From 25fa1aadc987f4c3abb8b39ae5fa090a9a103daa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Gustavsson?= <bjorn@erlang.org>
Date: Mon, 22 Jan 2018 15:46:05 +0100
Subject: beam_validator: Validate building of tuples

Make sure that there is the correct number of put/1 instructions
following put_tuple/2. Also make it illegal to reference the
register for the tuple being built in a put/1 instruction.
That is, beam_validator will now issue a diagnostice for the the
following code:

    {put_tuple,1,{x,0}}.
    {put,{x,0}}.
---
 lib/compiler/src/beam_validator.erl                | 33 +++++---
 lib/compiler/test/beam_validator_SUITE.erl         | 20 ++++-
 .../test/beam_validator_SUITE_data/bad_tuples.S    | 88 ++++++++++++++++++++++
 3 files changed, 127 insertions(+), 14 deletions(-)
 create mode 100644 lib/compiler/test/beam_validator_SUITE_data/bad_tuples.S

(limited to 'lib')

diff --git a/lib/compiler/src/beam_validator.erl b/lib/compiler/src/beam_validator.erl
index 4feb26c513..ca757f5e47 100644
--- a/lib/compiler/src/beam_validator.erl
+++ b/lib/compiler/src/beam_validator.erl
@@ -85,8 +85,6 @@ format_error(Error) ->
 %%% Things currently not checked. XXX
 %%%
 %%% - Heap allocation for binaries.
-%%% - That put_tuple is followed by the correct number of
-%%%   put instructions.
 %%%
 
 %% validate(Module, [Function]) -> [] | [Error]
@@ -148,7 +146,8 @@ validate_0(Module, [{function,Name,Ar,Entry,Code}|Fs], Ft) ->
 	 hf=0,				%Available heap size for floats.
 	 fls=undefined,			%Floating point state.
 	 ct=[],				%List of hot catch/try labels
-	 setelem=false			%Previous instruction was setelement/3.
+         setelem=false,                 %Previous instruction was setelement/3.
+         puts_left=none                 %put/1 instructions left.
 	}).
 
 -type label()        :: integer().
@@ -340,11 +339,25 @@ valfun_1({put_list,A,B,Dst}, Vst0) ->
     Vst = eat_heap(2, Vst0),
     set_type_reg(cons, Dst, Vst);
 valfun_1({put_tuple,Sz,Dst}, Vst0) when is_integer(Sz) ->
+    Vst1 = eat_heap(1, Vst0),
+    Vst = set_type_reg(tuple_in_progress, Dst, Vst1),
+    #vst{current=St0} = Vst,
+    St = St0#st{puts_left={Sz,{Dst,{tuple,Sz}}}},
+    Vst#vst{current=St};
+valfun_1({put,Src}, Vst0) ->
+    assert_term(Src, Vst0),
     Vst = eat_heap(1, Vst0),
-    set_type_reg({tuple,Sz}, Dst, Vst);
-valfun_1({put,Src}, Vst) ->
-    assert_term(Src, Vst),
-    eat_heap(1, Vst);
+    #vst{current=St0} = Vst,
+    case St0 of
+        #st{puts_left=none} ->
+            error(not_building_a_tuple);
+        #st{puts_left={1,{Dst,Type}}} ->
+            St = St0#st{puts_left=none},
+            set_type_reg(Type, Dst, Vst#vst{current=St});
+        #st{puts_left={PutsLeft,Info}} when is_integer(PutsLeft) ->
+            St = St0#st{puts_left={PutsLeft-1,Info}},
+            Vst#vst{current=St}
+    end;
 %% Instructions for optimization of selective receives.
 valfun_1({recv_mark,{f,Fail}}, Vst) when is_integer(Fail) ->
     Vst;
@@ -1272,6 +1285,7 @@ get_move_term_type(Src, Vst) ->
 	initialized -> error({unassigned,Src});
 	{catchtag,_} -> error({catchtag,Src});
 	{trytag,_} -> error({trytag,Src});
+        tuple_in_progress -> error({tuple_in_progress,Src});
 	Type -> Type
     end.
 
@@ -1280,10 +1294,7 @@ get_move_term_type(Src, Vst) ->
 %%  a standard Erlang type (no catch/try tags or match contexts).
 
 get_term_type(Src, Vst) ->
-    case get_term_type_1(Src, Vst) of
-	initialized -> error({unassigned,Src});
-	{catchtag,_} -> error({catchtag,Src});
-	{trytag,_} -> error({trytag,Src});
+    case get_move_term_type(Src, Vst) of
 	#ms{} -> error({match_context,Src});
 	Type -> Type
     end.
diff --git a/lib/compiler/test/beam_validator_SUITE.erl b/lib/compiler/test/beam_validator_SUITE.erl
index 685eb2a72e..63a13281a8 100644
--- a/lib/compiler/test/beam_validator_SUITE.erl
+++ b/lib/compiler/test/beam_validator_SUITE.erl
@@ -33,8 +33,8 @@
 	 state_after_fault_in_catch/1,no_exception_in_catch/1,
 	 undef_label/1,illegal_instruction/1,failing_gc_guard_bif/1,
 	 map_field_lists/1,cover_bin_opt/1,
-	 val_dsetel/1]).
-	 
+	 val_dsetel/1,bad_tuples/1]).
+
 -include_lib("common_test/include/ct.hrl").
 
