Home Explore Help
Sign In
levovix
/
Nim
mirror of https://github.com/nim-lang/Nim
Watch 1
Star 0
Fork 1
Files Issues 0 Wiki
Branch: memregions
Branches Tags
Nim
/
tinyc
/
lib
/
bcheck.c

bcheck.c 24 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869 
  1. /*
    2. 

  2.  *  Tiny C Memory and bounds checker
    3. 

  3.  * 
    4. 

  4.  *  Copyright (c) 2002 Fabrice Bellard
    5. 

  5.  *
    6. 

  6.  * This library is free software; you can redistribute it and/or
    7. 

  7.  * modify it under the terms of the GNU Lesser General Public
    8. 

  8.  * License as published by the Free Software Foundation; either
    9. 

  9.  * version 2 of the License, or (at your option) any later version.
    10. 

  10.  *
    11. 

  11.  * This library is distributed in the hope that it will be useful,
    12. 

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    13. 

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    14. 

  14.  * Lesser General Public License for more details.
    15. 

  15.  *
    16. 

  16.  * You should have received a copy of the GNU Lesser General Public
    17. 

  17.  * License along with this library; if not, write to the Free Software
    18. 

  18.  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
    19. 

  19.  */
    20. 

  20. #include <stdlib.h>
    21. 

  21. #include <stdio.h>
    22. 

  22. #include <stdarg.h>
    23. 

  23. #include <string.h>
    24. 

  24. #if !defined(__FreeBSD__) && !defined(__DragonFly__) && !defined(__OpenBSD__)
    25. 

  25. #include <malloc.h>
    26. 

  26. #endif
    27. 

  27. 

  28. //#define BOUND_DEBUG
    29. 

  29. 

  30. /* define so that bound array is static (faster, but use memory if
    31. 

  31.    bound checking not used) */
    32. 

  32. //#define BOUND_STATIC
    33. 

  33. 

  34. /* use malloc hooks. Currently the code cannot be reliable if no hooks */
    35. 

  35. #define CONFIG_TCC_MALLOC_HOOKS
    36. 

  36. 

  37. #define HAVE_MEMALIGN
    38. 

  38. 

  39. #if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__dietlibc__) \
    40. 

  40.     || defined(__UCLIBC__) || defined(__OpenBSD__)
    41. 

  41. #warning Bound checking not fully supported in this environment.
    42. 

  42. #undef CONFIG_TCC_MALLOC_HOOKS
    43. 

  43. #undef HAVE_MEMALIGN
    44. 

  44. #endif
    45. 

  45. 

  46. #define BOUND_T1_BITS 13
    47. 

  47. #define BOUND_T2_BITS 11
    48. 

  48. #define BOUND_T3_BITS (32 - BOUND_T1_BITS - BOUND_T2_BITS)
    49. 

  49. 

  50. #define BOUND_T1_SIZE (1 << BOUND_T1_BITS)
    51. 

  51. #define BOUND_T2_SIZE (1 << BOUND_T2_BITS)
    52. 

  52. #define BOUND_T3_SIZE (1 << BOUND_T3_BITS)
    53. 

  53. #define BOUND_E_BITS  4
    54. 

  54. 

  55. #define BOUND_T23_BITS (BOUND_T2_BITS + BOUND_T3_BITS)
    56. 

  56. #define BOUND_T23_SIZE (1 << BOUND_T23_BITS)
    57. 

  57. 

  58. 

  59. /* this pointer is generated when bound check is incorrect */
    60. 

  60. #define INVALID_POINTER ((void *)(-2))
    61. 

  61. /* size of an empty region */
    62. 

  62. #define EMPTY_SIZE        0xffffffff
    63. 

  63. /* size of an invalid region */
    64. 

  64. #define INVALID_SIZE      0
    65. 

  65. 

  66. typedef struct BoundEntry {
    67. 

  67.     unsigned long start;
    68. 

  68.     unsigned long size;
    69. 

  69.     struct BoundEntry *next;
    70. 

  70.     unsigned long is_invalid; /* true if pointers outside region are invalid */
    71. 

  71. } BoundEntry;
    72. 

  72. 

  73. /* external interface */
    74. 

  74. void __bound_init(void);
    75. 

  75. void __bound_new_region(void *p, unsigned long size);
    76. 

  76. int __bound_delete_region(void *p);
    77. 

  77. 

  78. #define FASTCALL __attribute__((regparm(3)))
    79. 

  79. 

  80. void *__bound_malloc(size_t size, const void *caller);
    81. 

  81. void *__bound_memalign(size_t size, size_t align, const void *caller);
    82. 

  82. void __bound_free(void *ptr, const void *caller);
    83. 

  83. void *__bound_realloc(void *ptr, size_t size, const void *caller);
    84. 

  84. static void *libc_malloc(size_t size);
    85. 

  85. static void libc_free(void *ptr);
    86. 

  86. static void install_malloc_hooks(void);
    87. 

  87. static void restore_malloc_hooks(void);
    88. 

  88. 

  89. #ifdef CONFIG_TCC_MALLOC_HOOKS
    90. 

  90. static void *saved_malloc_hook;
    91. 

  91. static void *saved_free_hook;
    92. 

  92. static void *saved_realloc_hook;
    93. 

