|
OddObserver posted:I feel like avoiding the second allocation with make_shared is someone trying to be way too clever.
|
#
?
Dec 15, 2023 07:43
|
|
|
|
| # ? May 17, 2024 21:03 |
|
|
I've been having a fun time running some micro-benchmarks on my M1 Air with Apple Clang and marveling at how different Apple Clang on Mac OS on Apple Silicon behaves vs GCC on Linux on x86. I realize that the three layers of differences make it tough to isolate why something is radically faster, slower, or just plain different, but it's still been interesting and enjoyable to just to see. Initial observations are that although the Accelerate math BLAS library is blazing fast, likely because of the Apple AMX coprocessor, but vector performance seems generally worse than you get with modern x86 systems. This could be some combination of auto-vectorization being worse for clang on aarch64-apple-darwin, or a less vectorized libstdc++, or 128-bit wide NEON just lacking both width and instructions compared to AVX2. I've also seen an unexpected optimization happen repeatedly that surprised me: automatic caching of function call results. Can someone explain this to me? I'm pretty surprised that C++ compiler optimizers are this ambitious, it's definitely not just the branch predictor learning branches but seems to be optimizing out repeated calls to a function with the same args, which breaks the benchmark entirely. Here's an example of both things I'm seeing, that is slow vectorization and apparent optimizing out of actually calling the function we're trying to benchmark. The full example, ready to compile, is here: https://lemire.me/blog/2019/06/18/how-fast-is-getline-in-c/ https://github.com/lemire/Code-used-on-Daniel-Lemire-s-blog/blob/master/2019/06/18/getline.cpp If anybody wants to go deep, here it is in Godbolt with clang on aarch64 The relevant bits are here: C++ code:pre:void count_lines_benchmark(size_t) generating and parsing input having 10000000 bytes. (c = count_returns(blob.data(), blob.size())) : 41 ns total, 0.00 ns per byte or 227151.85 GB/s bogus = 124230 void get_line_benchmark(size_t) generating and parsing input having 10000000 bytes. sum_line_lengths(ss) : 28198375 ns total, 2.82 ns per byte or 0.33 GB/s void get_line_predictable_benchmark(size_t) generating and parsing input having 10000000 bytes. sum_line_lengths(ss) : 28372542 ns total, 2.84 ns per byte or 0.33 GB/s pre:void count_lines_benchmark(size_t) generating and parsing input having 10000000 bytes. (c = count_returns(blob.data(), blob.size())) : 4142333 ns total, 0.41 ns per byte or 2.25 GB/s bogus = 124230 void get_line_benchmark(size_t) generating and parsing input having 10000000 bytes. sum_line_lengths(ss) : 28193042 ns total, 2.82 ns per byte or 0.33 GB/s void get_line_predictable_benchmark(size_t) generating and parsing input having 10000000 bytes. sum_line_lengths(ss) : 28329542 ns total, 2.83 ns per byte or 0.33 GB/s pre:void count_lines_benchmark(size_t) generating and parsing input having 10000000 bytes. (c = count_returns(blob.data(), blob.size())) : 3473586 ns total, 0.35 ns per byte or 2.68 GB/s bogus = 124250 void get_line_benchmark(size_t) generating and parsing input having 10000000 bytes. sum_line_lengths(ss) : 6283024 ns total, 0.63 ns per byte or 1.48 GB/s void get_line_predictable_benchmark(size_t) generating and parsing input having 10000000 bytes. sum_line_lengths(ss) : 3708638 ns total, 0.37 ns per byte or 2.51 GB/s Edit: and I just saw the inline assembly in the benchmark code. That would do it. It's just hosed on ARM. Twerk from Home fucked around with this message at 21:07 on Dec 26, 2023 |
|
#
?
Dec 26, 2023 20:56
|
|
|
The likely chain of events here is:
That is all very likely to be target-independent. (Sometimes it is target-dependent because the ABI adds indirection that interferes with the analysis.) You can avoid that optimization in a number of ways, either by making the memory change between iterations or by adding some sort of side effect that the compiler can’t analyze, like inline assembly. rjmccall fucked around with this message at 22:28 on Dec 26, 2023 |
|
#
?
