PATCH: Fix assorted bounds violations

Greg McGary greg@mcgary.org
Wed Aug 23 14:27:00 GMT 2000


Jeffrey A Law <law@cygnus.com> writes:

>   > 	* cpplex.c (_cpp_expand_name_space): Handle bounded pointers.
> I'd *really* like to avoid having a bunch of #if thingies in the tree.
> What's the fundamental problem you're trying to address with this change.?

A buffer is being expanded via realloc, possibly changing location.
There is a bunch of other pointers that are seated within that buffer,
so they must move as well.  In the BP case, besides the pointer values
there are high and low bounds which also point within the buffer.  The
low bounds must move in a fashion parallel to the pointer values, and
the high bounds must move as well as expand to encompass the
additional space.

I'm not happy about #ifs either, but this is soft of thing doesn't
occur often.  Would you prefer a MOVE_POINTER macro, or some such that
is conditionally defined on __BOUNDED_POINTERS__?  I would have done
that if there were two places in the code that did this (actually, if
you count fixinc/gnu-regex.c, there are two places).

This brings up a larger packaging question.  Right now, glibc has some
BP-specific files sysdeps/generic/bp-checks.h,
sysdeps/generic/bp-sym.h, and sysdeps/<arch>/bp-asm.h which contain
macro definitions conditional on __BOUNDED_POINTERS__ for manipulating
BPs and generating explicit checks.  I think most or all of the
contents of those files would better be placed in a gcc-exported
header, for the same reasons that stdarg.h, varargs.h and va-*.h are
exported by the gcc installation.

>   > 	* ggc-page.c (ggc_alloc): Set bounds of allocated objects.
> Similarly.

Bounds need to be set at the time a pointer is assigned.  If we're
taking the address of an object, gcc can synthesize the bounds based
on the referent object's decl.  Storage allocators, OTOH, must
explicitly set bounds based on the size they were requested to
allocate.  

>   > 	* tree.h (struct tree_int_cst): Wrap low and high in a sub-struct
>   > 	so that we can address them together with proper bounds.
>   > 	(TREE_INT_CST_LOW, TREE_INT_CST_HIGH): Access through sub-struct.
>   > 	(TREE_INT_CST): Add macro.
>   > 	* varasm.c (const_hash, compare_constant_1, record_constant_1):
>   > 	Use new macro TREE_INT_CST.
> Sorry, I don't see how having a sub-structure helps you.  Can you please
> explain what you're trying to do?  Not rejecting, just requesting more
> info.

&TREE_INT_CST_LOW (t) yields the address of a single scalar, and the
bounds of a pointer to it covers only that single scalar.  (same for
TREE_INT_CST_HIGH)

&TREE_INT_CST (t) yields the address of a structure of two scalars
and the bounds of a pointer to it cover both.

The code in varasm.c wants to access as a char* the entire const's
value, both high & low parts.  If you just take the address of the low
part, you blow the bounds when the char* crosses over into the high part.

Perhaps I need to add some comments?  On the one hand, such comments
would have been useful for you, on the other hand, once you have an
adequate mental model of how BPs behave, such comments might seem as
inane as:

	i++ // increment i

8^)

Greg


More information about the Gcc-patches mailing list