Fritz Wuehler wrote:
> Drazen Kacar <
da...@fly.srk.fer.hr> wrote:
> > Fritz Wuehler wrote:
> > I'm saying that alloca() has been a hack from the C standard point of
> > view. Meaning it has no part in the language standard. That doesn't mean
> > it has no part anywhere else.
>
> That is an important clarification but from your explanation of how it works
> (badly) it's a hack from any point of view.
It's a fast hack. Most things are a trade-off and the usuall alloca()
implementation gives you speed in exchange for the usual level of falling
off the stack security (ie. none).
> > > Why the extra layer of libc? A good OS ought to be self
> > > contained and provide all the essential functions as sys or kernel calls.
> >
> > Why? What is the virtue of that kind of architecture?
>
> Simplicity, correctness, and no UNIX-like who's got the banana
> finger-pointing.
In other words: you like it better that way.
> > The standard way is usually implemented in libc and that is what the OS
> > provides.
>
> This is the key point I guess. I don't like the UNIX design of a kernel with
> syscalls and a separate library and compilers that implement their own
> services. UNIX people do like that design.
Unix people are accustomed to it, so they usually don't give it much
thought.
> You call it a separation, I call it needless layers, complexity,
> finger-pointing and most of all bad interface design where stuff
> eventually drops through the cracks.
Needless is in the eye of the beholder. Complexity is inescapable, no
matter what you do and how you design things. Of finger-pointing's
existance I'm still not convinced, so no comment on that.
> What's a syscall? What's a libc call? What's the difference?
Syscall is an implementation detail. OS API consists of library calls.
> Just give me a monolithic service platform. Don't give me bullshit
> stories, give me services.
Nobody's giving you syscalls.
> > Compiler's primary job is to generate instructions. It usually doesn't
> > know whether any given function is a library call or a function
> > implemented by the application.
>
> But you or Ian said alloca() is implemented by the compiler, so...
Mostly, these days, because it's convenient for the compiler to do so.
Alloca() translates to one or two instructions and it's nice to have a
compiler built-in to do that. There was a huge header file floating around
with programs that were using autoconf for configuration. That huge header
file implemented alloca() for platforms which didn't have it built in.
Besides, that which looks like a function could actually be a macro and it
frequently is. That's the way of C. I don't particularly like it, but it
never caused me any problems.
> > There are things which are translated in a single instruction. (The
> > current alloca() implementation is one of them.) What's the point of
> > making that one instruction a library call? Just to make it slower?
>
> Slow and correct beats fast and broken every time. Except on UNIX I guess.
Except in the real world:
http://www.jwz.org/doc/worse-is-better.html
Besides, I don't see how is one instruction wrapped in a function more
correct than that same one instruction inlined.
> > Besides, the implementor should have the means to design his own
> > architecture, ie. to decide whether something goes into the compiler, libc
> > or the kernel. It doesn't affect your programs in any way.
>
> Well it does to the extent everybody seems to have mindlessly copied
> everyone else so the way things were implemented *does* have an effect on
> how code needs to be written.
Would you give us an example?
> > > That is finger-pointing and it's one of the really bad things about
> > > UNIX. Nobody owns the problem.
> >
> > And the problem is?
>
> The problem is according to you alloca() is a broken/unsafe service.
According to me it's a hack. It's broken according to you.
> And nobody owns the problem.
Which problem? Changing semantics of alloca function? That isn't anyone's
problem because nobody's supposed to do that. If you want different
functionality, you add another function.
> The libc guys say it's not our code. The OS says
> I'll interrupt you if you touch an unallocated page. The compiler says sure
> pal here's your storage, sortof, kinda, hope you like it and btw if you run
> off the end it's not my problem it's the OS's problem.
I haven'r heard the compiler saying that.
> Unsafe services and broken interfaces don't belong in a real OS.
Oh? There are programs which implement memory management by catching SIGSEGV
and extending the memory region. They are using unsafe services because
that's exactly what they need. And then the memory management module makes
the whole thing safe and exports the interface to the rest of the program.
It would be very hard to implement your own memory management interface if
the OS was forcing you to use its own safe service.
> alloca() should let you know if the request can't be satisfied or
> return you a pointer and length to how much is available, etc.
You'll have to write your own function to do that. :-)
> Fast and broken is crap.
Perhaps. OTOH, from my point of view, alloca() is a convenience, meaning
that it generates that one machine instruction which cannot be generated
from the C code, so it saves me from inlining assembly.
Because of its hackish nature alloca() is not a part of the C standard and
not a part of the POSIX standard (and there are no other relevant
standards for this level of functionality, as far as I know). Those two
standards are defining serious and non-hackish language and operating
system and they don't include hackish things if at all possible. The
latest C standard even outlawed gets().
Creating a safe variant of alloca() isn't anyone's problem because it's
nonexistance is not a practical problem. And I don't understand why you
so desperately want that to become somebody's problem. If you're so
interested in creating that function, you could just write it and give it
to the rest of the world.