From ef246bd8e22ef6768bd4c613fac6c0f3aea8ec8f Mon Sep 17 00:00:00 2001 From: carl Date: Sun, 16 Jun 2019 00:42:48 +0800 Subject: [PATCH] Closes #193 (signed integer shift left does not correctly check overflow in the interpreter when shifting by 0 bits), Closes #192 (integer division overflow is not handled in the interpreter and crashes it) and closes #194 (lar instruction does not accept negative bounds in interpreter when doing array index checking). --- util/int/do_array.c | 7 ++++--- util/int/do_intar.c | 39 +++++++++++++++++++++++++++++++++------ util/int/main.c | 23 ++++++++++++++++++++++- 3 files changed, 59 insertions(+), 10 deletions(-) diff --git a/util/int/do_array.c b/util/int/do_array.c index 62112fbd7..9f850d4c7 100644 --- a/util/int/do_array.c +++ b/util/int/do_array.c @@ -58,12 +58,13 @@ PRIVATE void arr(int type, /* operation TYPE */ { register ptr desc = dppop(); /* array DESCriptor */ register size obj_size; /* OBJect SIZE */ - register long diff = /* between index and lower bound */ - spop(elm_size) - mem_lds(desc, elm_size); + long index = spop(elm_size); + long diff = /* between index and lower bound */ + index - mem_lds(desc, elm_size); register ptr arr_addr = dppop();/* ARRay ADDRess */ if (must_test && !(IgnMask&BIT(EARRAY))) { - if (diff < 0 || diff > mem_lds(desc + elm_size, elm_size)) { + if (diff < 0 || index > mem_lds(desc + elm_size, elm_size)) { trap(EARRAY); } } diff --git a/util/int/do_intar.c b/util/int/do_intar.c index e80f1ee3f..8d0e559ec 100644 --- a/util/int/do_intar.c +++ b/util/int/do_intar.c @@ -14,7 +14,7 @@ #include "text.h" #include "fra.h" -PRIVATE long adi(long, long, size), sbi(long, long, size), dvi(long, long); +PRIVATE long adi(long, long, size), sbi(long, long, size), dvi(long, long, size); PRIVATE long mli(long, long, size), rmi(long, long), ngi(long, size); PRIVATE long sli(long, long, size), sri(long, long, size); @@ -55,7 +55,7 @@ void DoDVI(register size l) LOG(("@I6 DoDVI(%ld)", l)); spoilFRA(); - npush(dvi(spop(l), t), l); + npush(dvi(spop(l), t, l), l); } /** RMI w: Remainder (*) */ @@ -162,7 +162,7 @@ PRIVATE long mli(long w1, long w2, size nbytes) return (w1 * w2); } -PRIVATE long dvi(long w1, long w2) +PRIVATE long dvi(long w1, long w2, size nbytes) { if (w2 == 0) { if (!(IgnMask&BIT(EIDIVZ))) { @@ -170,6 +170,20 @@ PRIVATE long dvi(long w1, long w2) } else return (0L); } + + /* Check for division overflow. */ + if ((w1 == i_mins(nbytes)) && (w2 == -1)) + { + if (must_test && !(IgnMask&BIT(EIOVFL))) + { + trap(EIOVFL); + } else return i_mins(nbytes); + } + + + if (must_test && !(IgnMask&BIT(EIOVFL))) + { + } return (w1 / w2); } @@ -212,11 +226,24 @@ PRIVATE long sli(long w1, long w2, size nbytes) if (!(IgnMask&BIT(EIOVFL))) { /* check overflow */ - if ( (w1 >= 0 && (w1 >> (nbytes*8 - w2)) != 0) - || (w1 < 0 && (w1 >> (nbytes*8 - w2)) != -1) - ) { + + /* If the value is positive, then check, this is taken + * from rule INT32-C of SEI website. + */ + if ((w1 >= 0) && (w1 > (i_maxs(nbytes) >> w2))) + { trap(EIOVFL); } + + if ((w1 < 0) && (w1 < (i_mins(nbytes) >> w2))) + { + trap(EIOVFL); + } + +/* if ((w1 < 0) && (w2 != 0) && ((w1 >> (nbytes*8 - w2)) != -1)) + { + trap(EIOVFL); + }*/ } } diff --git a/util/int/main.c b/util/int/main.c index 05d49e87f..5587a3112 100644 --- a/util/int/main.c +++ b/util/int/main.c @@ -45,15 +45,36 @@ extern void disassemble(void); extern void tally(void); extern void out_tally(void); +/** Check dynamically that the interpreter can run on the target machine. */ +static void check_requirements(char *name) +{ + + /* Verify that shift right supported signed shifts. According to ISO C90, + * this is not mandatory, we should not support it here! + */ + int shrv = -4; + if ((shrv >> 1) != -2) + { + fprintf(stderr, + "%s compiled with compiler that does not support signed right shifts. Aborted.", + name); + exit(1); + } +} + int main(int argc, char *argv[]) { register int i; register int nosetjmp = 1; int must_disassemble = 0; int must_tally = 0; - + + prog_name = argv[0]; + check_requirements(prog_name); + + /* Initialize the EM machine */ PreIgnMask = 0; FRALimit = FRALIMIT;