From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id uBc+H59cDmdtMwEAqHPOHw:P1 (envelope-from ) for ; Tue, 15 Oct 2024 14:14:23 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id uBc+H59cDmdtMwEAqHPOHw (envelope-from ) for ; Tue, 15 Oct 2024 14:14:23 +0200 X-Envelope-To: patches@johnnyrichard.com Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=lists.sr.ht header.s=20240113 header.b="U8/8SrGd"; dkim=pass header.d=maniero.me header.s=hostingermail1 header.b=OCW+XB2f; dmarc=pass (policy=none) header.from=maniero.me; spf=pass (aspmx1.migadu.com: domain of lists@sr.ht designates 46.23.81.152 as permitted sender) smtp.mailfrom=lists@sr.ht; arc=pass ("mailchannels.net:s=arc-2022:i=1") ARC-Seal: i=2; s=key1; d=johnnyrichard.com; t=1728994462; a=rsa-sha256; cv=pass; b=DWLWTHmH43MioildmkU2WNWaSSSWmq2gueTOFdCF5RudHJtpB5jDyjXSorOfyjo3oGfjBa E4jLakLJMQ5TEC/mA9LCfwSeN1E0td/6MvFbJ32CPDCYxf7FCQmI9dURqHnPzO33I3rh3S 5iZtWWxKDUyHui8EsDVEMu6IJm47Uy7sxLblSXDOfmdJolVFKQlK5qbkuWngSR+x7HCVez nu7JBYNN3770Dm6xVEjkafl36r2FnKA+nhFDLuQEuDL2gZsNIFke5y4jxD3H2sMJh5ib4c cnmCt3N12MwPtKHk+WX441vC0dj//aQ6+ph/rdHkC7fjGlLwvT5CkAJAFZvgSA== ARC-Authentication-Results: i=2; aspmx1.migadu.com; dkim=pass header.d=lists.sr.ht header.s=20240113 header.b="U8/8SrGd"; dkim=pass header.d=maniero.me header.s=hostingermail1 header.b=OCW+XB2f; dmarc=pass (policy=none) header.from=maniero.me; spf=pass (aspmx1.migadu.com: domain of lists@sr.ht designates 46.23.81.152 as permitted sender) smtp.mailfrom=lists@sr.ht; arc=pass ("mailchannels.net:s=arc-2022:i=1") ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=johnnyrichard.com; s=key1; t=1728994462; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:list-id: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=XdUKYCLzGyLNWxMbXTZJ0UYl2RPCBTMPhD11riNZrTY=; b=kfXI1b2OSOYYVbcu3DCQJXsAT7ZBYOTT2GmAoQBzRGtYepPkH1VhaRcZEp5P4EcC+2w6i2 PS552ic8hOjzu8BufsX8SiZ44JTwKnrvqHnxVaFxZfg7SWLX+IHOwJTggWV6WU1PxurlQP Yr6+ugGtgjfw+SVMlPYFhe/32P3p46kCjUgO3QYNS/6kJ3ub9/rEJKod1m/fcPZOhFwOrE TNLChdpbp1E3mZBk5PMl7bSiWNsBf+1cI6d2o/EplorG+fBTKfwD7UfC/t8m3wc67XdOQu d24iPkH8MbiMVI2emkrVGlIyq5ykY+C9hYCi28pPJ4dSI7P8QCuBES5bq0xyTA== Received: from mail-a.sr.ht (mail-a.sr.ht [46.23.81.152]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6A907101A for ; Tue, 15 Oct 2024 14:14:19 +0200 (CEST) DKIM-Signature: a=rsa-sha256; bh=O867IfEX9HZ046brAAPfq657C1d8Ir6bHiTgouHJ214=; c=simple/simple; d=lists.sr.ht; h=From:To:Cc:Subject:Date:List-Unsubscribe:List-Subscribe:List-Archive:List-Post:List-ID; q=dns/txt; s=20240113; t=1728994459; v=1; b=U8/8SrGds+zDVPBwPokPhif4vWZRQPxvGYi7OAeEnxY7cny4+aLwbTCg5TK0mdZt1R2as381 m3kVf63Kwl7i0eOYn4YNxDM0tBsRSgPU2SpnZ9euli4Nb2A84w1kEuXj70lqZ83EuKA4XFfndiU j3o9cVL2WQ3RQdabYaEzYv2uhQKbpwhBGfxvAwqyGcaXHSbZ8EKtVr+ZMYutVTE5X2UFiESSlRK