• State Not Answered
  • Locked Locked
  • Replies 61 replies
  • Subscribers 21 subscribers
  • Views 9196 views
  • Users 0 members are here
2025 survey

We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.

Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Hardening of firmware

ImPer Westermark

Here is a link to a number of suggestions I have compiled for hardening of firmware.

I'm pretty sure that a lot can be said about the list, so please post coding tips or links to pages with good information of software hardening.

iapetus.neab.net/.../hardening.html

Parents
  • 0 in reply to ImPer Westermark

    This is a reason why a sw design should avoid aliased accesses to variables, where two different pointers, or a pointer and a direct access may modify the same variable - the compiler may decide that it knows the contents of a variable even when modified.

    void timers_v1(int *timer1, int *timer2, int *step)
{
*timer1 += *step;
*timer2 += *step;
}

    this compile inefficiently (the value pointed by 'step' is loaded twice, between the increments) as the compiler cannot know in advance that 'step' and 'timer1' do not point to the same spot in memory.

Reply
  • 0 in reply to ImPer Westermark

    This is a reason why a sw design should avoid aliased accesses to variables, where two different pointers, or a pointer and a direct access may modify the same variable - the compiler may decide that it knows the contents of a variable even when modified.

    void timers_v1(int *timer1, int *timer2, int *step)
{
*timer1 += *step;
*timer2 += *step;
}

    this compile inefficiently (the value pointed by 'step' is loaded twice, between the increments) as the compiler cannot know in advance that 'step' and 'timer1' do not point to the same spot in memory.

Children
  • 0 in reply to Tamir Michael

    but this works better:

    void timers_v1(int *timer1, int *timer2, int *step)
{
int temp = *step ;

*timer1 += temp ;
*timer2 += temp ;
}

  • 0 in reply to Tamir Michael

    In your case, it may even be required to use the second construct to make sure that both timers are always incremented by the same amount.

    Aliasing is not a concept that should be forbidden, but something the developer must at all times design for and document.

    The trivial case of a required aliasing is inserts/removes to a sorted array, and a reason for the existence of the memmove() function that handles overlapping memory regions.

    But the above two situations are not problematic for the compiler. If your pointer was to a variable that could change during the function call, then you should have used the volatile keyword to force multiple pointer accesses. Without volatile, it will be up to the compiler to decide if it should read 'step once or twice.

    The problematic and hurtful form of aliasing is when you have a global variable that you sometimes accesses directly, and sometimes using a pointer. A function that gets this pointer as a parameter will not know that writes to the pointer will change the value of the global variable, so it may decide to cache the contents of the global variable. And it will not know that a write to the global variable will change the value accessible through the pointer.

  • 0 in reply to Tamir Michael

    Note that your example isn't really aliasing.

    You are making a copy of a value.

    But the concept of variable aliasing is when you have more than one access path to a variable. And the problem comes when the compiler isn't aware of these multiple paths.