Date: Tue, 03 Jun 2025 04:28:54 -0700
> On Jun 3, 2025, at 4:15 AM, Frederick Virchanza Gotham via Std-Proposals <std-proposals_at_[hidden]> wrote:
>
> On Tue, Jun 3, 2025 at 11:37 AM Oliver Hunt wrote:
>>
>> Here's what you need:
>>
>> https://godbolt.org/z/aaMjfvbro
>>
>> No. That does not work.
>>
>> I do not know why you are arguing with me. What you are trying to do does _not_ work.
>>
>> I gave you multiple godbolt links showing you the required, type specific, codegen required to load the vtable pointer.
>
>
>
> Specifically, you provided me with assembler that loads the vtable
> pointer in such a way that it does pointer authentication checks
> because you used compiler options such as
> "-fptrauth-vtable-pointer-address-discrimination", meaning that the
> machine code emitted from the compiler used instructions such as
> 'autd'. It is the introduction of these instructions (such as 'autd')
> into the machine code that crashed the program.
>
> Your code did way more stuff than it was supposed to do. All it had to do was:
>
> (1) Get the vtable pointer from the object, conveniently always
> located at [base + 0x00]
> (2) Dereference the vtable pointer and substract 8 to yield the
> address of the type_info
>
No, because that’s what the vtable authentication schema *is* on darwin.
The reason those flags are passed explicitly in the godbolt example is because godbolt does not target darwin.
> and:
>
> (1) Get the vtable pointer from the object, conveniently always
> located at [base + 0x00]
> (2) Dereference the vtable pointer and substract 16 to yield the
> address of the "distance to most derived" offset.
And this faults immediately because you failed to authenticate the load, and so the load is invalid.
> (3) Add the offset to the address of the sub-object.
You don’t get this far.
> Your code did way more than that. Sabotage is a strong word but it's
> borderline applicable here.
>
My code literally did what the Darwin ABI is. Please stop arguing with reality.
As a followup: don’t you *ever* accuse me of “sabotage” when I am literally describing the ABI for a platform.
I am at this point going to consider your behavior and attitude to not simply be bad faith, but outright abusive, and will be raising this through the appropriate channels.
—Oliver
>
> On Tue, Jun 3, 2025 at 11:37 AM Oliver Hunt wrote:
>>
>> Here's what you need:
>>
>> https://godbolt.org/z/aaMjfvbro
>>
>> No. That does not work.
>>
>> I do not know why you are arguing with me. What you are trying to do does _not_ work.
>>
>> I gave you multiple godbolt links showing you the required, type specific, codegen required to load the vtable pointer.
>
>
>
> Specifically, you provided me with assembler that loads the vtable
> pointer in such a way that it does pointer authentication checks
> because you used compiler options such as
> "-fptrauth-vtable-pointer-address-discrimination", meaning that the
> machine code emitted from the compiler used instructions such as
> 'autd'. It is the introduction of these instructions (such as 'autd')
> into the machine code that crashed the program.
>
> Your code did way more stuff than it was supposed to do. All it had to do was:
>
> (1) Get the vtable pointer from the object, conveniently always
> located at [base + 0x00]
> (2) Dereference the vtable pointer and substract 8 to yield the
> address of the type_info
>
No, because that’s what the vtable authentication schema *is* on darwin.
The reason those flags are passed explicitly in the godbolt example is because godbolt does not target darwin.
> and:
>
> (1) Get the vtable pointer from the object, conveniently always
> located at [base + 0x00]
> (2) Dereference the vtable pointer and substract 16 to yield the
> address of the "distance to most derived" offset.
And this faults immediately because you failed to authenticate the load, and so the load is invalid.
> (3) Add the offset to the address of the sub-object.
You don’t get this far.
> Your code did way more than that. Sabotage is a strong word but it's
> borderline applicable here.
>
My code literally did what the Darwin ABI is. Please stop arguing with reality.
As a followup: don’t you *ever* accuse me of “sabotage” when I am literally describing the ABI for a platform.
I am at this point going to consider your behavior and attitude to not simply be bad faith, but outright abusive, and will be raising this through the appropriate channels.
—Oliver
Received on 2025-06-03 11:29:09