1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
|
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Mu - linux/313index-bounds-check.subx</title>
<meta name="Generator" content="Vim/8.2">
<meta name="plugin-version" content="vim8.1_v2">
<meta name="syntax" content="none">
<meta name="settings" content="number_lines,use_css,pre_wrap,no_foldcolumn,expand_tabs,line_ids,prevent_copy=,use_input_for_pc=fallback">
<meta name="colorscheme" content="minimal-light">
<style>
<!--
pre { white-space: pre-wrap; font-family: monospace; color: #000000; background-color: #ffffd7; }
body { font-size:12pt; font-family: monospace; color: #000000; background-color: #ffffd7; }
a { color:inherit; }
* { font-size:12pt; font-size: 1em; }
.subxComment { color: #005faf; }
.LineNr { }
.subxS1Comment { color: #0000af; }
.SpecialChar { color: #d70000; }
.Constant { color: #008787; }
.subxMinorFunction { color: #875f5f; }
.CommentedCode { color: #8a8a8a; }
-->
</style>
<script>
<!--
/* function to open any folds containing a jumped-to line before jumping to it */
function JumpToLine()
{
var lineNum;
lineNum = window.location.hash;
lineNum = lineNum.substr(1); /* strip off '#' */
if (lineNum.indexOf('L') == -1) {
lineNum = 'L'+lineNum;
}
var lineElem = document.getElementById(lineNum);
/* Always jump to new location even if the line was hidden inside a fold, or
* we corrected the raw number to a line ID.
*/
if (lineElem) {
lineElem.scrollIntoView(true);
}
return true;
}
if ('onhashchange' in window) {
window.onhashchange = JumpToLine;
}
-->
</script>
</head>
<body onload='JumpToLine();'>
<a href='https://github.com/akkartik/mu/blob/main/linux/313index-bounds-check.subx'>https://github.com/akkartik/mu/blob/main/linux/313index-bounds-check.subx</a>
<pre id='vimCodeElement'>
<span id="L1" class="LineNr"> 1 </span><span class="subxComment"># Helper to check an array's bounds, and to abort if they're violated.</span>
<span id="L2" class="LineNr"> 2 </span><span class="subxComment"># Really only intended to be called from code generated by mu.subx.</span>
<span id="L3" class="LineNr"> 3 </span>
<span id="L4" class="LineNr"> 4 </span>== code
<span id="L5" class="LineNr"> 5 </span>
<span id="L6" class="LineNr"> 6 </span><span class="subxMinorFunction">__check-mu-array-bounds</span>: <span class="subxComment"># index: int, elem-size: int, arr-size: int, function-name: (addr array byte), array-name: (addr array byte)</span>
<span id="L7" class="LineNr"> 7 </span> <span class="subxS1Comment"># . prologue</span>
<span id="L8" class="LineNr"> 8 </span> 55/push-ebp
<span id="L9" class="LineNr"> 9 </span> 89/<- %ebp 4/r32/esp
<span id="L10" class="LineNr"> 10 </span> <span class="subxS1Comment"># . save registers</span>
<span id="L11" class="LineNr"> 11 </span> 50/push-eax
<span id="L12" class="LineNr"> 12 </span> 51/push-ecx
<span id="L13" class="LineNr"> 13 </span> 52/push-edx
<span id="L14" class="LineNr"> 14 </span> <span class="subxS1Comment"># . not bothering saving ebx; it's only clobbered if we're going to abort</span>
<span id="L15" class="LineNr"> 15 </span> <span class="subxComment"># ecx = arr-size</span>
<span id="L16" class="LineNr"> 16 </span> 8b/-> *(ebp+0x10) 1/r32/ecx
<span id="L17" class="LineNr"> 17 </span> <span class="subxComment"># var overflow/edx: int = 0</span>
<span id="L18" class="LineNr"> 18 </span> ba/copy-to-edx 0/imm32
<span id="L19" class="LineNr"> 19 </span> <span class="subxComment"># var offset/eax: int = index * elem-size</span>
<span id="L20" class="LineNr"> 20 </span> 8b/-> *(ebp+8) 0/r32/eax
<span id="L21" class="LineNr"> 21 </span> f7 4/subop/multiply-eax-with *(ebp+0xc)
<span id="L22" class="LineNr"> 22 </span> <span class="subxComment"># check for overflow</span>
<span id="L23" class="LineNr"> 23 </span> 81 7/subop/compare %edx 0/imm32
<span id="L24" class="LineNr"> 24 </span> 0f 85/jump-if-!= <a href='313index-bounds-check.subx.html#L6'>__check-mu-array-bounds</a>:overflow/disp32
<span id="L25" class="LineNr"> 25 </span> <span class="subxComment"># check bounds</span>
