[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Tinycc-devel] enforced immutability - proposed research project
From: |
Michael Matz |
Subject: |
Re: [Tinycc-devel] enforced immutability - proposed research project |
Date: |
Tue, 19 Jan 2021 16:17:58 +0100 (CET) |
User-agent: |
Alpine 2.21 (LSU 202 2017-01-01) |
Hello,
On Mon, 18 Jan 2021, Bruno Haible wrote:
Michael Matz wrote:
... you also need to invalidate all _copies_ of wp:
wp = malloc(); init(wp);
p = freeze(wp);
globalp->foo = ...; // should be disallowed
where init(wp) is something like:
struct S *globalp;
void init(struct S *x) { x->foo = 1; globalp = x; }
This is a perfectly valid code, with no "bad" cast. I would say that
assigning to globalp->foo should be allowed.
I see, but see below for what this then means.
Many programs don't make copies of wp. The typical idiom is that the
function that allocates an object also fills it and selectively stores or
returns writable and read-only views to the object. Enforced immutability
should only verify that some code that received a read-only pointer does
not do a write access.
Okay, that's quite limited, and very easy to implement: disallow casting
away immutability and you're done. But in this limited form you then
can't infer anything useful from this, in particular you can't infer that
the (immutably) pointed to object is unmodified when you allow mutable
references to exist to it at the same time. Obviously I misunderstood
your proposal, I thought you also wanted to defend against accidental (or
malicious) modification of frozen objects.
Doing things at runtime also isn't super-easy: you either waste full
pages for each allocation, no matter how small (in order to
write-protect them at freeze), or you need to copy contents around (to
write-controlled areas) invalidating addresses already pointing to it,
or you need to do checked-writes for each memory write.
The cited implementation (immutable.h, immutable.c) does none of these.
Ahh, two shared mappings to the same thing. Okay, I retract my claim and
say: cute idea! :) (sorry for not checking gnulib earlier)
Ciao,
Michael.
- Re: [Tinycc-devel] enforced immutability - proposed research project, (continued)
- Re: [Tinycc-devel] enforced immutability - proposed research project, Christian Jullien, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project,
Michael Matz <=
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/19
- Re: [Tinycc-devel] enforced immutability - proposed research project, Steffen Nurpmeso, 2021/01/19
- Re: [Tinycc-devel] enforced immutability - proposed research project, Michael Matz, 2021/01/20
- Re: [Tinycc-devel] enforced immutability - proposed research project, Steffen Nurpmeso, 2021/01/20
- Re: [Tinycc-devel] enforced immutability - proposed research project, Elijah Stone, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Elijah Stone, 2021/01/18
- Re: [Tinycc-devel] enforced immutability - proposed research project, Bruno Haible, 2021/01/19
- Re: [Tinycc-devel] enforced immutability - proposed research project, Christian Jullien, 2021/01/19
- Re: [Tinycc-devel] enforced immutability - proposed research project, Christian Jullien, 2021/01/19