From: Joe Buck <jbuck@synopsys.COM>
To: paulus@samba.org
Cc: jbuck@synopsys.COM (Joe Buck),
dewar@gnat.com, velco@fadata.bg, gcc@gcc.gnu.org,
linux-kernel@vger.kernel.org, linuxppc-dev@lists.linuxppc.org,
trini@kernel.crashing.org
Subject: Re: [PATCH] C undefined behavior fix
Date: Thu, 3 Jan 2002 07:45:24 -0800 (PST) [thread overview]
Message-ID: <200201031545.HAA14668@atrus.synopsys.com> (raw)
In-Reply-To: <15411.52243.87016.442521@argo.ozlabs.ibm.com> from "Paul Mackerras" at Jan 03, 2002 02:12:19 PM
> > There is already such a project under development: see
> >
> > http://gcc.gnu.org/projects/bp/main.html
> >
> > This is a modification to gcc that implements pointers as triples.
> > While there is a performance penalty for doing this, it can completely
> > eliminate the problem of exploitable buffer overflows. However, programs
> > that violate the rules of ISO C by generating out-of-range pointers will
> > fail.
>
> What will it do if I cast a pointer to unsigned long? Or if I cast an
> unsigned long to a pointer? The kernel does both of these things, and
> in a lot of places.
Perhaps you need to reread a book like K&R, second edition, to find out
what the C language promises you and what it doesn't.
The bounded-pointer approach represents a C pointer as three machine
pointers. When you cast to unsigned long, it converts the "value"
pointer. When you cast an unsigned long to a pointer, you lose the range
information, so the pointer's extent is anywhere in memory. However,
if the compiler can determine by dataflow analysis where this value
came from it is entitled to put the original range information back.
> Part of my beef with what gcc-3 is doing is that I take a pointer,
> cast it to unsigned long, do something to it, cast it back to a
> pointer, and gcc _still_ thinks it's knows what I am doing. It
> doesn't.
The C language standard defines quite precisely what the compiler is
allowed to assume and what it is not allowed to assume. If you don't
like these rules, you will dislike *all* modern C compilers, especially
the expensive proprietary C compilers hardware vendors often use to
get good SPEC results.
next prev parent reply other threads:[~2002-01-03 15:45 UTC|newest]
Thread overview: 202+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-01-02 23:53 [PATCH] C undefined behavior fix dewar
2002-01-02 23:59 ` Joe Buck
2002-01-03 3:12 ` Paul Mackerras
2002-01-03 15:45 ` Joe Buck [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-01-10 19:01 Bernard Dautrevaux
2002-01-10 12:18 dewar
2002-01-10 12:37 ` Erik Trulsson
2002-01-10 15:27 ` Florian Weimer
2002-01-10 9:03 Bernard Dautrevaux
2002-01-10 10:40 ` David Weinehall
2002-01-10 4:33 dewar
2002-01-10 2:16 dewar
2002-01-10 1:22 dewar
2002-01-10 1:21 dewar
2002-01-10 4:37 ` Tim Hollebeek
2002-01-09 21:54 dewar
2002-01-09 20:32 dewar
2002-01-09 21:43 ` Paul Koning
2002-01-09 20:08 dewar
2002-01-09 19:53 mike stump
