*(char*)0 = 0; - What Does the C++ Programmer Intend With This Code? - JF Bastien - C++ on Sea 2023
Рет қаралды 252,750
7 ай бұрынcpponsea.uk/
---
*(char*)0 = 0; - What Does the C++ Programmer Intend With This Code? - JF Bastien - C++ on Sea 2023
int main() {
*(char*)0 = 0;
}
This is a very simple program. Some might find it offensive, but let’s enjoy ourselves instead. Let’s talk about this program for the next 60 minutes. Maybe we can make it less offensive, let’s first ask: “what did the programmer intend with this code?” We’ll discuss what it might mean to a programmer, maybe we could help them express intent better. We should also consider what different versions of the code mean to various language standards. Once we’ve figured that out, how do compilers reconcile programmer’s feelings with standards’ opinions? That’s nice, but let’s dig in more deeply and look at what various kernels think about everyone’s opinions. Then, let’s see what various hardware do about all of this mess.
Of course we’ll talk about undefined behavior, but we’ll do so much more! We’ll travel up and down the stack, discussing in details everything that such a seemingly-simple program does.
---
Slides: github.com/philsquared/cppons...
Sponsored by think-cell: www.think-cell.com/en/
---
JF Bastien
JF is chief architect at Woven by Toyota. He chairs the evolution of the C++ programming language. JF has worked on a variety of compilers for a variety of programming languages, implementing language features, improving performance / security / safety, targeting novel architectures, and other fun things. See jfbastien.com
---
C++ on Sea is an annual C++ and coding conference, in Folkestone, in the UK.
- Annual C++ on Sea, C++ conference: cpponsea.uk/
- 2023 Program: cpponsea.uk/2023/schedule/
- Twitter: / cpponsea
---
KZbin Videos Filmed, Edited & Optimised by Digital Medium: events.digital-medium.co.uk
#cpp #cpponsea #cppprogramming
@andrekoscianski 7 ай бұрын
Lesson 2 will cover *(char*) 0 = 1-1; it is expected to last 2 hours, and it'll dive in microcode, so, bring coffee. Students willing to take lesson 3 get prepared to deal with 2 (two) lines of code, and bring a copy of L. Susskind's book, Introduction to Black Holes.
@monad_tcp 7 ай бұрын
yes, I want a talk about the entropy of a single bit change from 0 to 0 when the clock ticks
@romanemul1 7 ай бұрын
plus there is that laugh like 'hear me all around the world laughing'
@steffenbendel6031 7 ай бұрын
Can you implement a C++ compiler on the event horizon of a black hole?
@Bourg 7 ай бұрын
I kinda want to do it now 😂
@JamesRival 7 ай бұрын
@@Bourg OMG it’s HIM!
@Minty_Meeo 7 ай бұрын
This presentation reads like one of those essay-length Stack Overflow replies that answers everything that you asked, and then dives into questions you didn't know to ask, all while citing sources.
@garethma7734 7 ай бұрын
so, is that a good thing or not? cuz i (try to) write those often :D
@zojaXII 7 ай бұрын
@@garethma7734 it IS a good thing, if that's what you're already doing be proud to help curious people this much, not necesearly the original poster but also people coming later and reading your reply !
@ids1024 7 ай бұрын
That makes me think of my Latin professor who got behind on lessons about basic grammar going off topic about things like how a particular word developed from archaic Latin and proto indo european.
@whannabi 6 ай бұрын
@@garethma7734 Well it's better than saying "this question is a duplicate" when the said duplicate is 12 years old and doesn't work anymore... You have no idea how many people are looking for you guys.
@calyodelphi124 6 ай бұрын
@@garethma7734 I honestly LOVE IT when I stumble upon those kinds of replies whenever I have to resort to searching Stack Overflow for answers, because those kinds of replies always lead me places I didn't expect, help me to avoid traps for young players, and I usually learn a few new things along the way! 😄Keep writing your essays that answer the question then half a dozen follow-up questions. They're WAY more helpful than you think they are!
@MattGodbolt 7 ай бұрын
A great talk covering so much ground, by a great presenter, and with gorgeous slides. Something for all C++ developers here: I guarantee you'll learn something!
@Bourg 7 ай бұрын
And wonderful audience members in the first row! ☺️
@MattGodbolt 7 ай бұрын
@@Bourg only the very best
@abdul-hameedotade9790 7 ай бұрын
Yes Matt.
@0LoneTech 7 ай бұрын
Well... I learned C++ apparently makes return optional for int main, and this person loves calling hierarchical arrays hash tables, and made diagrams that point every which way inconsistently. Most of all, they took pride in being unclear, so people couldn't make an informed decision on whether to watch the talk, which is a meandering description of how a memory access may or may not work (including how it may be entirely removed by the compiler).
@rudigerihle310 7 ай бұрын
As an ageing programmer with hardware experience I have mixed feelings about this talk. The low level concepts he is trying to explain are valid and completely clear to me. But I guess it's targeted to an audience that is familiar with certain C++ constructs but has no idea how hardware actually works. For me it's quite the opposite. BTW, I used *(char*)0 = 0 to provoke an application crash in order to see what a certain device driver does when a calling application terminates unexpectedly.
@TerjeMathisen 7 ай бұрын
I started programming in 1977, so I'm old enough to take code like this at face value: For some reason, the programmer wants to store an int=0 at virtual address zero. Back in the days I would use code like this, typically with a short offset from zero, to store an interrupt handler address into the OS IRQ handler table which was stored at absolute address zero. EDIT: I saw later that he got into my exact usage, with the div_by_zero x86 vector! It is indeed pretty amazing how much that has to happen for each and every instruction that is executed in a modern CPU. 🙂
@russbillings_ky 7 ай бұрын
I looked at that and thought, "oh, that is the text of a unit test case for a c++ compiler". Mere minutes later in the talk, two compiler bugs have been revealed.
