From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Original-To: caml-list@sympa.inria.fr Delivered-To: caml-list@sympa.inria.fr Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by sympa.inria.fr (Postfix) with ESMTPS id 186737EEF7 for ; Fri, 12 Jun 2015 10:26:42 +0200 (CEST) Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of asai@is.ocha.ac.jp) identity=pra; client-ip=133.65.64.10; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="asai@is.ocha.ac.jp"; x-sender="asai@is.ocha.ac.jp"; x-conformance=sidf_compatible Received-SPF: Pass (mail2-smtp-roc.national.inria.fr: domain of asai@is.ocha.ac.jp designates 133.65.64.10 as permitted sender) identity=mailfrom; client-ip=133.65.64.10; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="asai@is.ocha.ac.jp"; x-sender="asai@is.ocha.ac.jp"; x-conformance=sidf_compatible; x-record-type="v=spf1" Received-SPF: None (mail2-smtp-roc.national.inria.fr: no sender authenticity information available from domain of postmaster@web.is.ocha.ac.jp) identity=helo; client-ip=133.65.64.10; receiver=mail2-smtp-roc.national.inria.fr; envelope-from="asai@is.ocha.ac.jp"; x-sender="postmaster@web.is.ocha.ac.jp"; x-conformance=sidf_compatible X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CLAQAIl3pVlwpAQYVcFoNOX79PhXoCgUVMAQEBAQEBEgEBAQEBCBYHT4QiAQEBAwESKDkGBQsLGAklDwUgAQUBIjWIBQcBBQikXj4xqwqFDgEBAQEBAQEDAQEBAQEBHAqLOYQ7SweDF4EWBYxlizaGcAGBMECLW4ZcghE1gRWELGGBAgcdgSABAQE X-IPAS-Result: A0CLAQAIl3pVlwpAQYVcFoNOX79PhXoCgUVMAQEBAQEBEgEBAQEBCBYHT4QiAQEBAwESKDkGBQsLGAklDwUgAQUBIjWIBQcBBQikXj4xqwqFDgEBAQEBAQEDAQEBAQEBHAqLOYQ7SweDF4EWBYxlizaGcAGBMECLW4ZcghE1gRWELGGBAgcdgSABAQE X-IronPort-AV: E=Sophos;i="5.13,601,1427752800"; d="scan'208";a="164760738" Received: from web.is.ocha.ac.jp ([133.65.64.10]) by mail2-smtp-roc.national.inria.fr with ESMTP; 12 Jun 2015 10:26:39 +0200 Received: from mail-pd0-f169.google.com (mail-pd0-f169.google.com [209.85.192.169]) by web.is.ocha.ac.jp (Postfix) with ESMTP id 439DD99691C for ; Fri, 12 Jun 2015 17:26:37 +0900 (JST) Received: by pdbki1 with SMTP id ki1so20282283pdb.1 for ; Fri, 12 Jun 2015 01:26:36 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; bh=+/aeqwmgkZzdkPoxvIaRrdiOf1by/gsv1CgKV32X+F0=; b=Rthnr+YJXtiV8T0MlH/kX2zatBM0z/5lWVg5K0OzFA5dzrU9Y/d4b3w3pS/FX50R7R 7dpRbw8rp0G5z3hfRdGEhngCG5SjEpp8yeCn38uPGwR8x/ilX9vgN+X7n8z7E4bqPpud 35M5FXMfW4brpcEVA26+m81QYhXffej1E4gY4SdesbDxVcqULGFNvbeqGHKXharfesBN L/HldNbsz5zFDvENXoytTPxp094DI6zGyqak8L6j6rVC++flclmgXzdiFOUMxZu5gOWH B8TBa254Y0Qekcc3bhJiIzmWfvpuv6LyP6e3BRykrUrec0bIquTPFgaTvObcW5hcJ+6T vJRg== X-Gm-Message-State: ALoCoQnE0lZQ0dt165AmYzS4YsMa0xThJ+xLdA0gONYDu64HOeUflhp7NfzeBgKaNhAj5pBVba0n8Iqis2v9ZiNqi423HpuUcROzQmtoi8st41GUw61OUeAHRu4qqhyorUl1EzjVz6DN X-Received: by 10.66.156.198 with SMTP id wg6mr21377549pab.126.1434097596881; Fri, 12 Jun 2015 01:26:36 -0700 (PDT) X-Received: by 10.66.156.198 with SMTP id wg6mr21377526pab.126.1434097596717; Fri, 12 Jun 2015 01:26:36 -0700 (PDT) Received: from localhost ([133.65.65.2]) by mx.google.com with ESMTPSA id ow6sm2830896pbc.59.2015.06.12.01.26.35 (version=TLSv1.1 cipher=RC4-SHA bits=128/128); Fri, 12 Jun 2015 01:26:36 -0700 (PDT) Date: Fri, 12 Jun 2015 17:26:26 +0900 From: Kenichi Asai To: Romain Bardou Cc: caml-list@inria.fr Message-ID: <20150612082626.GA5884@pllab.is.ocha.ac.jp> References: <20150612052738.GA3684@pllab.is.ocha.ac.jp> <557A8CBB.5050306@inria.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <557A8CBB.5050306@inria.fr> User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: [Caml-list] Marshall.from_channel and segmentation fault Dear Romain, Thanks for the explanation. It seems you are suggesting that I should use something else that performs runtime type checking rather than the Marshall module. Is there some standard module I can use? I want to send various data along the Unix socket to create interactive games using the Universe library for OCaml: http://pllab.is.ocha.ac.jp/~asai/Universe/ Because the library is used by beginning students, I want to avoid segmentation fault without any useful error messages when they mistakenly use the sent data as having different types. Sincerely, -- Kenichi Asai On Fri, Jun 12, 2015 at 09:39:39AM +0200, Romain Bardou wrote: > On 12/06/2015 07:27, Kenichi Asai wrote: > >The OCaml manual for the Marshall module says: > > > >>(Marshal.from_channel chan : type). Anything can happen at run-time > >>if the object in the file does not belong to the given type. > > > >and this "Anything" contains segmentation fault. Is it difficult to > >avoid this segmentation fault and, e.g., raise an exception instead? > > > >Sincerely, > > > > You have to check that you will not dereference invalid pointers. > Basically you need to type-check the value at runtime before using it. > If you have a runtime representation of the type of your value, you may > be able to do so using Obj. But if you have a runtime representation of > the type, Marshal suddenly becomes less interesting as you can use this > representation to guide serialization anyway. > > Because of this, Marshal is mostly used when one knows through other > means that only values of the right type are deserialized. This means > that Marshal should not be used for network applications where the > remote peer cannot be trusted to always send values of the right type. > An attacker could send an ill-formed value to crash the server, for > instance. Or, the remote peer may simply not be up-to-date and use other > types for its values. > > Marshal is better suited to saving data locally. It will still fail if > one tries to use values from another application or another version of > the same application with incompatible types. In other words it will not > be backward compatible when types change, so Marshal is better suited > for temporary files. For instance, .cmi files are marshaled values, if > I'm not mistaken. > > To sum up: yes, it is difficult. > > Cheers,