  93. static void *saved_memalign_hook;
    94. 

  94. #endif
    95. 

  95. 

  96. /* linker definitions */
    97. 

  97. extern char _end;
    98. 

  98. 

  99. /* TCC definitions */
    100. 

  100. extern char __bounds_start; /* start of static bounds table */
    101. 

  101. /* error message, just for TCC */
    102. 

  102. const char *__bound_error_msg;
    103. 

  103. 

  104. /* runtime error output */
    105. 

  105. extern void rt_error(unsigned long pc, const char *fmt, ...);
    106. 

  106. 

  107. #ifdef BOUND_STATIC
    108. 

  108. static BoundEntry *__bound_t1[BOUND_T1_SIZE]; /* page table */
    109. 

  109. #else
    110. 

  110. static BoundEntry **__bound_t1; /* page table */
    111. 

  111. #endif
    112. 

  112. static BoundEntry *__bound_empty_t2;   /* empty page, for unused pages */
    113. 

  113. static BoundEntry *__bound_invalid_t2; /* invalid page, for invalid pointers */
    114. 

  114. 

  115. static BoundEntry *__bound_find_region(BoundEntry *e1, void *p)
    116. 

  116. {
    117. 

  117.     unsigned long addr, tmp;
    118. 

  118.     BoundEntry *e;
    119. 

  119. 

  120.     e = e1;
    121. 

  121.     while (e != NULL) {
    122. 

  122.         addr = (unsigned long)p;
    123. 

  123.         addr -= e->start;
    124. 

  124.         if (addr <= e->size) {
    125. 

  125.             /* put region at the head */
    126. 

  126.             tmp = e1->start;
    127. 

  127.             e1->start = e->start;
    128. 

  128.             e->start = tmp;
    129. 

  129.             tmp = e1->size;
    130. 

  130.             e1->size = e->size;
    131. 

  131.             e->size = tmp;
    132. 

  132.             return e1;
    133. 

  133.         }
    134. 

  134.         e = e->next;
    135. 

  135.     }
    136. 

  136.     /* no entry found: return empty entry or invalid entry */
    137. 

  137.     if (e1->is_invalid)
    138. 

  138.         return __bound_invalid_t2;
    139. 

  139.     else
    140. 

  140.         return __bound_empty_t2;
    141. 

  141. }
    142. 

  142. 

  143. /* print a bound error message */
    144. 

  144. static void bound_error(const char *fmt, ...)
    145. 

  145. {
    146. 

  146.     __bound_error_msg = fmt;
    147. 

  147.     *(int *)0 = 0; /* force a runtime error */
    148. 

  148. }
    149. 

  149. 

  150. static void bound_alloc_error(void)
    151. 

  151. {
    152. 

  152.     bound_error("not enough memory for bound checking code");
    153. 

  153. }
    154. 

  154. 

  155. /* currently, tcc cannot compile that because we use GNUC extensions */
    156. 

  156. #if !defined(__TINYC__)
    157. 

  157. 

  158. /* return '(p + offset)' for pointer arithmetic (a pointer can reach
    159. 

  159.    the end of a region in this case */
    160. 

  160. void * FASTCALL __bound_ptr_add(void *p, int offset)
    161. 

  161. {
    162. 

  162.     unsigned long addr = (unsigned long)p;
    163. 

  163.     BoundEntry *e;
    164. 

  164. #if defined(BOUND_DEBUG)
    165. 

  165.     printf("add: 0x%x %d\n", (int)p, offset);
    166. 

  166. #endif
    167. 

  167. 

  168.     e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)];
    169. 

  169.     e = (BoundEntry *)((char *)e + 
    170. 

  170.                        ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    171. 

  171.                         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS)));
    172. 

  172.     addr -= e->start;
    173. 

  173.     if (addr > e->size) {
    174. 

  174.         e = __bound_find_region(e, p);
    175. 

  175.         addr = (unsigned long)p - e->start;
    176. 

  176.     }
    177. 

  177.     addr += offset;
    178. 

  178.     if (addr > e->size)
    179. 

  179.         return INVALID_POINTER; /* return an invalid pointer */
    180. 

  180.     return p + offset;
    181. 

  181. }
    182. 

  182. 

  183. /* return '(p + offset)' for pointer indirection (the resulting must
    184. 

  184.    be strictly inside the region */
    185. 

  185. #define BOUND_PTR_INDIR(dsize)                                          \
    186. 

  186. void * FASTCALL __bound_ptr_indir ## dsize (void *p, int offset)        \
    187. 

  187. {                                                                       \
    188. 

  188.     unsigned long addr = (unsigned long)p;                              \
    189. 

  189.     BoundEntry *e;                                                      \
    190. 

  190.                                                                         \
    191. 

  191.     e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)];            \
    192. 

  192.     e = (BoundEntry *)((char *)e +                                      \
    193. 

  193.                        ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) &      \
    194. 

  194.                         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS)));        \
    195. 

  195.     addr -= e->start;                                                   \
    196. 

  196.     if (addr > e->size) {                                               \
    197. 

  197.         e = __bound_find_region(e, p);                                  \
    198. 

  198.         addr = (unsigned long)p - e->start;                             \
    199. 

  199.     }                                                                   \
    200. 

  200.     addr += offset + dsize;                                             \
    201. 

