| blob | 11b1f391d5642ca991889f5b9171b14d1a745e2f |
1 /*
2 * Tiny C Memory and bounds checker
3 *
4 * Copyright (c) 2002 Fabrice Bellard
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 */
20 #include <stdlib.h>
21 #include <stdio.h>
22 #include <stdarg.h>
23 #include <string.h>
24 #ifndef __FreeBSD__
25 #include <malloc.h>
26 #endif
28 //#define BOUND_DEBUG
30 /* define so that bound array is static (faster, but use memory if
31 bound checking not used) */
32 //#define BOUND_STATIC
34 /* use malloc hooks. Currently the code cannot be reliable if no hooks */
35 #define CONFIG_TCC_MALLOC_HOOKS
37 #define HAVE_MEMALIGN
39 #ifdef __FreeBSD__
40 #warning Bound checking not fully supported on FreeBSD
41 #undef CONFIG_TCC_MALLOC_HOOKS
42 #undef HAVE_MEMALIGN
43 #endif
45 #define BOUND_T1_BITS 13
46 #define BOUND_T2_BITS 11
47 #define BOUND_T3_BITS (32 - BOUND_T1_BITS - BOUND_T2_BITS)
49 #define BOUND_T1_SIZE (1 << BOUND_T1_BITS)
50 #define BOUND_T2_SIZE (1 << BOUND_T2_BITS)
51 #define BOUND_T3_SIZE (1 << BOUND_T3_BITS)
52 #define BOUND_E_BITS 4
54 #define BOUND_T23_BITS (BOUND_T2_BITS + BOUND_T3_BITS)
55 #define BOUND_T23_SIZE (1 << BOUND_T23_BITS)
58 /* this pointer is generated when bound check is incorrect */
59 #define INVALID_POINTER ((void *)(-2))
60 /* size of an empty region */
61 #define EMPTY_SIZE 0xffffffff
62 /* size of an invalid region */
63 #define INVALID_SIZE 0
72 /* external interface */
77 /* currently, tcc cannot compile that because we use unsupported GNU C
78 extensions */
79 #if !defined(__TINYC__)
89 #endif
100 #ifdef CONFIG_TCC_MALLOC_HOOKS
105 #endif
107 /* linker definitions */
110 /* TCC definitions */
112 /* error message, just for TCC */
115 /* runtime error output */
118 #ifdef BOUND_STATIC
120 #else
122 #endif
127 {
136 /* put region at the head */
144 }
146 }
147 /* no entry found: return empty entry or invalid entry */
150 else
152 }
154 /* print a bound error message */
156 {
159 }
162 {
164 }
166 /* currently, tcc cannot compile that because we use GNUC extensions */
167 #if !defined(__TINYC__)
169 /* return '(p + offset)' for pointer arithmetic (a pointer can reach
170 the end of a region in this case */
172 {
175 #if defined(BOUND_DEBUG)
177 #endif
187 }
192 }
194 /* return '(p + offset)' for pointer indirection (the resulting must
195 be strictly inside the region */
196 #define BOUND_PTR_INDIR(dsize) \
197 void *__bound_ptr_indir ## dsize (void *p, int offset) \
198 { \
199 unsigned long addr = (unsigned long)p; \
200 BoundEntry *e; \
201 \
202 e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)]; \
203 e = (BoundEntry *)((char *)e + \
204 ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & \
205 ((BOUND_T2_SIZE - 1) << BOUND_E_BITS))); \
206 addr -= e->start; \
207 if (addr > e->size) { \
208 e = __bound_find_region(e, p); \
209 addr = (unsigned long)p - e->start; \
210 } \
211 addr += offset + dsize; \
212 if (addr > e->size) \
214 return p + offset; \
215 }
217 #ifdef __i386__
218 /* return the frame pointer of the caller */
219 #define GET_CALLER_FP(fp)\
220 {\
221 unsigned long *fp1;\
223 fp = fp1[0];\
224 }
225 #else
226 #error put code to extract the calling frame pointer
227 #endif
229 /* called when entering a function to add all the local regions */
231 {
242 }
243 }
245 /* called when leaving a function to delete all the local regions */
247 {
257 }
258 }
260 #else
263 {
264 }
266 {
267 }
270 {
272 }
274 #define BOUND_PTR_INDIR(dsize) \
275 void *__bound_ptr_indir ## dsize (void *p, int offset) \
276 { \
277 return p + offset; \
278 }
279 #endif
289 {
297 /* put empty entries */
302 }
304 }
306 /* currently we use malloc(). Should use bound_new_page() */
308 {
312 }
315 {
317 }
320 {
324 /* create a new page if necessary */
327 }
329 }
331 /* mark a region as being invalid (can only be used during init) */
333 {
344 else
347 #if 0
349 #endif
351 /* first we handle full pages */
363 }
370 }
371 }
374 }
380 }
381 }
382 }
383 }
386 {
392 /* save malloc hooks and install bound check hooks */
395 #ifndef BOUND_STATIC
399 #endif
403 }
407 /* put invalid entries */
412 }
415 /* invalid pointer zone */
420 #if !defined(__TINYC__) && defined(CONFIG_TCC_MALLOC_HOOKS)
421 /* malloc zone is also marked invalid. can only use that with
422 hooks because all libs should use the same malloc. The solution
423 would be to build a new malloc for tcc. */
427 #endif
429 /* add all static bound check values */
434 }
435 }
439 {
442 /* no region : add it */
446 /* already regions in the list: add it at the head */
454 }
455 }
457 /* create a new region. It should not already exist in the region list */
459 {
469 /* start */
475 #ifdef BOUND_DEBUG
478 #endif
484 /* same ending page */
487 e++;
491 }
493 }
495 /* mark until end of page */
497 e++;
501 }
502 /* mark intermediate pages, if any */
509 }
510 }
511 /* last page */
517 }
519 }
520 }
522 /* delete a region */
525 {
532 /* region found is first one */
535 /* no more region: mark it empty */
539 /* copy next region in head */
544 }
546 /* find the matching region */
550 /* region not found: do nothing */
555 /* found: remove entry */
559 }
560 }
561 }
562 }
564 /* WARNING: 'p' must be the starting point of the region. */
565 /* return non zero if error */
567 {
577 /* find region size */
583 /* test if invalid region */
586 /* compute the size we put in invalid regions */
589 else
594 /* now we can free each entry */
601 /* same ending page */
604 e++;
608 }
610 }
612 /* mark until end of page */
614 e++;
618 }
619 /* mark intermediate pages, if any */
620 /* XXX: should free them */
627 }
628 }
629 /* last page */
635 }
637 }
639 }
641 /* return the size of the region starting at p, or EMPTY_SIZE if non
642 existant region. */
644 {
658 }
660 /* patched memory functions */
663 {
664 #ifdef CONFIG_TCC_MALLOC_HOOKS
673 #endif
674 }
677 {
678 #ifdef CONFIG_TCC_MALLOC_HOOKS
683 #endif
684 }
687 {
693 }
696 {
700 }
702 /* XXX: we should use a malloc which ensure that it is unlikely that
703 two malloc'ed data have the same address if 'free' are made in
704 between. */
706 {
709 /* we allocate one more byte to ensure the regions will be
710 separated by at least one byte. With the glibc malloc, it may
711 be in fact not necessary */
718 }
721 {
726 #ifndef HAVE_MEMALIGN
728 /* XXX: handle it ? */
731 /* we suppose that malloc aligns to at least four bytes */
733 }
734 #else
735 /* we allocate one more byte to ensure the regions will be
736 separated by at least one byte. With the glibc malloc, it may
737 be in fact not necessary */
739 #endif
747 }
750 {
757 }
760 {
777 }
778 }
780 #ifndef CONFIG_TCC_MALLOC_HOOKS
782 {
790 }
791 #endif
793 #if 0
795 {
804 /* do not print invalid or empty entries */
814 }
815 }
816 }
817 }
818 #endif
820 /* some useful checked functions */
822 /* check that (p ... p + size - 1) lies inside 'p' region, if any */
824 {
830 }
833 {
836 /* check also region overlap */
840 }
843 {
847 }
850 {
853 }
855 /* XXX: could be optimized */
857 {
868 len++;
869 }
871 }
874 {
878 }