<span id="L26" class="LineNr"> 26 </span> 39/compare %eax 1/r32/ecx
<span id="L27" class="LineNr"> 27 </span> 0f 82/jump-if-unsigned< $__check-mu-array-bounds:end/disp32 <span class="subxComment"># negative index should always abort</span>
<span id="L28" class="LineNr"> 28 </span> <span class="subxComment"># abort if necessary</span>
<span id="L29" class="LineNr"> 29 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">"fn "</span>)
<span id="L30" class="LineNr"> 30 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> *(ebp+0x14))
<span id="L31" class="LineNr"> 31 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">": offset "</span>)
<span id="L32" class="LineNr"> 32 </span> (<a href='117write-int-hex.subx.html#L288'>write-int32-hex-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> %eax)
<span id="L33" class="LineNr"> 33 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">" is too large for array '"</span>)
<span id="L34" class="LineNr"> 34 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> *(ebp+0x18))
<span id="L35" class="LineNr"> 35 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">"'\n"</span>)
<span id="L36" class="LineNr"> 36 </span> (<a href='115write-byte.subx.html#L81'>flush</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span>)
<span id="L37" class="LineNr"> 37 </span> <span class="subxComment"># exit(1)</span>
<span id="L38" class="LineNr"> 38 </span> bb/copy-to-ebx 1/imm32
<span id="L39" class="LineNr"> 39 </span> e8/call <a href='000init.subx.html#L18'>syscall_exit</a>/disp32
<span id="L40" class="LineNr"> 40 </span> <span class="subxComment"># never gets here</span>
<span id="L41" class="LineNr"> 41 </span><span class="Constant">$__check-mu-array-bounds:end</span>:
<span id="L42" class="LineNr"> 42 </span> <span class="subxS1Comment"># . restore registers</span>
<span id="L43" class="LineNr"> 43 </span> 5a/pop-to-edx
<span id="L44" class="LineNr"> 44 </span> 59/pop-to-ecx
<span id="L45" class="LineNr"> 45 </span> 58/pop-to-eax
<span id="L46" class="LineNr"> 46 </span> <span class="subxS1Comment"># . epilogue</span>
<span id="L47" class="LineNr"> 47 </span> 89/<- %esp 5/r32/ebp
<span id="L48" class="LineNr"> 48 </span> 5d/pop-to-ebp
<span id="L49" class="LineNr"> 49 </span> c3/return
<span id="L50" class="LineNr"> 50 </span>
<span id="L51" class="LineNr"> 51 </span><span class="subxMinorFunction">__check-mu-array-bounds:overflow</span>:
<span id="L52" class="LineNr"> 52 </span> <span class="subxComment"># "fn " function-name ": offset to array '" array-name "' overflowed 32 bits\n"</span>
<span id="L53" class="LineNr"> 53 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">"fn "</span>)
<span id="L54" class="LineNr"> 54 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> *(ebp+0x14))
<span id="L55" class="LineNr"> 55 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">": offset to array '"</span>)
<span id="L56" class="LineNr"> 56 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> *(ebp+0x18))
<span id="L57" class="LineNr"> 57 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">"' overflowed 32 bits\n"</span>)
<span id="L58" class="LineNr"> 58 </span> (<a href='115write-byte.subx.html#L81'>flush</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span>)
<span id="L59" class="LineNr"> 59 </span> <span class="subxComment"># exit(1)</span>
<span id="L60" class="LineNr"> 60 </span> bb/copy-to-ebx 1/imm32
<span id="L61" class="LineNr"> 61 </span> e8/call <a href='000init.subx.html#L18'>syscall_exit</a>/disp32
<span id="L62" class="LineNr"> 62 </span> <span class="subxComment"># never gets here</span>
<span id="L63" class="LineNr"> 63 </span>
<span id="L64" class="LineNr"> 64 </span><span class="subxComment"># potential alternative</span>
<span id="L65" class="LineNr"> 65 </span>
<span id="L66" class="LineNr"> 66 </span><span class="CommentedCode">#? __bounds-check: # msg: (addr array byte)</span>