Dec 26, 2023 22:22
|
|
|
rjmccall posted:or by adding some sort of side effect that the compiler can’t analyze, like inline assembly. The trusty asm volatile ("" ::: "memory")
|
|
#
?
Dec 27, 2023 00:40
|
|
|
So as a part of our Master's degree in Computer Sciences we need to do a Bachelor's degree first. Part of that is a >kandidaatintyö in Finland, it's some kind of short-form piece of academic-style writing, 15-20 pages with 10-15 references. We got provided a LaTeX document base to work on, and some guidance for the structural aspects of the work. The content is our task to figure out. I thought about writing about C/C++'s runtime memory handling errors. My counselor/instructor is a signal processing doctor so he doesn't know much about programming. There are so many types of memory errors, so it's perhaps neccessary to choose only 1-3 to concentrate on. Anyways, do you think it would be reasonable to look for like past 10 year's of Mitre's CWE top lists and make a graph out of most common C/C++ related memory handling errors and pick top 3 of them? Talk about a bit of each of them and then perhaps give some kind of practical example with the LogoFail vulnerabilities for example? Main point of the work is to prove that we can follow a pre-determined style while writing a literature review, and we know how to use references properly. I still need some kind of subject of reasonably narrow scope to talk about to fill the pages  Here is one example of what the works look like: https://trepo.tuni.fi/handle/10024/119911 Ihmemies fucked around with this message at 15:57 on Jan 16, 2024 |
|
#
?
Jan 16, 2024 15:54
|
|
|
Is there an expectation that you're citing specifically academic sources? Over here in North America the expection would be that the equivalent would draw more on the research literature in order to discuss proposed solutions to the problem (or at the minimum principles that address the problem, which you can treat as meta-solutions), rather than pulling from CVE disclosures which will only enumerate the problems themselves (and where the solutions are presumably "don't use this variable to walk off this particular array"), but I don't know what the expectations are over there. When I've adjudicated final Bsc. theses over here, I wouldn't consider what you're proposing significantly rigorous. quote:There are so many types of memory errors, so it's perhaps neccessary to choose only 1-3 to concentrate on. Agreed that narrowing down the particular problem that you want to talk about is a good thing to do; I'd make a stronger statement and say you should focus on exactly one class of memory problem (accessing uninitialized values? Bounds checking for arrays? Undefined compiler behaviour, etc, etc); otherwise, 10-15 pages is not going to be enough to discuss anything in any reasonable detail (again, assuming the expectations for this work are similar to what they'd be over here in the US.) What specific problem and specific solution might interest you? There's lots of work in securing raw pointer accesses in sandboxes (wasm being the new hipness with plenty of work in that space, but plenty of earlier work in containerey-sorts of abstractions like Google's Native Client). Are you interested in catching invalid memory accesses at runtime, or statically verifying source code or binaries to prove that they never happen? Are you interested in what problems arise w/r/t memory safety in concurrent programs? Or asynchronous/distributed ones? Kernel or userspace or embedded software? Dijkstracula fucked around with this message at 16:31 on Jan 16, 2024 |
|
#
?
