Svadev mailing list

[Stefan.Scheruebl AT continental-corporation.com]

> Is the software that you're going to instrument with SAFECode using 
> Windows-specific API's (e.g., HeapAlloc)? 


Maybe it's worth to tell you some details of my projoct just for your 
understanding.
I'm working for an atomotive company and in this section functional safety is 
getting more and more important.
So I got the job to find a solution to keep our test scripts which are 
written in Rational Test Realtime 
(Windows application) and fulfill, e.g. the requirement to check the embedded 
C code for crosstalk errors.
At the moment RTR generates out of the testscripts (non C code) and the 
C-code to be tested a pure C-code that 
represents both. This C-code is compiled/linked and then loaded/executed in a 
simulated (ECU specific) debug environment.
The idea is now to keep this process and simply exchange the compiler with 
the SAFECode variant.
If this idea works and if the functional safety capabilities of LLVM/SAFECode 
can be used has to be worked out.


> If so, then SAFECode may not catch as many errors as it does on Unix 
> systems.  
> This is because it won't recognize memory allocated by Windows-specific API 
> functions.
...
> Also, I should point out that SAFECode can catch more errors when you 
> use the libLTO functionality.

As our microcontrollers does not use any Windows-specific API functions this 
should be no issue but
if it turns out that libLTO might be useful I'll activate it for sure (is it 
a big deal?). Till now
I know not much about libLTO so for the startup to keep the stuff simple I 
guess it's better not
to activate it...


> Not all operating systems have this.  You should comment out the line or 
> (better yet) change the #ifdef guard to check for #if defined(__APPLE__) 
> instead of #if !defined(__linux__).

I found a longer discussion about the madvice function in Cygwin. It seems 
that the implementation in
Cygwin does simply nothing (apart from some flags).  And also MADV_FREE seems 
to be very new and therefore
has not be considered in my Cygwin version. To solve the issue for all 
appearances I added the following line to mman.h

#define MADV_FREE      MADV_DONTNEED


> I'm not sure why the rm is failing; I suspect it's because the compile 
> is failing and so the file that rm wants to remove is not there.  
> Hopefully fixing the compile will fix the rm issue.

Yes, fixing the compile fixed the rm issue. Nevertheless I think this is an 
error that brings no 
additional benefit and is also not neccessary. Is there a backround behind 
this kind of
implementation or would it just be better to use the force option rm -f ?


> You need to remove the use of this header file on Windows.

As I think that the correct working function getProgramCounter is an 
important item for my usecase
I added a windows version of ucontext.h to the sys directory. As the content 
of getProgramCounter has 
no check for windows the whole code was disabled and so I added the following:

        ucontext_t*   ucp;
        int ret;

        ucp = (ucontext_t*)context;

        /* Retrieve the full machine context */
        ucp->uc_mcontext.ContextFlags = CONTEXT_FULL;
        ret = GetThreadContext(GetCurrentThread(), &ucp->uc_mcontext);

        return (ret == 0) ? -1: 0;

After this changes the make continues and stops with the following error:


llvm[2]: Compiling softboundcets.c for Release+Asserts build
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.c:1:1: 
Warnung: C++-Stil-Kommentare sind in ISO-C90 nicht erlaubt [standardmäßig 
aktiviert]
 //=== SoftBoundRuntime/softboundcets.c - Creates the main function for 
SoftBound+CETS Runtime --*- C -*===//
 ^
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.c:1:1: 
Warnung: (dies wird nur einmal pro Eingabedatei gemeldet) [standardmäßig 
aktiviert]
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.c:51:22:
 schwerwiegender Fehler: execinfo.h: No such file or directory
 #include <execinfo.h>
                      ^
Kompilierung beendet.
/usr/bin/rm: Entfernen von 
„/tmp/LLVM_OBJ/projects/safecode/runtime/SoftBoundRuntime/Release+Asserts/softboundcets.d.tmp“
 nicht möglich: No such file or directory
make[2]: *** 
[/tmp/LLVM_OBJ/projects/safecode/runtime/SoftBoundRuntime/Release+Asserts/softboundcets.o]
 Error 1
make[2]: Leaving directory 
`/tmp/LLVM_OBJ/projects/safecode/runtime/SoftBoundRuntime'
make[1]: *** [SoftBoundRuntime/.makeall] Error 2
make[1]: Leaving directory `/tmp/LLVM_OBJ/projects/safecode/runtime'
make: *** [all] Error 1


After removeing this include - just for test cases - it breaks with the 
following message (just a snippet)


...
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.h:324:21:
 Warning: always_inline may not be created as inline [-Wattributes]
 __WEAK_INLINE void* __softboundcets_load_base_shadow_stack(int arg_no){
                     ^
In file included from 
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.c:53:0:
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.h:301:20:
 Warning: always_inline may not be created as inline [-Wattributes]
 __WEAK_INLINE void __softboundcets_allocate_shadow_stack_space(int 
num_pointer_args){
                    ^
In file included from 
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.c:53:0:
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.h: In 
Function »__softboundcets_copy_metadata«:
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.h:443:45:
 Error: »inline« Call of always_inline »__softboundcets_trie_allocate« 
failed: function body can be overwritten at link time
 __WEAK_INLINE __softboundcets_trie_entry_t* __softboundcets_trie_allocate(){
                                             ^
/tmp/LLVM_SRC/projects/safecode/runtime/SoftBoundRuntime/softboundcets.h:512:25:
 Error: called from here
         temp_from_strie = __softboundcets_trie_allocate();

...


Cygwin seems not deliver this include - what does that mean for the 
functionality of SafeCode?
The second error - no clue - what does it mean?

Regards,

Stefan