This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: [PATCH] C undefined behavior fix
- From: Paul Mackerras <paulus at samba dot org>
- To: "Albert D. Cahalan" <acahalan at cs dot uml dot edu>
- Cc: jsm28 at cam dot ac dot uk (Joseph S. Myers), jkl at miacid dot net,fw at deneb dot enyo dot de (Florian Weimer), dewar at gnat dot com,Dautrevaux at microprocess dot com, Franz dot Sirl-kernel at lauterbach dot com,benh at kernel dot crashing dot org, gcc at gcc dot gnu dot org, jtv at xs4all dot nl
- Date: Sun, 6 Jan 2002 16:46:24 +1100 (EST)
- Subject: Re: [PATCH] C undefined behavior fix
- References: <15415.52749.90870.849084@argo.ozlabs.ibm.com><200201060457.g064vcU145956@saturn.cs.uml.edu>
- Reply-to: paulus at samba dot org
Albert D. Cahalan writes:
> These examples make perfect sense. Here is another example, which
> you will surely hate:
The thing is, I wouldn't consider an AS/400 user process a suitable
environment in which to implement a kernel, so I don't hate it. :)
> Consider a machine like the CISC-based (non-PowerPC) AS/400.
> There wasn't any hardware-enforced memory protection, but the
There is, actually; there is an extra bit in each word of memory and
each register which says whether the value is a valid pointer or not,
and the hardware enforces that (user programs can't set that bit
themselves AFAIK).
> OS was secure. Your ability to create a pointer was restricted.
Still is, with the current PowerPC-based AS/400s. I must ask someone
what happens if you cast an int to a pointer in a C program on an
AS/400.
Linux does run on recent AS/400 machines, but it runs in a partition
where it has a certain amount of memory that it controls completely
(i.e. it isn't an AS/400 process), and it runs with the cpu in the
mode where it doesn't check whether pointers have the valid bit set.
Paul.