<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Feb 18, 2014 at 7:30 AM, Stefan Marr <span dir="ltr"><<a href="mailto:smalltalk@stefan-marr.de" target="_blank">smalltalk@stefan-marr.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Hi:<br>
<div><div class="h5"><br>
On 18 Feb 2014, at 15:58, Sven Van Caekenberghe <<a href="mailto:sven@stfx.eu">sven@stfx.eu</a>> wrote:<br>
<br>
> The VM could sure use stack overflow protection, it would/could help catch numerous 'hangs' due to infinite loops.<br></div></div></blockquote><div><br></div><div>But Smalltalk, having a spaghetti stack composed of contexts needs a different approach. The stack guard page won't work. The original approach of waiting for space to run out and signalling the low space semaphore doesn't scale, and hasn't been well-maintained, often resulting in systems that lock-up before they open a debugger on an offending process when space is low (it can be difficult to pick the right process also). Counting the stack depth periodically is sloooow, but something the VM can optimize unsafely (e.g. imagine an inst var in Process that records a per-process stack depth, and imagine that is updated by the VM on process switch and that the VM can efficiently compute the stack depth of the part of the process's context chain that is mapped to stack pages in the stack zone; this is fine provided nothing edits the process's stack chain explicitly, as does e.g. Seaside). So this is not a trivial problem to solve satisfactorily.</div>
<div><br></div><div>To understand how we should implement this one really should understand the architecture of context-to-stack mapping in the Cog and Stack VMs. You can read my blog for that.</div><div><br></div><div>Here's a hack off the top of my head: Process contains an inst var which records the number of contexts it creates. This count is not accurate. In Cog and the Stack VM it records only contexts created when the VM evacuates a page of contexts. In the classic Interpreter VM we count context allocations). Whenever a process's context count exceeds a given threshold, its actual depth is counted (accurately) and if this exceeds a second threshold, the process is interrupted. These thresholds need to be known to the VM and hence be vm parameters.</div>
<div><br></div><div><br></div><div>Thoughts? Other ideas?</div><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
><br>
> On 18 Feb 2014, at 13:08, Sebastian Sastre <<a href="mailto:sebastian@flowingconcept.com">sebastian@flowingconcept.com</a>> wrote:<br>
><br>
>> Hi there,<br>
>><br>
>> Toyota shoot its foot and learnt how not to anymore.<br>
>><br>
>> This is a nice read on the things our software do when the stack overflows.<br>
>> Are We Shooting Ourselves in the Foot with Stack Overflow?<br>
>> <a href="http://embeddedgurus.com/state-space/2014/02/are-we-shooting-ourselves-in-the-foot-with-stack-overflow/" target="_blank">http://embeddedgurus.com/state-space/2014/02/are-we-shooting-ourselves-in-the-foot-with-stack-overflow/</a><br>
>><br>
>> The question on the table is<br>
>><br>
>> are we following time proven safety rules when the same thing happen to our VM?<br>
<br>
</div></div>From the top of my head, I would expect operating systems for non-embedded devises to allocate a protected page at the end of the stack to detect stack overflows.<br>
And, most of the standard OSes should use Address Space Layout Randomization, which you need to turn off explicitly if you actually want to make sure that your stack is at a predefined position.<br>
<br>
I think, this article is really targeted towards embedded systems, where you might not even got a MMU.<br>
<br>
And, if you are interested in those things, it might be best to follow Eliot’s suggestion and discuss it on the VM list.<br>
<br>
Best regards<br>
<span class="HOEnZb"><font color="#888888">Stefan<br>
<br>
--<br>
Stefan Marr<br>
INRIA Lille - Nord Europe<br>
<a href="http://stefan-marr.de/research/" target="_blank">http://stefan-marr.de/research/</a><br>
<br>
<br>
<br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br>best,<div>Eliot</div>
</div></div>