Jan 16, 2024 16:24
|
|
|
Dijkstracula posted:Is there an expectation that you're citing specifically academic sources? Yes.. quote:Over here in North America the expection would be that the equivalent would draw more on the research literature in order to discuss proposed solutions to the problem (or at the minimum principles that address the problem, which you can treat as meta-solutions), rather than pulling from CVE disclosures which will only enumerate the problems themselves (and where the solutions are presumably "don't use this variable to walk off this particular array"), but I don't know what the expectations are over there. When I've adjudicated final Bsc. theses over here, I wouldn't consider what you're proposing significantly rigorous. I understand, so it's better to ditch my idea, and use yours. Find enough recent reasonably peer-reviewed and "believable" sources, preferrably academic papers so my work ties on to ongoing research. quote:Agreed that narrowing down the particular problem that you want to talk about is a good thing to do; I'd make a stronger statement and say you should focus on exactly one class of memory problem (accessing uninitialized values? Bounds checking for arrays? etc, etc); otherwise, 10-15 pages is not going to be enough to discuss anything in any reasonable detail (again, assuming the expectations for this work are similar to what they'd be over here in the US.) This might be a good idea too. I still need to have those different sections - Introduction, Theoretical background (to present that I know what I'm talking about), Methodology, Results and Conclusion. Perhaps even one vulnerability type has enough subject matter to fill all thouse out. No idea but I'm about to find out! quote:What specific problem and specific solution might interest you? There's lots of work in securing raw pointer accesses in sandboxes (wasm being the new hipness with plenty of work in that space, but plenty of earlier work in containerey-sorts of abstractions like Google's Native Client). Are you interested in catching invalid memory accesses at runtime, or statically verifying source code or binaries to prove that they never happen? Are you interested in what problems arise w/r/t memory safety in concurrent programs? Or asynchronous/distributed ones? Kernel or userspace? Well.......... I'm more in the camp of "use memory safe languages instead". Garbage collection, borrow checking etc. I did not like my experiences with C and C++, and the constant barrage of memory handling related security issues and me having to deploy fixes to them. I want to revisit my trauma and process it by writing this piece. So at least currently I am not suggesting bandaid solutions. Rather I'd like to suggest that maybe it is time to leave leagacy languages for legacy projects, and write new code with better languages. I know, a hot take, but one which can't be repeated often enough 
|
|
#
?
Jan 16, 2024 16:34
|
|
|
Are you expected to actually design and run an experiment or just do a literature review? Based on the sections it sounds more like the former in which case you really need to focus on a specific issue.
|
|
#
?
Jan 16, 2024 16:36
|
|
|
ultrafilter posted:Are you expected to actually design and run an experiment or just do a literature review? Based on the sections it sounds more like the former in which case you really need to focus on a specific issue. A literature review, with no empirical parts. So look at what results other academically reputable academic persons have gotten, and try to piece something together based on it somehow. First I need a subject and I have one, but I think it is too broad, so I'm trying to figure out some way narrow it down. Ihmemies fucked around with this message at 16:50 on Jan 16, 2024 |
|
#
?
Jan 16, 2024 16:47
|
|
|
Ihmemies posted:This might be a good idea too. I still need to have those different sections - Introduction, Theoretical background (to present that I know what I'm talking about), Methodology, Results and Conclusion. Ihmemies posted:Find enough recent reasonably peer-reviewed and "believable" sources, preferrably academic papers so my work ties on to ongoing research. Additionally, rather than starting from recent literature and working backwards, you can look for canonical papers in the field and work from there. A few academics whose work you might be interested in: Emery Berger at UMass Amherst, Stefan Savage at UCSD, and John Regehr at Utah have built careers out of studying these problems (obviously not suggesting that these are the only ones, they just came to mind first) - I might suggest by skimming the titles of their papers and seeing if anything leaps out at you. If so, then skimming the paper and then using Google Scholar to see who has since cited that paper more recently would be the next step. Dijkstracula fucked around with this message at 16:55 on Jan 16, 2024 |
|
#
?
Jan 16, 2024 16:51
|
|
|
Ihmemies posted:A literature review, with no empirical parts.
|
|
#
?
Jan 16, 2024 16:53
|
|
|
Dijkstracula posted:If this is the case, then I don't know what you would put in the "methodology" and "results" sections that you previously said you'd have. Methodology would tell that the work is a literature review (of which type?), the search therms and search engines used to collect the references. It does not need to be overly long. Maybe this does not need to be included either? I definitely am not very sure. One way to find sources could be to use a Pearl growing method, when I find a good enough initial source. Perhaps from the researchers and sources you suggested, I will look at them. Thanks! Results section does not seem to be mandatory, so that can most likely not be included. Thanks for your help  I can go on with the work based on this, and I will come back to ask stupid questions if I really can't figure out answers for myself.
|
|
#
?
