This is the mail archive of the
gcc@gcc.gnu.org
mailing list for the GCC project.
Re: SafeStack proposal in GCC
- From: Michael Matz <matz at suse dot de>
- To: Rich Felker <dalias at libc dot org>
- Cc: "gcc at gcc dot gnu dot org" <gcc at gcc dot gnu dot org>
- Date: Mon, 9 May 2016 23:45:23 +0200 (CEST)
- Subject: Re: SafeStack proposal in GCC
- Authentication-results: sourceware.org; auth=none
- References: <CAFA9rWPkb=eV0GhvFeOnd4pRVh=N3fSifYBwZjy9Ndh68BmBww at mail dot gmail dot com> <0d50f0ef01b24c25a79a6f18eaddfd6d at REXA dot intranet dot epfl dot ch> <CANL6WeqEwFYx2H-sv81K8CDFypiJ+ray+xPyRH+7kitTpD8bqw at mail dot gmail dot com> <20160507054212 dot GE21636 at brightrain dot aerifal dot cx> <alpine dot LSU dot 2 dot 20 dot 1605092101000 dot 13156 at wotan dot suse dot de> <20160509193503 dot GF21636 at brightrain dot aerifal dot cx> <alpine dot LSU dot 2 dot 20 dot 1605092147020 dot 13156 at wotan dot suse dot de> <20160509204352 dot GG21636 at brightrain dot aerifal dot cx>
Hi,
On Mon, 9 May 2016, Rich Felker wrote:
> > Done. I never understood why they left in the hugely unuseful
> > {sig,}{set,long}jmp() but removed the actually useful *context()
> > (amended somehow like above).
>
> Because those are actually part of the C language
Sure. Same QoI bug in my book. (And I'm not motivated enough to find out
if the various C standards weren't just following POSIX whe setjmp was
included, or really the other way around).
> (the non-sig versions, but the sig versions are needed to work around
> broken unices that made the non-sig versions save/restore signal mask
> and thus too slow to ever use). They're also much more useful for
> actually reasonable code (non-local exit across functions that were
> badly designed with no error paths)
Trivially obtainable with getcontext/setcontext as well.
> as opposed to just nasty hacks that
> are mostly/entirely UB anyway (coroutines, etc.).
Well, we differ in the definition of reasonable :) And I certainly don't
see any material difference in undefined behaviour between both classes of
functions. Both are "special" regarding compilers (e.g. returning
multiple times) and usage. But as the *jmp() functions can be implemented
with *context(), but not the other way around, it automatically follows
(to me!) that the latter are more useful, if for nothing else than basic
building blocks. (there are coroutine libs that try to emulate a real
makecontext with setjmp/longjmp on incapable architectures. As this is
impossible for all corner cases they are broken and generally awful on
them :) )
Ciao,
Michael.