8 files changed, 121 insertions, 2 deletions

diff --git a/gcc/ChangeLog b/gcc/ChangeLog
index c15c1d3..25a3edb 100644
--- a/gcc/ChangeLog
+++ b/gcc/ChangeLog
@@ -1,3 +1,13 @@
+2016-12-27  Alexander Ivchenko  <alexander.ivchenko@intel.com>
+
+	* c-family/c.opt (flag_chkp_flexible_struct_trailing_arrays):
+	Add new option.
+	(fchkp-narrow-to-innermost-array): Fix typo.
+	* doc/cpp.texi (flag_chkp_flexible_struct_trailing_arrays): Ditto.
+	* tree-chkp.c (chkp_may_narrow_to_field ): Forbid
+	narrowing when flag_chkp_flexible_struct_trailing_arrays is used
+	and the field is the last array field in the structure.
+
 2016-12-27  Uros Bizjak  <ubizjak@gmail.com>
 
 	* config/i386/i386.md (andqi_ext_1): Use general_operand
diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index a5333a3..1d40d76f1 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1207,7 +1207,13 @@ narrowing is on, field bounds are used.  Otherwise full object bounds are used.
 fchkp-narrow-to-innermost-array
 C ObjC C++ ObjC++ LTO RejectNegative Report Var(flag_chkp_narrow_to_innermost_arrray)
 Forces Pointer Bounds Checker to use bounds of the innermost arrays in case of
-nested static arryas access.  By default outermost array is used.
+nested static arrays access.  By default outermost array is used.
+
+fchkp-flexible-struct-trailing-arrays
+C ObjC C++ ObjC++ LTO Report Var(flag_chkp_flexible_struct_trailing_arrays)
+Forces Pointer Bounds Checker to treat all trailing arrays in structures as
+possibly flexible.  By default only arrays fields with zero length or that are
+marked with attribute bnd_variable_size are treated as flexible.
 
 fchkp-optimize
 C ObjC C++ ObjC++ LTO Report Var(flag_chkp_optimize) Init(-1)
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 9af6e84..b276914 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -447,7 +447,7 @@ Objective-C and Objective-C++ Dialects}.
 -fchkp-treat-zero-dynamic-size-as-infinite -fchkp-check-read @gol
 -fchkp-check-read -fchkp-check-write -fchkp-store-bounds @gol
 -fchkp-instrument-calls -fchkp-instrument-marked-only @gol
--fchkp-use-wrappers @gol
+-fchkp-use-wrappers -fchkp-flexible-struct-trailing-arrays@gol
 -fstack-protector -fstack-protector-all -fstack-protector-strong @gol
 -fstack-protector-explicit -fstack-check @gol
 -fstack-limit-register=@var{reg}  -fstack-limit-symbol=@var{sym} @gol
@@ -10954,6 +10954,13 @@ Forces Pointer Bounds Checker to use narrowed bounds for the address of the
 first field in the structure.  By default a pointer to the first field has
 the same bounds as a pointer to the whole structure.
 
+@item -fchkp-flexible-struct-trailing-arrays
+@opindex fchkp-flexible-struct-trailing-arrays
+@opindex fno-chkp-flexible-struct-trailing-arrays
+Forces Pointer Bounds Checker to treat all trailing arrays in structures as
+possibly flexible.  By default only array fields with zero length or that are
+marked with attribute bnd_variable_size are treated as flexible.
+
 @item -fchkp-narrow-to-innermost-array
 @opindex fchkp-narrow-to-innermost-array
 @opindex fno-chkp-narrow-to-innermost-array
diff --git a/gcc/testsuite/ChangeLog b/gcc/testsuite/ChangeLog
index fc9233a..d8eecd4 100644
--- a/gcc/testsuite/ChangeLog
+++ b/gcc/testsuite/ChangeLog
@@ -1,3 +1,9 @@
+2016-12-27  Alexander Ivchenko  <alexander.ivchenko@intel.com>
+
+	* gcc.target/i386/mpx/vla-trailing-1-lbv.c: New test.
+	* gcc.target/i386/mpx/vla-trailing-1-nov.c: Ditto.
+	* gcc.target/i386/mpx/vla-trailing-1-ubv.c: Ditto.
+
 2016-12-27  Uros Bizjak  <ubizjak@gmail.com>
 
