Zeroing core. 2582

KR Williams

XBOX 360 2583
then to Could be. I can't remember. Kewl. Isn't there a case where some sounds or...

Any developer who buttumes that, even if memory is known to be set to zero, that it has the correct value, should be shot.

In the C language, only the integral types are required to treat an all-zero-bits object as a value representing zero. If the memory is taken to be a char, unsigned char, int, and so forth, and has all-zero-bits, then the value is zero.

A null pointer could be represented by some other bit pattern, as could the floating-point value 0.0.

The right thing to do is to to actually buttign the correct initial values to the relevant member variables.

C does this for static structs for you:

struct foo x; * at file scope or static *

All members without explicit initializers are set to the appropriate zero or null value, which isn't necessarily an all-zero-bits pattern.

For local structs, you can use the universal intializer { 0 }.

{ struct foo x = { 0 };

}

For dynamically allocated structs, you can use a static template and buttign:

foo *foocreate() { static foo blankfoo; foo *newfoo = malloc(sizeof *newfoo);

if (newfoo) *newfoo = blankfoo;

return newfoo; }

It's inefficient for a memory allocator to clear memory, because it has no way of knowing whether the application actually needs that. The very next action could be that the memory is filled with some other value.

The reason that low-level OS functions like mmap() or brk() give you zero-filled pages is because the pages were previously allocated to some other process, or were used for the buffer cache or whatever.

Process A allocates a page, fills it with sensitive data. The page is swapped out, and the frame is rebuttigned to process B without clearing, and so B witnesses the sensitive data even though A hasn't logically deallocated it! If the OS doesn't clear frames, the only way A can protect itself is to nail sensitive pages to memory, and clear them out before un-nailing them.

Oh yeah, and a virtual memory allocator that is set up for overcommitting can actually just have one reserved frame of memory that is filled with zeros. When you allocate a large extent form the OS, it can set up the page table entries such that they all point to that one zero-filled page. The entries are marked for copy-on-write. So the operation of actually setting many megabytes of RAM to zero can be deferred.

List | Previous | Next

XBOX 360 2583

Alt Folklore Computers from Newsgroups

The #1 Usenet Provider on the Internet

Zeroing core. 2581

PLEX86 x86- Virtual Machine (VM) Program


	CVS \| Mailing List \| Download \| Newsgroups

		Zeroing core. 2582 KR Williams XBOX 360 2583 then to Could be. I can't remember. Kewl. Isn't there a case where some sounds or... Any developer who buttumes that, even if memory is known to be set to zero, that it has the correct value, should be shot. In the C language, only the integral types are required to treat an all-zero-bits object as a value representing zero. If the memory is taken to be a char, unsigned char, int, and so forth, and has all-zero-bits, then the value is zero. A null pointer could be represented by some other bit pattern, as could the floating-point value 0.0. The right thing to do is to to actually buttign the correct initial values to the relevant member variables. C does this for static structs for you: struct foo x; * at file scope or static * All members without explicit initializers are set to the appropriate zero or null value, which isn't necessarily an all-zero-bits pattern. For local structs, you can use the universal intializer { 0 }. { struct foo x = { 0 }; } For dynamically allocated structs, you can use a static template and buttign: foo foocreate() { static foo blankfoo; foo newfoo = malloc(sizeof newfoo); if (newfoo) newfoo = blankfoo; return newfoo; } It's inefficient for a memory allocator to clear memory, because it has no way of knowing whether the application actually needs that. The very next action could be that the memory is filled with some other value. The reason that low-level OS functions like mmap() or brk() give you zero-filled pages is because the pages were previously allocated to some other process, or were used for the buffer cache or whatever. Process A allocates a page, fills it with sensitive data. The page is swapped out, and the frame is rebuttigned to process B without clearing, and so B witnesses the sensitive data even though A hasn't logically deallocated it! If the OS doesn't clear frames, the only way A can protect itself is to nail sensitive pages to memory, and clear them out before un-nailing them. Oh yeah, and a virtual memory allocator that is set up for overcommitting can actually just have one reserved frame of memory that is filled with zeros. When you allocate a large extent form the OS, it can set up the page table entries such that they all point to that one zero-filled page. The entries are marked for copy-on-write. So the operation of actually setting many megabytes of RAM to zero can be deferred. List \| Previous \| Next



		XBOX 360 2583 Alt Folklore Computers from Newsgroups The #1 Usenet Provider on the Internet Zeroing core. 2581