Software Assurance Reference Dataset

Mon Jul 14 13:33:51 PDT 2014

On 14 July 2014 11:07, via Digitalmars-d <digitalmars-d at puremagic.com> wrote:
> On Sunday, 13 July 2014 at 23:35:46 UTC, Walter Bright wrote:
>>
>> On 7/13/2014 4:04 AM, "Marc Schütz" <schuetzm at gmx.net>" wrote:
>>>
>>> On Sunday, 13 July 2014 at 03:25:08 UTC, Walter Bright wrote:
>>>>
>>>> On 7/11/2014 10:28 AM, deadalnix wrote:
>>>>>
>>>>> The compiler can ensure that you hit at least every 4k or so.
>>>>
>>>>
>>>> And it already does.
>>>
>>>
>>> Doesn't look so:
>>>
>>
>>>     int bar(int a) {
>>>         int[8000] b = void;
>>>         b[$-1] = a;
>>>         return b[$-1];
>>>     }
>>
>>
>> On Win32:
>>
>> _D4foo53barFiZi comdat
>>         assume  CS:_D4foo53barFiZi
>>                 push    EBP
>>                 mov     EBP,ESP
>>                 mov     EDX,7
>> L8:             sub     ESP,01000h
>>                 test    [ESP],ESP
>>                 dec     EDX
>>                 jne     L8
>>                 sub     ESP,0D04h
>>                 lea     ECX,-8[EBP]
>>                 mov     [ECX],EAX
>>                 mov     EAX,-8[EBP]
>>                 leave
>>                 ret
>>
>> It doesn't do it on Linux because gcc doesn't do it. But the capability is
>> in the back end, and it does it for alloca(), too.
>
>
> Hmm... but this using DMD, not GDC. Or do you mean that DMD doesn't do it,
> because GCC doesn't do it either? If so, what is the reason for this? Why
> shouldn't this feature be enabled on every platform?

For GDC, there is -fstack-protector (which is turned on by default in
distributed binaries from Ubuntu).  However IIRC only functions that
use alloca or have static arrays of type char are actually checked.
Declaring an int[100] doesn't invoke alloca, so you won't see it.

The bounds checking in D alone is enough to catch most common
overflowing stack bugs.

Regards
Iain