D - Unsafe and doomed
deadalnix
deadalnix at gmail.com
Sun Jan 5 16:20:57 PST 2014
On Monday, 6 January 2014 at 00:13:19 UTC, Walter Bright wrote:
> On 1/5/2014 3:59 PM, deadalnix wrote:
>>>> because it is known to fool optimizer and cause really
>>>> nasty bugs (typically, a pointer is dereferenced, so the
>>>> optimizer assume it
>>>> isn't null and remove null check after the dereference, and
>>>> then the dereference
>>>> is removed as it is dead.
>>>
>>> I'd like to see a case where this is nasty. I can't think of
>>> one.
>>>
>>
>> A recent linux kernel exploit was caused by this. Reread
>> carefully, this nasty
>> behavior is created by the optimizer, and avoiding it mean
>> preventing the
>> optimizer to optimize aways loads, unless it can prove the
>> pointer is non null.
>> As D is meant to be fast, this limitation in the optimizer is
>> highly undesirable.
>
> I'd still like to see an example, even a contrived one.
void foo(int* ptr) {
*ptr;
if (ptr is null) {
// do stuff
}
// do stuff.
}
The code look stupid, but this is quite common after a first pass
of optimization/inlining, do end up with something like that when
a null check if forgotten.
The problem here is that the if can be removed, as you can't
reach that point if the pointer is null, but *ptr can also be
removed later as it is a dead load.
The resulting code won't crash and do random shit instead.
More information about the Digitalmars-d
mailing list