diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2017-12-09 13:57:38 -0800 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2017-12-12 15:17:12 -0800 |
| commit | 4295050e1194af13afa26403dd3ebdff80824ae0 (patch) | |
| tree | 354002f3c84f4d8341bb07c5f68529f660a9a405 /src/ptr-bounds.h | |
| parent | 881abfc7fb55db2d00adf352100cc58a6a86c176 (diff) | |
| download | emacs-4295050e1194af13afa26403dd3ebdff80824ae0.tar.gz | |
Narrow pointer bounds when appropriate
This typically occurs in a storage manager, where the caller
is expected to access only the newly-allocated object,
instead of using the returned value to access unrelated
parts of the heap.
* src/alloc.c (allocate_string, allocate_string_data)
(compact_small_strings, find_string_data_in_pure)
(sweep_strings, setup_on_free_list, allocate_vectorlike
(pure_alloc):
* src/bytecode.c (exec_byte_code):
* src/callint.c (Fcall_interactively):
* src/dispnew.c (scrolling):
* src/editfns.c (styled_format):
* src/frame.c (xrdb_get_resource, x_get_resource_string):
* src/fringe.c (Fdefine_fringe_bitmap):
* src/gmalloc.c (malloc, realloc, aligned_alloc):
Narrow pointer bounds when appropriate.
* src/alloc.c (SDATA_OF_STRING):
* src/lisp.h (make_lisp_symbol) [__CHKP__]:
Widen bounds here, though.
* src/bytecode.c, src/callint.c, src/dispnew.c, src/editfns.c:
* src/emacs.c, src/frame.c, src/fringe.c:
Include ptr-bounds.h.
* src/ptr-bounds.h (ptr_bounds_clip): New function.
Diffstat (limited to 'src/ptr-bounds.h')
| -rw-r--r-- | src/ptr-bounds.h | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/src/ptr-bounds.h b/src/ptr-bounds.h index 54979824c05..76740da3d33 100644 --- a/src/ptr-bounds.h +++ b/src/ptr-bounds.h @@ -17,6 +17,18 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */ +/* Pointer bounds checking is a no-op unless running on hardware + supporting Intel MPX (Intel Skylake or better). Also, it requires + GCC 5 and Linux kernel 3.19, or later. Configure with + CFLAGS='-fcheck-pointer-bounds -mmpx', perhaps with + -fchkp-first-field-has-own-bounds thrown in. + + Although pointer bounds checking can help during debugging, it is + disabled by default because it hurts performance significantly. + The checking does not detect all pointer errors. For example, a + dumped Emacs might not detect a bounds violation of a pointer that + was created before Emacs was dumped. */ + #ifndef PTR_BOUNDS_H #define PTR_BOUNDS_H @@ -26,6 +38,19 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */ return their first argument. These macros return either void *, or the same type as their first argument. */ +INLINE_HEADER_BEGIN + +/* Return a copy of P, with bounds narrowed to [P, P + N). */ +#ifdef __CHKP__ +INLINE void * +ptr_bounds_clip (void const *p, size_t n) +{ + return __builtin___bnd_narrow_ptr_bounds (p, p, n); +} +#else +# define ptr_bounds_clip(p, n) ((void) (size_t) {n}, p) +#endif + /* Return a copy of P, but with the bounds of Q. */ #ifdef __CHKP__ # define ptr_bounds_copy(p, q) __builtin___bnd_copy_ptr_bounds (p, q) @@ -49,4 +74,6 @@ along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */ # define ptr_bounds_set(p, n) ((void) (size_t) {n}, p) #endif +INLINE_HEADER_END + #endif /* PTR_BOUNDS_H */ |