Commit Graph

2990 Commits

Author SHA1 Message Date
Damien George ede8a0235b py/vstr: Raise a RuntimeError if fixed vstr buffer overflows.
Current users of fixed vstr buffers (building file paths) assume that there
is no overflow and do not check for overflow after building the vstr.  This
has the potential to lead to NULL pointer dereferences
(when vstr_null_terminated_str returns NULL because it can't allocate RAM
for the terminating byte) and stat'ing and loading invalid path names (due
to the path being truncated).  The safest and simplest thing to do in these
cases is just raise an exception if a write goes beyond the end of a fixed
vstr buffer, which is what this patch does.  It also simplifies the vstr
code.
2017-09-21 20:29:41 +10:00
Damien George 7885a425d7 py/stream: Remove unnecessary checks for NULL return from vstr_add_len.
The vstr argument to the calls to vstr_add_len are dynamically allocated
(ie fixed_buf=false) and so vstr_add_len will never return NULL.  So
there's no need to check for it.  Any out-of-memory errors are raised by
the call to m_renew in vstr_ensure_extra.
2017-09-21 18:22:55 +10:00
Damien George 96fd80db13 py/objexcept: Prevent infinite recursion when allocating exceptions.
The aim of this patch is to rewrite the functions that create exception
instances (mp_obj_exception_make_new and mp_obj_new_exception_msg_varg) so
that they do not call any functions that may raise an exception.  Otherwise
it's possible to create infinite recursion with an exception being raised
while trying to create an exception object.

The two main things that are done to accomplish this are:
1. Change mp_obj_new_exception_msg_varg to just format the string, then
   call mp_obj_exception_make_new to actually create the exception object.
2. In mp_obj_exception_make_new and mp_obj_new_exception_msg_varg try to
   allocate all memory first using functions that don't raise exceptions
   If any of the memory allocations fail (return NULL) then degrade
   gracefully by trying other options for memory allocation, eg using the
   emergency exception buffer.
3. Use a custom printer backend to conservatively format strings: if it
   can't allocate memory then it just truncates the string.

As part of this rewrite, raising an exception without a message, like
KeyError(123), will now use the emergency buffer to store the arg and
traceback data if there is no heap memory available.

Memory use with this patch is unchanged.  Code size is increased by:

   bare-arm:  +136
minimal x86:  +124
   unix x64:   +72
unix nanbox:   +96
      stm32:   +88
    esp8266:   +92
     cc3200:   +80
2017-09-21 15:24:57 +10:00
Paul Sokolovsky fc9a6dd09e py/objstr: strip: Don't strip "\0" by default.
An issue was due to incorrectly taking size of default strip characters
set.
2017-09-19 21:21:12 +03:00
Damien George 44f0a4d1e7 py/mpconfig.h: Add note that using computed gotos in VM is not C99. 2017-09-18 23:53:33 +10:00
Damien George fdb2aa81b7 py/{objfloat,objcomplex}: Optimise MP_UNARY_OP_ABS by reusing variables. 2017-09-18 14:31:03 +10:00
Paul Sokolovsky 9dce823cfd py/modbuiltins: Implement abs() by dispatching to MP_UNARY_OP_ABS.
This allows user classes to implement __abs__ special method, and saves
code size (104 bytes for x86_64), even though during refactor, an issue
was fixed and few optimizations were made:

