Hello:
We know that C programs are often vulnerable to buffer overflows which
overwrite the stack.
But my question is: Why does C insist on storing local variables on the
stack in the first place?
I can see two definite disadvantages with this:
1) deeply nested recursive calls to a function (especially if it defines
large local arrays) can easily overflow the stack
2) the problems described above of security vulnerabilities .
My solution would be for C instead to store its local variables on the
heap - effectively separating data from executable code.
What do people think?
Mar 14 '08
87  5567 
On Fri, 14 Mar 2008 21:58:57 +0100 (CET), CJ <cj@nospam.comw rote in
comp.lang.c:
Hello:
We know that C programs are often vulnerable to buffer overflows which
overwrite the stack.
Not on most C compilers for 8051 architecture.
But my question is: Why does C insist on storing local variables on the
stack in the first place?
As has been said to death, C does not. Quite a few C compilers
specifically do not. I know of at least one architecture where it is
quite impossible, as the stack is completely inaccessible to
instructions other than call and return.
I can see two definite disadvantages with this:
1) deeply nested recursive calls to a function (especially if it defines
large local arrays) can easily overflow the stack
2) the problems described above of security vulnerabilities .
My solution would be for C instead to store its local variables on the
heap - effectively separating data from executable code.
What do people think?
I think I can see two definite disadvantages with people pontificating
about subjects in which they have insufficient. Deducing what they
are is left as an exercise to the reader.
--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://c-faq.com/
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.l earn.c-c++ http://www.club.cc.cmu.edu/~ajo/docs/FAQ-acllc.html
In article <fr***********@ pc-news.cogsci.ed. ac.uk>,
Richard Tobin <ri*****@cogsci .ed.ac.ukwrote:
....
>The C standard does not insist on a stack. Almost all implementations
do. The OP is unlikely to know that some people here will insist on
interpreting "C" as "the C standard". You could have perfectly well
made it clear with accusing Jacob of lying, which he is obviously not.
Oh oh. Clique membership in jeopardy.
On Fri, 14 Mar 2008 23:34:38 +0000, Richard Tobin wrote:
In article <e4************ *************** @cache6.tilbu1. nb.home.nl>,
Harald van Dijk <tr*****@gmail. comwrote:
>>>>But my question is: Why does C insist on storing local variables on
the stack in the first place?
>>>It doesn't.
>>This is blatantly wrong.
>>Don't lie.
You don't have to drag your endless dispute with Jacob into *every*
thread.
Excuse me? You might want to re-read the thread. I didn't drag anything
in here.
>>C doesn't insist on a stack, and you know it just as well as most others
here.
The C standard does not insist on a stack. Almost all implementations
do. The OP is unlikely to know that some people here will insist on
interpreting "C" as "the C standard".
The OP ("CJ", as should have been mentioned in the attributions) is no
stranger here, and has asked questions why things are or aren't in the
standard in the past here in c.l.c. I was pretty sure that's what he's
asking now.
You could have perfectly well
made it clear with accusing Jacob of lying,
Yes, and I should have, but...
which he is obviously not.
....I'm not convinced one way or the other. However, jacob, I do apologise.
"CJ" <cj@nospam.comw rote in message
news:sl******** ***********@nos pam.invalid...
But my question is: Why does C insist on storing local variables on the
stack in the first place?
I think the following is more informative than all the other responses
you've gotten so far:
"Any function in C may be recursive (without special declaration) and most
possess several 'automatic' variables local to each invocation. These
characteristics suggest strongly that a stack must be used to store the
automatic variables, caller's return point, and saved registers local to
each function; in turn, the attractiveness of an implementation will depend
heavily on the ease with which a stack can be maintained."
"Portabilit y of C Programs and the UNIX System" SC Johnson and DM Ritchie http://cm.bell-labs.com/cm/cs/who/dmr/portpap.html
Rod Pemberton
jacob navia <ja***@nospam.c omwrites:
[...]
I have yet to see a SINGLE example of an implementation that
doesn't use a stack for the local variables. Yes, a single
one.
Until now, there wasn't any that the regulars could put forward.
(Obviously in machines running now, and having a certain
minimum size. Coffee machines with less than 1K of
RAM and similars do not count)
For the umpteenth time, it depends on what you mean by "stack". If
you mean an abstract last-in first-out data structure, then the
semantics of C function calls require a stack (but it's clear that
that's not what the original poster in this thread was referring to).
If you mean a typical contiguous hardware stack managed via a stack
pointer, at least one example of an implementation that *doesn't* use
such a thing has been mentioned here many times, namely an IBM
mainframe system that allocates function activation records on the
heap (or something similar).
--
Keith Thompson (The_Other_Keit h) <ks***@mib.or g>
Nokia
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"
"Rod Pemberton" <do*********@no havenot.cmmwrot e in message
news:fr******** **@aioe.org...
"CJ" <cj@nospam.comw rote in message
news:sl******** ***********@nos pam.invalid...
>But my question is: Why does C insist on storing local variables on the
stack in the first place?
I think the following is more informative than all the other responses
you've gotten so far:
"Any function in C may be recursive (without special declaration) and most
possess several 'automatic' variables local to each invocation. These
characteristics suggest strongly that a stack must be used to store the
automatic variables, caller's return point, and saved registers local to
each function; in turn, the attractiveness of an implementation will
depend
heavily on the ease with which a stack can be maintained."
And if a function is recursive there's often no easy way of protecting the
top of the stack from overflow, because the depth of recursion tends to be
controlled by the input.
However a stack overflow is less likely than a buffer overrun into the stack
to be exploitable. When user can overwrite a return address and put
user-defiined bytes that the place the new return points to then you've got
either a security hole or the mother of all user-configurable programs.
--
Free games and programming goodies. http://www.personal.leeds.ac.uk/~bgy1mm
jacob wrote:
) Willem wrote:
)CJ wrote:
)) But my question is: Why does C insist on storing local variables on the
)) stack in the first place?
)>
)It doesn't. Your question is moot.
)>
)>
)SaSW, Willem
)
) This is wrong. Most C implementations use the hardware stack
It is perfectly correct. You should update your reading skills.
C does not ***INSIST*** on storing local variables on the stack.
'Insist' is something that can be said of requirements and/or standards.
It is *not* something you say of an *implementation *.
SaSW, Willem
--
Disclaimer: I am in no way responsible for any of the statements
made in the above text. For all I know I might be
drugged or something..
No I'm not paranoid. You all think I'm paranoid, don't you !
#EOT
Willem wrote:
jacob wrote:
) Willem wrote:
)CJ wrote:
)) But my question is: Why does C insist on storing local variables
on the )) stack in the first place?
)>
)It doesn't. Your question is moot.
)>
)>
)SaSW, Willem
)
) This is wrong. Most C implementations use the hardware stack
It is perfectly correct. You should update your reading skills.
C does not ***INSIST*** on storing local variables on the stack.
C does insist that automatic variables be treated in LIFO manner with
regard to their lifetimes. However this LIFO characteristic needn't be
implemented with a LIFO data structure, I think.
'Insist' is something that can be said of requirements and/or
standards. It is *not* something you say of an *implementation *.
A non-conforming implementation can insist on doing things it's own way.
Willem wrote:
santosh wrote:
) C does insist that automatic variables be treated in LIFO manner
with ) regard to their lifetimes. However this LIFO characteristic
needn't be ) implemented with a LIFO data structure, I think.
You can store all automatic variables in a malloc()ed block, and store
the pointer to that on the stack, for example.
You could also have one stack for call/return, and one for automatic
storage, but the OP's wording 'using _the_ stack' rules this out.
Actually I was wondering if a conforming C implementation could be
written, and a conforming C program compiled and run, without *any* use
of a LIFO data type.
<agree with the rest>
jacob navia wrote:
>
Please look it up and stop telling stories.
Please look up the word "stack" in the standard and tell us where it occurs.
--
Ian Collins. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: pertheli |
last post by:
I am in a situation where only "goto" seems to be the answer for my
program logic where I have to retry calling some repeated functions.
Can anybody help in the usage of goto and its effect in local
variables, as shown in the stripped code below
void MyClass:Process(){
int iMaxRetry = 100;
|
by: Andre |
last post by:
Hi,
If I say:
int i = 5;
Does 'i' get stored on the stack? If yes, where *is* the stack? On the
heap? What manages the stack and how does it get created? Thanks
-Andre
|
by: S. A. Hussain |
last post by:
Where Global variables created in STACK or HEAP in C/C++?
ve##tolimitsyahoocom, delete ##
|
by: Murali |
last post by:
Hi
Can anyone tell me where a static variable be stored. I am sure that it is
stored in the data segment of the executable's memory footprint...But in
what? a stack or a heap or is it purely compiler/OS dependent?
Thanks in advance...
Murali
|
by: Madhav |
last post by:
Hi all,
I did not understand why do the global vars are
initialized to NULL where as the block level variables have random
values? I know that the C standard requires this as was mentioned in a
recent thread.
I want to know why this descrimination is in place. Can't all the
variables be initialised to NULL automatically by the compiler? This
would make programming a little easier.
| | |
by: Clausfor |
last post by:
Hello,
I have a problem with restoring variables in the setjmp/longjmp
functions:
K&R2 for longjmp says:
"Accessible objects have the same value they had when longjmp was
called, except for automatic non volatile variables of the function
invoking setjmp, these will be undefined if modified after the setjmp
call"
|
by: tshad |
last post by:
Using VS 2003, I am trying to take a class that I created to create new
variable types to handle nulls and track changes to standard variable types.
This is for use with database variables. This tells me if a variable has
changed, give me the original and current value, and whether the current
value and original value is/was null or not.
This one works fine but is recreating the same methods over and over for
each variable type.
...
|
by: kr |
last post by:
Hi All,
Suppose I consider a sample program as given below:-
#include<stdio.h>
#include<stdlib.h>
int i;
int main()
{
char *test(int i);
char *tmp = NULL;
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
| | |
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
