Re: LLVM--Low Level Virtual Machine--and Ada

["Randy Brukardt" <randy@rrsoftware.com>]

"Duncan Sands" <baldrick@free.fr> wrote in message
news:mailman.6.1185176858.3834.comp.lang.ada@ada-france.org...
> Hi Bob, thanks for your informative reply.
>
> > Another problem is that some modern machines use DEP (which I think
> > stands for "data execution prevention" or something like that).  DEP
> > means the operating system prevents writeable data from being executed
> > as code.  The purpose is to prevent certain kinds of security holes
> > that are common in languages that don't do array-bounds checking.
> > But DEP prevents trampolines from working, so users have to turn
> > it off in order to run some Ada programs (such as the compiler).
> > It's a pain because users get some mysterious error message
> > when trampolines are used.
>
> I'm not sure that this is a problem anymore: gcc uses a bunch of tricks
> (eg: setting a flag on the program that notes it runs code on the stack)
> to inform the operating system that the trampoline is kosher IIRC.  That
> said, I haven't tried to implement any of this in LLVM yet, which is also
> why I'm vague on the details.

That would be bad, as it would effectively turn of DEP for LLVM programs.
These error detections are critically needed and turning them off just means
you have buggy software that you can't/won't fix and that you're willing to
remain part of the problem.

Honestly, I never understood why programs *ever* needed to execute
permission on stack and data. When we did our first 32-bit compilers, I kept
those segments completely separate and was dismayed to find out that we
couldn't set the permissions on the segments to actually match the uses (and
thus detect bugs earlier). I managed to get the DOS extender versions
sort-of-right by discarding the overlapping writable segments given to us by
the OS and creating new non-overlapping ones for the data and stack. But
neither Unix nor Windows provided anything that helped at all. I find it
bizarre to find people deciding to apply the obvious technique of least
privilege nearly 20 years later - what the heck have they been doing in the
mean time? (Not caring if software is correct is one obvious answer...)

Janus/Ada has never used any executable data/stack in its 32-bit versions;
such code would save no more than a clock cycle or two (out of hundreds or
thousands) and as such could not be significant. We use compiler-generated
thunks rather than run-time generated trampolines, and I'm not sure why
anyone would use the latter (given that they increase the exploitability of
a program). Most be something I don't understand...

                           Randy.