Commit Graph

492 Commits

Author SHA1 Message Date
herman ten brugge
0b8ee7364a Add bound checking to arm, arm64 and riscv64
Checked on:
- i386/x86_64 (linux/windows)
- arm/arm64 (rapberry pi)
- riscv64 (simulator)
Not tested for arm softfloat because raspberry pi does not support it.

Modifications:

Makefile:
  add arm-asm.c to arm64_FILES
  add riscv64-asm.c (new file) to riscv64_FILES

lib/Makefile:
  add fetch_and_add_arm.o(new file) to ARM_O
  add fetch_and_add_arm64.o(new file) to ARM64_O
  add fetch_and_add_riscv64.o(new file) to RISCV64_O
  add $(BCHECK_O) to OBJ-arm/OBJ-arm64/OBJ-riscv64

tcc.h:
  Enable CONFIG_TCC_BCHECK for arm32/arm64/riscv64
  Add arm-asm.c, riscv64-asm.c

tcctok.h:
  for arm use memmove4 instead of memcpy4
  for arm use memmove8 instead of memcpy8

tccgen.c:
  put_extern_sym2: for arm check memcpy/memmove/memset/memmove4/memmove8
                   only use alloca for i386/x86_64
  for arm use memmove4 instead of memcpy4
  for arm use memmove8 instead of memcpy8
  fix builtin_frame_address/builtin_return_address for arm/riscv64

tccrun.c:
  Add riscv64 support
  fix rt_getcontext/rt_get_caller_pc for arm

tccelf.c:
  tcc_load_dll: Print filename for bad architecture

libtcc.c:
  add arm-asm.c/riscv64-asm.c

tcc-doc.texi:
  Add arm, arm64, riscv64 support for bound checking

lib/bcheck.c:
  add __bound___aeabi_memcpy/__bound___aeabi_memmove
      __bound___aeabi_memmove4/__bound___aeabi_memmove8
      __bound___aeabi_memset for arm
  call fetch_and_add_arm/fetch_and_add_arm64/fetch_and_add_riscv64
  __bound_init: Fix type for start/end/ad
  __bound_malloc/__bound_memalign/__bound_realloc/__bound_calloc: Use size + 1

arm-gen.c:
  add bound checking code like i386/x86_64
  assign_regs: only malloc if nb_args != 0
  gen_opi/gen_opf: Fix reload problems

arm-link.c:
  relocate_plt: Fix address calculating

arm64-gen.c:
  add bound checking code like i386/x86_64
  load/store: remove VT_BOUNDED from sv->r
  arm64_hfa_aux/arm64_hfa_aux: Fix array code
  gfunc_prolog: only malloc if n != 0

arm64-link.c:
  code_reloc/gotplt_entry_type/relocate: add R_AARCH64_LDST64_ABS_LO12_NC
  relocate: Use addXXle instead of writeXXle

riscv64-gen.c:
  add bound checking code like i386/x86_64
  add NB_ASM_REGS/CONFIG_TCC_ASM

riscv64-link.c:
  relocate: Use addXXle instead of writeXXle

i386-gen.c/x86_64-gen.c
  gen_bounds_epilog: Fix code (unrelated)

tests/Makefile:
  add $(BTESTS) for arm/arm64/riscv64

tests/tests2/Makefile:
  Use 85 only on i386/x86_64 because of asm code
  Use 113 only on i386/x86_64 because of DLL code
  Add 112/114/115/116 for arm/arm64/riscv64
  Fix FILTER (failed on riscv64)

tests/boundtest.c:
  Only use alloca for i386/x86_64
2020-06-16 07:39:48 +02:00
Michael Matz
9eef33993a Fix type compatiblity of enums and ints
an enum must be compatible with one or more integer type,
so adjust the test accordingly.  That means the following
redeclarations should work:

  enum e6 { E1 = -1, E0 };
  void f3(enum e6);
  void f3(int);        // should work as int and e6 are compatible

while the following should not:

  void f4(enum e6 e);
  void f4(unsigned e); // should error as unsigned and e6 are incompatible
2020-06-05 16:02:08 +02:00
Michael Matz
068d5b3d20 pp: Move errors about stray backslashes
they were emitted too early, in particular also in macro
substitution which might turn out to not be stray in case it's
further stringified.  Check in next() instead.  Add two testcases
that an error is still emitted for obvious top-level baskslashes,
and that stringifying such a thing works.
2020-06-03 18:38:11 +02:00
herman ten brugge
3b617fdc53 Add sigsetjmp/siglongjmp bound checking support
tcctok.h:
- Add sigsetjmp/__sigsetjmp/siglongjmp

tccgen.c:
- redirect sigsetjmp/siglongjmp to bcheck.c code

i386-gen.c/x86_64-gen.c
- gcall_or_jmp: Set func_bound_add_epilog also when sigsetjmp is called
- gen_bounds_epilog: Only call __bound_local_new when needed (unrelated)

bcheck.c:
- Add __bound_siglongjmp
- __bound_setjmp/__bound_long_jump: Check no_checking
- Optimize __bound_local_delete (unrelated)

