Skip to content

pool_queue: Add static assert for management_array offset #475

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 14, 2017
Merged

pool_queue: Add static assert for management_array offset #475

merged 1 commit into from
Aug 14, 2017

Conversation

fangyi-zhou
Copy link

@fangyi-zhou fangyi-zhou commented Aug 3, 2017
edited
Loading

In order for the GNU extension of static initialisation of flexible
array member to work. Care must be taken to check whether the offset of
management_array is the size of the structure, so that accessing the
management_array will be to the allocated static memory following the
pool struct. If this assertion fails, accessing management_array might
end of accessing the struct padding inserted by the compiler.

Additional explanation:

Current struct layout

byte byte byte byte
magic magic magic magic
array array array array
stride stride stride stride
num num_allocated first_free spinlock
->

-> = location management_array points to (outside the struct)

If future modifications are to be added to this data structure, say adding/removing an u8 field. A possible layout will be

byte byte byte byte
magic magic magic magic
array array array array
stride stride stride stride
num num_allocated first_free spinlock
new_field ->padding padding padding

-> = location management_array points to (inside the struct)

In this case, management_array points to the struct padding due to the layout of uvisor_pool_entry_t being u8. However, the actual management array is located after the paddings (due to struct alignments).

The C standard does not make clear requirements on struct paddings, but it would be nice to avoid the grey area and be certain.

See also: http://www.cl.cam.ac.uk/~pes20/cerberus/notes30.pdf Section 3.3

Patater
Patater reviewed Aug 14, 2017
View reviewed changes
core/system/src/pool_queue.c Outdated

uvisor_spin_init(&pool->spinlock);

_Static_assert(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use UVISOR_STATIC_ASSERT. We have it implemented now.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changed

pool_queue: Add static assert for management_array offset
b373cc7 
In order for the GNU extension of static initialisation of flexible
array member to work. Care must be taken to check whether the offset of
management_array is the size of the structure, so that accessing the
management_array will be to the allocated static memory following the
pool struct. If this assertion fails, accessing management_array might
end of accessing the struct padding inserted by the compiler.
@Patater Patater merged commit 391d080 into ARMmbed:master Aug 14, 2017
@fangyi-zhou fangyi-zhou deleted the pool_alignment_check branch August 29, 2017 09:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Patater Patater Patater approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fangyi-zhou @Patater