common.opt (fstack-protector): Initialize to -1.

* common.opt (fstack-protector): Initialize to -1.
        (fstack-protector-all): Likewise.
        (fstack-protector-strong): Likewise.
        (fstack-protector-explicit): Likewise.
        * configure.ac: Add --enable-default-ssp.
        * defaults.h (DEFAULT_FLAG_SSP): New.  Default SSP to strong.
        * opts.c (finish_options): Update opts->x_flag_stack_protect if it is
        -1.
        * doc/install.texi: Document --enable-default-ssp.
        * config.in: Regenerated.
        * configure: Likewise.

        * lib/target-supports.exp
        (check_effective_target_fstack_protector_enabled): New test.
        * gcc.target/i386/ssp-default.c: New test.

From-SVN: r227017

gcc/ChangeLog

@@ -1,3 +1,17 @@
+2015-08-19  Magnus Granberg  <zorry@gentoo.org>
+
+	* common.opt (fstack-protector): Initialize to -1.
+	(fstack-protector-all): Likewise.
+	(fstack-protector-strong): Likewise.
+	(fstack-protector-explicit): Likewise.
+	* configure.ac: Add --enable-default-ssp.
+	* defaults.h (DEFAULT_FLAG_SSP): New.  Default SSP to strong.
+	* opts.c (finish_options): Update opts->x_flag_stack_protect if it is
+	-1.
+	* doc/install.texi: Document --enable-default-ssp.
+	* config.in: Regenerated.
+	* configure: Likewise.
+
 2015-08-19  Alexandre Oliva <aoliva@redhat.com>
 
 	PR rtl-optimization/64164

gcc/common.opt

@@ -2124,15 +2124,15 @@ Common RejectNegative Joined Var(common_deferred_options) Defer
 -fstack-limit-symbol=<name>	Trap if the stack goes past symbol <name>
 
 fstack-protector
-Common Report Var(flag_stack_protect, 1)
+Common Report Var(flag_stack_protect, 1) Init(-1)
 Use propolice as a stack protection method
 
 fstack-protector-all
-Common Report RejectNegative Var(flag_stack_protect, 2)
+Common Report RejectNegative Var(flag_stack_protect, 2) Init(-1)
 Use a stack protection method for every function
 
 fstack-protector-strong
-Common Report RejectNegative Var(flag_stack_protect, 3)
+Common Report RejectNegative Var(flag_stack_protect, 3) Init(-1)
 Use a smart stack protection method for certain functions
 
 fstack-protector-explicit

gcc/config.in

@@ -95,6 +95,13 @@
 #endif
 
 
+/* Define if your target supports default stack protector and it is enabled.
+   */
+#ifndef USED_FOR_TARGET
+#undef ENABLE_DEFAULT_SSP
+#endif
+
+
 /* Define if you want more run-time sanity checks for dataflow. */
 #ifndef USED_FOR_TARGET
 #undef ENABLE_DF_CHECKING

gcc/configure

@@ -678,6 +678,7 @@ MAINT
 zlibinc
 zlibdir
 HOST_LIBS
+enable_default_ssp
 libgcc_visibility
 gcc_cv_readelf
 gcc_cv_objdump
@@ -930,6 +931,7 @@ enable_fix_cortex_a53_843419
 with_glibc_version
 enable_gnu_unique_object
 enable_linker_build_id
+enable_default_ssp
 with_long_double_128
 with_gc
 with_system_zlib
@@ -1666,6 +1668,7 @@ Optional Features:
                           extension on glibc systems
   --enable-linker-build-id
                           compiler will always pass --build-id to linker
+  --enable-default-ssp    enable Stack Smashing Protection as default
   --enable-maintainer-mode
                           enable make rules and dependencies not useful (and
                           sometimes confusing) to the casual installer
@@ -18341,7 +18344,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 18344 "configure"
+#line 18347 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -18447,7 +18450,7 @@ else
   lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
   lt_status=$lt_dlunknown
   cat > conftest.$ac_ext <<_LT_EOF
-#line 18450 "configure"
+#line 18453 "configure"
 #include "confdefs.h"
 
 #if HAVE_DLFCN_H
@@ -28047,6 +28050,29 @@ $as_echo "#define TARGET_LIBC_PROVIDES_SSP 1" >>confdefs.h
 
 fi
 
+# Check whether --enable-default-ssp was given.
+# Check whether --enable-default-ssp was given.
+if test "${enable_default_ssp+set}" = set; then :
+  enableval=$enable_default_ssp;
+if test x$gcc_cv_libc_provides_ssp = xyes; then
+  case "$target" in
+    ia64*-*-*) enable_default_ssp=no ;;
+    *) enable_default_ssp=$enableval ;;
+  esac
+else
+  enable_default_ssp=no
+fi
+else
+  enable_default_ssp=no
+fi
+
+if test x$enable_default_ssp == xyes ; then
+
+$as_echo "#define ENABLE_DEFAULT_SSP 1" >>confdefs.h
+
+fi
+
+
 # Test for <sys/sdt.h> on the target.
 