Modify testcase:
- 114_bound_signal
2020-05-25 12:26:55 +02:00
herman ten brugge
b5b92c7d6d Add setjmp/longjmp bound checking support
tcctok.h:
- Add __bound_setjmp/setjmp/_setjmp/longjmp

tccgen.c:
- redirect setjmp/longjmp to bcheck.c code

i386-gen.c/x86_64-gen.c
- Change func_bound_alloca_used into func_bound_add_epilog
- Set func_bound_add_epilog also when setjmp is called

bcheck.c:
- Add __bound_setjmp/__bound_longjmp
- __bound_local_delete: remove setjmp if used in function
- __bound_exit: clear setjmp list and print statistic
- make malloc_redir more readable (unrelated)

New testcases:
- 115_bound_setjmp
- 116_bound_setjmp2
2020-05-23 20:02:41 +02:00
grischka
4429cef9f6 tccgen.c: merge more function attributes
Merge function attributes with those given given for the
prototype, also handle post-decl appearance such as

    void func() __attribute__((noreturn))
    {
    }

Also, some test fixes (unrelated).
2020-05-13 11:39:39 +02:00
grischka
7bb5454ef3 make SILENT=yes
This allows to run make more silently.

Also, turns off debug info for binaries by default,
but adds a switch to get it back easily

    ./configure --debug
2020-05-12 20:35:43 +02:00
herman ten brugge
8370bc03a1 Allow signal handlers when bound checking
Disable generating bound_local_new/bound_local_delete when not needed.
Add new testcase 114_bound_signal.
2020-05-05 08:31:57 +02:00
Michael Matz
2f94390223 musl: disable boundcheck tests
for now that doesn't work with musl libc.
2020-04-15 22:08:18 +02:00
Michael Matz
38ab621b55 Factor out common type combination
as there's overlap between handling types for binary and ternay
operations.  Factor this into a single routine (combine_types).
This uses the structure that gen_op was following, and expr_cond
was using as well in the past, which I find easier to reconvene
with the standard language.  But it reuses the new functions for
diagnostics to improve (a little) on what GCC or clang produce :)
2020-04-15 02:44:12 +02:00
Michael Matz
c085645f98 Expect c99 support in tcctest.c
the support for the macro GCC_MAJOR is gone since 2017, and it's
fairly doubtful that anyone serious is using gcc 2.95.

Also adds a test for the ternary ops typing rules: 'x?bool:bool' has
to promote to int.
2020-04-15 02:28:23 +02:00
Michael Matz
096c93c0c6 Fix interaction of (local) labels and stmt exprs
as per testcase.  We must not reset token.sym_label twice with
kept symbols.  This is no problem for non-label symbols because those
aren't generated on demand when mentioning them.
2020-04-14 22:43:13 +02:00
grischka
6696da2f61 win32: long double as distinct C-type
On windows. there is no long double really IOW it is the
same as double.  However setting the VT_LONG flag in
combination with VT_DOUBLE allows to keep track of the
original type for the purpose of '_Generic() or more
accurate type warnings.
2020-04-11 22:03:09 +02:00
Christian Jullien
5ade19c421 Add a test function which verifies we can pass a struct ptr to va_arg for all supported architectures. The bug has been identify by trying to compile FFTW-3.3.8. 2020-03-22 08:40:35 +01:00
Christian Jullien
ec0e93616f Fix arm64-gen.c when passing a struct ptr to va_arg. 2020-03-22 08:26:03 +01:00
matthias
704b602184 instruduce C2x _Static_assert syntaxe 2020-03-04 11:35:34 +01:00
matthias
cb041f11f6 improve _Static_assert
Fix static assert to support literal string instead of just printing
the sring of the current token as it use to be

so we can now use _Static_assert(0, "0" "1") which will print
__FILE__ __LINE__ error: 01
2020-03-04 11:35:34 +01:00
Udo
9272fac7c4 rework type coercion in ternary expr (a bit) and uncomment previously failing test. Be more explicit in diagnostic messages. 2020-02-17 18:25:43 +01:00
Udo
a9e7fe19c7 extend test 03_struct for attr. __cleanup__ 2020-02-09 18:31:19 +01:00
grischka
7e901299bf Rework expr_infix
- revert const-folding in gvtst() and put it back into
  expr_landor().  Although it did make sense, one reason
  not to do it is __builtin_constant_p() which may return
  true when it shouldn't because of nocode_wanted, see test.

