribute, +#if BUILDING_GCC_VERSION >= 4007 + .affects_type_identity = false @@ -113200,7 +113620,7 @@ index 0000000..cc96254 + +static void register_attributes(void __unused *event_data, void __unused *data) +{ -+ register_attribute(&no_size_overflow_attr); ++ register_attribute(&size_overflow_attr); +} + +// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html @@ -113251,6 +113671,7 @@ index 0000000..cc96254 + +static inline gimple get_def_stmt(tree node) +{ ++ gcc_assert(node != NULL_TREE); + gcc_assert(TREE_CODE(node) == SSA_NAME); + return SSA_NAME_DEF_STMT(node); +} @@ -113413,11 +113834,11 @@ index 0000000..cc96254 + gcc_assert(TREE_CODE(arg) != COMPONENT_REF); + + type = TREE_TYPE(arg); -+ // skip function pointers -+ if (TREE_CODE(type) == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == FUNCTION_TYPE) ++ ++ if (TREE_CODE(type) == POINTER_TYPE) + return; + -+ if (lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(func)))) ++ if (lookup_attribute("size_overflow", DECL_ATTRIBUTES(func))) + return; + + argnum = find_arg_number(arg, func); @@ -113438,6 +113859,22 @@ index 0000000..cc96254 + return new_var; +} + ++static gimple create_binary_assign(enum tree_code code, gimple stmt, tree rhs1, tree rhs2) ++{ ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree type = TREE_TYPE(rhs1); ++ tree lhs = create_new_var(type); ++ ++ assign = gimple_build_assign_with_ops(code, lhs, rhs1, rhs2); ++ gimple_set_lhs(assign, make_ssa_name(lhs, assign)); ++ ++ gsi_insert_before(&gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ gimple_set_plf(assign, MY_STMT, true); ++ return assign; ++} ++ +static bool is_bool(tree node) +{ + tree type; @@ -113457,34 +113894,63 @@ index 0000000..cc96254 + +static tree cast_a_tree(tree type, tree var) +{ -+ gcc_assert(type != NULL_TREE && var != NULL_TREE); ++ gcc_assert(type != NULL_TREE); ++ gcc_assert(var != NULL_TREE); + gcc_assert(fold_convertible_p(type, var)); + + return fold_convert(type, var); +} + -+static tree signed_cast(tree var) -+{ -+ return cast_a_tree(signed_size_overflow_type, var); -+} -+ -+static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) ++static gimple build_cast_stmt(tree type, tree var, tree new_var, gimple_stmt_iterator *gsi, bool before) +{ + gimple assign; ++ location_t loc; ++ ++ gcc_assert(type != NULL_TREE && var != NULL_TREE); ++ if (gsi_end_p(*gsi) && before == BEFORE_STMT) ++ gcc_unreachable(); + + if (new_var == CREATE_NEW_VAR) + new_var = create_new_var(type); + + assign = gimple_build_assign(new_var, cast_a_tree(type, var)); -+ gimple_set_location(assign, loc); ++ ++ if (!gsi_end_p(*gsi)) { ++ loc = gimple_location(gsi_stmt(*gsi)); ++ gimple_set_location(assign, loc); ++ } ++ + gimple_set_lhs(assign, make_ssa_name(new_var, assign)); + ++ if (before) ++ gsi_insert_before(gsi, assign, GSI_NEW_STMT); ++ else ++ gsi_insert_after(gsi, assign, GSI_NEW_STMT); ++ update_stmt(assign); ++ gimple_set_plf(assign, MY_STMT, true); ++ + return assign; +} + ++static tree cast_to_new_size_overflow_type(gimple stmt, tree new_rhs1, tree size_overflow_type, bool before) ++{ ++ gimple assign; ++ gimple_stmt_iterator gsi; ++ ++ if (new_rhs1 == NULL_TREE) ++ return NULL_TREE; ++ ++ if (!useless_type_conversion_p(TREE_TYPE(new_rhs1), size_overflow_type)) { ++ gsi = gsi_for_stmt(stmt); ++ assign = build_cast_stmt(size_overflow_type, new_rhs1, CREATE_NEW_VAR, &gsi, before); ++ return gimple_get_lhs(assign); ++ } ++ return new_rhs1; ++} ++ +static tree create_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, bool before) +{ -+ tree oldstmt_rhs1; ++ tree oldstmt_rhs1, size_overflow_type, lhs; + enum tree_code code; + gimple stmt; + gimple_stmt_iterator gsi; @@ -113498,13 +113964,18 @@ index 0000000..cc96254 + gcc_unreachable(); + } + ++ if (gimple_code(oldstmt) == GIMPLE_ASM) ++ lhs = rhs1; ++ else ++ lhs = gimple_get_lhs(oldstmt); ++ + oldstmt_rhs1 = gimple_assign_rhs1(oldstmt); + code = TREE_CODE(oldstmt_rhs1); + if (code == PARM_DECL || (code == SSA_NAME && gimple_code(get_def_stmt(oldstmt_rhs1)) == GIMPLE_NOP)) + check_missing_attribute(oldstmt_rhs1); + -+ stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt)); + gsi = gsi_for_stmt(oldstmt); ++ pointer_set_insert(visited, oldstmt); + if (lookup_stmt_eh_lp(oldstmt) != 0) { + basic_block next_bb, cur_bb; + edge e; @@ -113522,18 +113993,20 @@ index 0000000..cc96254 + + gsi = gsi_after_labels(next_bb); + gcc_assert(!gsi_end_p(gsi)); ++ + before = true; ++ oldstmt = gsi_stmt(gsi); ++ pointer_set_insert(visited, oldstmt); + } -+ if (before) -+ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); -+ else -+ gsi_insert_after(&gsi, stmt, GSI_NEW_STMT); -+ update_stmt(stmt); -+ pointer_set_insert(visited, oldstmt); ++ ++ size_overflow_type = get_size_overflow_type(oldstmt, lhs); ++ ++ stmt = build_cast_stmt(size_overflow_type, rhs1, CREATE_NEW_VAR, &gsi, before); ++ gimple_set_plf(stmt, MY_STMT, true); + return gimple_get_lhs(stmt); +} + -+static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) ++static tree dup_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt, tree size_overflow_type, tree rhs1, tree rhs2, tree __unused rhs3) +{ + tree new_var, lhs = gimple_get_lhs(oldstmt); + gimple stmt; @@ -113542,6 +114015,9 @@ index 0000000..cc96254 + if (!