Re: [Tinycc-devel] bounds checking with tcc

[Herman ten Brugge]

I think I have a working patch now. See attachment.
The code runs on i386 and x86_64 on linux for large projects I have.

I found some bugs when updating the i386 code.
The bugs are in the testcases in the patch.
The test/boundtest.c code works for both targets.
See below for the main changes.

I probably need some feedback now.

Regards,

    Herman

On 2019-12-02 22:46, Herman ten Brugge wrote:
> Little updated patch. Still needs more work.
>
> Regards,
>
>     Herman
>
> On 2019-12-02 18:24, Herman ten Brugge wrote:
> > Hello,
> >
> > I did some debugging with bouds-checking and came up with attached 
> > patch.
> > I seriously doubt any one did use bounds checking in a large project 
> > before.
> >
> > Currently I can use this now in a large multi threaded project. It 
> > still needs some more testing so do not apply the patch yet.
> >
> > I disabled some errors. For example if a bounded pointer is not found 
> > I give no error. I also relaxed printing free errors.
> > There were some off by 1 errors in lib/bcheck.c and I needed to make 
> > the code thread safe.
> > I used the patch to not link in libtcc1.a in shared objects when 
> > bounds checking so I have only one memory pool.
> > This has to be documented because you cannot use this with dlopen for 
> > example.
> > I also added the pthread library when bounds checking so it is now 
> > multi threaded.
> > I found another problem with nocode_wanted when using sizeof().
> > Also the push/pop trick needed to push some more registers when more 
> > parameters are passed in registers.
> >
> > I probably forget to mention a lot a other changes. See the patch.
> >
> > I only tested this on linux x86_64. There are for sure problems on 
> > other targets.
> >
> > Regards,
> >
> >     Herman
> >
> >
> > On 2019-11-28 17:41, Michael Matz wrote:
> > > Hello again,
> > >
> > > but to maybe be a bit more constructive:
> > >
> > > On Thu, 28 Nov 2019, Michael Matz wrote:
> > >
> > > > > I fixed this with some push/pop trickery.
> > > I see, yeah, expanding calls during calls is broken as gfunc_call in 
> > > the
> > > generators doesn't generally leave a trace in vtop[] which registers 
> > > are
> > > currently holding values.  I think you only need so push/pop si/di, as
> > > cx/dx aren't used intentionally during reg-param setup.
> > >
> > > (I think i386-gen.c has a simila bug with fastcall functions).
> > >
> > > > > This probably could be
> > > > > improved. I have now added a minimum patch so bounds checking works a
> > > > > little bit. We need still to fix the shared lib reloc problems and 
> > > > > the
> > > > > malloc/free hooks.
> > > > Do we?  Can we perhaps also simply declare bounds checking to work 
> > > > only
> > > > with the main executable?  Or remove that whole feature altogether?
> > > And perhaps another compromise: only conditionally enable tracking of
> > > locals: Invent a new cmdline option (say, '-bb'), which sets
> > > do_bounds_checking to 2.  And only if it's > 1 you would also track
> > > locals, whereas with == 1 you would only track arrays and structs.
> > >
> > > Your decision, I think you can push this patch either with that 
> > > change, or
> > > without (but try to remove cx/dx from the push/pop).  It doesn't 
> > > make tccs
> > > source code larger or uglier in any meaningful way, but does fix 
> > > practical
> > > bugs.
> > >
> > >
> > > Ciao,
> > > Michael.

patch
Description: Text document