With TCC from git (commit 9382a3a), the two following inputs vla0.i and vla1.i each cause the message “error: internal compiler error: vstack leak” to be printed. In addition, the input vla1.i makes TCC crash:
$ cat vla0.i
int X=1;
int main(void) {
int t[][X];
}
$ ./tcc vla0.i
about to pop: 1
about to pop: 0
about to pop: 0
vla0.i:6: error: internal compiler error: vstack leak (-1)
$ cat vla1.i
int X=1;
int main(void) {
int t[][][X];
}
$ ./tcc vla1.i
about to pop: 1
about to pop: 0
about to pop: -1
about to pop: -1
vla1.i:6: error: internal compiler error: vstack leak (104364)
Segmentation fault
$
The message “about to pop” is caused by the attached patch, which does not
change the functional behavior of TCC.
If someone more knowledgeable than me about TCC's internals wants to continue
from where I stopped, according to the tools I am using, the first undefined
behavior to occur when TCC is processing either of these inputs is inside the
function vpop, where the pointer vtop is made to point before the array it is
supposed to point to. The callstacks at the point of this first undefined
behavior respectively look like (the lines may not correspond exactly):
stack: vpop :: tccgen.c:4524 <-
post_type :: tccgen.c:4608 <-
type_decl :: tccgen.c:7512 <-
decl0 :: tccgen.c:7697 <-
decl :: tccgen.c:6197 <-
block :: tccgen.c:7375 <-
gen_function :: tccgen.c:7596 <-
decl0 :: tccgen.c:7697 <-
decl :: tccgen.c:298 <-
tccgen_compile :: libtcc.c:652 <-
tcc_compile :: libtcc.c:1068 <-
tcc_add_file_internal :: libtcc.c:1094 <-
tcc_add_file :: tcc.c:338 <-
main
stack: vpop :: tccgen.c:4524 <-
post_type :: tccgen.c:4507 <-
post_type :: tccgen.c:4608 <-
type_decl :: tccgen.c:7512 <-
decl0 :: tccgen.c:7697 <-
decl :: tccgen.c:6197 <-
block :: tccgen.c:7375 <-
gen_function :: tccgen.c:7596 <-
decl0 :: tccgen.c:7697 <-
decl :: tccgen.c:298 <-
tccgen_compile :: libtcc.c:652 <-
tcc_compile :: libtcc.c:1068 <-
tcc_add_file_internal :: libtcc.c:1094 <-
tcc_add_file :: tcc.c:338 <-
main
The attached patch, when applied, shows the undefined behavior occurring: the
message “about to pop” is printed just before executing vtop--. When the
message shows 0, vtop is about to go outside the array __vstack. When it shows
-1, vtop is already outside the array. It does not make much sense to try to
debug anything that happens after this, since vtop going outside of __vstack is
already something that should not happen, and since it can mess up whatever
data structure is stored next to it.
pop.patch
Description: pop.patch
_______________________________________________ Tinycc-devel mailing list Tinycc-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/tinycc-devel
