This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: SafeStack proposal in GCC


On Mon, 9 May 2016, Rich Felker wrote:

> > Done.  I never understood why they left in the hugely unuseful 
> > {sig,}{set,long}jmp() but removed the actually useful *context() 
> > (amended somehow like above).
> Because those are actually part of the C language

Sure.  Same QoI bug in my book.  (And I'm not motivated enough to find out 
if the various C standards weren't just following POSIX whe setjmp was 
included, or really the other way around).

> (the non-sig versions, but the sig versions are needed to work around 
> broken unices that made the non-sig versions save/restore signal mask 
> and thus too slow to ever use). They're also much more useful for 
> actually reasonable code (non-local exit across functions that were 
> badly designed with no error paths)

Trivially obtainable with getcontext/setcontext as well.

> as opposed to just nasty hacks that 
> are mostly/entirely UB anyway (coroutines, etc.).

Well, we differ in the definition of reasonable :)  And I certainly don't 
see any material difference in undefined behaviour between both classes of 
functions.  Both are "special" regarding compilers (e.g. returning 
multiple times) and usage.  But as the *jmp() functions can be implemented 
with *context(), but not the other way around, it automatically follows 
(to me!) that the latter are more useful, if for nothing else than basic 
building blocks.  (there are coroutine libs that try to emulate a real 
makecontext with setjmp/longjmp on incapable architectures.  As this is 
impossible for all corner cases they are broken and generally awful on 
them :) )


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]