LINUX.ORG.RU

История изменений

Исправление GPFault, (текущая версия) :

Прочитал https://fil-c.org/invisicaps_by_example

Первые несколько десятков примеров - супер.

А потом столкнулся с местом, где они кажется очень сильно перебдели, вроде хранить уазатель в uintptr_t «хоть вечно» вполне нормальная практика:

But this only works if the cast from int-to-ptr and ptr-to-int casts are local to one another and the compiler can unambiguously pick the original pointer’s capability. For example, this doesn’t work:

#include <stdio.h>
#include <inttypes.h>

uintptr_t x;

int main()
{
    const char* str = "hello";
    x = (uintptr_t)str;
    asm volatile("" : : : "memory");
    printf("%s\n", (const char*)x);
    return 0;
}

Here, we’ve made sure that the compiler cannot see the int-to-ptr cast as having any relationship to the ptr-to-int cast, since x is a global variable (so anyone could muck with it) and we have prevented any kind of load elimination (thanks to the compiler fence). So, this gets:

filc safety error: cannot read pointer with null object.
    pointer: 0x60ac4d7f1cf0,<null>
    expected 1 bytes.
semantic origin:
    src/string/strlen.c:8:9: strlen
check scheduled at:
    src/string/strlen.c:8:9: strlen
    src/stdio/fputs.c:6:13: fputs
    src/stdio/puts.c:7:8: puts
    test28.c:11:5: main
    src/env/__libc_start_main.c:79:7: __libc_start_main
    <runtime>: start_program
[722598] filc panic: thwarted a futile attempt to violate memory safety.
Trace/breakpoint trap (core dumped)

Исходная версия GPFault, :

Прочитал https://fil-c.org/invisicaps_by_example

Первые несколько десятков примеров - супер.

А потом столкнулся с вот местом, где они кажется очень сильно перебдели, вроде хранить уазатель в uintptr_t «хоть вечно» вполне нормальная практика:

But this only works if the cast from int-to-ptr and ptr-to-int casts are local to one another and the compiler can unambiguously pick the original pointer’s capability. For example, this doesn’t work:

#include <stdio.h>
#include <inttypes.h>

uintptr_t x;

int main()
{
    const char* str = "hello";
    x = (uintptr_t)str;
    asm volatile("" : : : "memory");
    printf("%s\n", (const char*)x);
    return 0;
}

Here, we’ve made sure that the compiler cannot see the int-to-ptr cast as having any relationship to the ptr-to-int cast, since x is a global variable (so anyone could muck with it) and we have prevented any kind of load elimination (thanks to the compiler fence). So, this gets:

filc safety error: cannot read pointer with null object.
    pointer: 0x60ac4d7f1cf0,<null>
    expected 1 bytes.
semantic origin:
    src/string/strlen.c:8:9: strlen
check scheduled at:
    src/string/strlen.c:8:9: strlen
    src/stdio/fputs.c:6:13: fputs
    src/stdio/puts.c:7:8: puts
    test28.c:11:5: main
    src/env/__libc_start_main.c:79:7: __libc_start_main
    <runtime>: start_program
[722598] filc panic: thwarted a futile attempt to violate memory safety.
Trace/breakpoint trap (core dumped)