- tccgen_init() can do init_prec(), also for tcc -E.

- for nostalgic reasons, keep the original expression parser
  functions in the source.

- Makefile: remove stale stuff
2020-01-22 21:57:19 +01:00
Michael Matz
aeac24de98 Rework expr_landor
so that it also is called from the precedence parser.  This
is complicated by the fact that something needs to be done before
the second operand is parsed in a single pass compiler, so it
doesn't quite fit into expr_infix itself.  It turns out the smallest
code changes result when expr_landor remains separate.  But it can
be tidied a bit.
2020-01-20 05:48:48 +01:00
grischka
d79e1dee8c backtrace: test with DLLs
- tests2/113_btdll.c: test handling multiple stabs infos
Also:
- libtcc.c: remove _ISOC99_SOURCE pre-defines.  It is causing
  strange warnings such as 'strdup not declared'

- i386/x86_64-gen.c cleanup bounds_pro/epilog.  This discards
  the extra code for main's argv.  If needed, __argv might be
  processed instead.

- tccgen.c:block(): reduce stackspace usage.  For example with
  code like "if (..) ... else if (..) ... else if (..)... "
  considerable numbers of nested block() calls may occur.

  Before that most stack space used when compiling itself was
  for libtcc.c:tcc_set_linker().

  Now it's rather this construct at tccpp.c:2765: in next_nomacro1():

  if (!((isidnum_table[c - CH_EOF] & (IS_ID|IS_NUM))
        || c == '.'
        || ((c == '+' || c == '-')
        ...
2020-01-19 11:46:07 +01:00
Michael Matz
a5f6e6189e Make 112_backtrace/bcheck_123 more robust
the strcat checker first checks dest for overlap, then src.
If the padding byte between b[] and the pad[] arrays happens to be zero
the dest check would have succeeded and the src test failed.  If that
padding byte would be zero the dest check would trigger first.
As we can't influence the padding byte (only the b[] and pad[] arrays)
it was random if the dest or src checks triggered.

This makes it reliably trigger the dest check first.
2020-01-18 03:06:44 +01:00
grischka
2b7cffac74 fixes for previous commit 2020-01-18 01:22:28 +01:00
gr
ef42295fe8 tccrun.c: standalone backtraces with -bt[N] or -b
This makes it possible to get backtraces with executables
(including DLLs/SOs) like we had it already with -g -run.

Option -b includes -bt, and -bt includes -g.

- new file lib/bt-exe.c: used to link rt_printline and the
  exception handler from tccrun.c into executables/DLLs.

- new file lib/bt-log.c: provides a function that may be
  called from user code to print out a backtrace with a
  message (currently for i386/x86_64 only):

     int (*tcc_backtrace)(const char *fmt, ...);

  As an extra hack, if 'fmt' is prefixed like "^file.c^..."
  then the backtrace will skip calls from within 'file.c'.

- new file lib/bt-dll.c:  used on win32 to link the backtrace
  and bcheck functions with the main module at runtime

- bcheck.c: now uses the tcc_backtrace function from above

- tccgen.c: minor cleanups

- tccelf.c: stab sections get SHF_ALLOC for easy access.
  Also in relocate_section(): 64bit relocations for stabs
  in DLLs cannot work.  To find DLL addresses, the DLL base
  is added manually in tccrun.c via rc.prog_base instead.

- tccpe.c: there are some changes to allow merging sections,
  used to merge .finit_array into .data in the first place.

- tccpp.c: tcc -run now #defines __TCC_RUN__
  also: refactor a line in tal_realloc that was incompatible
  with bcheck

- tcctest.c: fixed a problem with r12 which tcc cannot preserve
  as well as gcc does.