@ruprecht9997 7 ай бұрын
The "-0" bug is strange. One would think the compiler able to expression resolve, instead of hard-coding for typical illegal values. I mean, once you're in illegal territory, isn't it likely the programmer wanted something different than actual zero, and so there is a runaway expression there? :-)
@WyrdieBeardie 7 ай бұрын
This was a surprisingly wonderful video. I was the weird CS student that loved compilers, assembly language, operating systems, and architecture. This talk touches on all of them! 😃
@pre-ansi-c-forever 7 ай бұрын
Same for me, I absolutely love low-level stuff !
@circuitgamer7759 7 ай бұрын
Me too, I'm currently working on designing a whole multiple processor and cache system in Logic World, which I'm planning to write an OS for on itself, to write programs in the game for my processor to run in my system. This serves absolutely no purpose besides to have fun and learn a bit, which I think is the best purpose a project can have :)
@xdeathcon 7 ай бұрын
This kind of stuff is always the best part. I like how, despite the initial code presented being a pretty simple memory cast and dereference, there's so much to go into from that little bit.
@whannabi 6 ай бұрын
Next step is electrical engineering to complete your knowledge
6 ай бұрын
@@whannabi That's what I loved on my CS studies, as I minored in electronics. I got the complete view from passive analog components to software running atop an OS on a (back then) modern computer. Every step was covered!
@Lampe2020 7 ай бұрын
The video starts with "My name is Jeff" and I now can't get that meme out of my head, dang it XD
@AhmedEssam-fb1bj 6 ай бұрын
Was looking for this comment. His "My name is Jeff" made my laugh :"D
@snoxwashere 7 ай бұрын
Easily the best looking slides I've ever seen for a presentation
@iamjadedhobo 7 ай бұрын
As someone who started out on 6502 this code makes me proud that page zero is not forgotten ;) Because, who is the compiler to tell me I can't use the first byte in the most important memory segment!
@williamdrum9899 7 ай бұрын
Was just thinking this!
@roboterbasteln 7 ай бұрын
On Windows, AFAIK, we lose a complete page due to this, i.e. 4096 bytes (because you can only specify access in a PTE, which covers 1 page). You wouldn't do that on a 6502.
@Dyllon2012 7 ай бұрын
@@roboterbasteln it’s not a big deal though on Windows since you have virtual memory and thus only have whatever overhead there is to setup the trap. Also, how in the world were people writing code where null is a valid address? I’ve programmed on a machine with 4k memory and it still seems like madness to not reserve that first byte as the marker for “invalid address”.
@Kenjuudo 6 ай бұрын
@@Dyllon2012Back in the day, the concept of "invalid address" wasn't yet invented.
@dale116dot7 6 ай бұрын
I do a lot of work on microcontrollers and on the MC9S08 that I use a lot, this line of code sets all PORTA bits to zero. Depending on what the application is, this might be a reasonable thing to do - to turn all of the LEDs off on a front panel or something. I do find it slightly disturbing, I’d rather see it written as PORTA.R=0x00.
@Tim_Small 7 ай бұрын
At a local user group (60 miles down the coast from where the talk was given) we spent a few weeks playing with microcontrollers (bare metal, no OS), it was cool seeing the reaction to working in such an alien, yet familiar environment. On many ARM cortex M implementations, address 0 is the start of the vector table. Offset 0 in the vector table holds the initial stack pointer value. In many ways, programming something like the RP-2040 (Raspberry Pi Pico) is like a trip back to the early 80s.
@danahgaz 7 ай бұрын
This is exactly why I ended up back in development again after burning out doing traditional development targeting desktops and servers. I got scouted off of a website where I made some embedded stuff as a hobby, which I was only doing because coding on those little platforms reminds me of coding in my childhood on 65c02 and 65C816 cpus in the 1980s. I wouldn't be coding professionally anymore if not for this. It's a whole different world, and a ton of fun. :)
@stnhndg 6 ай бұрын
on AVR registers are mapped into memory, so 0 address is actually an 'r0' register )
@user-gh4lv2ub2j 5 ай бұрын
Radical!
@TehDemonic 6 ай бұрын
As a recent computer science graduate, who procrastinated, and never took studies too seriously. I find this inspiring. I want to be able to talk and reason and go off on a long knowledgeable tangent about technology like this man. I'm going to start studying on my own time again, and start to learn systems and all these cool nerdy lower level things 😊
@natsudragneelthefiredragon 6 ай бұрын
Program things, you'll learn quicker I say this as a person who does C# stuff and is probably not as well educated as you lol
@gregorymorse8423 7 ай бұрын
Finally, someone who went into the proper level of detail. This was great. It takes a good deal of low and high level experience to do this well. Most videos provide an interesting title and thumbnail and give no gems or anything of deep substance, merely regurgitating basic encyclopedia knowledge. This is refreshing.
@xpusostomos 6 ай бұрын
Proper level? You mean there was more? 😂
@Firestar-rm8df 6 ай бұрын
@@xpusostomos Yes, I would love to see a part two that gets into the details of how the TLB happens, and how hypervisors work, and all the details of the machinery of stuff like gdb, cachegrind, and qemu. I think virtualization is *very* interesting. I'd also love to see it approached from an embedded perspective where you often have SBCs with some more exotic cache and memory architectures.
