reproduce bug:
$ ./configure --cc=gcc
$ make
$ make install
(OK)
run a test:
extern int printf(const char *str, ...);
int main()
{
int t2 = (int)(-1.847759065f * 4096);
printf("%d\n", t2);
}
$ tcc test.c
$ ./a.out
$ -7568
(OK)
(self compiled now)
$ ./configure --cc=tcc
$ make
$ make install
(OK)
$ tcc test.c
$ ./a.out
$ 7568
(WRONG!!!)
why:
gcc does not have intristics for
uint to long double conversion
therefore it does cast implicitly, so
the sign bit is preserved, but this does
not happen when __fixunsxfdi is called
because tcc was bootstrapped.
solution:
force cast to int64 and preserve the
sign bit.
side effects:
not found.
The BOUNDS_CHECKING_ON/BOUNDS_CHECKING_OFF is not working for
signal/sigaction/fork. The reason is that the code stops bound checking
for the whole application. This result in wrong handling of
__bound_local_new/__bound_local_delete and malloc/calloc/realloc/free.
Consider the following code:
void tst(int n) {
int i, arr[n];
for (i = 0; i < n; i++) arr[i] = 0;
}
void *some_thread(void *dummy) {
while (running) { tst(10); tst(20); }
}
void signal_handler(int sig) { ... }
When the signal handler is called the some_thread code can be interrupted when
is just registered the arr[10] data. When the signal handler is leaved the
arr[10] is still registered and did not see the call to deregister arr[10] and
then register arr[20]. The code resumes when tst(20) is running. This results
in a bound checking error when i >= 10.
To solve the above problem I changed the bound checking code to use
tls (thread local storage) for the no_checking variable.
This also makes it now possible to redirect signal/sigaction/fork code
through the bound checking library and disable checking when a signal is
running and to correct the bounds_sem for the fork child process.
The BOUNDS_CHECKING_ON/BOUNDS_CHECKING_OFF is not needed any more for
signal/sigaction/fork. In fact I could remove them from all my applications.
The use of the tls function code slows down the code by about 10%.
So if the slowdown due to bound checking was 5. It is now 5.5 times slower.
For x86_64/i386 I also allowed to use __thread variable in bcheck.c when
compiled with gcc with:
make x86_64-libtcc1-usegcc=yes
make i386-libtcc1-usegcc=yes
This makes code run faster due to use of gcc and __thread variable.
With the __thread variable there is no 10% slowdown.
For other targets this does not work because stabs is not supported.
Changes:
lib/bcheck.c:
- Add TRY_SEM
- Add HAVE_SIGNAL/HAVE_SIGACTION/HAVE_FORK/HAVE_TLS_FUNC/HAVE_TLS_VAR
- HAVE_SIGNAL: redirect signal() call if set.
- HAVE_SIGACTION: redirect sigaction() call if set.
- HAVE_FORK: redirect fork() call if set.
- HAVE_TLS_FUNC: If target has tls function calls.
- HAVE_TLS_VAR: If target has __thread tls support.
- Replace all no_checking refecrences to NO_CHECKING_SET/NO_CHECKING_GET macros
tcc-doc.texi:
- Remove examples for signal/sigaction/fork code.
- Add some explanation for signal/sigaction/fork code.
- Add documentaion for __bounds_checking().
tccelf.c:
- Add support for SHF_TLS
tests/tests2/114_bound_signal.c:
- Remove BOUNDS_CHECKING_ON/BOUNDS_CHECKING_OFF
- Add code to trigger failure when tls is not working.
x86_64-link.c:
- Add support for R_X86_64_TLSGD/R_X86_64_TLSLD/R_X86_64_DTPOFF32/R_X86_64_TPOFF32
i386-link.c:
- Add support for R_386_TLS_GD/R_386_TLS_LDM/R_386_TLS_LDO_32/R_386_TLS_LE
This allows for example this scenario:
- A dll to be linked with is specified in file.c, where file.c
and the dll exist in the same directory:
#pragma comment(lib, "txml")
#pragma comment(option, "-L{f}")
- tcc is called to run file.c from other, varying directories:
$ tcc -run some/dir/file.c <args...>
Note that tcc replaces {f} by the currently compiled file's
directory ('some/dir' in this example).
Also:
- tccgen.c: fix last commit for gen_cast.
Please respect some conventions:
- tests2 filenames don't end with '..._test'
- tests2 tests are meant to produce some output
- the output should be somehow informative, not just
"error" or "dummy". Because other people would want to
know where it fails if it does.
- tests2 tests should work with both GCC and TCC, except
if there are specifc reasons (like testing tcc-only
feature such as bounds checking)
- tests2 tests should never crash or abort. Because that
would cause gui dialogs to pop up on windows, and because
other people would not know where it fails if it does.
- tests2 tests should be somehow specific, in general.
(rather than just collections of random stuff)
- in general, do not use 'long' if you mean 'larger than int'
Because it isn't on many platforms.
- use four (4) spaces for block indention. Do not insert
tab characters in files if possible.
Also:
- tccgen.c:gen_cast() simplify last fix.
Providing both run-time and compile-time control for bounds
checking as an user interface appears unnecessary and confusing.
Also:
- replace 'bound_...' by 'bounds_...' for consistency
- tcc-doc: put related info into one place and cleanup
The __bounds_checking(x) function is still missing explanation.