- tests2/112_backtrace.c: test the feature and the bcheck test18
  that previously was in boundtest.c
2020-01-17 22:58:39 +01:00
Michael Matz
4a70b2bc2d Fix handling of unevaluated subexpression of const
we were emitting error messages for something like
'static int i = 2 || 1/0', even though the exception would be in
the unevaluated part.  This doesn't destroy const-ness, so we must
accept it.  This requires splitting the nocode_wanted values a bit more,
so that nocode_wanted due to const_wanted can be differentiated from
nocode_wanted due to non-evaluation.
2020-01-15 23:32:40 +01:00
herman ten brugge
3877618785 Update bound checking code.
Add __attribute__((constructor)) to __bounds_init.
- remove tcc_add_bcheck from i386-link.c and x86_64-link.c
- add simplified tcc_add_bcheck to tccelf.c
- Update tccrun.c to call constructor/destructor.
Set dynsym sh_info to number of local symbols in tccelf.c
Reduce stack size when bounds checking is enabled.
Added variable TCC_LIBBCHECK for windows support.
Add signal stack to detect stack overflow.
Add all & parameters in lbound_section and remove them if not used.
Close fd in tcc_relocate in tccrun.c
Fix section type constructor/destructor in tccelf.c
Add check code in tests/boundtest.c for mem/str functions.
Remove -ba from documentation.
Add bounds check signal info in documentation.

bcheck.c:
- Fix initial_pool alignment.
. Fix printf statements.
. Add prototypes for all external interface functions.
- Add TCC_BOUNDS_WARN_POINTER_ADD environment variable.
. Add ctype and errno data.
- Fix alloca when multithreading is used.
- Add lock for __bound_checking and __bound_never_fatal.
- Catch pthread_create and use locks when called.
- Detect in loaded in shared lib and use locks when found
- Use spin locks instead of semaphore locks.
- Make spin locked code as small as possible.
- Fix mem/str functions checking.
- Fix overlap checking mem/str functions.
2020-01-15 08:53:19 +01:00
Michael Matz
f150f93854 Fix the get_asm_string fail on i386 in another way
the problem is that new debian GCC enabled -fPIC or -fPIE by
default, causing the mentioned compile error.
2019-12-17 17:54:54 +01:00
Giovanni Mascellani
43fb5a72e7
tcctest: explain why i386 is not tested 2019-12-17 12:36:02 +01:00
Michael Matz
1d4d74d6d0 Use explicit signed char in char_short_test
as 'char' is unsigned on some architectures, so the tests weren't
testing what they were supposed to.
2019-12-17 04:56:54 +01:00
Michael Matz
c8ca64d28b Adjust return value promotion for some archs
this is a bit complicated: for i386 and x86-64 we really need to
extend return values ourself, as the common code now does.  For arm64
this at least preserves old behaviour.  For riscv64 we don't have to
extend ourself but can expect things to be extended up to int (this
matters for var-args tests, when the sign-extension to int64 needs to
happen explicitely).  As the extensions are useless, don't do them.

And for arm32 we actually can't express GCC behaviour: the callee side
expects the return value to be correctly extended to int32, but
remembers the original type.  In case the ultimate target type for the
call result is only int, no further extension is done.  But in case
the target type is e.g. int64 an extension happens, but not from int32
but from the original type.  We don't know the ultimate target type,
so we have to choose a type to put into vtop:
* original type (plus VT_MUSTCAST) - this looses when the ultimate
  target is int (GCC: no cast, TCC: a cast)
* int (without MUSTCAST) - this looses when the ultimate target is
  int64 (GCC: cast from original type, TCC: cast from int)
This difference can only be seen with undefined sources, like the
testcases, so it doesn't seem worthwhile to try an make it work, just
disable the test on arm and choose the second variant as that generates
less code.
2019-12-17 01:46:06 +01:00
grischka
d30d68d738 #pragma comment(option, "file.c")
This allows adding files or libraries from
   #pragma comment(option, ...)

Also, {f}/file.c will be expanded with the directory of
the current source, that is the file that has the #pragma
2019-12-16 22:48:31 +01:00
grischka
a64353ce71 tccgen.c: generic char/short promotion for function return values 2019-12-16 21:58:32 +01:00
grischka
89372dc482 update gen_cast 2019-12-16 21:37:44 +01:00
grischka
ff3b5ee91c -bench fix
Put total_lines etc. into TCCState.  Also, initialize
the predefined compiler types for the preprocessor too.
tccpe.c: fix BaseOfCode if .init section present (with tcc -b)
2019-12-16 20:17:10 +01:00
Michael Matz
b476a5f478 Readd lost error on local static function decls
see testcase: block scope decls for functions can't use static
(allowed is only extern or none).  This got lost in commit 85690480.
2019-12-16 07:00:26 +01:00
Michael Matz
2fb79a6326 Fix some races
protect some more accesses to global data with the semaphore.
(And for the testcase: don't just write into global data, use local
copies; it's not important for speed here).
2019-12-14 23:58:45 +01:00
grischka
56db092ab7 bcheck cleanup
- revert Makefiles to state before last bcheck additions
  Instead, just load bcheck.o explicitly if that is
  what is wanted.

