Eliot Miranda uploaded a new version of VMMaker to project VM Maker: http://source.squeak.org/VMMaker/VMMaker.oscog-eem.1496.mcz
==================== Summary ====================
Name: VMMaker.oscog-eem.1496 Author: eem Time: 20 October 2015, 4:02:56.214 pm UUID: f6c0ecb8-51de-4da5-aa23-5f96baa84178 Ancestors: VMMaker.oscog-rmacnak.1495
One last waafer-thin tweak to bounds checking in the Alien plugins Monsieur Creosote? Use a form immune to integer overflow. Document the design decision.
=============== Diff against VMMaker.oscog-rmacnak.1495 ===============
Item was changed: ----- Method: IA32ABIPlugin>>index:length:inRange: (in category 'private-support') ----- index: byteIndex length: length inRange: rcvr + "Answer if the indices byteIndex to byteIndex + length - 1 are valid zero-relative indices into the rcvr. + Beware!! There be dragons here. The form below (byteIndex <= (dataSize abs - length)) is used + because byteIndex + length could overflow, whereas (dataSize abs - length) can't. We *don't* use the + obvious optimization + ^dataSize = 0 or: [byteIndex asUnsignedInteger <= (dataSize abs - length)] + because with C's Usual Arithmetic Conversions + 5. Otherwise, both operands are converted to the unsigned integer type corresponding to the type of the operand with signed integer type. + means that the comparison will be unsigned, and if length > dataSize abs then dataSize abs - length is large and positive." - "Answer if the indices byteIndex to byteIndex + length - 1 are valid zero-relative indices into the rcvr." | dataSize | <inline: true> dataSize := self sizeField: rcvr. + ^dataSize = 0 or: [byteIndex >= 0 and: [byteIndex <= (dataSize abs - length)]]! - ^dataSize = 0 or: [byteIndex >= 0 and: [(byteIndex + length) <= dataSize abs]]!
Item was changed: ----- Method: NewsqueakIA32ABIPlugin>>index:length:inRange: (in category 'private-support') ----- index: byteIndex length: length inRange: rcvr + "Answer if the indices byteIndex to byteIndex + length - 1 are valid zero-relative indices into the rcvr. + Beware!! There be dragons here. The form below (byteIndex <= (dataSize abs - length)) is used + because byteIndex + length could overflow, whereas (dataSize abs - length) can't. We *don't* use the + obvious optimization + ^dataSize = 0 or: [byteIndex asUnsignedInteger <= (dataSize abs - length)] + because with C's Usual Arithmetic Conversions + 5. Otherwise, both operands are converted to the unsigned integer type corresponding to the type of the operand with signed integer type. + means that the comparison will be unsigned, and if length > dataSize abs then dataSize abs - length is large and positive." - "Answer if the indices byteIndex to byteIndex + length - 1 are valid zero-relative indices into the rcvr." | dataSize | <inline: true> dataSize := self sizeField: rcvr. + ^dataSize = 0 or: [byteIndex >= 0 and: [byteIndex <= (dataSize abs - length)]]! - ^dataSize = 0 or: [byteIndex >= 0 and: [(byteIndex + length) <= dataSize abs]]!
vm-dev@lists.squeakfoundation.org