  201.     if (addr > e->size)                                                 \
    202. 

  202.         return INVALID_POINTER; /* return an invalid pointer */         \
    203. 

  203.     return p + offset;                                                  \
    204. 

  204. }
    205. 

  205. 

  206. #ifdef __i386__
    207. 

  207. /* return the frame pointer of the caller */
    208. 

  208. #define GET_CALLER_FP(fp)\
    209. 

  209. {\
    210. 

  210.     unsigned long *fp1;\
    211. 

  211.     __asm__ __volatile__ ("movl %%ebp,%0" :"=g" (fp1));\
    212. 

  212.     fp = fp1[0];\
    213. 

  213. }
    214. 

  214. #else
    215. 

  215. #error put code to extract the calling frame pointer
    216. 

  216. #endif
    217. 

  217. 

  218. /* called when entering a function to add all the local regions */
    219. 

  219. void FASTCALL __bound_local_new(void *p1) 
    220. 

  220. {
    221. 

  221.     unsigned long addr, size, fp, *p = p1;
    222. 

  222.     GET_CALLER_FP(fp);
    223. 

  223.     for(;;) {
    224. 

  224.         addr = p[0];
    225. 

  225.         if (addr == 0)
    226. 

  226.             break;
    227. 

  227.         addr += fp;
    228. 

  228.         size = p[1];
    229. 

  229.         p += 2;
    230. 

  230.         __bound_new_region((void *)addr, size);
    231. 

  231.     }
    232. 

  232. }
    233. 

  233. 

  234. /* called when leaving a function to delete all the local regions */
    235. 

  235. void FASTCALL __bound_local_delete(void *p1) 
    236. 

  236. {
    237. 

  237.     unsigned long addr, fp, *p = p1;
    238. 

  238.     GET_CALLER_FP(fp);
    239. 

  239.     for(;;) {
    240. 

  240.         addr = p[0];
    241. 

  241.         if (addr == 0)
    242. 

  242.             break;
    243. 

  243.         addr += fp;
    244. 

  244.         p += 2;
    245. 

  245.         __bound_delete_region((void *)addr);
    246. 

  246.     }
    247. 

  247. }
    248. 

  248. 

  249. #else
    250. 

  250. 

  251. void __bound_local_new(void *p) 
    252. 

  252. {
    253. 

  253. }
    254. 

  254. void __bound_local_delete(void *p) 
    255. 

  255. {
    256. 

  256. }
    257. 

  257. 

  258. void *__bound_ptr_add(void *p, int offset)
    259. 

  259. {
    260. 

  260.     return p + offset;
    261. 

  261. }
    262. 

  262. 

  263. #define BOUND_PTR_INDIR(dsize)                               \
    264. 

  264. void *__bound_ptr_indir ## dsize (void *p, int offset)       \
    265. 

  265. {                                                            \
    266. 

  266.     return p + offset;                                       \
    267. 

  267. }
    268. 

  268. #endif
    269. 

  269. 

  270. BOUND_PTR_INDIR(1)
    271. 

  271. BOUND_PTR_INDIR(2)
    272. 

  272. BOUND_PTR_INDIR(4)
    273. 

  273. BOUND_PTR_INDIR(8)
    274. 

  274. BOUND_PTR_INDIR(12)
    275. 

  275. BOUND_PTR_INDIR(16)
    276. 

  276. 

  277. static BoundEntry *__bound_new_page(void)
    278. 

  278. {
    279. 

  279.     BoundEntry *page;
    280. 

  280.     int i;
    281. 

  281. 

  282.     page = libc_malloc(sizeof(BoundEntry) * BOUND_T2_SIZE);
    283. 

  283.     if (!page)
    284. 

  284.         bound_alloc_error();
    285. 

  285.     for(i=0;i<BOUND_T2_SIZE;i++) {
    286. 

  286.         /* put empty entries */
    287. 

  287.         page[i].start = 0;
    288. 

  288.         page[i].size = EMPTY_SIZE;
    289. 

  289.         page[i].next = NULL;
    290. 

  290.         page[i].is_invalid = 0;
    291. 

  291.     }
    292. 

  292.     return page;
    293. 

  293. }
    294. 

  294. 

  295. /* currently we use malloc(). Should use bound_new_page() */
    296. 

  296. static BoundEntry *bound_new_entry(void)
    297. 

  297. {
    298. 

  298.     BoundEntry *e;
    299. 

  299.     e = libc_malloc(sizeof(BoundEntry));
    300. 

  300.     return e;
    301. 

  301. }
    302. 

  302. 

  303. static void bound_free_entry(BoundEntry *e)
    304. 

  304. {
    305. 

  305.     libc_free(e);
    306. 

  306. }
    307. 

  307. 

  308. static inline BoundEntry *get_page(int index)
    309. 

  309. {
    310. 

  310.     BoundEntry *page;
    311. 

  311.     page = __bound_t1[index];
    312. 

  312.     if (page == __bound_empty_t2 || page == __bound_invalid_t2) {
    313. 

  313.         /* create a new page if necessary */
    314. 

  314.         page = __bound_new_page();
    315. 

  315.         __bound_t1[index] = page;
    316. 

  316.     }
    317. 

  317.     return page;
    318. 