@QuinMartinProductions 6 ай бұрын
@@xpusostomosThere is always more. Always.
@karmatraining 7 ай бұрын
I feel like I needed to pass 4 years of CompSCI and also understand the entirety of FPGA engineering theory to understand this single line of code. But seriously, I've written this exact line before, and I did it to simulate a hard segmentation fault when I was testing a crash reporting C++ library :)
@xpusostomos 6 ай бұрын
The exact line? Including the char cast?
@sabriath 6 ай бұрын
@@xpusostomos well you don't have to do it as a char cast, though you have to match it with the data you are assigning, so if you try to cast an integer as a float, you will get kickback unless you put a decimal point....stuff like that. The point of the line is simply to create a fault or to verify the level of permission of the underlying code base....so if you were not to get a fault, then you most likely be at highest permission levels (a virus may do more damage at that level). Some applications may request permissions from the OS and then trap test to make sure they were followed, like warden systems and such, but usually that's on a read-only basis and not dealing with writes. Older emulations would fault out and ignore OS delegation, which would be a flag for warden systems to know if it was being sandboxed, but that's not necessarily the case anymore. It also allowed OS itself to know if it is in a sandbox or has full CPU control, so if you were writing an OS, you would do these traps to test privileges before "taking over" delegation ops....if it is sandboxed, then a good OS would block some operations (like file access to pass-encrypted stuff) in order to protect sensitive material. emulations and "hackers" are getting better, but for an analogy, just because criminals can bust through your door doesn't mean you should keep your door unlocked. still safer practice than your code just assuming its place.
@adaslesniak 5 ай бұрын
Yes you can. In alternative universe you can intuitively know it's just a crap of code and do useful stuff. This whole talk reminds me of old article from joelonsoftware about stratosphere architects who design awesome super stuff that nobody needs, while others do useful stuff.
@TheBrutalDoomer 5 ай бұрын
Knowing when to say "I don't know" is what this presentation really made me excel at.
@Coillcara 5 ай бұрын
That is approximately after 1 hour of explanations of topics around the question?
@matthewkillgallon5597 4 ай бұрын
I haven't done C++ since around 1990 and this talk brought back flashbacks... I loved it!
@paulfloyd9258 7 ай бұрын
Cachegrind now longer models the cache by default (since April this year and will be part of the 3.22 release due out in a couple of weeks, around October 20 2023). So now cachegrind is really "instruction-counter-grind". You will need to specify --cache-sim=yes to turn it on. If there are any keen experts in CPU cache architecture that would like to contribute to Cachegrind's cache model please get in touch.
@Richardincancale 7 ай бұрын
Been coding since 1975, cards, paper tape, ASR33 teletypes, CDC7600 parallel processing…. This was fun!
@ruevs 7 ай бұрын
23:05 is what I want. I want it to compile to `mov 0, [0]` or whatever functionally equivalent assember instruction for the particular architecture. No less no more :-P And if the code was running on a microcontroller without a MMU, or x86 in real mode, or 6502 or z80 or... I actually expect it to write 0x00 at memory location 0.
@tylisirn 4 ай бұрын
Funny thing is that the Zelda 2 "I am Error" became an error, because his counterpart got lost in translation. There is another character whose name is supposed to be "Bug", but because of Japanese pronunciation rules, his name is Bagu, which got translated into English directly as Bagu instead of Bug. Thus the Error - Bug reference got broken.
@UnidayStudio 7 ай бұрын
One of the best talks I've seen in a while! In my last job, I was porting a game to Xbox One and I got used to this exact code as a quick and dirty way to breakpoint what I was doing. Great memories! 😅
@JebacPresretac101 7 ай бұрын
@@pre-ansi-c-forever I believe the debugger is called when something errors out hardware side (whether it is via interrupts or via whatever mechanism), allowing the debugger to inspect memory at that point. So a debugger will catch a program before a "crash" (termination). If you then change things, it might allow you to continue, at least higher level debuggers do (In Godot's GDScript, i don't know about lower level ones).
@Shogoeu 6 ай бұрын
Interviewer response: It was nice hearing your ideas about this piece of code - our conversation was very interesting. Unfortunately, we have decided to move forward with another candidate that better suits our needs.
@bmenrigh 7 ай бұрын
I remember a few years back the Linux kernel added X86_RESERVE_LOW to allow you to reserve memory starting at 0x0 to prevent a possible privileged escalation where in certain circumstances malicious instructions could be written starting at 0x0 which would then get run when some other program tried to null pointer de-reference. At the time I went "Wait REALLY?? Writing to 0x0 won't always simply segfault?". But apparently there were some circumstances where it was possible. I guess since then the first 1M of memory is reserved so X86_RESERVE_LOW isn't needed anymore.
@gigachad8810 7 ай бұрын
Me when UB is undefined 🤯
@alexlowe2054 7 ай бұрын
I was thinking this the first time I started to dig into the code. Either it's process memory mapped, or it'll hit some sort of OS memory protection, because 0x0 is a pretty important piece of memory to block access to. It took pretty long into the presentation before he explained that the significance of the memory depends on the specific device. You could work with a device where the 0x0 address contains valid data, which is pretty trippy. Although I'd argue that there's a more clear way to write that code than to do what amounts to a null dereference in 99.9% of cases.
@gregorymorse8423 7 ай бұрын
A pointer dereference doesn't run code. I'm not sure if you know how code works, but you have to invoke the function pointer for it to execute. If it is the divide by zero interrupt handler in x86 real mode than still won't run code. Then you would actually divide by zero to run the code.
