WIP: More failing AArch32 tests

.github/workflows/ci-matrix.yml

@@ -19,10 +19,7 @@ jobs:
       matrix:
         ghc: ['8.6.5', '8.8.3']
         cabal: ['3.2.0.0']
-        os: [ubuntu-latest, macOS-latest]
-        exclude:
-          - os: macOS-latest
-            ghc: 8.6.5
+        os: [ubuntu-latest]
 
     name: GHC ${{ matrix.ghc }} on ${{ matrix.os }} renovate
 

refurbish/tests/binaries/linked-list.c

@@ -0,0 +1,93 @@
+/*
+ * Pulled from utils.c in sed, whose ck_fclose function exposed a bug in
+ * StackLayout code.
+ */
+
+#include "util.h"
+
+#ifdef NOSTDLIB
+static void* fake_malloc(unsigned sz);
+# define MALLOC fake_malloc
+# define FREE(x)
+# define NULL (void*) 0L
+#else
+# include <stdlib.h>
+# define MALLOC malloc
+# define FREE free
+#endif
+
+typedef struct link {
+    int n;
+    char* name;
+    struct link* next;
+} link;
+
+static link* push(int n, link* ns) {
+    link* ans = (link*) MALLOC(sizeof(link));
+    ans->n = n;
+    ans->next = ns;
+    ans->name = NULL;
+    return ans;
+}
+
+/*
+ * Based on the code for ck_fclose in sed.  Notice that prev is initially a
+ * pointer into the stack but is subsequently a pointer into the heap.  It's
+ * crucial *not* to shuffle this function's stack layout, since it contains a
+ * struct that is accessed via a pointer.  A bug in StackLayout's join operation
+ * was forgetting that prev may be a stack pointer, thus letting the shuffle go
+ * through (and causing an endless loop).  The bug was fixed in commit b597c221.
+ */
+static void remove(int n, link** ns) {
+    link r;
+    link* prev;
+    link* cur;
+
+    r.next = *ns;
+    prev = &r;
+    while ( (cur = prev->next) ) {
+        if (cur->n == n) {
+            prev->next = cur->next;
+            FREE(cur->name);
+            FREE(cur);
+        } else {
+            prev = cur;
+        }
+    }
+
+    *ns = r.next;
+}
+
+int test() {
+    link* ns = push(1, push(2, push(3, push(2, push(1, push(2, NULL))))));
+    remove(2, &ns);
+    if (ns != NULL && ns->next != NULL) {
+        return 0;
+    } else {
+        return 2;
+    }
+}
+
+#ifdef NOSTDLIB
+#define BUFSIZE 1024*1024
+static char* buf[BUFSIZE];
+int off = 0;
+void* fake_malloc(unsigned sz) {
+    if (off + sz >= BUFSIZE) {
+        EXIT(1);
+    } else {
+        void* ans = buf + off;
+        off += sz;
+        return ans;
+    }
+}
+
+void _start() {
+    long r = test();
+    EXIT(r);
+}
+#else
+int main(int argc, char** argv) {
+    exit(test());
+}
+#endif

refurbish/tests/binaries/test-reporting.c

@@ -0,0 +1,73 @@
+#include <stdio.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <signal.h>
+#include <unistd.h>
+
+// #define PRINTF(...) printf(__VA_ARGS__)
+#define PRINTF(...) do {} while(0)
+
+typedef int (*function_pointer)();
+
+int do_bad_stuff(void) {
+  char data[] = {0xC3, 0xC3, 0xC3, 0xC3};
+  function_pointer fun_pointer = (function_pointer) data;
+  return fun_pointer(); // indirect call
+}
+
+int main() {
+  intptr_t reporting_addr = (1 << 11) * getpagesize(); // some high-numbered page
+  PRINTF("reporting address: %p\n", (void*)reporting_addr);
+  size_t *region =
+    mmap((void *) reporting_addr,
+         sizeof(size_t), // pointer size
+         PROT_READ // can be read
+         |PROT_WRITE, // can be written
+         MAP_ANONYMOUS // not file-backed, zero-initialized
+         |MAP_SHARED  // shared block of memory
+         |MAP_FIXED, // force exact positioning
+         0,
+         0);
+  if (region == MAP_FAILED) {
+    return -1;
+  }
+  pid_t pid = fork();
+  if (pid == -1) {
+    // could not fork
+    return -1;
+  }
+  if (pid == 0) {
+    PRINTF("In child process\n");
+    return do_bad_stuff();
+  }
+  PRINTF("In parent process\n");
+  int child_status = 0;
+  waitpid(pid, &child_status, 0);
+  int signaled = WIFSIGNALED(child_status);
+  PRINTF("Child exited with signal? %d\n", signaled);
+  if (signaled) {
+    int signal = WTERMSIG(child_status);
+    switch (signal) {
+      case SIGSEGV: {
+        PRINTF("Child exited with SIGSEGV (before embrittling)\n");
+        return 0;
+      }
+      case SIGTRAP: {
+        PRINTF("Child exited with SIGTRAP (because of embrittling)\n");
+        if ((*region) == 0) {
+          PRINTF("No reporting found\n");
+          return 1;
+        }
+        PRINTF("Found reporting\n");
+        return 2;
+        break;
+      }
+      default: {
+        PRINTF("Child exited with unknown signal! %d\n", signal);
+        return 3;
+      }
+    }
+  }
+  return 4;
+}

renovate-aarch32/src/Renovate/Arch/AArch32/ISA.hs

@@ -341,10 +341,19 @@ jumpOffset source target =
 unconditional :: W.W 4
 unconditional = 14
 
+-- | The maximum range we can jump on 32 bit ARM
+--
+-- Note that the branching instructions have limited range: 14 bits on A32, 10
+-- on T32.  This is not enough for any reasonable code relocation.  However, we
+-- have worked around this with a code sequence that embeds the jump offset into
+-- the instruction stream, allowing us to load 4 byte offsets (at the cost of an
+-- extra dereference).  This gets us a full 32 bit range.
+--
+-- NOTE: We need to update the T32 range when we implement thumb support
 armMaxRelativeJumpSize :: R.InstructionArchRepr MA.ARM tp -> Word64
 armMaxRelativeJumpSize repr =
   case repr of
-    A32Repr -> DB.bit 14 - 4
+    A32Repr -> DB.bit 30 - 4
     T32Repr -> DB.bit 10 - 4
 
 asInteger :: forall n . (KnownNat n, 1 PN.<= n) => W.W n -> Integer

renovate/src/Renovate/Recovery.hs

@@ -447,6 +447,7 @@ buildBlock :: (L.HasCallStack, MC.MemWidth (MC.ArchAddrWidth arch), C.MonadThrow
            -> m (Either (MC.ArchSegmentOff arch) (ConcreteBlock arch))
 buildBlock disBlock asm1 mem blockStarts (funcAddr, (PU.Some pb))
   | MC.blockSize pb == 0 = return (Left funcAddr)
+  | isIncompleteBlock pb = return (Left funcAddr)
   | Just concAddr <- concreteFromSegmentOff mem segAddr = do
       case MC.addrContentsAfter mem (MC.segoffAddr segAddr) of
         Left err -> C.throwM (MemoryError err)