  318. }
    319. 

  319. 

  320. /* mark a region as being invalid (can only be used during init) */
    321. 

  321. static void mark_invalid(unsigned long addr, unsigned long size)
    322. 

  322. {
    323. 

  323.     unsigned long start, end;
    324. 

  324.     BoundEntry *page;
    325. 

  325.     int t1_start, t1_end, i, j, t2_start, t2_end;
    326. 

  326. 

  327.     start = addr;
    328. 

  328.     end = addr + size;
    329. 

  329. 

  330.     t2_start = (start + BOUND_T3_SIZE - 1) >> BOUND_T3_BITS;
    331. 

  331.     if (end != 0)
    332. 

  332.         t2_end = end >> BOUND_T3_BITS;
    333. 

  333.     else
    334. 

  334.         t2_end = 1 << (BOUND_T1_BITS + BOUND_T2_BITS);
    335. 

  335. 

  336. #if 0
    337. 

  337.     printf("mark_invalid: start = %x %x\n", t2_start, t2_end);
    338. 

  338. #endif
    339. 

  339.     
    340. 

  340.     /* first we handle full pages */
    341. 

  341.     t1_start = (t2_start + BOUND_T2_SIZE - 1) >> BOUND_T2_BITS;
    342. 

  342.     t1_end = t2_end >> BOUND_T2_BITS;
    343. 

  343. 

  344.     i = t2_start & (BOUND_T2_SIZE - 1);
    345. 

  345.     j = t2_end & (BOUND_T2_SIZE - 1);
    346. 

  346.     
    347. 

  347.     if (t1_start == t1_end) {
    348. 

  348.         page = get_page(t2_start >> BOUND_T2_BITS);
    349. 

  349.         for(; i < j; i++) {
    350. 

  350.             page[i].size = INVALID_SIZE;
    351. 

  351.             page[i].is_invalid = 1;
    352. 

  352.         }
    353. 

  353.     } else {
    354. 

  354.         if (i > 0) {
    355. 

  355.             page = get_page(t2_start >> BOUND_T2_BITS);
    356. 

  356.             for(; i < BOUND_T2_SIZE; i++) {
    357. 

  357.                 page[i].size = INVALID_SIZE;
    358. 

  358.                 page[i].is_invalid = 1;
    359. 

  359.             }
    360. 

  360.         }
    361. 

  361.         for(i = t1_start; i < t1_end; i++) {
    362. 

  362.             __bound_t1[i] = __bound_invalid_t2;
    363. 

  363.         }
    364. 

  364.         if (j != 0) {
    365. 

  365.             page = get_page(t1_end);
    366. 

  366.             for(i = 0; i < j; i++) {
    367. 

  367.                 page[i].size = INVALID_SIZE;
    368. 

  368.                 page[i].is_invalid = 1;
    369. 

  369.             }
    370. 

  370.         }
    371. 

  371.     }
    372. 

  372. }
    373. 

  373. 

  374. void __bound_init(void)
    375. 

  375. {
    376. 

  376.     int i;
    377. 

  377.     BoundEntry *page;
    378. 

  378.     unsigned long start, size;
    379. 

  379.     int *p;
    380. 

  380. 

  381.     /* save malloc hooks and install bound check hooks */
    382. 

  382.     install_malloc_hooks();
    383. 

  383. 

  384. #ifndef BOUND_STATIC
    385. 

  385.     __bound_t1 = libc_malloc(BOUND_T1_SIZE * sizeof(BoundEntry *));
    386. 

  386.     if (!__bound_t1)
    387. 

  387.         bound_alloc_error();
    388. 

  388. #endif
    389. 

  389.     __bound_empty_t2 = __bound_new_page();
    390. 

  390.     for(i=0;i<BOUND_T1_SIZE;i++) {
    391. 

  391.         __bound_t1[i] = __bound_empty_t2;
    392. 

  392.     }
    393. 

  393. 

  394.     page = __bound_new_page();
    395. 

  395.     for(i=0;i<BOUND_T2_SIZE;i++) {
    396. 

  396.         /* put invalid entries */
    397. 

  397.         page[i].start = 0;
    398. 

  398.         page[i].size = INVALID_SIZE;
    399. 

  399.         page[i].next = NULL;
    400. 

  400.         page[i].is_invalid = 1;
    401. 

  401.     }
    402. 

  402.     __bound_invalid_t2 = page;
    403. 

  403. 

  404.     /* invalid pointer zone */
    405. 

  405.     start = (unsigned long)INVALID_POINTER & ~(BOUND_T23_SIZE - 1);
    406. 

  406.     size = BOUND_T23_SIZE;
    407. 

  407.     mark_invalid(start, size);
    408. 

  408. 

  409. #if !defined(__TINYC__) && defined(CONFIG_TCC_MALLOC_HOOKS)
    410. 

  410.     /* malloc zone is also marked invalid. can only use that with
    411. 

  411.        hooks because all libs should use the same malloc. The solution
    412. 

  412.        would be to build a new malloc for tcc. */
    413. 

  413.     start = (unsigned long)&_end;
    414. 

  414.     size = 128 * 0x100000;
    415. 

  415.     mark_invalid(start, size);
    416. 

  416. #endif
    417. 

  417. 

  418.     /* add all static bound check values */
    419. 

