Overflows in Phobos

Shachar Shemesh via Digitalmars-d digitalmars-d at puremagic.com
Tue Jul 26 22:24:15 PDT 2016 

On 27/07/16 08:03, deadalnix wrote:
> On Wednesday, 27 July 2016 at 03:31:07 UTC, Adam D. Ruppe wrote:
>> On Wednesday, 27 July 2016 at 03:13:38 UTC, Shachar Shemesh wrote:
>>> Does that mean D isn't meant to be used to develop code that will run
>>> in Ring-0?
>>
>> assert(0) is never supposed to actually happen...

Then why do anything at all with it? assert(0) is something that the 
programmer *hopes* will never happen. The distinction is very important.

And defining it as issuing HLT, instead of according to what the effect 
of it should be, is a major problem in the spec, IMHO. (technically, it 
is not a problem with the D language published spec, as the spec's 
wording does not mandate it. It is a problem with D unpublished spec 
inside Walter's head. The D spec as published on that point is not 
great, but is not really the problem).

>>
>> Though, I do think it might be better to make it output `forever: hlt;
>> jmp forever;` which I think is just three bytes, and it is supposed to
>> be unreachable anyway... so that'd work in all cases.
>
> Can you explain what's the difference ?

Halt, or HLT, or other variations of it (e.g. invocation of a 
coprocessor instruction on ARM), is a command that tells the CPU to stop 
processing instructions until an interrupt arrives. It is usually 
employed by the kernel as the most basic form of power management, as 
the CPU will, sometimes, turn off the clock when it sees this command, 
thus saving power.

So, for most OSes, the idle process' implementation is:
loop: halt
       jump loop

Besides saving power, this also allows a virtual machine host to know 
when the guest does not need the CPU, and assign it elsewhere.

As should be obvious by now, this command is privileged. You are not 
allowed to decide, in a user space application, that the CPU should not 
do anything else. If you try to execute it from user mode, a "privileged 
instruction" exception is raised by the CPU, just like it would for any 
other privileged instruction.

It is this exception, rather than the command's intended use, that 
Walter is harnessing for assert(false). Walter is banking on the 
exception terminating the application. To that end, HLT could be 
replaced with any other privileged instruction with the exact same end 
result.

The problem (or rather, one of the many problems) is that if the CPU is 
in privileged mode, that exception will never arrive. The spec ala 
Walter says that's still okay, because a HALT was executed, and that's 
that. Anything else that the program does and you might not have 
expected it to is your own problem.

Most D programmers, however, expect the program not to continue 
executing past an assert(false). They might see it as a bug. Hence my 
question whether that means D is not meant for programming in privileged 
mode.

Shachar

More information about the Digitalmars-d mailing list