Narrow pointer bounds when appropriate

This typically occurs in a storage manager, where the caller is expected to access only the newly-allocated object, instead of using the returned value to access unrelated parts of the heap. * src/alloc.c (allocate_string, allocate_string_data) (compact_small_strings, find_string_data_in_pure) (sweep_strings, setup_on_free_list, allocate_vectorlike (pure_alloc): * src/bytecode.c (exec_byte_code): * src/callint.c (Fcall_interactively): * src/dispnew.c (scrolling): * src/editfns.c (styled_format): * src/frame.c (xrdb_get_resource, x_get_resource_string): * src/fringe.c (Fdefine_fringe_bitmap): * src/gmalloc.c (malloc, realloc, aligned_alloc): Narrow pointer bounds when appropriate. * src/alloc.c (SDATA_OF_STRING): * src/lisp.h (make_lisp_symbol) [__CHKP__]: Widen bounds here, though. * src/bytecode.c, src/callint.c, src/dispnew.c, src/editfns.c: * src/emacs.c, src/frame.c, src/fringe.c: Include ptr-bounds.h. * src/ptr-bounds.h (ptr_bounds_clip): New function.
author: Paul Eggert 2017-12-09 13:57:38 -0800
committer: Paul Eggert 2017-12-12 15:17:12 -0800
commit: 4295050e1194af13afa26403dd3ebdff80824ae0 (patch)
tree: 354002f3c84f4d8341bb07c5f68529f660a9a405 /src/ptr-bounds.h
parent: 881abfc7fb55db2d00adf352100cc58a6a86c176 (diff)
download: emacs-4295050e1194af13afa26403dd3ebdff80824ae0.tar.gz
emacs-4295050e1194af13afa26403dd3ebdff80824ae0.zip
1 files changed, 27 insertions, 0 deletions
diff --git a/src/ptr-bounds.h b/src/ptr-bounds.h
index 54979824c05..76740da3d33 100644
--- a/src/ptr-bounds.h
+++ b/src/ptr-bounds.h
@@ -17,6 +17,18 @@ GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
+/* Pointer bounds checking is a no-op unless running on hardware
+   supporting Intel MPX (Intel Skylake or better).  Also, it requires
+   GCC 5 and Linux kernel 3.19, or later.  Configure with
+   CFLAGS='-fcheck-pointer-bounds -mmpx', perhaps with
+   -fchkp-first-field-has-own-bounds thrown in.
+   Although pointer bounds checking can help during debugging, it is
+   disabled by default because it hurts performance significantly.
+   The checking does not detect all pointer errors.  For example, a
+   dumped Emacs might not detect a bounds violation of a pointer that
+   was created before Emacs was dumped.  */
 #ifndef PTR_BOUNDS_H
 #define PTR_BOUNDS_H
@@ -26,6 +38,19 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
   return their first argument.  These macros return either void *, or
   the same type as their first argument.  */
+INLINE_HEADER_BEGIN
+/* Return a copy of P, with bounds narrowed to [P, P + N).  */
+#ifdef __CHKP__
+INLINE void *
+ptr_bounds_clip (void const *p, size_t n)
+{
+  return __builtin___bnd_narrow_ptr_bounds (p, p, n);
+}
+#else
+# define ptr_bounds_clip(p, n) ((void) (size_t) {n}, p)
+#endif
 /* Return a copy of P, but with the bounds of Q.  */
 #ifdef __CHKP__
 # define ptr_bounds_copy(p, q) __builtin___bnd_copy_ptr_bounds (p, q)
@@ -49,4 +74,6 @@ along with GNU Emacs.  If not, see <https://www.gnu.org/licenses/>.  */
 # define ptr_bounds_set(p, n) ((void) (size_t) {n}, p)
 #endif
+INLINE_HEADER_END
 #endif /* PTR_BOUNDS_H */
author	Paul Eggert	2017-12-09 13:57:38 -0800
committer	Paul Eggert	2017-12-12 15:17:12 -0800
commit	4295050e1194af13afa26403dd3ebdff80824ae0 (patch)
tree	354002f3c84f4d8341bb07c5f68529f660a9a405 /src/ptr-bounds.h
parent	881abfc7fb55db2d00adf352100cc58a6a86c176 (diff)
download	emacs-4295050e1194af13afa26403dd3ebdff80824ae0.tar.gz emacs-4295050e1194af13afa26403dd3ebdff80824ae0.zip

diff --git a/src/ptr-bounds.h b/src/ptr-bounds.h index 54979824c05..76740da3d33 100644 --- a/src/ptr-bounds.h +++ b/src/ptr-bounds.h
@@ -17,6 +17,18 @@ GNU General Public License for more details.
17	You should have received a copy of the GNU General Public License	17	You should have received a copy of the GNU General Public License
18	along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */	18	along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
19		19
		20	/* Pointer bounds checking is a no-op unless running on hardware
		21	supporting Intel MPX (Intel Skylake or better). Also, it requires
		22	GCC 5 and Linux kernel 3.19, or later. Configure with
		23	CFLAGS='-fcheck-pointer-bounds -mmpx', perhaps with
		24	-fchkp-first-field-has-own-bounds thrown in.
		25
		26	Although pointer bounds checking can help during debugging, it is
		27	disabled by default because it hurts performance significantly.
		28	The checking does not detect all pointer errors. For example, a
		29	dumped Emacs might not detect a bounds violation of a pointer that
		30	was created before Emacs was dumped. */
		31
20	#ifndef PTR_BOUNDS_H	32	#ifndef PTR_BOUNDS_H
21	#define PTR_BOUNDS_H	33	#define PTR_BOUNDS_H
22		34
@@ -26,6 +38,19 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
26	return their first argument. These macros return either void *, or	38	return their first argument. These macros return either void *, or
27	the same type as their first argument. */	39	the same type as their first argument. */
28		40
		41	INLINE_HEADER_BEGIN
		42
		43	/* Return a copy of P, with bounds narrowed to [P, P + N). */
		44	#ifdef __CHKP__
		45	INLINE void *
		46	ptr_bounds_clip (void const *p, size_t n)
		47	{
		48	return __builtin___bnd_narrow_ptr_bounds (p, p, n);
		49	}
		50	#else
		51	# define ptr_bounds_clip(p, n) ((void) (size_t) {n}, p)
		52	#endif
		53
29	/* Return a copy of P, but with the bounds of Q. */	54	/* Return a copy of P, but with the bounds of Q. */
30	#ifdef __CHKP__	55	#ifdef __CHKP__
31	# define ptr_bounds_copy(p, q) __builtin___bnd_copy_ptr_bounds (p, q)	56	# define ptr_bounds_copy(p, q) __builtin___bnd_copy_ptr_bounds (p, q)
@@ -49,4 +74,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
49	# define ptr_bounds_set(p, n) ((void) (size_t) {n}, p)	74	# define ptr_bounds_set(p, n) ((void) (size_t) {n}, p)
50	#endif	75	#endif
51		76
		77	INLINE_HEADER_END
		78
52	#endif /* PTR_BOUNDS_H */	79	#endif /* PTR_BOUNDS_H */