@arthurmoore9488 7 ай бұрын
I've worked on major software projects where previous authors didn't initialize variables in the constructors. They assumed that the memory the classes would be newed up in was always going to be 0! Then again, this was code using the C++03 standard written around 2015, and was still on C++03 post 2020!
@Gameboygenius 7 ай бұрын
Those are different. X86_RESERVE_LOW reserves physical memory and prevents it from being allocated. This was done because the BIOS can't be trusted not to corrupt it, which would corrupt random memory that was allocated to some process. The BIOS would normally be out of the picture when the OS is booted and has entered protected mode, but it's sometimes invoked before/after hibernation. If X86_RESERVE_LOW is no longer needed, it would perhaps be due to UEFI boot which is not as ad hoc as a BIOS. The first 1M being reserved is in virtual memory, meaning that the lowest 1M of the virtual memory is mapped to pages that are non-writable and writes there will be trapped. It's unrelated to X86_RESERVE_LOW.
@arnaudparan1419 6 ай бұрын
that talk is me the day I found out about virtual memory lmfao. It's so complete and great, I spent some time reading cpu manuals and that blew my mind at the time
@gavinmcinnes9750 7 ай бұрын
Casey Muratori used this in Handmade Hero for creating assert macro. ```cpp #if HANDMADE_SLOW #define Assert(Expression) if(!(Expression)) { *(int *)0 = 0; } #else #define Assert(Expression) #endif ```
@0ia 7 ай бұрын
Woohoo!
@ChrisBreemer 7 ай бұрын
On any platform I have used, I found this code to be a sure way of crashing the program with a segmentation fault or something similar. Very useful to test your program's fatal exception handler.
@ZTGallagher 7 ай бұрын
This is the most fascinating talk I've ever watched all of and understood none of. I'll take my yaml and python scripts now and head back to my own sandbox to eat the sand.
@Bobbias 7 ай бұрын
Well this talk is a lot of fun. I wasn't expecting this to get into the page table layout. Having recently played around with writing my own kernel in Rust, a bunch of this was pretty fresh in my mind.
@moestietabarnak 7 ай бұрын
and you know what is missing.. at the start, a comment by the programmer to specify what the intend. It's called 'maintainability'
@KurtisRader 7 ай бұрын
I love this discussion since I am a grey beard. I started programming in 1977 and have programmed systems with a 36 bit word length (Honeywell), 60 bits (CDC Cyber 760 which used ones complement), and 24 bits (Harris H series). Far too many programmers today assume the Intel x386 or AMD x86_64 CPU model assume that is the only behavior that exists.
@thomasmaughan4798 7 ай бұрын
Perhaps I'm a white beard ;-) Also Honeywell (DPS8; EIS box allowed double-words 72 bits), Control Data 1604 (I don't remember the word length). Univac 1830 (30 bits if I remember right). The registers in this presentation suggest the Motorola chipset (68000) rather than Intel.
@TerjeMathisen 7 ай бұрын
Well, hello there! I also started in 1977, on a Unisys1100 (36 bits afair). The strangest cpu on which I've written asm code was the HP 85/87 lab computers which had 8/16/64-bit registers all stored inside a 128-byte block of static ram: You could start a register access at a misaligned offset and get 3-byte/4-byte/5-byte/etc "registers". Currently working (unpaid) on the Mill architecture which doesn't have registers at all, just a belt which will automatically garbage collect all values after a number of instructions have been executed.
@alexaneals8194 5 ай бұрын
I enjoyed your presentation. It made me wish I had gone down the path of being system engineer instead of working with databases. It was simple enough for a non-system engineer to understand and yet deep enough to make it interesting.
@mikefochtman7164 7 ай бұрын
Great walk through the depths of things. I first started out with a SEL machine which implemented virtual memory with some internal CPU registers not normally available to the programmer (called, appropriately 'memory-map registers'). I remember reading in the tech manual for the cpu a phrase that went something like: "Since these registers are critical to the operation of the machine, none but the most trusted code should ever attempt to modify them." lol One project using such machines, had this nasty quirk that if you cleared memory and started it up and started this critical program first, your day was great. But if you shutdown that task and restarted it without rebooting, chaos. Turned out that task had some tricky code that expected certain virtual addresses were exactly equal to physical address. If it was the first task started, the memory manager made it so. But of course after you kill it and other tasks had been running and you restart that task, virt != phys and crash. THAT took a while to find... lol
@uplink-on-yt 6 ай бұрын
I need more cache memory for my brain. I get to have fun with page tables, and then he asks: "what were we talking about?" and I'm like: that is definitely a good question, as I completely forgot that this all started with setting a value of 0 at address 0.
@muluman88 7 ай бұрын
*(char *)0 = 0: what is this? A deep deep rabbit hole, that's what it is.
@mikefochtman7164 7 ай бұрын
And the fun thing you didn't mention was how the CPU does a 'context switch'. A lot of those cache pointers have to change every time the CPU switches from one program to another, so the two programs are blissfully unaware of the virtual memory mapping of each other. As you touch on a couple times, you CAN make two programs share a common block of physical memory, but you have to work at it. And that is a key place to tell the compiler some data is 'volitile'.
@xpusostomos 6 ай бұрын
Shhh, that part is magic
@hsukesan 7 ай бұрын
This is a brilliant talk -- Technically as well as inspiring to many aspiring presenters. Builds up from core concepts! 🎉 I could imagine the fun it would have been on a live stage. I really loved the slides, the programmer fonts and how cool the title of this talk! Intriguing! 🎉 JF onto my favourite speakers list. Thanks!