- move tcc_add_bcheck() to the <target>-link.c files and
  remove revently added arguments.  This function is to
  support tccelf.c with linking, not for tccgen.c to
  support compilation.

- remove -ba option:  It said:
  "-ba  Enable better address checking with bounds checker"
  Okay, if it is better then to have it is not an option.

- remove va_copy. It is C99 and we try to stay C89 in tinycc
  when possible.  For example, MS compilers do not have va_copy.

- win64: revert any 'fixes' to alloca
  It was correct as it was before, except for bound_checking
  where it was not implemented.  This should now work too.

- remove parasitic filename:linenum features
  Such feature is already present with rt_printline in
  tccrun.c.  If it doesn't work it can be fixed.

- revert changes to gen_bounded_ptr_add()
  gen_bounded_ptr_add() was working as it should before
  (mostly).  For the sake of simplicity I switched it to
  CDECL.  Anyway, FASTCALL means SLOWCALL with tinycc.

In exchange you get one addition which is required for
bounds_cnecking function arguments.  The important thing
is to check them *BEFORE* they are loaded into registers.
New function gbound_args() does that.

In any case, code instrumentation with the bounds-check
functions as such now seems to work flawlessly again,
which means when they are inserted as NOPs, any code that
tcc can compile, seems to behave just the same as without
them.

What these functions then do when fully enabled, is a
differnt story.  I did not touch this.
2019-12-14 13:26:18 +01:00
herman ten brugge
39c0ff311d Add new bounds checking functions.
The following functions are now also bounds checked:
memcmp, strncpy, strcmp, strncmp, strcat, strchr, strdup.

Add statistics code for bounds checking functions.
The statistics can be printed by settings environment variable
"TCC_BOUNDS_PRINT_STATISTIC".

Enabled more tests in test/Makefile.
2019-12-12 20:49:35 +01:00
herman ten brugge
4a2e33d160 Update bounds checking.
The bounds checking code has now enabled gen_bounded_ptr_add tests.
This makes the code slower but finds more errors.
I had to correct some things in tcc to make it work.
- Fixed off by one in lib/bcheck.c
- Corrected tccelf.c sym_versions.
- Disabled USE_TAL when using bounds checking.
- Fixed cstr_printf va_start.
- Fixed tests/tests2/46_grep.c off by one error.
- Updated gen_bounded_ptr_add in x86_64-gen.c
- Fixed x86_64-link.c pointer diff.
For gen_vla_alloc now always use alloca call when bounds checking.
Added line/filename in %rax before bound calls to find location of error.
2019-12-12 12:56:06 +01:00
Michael Matz
ce4eafb34f Include some headers in new multi-thread test
for usleep and gettimeofday.
2019-12-12 03:31:21 +01:00
Michael Matz
90e09ed75f Disable thumb code generation on tcctest.gcc
this breaks getting the alignment of functions via bit masking
which we assume to work in one test.
2019-12-12 01:52:50 +01:00
Michael Matz
83f822d0cd Also parse -Dfoo in libtcc_test_mt
otherwise the -DTCC_ARM_VFP doesn't get through.
2019-12-12 01:39:58 +01:00
Michael Matz
8b23662d53 Fix libtcc_test_mt with lib64
we need to pass NATIVE_DEFINES, and we need to actually parse
and pass them into the state.
2019-12-11 17:57:43 +01:00
herman ten brugge
a0bc149b0c Fix bounds checking after concurrently commit 2019-12-11 12:07:48 +01:00
grischka
72729d8e36 allow libtcc states to be used concurrently
This allows creation of TCCStates and operation with API
calls independently from each other, even from threads.

Frontend (option parsing/libtcc.c) and backend (linker/tccelf.c)
now depend only on the TCCState (s1) argument.

Compilation per se (tccpp.c, tccgen.c) is still using
globals for convenience.  There is only one entry point
to this section which is tcc_compile() which is protected
by a semaphore.

There are some hacks involved to avoid too many changes,
as well as some changes in order to avoid too many hacks ;)

The test libtcc_test_mt.c shows the feature.  Except this
new file the patch adds 87 lines overall.
2019-12-11 02:36:19 +01:00
herman ten brugge
88dd577302 Disable bounds_check1_test on arm 2019-12-10 09:39:45 +01:00
herman ten brugge
4461f38a9e Fix bounds checking for linux/windows 2019-12-10 08:07:25 +01:00
herman ten brugge
df72b8d487 Add windows constructor/destructor support 2019-11-27 18:29:12 +01:00
Christian Jullien
25781e4552 Fix float conversion in arm64 backend 2019-11-08 07:55:05 +01:00