Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disallow negative indices in all array access patterns #138

Merged
merged 3 commits into from
Sep 8, 2017

Conversation

dvander
Copy link
Member

@dvander dvander commented Sep 7, 2017

When the compiler knows the size of an array, an index into the array will be protected by a BOUNDS n opcode. This forces the index to be within [0, n). If the compiler doesn't know the size of an array, it gives up and there is no protection. As a result, when passing arrays as parameters, it is possible to unintentionally read garbage data with negative indices. This can mask real bugs and needs to be fixed.

We (ideally) should do this without a new opcode, since that requires a breaking ABI change. The easiest solution, I think, is to just always emit a BOUNDS opcode. If we don't know the actual bounds we can emit INT_MAX, effectively guaranteeing that only negative numbers will fail the check. This is pretty straightforward and the only gotcha was having to update an error message.

@dvander dvander merged commit d7743c3 into master Sep 8, 2017
@dvander dvander deleted the negative-indices branch September 8, 2017 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants