* module/system/base/target.scm (cpu-endianness, triplet-pointer-size):
Add case for "sh3".
Signed-off-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Reported by Christopher Allan Webber <cwebber@dustycloud.org>
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
This commit adds protection to Guile's REPL servers against HTTP
inter-protocol exploitation attacks, a scenario whereby an attacker can,
via an HTML page, cause a web browser to send data to TCP servers
listening on a loopback interface or private network. See
<https://en.wikipedia.org/wiki/Inter-protocol_exploitation> and
<https://www.jochentopf.com/hfpa/hfpa.pdf>, The HTML Form Protocol
Attack (2001) by Tochen Topf <jochen@remote.org>.
Here we add a procedure to 'before-read-hook' that looks for a possible
HTTP request-line in the first line of input from the client socket. If
present, the socket is drained and closed, and a loud warning is written
to stderr (POSIX file descriptor 2).
* module/system/repl/server.scm: Add 'maybe-check-for-http-request'
to 'before-read-hook' when this module is loaded.
(with-temporary-port-encoding, with-saved-port-line+column)
(drain-input-and-close, permissive-http-request-line?)
(check-for-http-request, guard-against-http-request)
(maybe-check-for-http-request): New procedures.
(serve-client): Use 'guard-against-http-request'.
* module/system/repl/coop-server.scm (start-repl-client): Use
'guard-against-http-request'.
* doc/ref/guile-invoke.texi (Command-line Options): In the description
of the --listen option, make the security warning more prominent.
Mention the new protection added here. Recommend using UNIX domain
sockets for REPL servers. "a path to" => "the file name of".
* libguile/snarf.h (SCM_IMMUTABLE_STRINGBUF): Remove shared flag.
Stringbufs are immutable by default.
* libguile/strings.c: Rewrite blurb. Change to have stringbufs be
immutable by default and mutable only when marked as such. Going
mutable means making a private copy.
(STRINGBUF_MUTABLE, STRINGBUF_F_MUTABLE): New definitions.
(SET_STRINGBUF_SHARED): Remove.
(scm_i_print_stringbuf): Simplify to just alias the stringbuf as-is.
(substring_with_immutable_stringbuf): New helper.
(scm_i_substring, scm_i_substring_read_only, scm_i_substring_copy):
use new helper.
(scm_i_string_ensure_mutable_x): New helper.
(scm_i_substring_shared): Use scm_i_string_ensure_mutable_x.
(stringbuf_write_mutex): Remove; yaaaaaaaay.
(scm_i_string_start_writing): Use scm_i_string_ensure_mutable_x. No
more mutex.
(scm_i_string_stop_writing): Now a no-op.
(scm_i_make_symbol): Use substring/copy.
(scm_sys_string_dump, scm_sys_symbol_dump): Update.
* libguile/strings.h (SCM_I_STRINGBUF_F_SHARED): Remove.
(SCM_I_STRINGBUF_F_MUTABLE): Add.
* module/system/vm/assembler.scm (link-data): Don't add shared flag any
more. Existing compiled flags are harmless tho.
* test-suite/tests/strings.test ("string internals"): Update.
* libguile/dynstack.h:
* libguile/dynstack.c (scm_dynstack_find_old_fluid_value): New
function.
* libguile/fluids.c (saved_dynamic_state_ref): New helper.
(scm_fluid_ref): Fix docstring.
(scm_fluid_ref_star): New function allowing access to previous values
for a fluid.
(scm_dynamic_state_ref): New internal function.
* libguile/fluids.h: Add scm_fluid_ref_star and scm_dynamic_state_ref.
* libguile/stacks.c (scm_stack_id): Adapt to %stacks not being a chain.
* libguile/throw.c (catch, throw_without_pre_unwind): Adapt to
%exception-handlers not being a chain.
* module/ice-9/boot-9.scm (catch, dispatch-exception): Instead of having
%exception-handlers be a chain, use fluid-ref* to access the chain
that is in place at the time the exception is thrown. Prevents
unintended undelimited capture of the current exception handler stack
by a delimited "catch".
(%start-stack): Similarly, don't be a chain.
* module/system/repl/debug.scm (frame->stack-vector):
* module/system/repl/error-handling.scm (call-with-error-handling):
* module/ice-9/save-stack.scm (save-stack): Adapt to %stacks not being a
chain.
* test-suite/tests/exceptions.test ("delimited exception handlers"): Add
tests.
* doc/ref/api-control.texi (Fluids and Dynamic States): Add docs.
* libguile/vm-engine.c (fluid-set!): Fix name of opcode to correspond
with name of Tree-IL primitive. Fixes compilation of fluid-set! to
actually use the fluid-set! opcode.
