[C-safe-secure-studygroup] examples of Rule 11.4 violations in practice
Martin Sebor
msebor at gmail.com
Thu Feb 22 22:12:52 GMT 2018
On our call a couple of weeks ago we discussed MISRA Rule 11.4
A conversion should not be performed between a pointer to object
and an integer type.
I was asked for some examples of violations of the rule in
existing practice. Here are some from the GNU toolchain.
1. GNU Libc Pointer Encryption relies on converting between
pointers and integers:
https://sourceware.org/glibc/wiki/PointerEncryption
2. GCC uses a hash_map to store all sorts of internal data,
most of which is pointers to dynamically allocate objects
(gimple*, rtx, tree, etc.). hash_map is a C++ template
that relies on hash_traits to hash its values. In older
versions of GCC (before the conversion to C++) it used
the same approach in C. The latest code can be seen here:
https://gcc.gnu.org/viewcvs/gcc/trunk/gcc/hash-traits.h?revision=256169&view=markup#l158
The candidate argument is of pointer type. The hash value
is just the pointer value converted to an integer stripped
of its three least significant bits:
return (hashval_t) ((intptr_t)candidate >> 3);
3. Gold, the other GNU linker, uses hashing to map symbol names
to symbol definitions. The linker stores names in a global
pool so distinct symbol names have unique addresses which
makes it possible to compute the mapping by using string
pointers rather than their full contents. The workhorse
is struct Symbol_location_hash which is also a C++ type,
but the same idea applies equally well to C. The Gold
code can be viewed here:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=blob;f=gold/symtab.h;h=fdb75114acd39db92461b42655aa1faf3a7e79b1;hb=HEAD#l1307
Martin
More information about the C-safe-secure-studygroup
mailing list