Jitted code doesn't check if slice index is in bounds

[mateon1]

With this program eval(jc, "-[>-[>-<-]<-]<-]".into()), the brainfuck interpreter panics, because it sees an unknown symbol at the program counter (garbage memory) With eval(jc, "-[>-[>-[>-<-]<-]<-]<-]".into()) - the program receives a SIGSEGV, caused by a read of one byte before an allocated page.

I'll try to run these with ASAN and report the results

EDIT: I can't build with ASAN, because kernel32-sys fails to link. Brainfart, I need to pass the --target flag, but holyjit also fails to link. EDIT2: I just realized the brackets in these programs are mismatched, which means bounds checks aren't emitted properly under jit!()

[nbp]

I usually use rr to debug the generate code, as you can walk the code execution backward.

I can reproduce this issue. I got a SEGV which corresponds to the panic with the message "Unknown Symbol". The problem likely comes from the code which is being produced by the array access[1], which is probably always checked, but never appear in the MIR.

[1] https://github.com/nbp/holyjit/blob/e4ed3be729ae91c5aa8ce93ca0c648afb642feb9/plugin/src/trans.rs#L586