[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Bounds mixing non malloced strings is the reason to m

From: Domingo Alvarez Duarte
Subject: Re: [Tinycc-devel] Bounds mixing non malloced strings is the reason to make tests fail on linux 32bits
Date: Sun, 30 Mar 2014 10:02:30 +0100

Thanks for your comments !

Here is a small program that shows how bounds check fails with literals too, due to what we've been discussing do far:
#include <stdlib.h>
#include <stdio.h>

int main(int argc, char **argv)
    printf("Size of \"..\" = %d\n", strlen(".."));

    return 0;
../tcc -B.. -I.. -I.. -I../include -b -DCONFIG_LDDIR="\"lib\"" -DCONFIG_MULTIARCHDIR="\"i386-linux-gnu\"" -DTCC_TARGET_I386 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -b -DCONFIG_LDDIR="\"lib\"" -DCONFIG_MULTIARCHDIR="\"i386-linux-gnu\"" -DTCC_TARGET_I386 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -b -DCONFIG_LDDIR="\"lib\"" -DCONFIG_MULTIARCHDIR="\"i386-linux-gnu\"" -DTCC_TARGET_I386 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -b -run bcheck-test.c 
Runtime error: bad pointer in strlen()
at 0xb75037a0 __bound_strlen()
../libtcc.c:1452: by 0xb74fb232 tcc_set_lib_path() (included from ../tcc.c)
../libtcc.c:1880: by 0xb74fc1b9 tcc_parse_args() (included from ../tcc.c)
../tcc.c:355: by 0xb74fd411 main()

By the way on my linux 32 bits it always never pass make test because of bounds check others pass fine when using "make test -i":
 make test
make -C tests test 'PROGS_CROSS=x86_64-linux-gnu-tcc i386-w64-mingw32-tcc x86_64-w64-mingw32-tcc arm-linux-fpa-tcc arm-linux-fpa-ld-tcc arm-linux-gnu-tcc arm-linux-gnueabi-tcc c67-tcc'
make[1]: Entering directory `/home/mingo/dev/tinycc-dad/tests'
------------ hello-exe ------------
../tcc -B.. -I.. -I.. -I../include ../examples/ex1.c -o hello || (../tcc -vv; exit 1) && ./hello
Hello World
------------ hello-run ------------
../tcc -B.. -I.. -I.. -I../include -run ../examples/ex1.c
Hello World
------------ libtest ------------
./libtcc_test lib_path=..
Hello World!
fib(32) = 2178309
add(32, 64) = 96
------------ test3 ------------
../tcc -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib\"" -DCONFIG_MULTIARCHDIR="\"i386-linux-gnu\"" -DTCC_TARGET_I386 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib\"" -DCONFIG_MULTIARCHDIR="\"i386-linux-gnu\"" -DTCC_TARGET_I386 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -DCONFIG_LDDIR="\"lib\"" -DCONFIG_MULTIARCHDIR="\"i386-linux-gnu\"" -DTCC_TARGET_I386 -DONE_SOURCE -run ../tcc.c -B.. -I.. -I.. -I../include -run tcctest.c > test.out3
Auto Test3 OK
------------ test1b ------------
../tcc -B.. -I.. -I.. -I../include -b -run tcctest.c > test.out1
--- test.ref 2014-03-30 09:47:52.834804132 +0100
+++ test.out1 2014-03-30 10:01:30.806812775 +0100
@@ -538,7 +538,7 @@
 Test C99 VLA 2 (ptrs substract): PASSED
 Test C99 VLA 3 (ptr add): PASSED
 Test C99 VLA 4 (ptr access): PASSED
-Test C99 VLA 5 (bounds checking (might be disabled)): PASSED PASSED PASSED PASSED PASSED PASSED PASSED PASSED 
+Test C99 VLA 5 (bounds checking (might be disabled)): FAILED PASSED FAILED PASSED FAILED PASSED FAILED PASSED 
 sizeof(int) = 4
 sizeof(unsigned int) = 4
 sizeof(long) = 4
make[1]: *** [test1b] Error 1
make[1]: Leaving directory `/home/mingo/dev/tinycc-dad/tests'
make: *** [test] Error 2

On Sun, Mar 30, 2014 at 4:50 AM, Thomas Preudhomme <address@hidden> wrote:
Le 2014-03-30 01:01, Domingo Alvarez Duarte a écrit :

Hello all !

I followed the code and could see that mixing strings malloced and not
malloced by tcc is the reason for the test to fail on linux 32 bits.

Have you tried compiling with -b switch? There is still some bugs in bound checking code.

On that particular case we are mixing a string from program argv[]
with the tcc bounds checking, the later expect all strings to have
been malloced by __bound_malloc that adds an extra byte to the size,
but the strings from program parameters argv[] seem to be allocated
without __bound_malloc and then the false BAD_POINTER is raised.

Who did this ?

Mmmh, that's me. There was bound checking when doing *argv and that made the bound checking work in this case. But indeed, I didn't think about when accessed as array. I fail to see how it could work before. For objects defined in a different compilation unit, there is no way to know if it will be compiled by tcc or not. So either you don't do any bound checking for object not defined within the compilation unit you are compiling, or you do it on all objects but it will fail for those not compiled by tcc.

I was trying to make at least argv and arge work as they are probably the most frequently encountered object comming from outside a program (I assume usually people compile a whole program with tcc). To make it a more general solution we could teach the bound checking code about all the memory region used by libraries and tcc. If a pointer is in program area, normal bound checking occurs, else if it's in a library area it just returns without error and if outside it returns -2 like now. I'll think about how to discover the mapping at runtime and see if I can implement this for 0.9.27.

If we do the tests without compiled tcc by tcc it works fine, I
propose to move those tests to the compiled tcc instead of tcc running
by other tcc.

Certainly not. a test is meant to fail when there is a problem. When that is the case you fix the bug or declare the situation as not supported. I prefer the former.

It sounds a bit crazy but if someone can come in to help clarify this
we can together solve this problem.

See above.



Tinycc-devel mailing list

reply via email to

[Prev in Thread] Current Thread [Next in Thread]