Re: Hidden read of indeterminate memory

From: glen herrmannsfeldt (gah_at_ugcs.caltech.edu)
Date: 12/21/03 

Date: Sun, 21 Dec 2003 07:48:01 GMT

pete wrote:

(snip)

> According to:
> 1 the definition of undefined behavior
> 2 the fact that uninitialized objects have indeterminate value

> I don't think that a program is required to reserve storage
> for an uninitialized object,
> unless the address is of the object is taken.

Maybe not.

One I did hear about, and posted in another, unrelated, thread,
was a system that initially mapped the same page of real memory
to all allocated virtual memory, and marked that page read only.

When it was actually written to, a new, read/write page is
allocated, the page tables are changed, and the data is written
into that page.

The unexpected effect came when someone wanted to test the
speed of memory access, minimizing the effect of a cache.

The test program malloc()'ed a large region of memory and
continually accessed it. It was enough larger than the cache
that it was expected all access to go to real memory.

As it didn't seem to matter what the data was, nothing was
ever written to the memory. Well, only one real page was
allocated, small enough to fit in the cache, and so the cache
speed was measured.

It might be possible on some systems to initially map such
pages so that they couldn't be read, and have undesirable
side effects. It doesn't seem much harder, though, to map
to a single page, assuming that a paging system is in use.

There are unexpected effects that can occur when memory is
read without first being written. Because of the cases where
this could happen, unintentionally, in real programs, systems
should make sure that the effects aren't too bad.

Padding bytes of structures, for example, are normally not
written, yet one could reasonably expect to be able to copy
a structure with memcpy().

-- glen

Relevant Pages

  • Re: Cached memory never gets released
    ... Stock linux 2.4.26 kernel. ... Due to flash bug 3M of memory gets lost due to font memory getting lost ... The output of "free" cache number steadily grows. ... longer to exhaust all of system memory with the cache. ...
    (Linux-Kernel)
  • Re: Problem: Creating a raw binary string
    ... > While its true that a 64-bit cpu will move twice the data per instruction it ... > Memory bus width plays an important role here and unless it too is widened / ... You are forgetting the two levels of cache in the processor. ... The memory chips are addressed in Row col fashion. ...
    (alt.comp.lang.borland-delphi)
  • Re: Is Greenspun enough?
    ... Most OSes memory map executables directly from the file system so code doesn't pollute the file cache or swap space. ...
    (comp.lang.lisp)
  • Re: Superstitious learning in Computer Architecture
    ... Without a LOT of logic or some other better approach, re-executing the instructions requires re-decoding and it ties up the cache memory bus transferring more data as instructions than the instructions are working on. ... The concept of cache is fundamentally flawed in that it STILL restricts access to one word per clock cycle, when a single modern ALU can easily use 5 plus whatever is eaten up with instruction accesses. ... The size of an optimizing compiler is proportional to the SQUARE of the size of the language times the SQUARE of the complexity of the machine - because all interactions must be considered. ...
    (comp.arch.arithmetic)
  • Re: FPGA-based hardware accelerator for PC
    ... I know that in most cases the CPU ... that it contsins no cache, as BRAMs are too precious resources to be wasted ... The BRAMs are what define the opportunity, ... many threads with full associativity of memory lines using hashed MMU ...
    (comp.arch.fpga)