Jan 16, 2024 17:06
|
|
|
You should probably clarify all those details with you advisor as soon as possible.
|
|
#
?
Jan 16, 2024 17:08
|
|
|
ultrafilter posted:You should probably clarify all those details with you advisor as soon as possible. Agreed. Again, I don’t know the expectations where you are, but if I was handed a paper to read where the pages were filled with “in this paper, here is how I plan to do a lot review” versus actually just doing it I’d probably toss it back to the student ungraded. What you’re describing sounds more akin to doing a sort of historiography, which, if that’s what they expect, fine, but definitely make sure that that’s the case.
|
|
#
?
Jan 16, 2024 17:14
|
|
|
ultrafilter posted:You should probably clarify all those details with you advisor as soon as possible. He does not really have much time for that at this stage. We are supposed to do the work over a few months, with a few weeks between group meetings. Each group contains 5-8 students and the advisor. We there present what we have done and ask for help for any pressing issues. So it's mostly our own problem to figure out what to do in meanwhile. We had our first gathering today, where the advisor said that my subject is OK, so I can proceed with the work. I can get some clarification after a few weeks, but that is quite a long time to wait, so I thought I'd just write something and I will then get feedback if it was a good idea or not later. Rewriting the work at least once seems to be the goal, so it is what it is.
|
|
#
?
Jan 16, 2024 17:17
|
|
|
I mean, if your advisor signed off on the vague possibly-too-high-level proposal then it doesn't really matter what we suggest as improvements ITT. (Regarding those methodology sections: You may also wish to consider connecting with your university's writing centre for high-level paper-writing guidance, too.)
|
|
#
?
Jan 16, 2024 17:26
|
|
|
What do y'all think about the C++20 changes around comparisons, specifically the expression reordering (so when compiler sees a == b it will also look for overloads fitting b == a at the same time), and the std::foo_ordering? Because when I was recently writing some application code, being able to just default the comparison operators was nice, and not having to think about both overloads for cases where I was comparing across different types was also nice. And I don't think I needed to care about the ordering specifics... But as library dev, I think both can go die in a fire and their authors as well. I burned good week figuring out why some tricky code was fine in C++17, but not in C++20. Turns out, me, being an absolute fool that I am, expected that given ExprLhs<T> == U, I could constrain the overloads of operator== under the assumption that ExprLhs<T> will be on the left. Except that's not how it works anymore, and for bonus points the switched overloads are not SFINAE automatically, so they can easily cause compilation error. And the requirement that an ordering can only compare itself to literal 0 is still causing me grief right now, but that would be a longer rant
|
|
#
?
Feb 3, 2024 20:40
|
|
|
I updated some overly clever template metaprogramming using comparison operators to use <=> and every place where it wasn't trivial to do the existing code turned out to be dumb and in some cases incorrect.
|
|
#
?
Feb 4, 2024 01:55
|
|
|
a == b should always be equivalent to b == a and it's an issue that it took this long to address.
|
|
#
?
Feb 4, 2024 02:39
|
|
|
Until we get actually good reflection, non-symmetrical comparisons is the only way things like Catch2 are happening.
|
|
#
?
Feb 4, 2024 08:48
|
|
|
Is there a good/recommended place to get a rundown on deprecated C stuff, ideally with tutorials for what people use now? I'm working through Sams Teach Yourself C in 21 Days (Sixth Edition), and it's obviously a bit old (2003), but it's the first book whose vibe I've really taken to so I want to stick with it. My issue so far is that there are a lot of examples using gets(), and gcc screams at me about it every time I compile an example problem.
|
|
#
?
Feb 7, 2024 20:59
|
|
|
Was looking into some ABI stuff and trying to understand something: When code compiled with VC++ makes a virtual call, it loads the vtable pointer from the object pointer, then loads a function pointer from the vtable, and calls the function. But the function pointer doesn't point to the start of the function, it points to a trampoline consisting of a single jump instruction that jumps to the start of the function. Why does it do that instead of just putting the function start address in the vtable?
|
|
#
?
Feb 7, 2024 21:08
|
|
|
Is that a fix up table so that dynamic linking works?
|
|
#
?
Feb 7, 2024 21:09
|
|
|
Brexit the Frog posted:Is there a good/recommended place to get a rundown on deprecated C stuff, ideally with tutorials for what people use now? I don't think there's any official list but the general rule is that any function which can write an arbitrary amount of data to memory is unsafe. There's usually a newer function with a similar name that does the same thing but takes an additional parameter that caps the length of the data to write. gets has been replaced with gets_s as documented here.
|
|
#
?
Feb 7, 2024 21:09
|
|
|
Subjunctive posted:Is that a fix up table so that dynamic linking works?
|
|
#
?
Feb 7, 2024 21:11
|
|
|
OneEightHundred posted:It does that even if the class and method aren't imported or exported. They still need to be relocated when loaded, though. (I know ELF can patch vtables directly, but it's pretty slow to do so). Edit: if it's an exe, see if disabling ASLR makes it go away? ... And of course remember to turn it back on!
|
|
#
?
Feb 7, 2024 21:23
|
|
|
OddObserver posted:They still need to be relocated when loaded, though. (I know ELF can patch vtables directly, but it's pretty slow to do so).
|
|
#
?
Feb 7, 2024 21:25
|
|
|
OneEightHundred posted:Not sure why that helps, since the trampolines need to be relocated too. They can be all packed together in a single blob rather than be all over the place? I am very much guessing though, I am utterly unfamiliar with PE object stuff. (It is useful to do this to increase page sharing... but that's only relevant for DLLs?) OddObserver fucked around with this message at 21:38 on Feb 7, 2024 |
|
#
?
Feb 7, 2024 21:30
|
|
|
Do all these example methods have the same body? Visual C++ may be merging them.
|
|
#
?
Feb 7, 2024 21:58
|
|
|
ultrafilter posted:I don't think there's any official list but the general rule is that any function which can write an arbitrary amount of data to memory is unsafe. There's usually a newer function with a similar name that does the same thing but takes an additional parameter that caps the length of the data to write. gets has been replaced with gets_s as documented here. Appreciate this, thanks!
|
|
#
?
Feb 7, 2024 22:12
|
|
|
Function merging is a good guess. A cross-DLL linker thunk would have an indirect branch, not a direct one. In huge images, the linker sometimes has to introduce thunks because the distance to the target exceeds ±2GB, but that’s not likely to apply, and it shouldn’t have to do that with function pointers anyway. ASLR is unlikely because direct branches are PC-relative, but I do know Windows ASLR is weird, so who knows. The MSVC virtual call ABI requires thunks to do virtual base adjustments sometimes, but I would think that the compiler would be smart enough to avoid them when the offset is statically zero.
|
|
#
?
Feb 7, 2024 22:29
|
|
|
Brexit the Frog posted:Is there a good/recommended place to get a rundown on deprecated C stuff, ideally with tutorials for what people use now? I wonder if skimming something like the CERT C coding standard would give you what you're looking for - they certainly are happy to beat up on gets(), for instance.
|
|
#
?
Feb 8, 2024 02:51
|
|
|
It turns out the jump trampolines happen when incremental linking is turned on.
|
|
#
?
Feb 8, 2024 05:19
|
|
|
Oh, that would do it, I guess
|
|
#
?
Feb 8, 2024 05:26
|
|
|
Not really relevant to the topic, but it has been discussed here tangentially to my stupid questions. About the quality of Finnish teaching at university level. Apparently in USA there's a public spec for the CS curriculum: https://www.acm.org/binaries/content/assets/education/cs2013_web_final.pdf developed by ACM/IEEE-CS/AAAI. It outlines what essential core subjects should be covered by the education. That contains so much MORE stuff than what we learn in Finland. Really impressive. Degrees in USA take 2-4 years, in Finland it's fixed 3 years. If we had to learn all the core subjects outlined in the doc, at the speed they teach us computer science here in Finland, it would take at least 6+ years to learn the same amount people in USA learn in three. So apparently in Finland they just don't teach many of the important subjects at all. Well, if the american universities really follow those ACM guidelines, then that explains everything, and I have no further questions. Only one advice.. don't come to Finnish universities to study computer science.
|
|
#
?
