[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] VLAs broken on mob branch
|
From: |
Pip Cet |
|
Subject: |
Re: [Tinycc-devel] VLAs broken on mob branch |
|
Date: |
Tue, 28 Apr 2015 06:41:53 +0000 |
On Tue, Apr 28, 2015 at 5:27 AM, Sergey Korshunoff <address@hidden> wrote:
>> 1..3 tcc, { } block: works
> Can we change a code for the "if", "else", "for", "while" to work as
> there is '{' always present?
No, that's not a good idea. It wouldn't work for switch(), and as far
as I can tell, the code for the 1...3 tcc, { } block case is still
incorrect:
7 char test[argc];
8 if(0) {
0x0000000000400394 <+42>: e9 1c 00 00 00 jmpq 0x4003b5 <f+75>
9 label:
0x0000000000400399 <+47>: 48 89 65 d8 mov %rsp,-0x28(%rbp)
0x000000000040039d <+51>: 48 8b 65 d8 mov -0x28(%rbp),%rsp
10 printf("boom!\n");
0x00000000004003a1 <+55>: 48 8d 05 fc 01 20 00 lea
0x2001fc(%rip),%rax # 0x6005a4 <L.7>
0x00000000004003a8 <+62>: 48 89 c7 mov %rax,%rdi
0x00000000004003ab <+65>: b8 00 00 00 00 mov $0x0,%eax
0x00000000004003b0 <+70>: e8 ab 01 00 00 callq 0x400560 <printf>
11 }
12 goto label;
0x00000000004003b5 <+75>: 48 89 65 d8 mov %rsp,-0x28(%rbp)
0x00000000004003b9 <+79>: 48 8b 65 e0 mov -0x20(%rbp),%rsp
0x00000000004003bd <+83>: eb de jmp 0x40039d <f+51>
So what's happening is that the stack pointer is set to whatever
random pointer happens already to be in -0x28(%rbp), we call printf,
which corrupts some random data by overwriting the bogus "stack
pointer", then we restore the actual stack pointer; so it's not
necessarily a segfault, but random data corruption is even worse!
> PS: patch 4 can be wrong for the case of the multiple VLA declaration
> char vla1[x];
> char vla2[x];
> cahr vla3[x];
>
> As I understand, SP will be saved only after vla1.
Do you have an actual example of incorrect code being generated or are
you just speculating? That code works fine here, so I wonder what's
different for you.
Note that this code currently causes a segfault, rather than correctly
throwing a compiler error as GCC does:
void f(int argc)
{
if(0) {
char test[argc];
label:
printf("boom!\n");
}
goto label;
}
I'm thinking about how to fix that case, but again, that's another bug.
- Re: [Tinycc-devel] VLAs broken on mob branch, (continued)
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/25
- Re: [Tinycc-devel] VLAs broken on mob branch, Pip Cet, 2015/04/25
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/25
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/26
- Re: [Tinycc-devel] VLAs broken on mob branch, Pip Cet, 2015/04/27
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/27
- Re: [Tinycc-devel] VLAs broken on mob branch, Pip Cet, 2015/04/27
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/27
- Re: [Tinycc-devel] VLAs broken on mob branch, Pip Cet, 2015/04/27
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/28
- Re: [Tinycc-devel] VLAs broken on mob branch,
Pip Cet <=
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/28
- Re: [Tinycc-devel] VLAs broken on mob branch, Pip Cet, 2015/04/28
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/28
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/28
- Re: [Tinycc-devel] VLAs broken on mob branch, Pip Cet, 2015/04/28
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/28
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/29
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/29
- Re: [Tinycc-devel] VLAs broken on mob branch, Sergey Korshunoff, 2015/04/29
- Re: [Tinycc-devel] VLAs broken on mob branch, Pip Cet, 2015/04/29