Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Michael S Newsgroups: comp.lang.c Subject: Re: A Famous Security Bug Date: Sun, 24 Mar 2024 17:26:41 +0300 Organization: A noiseless patient Spider Lines: 59 Message-ID: <20240324172641.00005ede@yahoo.com> References: <20240320114218.151@kylheku.com> <20240321211306.779b21d126e122556c34a346@gmail.moc> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Injection-Info: dont-email.me; posting-host="ea83786ed9d7b4303133f886081061ed"; logging-data="443456"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/SH9loVKg7wrcy8lU7ziHQlPjyMlq5BKU=" Cancel-Lock: sha1:s9BWYOyihGEyr+36mYl4065uvpE= X-Newsreader: Claws Mail 3.19.1 (GTK+ 2.24.33; x86_64-w64-mingw32) Bytes: 3040 On Sat, 23 Mar 2024 11:26:03 +0000 bart wrote: > On 23/03/2024 07:26, James Kuyper wrote: > > bart writes: > >> On 22/03/2024 17:14, James Kuyper wrote: > > [...] > >>> If you want to tell a system not only what a program must do, but > >>> also how it must do it, you need to use a lower-level language > >>> than C. > >> > >> Which one? > > > > That's up to you. The point is, C is NOT that language. > > I'm asking which /mainstream/ HLL is lower level than C. So > specifically ruling out assembly. > > If there is no such choice, then this is the problem: it has to be C > or nothing. > > >> I don't think anyone seriously wants to switch to assembly for the > >> sort of tasks they want to use C for. > > > > Why not? Assembly provides the kind of control you're looking for; C > > does not. If that kind of control is important to you, you have to > > find a language which provides it. If not assembler or C, what > > would you use? > > Among non-mainstream ones, my own would fit the bill. Since I write > the implementations, I can ensure the compiler doesn't have a mind of > its own. > > However if somebody else tried to implement it, then I can't > guarantee the same behaviour. This would need to somehow be enforced > with a precise language spec, or mine would need to be a reference > implementation with a lot of test cases. > > > ----------------- > > Take this program: > > #include > int main(void) { > goto L; > 0x12345678; > L: > printf("Hello, World!\n"); > } > > If I use my compiler, then that 12345678 pattern gets compiled into > the binary (because it is loaded into a register then discarded). > That means I can use that value as a marker or sentinel which can be > searched for. > Does it apply to your aarch64 compiler as well?