(I.e. what happens if the accumulated value drops below zero.)
The switch/case operation was entirely performed on int64_t, resulting
in a warning and bad code to be emitted on 64 bit machines when used on
an unsigned long with a case range whose signed representation starts
positive and ends negative like in the example below:
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
int nbdg(unsigned long n)
{
switch (n) {
case 1UL ... 9UL: return 1;
case 10UL ... 99UL: return 2;
case 100UL ... 999UL: return 3;
case 1000UL ... 9999UL: return 4;
case 10000UL ... 99999UL: return 5;
case 100000UL ... 999999UL: return 6;
case 1000000UL ... 9999999UL: return 7;
case 10000000UL ... 99999999UL: return 8;
case 100000000UL ... 999999999UL: return 9;
case 1000000000UL ... 9999999999UL: return 10;
case 10000000000UL ... 99999999999UL: return 11;
case 100000000000UL ... 999999999999UL: return 12;
case 1000000000000UL ... 9999999999999UL: return 13;
case 10000000000000UL ... 99999999999999UL: return 14;
case 100000000000000UL ... 999999999999999UL: return 15;
case 1000000000000000UL ... 9999999999999999UL: return 16;
case 10000000000000000UL ... 99999999999999999UL: return 17;
case 100000000000000000UL ... 999999999999999999UL: return 18;
case 1000000000000000000UL ... 9999999999999999999UL: return 19; // this one
case 10000000000000000000UL ... ULONG_MAX: return 20;
}
return 0;
}
int main(int argc, char **argv)
{
unsigned long v = strtoul(argc > 1 ? argv[1] : "1111", NULL, 0);
printf("%lu : %d\n", v, nbdg(v));
return 0;
}
$ tcc dg.c
dg.c:26: warning: empty case range
$ x="";for i in 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0; do x=$x$i; ./a.out $x;done
1 : 1
12 : 2
123 : 3
1234 : 4
12345 : 5
123456 : 6
1234567 : 7
12345678 : 8
123456789 : 9
1234567890 : 10
12345678901 : 11
123456789012 : 12
1234567890123 : 13
12345678901234 : 14
123456789012345 : 15
1234567890123456 : 16
12345678901234567 : 17
123456789012345678 : 18
1234567890123456789 : 0
12345678901234567890 : 20
What this patch does is to use a separate set of signed and unsigned
case_cmp functions depending on whether the expression is signed or
unsigned, and also does this to decide when to emit the warning.
The bad code on output was caused by the removal of the unsigned bit
resulting from the signed sort, which causes only signed comparisons
to be emitted in the asm code. As such some sets could not match.
Note that there is no way to rely on the values only to sort properly
nor to emit the warning because we're effectively dealing with 65-bit
arithmetic here and any two values will have a different behavior
depending on the signed or unsigned expectation.
For unsigned expressions now the warning only happens when bounds are
switched, For signed expressions (e.g. if the input is signed long
above), the warning remains and the abnormal output as well. In both
cases this remains consistent with what gcc produces.
tcctok.h:
- Add CONFIG_TCC_BCHECK arround TOK_NO_BOUND_CHECK1/TOK_NO_BOUND_CHECK2
tccgen.c:
- Add CONFIG_TCC_BCHECK arround TOK_NO_BOUND_CHECK1/TOK_NO_BOUND_CHECK2
- Undo alias definition in tccpp.c when function bound checking if off
tests/tests2/114_bound_signal.c:
- Test alias undo
- fix sleep problem
Most support was already present.
arm-link.c:
- set RELOCATE_DLLPLT to 1
- create_plt_entry:
- remove DLLs unimplemented!
- leave code gen to relocate_plt. only set got_offset
- relocate_plt:
- create code for got entry
- relocate:
- Add TCC_OUTPUT_DLL for R_ARM_ABS32
tccelf.c:
- prepare_dynamic_rel:
- Add R_ARM_ABS32
- alloc_sec_names:
- Always add SHT_ARM_ATTRIBUTES section
- New function create_arm_attribute_section
- elf_output_file:
- call create_arm_attribute_section
The load/store code is optimized to make better use of the offsets
present in the load/store instructions.
Also use GOT reloc's instead of ABS64 relocs.
arm64-gen.c/arm64_check_offset:
- New function to split offset used by load/store and by arm64_sym.
arm64-gen.c/arm64_sym:
- Use GOT reloc's instead of ABS64 relocs.
arm64-gen.c/load arm64-gen.c/store:
- Use new arm64_check_offset function.
arm64-gen.c/gen_bounds_prolog arm64-gen.c/gen_bounds_epilog:
- Use GOT reloc's instaed of ABS64 relocs.
old qemu (before april 2020) have a bug in the layout of
struct ucontext, so we get invalid values under qemu-userspace emulation
when inspecting the signal context. Try to recognize this and
graciously error out instead of segfaulting in the backtracer routines.
found in mpfr. Expressions like "(longlong)i <= MAX_ULONGLONG" are
always true (not yet short-circuited in tcc), but still need to be
handled correctly in the backends.
The orignal code does:
push eax/edx/size
call alloca
pop eax/edx/size
The pop does not work because the stack pointer has changed.
To make this also work with bound checking the code is now
using the stack probing from alloca.