* abs() of minimum (negative) small int value is calculated properly.
* objint_longlong and objint_mpz avoid allocating new object is the
  argument is already non-negative.
2017-09-18 00:06:43 +03:00
Damien George 280fb4d928 py/emitbc: Remove stray semicolon in outer scope. 2017-09-13 20:36:06 +10:00
Damien George 89f657f073 py/runtime.h: Change empty mp_warning macro so var-args are non empty.
Variable arguments in a macro should take at least 1 argument.
2017-09-13 20:33:55 +10:00
Damien George da8c4c2653 py/builtinhelp: Change signature of help text var from pointer to array.
As a pointer (const char *) it takes up an extra word of storage which is
in RAM.
2017-09-12 16:03:52 +10:00
ASM 52620c6b0e py/nlrx86: Fix building for Android/x86.
Tested using Clang on self-hosted Termux environment https://termux.com/.
2017-09-12 08:55:14 +03:00
Paul Sokolovsky eb84a830df py/runtime: Implement dispatch for "reverse op" special methods.
If, for class X, X.__add__(Y) doesn't exist (or returns NotImplemented),
try Y.__radd__(X) instead.

This patch could be simpler, but requires undoing operand swap and
operation switch to get non-confusing error message in case __radd__
doesn't exist.
2017-09-10 17:05:57 +03:00
Paul Sokolovsky 9355cca610 esp8266: Set DEFPSIZE=1024, MINCACHE=3 for "btree" module.
Defaults of 4096 and 5 respectively are too high to esp8266, causing
out of memory with a database beyond couple of pages.
2017-09-10 13:54:00 +03:00
Damien George e6fbee0981 py/builtinhelp: Simplify code slightly by extracting object type.
Reduces code size by about 10 bytes.
2017-09-10 15:15:41 +10:00
Paul Sokolovsky b8ee7ab5b9 py/runtime0.h: Put inplace arith ops in front of normal operations.
This is to allow to place reverse ops immediately after normal ops, so
they can be tested as one range (which is optimization for reverse ops
introduction in the next patch).
2017-09-08 00:10:10 +03:00
Paul Sokolovsky c460f6f15a py/runtime0.h: Regroup operations a bit.
Originally, there were grouped in blocks of 5, to make it easier e.g.
to assess and numeric code of each. But now it makes more sense to
group it by semantics/properties, and then split in chunks still,
which usually leads to chunks of ~6 ops.
2017-09-07 13:37:33 +03:00
Paul Sokolovsky 6d4cac088e py/objtype: Make sure mp_binary_op_method_name has full size again.
After recent refactorings to mp_binary_op_t, and make it future refactoring
proof for now, at the cost of extra element in the array.
2017-09-07 12:54:58 +03:00
Paul Sokolovsky 50b9329eba py/runtime0.h: Move MP_BINARY_OP_DIVMOD to the end of mp_binary_op_t.
It starts a dichotomy of mp_binary_op_t values which can't appear in the
bytecode. Another reason to move it is to VALUES of OP_* and OP_INPLACE_*
nicely adjacent. This also will be needed for OP_REVERSE_*, to be soon
introduced.
2017-09-07 11:26:42 +03:00
Paul Sokolovsky d4d1c45a55 py/runtime0.h: Move relational ops to the beginning of mp_binary_op_t.
This is to allow to encode arithmetic operations more efficiently, in
preparation to introduction of __rOP__ method support.
2017-09-07 10:55:43 +03:00
Paul Sokolovsky 5c603bd0fd py/objlist: Properly implement comparison with incompatible types.
Should raise TypeError, unless it's (in)equality comparison.
2017-09-07 00:10:10 +03:00
tll 68c28174d0 py/objstr: Add check for valid UTF-8 when making a str from bytes.
This patch adds a function utf8_check() to check for a valid UTF-8 encoded
string, and calls it when constructing a str from raw bytes.  The feature
is selectable at compile time via MICROPY_PY_BUILTINS_STR_UNICODE_CHECK and
is enabled if unicode is enabled.  It costs about 110 bytes on Thumb-2, 150
bytes on Xtensa and 170 bytes on x86-64.
2017-09-06 16:43:09 +10:00
Damien George 4a93801c12 all: Update Makefiles and others to build with new ports/ dir layout.
Also renames "stmhal" to "stm32" in documentation and everywhere else.
2017-09-06 14:09:13 +10:00
Paul Sokolovsky 1aaba5cabe py/objtuple: Properly implement comparison with incompatible types.
Should raise TypeError, unless it's (in)equality comparison.
2017-09-06 00:23:41 +03:00
Paul Sokolovsky 60749e57f2 py/objtype: Implement fallback for instance inplace special methods.
If __iop__ is not defined, call __op__ instead. This is desired behavior
for immutable types, __iop__ needs to be defined only for mutable types.
2017-09-04 16:44:21 +03:00
Damien George 77a48e8cd4 py/obj: Remove declaration for mp_obj_new_none(), it's never defined. 2017-09-04 23:35:46 +10:00
Damien George d4b75f6b68 py/obj: Fix comparison of float/complex NaN with itself.
IEEE floating point is specified such that a comparison of NaN with itself
returns false, and Python respects these semantics.  This patch makes uPy
also have these semantics.  The fix has a minor impact on the speed of the
object-equality fast-path, but that seems to be unavoidable and it's much
more important to have correct behaviour (especially in this case where
the wrong answer for nan==nan is silently returned).
2017-09-04 14:16:27 +10:00
Paul Sokolovsky 9950865c39 py/objfloat: Fix binary ops with incompatible objects.
These are now returned as "operation not supported" instead of raising
TypeError. In particular, this fixes equality for float vs incompatible
types, which now properly results in False instead of exception. This
also paves the road to support reverse operation (e.g. __radd__) with
float objects.