  419.     p = (int *)&__bounds_start;
    420. 

  420.     while (p[0] != 0) {
    421. 

  421.         __bound_new_region((void *)p[0], p[1]);
    422. 

  422.         p += 2;
    423. 

  423.     }
    424. 

  424. }
    425. 

  425. 

  426. static inline void add_region(BoundEntry *e, 
    427. 

  427.                               unsigned long start, unsigned long size)
    428. 

  428. {
    429. 

  429.     BoundEntry *e1;
    430. 

  430.     if (e->start == 0) {
    431. 

  431.         /* no region : add it */
    432. 

  432.         e->start = start;
    433. 

  433.         e->size = size;
    434. 

  434.     } else {
    435. 

  435.         /* already regions in the list: add it at the head */
    436. 

  436.         e1 = bound_new_entry();
    437. 

  437.         e1->start = e->start;
    438. 

  438.         e1->size = e->size;
    439. 

  439.         e1->next = e->next;
    440. 

  440.         e->start = start;
    441. 

  441.         e->size = size;
    442. 

  442.         e->next = e1;
    443. 

  443.     }
    444. 

  444. }
    445. 

  445. 

  446. /* create a new region. It should not already exist in the region list */
    447. 

  447. void __bound_new_region(void *p, unsigned long size)
    448. 

  448. {
    449. 

  449.     unsigned long start, end;
    450. 

  450.     BoundEntry *page, *e, *e2;
    451. 

  451.     int t1_start, t1_end, i, t2_start, t2_end;
    452. 

  452. 

  453.     start = (unsigned long)p;
    454. 

  454.     end = start + size;
    455. 

  455.     t1_start = start >> (BOUND_T2_BITS + BOUND_T3_BITS);
    456. 

  456.     t1_end = end >> (BOUND_T2_BITS + BOUND_T3_BITS);
    457. 

  457. 

  458.     /* start */
    459. 

  459.     page = get_page(t1_start);
    460. 

  460.     t2_start = (start >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    461. 

  461.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    462. 

  462.     t2_end = (end >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    463. 

  463.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    464. 

  464. #ifdef BOUND_DEBUG
    465. 

  465.     printf("new %lx %lx %x %x %x %x\n", 
    466. 

  466.            start, end, t1_start, t1_end, t2_start, t2_end);
    467. 

  467. #endif
    468. 

  468. 

  469.     e = (BoundEntry *)((char *)page + t2_start);
    470. 

  470.     add_region(e, start, size);
    471. 

  471. 

  472.     if (t1_end == t1_start) {
    473. 

  473.         /* same ending page */
    474. 

  474.         e2 = (BoundEntry *)((char *)page + t2_end);
    475. 

  475.         if (e2 > e) {
    476. 

  476.             e++;
    477. 

  477.             for(;e<e2;e++) {
    478. 

  478.                 e->start = start;
    479. 

  479.                 e->size = size;
    480. 

  480.             }
    481. 

  481.             add_region(e, start, size);
    482. 

  482.         }
    483. 

  483.     } else {
    484. 

  484.         /* mark until end of page */
    485. 

  485.         e2 = page + BOUND_T2_SIZE;
    486. 

  486.         e++;
    487. 

  487.         for(;e<e2;e++) {
    488. 

  488.             e->start = start;
    489. 

  489.             e->size = size;
    490. 

  490.         }
    491. 

  491.         /* mark intermediate pages, if any */
    492. 

  492.         for(i=t1_start+1;i<t1_end;i++) {
    493. 

  493.             page = get_page(i);
    494. 

  494.             e2 = page + BOUND_T2_SIZE;
    495. 

  495.             for(e=page;e<e2;e++) {
    496. 

  496.                 e->start = start;
    497. 

  497.                 e->size = size;
    498. 

  498.             }
    499. 

  499.         }
    500. 

  500.         /* last page */
    501. 

  501.         page = get_page(t1_end);
    502. 

  502.         e2 = (BoundEntry *)((char *)page + t2_end);
    503. 

  503.         for(e=page;e<e2;e++) {
    504. 

  504.             e->start = start;
    505. 

  505.             e->size = size;
    506. 

  506.         }
    507. 

  507.         add_region(e, start, size);
    508. 

  508.     }
    509. 

  509. }
    510. 

  510. 

  511. /* delete a region */
    512. 

  512. static inline void delete_region(BoundEntry *e, 
    513. 

  513.                                  void *p, unsigned long empty_size)
    514. 

  514. {
    515. 

  515.     unsigned long addr;
    516. 

  516.     BoundEntry *e1;
    517. 

  517. 

  518.     addr = (unsigned long)p;
    519. 

  519.     addr -= e->start;
    520. 

  520.     if (addr <= e->size) {
    521. 

  521.         /* region found is first one */
    522. 

  522.         e1 = e->next;
    523. 

  523.         if (e1 == NULL) {
    524. 

  524.             /* no more region: mark it empty */
    525. 

  525.             e->start = 0;
    526. 

  526.             e->size = empty_size;
    527. 

  527.         } else {
    528. 

  528.             /* copy next region in head */
    529. 

  529.             e->start = e1->start;
    530. 

  530.             e->size = e1->size;
    531. 

  531.             e->next = e1->next;
    532. 

  532.             bound_free_entry(e1);
    533. 

  533.         }
    534. 

  534.     } else {
    535. 

  535.         /* find the matching region */
    536. 

  536.         for(;;) {
    537. 

  537.             e1 = e;
    538. 

  538.             e = e->next;
    539. 

  539.             /* region not found: do nothing */
    540. 

  540.             if (e == NULL)
    541. 

  541.                 break;
    542. 

  542.             addr = (unsigned long)p - e->start;
    543. 

  543.             if (addr <= e->size) {
    544. 

  544.                 /* found: remove entry */
    545. 

  545.                 e1->next = e->next;
    546. 

  546.                 bound_free_entry(e);
    547. 

  547.                 break;
    548. 

  548.             }
    549. 

  549.         }
    550. 

  550.     }
    551. 

  551. }
    552. 

  552. 

  553. /* WARNING: 'p' must be the starting point of the region. */
    554. 

  554. /* return non zero if error */
    555. 

  555. int __bound_delete_region(void *p)
    556. 

  556. {
    557. 

  557.     unsigned long start, end, addr, size, empty_size;
    558. 

  558.     BoundEntry *page, *e, *e2;
    559. 

  559.     int t1_start, t1_end, t2_start, t2_end, i;
    560. 

  560. 

  561.     start = (unsigned long)p;
    562. 

  562.     t1_start = start >> (BOUND_T2_BITS + BOUND_T3_BITS);
    563. 

  563.     t2_start = (start >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    564. 

  564.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    565. 

  565.     
    566. 

  566.     /* find region size */
    567. 

  567.     page = __bound_t1[t1_start];
    568. 

  568.     e = (BoundEntry *)((char *)page + t2_start);
    569. 

  569.     addr = start - e->start;
    570. 

  570.     if (addr > e->size)
    571. 

  571.         e = __bound_find_region(e, p);
    572. 

  572.     /* test if invalid region */
    573. 

  573.     if (e->size == EMPTY_SIZE || (unsigned long)p != e->start) 
    574. 

  574.         return -1;
    575. 

  575.     /* compute the size we put in invalid regions */
    576. 

  576.     if (e->is_invalid)
    577. 

  577.         empty_size = INVALID_SIZE;
    578. 

  578.     else
    579. 

  579.         empty_size = EMPTY_SIZE;
    580. 

  580.     size = e->size;
    581. 

  581.     end = start + size;
    582. 

  582. 

  583.     /* now we can free each entry */
    584. 

  584.     t1_end = end >> (BOUND_T2_BITS + BOUND_T3_BITS);
    585. 

  585.     t2_end = (end >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    586. 

  586.         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS);
    587. 

  587. 

  588.     delete_region(e, p, empty_size);
    589. 

  589.     if (t1_end == t1_start) {
    590. 

  590.         /* same ending page */
    591. 

  591.         e2 = (BoundEntry *)((char *)page + t2_end);
    592. 

  592.         if (e2 > e) {
    593. 

  593.             e++;
    594. 

  594.             for(;e<e2;e++) {
    595. 

  595.                 e->start = 0;
    596. 

  596.                 e->size = empty_size;
    597. 

  597.             }
    598. 

  598.             delete_region(e, p, empty_size);
    599. 

  599.         }
    600. 

  600.     } else {
    601. 

  601.         /* mark until end of page */
    602. 

  602.         e2 = page + BOUND_T2_SIZE;
    603. 

  603.         e++;
    604. 

  604.         for(;e<e2;e++) {
    605. 

  605.             e->start = 0;
    606. 

  606.             e->size = empty_size;
    607. 

  607.         }
    608. 

  608.         /* mark intermediate pages, if any */
    609. 

  609.         /* XXX: should free them */
    610. 

  610.         for(i=t1_start+1;i<t1_end;i++) {
    611. 

  611.             page = get_page(i);
    612. 

  612.             e2 = page + BOUND_T2_SIZE;
    613. 

  613.             for(e=page;e<e2;e++) {
    614. 

  614.                 e->start = 0;
    615. 

  615.                 e->size = empty_size;
    616. 

  616.             }
    617. 

  617.         }
    618. 

  618.         /* last page */
    619. 

  619.         page = get_page(t2_end);
    620. 

  620.         e2 = (BoundEntry *)((char *)page + t2_end);
    621. 

  621.         for(e=page;e<e2;e++) {
    622. 

  622.             e->start = 0;
    623. 

  623.             e->size = empty_size;
    624. 

  624.         }
    625. 

  625.         delete_region(e, p, empty_size);
    626. 

  626.     }
    627. 

  627.     return 0;
    628. 

  628. }
    629. 

  629. 

  630. /* return the size of the region starting at p, or EMPTY_SIZE if non
    631. 

  631.    existent region. */
    632. 

  632. static unsigned long get_region_size(void *p)
    633. 

  633. {
    634. 

  634.     unsigned long addr = (unsigned long)p;
    635. 

  635.     BoundEntry *e;
    636. 

  636. 

  637.     e = __bound_t1[addr >> (BOUND_T2_BITS + BOUND_T3_BITS)];
    638. 

  638.     e = (BoundEntry *)((char *)e + 
    639. 

