Calibrating your fear of big bad optimizing compilers
Calibrating your fear of big bad optimizing compilers
Posted Oct 12, 2019 9:17 UTC (Sat) by hsivonen (subscriber, #91034)In reply to: Calibrating your fear of big bad optimizing compilers by scientes
Parent article: Calibrating your fear of big bad optimizing compilers
The only thing in C or C++ that allows you to access (in a non-UB way) memory that doesn’t participate in the memory model is volatile, but since the use case it is designed for is memory-mapped devices, it inhibits more optimizations than would be necessary for the use cases of kernel accessing userland memory when responding to a syscall, a hypervisor accessing guest memory when implementing a virtual device, or a Wasm host assessing a SharedArrayBuffer Wasm heap when responing to a call to a host service.
Considering that this type of software is typically implemented in languages that inherit the C++11 memory model (C++ itself plus C11 and Rust), it’s surprising that this facility is missing.
Posted Oct 12, 2019 16:03 UTC (Sat)
by scientes (guest, #83068)
[Link] (2 responses)
But don't we only look at user-land data from the same thread that sent the data, so there are no races (and we don't trust the data, so if another thread with access to that data changes it, that is their problem.)
Posted Oct 12, 2019 16:47 UTC (Sat)
by excors (subscriber, #95769)
[Link] (1 responses)
If the access from the kernel is undefined behaviour (because another user thread modified that memory in violation of the rules), that's the kernel's problem. Undefined behaviour doesn't just mean the kernel will read an incorrect value, it means absolutely anything could happen (and would happen with kernel privileges).
Posted Oct 12, 2019 19:12 UTC (Sat)
by hsivonen (subscriber, #91034)
[Link]
Calibrating your fear of big bad optimizing compilers
Calibrating your fear of big bad optimizing compilers
Calibrating your fear of big bad optimizing compilers