Feb 8, 2024 22:35
|
|
|
In the appendix of that document there are a few school's self-evaluations of how well they met the standard, and only Stanford's course requirements were a reasonably good match. I wouldn't expect most American universities to cover the majority of the CS2013 subjects.
|
|
#
?
Feb 9, 2024 03:34
|
|
|
That document is describing what ought to be covered in various courses on those subjects, not suggesting that all of them would be required for everyone to graduate. It’s not just that a lot of the classes are described as electives within their section; it’s also that most of the sections are not in the core requirements. You should look at the actual curricula for specific schools to get a better idea of what they’re like. For example, CMU’s is highly regarded, and I can speak to it (or at least what it was like twenty years ago). In terms of that document, CMU’s required curriculum includes almost everything in the Algorithms and Complexity section, most of Discrete Theory, and about a quarter each of PL and Architecture. Beyond that, you’re mostly just required to take a lot of higher-level CS courses, and it’s up to you to specialize however you want. Personally, I never took an AI/ML class as an undergrad; the closest I got was a minimax assignment (for something like Othello?) in the data structures & algorithms course. (Apparently CMU now requires that you take at least one AI-ish class to graduate.)
|
|
#
?
Feb 9, 2024 09:21
|
|
|
rjmccall posted:That document is describing what ought to be covered in various courses on those subjects, not suggesting that all of them would be required for everyone to graduate. It’s not just that a lot of the classes are described as electives within their section; it’s also that most of the sections are not in the core requirements. You should look at the actual curricula for specific schools to get a better idea of what they’re like. For example, CMU’s is highly regarded, and I can speak to it (or at least what it was like twenty years ago). In terms of that document, CMU’s required curriculum includes almost everything in the Algorithms and Complexity section, most of Discrete Theory, and about a quarter each of PL and Architecture. Beyond that, you’re mostly just required to take a lot of higher-level CS courses, and it’s up to you to specialize however you want. Personally, I never took an AI/ML class as an undergrad; the closest I got was a minimax assignment (for something like Othello?) in the data structures & algorithms course. (Apparently CMU now requires that you take at least one AI-ish class to graduate.)
|
|
#
?
Feb 9, 2024 12:05
|
|
|
Baby Proof posted:In the appendix of that document there are a few school's self-evaluations of how well they met the standard, and only Stanford's course requirements were a reasonably good match. I wouldn't expect most American universities to cover the majority of the CS2013 subjects. to be fair, stanford was the only R1 in that list; Grinnell and Williams are liberal arts colleges (and not on the "liberal arts schools with good CS programs" list that consists entirely of Harvey Mudd), and Bluegrass only offers two year Associates degrees. Even at your run-of-the-mill US state school I think one should expect a curriculum closer to Stanford's than Bluegrass; in my R1-but-not-Stanford-tier-R1 department I think the undergrad curriculum -- certainly the honours one -- would stand up fairly well to this evaluation.
|
|
#
?
Feb 9, 2024 15:59
|
|
|
|
| # ? May 17, 2024 21:03 |
|
|
I admittedly can't speak to Finland but my CS undergrad in Sweden was broadly equivalent to what I saw while working in the US. Most of my coworkers went to Stanford, at least for their graduate studies, and far as I can tell the content of their education wasn't significantly different from what I got at little Chalmers University. Their professors were bigger names in their field than almost all of mine, they had better networking and research opportunities, and I'm sure the course quality was overall higher (certainly the budgets were). I never got the impression that their curriculum had more stuff in it, or felt like I suffered from some sort of continental education gap. I've only attended (and taught, to whatever extent grad school TAing can be considered teaching) on this side of the pond though. There are probably people in the thread with more comparative experience.
|
|
#
?
Feb 9, 2024 18:14
|
|