<span id="L67" class="LineNr"> 67 </span><span class="CommentedCode">#? (write-buffered Stderr "abort: array bounds exceeded in fn ")</span>
<span id="L68" class="LineNr"> 68 </span><span class="CommentedCode">#? 8b/-> *(esp+4) 0/r32/eax # we're going to abort, so just clobber away</span>
<span id="L69" class="LineNr"> 69 </span><span class="CommentedCode">#? (write-buffered Stderr %eax)</span>
<span id="L70" class="LineNr"> 70 </span><span class="CommentedCode">#? (write-buffered Stderr Newline)</span>
<span id="L71" class="LineNr"> 71 </span><span class="CommentedCode">#? # exit(1)</span>
<span id="L72" class="LineNr"> 72 </span><span class="CommentedCode">#? bb/copy-to-ebx 1/imm32</span>
<span id="L73" class="LineNr"> 73 </span><span class="CommentedCode">#? e8/call syscall_exit/disp32</span>
<span id="L74" class="LineNr"> 74 </span>
<span id="L75" class="LineNr"> 75 </span><span class="subxComment"># to be called as follows:</span>
<span id="L76" class="LineNr"> 76 </span><span class="subxComment"># var/reg <- index arr/rega: (addr array T), idx/regi: int</span>
<span id="L77" class="LineNr"> 77 </span><span class="subxComment"># | if size-of(T) is 1, 2, 4 or 8</span>
<span id="L78" class="LineNr"> 78 </span><span class="subxComment"># => # temporarily save array size to reg to check bounds</span>
<span id="L79" class="LineNr"> 79 </span><span class="subxComment"># "8b/-> *" rega " " reg "/r32"</span>
<span id="L80" class="LineNr"> 80 </span><span class="subxComment"># "c1/shift 5/subop/right %" reg " " log2(size-of(T)) "/imm32"</span>
<span id="L81" class="LineNr"> 81 </span><span class="subxComment"># "3b/compare " reg "/r32 *" rega</span>
<span id="L82" class="LineNr"> 82 </span><span class="subxComment"># "68/push \"" function "\"/imm32" # pass function name to error message</span>
<span id="L83" class="LineNr"> 83 </span><span class="subxComment"># "0f 8d/jump-if->= __bounds_check/disp32"</span>
<span id="L84" class="LineNr"> 84 </span><span class="subxComment"># "81 0/subop/add %esp 4/imm32" # drop function name</span>
<span id="L85" class="LineNr"> 85 </span><span class="subxComment"># # actually save the index addr in reg</span>
<span id="L86" class="LineNr"> 86 </span><span class="subxComment"># "8d/copy-address *(" rega "+" regi "<<" log2(size-of(T)) "+4) " reg "/r32"</span>
<span id="L87" class="LineNr"> 87 </span>
<span id="L88" class="LineNr"> 88 </span><span class="subxMinorFunction">__mu-abort-null-index-base-address</span>:
<span id="L89" class="LineNr"> 89 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">"null address in 'index'\n"</span>)
<span id="L90" class="LineNr"> 90 </span> (<a href='115write-byte.subx.html#L81'>flush</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span>)
<span id="L91" class="LineNr"> 91 </span> <span class="subxComment"># exit(1)</span>
<span id="L92" class="LineNr"> 92 </span> bb/copy-to-ebx 1/imm32
<span id="L93" class="LineNr"> 93 </span> e8/call <a href='000init.subx.html#L18'>syscall_exit</a>/disp32
<span id="L94" class="LineNr"> 94 </span> <span class="subxComment"># never gets here</span>
<span id="L95" class="LineNr"> 95 </span>
<span id="L96" class="LineNr"> 96 </span><span class="subxMinorFunction">__mu-abort-null-get-base-address</span>:
<span id="L97" class="LineNr"> 97 </span> (<a href='116write-buffered.subx.html#L8'>write-buffered</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span> <span class="Constant">"null address in 'get'\n"</span>)
<span id="L98" class="LineNr"> 98 </span> (<a href='115write-byte.subx.html#L81'>flush</a> <span class="SpecialChar"><a href='116write-buffered.subx.html#L209'>Stderr</a></span>)
<span id="L99" class="LineNr"> 99 </span> <span class="subxComment"># exit(1)</span>
<span id="L100" class="LineNr">100 </span> bb/copy-to-ebx 1/imm32
<span id="L101" class="LineNr">101 </span> e8/call <a href='000init.subx.html#L18'>syscall_exit</a>/disp32
<span id="L102" class="LineNr">102 </span> <span class="subxComment"># never gets here</span>
</pre>
</body>
</html>
<!-- vim: set foldmethod=manual : -->
|