This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [RFC][BZ #16549] Add sanity check for condvar alignment.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: Mike Frysinger <vapier at gentoo dot org>
- Cc: libc-alpha at sourceware dot org, Rich Felker <dalias at aerifal dot cx>
- Date: Sun, 16 Feb 2014 12:55:22 +0100
- Subject: Re: [RFC][BZ #16549] Add sanity check for condvar alignment.
- Authentication-results: sourceware.org; auth=none
- References: <20140211124346 dot GA31165 at domone dot podge> <20140211153502 dot GY15627 at brightrain dot aerifal dot cx> <20140211162638 dot GA31587 at domone dot podge> <3884564 dot i4Ap9r5n7l at vapier>
On Sun, Feb 16, 2014 at 05:19:07AM -0500, Mike Frysinger wrote:
> On Tuesday, February 11, 2014 17:26:38 OndÅej BÃlka wrote:
> > On Tue, Feb 11, 2014 at 10:35:02AM -0500, Rich Felker wrote:
> > > On Tue, Feb 11, 2014 at 01:43:46PM +0100, OndÅej BÃlka wrote:
> > > > In this bug using misaligned condition variable causes a silent failure.
> > >
> > > You cannot create a misaligned condvar without invoking undefined
> > > behavior.
> > >
> > > > There are two possibilities how to fix it. First one would be not lie
> > > > about requirements and add attribute ((aligned)) to header. That could
> > > > break programs by changing sizes of structures but these were broken in
> > > > first place.
> > >
> > > How is it lying about the requirements? The definition is visible and
> > > it contains both ints and pointers in the union, so the alignment is
> > > the maximum alignment needed for them. In practice this will be 4 on
> > > 32-bit systems and 8 on 64-bit ones.
> > >
> > > In any case, the bugreport is invalid. You can never take a pointer to
> > > members of a #pragma packed struct and pass them to other functions.
> > > For example, scanf("%d", &packed.x) is invalid because scanf has no
> > > way of knowing it will get, much less dealing with, an
> > > invalid/misaligned pointer. This is not specific to pthread
> > > synchronization objects.
> >
> > And by undefined behaviour we could format user harddisk. This is valid
> > QoI issue as it aborting on undefined behaviour is prefered.
>
> but you can make this argument for every single function that takes a pointer
> argument. surely you can't be proposing that we add assert() to every
> function entry point to verify the user wasn't stupid ? at some point the
> answer has to be "wtf go away".
> -mike
That is most of time not problem as a function will either work or
crash. A boundary is around avoiding silent failures, we make checks
that make less sense, validity of dlsym handles comes to mind.