Software Assurance Reference Dataset
via Digitalmars-d
digitalmars-d at puremagic.com
Mon Jun 30 01:00:35 PDT 2014
On Thursday, 26 June 2014 at 09:35:20 UTC, Walter Bright wrote:
> Stack overflows are not safety problems when a guard page is
> used past the end of the stack. Then, overflow checking is done
> in hardware. Guard pages aren't currently used for fibers, so
> overflows are a real danger there.
But a page is only 2K? So what happens if you skip more than 2K
and never touch the guard page? Does D prove that the stack
pointer is never moved more than 2K-1 without a read or write in
that range?
Guard pages on a flat memory model are not as safe as a segmented
memory model.
A compromise would be to inject runtime checks to see if there is
sufficient stack space whenever you move the stack pointer and
remove them when you can prove that there is enough room. E.g.
collapse the checks into larger spans of stack space by
propagating them upwards in the call chain.
Anyway, minimizing stack space is very useful for fibers in
scientific simulations or real time systems since you want to be
able to run as many as you can fit into memory. Each actor/agent
could be very simple so I would not rule out the ability to prove
it in most cases for some domains.
More information about the Digitalmars-d
mailing list