@cpponsea 7 ай бұрын
Thank you! It is much appreciated that you have made so many positive comments regarding JF Bastien's presentation.
@duckydude20 7 ай бұрын
i enjoyed every bit of this. it went from i don't anything. compiler stuff. to things i know a bit. unknown unknowns to known unknowns. thanks for this great talk. ❤️
@gfasterOS 6 ай бұрын
What a phenomenal presentation. I wasn't expecting it but I'm 100% on board with the roller coaster this was.
@Alex-ri1zn 7 ай бұрын
This talk was amazing! Now I am really curious what other questions/riddles JF has up his sleeve.
@sanjaux 7 ай бұрын
Every time I want to learn C++ I get recommended terrifying talks like this LOL. I appreciate what these programming languages do but I'm not sure if I'll ever be able to absorb the knowledge about it to this extent. I can only hope that extent differs for what you want to accomplish but also, having knowledge about something could never hurt.
@OmegaSparky 7 ай бұрын
This is a great talk! I've asked firmware engineers interviewing for silicon bring up positions how they would be able to use memory on a system before they have initialized the dram controller (assume no sram). Answer: use the cache - just make sure it's set as write back and choose your temporary memory map so that you don't trigger cache evictions from your outward most cache that is configured. This is a trick I learned from a coworker when he used that in the bootloader on a PowerPC system we were designing.
@capability-snob 7 ай бұрын
Loved this. The OS I work on uses this as a convenient way to jump to the process' fault handler, so I appreciate the reminder to use volatile!
@flatfingertuning727 6 ай бұрын
What would be even better would be if compiler writers would recognize that they shouldn't expect to understand the purpose behind lvalues like `*(pointer_type)intexpr`, and should refrain from making optimizations that presume they do understand such code, with or without the qualifier. The qualifier was added to deal with situations where a compiler might make what what would otherwise be reasonable and useful inferences, but such inferences in the vicinity of integer-to-pointer casts are almost never useful anyway. On the other hand, with clang and gcc, making pointer-to-integer casts and then performing calculations and comparisons involving the integers may result in inferences about the pointers that are simultaneously clever and wrong, *even if the integers are never converted back to pointers*.
@von_nobody 7 ай бұрын
My favorite possible effect of `*(char)0 = 0;` is formatting your hard drive :>
@Starwort 7 ай бұрын
Actually as written that's a compile error, you can't deference a char ;)
@Starwort 7 ай бұрын
Besides, the best possible effect of UB is causing demons to come flying out of your nose, everyone knows that
@redlopa1 7 ай бұрын
You couldn’t accurately copy 14 characters. No hire.
@flatfingertuning727 6 ай бұрын
On the Apple-II family machines with Disk II controller or equivalent (a popular machine throughout the 1980s, with a sales volume of around six million), reading 0xC0EF shortly after a disk access would start overwriting the current disk track with whatever data happened to be fetched on every 32nd cycle until the next access to 0xC0EE. That's an actual platform--an hardly an obscure one--where a single stay read could trash the contents of a disk volume.
@williamdrum9899 4 ай бұрын
@@StarwortAssembler: "The hell I can't!"
@jonathanmarvens 4 ай бұрын
What an amazing talk! I started watching this puzzled and asking myself, what could possibly be so interesting about some obvious null pointer dereferencing? I'm thoroughly impressed!
@EgonFreeman 6 ай бұрын
And now this, another "brick" in my wall of knowledge and understanding. I may never use any of this - gods know I'm not low-level enough for it, I'm usually looking at C# or PHP of all things - but understanding things even on this level helps in sometimes very unexpected ways. I will never forget when I learned how a computer essentially works - the registers and the ALU, moving things around in RAM, why things take the time they take and so on. Even though I'll never need to use it in practice, it became the bedrock of my fundamental understanding of what a computer _is._ And maybe most importantly - what it _is not._
@psthomso 6 ай бұрын
Sometimes you run into a talk that you just needed to hear... when you are missing the forest for the trees. Thanks!
@awawus 7 ай бұрын
2:29 start of the class 48:26 after you fall asleep for a second
@DeadJDona 7 ай бұрын
❤
@ShadowRadiance 7 ай бұрын
This was an amazing journey. Well worth the watch.
@LesNewell 7 ай бұрын
Being an embedded software developer my mind first went to reset vectors, which are often at address 0 (usually in ROM/FLASH). My next thought was what can happen in Harvard architectures (e.g PIC or AVR). Depending on how the linker script is set up it may be possible for the first static variable to end up at address 0 in data memory. Having a variable with an address of 0 can create some very obscure bugs.
@dale116dot7 6 ай бұрын
On a bunch of 8 bit Motorola microcontrollers, address 0 is I/O port A. So it is equivalent to PORTA.R=0x00; and this is a valid thing to do if you want to turn off a bunch of lamps or other outputs connected to port A.
@dolcinotornielli8496 6 ай бұрын
Even on modern widely spread architectures like ARM. On Zynq/ZynqUltrascale (Xilinx FPGA's with embedded ARM CPU) physical address 0 is either on-chip memory or DDR. So, perfectly valid memory which you can access. Though the linker script will not allocate variables there by default. Yeah, this can lead to very obscure errors in baremetal code if your (or some third-party) code checks for null as a sign of an uninitialized pointer (which it usually is).
@photonicpizza1466 6 ай бұрын
My mind immediately went to microcontrollers too. Whenever there’s some obscure pointer bit-hacking, it’s bound to have a legit use in MCUs.
@u9vata 7 ай бұрын
Fun fact: main does not need to be a function - can be lets say an array of uint8_t with the machine code haha. Literally used this once. Fun talk.
