[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] enforced immutability - proposed research project
|
From: |
Barath Aron |
|
Subject: |
Re: [Tinycc-devel] enforced immutability - proposed research project |
|
Date: |
Mon, 18 Jan 2021 16:22:20 +0100 |
Hi,
On Mon, 18 Jan 2021 15:57:59 +0100 (CET) Michael Matz
<matz.tcc@frakked.de> wrote:
> Hello,
>
> Depends what happens with the original wp in Brunos example. To
> remind, the context was:
>
> wp = malloc(); wp->foo = ...;
> p = freeze(wp);
>
> Now, if you only disallow to cast away immutability, then you still
> would be able to write to the object via *wp. So, you either need to
> do something at runtime, or encode the fact that wp becomes invalid
> after freezing it. That might sound easy, but you also need to
> invalidate all _copies_ of wp:
>
> wp = malloc(); init(wp);
> p = freeze(wp);
> globalp->foo = ...; // should be disallowed
>
> where init(wp) is something like:
>
> struct S *globalp;
> void init(struct S *x) { x->foo = 1; globalp = x; }
>
> Doing things at runtime also isn't super-easy: you either waste full
> pages for each allocation, no matter how small (in order to
> write-protect them at freeze), or you need to copy contents around
> (to write-controlled areas) invalidating addresses already pointing
> to it, or you need to do checked-writes for each memory write. The
> latter is basically what current bounds-checking in tcc already does,
> just with even more meta-data.
>
> I think the latter would actually be the quickest route to success
> here: reuse the bounds-checking code. You just need a way to
> register read-only regions (which is what freezing does), and then
> check that list of regions at each write.
>
Yes, this is how you would do it without proper type system (like C
has). I mean, if you want to add runtime stuff here, it is fine for me
(until it is optional :P -- I use tcc on an exotic hosted system, so it
is crucial for me [hmm, did I mentioned that tcc works only partially,
due to lack of PIE support?]). But in the example above, it is clearly,
you need to do something in your code to get this working. Another
aspect would be an extension to the C type system, which makes such
escapes impossible (like 'const'):
immutable struct S *globalp;
void init(immutable struct S *x) { x->foo = 1; globalp = x; }
And make this property permanent, so no one can cast it away.
I mean, I see two ways to do it. One will work only in certain hosted
system, while the other will work with any hosted and freestanding
environment. And it would be useful to examine both directions,
especially for a research project. :)
Aron
- [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Christian Jullien, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Michael Matz, 2021/01/19
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/19
- Re: [Tinycc-devel] enforced immutability - proposed research project, Steffen Nurpmeso, 2021/01/19
- Re: [Tinycc-devel] enforced immutability - proposed research project, Michael Matz, 2021/01/20
- Re: [Tinycc-devel] enforced immutability - proposed research project, Steffen Nurpmeso, 2021/01/20
- Re: [Tinycc-devel] enforced immutability - proposed research project, Elijah Stone, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Elijah Stone, 2021/01/18