This is achieved by introducing mp_obj_get_float_maybe(), similar to
existing mp_obj_get_int_maybe().
2017-09-02 23:05:24 +03:00
Damien George dd376a239d py/nlrthumb: Get working again on standard Thumb arch (ie not Thumb2).
"b" on Thumb might not be long enough for the jump to nlr_push_tail so it
must be done indirectly.
2017-09-01 15:25:29 +10:00
Damien George 860eeeea9b py/qstrdefs: Remove unused qstrs.
They are not used by any component and take up valuable flash space.
2017-09-01 15:22:25 +10:00
Damien George 2daacc5cee py/modstruct: Check and prevent buffer-write overflow in struct packing.
Prior to this patch, the size of the buffer given to pack_into() was checked
for being too small by using the count of the arguments, not their actual
size.  For example, a format spec of '4I' would only check that there was 4
bytes available, not 16; and 'I' would check for 1 byte, not 4.

The pack() function is ok because its buffer is created to be exactly the
correct size.

The fix in this patch calculates the total size of the format spec at the
start of pack_into() and verifies that the buffer is large enough.  This
adds some computational overhead, to iterate through the whole format spec.
The alternative is to check during the packing, but that requires extra
code to handle alignment, and the check is anyway not needed for pack().
So to maintain minimal code size the check is done using struct_calcsize.
2017-09-01 11:11:09 +10:00
Damien George 79d5acbd01 py/modstruct: Check and prevent buffer-read overflow in struct unpacking
Prior to this patch, the size of the buffer given to unpack/unpack_from was
checked for being too small by using the count of the arguments, not their
actual size.  For example, a format spec of '4I' would only check that
there was 4 bytes available, not 16; and 'I' would check for 1 byte, not 4.