@animowany111 7 ай бұрын
That may or may not work, but I'm pretty sure it's undefined, or at least implementation-defined behavior. The compiler will often put that kind of data into a .data or .rodata section, which is not set to be executable on modern systems.
@michabbs 6 ай бұрын
Its fascinating watching this guy being so fascinated with all these things! 😊
@Jim-vr2lx 7 ай бұрын
I sort of knew what this code did because of two experiences. The first was when I needed a "nop" in C. I was told the closest was (void*)0;. The second was watching the KZbin video "Fast Inverse Square Root - A Quake III Algorithm" There's two lines of code in the video: i = *(long*)&y; and y = *(float*)&i;. The video explains it as a bit hack of floating point numbers. It's a a great video that explains exactly whats happening to the code and why the programmer did it.
@williamdrum9899 4 ай бұрын
Was this before "volatile asm("nop")"
@philipoakley5498 7 ай бұрын
Lovely. I remember, c1976-9, a micro OS on 8080 that fitted at the bottom bytes of 1 UV EPROM (~1kB maybe) where the 0-7 interrupt levels mapped to 0000h, 0008h, 0010h, etc, and one of the Interrupt service routines (ISRs) was 9 bytes long, so overran into the next routine, but was ended with a 'jmp' instruction, with high byte, still being 'local', set to 00h, so it was NOOP instruction for the first byte of the following ISR (little endian). Oh, it was driven by a Teletype with a paper tape loader. We then updated to FORTH. The good old days.
@def1nt 4 ай бұрын
I'm not that much into low-level stuff, but the talk was very insightful and even entertaining.
@retr0foxx_osu 6 ай бұрын
damn so many things i learned from this. i didn't expect that he would talk about all of those interesting things even though it all started from a simple line of code that would usually crash.
@matthewexline6589 7 ай бұрын
As a novice programmer with almost no c++ experience I still almost died laughing beginning at the 7-minute-mark.
@Yupppi 6 ай бұрын
Admittedly I even barely write code, but this is pretty interesting. In terms of I knew most of these things about the main function but I wouldn't have thought to pick them from the depths of the brain even when asked, they're so "obvious" and taken as granted, you wouldn't even think to do them when since the beginning you've learned not to even consider them. I got to the point of thinking it's assigning a null pointer, but what I think would've been a great answer (my humble personal opinion of no skill and experience worth talking about in programming): why is there no comments made when you're writing code like this. The least you could and probably should do is writing the comment explaining what you're doing and attempting to do with your choice of code. Watching this really makes me think of the creator of C++ saying how it's more difficult to shoot in your own leg in C++, but when you do it blows your whole leg off. This quickly spiraled into incomprehensible mess. The feeling when you understand the japanese better than the code. All in all great speaker, good humour. Barely kept up with the content but enjoyed all of it. And probably learned a thing or two.
@user-zn4pw5nk2v 7 ай бұрын
7:26 inspiration, it shows that you can use integer and pass it to address in raw form without 30 lines of code, like: atoi(toa(toi(string.tostring(5)))); and null is now an integer of type char and not null, which you can have some fun with. Like what if you set null to 5. "Are there any people in the room? No, there are none, because there where four and one came in"
@mrj1997 7 ай бұрын
A good video for finding your knowledge boundaries!
@LaserFur 7 ай бұрын
I've had to use -fno-delete-null-pointer-checks. After setting up the TCM(tightly coupled memory) the TCM ram starts at address zero.
@AntonioCardoso-dy7vm 6 ай бұрын
This feels like one of those afternoon beer talks, sitting on the porch chairs, going through subjects almost as fast as the inflation rate increase, and twice as fast through beers, until the sun has set hours ago and the wives call threatening to pack your stuff and leave it at the door...
@queens.dee.223 6 ай бұрын
The auto transcription transcribes kibibyte and kibibit as kitty byte and kitty bit and it's adorable!
@InOtherNews1 7 ай бұрын
What did JF use to make the presentation? I need to know - I'm in love with the ascii aesthetic!
@Bourg 7 ай бұрын
Keynote, with Berkeley Mono font.
@SeekingTheLoveThatGodMeans7648 6 ай бұрын
There's the question of "can" you execute this, and then the question of "what might it mean." It depends both on architecture and memory model layout. The result could be anything from yes with an effect of nothing, to an immediate runtime error, to setting up something obscure in the way the system will operate or malfunction (as by code invoked by destructors). I remember back in Usenet days on comp.lang.c where it was discussed that one could do a read dereference of the byte at address zero on VAXes running BSD which would come back with NUL. Therefore a NULL pointer was a usable shortcut for a zero length readonly "C" string. However I do not remember if the VAX memory model would permit a write, as here. (I recall on BSD this would throw a SIGSEGV.) Writers of C code (let alone C++) were admonished never to assume what the byte at address zero will be, if it can even be read at all, because "the world is not a VAX." This only goes to show how ancient I am....
@wiseskeshom4673 7 ай бұрын
This is really cool, I love every single second in this talk. Thank you so much for sharing.
@cpponsea 7 ай бұрын
Your comment is very much appreciated!
@johnmullins7468 7 ай бұрын
Clearly Matt Godbolt and I are from the same era, home brewed breakpoints were the first thing I thought when I saw the title.
@Kobold666 6 ай бұрын
On the Commodore 64, address 0 holds the data direction register for the 6510's I/O port. On the Amiga a typical declaration would be ExecBase = *(struct Library **)4;. They put the pointer to the kernel library at address 4, so accessing NULL can always be treated as an error. Another valid use case for dereferencing a NULL pointer is the offsetof() macro in C: #define offsetof(struct_name, member_name) (size_t)&((struct_name *)NULL)->member_name
@erikkonstas 6 ай бұрын
Hm, technically you're not dereferencing anything there, the & operator causes the lvalue to not become an rvalue (it serves the purpose of the x86-64 LEA instruction but in C).
@robertfrysch7985 7 ай бұрын
Awesome talk, very entertaining and inspiring! When JF ask, how do we usually express this line in C++, I had expected simply `*static_cast(nullptr) = 0;`, or do I overlook something?
@tzimmermann 7 ай бұрын
Same. Maybe he really wanted to talk about std::bit_cast! The static_cast code will compile with the same "indirection of non-volatile null pointer will be deleted, not trap" warning (at least with GCC and clang). And any level of optimization will indeed generate no assembly at all for this expression.
@Asdayasman 6 ай бұрын
It depends what you want to do. Imagine you're running on a microcontroller that enumerates some digital out ins in the first eight bits of memory space, and you want to pull all those pins high. How do you write that in C++? It's certainly not how you wrote it.
@jiioannidis7215 6 ай бұрын
On the VAX, dereferencing address zero returned zero. I *think* I first encountered a SEGV (or maybe a bus error) on an early 68010-based (yes, 68010) Sun workstation when dereferencing 0. I've worked with older architectures where the register file would overlap with the low addresses; for example, on the Univac 1100 series, register A0 was the same as address 0 of the address space, X0 was address 16 (or something like that; it's been way too long). The 1100 (and not only) were fun, in that they were one's complement machines, so that -0 in your example would have been all-ones. And then there is all the fun of embedded systems without an MMU!
@williamdrum9899 4 ай бұрын
I thought that on the 68k address 0 is your starting stack pointer value or the starting PC value (I forget which)
@ProBloggerWorld 7 ай бұрын
This is pure magic. I only thought that assembler allows for magic - or PERL. But this is way cooler!
@user-xn8hc8nc1z 6 ай бұрын
I'm not a professional C++ dev but this talk was excellent and sparked my curiosity througout; superb presentation!
@cpponsea 5 ай бұрын
Very glad to hear that you enjoyed JF Bastien's presentation on all levels! Thank you.
@volchonokilliR 7 ай бұрын
I would say this is one of my favorite talks now
@Oscar-vs5yw 7 ай бұрын
Thanks for answering everything I didn't know I needed to know about *(char*)0=0
@doublex85 7 ай бұрын
25:19 Also, Error's brother in another town is named Bagu. As in "Bug," to go with the theme.
@fredoverflow 7 ай бұрын
43:50 ASCII doesn't have all those fancy shadows and arrows, looks more like Code Page 437.
@tetsuoshiva 7 ай бұрын
A demo on how to debug this kind of thing with gdb and/or qemu would be great.
@JUMPINGxxJEFF 7 ай бұрын
many subtle concepts are introduced with humour, great speak
@warnerlosh 7 ай бұрын
I've asked a variation of this question since 1990 in interviews. In an old unix port from the 80s had ((int(*)())0)(); This would reboot the system. There was a bunch code above it that reset hardware. It then jumped to the reset vector on this architecture. This is UB these days... it was a great conversion piece.
@williamdrum9899 4 ай бұрын
That is the most hideous mess of parentheses I've ever seen
@cesvlc5211 6 ай бұрын
It’s really interesting how the feelings of C++ programmers are different from the ones of C programmers. I belong to the later group, and I felt the talk was for another audience just when my feeling on the first code was not one of the given options (I consider it bad code, something I wouldn’t write, but cool and nice at the same time, while I cannot stand the horrible syntax of the supposedly “nicer” C++ified versions). So, when “I love it” was not present in the “denial, angry, etc.”, options, I realized it’s true that the C++ feelings are so distant from mine.
@Asdayasman 6 ай бұрын
How would you rewrite it in C to be painfully obvious what the intent is?
@JohnDlugosz 7 ай бұрын
Re: "as if my memcpy" from nullptr: In real, contemporary, architectures we expect a null pointer to be all zero bits. But that's not required by the standard, and the actual representation can vary by type. The casting of one pointer type to another should preserve nulls, transforming the representation if required. But that is bypassed with memcpy! And nullptr_t is a distinct type having one value, and what that value looks like as bits doesn't have to have anything to do with the representation of an actual pointer. edit: OK, you mentioned this later.
@williamdrum9899 7 ай бұрын
Laughs in 6502 Assembly
@ruadeil_zabelin 3 ай бұрын
We had an opensource project where people kept asking the same question and wouldn't read the simple "getting started" guide and look through the config file. We put 2 entries in the config file crash1=true and crash2=true at the bottom. If those were set we would essentially run code kind of like this. Just crash. The next time someone came in to our IRC (ye.. this was a long time ago..) with "its crashing on startup!" we could just tell them to RTFM.
@DavidRomigJr 6 ай бұрын
I've worked on two systems where "0" was a valid address. On the Sunplus SPG series where 0 is the first valid address and you have a lot of control of the memory layout. And of course the Commodore 64 where the MOS 6510 cpu had two memory addressable built-in registers at addresses 0 and 1 used a general data port that were connected to memory banking and datasette control. There "*(char*)0=0;" would do something potentially useful.
@williamdrum9899 4 ай бұрын
Found the c64 one out the hard way when I used $00 and $01 to store joystick reads... shouldn't have done that!