*potentionally_overflowed) + return NULL_TREE; + ++ if (gimple_plf(oldstmt, MY_STMT)) ++ return lhs; ++ + if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) { + rhs1 = gimple_assign_rhs1(oldstmt); + rhs1 = create_assign(visited, potentionally_overflowed, oldstmt, rhs1, BEFORE_STMT); @@ -113553,6 +114029,7 @@ index 0000000..cc96254 + + stmt = gimple_copy(oldstmt); + gimple_set_location(stmt, gimple_location(oldstmt)); ++ gimple_set_plf(stmt, MY_STMT, true); + + if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR) + gimple_assign_set_rhs_code(stmt, MULT_EXPR); @@ -113560,13 +114037,13 @@ index 0000000..cc96254 + if (is_bool(lhs)) + new_var = SSA_NAME_VAR(lhs); + else -+ new_var = create_new_var(signed_size_overflow_type); ++ new_var = create_new_var(size_overflow_type); + new_var = make_ssa_name(new_var, stmt); + gimple_set_lhs(stmt, new_var); + + if (rhs1 != NULL_TREE) { + if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = signed_cast(rhs1); ++ rhs1 = cast_a_tree(size_overflow_type, rhs1); + gimple_assign_set_rhs1(stmt, rhs1); + } + @@ -113601,6 +114078,7 @@ index 0000000..cc96254 + gsi = gsi_for_stmt(oldstmt); + gsi_insert_after(&gsi, phi, GSI_NEW_STMT); + gimple_set_bb(phi, bb); ++ gimple_set_plf(phi, MY_STMT, true); + return phi; +} + @@ -113614,28 +114092,29 @@ index 0000000..cc96254 + return first_bb; +} + -+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var, unsigned int i) ++static tree cast_old_phi_arg(gimple oldstmt, tree size_overflow_type, tree arg, tree new_var, unsigned int i) +{ + basic_block bb; -+ gimple newstmt, def_stmt; ++ gimple newstmt; + gimple_stmt_iterator gsi; ++ bool before = BEFORE_STMT; + -+ newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt)); -+ if (TREE_CODE(arg) == SSA_NAME) { -+ def_stmt = get_def_stmt(arg); -+ if (gimple_code(def_stmt) != GIMPLE_NOP) { -+ gsi = gsi_for_stmt(def_stmt); -+ gsi_insert_after(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; -+ } ++ if (TREE_CODE(arg) == SSA_NAME && gimple_code(get_def_stmt(arg)) != GIMPLE_NOP) { ++ gsi = gsi_for_stmt(get_def_stmt(arg)); ++ newstmt = build_cast_stmt(size_overflow_type, arg, new_var, &gsi, AFTER_STMT); ++ return gimple_get_lhs(newstmt); + } + + bb = gimple_phi_arg_edge(oldstmt, i)->src; -+ if (bb->index == 0) -+ bb = create_a_first_bb(); + gsi = gsi_after_labels(bb); -+ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; ++ if (bb->index == 0) { ++ bb = create_a_first_bb(); ++ gsi = gsi_start_bb(bb); ++ } ++ if (gsi_end_p(gsi)) ++ before = AFTER_STMT; ++ newstmt = build_cast_stmt(size_overflow_type, arg, new_var, &gsi, before); ++ return gimple_get_lhs(newstmt); +} + +static gimple handle_new_phi_arg(tree arg, tree new_var, tree new_rhs) @@ -113668,30 +114147,36 @@ index 0000000..cc96254 + + gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); + gsi_insert(&gsi, newstmt, GSI_NEW_STMT); ++ gimple_set_plf(newstmt, MY_STMT, true); + update_stmt(newstmt); + return newstmt; +} + -+static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree arg, tree new_var) ++static tree build_new_phi_arg(struct pointer_set_t *visited, bool *potentionally_overflowed, tree size_overflow_type, tree arg, tree new_var) +{ + gimple newstmt; + tree new_rhs; + + new_rhs = expand(visited, potentionally_overflowed, arg); -+ + if (new_rhs == NULL_TREE) + return NULL_TREE; + ++ new_rhs = cast_to_new_size_overflow_type(get_def_stmt(new_rhs), new_rhs, size_overflow_type, AFTER_STMT); ++ + newstmt = handle_new_phi_arg(arg, new_var, new_rhs); + return gimple_get_lhs(newstmt); +} + -+static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple oldstmt) ++static tree build_new_phi(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ -+ gimple phi; -+ tree new_var = create_new_var(signed_size_overflow_type); ++ gimple phi, oldstmt = get_def_stmt(var); ++ tree new_var, size_overflow_type; + unsigned int i, n = gimple_phi_num_args(oldstmt); + ++ size_overflow_type = get_size_overflow_type(oldstmt, var); ++ ++ new_var = create_new_var(size_overflow_type); ++ + pointer_set_insert(visited, oldstmt); + phi = overflow_create_phi_node(oldstmt, new_var); + for (i = 0; i < n; i++) { @@ -113699,10 +114184,10 @@ index 0000000..cc96254 + + arg = gimple_phi_arg_def(oldstmt, i); + if (is_gimple_constant(arg)) -+ arg = signed_cast(arg); -+ lhs = build_new_phi_arg(visited, potentionally_overflowed, arg, new_var); ++ arg = cast_a_tree(size_overflow_type, arg); ++ lhs = build_new_phi_arg(visited, potentionally_overflowed, size_overflow_type, arg, new_var); + if (lhs == NULL_TREE) -+ lhs = gimple_get_lhs(cast_old_phi_arg(oldstmt, arg, new_var, i)); ++ lhs = cast_old_phi_arg(oldstmt, size_overflow_type, arg, new_var, i); + add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt)); + } + @@ -113710,35 +114195,132 @@ index 0000000..cc96254 + return gimple_phi_result(phi); +} + -+static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++static tree change_assign_rhs(gimple stmt, tree orig_rhs, tree new_rhs) +{ -+ gimple def_stmt = get_def_stmt(var); -+ tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt); ++ gimple assign; ++ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); ++ tree origtype = TREE_TYPE(orig_rhs); ++ ++ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); ++ ++ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, &gsi, BEFORE_STMT); ++ return gimple_get_lhs(assign); ++} ++ ++static void change_rhs1(gimple stmt, tree new_rhs1) ++{ ++ tree assign_rhs; ++ tree rhs = gimple_assign_rhs1(stmt); ++ ++ assign_rhs = change_assign_rhs(stmt, rhs, new_rhs1); ++ gimple_assign_set_rhs1(stmt, assign_rhs); ++ update_stmt(stmt); ++} ++ ++static bool check_mode_type(gimple stmt) ++{ ++ tree lhs = gimple_get_lhs(stmt); ++ tree lhs_type = TREE_TYPE(lhs); ++ tree rhs_type = TREE_TYPE(gimple_assign_rhs1(stmt)); ++ enum machine_mode lhs_mode = TYPE_MODE(lhs_type); ++ enum machine_mode rhs_mode = TYPE_MODE(rhs_type); ++ ++ if (rhs_mode == lhs_mode && TYPE_UNSIGNED(rhs_type) == TYPE_UNSIGNED(lhs_type)) ++ return false; ++ ++ if (rhs_mode == SImode && lhs_mode == DImode && (TYPE_UNSIGNED(rhs_type) || !TYPE_UNSIGNED(lhs_type))) ++ return false; ++ ++ return true; ++} ++ ++static bool check_undefined_integer_operation(gimple stmt) ++{ ++ gimple def_stmt; ++ tree lhs = gimple_get_lhs(stmt); ++ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs1_type = TREE_TYPE(rhs1); ++ tree lhs_type = TREE_TYPE(lhs); ++ ++ if (TYPE_MODE(rhs1_type) != TYPE_MODE(lhs_type) || TYPE_UNSIGNED(rhs1_type) == TYPE_UNSIGNED(lhs_type)) ++ return false; ++ ++ def_stmt = get_def_stmt(rhs1); ++ if (gimple_code(def_stmt) != GIMPLE_ASSIGN) ++ return false; ++ ++ if (gimple_assign_rhs_code(def_stmt) != MINUS_EXPR) ++ return false; ++ return true; ++} ++ ++static tree handle_unary_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple stmt) ++{ ++ tree size_overflow_type, lhs = gimple_get_lhs(stmt); ++ tree new_rhs1, rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs1_type = TREE_TYPE(rhs1); ++ tree lhs_type = TREE_TYPE(lhs); + + *potentionally_overflowed = true; ++ + new_rhs1 = expand(visited, potentionally_overflowed, rhs1); -+ if (new_rhs1 == NULL_TREE) { -+ if (TREE_CODE(TREE_TYPE(rhs1)) == POINTER_TYPE) -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); -+ else -+ return create_assign(visited, potentionally_overflowed, def_stmt, rhs1, AFTER_STMT); ++ ++ if (new_rhs1 == NULL_TREE || TREE_CODE(rhs1_type) == POINTER_TYPE) ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); ++ ++ if (gimple_plf(stmt, MY_STMT)) ++ return lhs; ++ ++ if (gimple_plf(stmt, NO_CAST_CHECK)) { ++ size_overflow_type = get_size_overflow_type(stmt, rhs1); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, NULL_TREE, NULL_TREE); ++ } ++ ++ if (!gimple_assign_cast_p(stmt)) { ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, NULL_TREE, NULL_TREE); + } -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); ++ ++ if (check_undefined_integer_operation(stmt)) { ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, NULL_TREE, NULL_TREE); ++ } ++ ++ size_overflow_type = get_size_overflow_type(stmt, rhs1); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ ++ change_rhs1(stmt, new_rhs1); ++ check_size_overflow(stmt, size_overflow_type, new_rhs1, rhs1, potentionally_overflowed, BEFORE_STMT); ++ ++ if (TYPE_UNSIGNED(rhs1_type) != TYPE_UNSIGNED(lhs_type)) ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); ++ ++ if (!check_mode_type(stmt)) ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); ++ ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ ++ check_size_overflow(stmt, size_overflow_type, new_rhs1, lhs, potentionally_overflowed, BEFORE_STMT); ++ ++ return create_assign(visited, potentionally_overflowed, stmt, lhs, AFTER_STMT); +} + -+static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++static tree handle_unary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree lhs) +{ -+ gimple def_stmt = get_def_stmt(var); ++ gimple def_stmt = get_def_stmt(lhs); + tree rhs1 = gimple_assign_rhs1(def_stmt); + + if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, signed_cast(rhs1), NULL_TREE, NULL_TREE); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + + gcc_assert(TREE_CODE(rhs1) != COND_EXPR); + switch (TREE_CODE(rhs1)) { + case SSA_NAME: -+ return handle_unary_rhs(visited, potentionally_overflowed, var); -+ ++ return handle_unary_rhs(visited, potentionally_overflowed, def_stmt); + case ARRAY_REF: + case BIT_FIELD_REF: + case ADDR_EXPR: @@ -113750,7 +114332,7 @@ index 0000000..cc96254 + case PARM_DECL: + case TARGET_MEM_REF: + case VAR_DECL: -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + + default: + debug_gimple_stmt(def_stmt); @@ -113786,11 +114368,12 @@ index 0000000..cc96254 + return build1(ADDR_EXPR, ptr_type_node, string); +} + -+static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) ++static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg, bool min) +{ + gimple func_stmt, def_stmt; -+ tree current_func, loc_file, loc_line; ++ tree current_func, loc_file, loc_line, ssa_name; + expanded_location xloc; ++ char ssa_name_buf[100]; + gimple_stmt_iterator gsi = gsi_start_bb(bb_true); + + def_stmt = get_def_stmt(arg); @@ -113810,8 +114393,15 @@ index 0000000..cc96254 + current_func = build_string(NAME_LEN(current_function_decl) + 1, NAME(current_function_decl)); + current_func = create_string_param(current_func); + -+ // void report_size_overflow(const char *file, unsigned int line, const char *func) -+ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); ++ if (min) ++ snprintf(ssa_name_buf, 100, "%s_%u (min)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg)); ++ else ++ snprintf(ssa_name_buf, 100, "%s_%u (max)\n", NAME(SSA_NAME_VAR(arg)), SSA_NAME_VERSION(arg)); ++ ssa_name = build_string(100, ssa_name_buf); ++ ssa_name = create_string_param(ssa_name); ++ ++ // void report_size_overflow(const char *file, unsigned int line, const char *func, const char *ssa_name) ++ func_stmt = gimple_build_call(report_size_overflow_decl, 4, loc_file, loc_line, current_func, ssa_name); + + gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); +} @@ -113823,14 +114413,15 @@ index 0000000..cc96254 + inform(loc, "Integer size_overflow check applied here."); +} + -+static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value) ++static void insert_check_size_overflow(gimple stmt, enum tree_code cond_code, tree arg, tree type_value, bool before, bool min) +{ + basic_block cond_bb, join_bb, bb_true; + edge e; + gimple_stmt_iterator gsi = gsi_for_stmt(stmt); + + cond_bb = gimple_bb(stmt); -+ gsi_prev(&gsi); ++ if (before) ++ gsi_prev(&gsi); + if (gsi_end_p(gsi)) + e = split_block_after_labels(cond_bb); + else @@ -113856,80 +114447,218 @@ index 0000000..cc96254 + } + + insert_cond(cond_bb, arg, cond_code, type_value); -+ insert_cond_result(bb_true, stmt, arg); ++ insert_cond_result(bb_true, stmt, arg, min); + +// print_the_code_insertions(stmt); +} + -+static gimple cast_to_unsigned_size_overflow_type(gimple stmt, tree cast_rhs) ++static void check_size_overflow(gimple stmt, tree size_overflow_type, tree cast_rhs, tree rhs, bool *potentionally_overflowed, bool before) +{ -+ gimple ucast_stmt; -+ gimple_stmt_iterator gsi; -+ location_t loc = gimple_location(stmt); ++ tree cast_rhs_type, type_max_type, type_min_type, type_max, type_min, rhs_type = TREE_TYPE(rhs); ++ gcc_assert(rhs_type != NULL_TREE); ++ gcc_assert(TREE_CODE(rhs_type) == INTEGER_TYPE || TREE_CODE(rhs_type) == BOOLEAN_TYPE || TREE_CODE(rhs_type) == ENUMERAL_TYPE); + -+ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, cast_rhs, CREATE_NEW_VAR, loc); -+ gsi = gsi_for_stmt(stmt); -+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); -+ return ucast_stmt; ++ if (!*potentionally_overflowed) ++ return; ++ ++ type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type)); ++ type_min = cast_a_tree(size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ ++ gcc_assert(!TREE_OVERFLOW(type_max)); ++ ++ cast_rhs_type = TREE_TYPE(cast_rhs); ++ type_max_type = TREE_TYPE(type_max); ++ type_min_type = TREE_TYPE(type_min); ++ gcc_assert(useless_type_conversion_p(cast_rhs_type, type_max_type)); ++ gcc_assert(useless_type_conversion_p(type_max_type, type_min_type)); ++ ++ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max, before, false); ++ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min, before, true); +} + -+static void check_size_overflow(gimple stmt, tree cast_rhs, tree rhs, bool *potentionally_overflowed) ++static tree get_handle_const_assign_size_overflow_type(gimple def_stmt, tree var_rhs) +{ -+ tree type_max, type_min, rhs_type = TREE_TYPE(rhs); -+ gimple ucast_stmt; ++ gimple var_rhs_def_stmt; ++ tree lhs = gimple_get_lhs(def_stmt); ++ tree lhs_type = TREE_TYPE(lhs); ++ tree rhs1_type = TREE_TYPE(gimple_assign_rhs1(def_stmt)); ++ tree rhs2_type = TREE_TYPE(gimple_assign_rhs2(def_stmt)); + -+ if (!