* doc/ref/vm.texi (Dynamic Environment Instructions): Update.
* module/language/cps/compile-bytecode.scm (compile-function): Add
fluid-set! case.
* module/system/vm/assembler.scm: Update export name for
emit-fluid-set!.
* module/system/vm/assembler.scm (simple-uniform-vector?): array-length
fails for rank 0 arrays; fix the shape condition.
* test-suite/tests/arrays.test: Test reading of #0f64(x) in compilation
context.
* doc/ref/vm.texi (Inlined Atomic Instructions): New section.
* libguile/vm-engine.c (VM_VALIDATE_ATOMIC_BOX, make-atomic-box)
(atomic-box-ref, atomic-box-set!, atomic-box-swap!)
(atomic-box-compare-and-swap!): New instructions.
* libguile/vm.c: Include atomic and atomics-internal.h.
(vm_error_not_a_atomic_box): New function.
* module/ice-9/atomic.scm: Register primitives with the compiler.
* module/language/cps/compile-bytecode.scm (compile-function): Add
support for atomic ops.
* module/language/cps/effects-analysis.scm: Add comment about why no
effects analysis needed.
* module/language/cps/reify-primitives.scm (primitive-module): Add case
for (ice-9 atomic).
* module/language/tree-il/primitives.scm (*effect-free-primitives*):
(*effect+exception-free-primitives*): Add atomic-box?.
* module/system/vm/assembler.scm: Add new instructions.
* test-suite/tests/atomic.test: Test with compilation and
interpretation.
* libguile/tags.h (scm_tc7_smob):
* module/system/base/types.scm (%tc7-smob): Tweak this value, just to
prove that it can be done. Remove scary comment.
* m4/mkstemp.m4: Remove.
* lib/mkstemp.c: Remove.
* lib/mkostemp.c: New file.
* m4/mkostemp.m4: New file.
* lib/Makefile.am:
* m4/gnulib-cache.m4:
* m4/gnulib-comp.m4: Remove mkstemp module, replace with mkostemp.
* libguile/fports.h:
* libguile/fports.c (scm_i_mode_to_open_flags): Factor out helper to
parse mode string to open flags.
(scm_open_file_with_encoding): Use the new helper.
* libguile/filesys.c:
(scm_i_mkstemp): Adapt to take optional second argument, being a mode
string. Use mkostemp.
(scm_mkstemp): Backwards compatible shim that calls scm_i_mkstemp.
* doc/ref/posix.texi:
* NEWS: Update.
* module/system/base/compile.scm (call-with-output-file/atomic): Pass
"wb" as mode, to cause O_BINARY to be added on MinGW.
* doc/ref/vm.texi (Top-Level Environment Instructions): Update
documentation.
* libguile/_scm.h (SCM_OBJCODE_MINOR_VERSION): Bump, sadly.
* module/system/vm/assembler.scm (*bytecode-minor-version*): Bump.
* libguile/vm-engine.c (define!): Change to store variable in dst slot.
* module/language/tree-il/compile-cps.scm (convert):
* module/language/cps/compile-bytecode.scm (compile-function): Adapt to
define! change.
* module/language/cps/effects-analysis.scm (current-module): Fix define!
effects. Incidentally here was the bug: in Guile 2.2 you can't have
effects on different object kinds in one instruction, without
reverting to &unknown-memory-kinds.
* test-suite/tests/compiler.test ("regression tests"): Add a test.
* module/system/base/compile.scm (call-with-output-file/atomic): Use the
permissions of the source file, if available, as the permissions of
the compiled file. Fixes#18477.
* module/system/vm/assembler.scm (immediate-bits): Fix a bug whereby
compiling to a 32-bit target from a 64-bit host would treat all
integers whose representation fit into 32 bits as immediates. This
would result in integer constants between #x20000000 and 0x3fffffff
being residualized in such a way that they would be loaded as negative
numbers.
* doc/ref/guile.texi: Add 2016 to user-visible copyright notice.
* module/ice-9/command-line.scm (version-etc): Bump 'copyright-year' to
2016.
* module/system/repl/common.scm (*version*): Add 2016 to the range of
copyright years.
* module/ice-9/command-line.scm (version-etc): Bump 'copyright-year' to
2015.
* module/system/repl/common.scm (*version*): Add 2015 to the range of
copyright years.
* module/system/base/types.scm (cell->object): Use 'get-bytevector-n'
instead of 'get-bytevector-all', so that the zero-length case does not
return EOF.
* module/statprof.scm: Remove most of the commentary, as it was
duplicated in the manual and was getting out of date.
