From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4
Received: (qmail 13320 invoked from network); 28 Jul 2020 11:21:06 -0000
Received: from ns1.primenet.com.au (HELO primenet.com.au) (203.24.36.2)
  by inbox.vuxu.org with ESMTPUTF8; 28 Jul 2020 11:21:06 -0000
Received: (qmail 26909 invoked by alias); 28 Jul 2020 11:20:58 -0000
Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm
Precedence: bulk
X-No-Archive: yes
List-Id: Zsh Workers List <zsh-workers.zsh.org>
List-Post: <mailto:zsh-workers@zsh.org>
List-Help: <mailto:zsh-workers-help@zsh.org>
List-Unsubscribe: <mailto:zsh-workers-unsubscribe@zsh.org>
Sender: zsh-workers@zsh.org
X-Seq: 46277
Received: (qmail 20572 invoked by uid 1010); 28 Jul 2020 11:20:58 -0000
X-Qmail-Scanner-Diagnostics: from wout4-smtp.messagingengine.com by f.primenet.com.au (envelope-from <d.s@daniel.shahaf.name>, uid 7791) with qmail-scanner-2.11 
 (clamdscan: 0.102.3/25884. spamassassin: 3.4.4.  
 Clear:RC:0(64.147.123.20):SA:0(-2.6/5.0):. 
 Processed in 4.073909 secs); 28 Jul 2020 11:20:58 -0000
X-Envelope-From: d.s@daniel.shahaf.name
X-Qmail-Scanner-Mime-Attachments: |
X-Qmail-Scanner-Zip-Files: |
Received-SPF: none (ns1.primenet.com.au: domain at daniel.shahaf.name does not designate permitted sender hosts)
X-ME-Sender: <xms:3wkgX5giLS0WTjpjy5jbBAUd7hve9DdnOrzUNBffzZ1eajVGeVScUQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduiedriedvgdefjecutefuodetggdotefrodftvf
    curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu
    uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc
    fjughrpeffhffvuffkjghfofggtgfgsehtjedttdertddvnecuhfhrohhmpeffrghnihgv
    lhcuufhhrghhrghfuceougdrshesuggrnhhivghlrdhshhgrhhgrfhdrnhgrmhgvqeenuc
    ggtffrrghtthgvrhhnpeefudetgeevhedvhfetveetvdduleduieejueduueejjedtteeu
    tdejhfdtgfeiteenucfkphepuddtledrieegrddugedurdeijeenucevlhhushhtvghruf
    hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegurdhssegurghnihgvlhdrshhh
    rghhrghfrdhnrghmvg
X-ME-Proxy: <xmx:3wkgX-BmYsVrkxrtHdQY9hLmHAihglUc6FHVhYVqZay5H31kPrVuZA>
    <xmx:3wkgX5FlM4F7yJ2X2waR2UaJayEuEnUMHO6Ya5zZkJreFynysxqLVg>
    <xmx:3wkgX-TwsdRr_hWso6SAHr2ch1oKONBF7rfnCktXaYRE-muRXSPL1g>
    <xmx:4AkgX19Ils9auG1yTN0HTNudKYQaQNCDOA62X9z70CjIy56Cr3uK2g>
Date: Tue, 28 Jul 2020 11:19:55 +0000
From: Daniel Shahaf <d.s@daniel.shahaf.name>
To: Roman Perepelitsa <roman.perepelitsa@gmail.com>
Cc: Peter Stephenson <p.w.stephenson@ntlworld.com>, Zsh hackers list
 <zsh-workers@zsh.org>
Subject: Re: 5.8: LTO exposes some new issues
Message-ID: <20200728111956.21617dde@tarpaulin.shahaf.local2>
In-Reply-To: <CAN=4vMp0GP=JJrfP=N6q7s_yCXp-_LMJBL1dC8Kd2weMNPvm0A@mail.gmail.com>
References: <CABB28CwZXqp6AEr1Gnk_VFBOqeFNhPVnUnTJGTae=ePkqeMFkw@mail.gmail.com>
	<ca26b639-1878-4e72-9fad-a4037912038a@www.fastmail.com>
	<CAH+w=7aCiU6ZAeh1JwRg+b+A=WrFTz4_8st9_UXOy_VYZ9M77Q@mail.gmail.com>
	<CABB28CxSD5w-SY-iCVYuQ4kJfBpNJOWhpk4HOrS1DNPfMVztgw@mail.gmail.com>
	<CAH+w=7Z0oDO18u7uRVoOhjG0-0ydvi65zt2mMHD_wb636C9F1w@mail.gmail.com>
	<35bf1c7b-163f-4baf-9d5a-c1d7e72459ec@www.fastmail.com>
	<CABB28Cxo3HAvDf-MhpRyNVuK_TjNXpT+nhfWsSax=BK8+RTUhQ@mail.gmail.com>
	<CAN=4vMoe4z=QqGK6FOxqo4FBYXj7oOU2NQJNk58iqtXR9agk1Q@mail.gmail.com>
	<CAN=4vMpxGgZTcvhmqjzvNFvybqiJTqjTZvs+Ky17F9=7OxU0QA@mail.gmail.com>
	<20200728075343.2cfb1ebf@tarpaulin.shahaf.local2>
	<727383568.664238.1595924724485@mail2.virginmedia.com>
	<CAN=4vMp0GP=JJrfP=N6q7s_yCXp-_LMJBL1dC8Kd2weMNPvm0A@mail.gmail.com>
X-Mailer: Claws Mail 3.17.3 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Roman Perepelitsa wrote on Tue, 28 Jul 2020 12:52 +0200:
> On Tue, Jul 28, 2020 at 10:26 AM Peter Stephenson
> <p.w.stephenson@ntlworld.com> wrote:
> >  
> > > On 28 July 2020 at 08:53 Daniel Shahaf <d.s@daniel.shahaf.name> wrote:
> > >
> > > It's clearly correct, but as written, the patch loses the distinction
> > > that these members are private to hashtable.c and should not be accessed
> > > by other parts of the code.  Could you address that, please?  If
> > > there's an easy way to have the compiler enforce this restriction,
> > > great; else, we can at least add a comment.  
> >
> > One way is to have a "struct { ... } private" substructure,
> > which it makes it clear what's going on within the code (though comments
> > are obviously useful, too).  
> 
> How about this? The diff is a bit larger but the code is fairly
> straightforward. Only hashtable.c has access to internal fields, just
> like before the patch.
> 
> In a nutshell, struct hashtable has only public data members. Within
> hashtable.c there is struct hashtableimpl, which has struct hashtable
> as the first data member. C allows casting a pointer to a struct to a
> pointer to its first data member and back without violating aliasing
> rules. Thus hashtable.c can cast struct hashtable* to struct
> hashtableimpl* in order to get access to internal fields.

Thanks, that addresses the previous point, but unfortunately it creates
another problem: people who read the .h file are liable to declare
local variables of type 'struct hashtable', or memcpy() them around,
and in either case, once such a variable gets to hashtable.c and the
private members are accessed, we'll get out-of-bounds reads.

So we need either a comment at the definition of the struct type that
says nobody should allocate/duplicate/assign such structs directly, but
call newhashtable() instead, or a solution that doesn't involve casts,
such as Peter's proposal.

Cheers,

Daniel