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking sys/sdt.h in the target C library" >&5

gcc/configure.ac

@@ -5329,6 +5329,25 @@ if test x$gcc_cv_libc_provides_ssp = xyes; then
 	    [Define if your target C library provides stack protector support])
 fi
 
+# Check whether --enable-default-ssp was given.
+AC_ARG_ENABLE(default-ssp,
+[AS_HELP_STRING([--enable-default-ssp],
+  [enable Stack Smashing Protection as default])],[
+if test x$gcc_cv_libc_provides_ssp = xyes; then
+  case "$target" in
+    ia64*-*-*) enable_default_ssp=no ;;
+    *) enable_default_ssp=$enableval ;;
+  esac
+else
+  enable_default_ssp=no
+fi],
+enable_default_ssp=no)
+if test x$enable_default_ssp == xyes ; then
+  AC_DEFINE(ENABLE_DEFAULT_SSP, 1,
+      [Define if your target supports default stack protector and it is enabled.])
+fi
+AC_SUBST([enable_default_ssp])
+
 # Test for <sys/sdt.h> on the target.
 GCC_TARGET_TEMPLATE([HAVE_SYS_SDT_H])
 AC_MSG_CHECKING(sys/sdt.h in the target C library)

gcc/defaults.h

@@ -1359,6 +1359,18 @@ see the files COPYING3 and COPYING.RUNTIME respectively.  If not, see
 #define STACK_SIZE_MODE word_mode
 #endif
 
+/* Default value for flag_stack_protect when flag_stack_protect is initialized to -1:
+   --enable-default-ssp: Default flag_stack_protect to -fstack-protector-strong.
+   --disable-default-ssp: Default flag_stack_protect to 0.
+ */
+#ifdef ENABLE_DEFAULT_SSP
+# ifndef DEFAULT_FLAG_SSP
+#  define DEFAULT_FLAG_SSP 3
+# endif
+#else
+# define DEFAULT_FLAG_SSP 0
+#endif
+
 /* Provide default values for the macros controlling stack checking.  */
 
 /* The default is neither full builtin stack checking...  */

gcc/doc/install.texi

@@ -1642,6 +1642,9 @@ Using the GNU Compiler Collection (GCC)},
 See ``RS/6000 and PowerPC Options'' in the main manual
 @end ifhtml
 
+@item --enable-default-ssp
+Turn on @option{-fstack-protector-strong} by default.
+
 @item --enable-cld
 This option enables @option{-mcld} by default for 32-bit x86 targets.
 @ifnothtml

gcc/opts.c

@@ -754,6 +754,11 @@ finish_options (struct gcc_options *opts, struct gcc_options *opts_set,
       opts->x_flag_opts_finished = true;
     }
 
+  /* We initialize opts->x_flag_stack_protect to -1 so that targets
+     can set a default value.  */
+  if (opts->x_flag_stack_protect == -1)
+    opts->x_flag_stack_protect = DEFAULT_FLAG_SSP;
+
   if (opts->x_optimize == 0)
     {
       /* Inlining does not work if not optimizing,

gcc/testsuite/ChangeLog

@@ -1,3 +1,9 @@
+2015-08-19  Magnus Granberg  <zorry@gentoo.org>
+
+	* lib/target-supports.exp
+	(check_effective_target_fstack_protector_enabled): New test.
+	* gcc.target/i386/ssp-default.c: New test.
+
 2015-08-19  Mikael Morin  <mikael@gcc.gnu.org>
 
 	PR fortran/66929

gcc/testsuite/gcc.target/i386/ssp-default.c

@@ -0,0 +1,22 @@
+/* { dg-do run { target native } } */
+/* { dg-require-effective-target fstack_protector_enabled } */
+
+#include <stdlib.h>
+
+void
+__stack_chk_fail (void)
+{
+  exit (0); /* pass */
+}
+
+int main ()
+{
+  int i;
+  char foo[255];
+
+  /* smash stack */
+  for (i = 0; i <= 400; i++)
+    foo[i] = 42;
+
+  return 1; /* fail */
+}

gcc/testsuite/lib/target-supports.exp

@@ -1145,6 +1145,17 @@ proc check_effective_target_pie_enabled { } {
     }]
 }
 
+# Return 1 if the target generates -fstack-protector by default.
+
+proc check_effective_target_fstack_protector_enabled {} {
+    return [ check_no_compiler_messages fstack_protector_enabled assembly {
+    #if !defined(__SSP__) && !defined(__SSP_ALL__) && \
+      !defined(__SSP_STRONG__) && !defined(__SSP_EXPICIT__)
+    #error unsupported
+    #endif
+    }]
+}
+
 # Return 1 if the target does not use a status wrapper.
 
 proc check_effective_target_unwrapped { } {