Waldek Hebisch wrote:
I think they do not dare to disable `mprotect': after all dynamic linker have to modify jump tables for correct execution. And Java it too important to forbid executing freshly generated code.
I hope so. It would seem more like paranoia than anything else. After all, if some malicious code can call mprotect, it can most likely call any other system function it wants, so it's too late anyway ...
Do not know about PPC, but on most processors it is enough to flush a single cache line, which is moderate cost. In fact the `mprotect' syscall is likely to cost much more. However, if the trampoline stack is separate from normal stack then you can save most of the `mprotect' calls.
This might indeed an attractive solution in this case (not that I plan to implement it myself, though ;-), and probably few programs will ever need more than one page for it.
IIRC on AIX you do not need trampolines because all funtions are called via a descriptor which contains static link pointer. Wirth solution probably only considers procedure parameters. If you want also function pointers then there is a choice between thick pointers (which contain both the address and static link) and pointers to descriptors.
But what is more efficient depends very much on expected usage: if you have many function pointer but only limited number of functions then thick pointers require much more space then either trampolines or pointers to descriptors. Similarly when you pass function pointers/parameters: thick pointers are more expensive. Calling functions via trampolines is probably the most expensive way, but if you use trampolines than the const of calling normal functions is the lowest one.
If you assume that most functions are ordinary functions, and that trampolines are created infrequently and used slightly more frequently then created, then trampolines look like an optimal solution. And I think that such assumptions are in fact quite realistic.
FWIW, I agree.
But there's also a more practical point: If we want to interface to C or other functions that take plain function pointers (except perhaps on AIX as you say), we must provide such pointers. AFAICS, this requires something like trampolines.
Frank