Comments (3)
Rust expects
bool
to always be 1-byte, so this is liable to crash at runtime due to misaligned reads/writes.
- What Rust does internally is formally irrelevant in the context, because it's obliged to interface with blst by C rules, due to
extern "C"
declaration. - The misalignment comes into picture only if you actually store the value and misinterpret its type. While what we are looking at here is argument passing. One could discuss misalignment only if the values were passed by reference, which is not the case here.
- Essential to note that argument passing is not part of the language standard and is left to implementation, specification of which is referred to as calling convention.
- All supported C calling conventions, including Microsoft, are known to widen narrow arguments being passed to and from subroutine to at least 32 bits. ["At least" refers to the fact that on supported 64-bit platforms widening implies zeroing the upper half of the corresponding argument register.]
- Relying on this is not a result of an oversight, but a conscious choice driven by security requirements, constant-time-ness to be specific.
This is not to say that the definition in question can't possibly cause problems elsewhere, only that the referred argument is effectively moot in the specifica context of this query. BTW, with 1. in mind, if the problem emerged with a Rust update, one can wonder if Rust broke the contract and should be held responsible. Though I still fail to imagine how would it be a problem on argument passing...
As for what to do. One has to recognize that blst.h is not used when the C part or Rust bindings are compiled. So that passing /std:c11
in blst build script won't make any difference. The only thing one can do is to see if bool is defined and act accordingly. I'll make a suggestion later on...
from blst.
bool *
Yes, misinterpreting type would be a problem in this case.
deficiency of Rust's bindgen, which ideally would have run the C preprocessor...
It actually does that. And then it maps some of the C types directly into corresponding Rust types. For example C _Bool
to bool
, size_t
to usize
, uint32_t
to u32
, etc. It's very much appreciated, because it allows you to avoid excessive as
casts on the Rust side. Just in case, yes, you have to put the C preprocessor in position to expose specifically _Bool
to get the desired mapping. Which by the way is why it's a macro in blst.h and not a typedef. (And as already mentioned, it works reliably for by-value arguments even if there is a type mismatch, thanks to the way calling conventions are specified.)
As for committed fix. One could extend __STDC_VERSION__>=199901
with || _MSC_VER >=1928
, but I've chosen to not play the Microsoft mind games:-)
Thanks!
from blst.
Thanks for the context and corrections! I see now that blst.h
and the Rust bindings are a safe interface to blst
if used without additional C code. The problem in c-kzg-4844
was that it included blst.h
and then defined several functions with * bool
arguments:
This made it possible for unaligned and out-of-bounds accesses to occur when the caller passed a pointer to a single byte (with byte alignment). I think it broke when we updated Rust/LLVM because we were relying on undefined behaviour -- the compiler was within its rights to do whatever it wanted. I also agree that this is a deficiency of Rust's bindgen
, which ideally would have run the C preprocessor and realised that bool
was 4 bytes.
I'm not an expert in blst
's code nor the details of C, so I don't mind if you ignore my suggested fixes. I think you're better positioned to come up with something that fits with the rest of the codebase and your design goals. Thanks :)
from blst.
Related Issues (20)
- `blst` fails to build macos 13.x HOT 2
- Rust bindings: `PublicKey::key_validate` not linking for `x86_64-fortanix-unknown-sgx` (current master branch) HOT 11
- [Rust-binding] Proposal to implement `std::hash::Hash` for publicly exposed structures HOT 6
- Rust Bindings: Replacing slices of references to iterators of references for aggregation HOT 3
- BLST throws illegal instruction error on AMD K10 CPUs (Windows) HOT 27
- How Derive keys by path? HOT 2
- The same private key but different public key results HOT 2
- Segmentation fault in some machines and not in others using OpenBSD adJ74 HOT 15
- Rust bindings not recompiled on target CPU change HOT 6
- Unable to build on x86 macOS using LLVM 17.0.6 HOT 4
- When might the next release be cut? HOT 5
- ARMv7 optimization HOT 19
- Bug: Incorrect result from blst_fp_inverse()
- Failed to build with `undefined: Message` HOT 1
- Rust bindings broken on Mac Sonoma 14.5. HOT 2
- RISC-V compilation? HOT 5
- PT constructor with node.js binding HOT 1
- `aggregate_verify` no longer accessible targetting `wasm32-unknown-unknown` HOT 5
- how to sign a msg hash instead of msg with rust bindings? HOT 3
- Integration to `conda-forge` - issue with mac build HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from blst.