*potentionally_overflowed) -+ return; ++ if (var_rhs == NULL_TREE) ++ return get_size_overflow_type(def_stmt, lhs); + -+ if (TYPE_UNSIGNED(rhs_type)) { -+ ucast_stmt = cast_to_unsigned_size_overflow_type(stmt, cast_rhs); -+ type_max = cast_a_tree(unsigned_size_overflow_type, TYPE_MAX_VALUE(rhs_type)); -+ insert_check_size_overflow(stmt, GT_EXPR, gimple_get_lhs(ucast_stmt), type_max); -+ } else { -+ type_max = signed_cast(TYPE_MAX_VALUE(rhs_type)); -+ insert_check_size_overflow(stmt, GT_EXPR, cast_rhs, type_max); ++ var_rhs_def_stmt = get_def_stmt(var_rhs); ++ ++ if (TREE_CODE_CLASS(gimple_assign_rhs_code(def_stmt)) == tcc_comparison) ++ return get_size_overflow_type(var_rhs_def_stmt, var_rhs); ++ ++ if (gimple_assign_rhs_code(def_stmt) == LSHIFT_EXPR) ++ return get_size_overflow_type(var_rhs_def_stmt, var_rhs); ++ ++ if (gimple_assign_rhs_code(def_stmt) == RSHIFT_EXPR) ++ return get_size_overflow_type(var_rhs_def_stmt, var_rhs); + -+ type_min = signed_cast(TYPE_MIN_VALUE(rhs_type)); -+ insert_check_size_overflow(stmt, LT_EXPR, cast_rhs, type_min); ++ if (!useless_type_conversion_p(lhs_type, rhs1_type) || !useless_type_conversion_p(rhs1_type, rhs2_type)) { ++ debug_gimple_stmt(def_stmt); ++ gcc_unreachable(); + } ++ ++ return get_size_overflow_type(def_stmt, lhs); +} + -+static tree change_assign_rhs(gimple stmt, tree orig_rhs, tree new_rhs) ++static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var_rhs, tree new_rhs1, tree new_rhs2) +{ -+ gimple assign; -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ tree origtype = TREE_TYPE(orig_rhs); ++ tree new_rhs, size_overflow_type, orig_rhs; ++ void (*gimple_assign_set_rhs)(gimple, tree); ++ tree rhs1 = gimple_assign_rhs1(def_stmt); ++ tree rhs2 = gimple_assign_rhs2(def_stmt); ++ tree lhs = gimple_get_lhs(def_stmt); + -+ gcc_assert(gimple_code(stmt) == GIMPLE_ASSIGN); ++ if (var_rhs == NULL_TREE) ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + -+ assign = build_cast_stmt(origtype, new_rhs, CREATE_NEW_VAR, gimple_location(stmt)); -+ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); -+ update_stmt(assign); -+ return gimple_get_lhs(assign); -+} ++ if (new_rhs2 == NULL_TREE) { ++ size_overflow_type = get_handle_const_assign_size_overflow_type(def_stmt, new_rhs1); ++ new_rhs2 = cast_a_tree(size_overflow_type, rhs2); ++ orig_rhs = rhs1; ++ gimple_assign_set_rhs = &gimple_assign_set_rhs1; ++ } else { ++ size_overflow_type = get_handle_const_assign_size_overflow_type(def_stmt, new_rhs2); ++ new_rhs1 = cast_a_tree(size_overflow_type, rhs1); ++ orig_rhs = rhs2; ++ gimple_assign_set_rhs = &gimple_assign_set_rhs2; ++ } + -+static tree handle_const_assign(struct pointer_set_t *visited, bool *potentionally_overflowed, gimple def_stmt, tree var, tree orig_rhs, tree var_rhs, tree new_rhs1, tree new_rhs2, void (*gimple_assign_set_rhs)(gimple, tree)) -+{ -+ tree new_rhs; ++ var_rhs = cast_to_new_size_overflow_type(def_stmt, var_rhs, size_overflow_type, BEFORE_STMT); + + if (gimple_assign_rhs_code(def_stmt) == MIN_EXPR) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE); + -+ if (var_rhs == NULL_TREE) -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ check_size_overflow(def_stmt, size_overflow_type, var_rhs, orig_rhs, potentionally_overflowed, BEFORE_STMT); + + new_rhs = change_assign_rhs(def_stmt, orig_rhs, var_rhs); + gimple_assign_set_rhs(def_stmt, new_rhs); + update_stmt(def_stmt); + -+ check_size_overflow(def_stmt, var_rhs, orig_rhs, potentionally_overflowed); -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); +} + -+static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) ++static tree get_cast_def_stmt_rhs(tree new_rhs) +{ -+ tree rhs1, rhs2; -+ gimple def_stmt = get_def_stmt(var); ++ gimple def_stmt; ++ ++ def_stmt = get_def_stmt(new_rhs); ++ // get_size_overflow_type ++ if (LONG_TYPE_SIZE != GET_MODE_BITSIZE(SImode)) ++ gcc_assert(gimple_assign_cast_p(def_stmt)); ++ return gimple_assign_rhs1(def_stmt); ++} ++ ++static tree cast_to_int_TI_type_and_check(bool *potentionally_overflowed, gimple stmt, tree new_rhs) ++{ ++ gimple_stmt_iterator gsi; ++ gimple cast_stmt, def_stmt; ++ enum machine_mode mode = TYPE_MODE(TREE_TYPE(new_rhs)); ++ ++ if (mode != TImode && mode != DImode) { ++ def_stmt = get_def_stmt(new_rhs); ++ gcc_assert(gimple_assign_cast_p(def_stmt)); ++ new_rhs = gimple_assign_rhs1(def_stmt); ++ mode = TYPE_MODE(TREE_TYPE(new_rhs)); ++ } ++ ++ gcc_assert(mode == TImode || mode == DImode); ++ ++ if (mode == TYPE_MODE(intTI_type_node) && useless_type_conversion_p(TREE_TYPE(new_rhs), intTI_type_node)) ++ return new_rhs; ++ ++ gsi = gsi_for_stmt(stmt); ++ cast_stmt = build_cast_stmt(intTI_type_node, new_rhs, CREATE_NEW_VAR, &gsi, BEFORE_STMT); ++ new_rhs = gimple_get_lhs(cast_stmt); ++ ++ if (mode == DImode) ++ return new_rhs; ++ ++ check_size_overflow(stmt, intTI_type_node, new_rhs, new_rhs, potentionally_overflowed, BEFORE_STMT); ++ ++ return new_rhs; ++} ++ ++static bool is_an_integer_trunction(gimple stmt) ++{ ++ gimple rhs1_def_stmt, rhs2_def_stmt; ++ tree rhs1_def_stmt_rhs1, rhs2_def_stmt_rhs1; ++ enum machine_mode rhs1_def_stmt_rhs1_mode, rhs2_def_stmt_rhs1_mode; ++ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs2 = gimple_assign_rhs2(stmt); ++ enum machine_mode rhs1_mode = TYPE_MODE(TREE_TYPE(rhs1)); ++ enum machine_mode rhs2_mode = TYPE_MODE(TREE_TYPE(rhs2)); ++ ++ if (is_gimple_constant(rhs1) || is_gimple_constant(rhs2)) ++ return false; ++ ++ gcc_assert(TREE_CODE(rhs1) == SSA_NAME && TREE_CODE(rhs2) == SSA_NAME); ++ ++ if (gimple_assign_rhs_code(stmt) != MINUS_EXPR || rhs1_mode != SImode || rhs2_mode != SImode) ++ return false; ++ ++ rhs1_def_stmt = get_def_stmt(rhs1); ++ rhs2_def_stmt = get_def_stmt(rhs2); ++ if (!gimple_assign_cast_p(rhs1_def_stmt) || !gimple_assign_cast_p(rhs2_def_stmt)) ++ return false; ++ ++ rhs1_def_stmt_rhs1 = gimple_assign_rhs1(rhs1_def_stmt); ++ rhs2_def_stmt_rhs1 = gimple_assign_rhs1(rhs2_def_stmt); ++ rhs1_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs1_def_stmt_rhs1)); ++ rhs2_def_stmt_rhs1_mode = TYPE_MODE(TREE_TYPE(rhs2_def_stmt_rhs1)); ++ if (rhs1_def_stmt_rhs1_mode != DImode || rhs2_def_stmt_rhs1_mode != DImode) ++ return false; ++ ++ gimple_set_plf(rhs1_def_stmt, NO_CAST_CHECK, true); ++ gimple_set_plf(rhs2_def_stmt, NO_CAST_CHECK, true); ++ return true; ++} ++ ++static tree handle_integer_truncation(struct pointer_set_t *visited, bool *potentionally_overflowed, tree lhs) ++{ ++ tree new_rhs1, new_rhs2, size_overflow_type; ++ tree new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1, new_lhs; ++ tree new_rhs1_def_stmt_rhs1_type, new_rhs2_def_stmt_rhs1_type; ++ gimple assign, stmt = get_def_stmt(lhs); ++ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree rhs2 = gimple_assign_rhs2(stmt); ++ ++ if (!is_an_integer_trunction(stmt)) ++ return NULL_TREE; ++ ++ new_rhs1 = expand(visited, potentionally_overflowed, rhs1); ++ new_rhs2 = expand(visited, potentionally_overflowed, rhs2); ++ ++ new_rhs1_def_stmt_rhs1 = get_cast_def_stmt_rhs(new_rhs1); ++ new_rhs2_def_stmt_rhs1 = get_cast_def_stmt_rhs(new_rhs2); ++ ++ new_rhs1_def_stmt_rhs1_type = TREE_TYPE(new_rhs1_def_stmt_rhs1); ++ new_rhs2_def_stmt_rhs1_type = TREE_TYPE(new_rhs2_def_stmt_rhs1); ++ ++ if (!useless_type_conversion_p(new_rhs1_def_stmt_rhs1_type, new_rhs2_def_stmt_rhs1_type)) { ++ new_rhs1_def_stmt_rhs1 = cast_to_int_TI_type_and_check(potentionally_overflowed, stmt, new_rhs1_def_stmt_rhs1); ++ new_rhs2_def_stmt_rhs1 = cast_to_int_TI_type_and_check(potentionally_overflowed, stmt, new_rhs2_def_stmt_rhs1); ++ } ++ ++ assign = create_binary_assign(MINUS_EXPR, stmt, new_rhs1_def_stmt_rhs1, new_rhs2_def_stmt_rhs1); ++ new_lhs = gimple_get_lhs(assign); ++ check_size_overflow(assign, TREE_TYPE(new_lhs), new_lhs, rhs1, potentionally_overflowed, AFTER_STMT); ++ ++ size_overflow_type = get_size_overflow_type(stmt, lhs); ++ new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ new_rhs2 = cast_to_new_size_overflow_type(stmt, new_rhs2, size_overflow_type, BEFORE_STMT); ++ return dup_assign(visited, potentionally_overflowed, stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE); ++} ++ ++static tree handle_binary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree lhs) ++{ ++ tree rhs1, rhs2, size_overflow_type, new_lhs; ++ gimple def_stmt = get_def_stmt(lhs); + tree new_rhs1 = NULL_TREE; + tree new_rhs2 = NULL_TREE; + @@ -113950,32 +114679,41 @@ index 0000000..cc96254 + case EXACT_DIV_EXPR: + case POINTER_PLUS_EXPR: + case BIT_AND_EXPR: -+ return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); ++ return create_assign(visited, potentionally_overflowed, def_stmt, lhs, AFTER_STMT); + default: + break; + } + + *potentionally_overflowed = true; + ++ new_lhs = handle_integer_truncation(visited, potentionally_overflowed, lhs); ++ if (new_lhs != NULL_TREE) ++ return new_lhs; ++ + if (TREE_CODE(rhs1) == SSA_NAME) + new_rhs1 = expand(visited, potentionally_overflowed, rhs1); + if (TREE_CODE(rhs2) == SSA_NAME) + new_rhs2 = expand(visited, potentionally_overflowed, rhs2); + + if (is_gimple_constant(rhs2)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs1, new_rhs1, new_rhs1, signed_cast(rhs2), &gimple_assign_set_rhs1); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs1, NULL_TREE); + + if (is_gimple_constant(rhs1)) -+ return handle_const_assign(visited, potentionally_overflowed, def_stmt, var, rhs2, new_rhs2, signed_cast(rhs1), new_rhs2, &gimple_assign_set_rhs2); ++ return handle_const_assign(visited, potentionally_overflowed, def_stmt, new_rhs2, NULL_TREE, new_rhs2); ++ ++ size_overflow_type = get_size_overflow_type(def_stmt, lhs); + -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, NULL_TREE); ++ new_rhs1 = cast_to_new_size_overflow_type(def_stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ new_rhs2 = cast_to_new_size_overflow_type(def_stmt, new_rhs2, size_overflow_type, BEFORE_STMT); ++ ++ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, NULL_TREE); +} + +#if BUILDING_GCC_VERSION >= 4007 -+static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree rhs) ++static tree get_new_rhs(struct pointer_set_t *visited, bool *potentionally_overflowed, tree size_overflow_type, tree rhs) +{ + if (is_gimple_constant(rhs)) -+ return signed_cast(rhs); ++ return cast_a_tree(size_overflow_type, rhs); + if (TREE_CODE(rhs) != SSA_NAME) + return NULL_TREE; + return expand(visited, potentionally_overflowed, rhs); @@ -113983,61 +114721,72 @@ index 0000000..cc96254 + +static tree handle_ternary_ops(struct pointer_set_t *visited, bool *potentionally_overflowed, tree var) +{ -+ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3; ++ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3, size_overflow_type; + gimple def_stmt = get_def_stmt(var); + + *potentionally_overflowed = true; + ++ size_overflow_type = get_size_overflow_type(def_stmt, var); ++ + rhs1 = gimple_assign_rhs1(def_stmt); + rhs2 = gimple_assign_rhs2(def_stmt); + rhs3 = gimple_assign_rhs3(def_stmt); -+ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, rhs1); -+ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, rhs2); -+ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, rhs3); ++ new_rhs1 = get_new_rhs(visited, potentionally_overflowed, size_overflow_type, rhs1); ++ new_rhs2 = get_new_rhs(visited, potentionally_overflowed, size_overflow_type, rhs2); ++ new_rhs3 = get_new_rhs(visited, potentionally_overflowed, size_overflow_type, rhs3); + -+ if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE) -+ return dup_assign(visited, potentionally_overflowed, def_stmt, new_rhs1, new_rhs2, new_rhs3); -+ error("handle_ternary_ops: unknown rhs"); -+ gcc_unreachable(); ++ new_rhs1 = cast_to_new_size_overflow_type(def_stmt, new_rhs1, size_overflow_type, BEFORE_STMT); ++ new_rhs2 = cast_to_new_size_overflow_type(def_stmt, new_rhs2, size_overflow_type, BEFORE_STMT); ++ new_rhs3 = cast_to_new_size_overflow_type(def_stmt, new_rhs3, size_overflow_type, BEFORE_STMT); ++ ++ return dup_assign(visited, potentionally_overflowed, def_stmt, size_overflow_type, new_rhs1, new_rhs2, new_rhs3); +} +#endif + -+static void set_size_overflow_type(tree node) ++static tree get_size_overflow_type(gimple stmt, tree node) +{ -+ switch (TYPE_MODE(TREE_TYPE(node))) { ++ tree type; ++ ++ gcc_assert(node != NULL_TREE); ++ ++ type = TREE_TYPE(node); ++ ++ if (gimple_plf(stmt, MY_STMT)) ++ return TREE_TYPE(node); ++ ++ switch (TYPE_MODE(type)) { ++ case QImode: ++ return (TYPE_UNSIGNED(type)) ? unsigned_intHI_type_node : intHI_type_node; ++ case HImode: ++ return (TYPE_UNSIGNED(type)) ? unsigned_intSI_type_node : intSI_type_node; + case SImode: -+ signed_size_overflow_type = intDI_type_node; -+ unsigned_size_overflow_type = unsigned_intDI_type_node; -+ break; ++ return (TYPE_UNSIGNED(type)) ? unsigned_intDI_type_node : intDI_type_node; + case DImode: -+ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) { -+ signed_size_overflow_type = intDI_type_node; -+ unsigned_size_overflow_type = unsigned_intDI_type_node; -+ } else { -+ signed_size_overflow_type = intTI_type_node; -+ unsigned_size_overflow_type = unsigned_intTI_type_node; -+ } -+ break; ++ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) ++ return (TYPE_UNSIGNED(type)) ? unsigned_intDI_type_node : intDI_type_node; ++ return (TYPE_UNSIGNED(type)) ? unsigned_intTI_type_node : intTI_type_node; + default: -+ error("set_size_overflow_type: unsupported gcc configuration."); ++ debug_tree(node); ++ error("get_size_overflow_type: unsupported gcc configuration."); + gcc_unreachable(); + } +} + +static tree expand_visited(gimple def_stmt) +{ -+ gimple tmp; ++ gimple next_stmt; + gimple_stmt_iterator gsi = gsi_for_stmt(def_stmt); + + gsi_next(&gsi); -+ tmp = gsi_stmt(gsi); -+ switch (gimple_code(tmp)) { ++ next_stmt = gsi_stmt(gsi); ++ ++ switch (gimple_code(next_stmt)) { + case GIMPLE_ASSIGN: -+ return gimple_get_lhs(tmp); ++ return gimple_get_lhs(next_stmt); + case GIMPLE_PHI: -+ return