 init_per_testcase(Case, Config) when is_atom(Case), is_list(Config) ->
@@ -61,7 +61,8 @@ groups() ->
        freg_state,bad_bin_match,bad_dsetel,
        state_after_fault_in_catch,no_exception_in_catch,
        undef_label,illegal_instruction,failing_gc_guard_bif,
-       map_field_lists,cover_bin_opt,val_dsetel]}].
+       map_field_lists,cover_bin_opt,val_dsetel,
+       bad_tuples]}].
 
 init_per_suite(Config) ->
     Config.
@@ -509,6 +510,19 @@ destroy_reg({Tag,N}) ->
 	    {y,N+1}
     end.
 
+bad_tuples(Config) ->
+    Errors = do_val(bad_tuples, Config),
+    [{{bad_tuples,heap_overflow,1},
+      {{put,{x,0}},8,{heap_overflow,{left,0},{wanted,1}}}},
+     {{bad_tuples,long,2},
+      {{put,{atom,too_long}},8,not_building_a_tuple}},
+     {{bad_tuples,self_referential,1},
+      {{put,{x,1}},7,{tuple_in_progress,{x,1}}}},
+     {{bad_tuples,short,1},
+      {{move,{x,1},{x,0}},7,{tuple_in_progress,{x,1}}}}] = Errors,
+
+    ok.
+
 %%%-------------------------------------------------------------------------
 
 transform_remove(Remove, Module) ->
diff --git a/lib/compiler/test/beam_validator_SUITE_data/bad_tuples.S b/lib/compiler/test/beam_validator_SUITE_data/bad_tuples.S
new file mode 100644
index 0000000000..7980241c37
--- /dev/null
+++ b/lib/compiler/test/beam_validator_SUITE_data/bad_tuples.S
@@ -0,0 +1,88 @@
+{module, bad_tuples}.  %% version = 0
+
+{exports, [{heap_overflow,1},
+           {long,2},
+           {module_info,0},
+           {module_info,1},
+           {self_referential,1},
+           {short,1}]}.
+
+{attributes, []}.
+
+{labels, 13}.
+
+
+{function, short, 1, 2}.
+  {label,1}.
+    {line,[{location,"bad_tuples.erl",4}]}.
+    {func_info,{atom,bad_tuples},{atom,short},1}.
+  {label,2}.
+    {test_heap,3,1}.
+    {put_tuple,2,{x,1}}.
+    {put,{atom,ok}}.
+    {move,{x,1},{x,0}}.
+    return.
+
+
+{function, long, 2, 4}.
+  {label,3}.
+    {line,[{location,"bad_tuples.erl",7}]}.
+    {func_info,{atom,bad_tuples},{atom,long},2}.
+  {label,4}.
+    {test_heap,6,2}.
+    {put_tuple,2,{x,2}}.
+    {put,{x,0}}.
+    {put,{x,1}}.
+    {put,{atom,too_long}}.
+    {put_tuple,2,{x,0}}.
+    {put,{atom,ok}}.
+    {put,{x,2}}.
+    return.
+
+
+{function, heap_overflow, 1, 6}.
+  {label,5}.
+    {line,[{location,"bad_tuples.erl",10}]}.
+    {func_info,{atom,bad_tuples},{atom,heap_overflow},1}.
+  {label,6}.
+    {test_heap,3,1}.
+    {put_tuple,2,{x,1}}.
+    {put,{atom,ok}}.
+    {put,{x,0}}.
+    {put,{x,0}}.
+    {move,{x,1},{x,0}}.
+    return.
+
+
+{function, self_referential, 1, 8}.
+  {label,7}.
+    {line,[{location,"bad_tuples.erl",13}]}.
+    {func_info,{atom,bad_tuples},{atom,self_referential},1}.
+  {label,8}.
+    {test_heap,3,1}.
+    {put_tuple,2,{x,1}}.
+    {put,{atom,ok}}.
+    {put,{x,1}}.
+    {move,{x,1},{x,0}}.
+    return.
+
+
+{function, module_info, 0, 10}.
+  {label,9}.
+    {line,[]}.
+    {func_info,{atom,bad_tuples},{atom,module_info},0}.
+  {label,10}.
+    {move,{atom,bad_tuples},{x,0}}.
+    {line,[]}.
+    {call_ext_only,1,{extfunc,erlang,get_module_info,1}}.
+
+
+{function, module_info, 1, 12}.
+  {label,11}.
+    {line,[]}.
+    {func_info,{atom,bad_tuples},{atom,module_info},1}.
+  {label,12}.
+    {move,{x,0},{x,1}}.
+    {move,{atom,bad_tuples},{x,0}}.
+    {line,[]}.
+    {call_ext_only,2,{extfunc,erlang,get_module_info,2}}.
-- 
cgit v1.2.3