 	PR target/78904
diff --git a/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-lbv.c b/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-lbv.c
new file mode 100644
index 0000000..9739920
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-lbv.c
@@ -0,0 +1,29 @@
+/* { dg-do run } */
+/* { dg-shouldfail "bounds violation" } */
+/* { dg-options "-fcheck-pointer-bounds -mmpx -fchkp-flexible-struct-trailing-arrays" } */
+
+
+#define SHOULDFAIL
+
+#include "mpx-check.h"
+
+struct S
+{
+  int a;
+  int p[10];
+};
+
+int rd (int *p, int i)
+{
+  int res = p[i];
+  printf ("%d\n", res);
+  return res;
+}
+
+int mpx_test (int argc, const char **argv)
+{
+  struct S *s = (struct S *)alloca (sizeof(struct S) + sizeof (int)*100);
+  rd (s->p, -2);
+
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-nov.c b/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-nov.c
new file mode 100644
index 0000000..f5c8f95
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-nov.c
@@ -0,0 +1,29 @@
+/* { dg-do run } */
+/* { dg-options "-fcheck-pointer-bounds -mmpx -fchkp-flexible-struct-trailing-arrays" } */
+
+
+#include "mpx-check.h"
+
+struct S
+{
+  int a;
+  int p[10];
+};
+
+int rd (int *p, int i)
+{
+  int res = p[i];
+  printf ("%d\n", res);
+  return res;
+}
+
+int mpx_test (int argc, const char **argv)
+{
+  struct S *s = (struct S *)alloca (sizeof(struct S) + sizeof (int)*100);
+  rd (s->p, 0);
+  rd (s->p, 99);
+  s->p[0];
+  s->p[99];
+  
+  return 0;
+}
diff --git a/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-ubv.c b/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-ubv.c
new file mode 100644
index 0000000..8385a5a
--- /dev/null
+++ b/gcc/testsuite/gcc.target/i386/mpx/vla-trailing-1-ubv.c
@@ -0,0 +1,29 @@
+/* { dg-do run } */
+/* { dg-shouldfail "bounds violation" } */
+/* { dg-options "-fcheck-pointer-bounds -mmpx -fchkp-flexible-struct-trailing-arrays" } */
+
+
+#define SHOULDFAIL
+
+#include "mpx-check.h"
+
+struct S
+{
+  int a;
+  int p[10];
+};
+
+int rd (int *p, int i)
+{
+  int res = p[i];
+  printf ("%d\n", res);
+  return res;
+}
+
+int mpx_test (int argc, const char **argv)
+{
+  struct S *s = (struct S *)alloca (sizeof(struct S) + sizeof (int)*100);
+  rd (s->p, 110);
+
+  return 0;
+}
diff --git a/gcc/tree-chkp.c b/gcc/tree-chkp.c
index 2769682..6c7862c 100644
--- a/gcc/tree-chkp.c
+++ b/gcc/tree-chkp.c
@@ -3272,6 +3272,9 @@ chkp_may_narrow_to_field (tree field)
 {
   return DECL_SIZE (field) && TREE_CODE (DECL_SIZE (field)) == INTEGER_CST
     && tree_to_uhwi (DECL_SIZE (field)) != 0
+    && !(flag_chkp_flexible_struct_trailing_arrays
+	 && TREE_CODE(TREE_TYPE(field)) == ARRAY_TYPE
+	 && !DECL_CHAIN (field))
     && (!DECL_FIELD_OFFSET (field)
 	|| TREE_CODE (DECL_FIELD_OFFSET (field)) == INTEGER_CST)
     && (!DECL_FIELD_BIT_OFFSET (field)