Re: [RFC] Program Bounds Checking

[Etienne Lorrain <etienne_lorrain at yahoo dot fr>]

  You write you needs 6 assembly instructions to check a pointer on x86,
 I am using the "bound" ia32 instruction (1 byte opcode 0x62, invalid in ia64)
 to check the stack pointer for few years now in Gujin (http://gujin.org) without
 problem.

 I am doing this kind of thing to guard against stack overflow (I do not have
 a too big stack in my bootloader):

struct {
    signed low_limit;
    signed high_limit;
    } __attribute__ ((packed)) stack_limit;

extern inline void bound_stack (void)
  {
/*
 * limit included - but add 2 to high limit for reg16, and 4 for reg32
 * if not in bound, exception #BR generated (INT5).
 * iret from INT5 will retry the bound instruction.
 */
  asm volatile (" bound %%esp,%0 " : : "m" (stack_limit) );
  }

void fct (int arg)
 { bound_stack () {
 int cpt = 0;
 // do some stuff...
 }}

 I bet there is a huge penalty if the value is not inside the limit...
 I have a simple "dump registers" handler for this interrupt/exception.

 In my case, I would have liked to have a function attribute like:
void fct (int arg) __attribute__((bound_stack(stack_limit)))
 {
 // do some stuff...
 }
 because some assembly instructions cross the bound asm (like initialisation
 of local variable) and if the stack has already overflowed some data is destroyed
 before the INT 05 is taken... Also if the function is inlined the stack checking
 does not mean a lot and should be discarded.

 A problem of this bound test is that the limits are signed, but for some tests it
 does not matter. I do not know how long it takes if the value is in the limit.

 Just a comment,
 Etienne.


	

	
		
___________________________________________________________________________ 
Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! 
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. 
http://fr.answers.yahoo.com