[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Tinycc-devel] Proposal for handling alloca(). Anyone see a problem

From: Philippe Ribet
Subject: Re: [Tinycc-devel] Proposal for handling alloca(). Anyone see a problem with it?
Date: Tue, 08 May 2007 09:22:02 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040413 Debian/1.6-5

David A. Wheeler wrote:

I said earlier:
So maybe it's not so hard to implement alloca() traditionally... I'll need to 
investigate how it interacts with the buffer-overflow detection stuff

After looking over the original papers about it, and the tcc code, doing the 
buffer-overflow stuff for alloca() looks pretty easy!

It appears that alloca() just needs to call __bound_new_region(void *p, 
unsigned long size).  Since alloca()'ed code may be an array, to make it work 
with bounds-checking, alloca should reserve at least one more byte (I'd reserve 
4 more bytes, for alignment).

alloca(3), with the extra-byte for bound checking will give you the right alignment. No need to reserve 4 bytes.

I just read the Linux manpage for alloca. It's quite interesting and not so long, so I copy it here.

ALLOCA(3) Linux Programmer's Manual ALLOCA(3)

      alloca - memory allocator

      #include <alloca.h>

      void *alloca(size_t size);

The alloca function allocates size bytes of space in the stack frame of the caller. This tempo- rary space is automatically freed when the function that called alloca returns to its caller.

The alloca function returns a pointer to the beginning of the allocated space. If the alloca-
      tion causes stack overflow, program behaviour is undefined.

There is evidence that the alloca function appeared in 32v, pwb, pwb.2, 3bsd, and 4bsd. There is a man page for it in BSD 4.3. Linux uses the GNU version. This function is not in POSIX or

Normally, gcc translates calls to alloca by inlined code. This is not done when either the -ansi or the -fno-builtin option is given. But beware! By default the glibc version of <stdlib.h>
      includes <alloca.h> and that contains the line
             # define alloca(size)   __builtin_alloca (size)
with messy consequences if one has a private version of this function.

The fact that the code is inlined, means that it is impossible to take the address of this func-
      tion, or to change its behaviour by linking with a different library.

The inlined code often consists of a single instruction adjusting the stack pointer, and does
      not check for stack overflow.  Thus, there is no NULL error return.

The alloca function is machine and compiler dependent. On many systems its implementation is
      buggy. Its use is discouraged.

On many systems alloca cannot be used inside the list of arguments of a function call, because the stack space reserved by alloca would appear on the stack in the middle of the space for the
      function arguments.

After reading this, I don't think we absolutely have to implement alloca to work in the hardest cases if it's a pain to implement.

Best regards,

Philippe Ribet

                        The README file said
             "Requires Windows 95, NT 4.0, or better."
                   So... I installed it on Linux!

reply via email to

[Prev in Thread] Current Thread [Next in Thread]