2002-01-09 20:12 ` Paul Koning
2002-01-09 10:42 dewar
2002-01-09 10:41 Bernard Dautrevaux
2002-01-09 21:59 ` Gérard Roudier
2002-01-09 10:40 dewar
2002-01-09 9:06 Bernard Dautrevaux
2002-01-09 9:25 ` Bernd Petrovitsch
2002-01-09 2:18 dewar
2002-01-09 2:13 dewar
2002-01-09 1:51 mike stump
2002-01-09 1:19 dewar
2002-01-09 0:51 dewar
2002-01-08 11:12 Bernard Dautrevaux
2002-01-11 9:52 ` Horst von Brand
2002-01-08 9:44 Bernard Dautrevaux
2002-01-08 11:44 ` 'jtv'
2002-01-08 0:16 mike stump
2002-01-08 11:33 ` jtv
2002-01-07 23:46 mike stump
2002-01-07 23:20 dewar
2002-01-07 23:15 dewar
2002-01-07 23:12 dewar
2002-01-07 23:11 dewar
2002-01-07 22:56 mike stump
2002-01-07 22:26 Tim McDaniel
2002-01-07 19:36 mike stump
2002-01-07 21:21 ` Theodore Tso
2002-01-08 0:19 ` Paul Mackerras
2002-01-08 1:02 ` Richard Henderson
2002-01-07 19:18 mike stump
2002-01-07 19:17 Bernard Dautrevaux
2002-01-07 18:38 mike stump
2002-01-07 13:29 Bernard Dautrevaux
2002-01-07 13:24 Bernard Dautrevaux
2002-01-07 21:49 ` jtv
2002-01-07 22:28 ` Tim Hollebeek
2002-01-07 22:16 ` jtv
2002-01-08 0:27 ` J.A. Magallon
2002-01-08 11:41 ` jtv
2002-01-08 12:36 ` Alexandre Oliva
2002-01-08 12:58 ` jtv
2002-01-09 19:47 ` Gérard Roudier
2002-01-09 20:44 ` jtv
2002-01-09 23:49 ` J.A. Magallon
2002-01-10 0:19 ` Peter Barada
2002-01-10 1:47 ` Fergus Henderson
2002-01-10 15:30 ` Peter Barada
2002-01-10 10:13 ` Matthias Benkmann
2002-01-10 10:44 ` Bernd Petrovitsch
2002-01-06 19:32 dewar
2002-01-06 19:29 dewar
2002-01-06 19:29 dewar
2002-01-06 18:37 mike stump
2002-01-06 18:24 mike stump
2002-01-06 20:37 ` Gabriel Dos Reis
2002-01-06 21:59 ` Paul Mackerras
2002-01-06 22:19 ` Jakub Jelinek
2002-01-07 0:09 ` Tom Rini
2002-01-07 1:40 ` Alexandre Oliva
2002-01-06 18:20 mike stump
2002-01-06 16:22 dewar
2002-01-06 16:39 ` Alan Cox
2002-01-06 19:27 ` Laurent Guerby
2002-01-06 19:43 ` Alan Cox
2002-01-06 13:43 dewar
2002-01-06 13:55 ` Laurent Guerby
2002-01-06 13:41 dewar
2002-01-06 16:58 ` Gabriel Dos Reis
2002-01-06 13:16 dewar
2002-01-06 13:22 ` Gabriel Dos Reis
2002-01-06 13:07 dewar
2002-01-06 13:05 dewar
2002-01-06 13:41 ` Laurent Guerby
2002-01-06 7:56 mike stump
2002-01-06 4:26 dewar
2002-01-06 5:32 ` Paul Mackerras
2002-01-06 11:09 ` Momchil Velikov
2002-01-06 0:52 dewar
2002-01-04 22:43 dewar
2002-01-06 3:40 ` Paul Mackerras
2002-01-04 12:15 dewar
2002-01-04 12:14 dewar
2002-01-03 13:28 dewar
2002-01-04 8:38 ` Florian Weimer
2002-01-04 11:35 ` Joseph S. Myers
2002-01-05 19:25 ` jkl
2002-01-05 19:37 ` Joseph S. Myers
2002-01-05 20:06 ` jkl
2002-01-05 21:42 ` Joseph S. Myers
2002-01-06 4:09 ` Paul Mackerras
2002-01-05 20:01 ` Florian Weimer
2002-01-05 20:17 ` jkl
2002-01-05 20:51 ` Florian Weimer
2002-01-03 12:51 dewar
2002-01-03 10:35 Bernard Dautrevaux
2002-01-03 10:05 Bernard Dautrevaux
2002-01-03 10:49 ` Paul Mackerras
2002-01-03 11:59 ` Lars Brinkhoff
2002-01-03 23:53 ` Paul Mackerras
2002-01-04 9:52 ` Lars Brinkhoff