BUyMWHICRD297gx7BmXr1Mfcmv/Eh2Nk6cXqW1bHPYmRgq2rmw/u76USB/4E2KwGYFcmYu9QEy3 LMdPbxhnYmZwEyAfrE884dZoUT8BTANHAzM8e0fhZ5qcA== Received: from lists.sr.ht (unknown [46.23.81.154]) by mail-a.sr.ht (Postfix) with ESMTPSA id 47D9F202F1 for ; Tue, 15 Oct 2024 12:14:19 +0000 (UTC) Received: from buffalo.tulip.relay.mailchannels.net (buffalo.tulip.relay.mailchannels.net [23.83.218.24]) by mail-a.sr.ht (Postfix) with ESMTPS id 1E627202E8 for <~johnnyrichard/olang-devel@lists.sr.ht>; Tue, 15 Oct 2024 12:14:14 +0000 (UTC) X-Sender-Id: hostingeremail|x-authuser|carlos@maniero.me Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 6351EA0783 for <~johnnyrichard/olang-devel@lists.sr.ht>; Tue, 15 Oct 2024 12:14:13 +0000 (UTC) Received: from fr-int-smtpout5.hostinger.io (100-102-223-196.trex-nlb.outbound.svc.cluster.local [100.102.223.196]) (Authenticated sender: hostingeremail) by relay.mailchannels.net (Postfix) with ESMTPA id 77723A599F for <~johnnyrichard/olang-devel@lists.sr.ht>; Tue, 15 Oct 2024 12:14:11 +0000 (UTC) ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1728994451; a=rsa-sha256; cv=none; b=fpxPZcl7zyjkxB3Ej3GBBk9fi+Hcbmf+M0M+ySdQORtvtUYntdsGD/zTmi2ulwQZfUtSVI XdcwxqyLCGCRbh0NngLxHLTMTkfUUKyAVQEvAVL4ri65PdEOU7u5EJxWW5RGM3Y/bwz0a8 7ZI73eIZ+CvcB3GUT3QlGRgErhDLJaefsMMB6ubOigWj1sv1Q+uYUP/Zk8NejiRj3iEJD5 UH4fGr+MYJzaS5uxNZyjgLh8n0a47Y//za1twjJgvsJH4kr1FE57zYWeK8D0ml7V9nfx0Q PWeWhX3Zq+3PgmBRqVHiowSnNwe/kFpyf1gcEi0PriB1sM8JSDUNjBqClf+rvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1728994451; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:dkim-signature; bh=XdUKYCLzGyLNWxMbXTZJ0UYl2RPCBTMPhD11riNZrTY=; b=+MmfU9w24ayeE8AmK3BtohNOxIpmIp/dPX8R4tRiQ9GYKdwEMETkVSnuwtBVpQjjvcBjuZ woBLBG47qBCPkgv1fyS56Bq/J8VfanlrqHPftu36LS96v6BcORWFd36okLYGjmKWRFhJn4 LlRT3Hnpu01Dkgx4p65+9k7L6nCKhZfArAVEps1fM3osZCDJU+cPXZy5sbEtjgf0ntYbQY 5vn9rT0ytFz5Rt0gv69JuZlA+N1j/4pAsvILD8uNCAt5lXUnmNNcF/NSRSOKt7V9jdv4Ub jNZtlRpLKiqPeMMvO952odjk/6Y4yzlW1a4uHIhaPFwqy1K9g1EHNSuZHHQUNA== ARC-Authentication-Results: i=1; rspamd-6b8cf4b767-l8xdm; auth=pass smtp.auth=hostingeremail smtp.mailfrom=carlos@maniero.me X-Sender-Id: hostingeremail|x-authuser|carlos@maniero.me X-MC-Relay: Neutral X-MailChannels-SenderId: hostingeremail|x-authuser|carlos@maniero.me X-MailChannels-Auth-Id: hostingeremail X-Print-Juvenile: 506a261934eedbcb_1728994453086_1302351956 X-MC-Loop-Signature: 1728994453086:1414400537 X-MC-Ingress-Time: 1728994453086 Received: from fr-int-smtpout5.hostinger.io (fr-int-smtpout5.hostinger.io [89.116.146.168]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.102.223.196 (trex/7.0.2); Tue, 15 Oct 2024 12:14:13 +0000 From: Carlos Maniero DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=maniero.me; s=hostingermail1; t=1728994449; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=XdUKYCLzGyLNWxMbXTZJ0UYl2RPCBTMPhD11riNZrTY=; b=OCW+XB2fVPHIe/TxTWQgxMNZV2OYeKRp6xcj4TN+TNu6Pla6OXwFRuYisaDQQJfis43QK8 6Qmmlu/Hw7wxQtuxBHznfC3v0bVkdh7fLtcPB9nv4fzp35QBZtXCE9m3GrnURDLXPwCQiP M73IpXKyk3TKzvbDFcvysjm5JJGWnKnrQqAMWiOjbzs9ckzrlIa/Zj4BRDfhTPS9UuZkrz Yd7MRaMp+G1y4rU+cFmd1aO5qMnHob178biN2eebINmE9mKxY3Xbt8SrXsQzyy7a9TInqq RtnsaiN3crpEOpLE+7rfIFkRoDTBTu+xHrbVTs7ciqUcJt8+lwJDM59VcFC5nQ== To: ~johnnyrichard/olang-devel@lists.sr.ht Cc: Carlos Maniero Subject: [PATCH olang] fix: codegen: prevent stack overwrite Message-ID: <20241015121404.206543-1-carlos@maniero.me> X-Mailer: git-send-email 2.46.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Date: Tue, 15 Oct 2024 12:14:08 +0000 (UTC) X-CM-Envelope: MS4xfCXHA5wEKpbc7sL3w6sASZz2Tf0/HtWc6LueCWxSSWxqUUAcICJw42kIP7WXb0B8I+0GzqvJ3FFbtR/OcLnPLU7MhjReh1rE5NsBh2BwjmCMbCDvRfSQ kaz7LP40bqQCi+NVQ8eVhMc/U4UFzzFoEDPJRJUhkvAseD7lD6XvD3JM13nv9ySYCjaS5pwIA+X+P/BDYXWNRAcIyHw8dx+UVZfbckw3s2BycrQhutx2aJB4 X-CM-Analysis: v=2.4 cv=Z6G+H2RA c=1 sm=1 tr=0 ts=670e5c91 a=WwxFCuf3mf1fs3oSi6/dng==:117 a=WwxFCuf3mf1fs3oSi6/dng==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=mDV3o1hIAAAA:8 a=yoa68oGcURWWYxIg_W4A:9 a=BXDaF_L80NY05PYiAFlV:22 X-AuthUser: carlos@maniero.me X-Sourcehut-Patchset-Status: PROPOSED List-Unsubscribe: List-Subscribe: List-Archive: Archived-At: List-Post: List-ID: ~johnnyrichard/olang-devel <~johnnyrichard/olang-devel.lists.sr.ht> Sender: ~johnnyrichard/olang-devel <~johnnyrichard/olang-devel@lists.sr.ht> X-Migadu-Flow: FLOW_IN X-Migadu-Country: NL X-Migadu-Spam-Score: -0.78 X-Spam-Score: -0.78 X-Migadu-Queue-Id: 6A907101A X-Migadu-Scanner: mx12.migadu.com X-TUID: +Sk8iTNPfJgR There was an issue in the stack allocation algorithm. Consider this function: fn a(): u32 { var a: u32 = 0xAAAA var b: u64 = 0xBBBBBBBB ret } There are three information the stack is required to store: - 8 bytes: rip (from call instruction) - 4 bytes: a - 8 bytes: b The 0x7FFFFF07 memory address was used to represent the RIP value at call instant. Our codegen was assuming the stack works that way: 0 -8 -C ^-------^---^------- 7FFFFF07AAAABBBBBBBB ^-------^---^------- rip a b So the code gen was: - Adding the value at the stack; - Increasing the offset. But actually the stack was behaving as following: 8 0 -8 -C ^-------^-------^---^ 7FFFFF070000BBBBBBBB. ^---------------^---^ rip a b Once the instruction *mov %rax, -0xC(%rbp)* writes from -0xC(%rbp) (exclusive) to -0x4(%rbp) (inclusive). So after this change, this is the actual stack template: 0 -4 -C --------^---^-------^ 7FFFFF07AAAABBBBBBBB. --------^---^-------^ rip a b Signed-off-by: Carlos Maniero --- src/codegen_linux_x86_64.c | 13 ++++++------- tests/olc/0036_variable_overflow.ol | 30 +++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 7 deletions(-) create mode 100644 tests/olc/0036_variable_overflow.ol diff --git a/src/codegen_linux_x86_64.c b/src/codegen_linux_x86_64.c index fc8fcc4..83d1d2c 100644 --- a/src/codegen_linux_x86_64.c +++ b/src/codegen_linux_x86_64.c @@ -28,7 +28,6 @@ // The call instruction pushes EIP into stack so the first 8 bytes from stack // must be preserved else the ret instruction will jump to nowere. -#define X86_CALL_EIP_STACK_OFFSET (8) #define X86_CALL_ARG_SIZE 6 #define bytes_max(a, b) ((a) > (b) ? (a) : (b)) @@ -795,6 +794,9 @@ codegen_linux_x86_64_emit_block(codegen_x86_64_t *codegen, ast_block_t *block) symbol_t *symbol = scope_lookup(scope, var_def.id); assert(symbol); + size_t type_size = type_to_bytes(symbol->type); + codegen->base_offset += type_size; + codegen_linux_x86_64_put_stack_offset( codegen, symbol, codegen->base_offset); @@ -803,13 +805,10 @@ codegen_linux_x86_64_emit_block(codegen_x86_64_t *codegen, ast_block_t *block) var_def.value); } - size_t type_size = type_to_bytes(symbol->type); - fprintf(codegen->out, " mov %s, -%ld(%%rbp)\n", get_reg_for(REG_ACCUMULATOR, type_size), codegen->base_offset); - codegen->base_offset += type_size; break; } @@ -957,7 +956,7 @@ static void codegen_linux_x86_64_emit_function(codegen_x86_64_t *codegen, ast_fn_definition_t *fn_def) { - codegen->base_offset = X86_CALL_EIP_STACK_OFFSET; + codegen->base_offset = 0; ast_node_t *block_node = fn_def->block; fprintf(codegen->out, "" SV_FMT ":\n", SV_ARG(fn_def->id)); @@ -975,6 +974,8 @@ codegen_linux_x86_64_emit_function(codegen_x86_64_t *codegen, symbol_t *symbol = scope_lookup(fn_def->scope, param->id); assert(symbol); + // FIXME: add offset according to the param size + codegen->base_offset += 8; size_t offset = codegen->base_offset; codegen_linux_x86_64_put_stack_offset( @@ -986,8 +987,6 @@ codegen_linux_x86_64_emit_function(codegen_x86_64_t *codegen, get_reg_for(x86_call_args[i], symbol->type->as_primitive.size), offset); - // FIXME: add offset according to the param size - codegen->base_offset += 8; ++i; } diff --git a/tests/olc/0036_variable_overflow.ol b/tests/olc/0036_variable_overflow.ol new file mode 100644 index 0000000..edb3c7e --- /dev/null +++ b/tests/olc/0036_variable_overflow.ol @@ -0,0 +1,30 @@ +# Copyright (C) 2024 olang mantainers +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +fn main(): u32 { + var a: u32 = 0 + var b: u64 = 0 + var c: u32 = 0 + + # This operation will fill all bits in b location. + # If there is an overflow, both a or c would be impacted + b = ~b + + return a + c +} + +# TEST test_compile(exit_code=0) + +# TEST test_run_binary(exit_code=0) base-commit: cf5e4abf07a38f0ddf3ac6979b01b942ab99a691 -- 2.46.1