This bug is fixed in this patch by calculating the total size of the format
spec at the start of the unpacking function.  This function anyway needs to
calculate the number of items at the start, so calculating the total size
can be done at the same time.
2017-09-01 10:53:29 +10:00
Damien George 793d826d9d py/modstruct: In struct.pack, stop converting if there are no args left.
This patch makes a repeat counter behave the same as repeating the
typecode, when there are not enough args.  For example:
struct.pack('2I', 1) now behave the same as struct.pack('II', 1).
2017-09-01 10:10:51 +10:00
Damien George ca21aed0a1 py: Make m_malloc_fail() have void return type, since it doesn't return. 2017-08-31 17:00:14 +10:00
Damien George 6c9fca2aa9 py/map: Remove unused new/free functions.
Maps are always allocated "statically" and (de)initialised via mp_map_init
and mp_map_deinit.
2017-08-31 16:46:13 +10:00
Damien George 0e420d48ee py/map: Replace always-false condition with assertion. 2017-08-31 16:45:02 +10:00
Paul Sokolovsky 4556bd2acd py/objtype: mp_obj_class_lookup: Improve debug logging.
Now traces more explicitly thru the lookup process.
2017-08-31 00:44:51 +03:00
Paul Sokolovsky df6605eaba py/objtype: mp_obj_instance_make_new: Fix typos in comment. 2017-08-30 20:55:34 +03:00
Damien George 0102ee092b py: Change obsolete "///" comment formatting to normal comments.
This comment style is no longer used because the docs are written by hand,
not generated.
2017-08-30 21:02:00 +10:00
Paul Sokolovsky 784909ce16 py/objtype: Handle NotImplemented return from binary special methods.
NotImplemented means "try other fallbacks (like calling __rop__
instead of __op__) and if nothing works, raise TypeError". As
MicroPython doesn't implement any fallbacks, signal to raise
TypeError right away.
2017-08-30 01:39:24 +03:00
Damien George 58321dd985 all: Convert mp_uint_t to mp_unary_op_t/mp_binary_op_t where appropriate
The unary-op/binary-op enums are already defined, and there are no
arithmetic tricks used with these types, so it makes sense to use the
correct enum type for arguments that take these values.  It also reduces
code size quite a bit for nan-boxing builds.
2017-08-29 13:16:30 +10:00
Damien George be8e5744e6 py/nlrx86,x64: Replace #define of defined() with portable macro usage.
Using gcc -Wpedantic will warn that #define of defined() is non-portable
and this patch fixes this.
2017-08-29 12:52:18 +10:00
Paul Sokolovsky 37379a2974 py/objstr: startswith, endswith: Check arg to be a string.
Otherwise, it will silently get incorrect result on other values types,
including CPython tuple form like "foo.png".endswith(("png", "jpg"))
(which MicroPython doesn't support for unbloatedness).
2017-08-29 00:06:21 +03:00
Damien George f9ecaa132f py/asmthumb: Use existing macro to properly clear the D-cache.
This macro is provided by stmhal/mphalport.h and makes sure the addr and
size arguments are correctly aligned.
2017-08-23 11:32:27 +10:00
Damien George f5309fc4ff py/formatfloat: Don't post-increment variable that won't be used again. 2017-08-21 22:04:23 +10:00
Damien George 103ae43f95 py/objcomplex: Remove unnecessary assignment of variable. 2017-08-21 22:03:27 +10:00
Damien George ad6aae13a4 py/compile: Remove unused pn_colon code when compiling func params. 2017-08-21 22:00:34 +10:00
Damien George b16a755a0b py/mkrules.mk: Use "find -path" when searching for frozen obj files.
This allows the command to succeed without error even if there is no
$(BUILD)/build directory, which is the case for mpy-cross.
2017-08-21 20:32:30 +10:00
Paul Sokolovsky e3383e9352 py/stream: seek: Consistently handle negative offset for SEEK_SET.
Per POSIX, this is EINVAL, so raises OSError(EINVAL).
2017-08-20 22:02:41 +03:00
Paul Sokolovsky 0cd9ab7755 py/objstringio: Fix regression with handling SEEK_SET.
For SEEK_SET, offset should be treated as unsigned, to allow full-width
stream sizes (e.g. 32-bit instead of 31-bit). This is now fully documented
in stream.h. Also, seek symbolic constants are added.
2017-08-20 22:02:41 +03:00
Tom Collins 168350cd98 py/objstringio: Prevent offset wraparound for io.BytesIO objects.
Too big positive, or too big negative offset values could lead to overflow
and address space wraparound and thus access to unrelated areas of memory
(a security issue).
2017-08-20 22:00:05 +03:00