gimple_phi_result(tmp); ++ return gimple_phi_result(next_stmt); + case GIMPLE_CALL: -+ return gimple_call_lhs(tmp); ++ return gimple_call_lhs(next_stmt); + default: + return NULL_TREE; + } @@ -114055,19 +114804,18 @@ index 0000000..cc96254 + return NULL_TREE; + + gcc_assert(code == INTEGER_TYPE || code == POINTER_TYPE || code == BOOLEAN_TYPE || code == ENUMERAL_TYPE); -+ if (code != INTEGER_TYPE) -+ return NULL_TREE; + -+ if (SSA_NAME_IS_DEFAULT_DEF(var)) { ++ if (TREE_CODE(SSA_NAME_VAR(var)) == PARM_DECL) + check_missing_attribute(var); -+ return NULL_TREE; -+ } + + def_stmt = get_def_stmt(var); + + if (!def_stmt) + return NULL_TREE; + ++ if (gimple_plf(def_stmt, MY_STMT)) ++ return var; ++ + if (pointer_set_contains(visited, def_stmt)) + return expand_visited(def_stmt); + @@ -114076,7 +114824,7 @@ index 0000000..cc96254 + check_missing_attribute(var); + return NULL_TREE; + case GIMPLE_PHI: -+ return build_new_phi(visited, potentionally_overflowed, def_stmt); ++ return build_new_phi(visited, potentionally_overflowed, var); + case GIMPLE_CALL: + case GIMPLE_ASM: + return create_assign(visited, potentionally_overflowed, def_stmt, var, AFTER_STMT); @@ -114106,9 +114854,7 @@ index 0000000..cc96254 + + gcc_assert(gimple_code(stmt) == GIMPLE_CALL); + -+ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt)); -+ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); -+ update_stmt(assign); ++ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, &gsi, BEFORE_STMT); + + gimple_call_set_arg(stmt, argnum, gimple_get_lhs(assign)); + update_stmt(stmt); @@ -114158,8 +114904,6 @@ index 0000000..cc96254 + + check_arg_type(arg); + -+ set_size_overflow_type(arg); -+ + visited = pointer_set_create(); + potentionally_overflowed = false; + newarg = expand(visited, &potentionally_overflowed, arg); @@ -114170,7 +114914,7 @@ index 0000000..cc96254 + + change_function_arg(stmt, arg, argnum, newarg); + -+ check_size_overflow(stmt, newarg, arg, &potentionally_overflowed); ++ check_size_overflow(stmt, TREE_TYPE(newarg), newarg, arg, &potentionally_overflowed, BEFORE_STMT); +} + +static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl) @@ -114198,14 +114942,29 @@ index 0000000..cc96254 + handle_function_arg(stmt, fndecl, num - 1); +} + ++static void set_plf_false(void) ++{ ++ basic_block bb; ++ ++ FOR_ALL_BB(bb) { ++ gimple_stmt_iterator si; ++ ++ for (si = gsi_start_bb(bb); !gsi_end_p(si); gsi_next(&si)) ++ gimple_set_plf(gsi_stmt(si), MY_STMT, false); ++ for (si = gsi_start_phis(bb); !gsi_end_p(si); gsi_next(&si)) ++ gimple_set_plf(gsi_stmt(si), MY_STMT, false); ++ } ++} ++ +static unsigned int handle_function(void) +{ -+ basic_block bb = ENTRY_BLOCK_PTR->next_bb; -+ int saved_last_basic_block = last_basic_block; ++ basic_block next, bb = ENTRY_BLOCK_PTR->next_bb; ++ ++ set_plf_false(); + + do { + gimple_stmt_iterator gsi; -+ basic_block next = bb->next_bb; ++ next = bb->next_bb; + + for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { + tree fndecl, attr; @@ -114218,15 +114977,16 @@ index 0000000..cc96254 + continue; + if (gimple_call_num_args(stmt) == 0) + continue; -+ attr = lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(fndecl))); ++ attr = lookup_attribute("size_overflow", DECL_ATTRIBUTES(fndecl)); + if (!attr || !TREE_VALUE(attr)) + handle_function_by_hash(stmt, fndecl); + else + handle_function_by_attribute(stmt, attr, fndecl); + gsi = gsi_for_stmt(stmt); ++ next = gimple_bb(stmt)->next_bb; + } + bb = next; -+ } while (bb && bb->index <= saved_last_basic_block); ++ } while (bb); + return 0; +} + @@ -114254,11 +115014,12 @@ index 0000000..cc96254 + + const_char_ptr_type_node = build_pointer_type(build_type_variant(char_type_node, 1, 0)); + -+ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func) ++ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func, const char *ssa_var) + fntype = build_function_type_list(void_type_node, + const_char_ptr_type_node, + unsigned_type_node, + const_char_ptr_type_node, ++ const_char_ptr_type_node, + NULL_TREE); + report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype); + @@ -114266,6 +115027,7 @@ index 0000000..cc96254 + TREE_PUBLIC(report_size_overflow_decl) = 1; + DECL_EXTERNAL(report_size_overflow_decl) = 1; + DECL_ARTIFICIAL(report_size_overflow_decl) = 1; ++ TREE_THIS_VOLATILE(report_size_overflow_decl) = 1; +} + +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) @@ -114298,7 +115060,7 @@ index 0000000..cc96254 + + register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info); + if (enable) { -+ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); ++ register_callback("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info); + } + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); |