  639.                        ((addr >> (BOUND_T3_BITS - BOUND_E_BITS)) & 
    640. 

  640.                         ((BOUND_T2_SIZE - 1) << BOUND_E_BITS)));
    641. 

  641.     addr -= e->start;
    642. 

  642.     if (addr > e->size)
    643. 

  643.         e = __bound_find_region(e, p);
    644. 

  644.     if (e->start != (unsigned long)p)
    645. 

  645.         return EMPTY_SIZE;
    646. 

  646.     return e->size;
    647. 

  647. }
    648. 

  648. 

  649. /* patched memory functions */
    650. 

  650. 

  651. static void install_malloc_hooks(void)
    652. 

  652. {
    653. 

  653. #ifdef CONFIG_TCC_MALLOC_HOOKS
    654. 

  654.     saved_malloc_hook = __malloc_hook;
    655. 

  655.     saved_free_hook = __free_hook;
    656. 

  656.     saved_realloc_hook = __realloc_hook;
    657. 

  657.     saved_memalign_hook = __memalign_hook;
    658. 

  658.     __malloc_hook = __bound_malloc;
    659. 

  659.     __free_hook = __bound_free;
    660. 

  660.     __realloc_hook = __bound_realloc;
    661. 

  661.     __memalign_hook = __bound_memalign;
    662. 

  662. #endif
    663. 

  663. }
    664. 

  664. 

  665. static void restore_malloc_hooks(void)
    666. 

  666. {
    667. 

  667. #ifdef CONFIG_TCC_MALLOC_HOOKS
    668. 

  668.     __malloc_hook = saved_malloc_hook;
    669. 

  669.     __free_hook = saved_free_hook;
    670. 

  670.     __realloc_hook = saved_realloc_hook;
    671. 

  671.     __memalign_hook = saved_memalign_hook;
    672. 

  672. #endif
    673. 

  673. }
    674. 

  674. 

  675. static void *libc_malloc(size_t size)
    676. 

  676. {
    677. 

  677.     void *ptr;
    678. 

  678.     restore_malloc_hooks();
    679. 

  679.     ptr = malloc(size);
    680. 

  680.     install_malloc_hooks();
    681. 

  681.     return ptr;
    682. 

  682. }
    683. 

  683. 

  684. static void libc_free(void *ptr)
    685. 

  685. {
    686. 

  686.     restore_malloc_hooks();
    687. 

  687.     free(ptr);
    688. 

  688.     install_malloc_hooks();
    689. 

  689. }
    690. 

  690. 

  691. /* XXX: we should use a malloc which ensure that it is unlikely that
    692. 

  692.    two malloc'ed data have the same address if 'free' are made in
    693. 

  693.    between. */
    694. 

  694. void *__bound_malloc(size_t size, const void *caller)
    695. 

  695. {
    696. 

  696.     void *ptr;
    697. 

  697.     
    698. 

  698.     /* we allocate one more byte to ensure the regions will be
    699. 

  699.        separated by at least one byte. With the glibc malloc, it may
    700. 

  700.        be in fact not necessary */
    701. 

  701.     ptr = libc_malloc(size + 1);
    702. 

  702.     
    703. 

  703.     if (!ptr)
    704. 

  704.         return NULL;
    705. 

  705.     __bound_new_region(ptr, size);
    706. 

  706.     return ptr;
    707. 

  707. }
    708. 

  708. 

  709. void *__bound_memalign(size_t size, size_t align, const void *caller)
    710. 

  710. {
    711. 

  711.     void *ptr;
    712. 

  712. 

  713.     restore_malloc_hooks();
    714. 

  714. 

  715. #ifndef HAVE_MEMALIGN
    716. 

  716.     if (align > 4) {
    717. 

  717.         /* XXX: handle it ? */
    718. 

  718.         ptr = NULL;
    719. 

  719.     } else {
    720. 

  720.         /* we suppose that malloc aligns to at least four bytes */
    721. 

  721.         ptr = malloc(size + 1);
    722. 

  722.     }
    723. 

  723. #else
    724. 

  724.     /* we allocate one more byte to ensure the regions will be
    725. 

  725.        separated by at least one byte. With the glibc malloc, it may
    726. 

  726.        be in fact not necessary */
    727. 

  727.     ptr = memalign(size + 1, align);
    728. 

  728. #endif
    729. 

  729.     
    730. 

  730.     install_malloc_hooks();
    731. 

  731.     
    732. 

  732.     if (!ptr)
    733. 

  733.         return NULL;
    734. 

  734.     __bound_new_region(ptr, size);
    735. 

  735.     return ptr;
    736. 

  736. }
    737. 

  737. 

  738. void __bound_free(void *ptr, const void *caller)
    739. 

  739. {
    740. 

  740.     if (ptr == NULL)
    741. 

  741.         return;
    742. 

  742.     if (__bound_delete_region(ptr) != 0)
    743. 

  743.         bound_error("freeing invalid region");
    744. 

  744. 

  745.     libc_free(ptr);
    746. 

  746. }
    747. 

  747. 

  748. void *__bound_realloc(void *ptr, size_t size, const void *caller)
    749. 

  749. {
    750. 

  750.     void *ptr1;
    751. 

  751.     int old_size;
    752. 

  752. 

  753.     if (size == 0) {
    754. 