@mschelstastic 6 ай бұрын
I found this really interesting... Very well explained :)
@user-dt5dw6oq3f 7 ай бұрын
Спасибо, классная лекция. Структурирует понимание работы памяти в современных системах и показывает движение мысли при интервью. Как вы так оформили слайды, с этими псевдографическими стрелочками?
@Bourg 7 ай бұрын
The font is Berkeley Mono, it has nice ligatures and text interface look.
@Gunbudder 4 ай бұрын
my immediate answer is that its a DMA hack for an embedded system or its a unit test to cover a very specific requirement from an very particular client. i can see the requirement now... "system shall set caution light when null pointer is deferenced" lol. this is a fantastic interview question because its not a stupid riddle designed to make you feel stupid, but instead it just reveals where your expertise is because its where you will start looking.
@dascandy 7 ай бұрын
@15:30 does making it `+0` do the same thing? @27:30 I wrote a bootloader that transfers its state information (e820 memory map etc.) to the booting kernel with a struct at memory address 0.
@lohitaksha244 7 ай бұрын
no, +0 still throws the warning.. i checked, if i had to guess +0 is just 0 which is caught in the AST check mentioned
@ErikaButler-qr3dt 6 ай бұрын
If *(volatile char*)0 = 0; were being written for the old NES/Famicom, it'd work just fine. It'd write the byte 0 to the RAM address 0. (Ordinary RAM occupies the first 2 KB of memory in the NES.) I guess the statement tells the compiler, there is an object of type char at address 0 and I need you to write the value 0 there, and don't try to optimize it away.
@williamdrum9899 4 ай бұрын
Yeah that's right
@-_James_- 4 ай бұрын
And it was fairly common for Playstation games to leave a chunk of memory at 0 for any null pointer writes to safely go somewhere. (Which meant you never needed to check for nullptr before writing which freed up valuable processor cycles for more important work.)
@gsittly 7 ай бұрын
To really now what's happening here is, compile it on several processors with different word sizes and if it compiles, analyze the machine code or disassembly.
@user-qu8eu2kn2v 5 ай бұрын
Kinda funny that my first thoughts corresponded to your final descriptions re: virtual address spaces, memory protection, page tables, etc. finally ending with "it depends". And I retired today (last day of professoring). I think the two are connected - i.e. a certain perspective that comes with time. And then you die. The human condition.
@codewizard58 7 ай бұрын
-0 is not 0 on a 1-s complement arch. Not sure if there is a c++ compiler that runs on CDC6500 : (
@jamesedwards6173 7 ай бұрын
32:32 I'm pleased hear "kibibytes" used (vs "kilobytes"). I think this may be the first time I've actually heard anybody use the term---which is objectively the correct one to use here.
@williamdrum9899 4 ай бұрын
I'm still upset they created the new terminology. In my mind a kilobyte is 2^10 bytes
@boomiboom3900 7 ай бұрын
Crazy direction to take this to. My thoughts: If there actually was a value to be read at address 0 without raising exceptions that is not used anywhere else, we could actually use this line to make the empty string "" 'equal' to nullptr (in a C-string sense), because 0 would be the address of 0 which would be the empty 0-terminated string: *(char*)0 = 0; cout
@flatfingertuning727 6 ай бұрын
Having address zero hold a zero byte can eliminate a lot of null checks in code that is designed to exploit that.
@StarkTrist 7 ай бұрын
Cool talk! Very enjoyable/interesting presentation.
@cpponsea 7 ай бұрын
Glad you enjoyed it!
@SeanHoulihane 6 ай бұрын
I think I asked how to do the write form of this write in C on Stack Overflow. Integration tests used to work fine for years, then we migrated to CLANG for newer CPUs and loads of things which were broken appeared.
@edgeeffect 7 ай бұрын
24:12 ... I was trying to think of a use case where this would be valid.... i like to work on harvard architecture microcontroller systems with no memory management... and there, this becomes almost "just assigning a variable".
@edgeeffect 7 ай бұрын
Oh yeah.... memory mapped registers.... I think this could compile down to `LDI r0, 0` ... that's kosher!
@dudeabideth4428 5 ай бұрын
Isn’t it necessary that 0 is not mapped and should give us a null pointer dereference crash ? I have seen the *(char *)0 deferencing to find a struct member offset. ( without writing to it though)
@alanchristiansen2880 5 ай бұрын
Yeah I used to, very rarely in special circumstances. write *(char *)=0; for real (not in main. LOL). it was typically followed by a comment indicating that if the code wound up here I was sure the heap & or stack was corrupted... From here an undefined behavior crash (seg fault) seemed like the best option. And yes how the people reading the code felt was at least as important as execution. I wanted anyone who messed with the code near here (esp and usually me) to have their smart paying attention hat on. Being terrified was a good first step. So I used this not anything else, that was more like "collateral damage" and not scary like the reality I was trying to convey.
@paulmoore7964 7 ай бұрын
i worked on a system where 0 was a valid address, null was 0xffffffff
@Stdvwr 7 ай бұрын
I'll try to remember it when I need to write my os
@Chalisque 7 ай бұрын
It would be useless for a modern operating system, but I'm curious what performance would be possible if you got rid of the MMU and all memory accesses were direct to physical RAM. (Thinking of a statically compiled pile of code that runs bare metal.)
@LeifNelandDk 4 ай бұрын
I would not expect much difference. MMU are supposed to be pretty invisible to the program.
@quasisolution 7 ай бұрын
Beyond informative talk
cpponsea
Рет қаралды 8 М.
Осторожно: Собчак
Рет қаралды 9 МЛН
Profy dev
Рет қаралды 10 М.
Marlon Wireless
Рет қаралды 3 МЛН