(stats): Remove self-secs-per-call and cum-secs-per-call fields as
they can be computed from the other fields.
(statprof-call-data->stats): Adapt.
(statprof-stats-self-secs-per-call):
(statprof-stats-cum-secs-per-call): New functions.
(statprof-display/flat): Don't print the seconds-per-call fields, as
we are no longer stopping the clock around call counters. Anyway
these times were quite misleading.
(with-statprof): Deprecate. It took its keyword arguments at the
beginning; very complicated! Better to use the `statprof' function.
(`statprof' was introduced after `with-statprof' and then
`with-statprof' was adapted to use it.)
* doc/ref/statprof.texi (Statprof): Port this documentation away from
the automatically generated text and update it for the new interfaces
like #:display-style.
* module/system/base/syntax.scm (record-case): Remove comment that
referenced with-statprof. Add comment indicating that record-case
should be replaced.
* doc/ref/scheme-using.texi (Profile Commands): Update to mention
keyword arguments and to link to the statprof documentation.
* module/system/repl/debug.scm (print-locals): Adapt to
frame-binding-ref change.
* module/system/vm/frame.scm (<binding>): Add `frame' field.
(available-bindings): Capture the frame.
(binding-ref, binding-set!): New functions, accessing a local variable
value directly from a frame.
(frame-binding-ref, frame-binding-set!): Remove. As these are very
low-level debugging interfaces introduced in 2.0, never documented,
and quite tied to the VM, we feel comfortable making this change.
(frame-call-representation): Adapt to available-bindings change.
(frame-environment, frame-object-binding): Adapt to binding-ref
interface change.
* doc/ref/vm.texi (Stack Layout): Mention that slots can be re-used.
Update disassembly in example.
* doc/ref/api-debug.texi (Frames): Remove documentation for
frame-local-ref, frame-local-set!, and frame-num-locals. Replace with
documentation for frame-bindings, binding accessors, and binding-ref /
binding-set!.
* libguile/frames.h (scm_frame_num_locals, scm_frame_local_ref)
(scm_frame_local_set_x): Remove. As long as we are changing the
interface in a backward-incompatible way, we might as well remove
these.
* libguile/frames.c (scm_frame_num_locals, scm_frame_local_ref)
(scm_frame_local_set_x, scm_init_frames_builtins, scm_init_frames):
Arrange to make frame-local-ref et al private to frames.scm.
* module/system/vm/frame.scm: Load scm_init_frames_builtins extensions.
(frame-instruction-pointer-or-primitive-procedure-name): New public
function.
(frame-binding-ref, frame-binding-set!): Allow binding objects as
vars.
* module/system/repl/debug.scm (print-locals): Pass binding directly to
frame-binding-ref.
* module/statprof.scm (sample-stack-procs, count-call): Use new
frame-instruction-pointer-or-primitive-procedure-name function.
* module/system/vm/assembler.scm (define-byte-order-swapper): New
helper.
(byte-swap/2!, byte-swap/4!, byte-swap/8!): New functions.
(link-data): Swap bytes in uniform vectors on foreign byte orders.
* module/system/vm/assembler.scm (immediate-bits): Rename from
immediate?, and return the bits. Take asm argument so that we measure
what's an immediate not on the host but for the target. Adapt all
callers.
(write-immediate): Take bits instead of SCM object. Adapt callers.
(write-placeholder): New helper, to write bits for #f. Adapt callers
that wrote #f to use write-placeholder.
* module/system/vm/assembler.scm: Change define encoders for all of the
kinds of instructions and have the emit-foo procedures call the common
encoders. No change to public interface. This decreases the amount
of generated code in the assembler.
* libguile/vm-engine.c (BR_U64_SCM_COMPARISON): New helper.
(br-if-u64-<=-scm, br-if-u64-<-scm, br-if-u64-=-scm)
(br-if-u64->-scm, br-if-u64->=-scm): New instructions, to compare an
untagged u64 with a tagged SCM. Avoids many u64->scm operations.
* module/language/cps/compile-bytecode.scm (compile-function):
* module/language/cps/effects-analysis.scm:
* module/language/cps/type-fold.scm:
* module/system/vm/assembler.scm:
* module/system/vm/disassembler.scm (code-annotation, compute-labels):
* module/language/cps/primitives.scm (*branching-primcall-arities*): Add
support for new opcodes.
* module/language/cps/specialize-numbers.scm
(specialize-u64-scm-comparison): New helper.
* module/language/cps/specialize-numbers.scm (specialize-operations):
Specialize u64 comparisons.
* module/language/cps/types.scm (true-comparison-restrictions): New helper.
(define-comparison-inferrer): Use the new helper. Add support for
u64-<-scm et al.
