Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
russfink 5 hours ago

Is this a DoS risk - code that sends your build chain into an infinite loop?

sltkr 3 hours ago | parent | next [-]

From a DoS risk perspective there is no practical difference between an infinite loop, or a finite but arbitrarily large loop, which was always possible.

For example, this doesn't work:

    #define DOUBLE(x) DOUBLE(x) DOUBLE(x)
    DOUBLE(x)
That would only expand once and then stop because of the rule against repeated expansion. But nothing prevents you from unrolling the first few recursive expansions, e.g.:

    #define DOUBLE1(x) x x
    #define DOUBLE2(x) DOUBLE1(x) DOUBLE1(x)
    #define DOUBLE3(x) DOUBLE2(x) DOUBLE2(x)
    #define DOUBLE4(x) DOUBLE3(x) DOUBLE3(x)
    DOUBLE4(x)
This will generate 2^4 = 16 copies of x. Add 60 more lines to generate 2^64 copies of x. While 2^64 is technically a finite number, for all practical purposes it might as well be infinite.
saghm 5 hours ago | parent | prev | next [-]

Without any specific implementation of a constraint it certainly can happen, although I'm not totally sure that it's something to be concerned about in terms of a DOS as much as a nuisance when writing code with a bug in it; if you're including malicious code, there's probably much worse things it could do if it actually builds properly instead of just spinning indefinitely.

Rust's macros are recursive intentionally, and the compiler implements a recursion limit that IIRC defaults to 64, at which point it will error out and mention that you need to increase it with an attribute in the code if you need it to be higher. This isn't just for macros though, as I've seen it get triggered before with the compiler attempting to resolve deeply nested generics, so it seems plausible to me that C compilers might already have some sort of internal check for this. At the very least, C++ templates certainly can get pretty deeply nested, and given that the major C compilers are pretty closely related to their C++ counterparts, maybe this is something that exists in the shared part of the compiler logic.

viega 5 hours ago | parent | next [-]

C++ also has constexpr functions, which can be recursive.

All code can have bugs, error out and die.

There are lots of good reasons to run code at compile time, most commonly to generate code, especially tedious and error-prone code. If the language doesn't have good built-in facilities to do that, then people will write separate programs as part of the build, which adds system complexity, which is, in my experience, worse for C than for most other languages.

If a language can remove that build complexity, and the semantics are clear enough to the average programmer (For example, Nim's macro system which originally were highly appealing (and easy) to me as a compiler guy, until I saw how other people find even simple examples completely opaque-- worse than C macros.

WalterBright 4 hours ago | parent | prev [-]

D doesn't have macros, quite deliberately.

What it does have are two features:

1. compile time evaluation of functions - meaning you can write ordinary D code and execute it at compile time, including handling strings

2. a "mixin" statement that has a string as an argument, and the string is compiled as if it were D source code, and that code replaces the mixin statement, and is compiled as usual

Simple and easy.

viega 5 hours ago | parent | prev [-]

No. Other modern languages have strong compile-time execution capabilities, including Zig, Rust and C++. And my understanding is that C is looking to move in that direction, though as with C++, macros will not go away.