2002-01-05 6:45 ` Paul Mackerras
2002-01-06 0:20 ` Lars Brinkhoff
2002-01-09 9:28 ` Fergus Henderson
2002-01-09 10:58 ` Gabriel Dos Reis
2002-01-03 0:49 dewar
2002-01-03 0:12 dewar
2002-01-03 0:32 ` jtv
2002-01-06 19:37 ` Alexandre Oliva
2002-01-02 17:40 Petr Vandrovec
2002-01-02 22:24 ` David Woodhouse
2002-01-02 22:39 ` Joe Buck
2002-01-02 22:59 ` David Woodhouse
2002-01-03 18:44 ` Alexandre Oliva
2002-01-02 10:02 Bernard Dautrevaux
2002-01-02 23:02 ` Paul Mackerras
2002-01-02 23:27 ` Momchil Velikov
2002-01-01 23:03 Momchil Velikov
2002-01-01 23:43 ` Tom Rini
2002-01-02 6:54 ` Momchil Velikov
2002-01-02 15:39 ` Tom Rini
2002-01-02 15:50 ` Jakub Jelinek
2002-01-02 16:45 ` Paul Koning
2002-01-02 22:56 ` Paul Mackerras
2002-01-02 23:37 ` Momchil Velikov
2002-01-03 2:51 ` Paul Mackerras
2002-01-03 6:29 ` law
2002-01-03 13:16 ` Lars Brinkhoff
2002-01-04 9:05 ` Florian Weimer
2002-01-04 22:14 ` Paul Mackerras
2002-01-02 14:56 ` Joseph S. Myers
2002-01-02 10:29 ` Florian Weimer
2002-01-02 10:41 ` Momchil Velikov
2002-01-02 13:11 ` Jakub Jelinek
2002-01-02 15:54 ` Tom Rini
2002-01-02 11:28 ` Aaron Lehmann
2002-01-02 11:40 ` Momchil Velikov
2002-01-02 15:59 ` Tom Rini
2002-01-02 11:48 ` Alan Cox
2002-01-02 19:09 ` Tom Rini
2002-01-02 20:13 ` Joe Buck
2002-01-02 20:42 ` Tom Rini
2002-01-02 21:36 ` Richard Henderson
2002-01-02 22:05 ` Tom Rini
2002-01-02 22:23 ` jtv
2002-01-02 23:12 ` Tom Rini
2002-01-02 23:45 ` jtv
2002-01-03 0:01 ` Tom Rini
2002-01-03 0:07 ` Richard Henderson
2002-01-03 0:16 ` Tom Rini
2002-01-03 1:12 ` Richard Henderson
2002-01-03 0:20 ` jtv
2002-01-03 2:33 ` Paul Mackerras
2002-01-03 8:32 ` Richard Henderson
2002-01-03 10:10 ` Paul Mackerras
2002-01-03 22:41 ` Tim Hollebeek
2002-01-04 8:48 ` Florian Weimer
2002-01-03 10:03 ` Geert Uytterhoeven
2002-01-03 0:25 ` Alan Cox
2002-01-03 0:35 ` David Woodhouse
2002-01-03 2:10 ` Tom Rini
2002-01-03 22:39 ` Pavel Machek
2002-01-04 9:29 ` Paul Mackerras
2002-01-03 15:46 ` Edgar Toernig
2002-01-03 16:48 ` Momchil Velikov
2002-01-03 17:13 ` jtv
2002-01-03 21:26 ` Daniel Jacobowitz
2002-01-02 22:27 ` Richard Henderson
2002-01-02 22:35 ` Tom Rini
2002-01-02 22:44 ` Richard Henderson
2002-01-02 22:50 ` Tom Rini
2002-01-03 22:40 ` Pavel Machek
2002-01-04 8:42 ` Richard Henderson
2002-01-02 23:11 ` Paul Mackerras
2002-01-02 23:26 ` Tom Rini
2002-01-02 23:28 ` Momchil Velikov
2002-01-02 23:34 ` Tom Rini
2002-01-03 0:19 ` jtv
2002-01-03 0:29 ` Tom Rini
2002-01-03 1:03 ` jtv
2002-01-03 1:17 ` Tom Rini
2002-01-03 17:44 ` jtv
2002-01-04 8:42 ` Florian Weimer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200201031545.HAA14668@atrus.synopsys.com \
--to=jbuck@synopsys.com \
--cc=dewar@gnat.com \
--cc=gcc@gcc.gnu.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxppc-dev@lists.linuxppc.org \
--cc=paulus@samba.org \
--cc=trini@kernel.crashing.org \
--cc=velco@fadata.bg \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox