Anybody know how Windows VirtualProtect timing works across threads? If I call VirtualProtect(...PAGE_READONLY) then set a flag via LOCK OR, is it possible that other threads will see the flag set but still be able to write to the page?
-
-
Replying to @TimSweeneyEpic
I assume that VirtualProtect is implemented as a syscall that modifies GDT. In that case all threads shall see the same.
1 reply 0 retweets 1 like -
Replying to @lupus_subdola @TimSweeneyEpic
Yeah, it should be impossible for any thread to write to that memory as soon as the syscall returns. But do you know if it invalidates the cache immediately?
1 reply 0 retweets 0 likes -
Replying to @tmr232 @TimSweeneyEpic
No I don’t. It should be possible to use IDA or WinDbg to debug the kernel and see what it actually does. I think that MS would document side effects of that function if there were any. Tim’s question sounds to me like this: is there a security hole in VirtualProtect? :)
1 reply 0 retweets 0 likes -
Replying to @lupus_subdola @TimSweeneyEpic
If that's the question - I feel safe saying there isn't. Someone (
@aionescu?) would've found this one out ages ago.1 reply 0 retweets 0 likes -
Thanks for the tips! I’m not looking for a security hole, just wondering if I can structure a garbage collector to use VirtualProtect to learn about mutator thread writes without adding expensive sync code around those writes.
2 replies 0 retweets 1 like -
Replying to @TimSweeneyEpic @tmr232 and
This is in fact how many GC's work. :) https://lwn.net/Articles/718198/ … This would help immensely a lot of them, but considering how far it is on Linux, we'll probably never see anything like this elsewhere, and on Windows esp. :(
1 reply 0 retweets 0 likes -
Replying to @nuopnu @TimSweeneyEpic and
Oh also, have you stumbled upon GetWriteWatch and soft-dirty as an alternative to page locking? https://msdn.microsoft.com/en-us/library/windows/desktop/aa366573(v=vs.85).aspx … https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/mm/soft-dirty.rst … (unfortunately the latter is useless because of its behavior, but maybe I didn't think hard enough on how to abuse it)
2 replies 0 retweets 0 likes -
Page-based tricks are very interesting, but 4K is too much memory to scan conservatively to find a few pointers, so a sub-page sized structure is required as well.
1 reply 0 retweets 1 like -
Replying to @TimSweeneyEpic @tmr232 and
> conservatively Oh no. Please consider moving to a precise GC. :) Given known alloc alignments and the dirty page bitmap, you start precise scan from that boundary with (Isa*)ptr and jump from member to member and to the next obj ptr+((Isa*)ptr)->sz. That's already a lot less.
2 replies 0 retweets 0 likes
This works if you control or at least know the layout of all objects in memory, as in Java or C#. In the Just Plain C++ case, either need to scan memory containing unknown allocations and treat their pointers as roots, or force reference counting on those pointers.
-
-
Replying to @TimSweeneyEpic @tmr232 and
A hybrid GC then? Precise via Chrome's way, or mine as in the gist from yesterday, or maybe go as far as making a pre-pass with clang to get obj layouts. Conservative for the outside. (how much is it needed tho? pin the leaking objects that go to the outside world)
0 replies 0 retweets 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.