  754.         __bound_free(ptr, caller);
    755. 

  755.         return NULL;
    756. 

  756.     } else {
    757. 

  757.         ptr1 = __bound_malloc(size, caller);
    758. 

  758.         if (ptr == NULL || ptr1 == NULL)
    759. 

  759.             return ptr1;
    760. 

  760.         old_size = get_region_size(ptr);
    761. 

  761.         if (old_size == EMPTY_SIZE)
    762. 

  762.             bound_error("realloc'ing invalid pointer");
    763. 

  763.         memcpy(ptr1, ptr, old_size);
    764. 

  764.         __bound_free(ptr, caller);
    765. 

  765.         return ptr1;
    766. 

  766.     }
    767. 

  767. }
    768. 

  768. 

  769. #ifndef CONFIG_TCC_MALLOC_HOOKS
    770. 

  770. void *__bound_calloc(size_t nmemb, size_t size)
    771. 

  771. {
    772. 

  772.     void *ptr;
    773. 

  773.     size = size * nmemb;
    774. 

  774.     ptr = __bound_malloc(size, NULL);
    775. 

  775.     if (!ptr)
    776. 

  776.         return NULL;
    777. 

  777.     memset(ptr, 0, size);
    778. 

  778.     return ptr;
    779. 

  779. }
    780. 

  780. #endif
    781. 

  781. 

  782. #if 0
    783. 

  783. static void bound_dump(void)
    784. 

  784. {
    785. 

  785.     BoundEntry *page, *e;
    786. 

  786.     int i, j;
    787. 

  787. 

  788.     printf("region dump:\n");
    789. 

  789.     for(i=0;i<BOUND_T1_SIZE;i++) {
    790. 

  790.         page = __bound_t1[i];
    791. 

  791.         for(j=0;j<BOUND_T2_SIZE;j++) {
    792. 

  792.             e = page + j;
    793. 

  793.             /* do not print invalid or empty entries */
    794. 

  794.             if (e->size != EMPTY_SIZE && e->start != 0) {
    795. 

  795.                 printf("%08x:", 
    796. 

  796.                        (i << (BOUND_T2_BITS + BOUND_T3_BITS)) + 
    797. 

  797.                        (j << BOUND_T3_BITS));
    798. 

  798.                 do {
    799. 

  799.                     printf(" %08lx:%08lx", e->start, e->start + e->size);
    800. 

  800.                     e = e->next;
    801. 

  801.                 } while (e != NULL);
    802. 

  802.                 printf("\n");
    803. 

  803.             }
    804. 

  804.         }
    805. 

  805.     }
    806. 

  806. }
    807. 

  807. #endif
    808. 

  808. 

  809. /* some useful checked functions */
    810. 

  810. 

  811. /* check that (p ... p + size - 1) lies inside 'p' region, if any */
    812. 

  812. static void __bound_check(const void *p, size_t size)
    813. 

  813. {
    814. 

  814.     if (size == 0)
    815. 

  815.         return;
    816. 

  816.     p = __bound_ptr_add((void *)p, size);
    817. 

  817.     if (p == INVALID_POINTER)
    818. 

  818.         bound_error("invalid pointer");
    819. 

  819. }
    820. 

  820. 

  821. void *__bound_memcpy(void *dst, const void *src, size_t size)
    822. 

  822. {
    823. 

  823.     __bound_check(dst, size);
    824. 

  824.     __bound_check(src, size);
    825. 

  825.     /* check also region overlap */
    826. 

  826.     if (src >= dst && src < dst + size)
    827. 

  827.         bound_error("overlapping regions in memcpy()");
    828. 

  828.     return memcpy(dst, src, size);
    829. 

  829. }
    830. 

  830. 

  831. void *__bound_memmove(void *dst, const void *src, size_t size)
    832. 

  832. {
    833. 

  833.     __bound_check(dst, size);
    834. 

  834.     __bound_check(src, size);
    835. 

  835.     return memmove(dst, src, size);
    836. 

  836. }
    837. 

  837. 

  838. void *__bound_memset(void *dst, int c, size_t size)
    839. 

  839. {
    840. 

  840.     __bound_check(dst, size);
    841. 

  841.     return memset(dst, c, size);
    842. 

  842. }
    843. 

  843. 

  844. /* XXX: could be optimized */
    845. 

  845. int __bound_strlen(const char *s)
    846. 

  846. {
    847. 

  847.     const char *p;
    848. 

  848.     int len;
    849. 

  849. 

  850.     len = 0;
    851. 

  851.     for(;;) {
    852. 

  852.         p = __bound_ptr_indir1((char *)s, len);
    853. 

  853.         if (p == INVALID_POINTER)
    854. 

  854.             bound_error("bad pointer in strlen()");
    855. 

  855.         if (*p == '\0')
    856. 

  856.             break;
    857. 

  857.         len++;
    858. 

  858.     }
    859. 

  859.     return len;
    860. 

  860. }
    861. 

  861. 

  862. char *__bound_strcpy(char *dst, const char *src)
    863. 

  863. {
    864. 

  864.     int len;
    865. 

  865.     len = __bound_strlen(src);
    866. 

  866.     return __bound_memcpy(dst, src, len + 1);
    867. 

  867. }
    868. 

  868. 

  869.