Jump to content

Trampoline (computing)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Bonadea (talk | contribs) at 19:03, 5 July 2018 (rm spammy spam, inserted in valid reference). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In computer programming, the word trampoline has a number of meanings, and is generally associated with jumps (i.e., moving to different code paths).

Low-level programming

Trampolines (sometimes referred to as indirect jump vectors) are memory locations holding addresses pointing to interrupt service routines, I/O routines, etc. Execution jumps into the trampoline and then immediately jumps out, or bounces, hence the term trampoline. They have many uses:

  • Trampoline can be used to overcome the limitations imposed by a CPU architecture that expects to always find vectors in fixed locations.
  • When an operating system is booted on a symmetric multiprocessing (SMP) machine, only one processor, the bootstrap processor, will be active. After the operating system has configured itself, it will instruct the other processors to jump to a piece of trampoline code that will initialize the processors and wait for the operating system to start scheduling threads on them.

High-level programming

  • In Java, trampoline refers to using reflection to avoid using inner classes, for example in event listeners. The time overhead of a reflection call is traded for the space overhead of an inner class. Trampolines in Java usually involve the creation of a GenericListener to pass events to an outer class.[2]
  • When interfacing pieces of code with incompatible calling conventions, a trampoline is used to convert the caller's convention into the callee's convention.
    • In embedded systems, trampolines are short snippets of code that start up other snippets of code. For example, rather than write interrupt handlers entirely in assembly language, another option is to write interrupt handlers mostly in C, and use a short trampoline to convert the assembly-language interrupt calling convention into the C calling convention.[3]
    • When passing a callback to a system that expects to call a C function, but one wants it to execute the method of a particular instance of an class written in C++, one uses a short trampoline to convert the C function-calling convention to the C++ method-calling convention. One way of writing such a trampoline is to use a thunk.[4] Another method is to use a generic listener.[2]
  • In the GCC compiler, trampoline refers to a technique for implementing pointers to nested functions.[6] The trampoline is a small piece of code which is constructed on the fly on the stack when the address of a nested function is taken. The trampoline sets up the static link pointer, which allows the nested function to access local variables of the enclosing function. The function pointer is then simply the address of the trampoline. This avoids having to use "fat" function pointers for nested functions which carry both the code address and the static link.[7][8][9] This however conflicts with the tendency to make the stack non-executable though for security reasons.

No-execute stacks

Some implementations of trampolines cause a loss of no-execute stacks (NX stack). In the GNU Compiler Collection (GCC) in particular, a nested function builds a trampoline on the stack at runtime, and then calls the nested function through the data on stack. The trampoline requires the stack to be executable.

No execute stacks and nested functions are mutually exclusive under GCC. If a nested function is used in the development of a program, then the NX stack is silently lost. GCC offers the -Wtrampoline warning to alert of the condition.

Software engineered using secure development lifecycle often do not allow the use of nested functions due to the loss of NX stacks.[10]

See also

References

  1. ^ Baker, Henry G. (September 1995). "CONS Should Not CONS Its Arguments, Part II: Cheney on the M.T.A." ACM SIGPLAN Notices. 30 (9): 17–20. doi:10.1145/214448.214454. Archived from the original on 2016-11-11. {{cite journal}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  2. ^ a b Muller, Hans (2005-01-31). "Asserting Control Over the GUI: Commands, Defaults, and Resource Bundles". today.java.net. Trampolines. Retrieved 2015-11-06. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help) [1]
  3. ^ Stangvik, Einar Otto (2006-08-16). "Thunking in Win32 with C++". Archived from the original on 2012-10-15. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  4. ^ Weiher, Marcel (2004). "Higher Order Messaging (HOM)" (PDF). Archived from the original (PDF) on 2018-05-26. Retrieved 2018-05-26. {{cite web}}: |archive-date= / |archive-url= timestamp mismatch; 2018-05-27 suggested (help); Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  5. ^ fuz (2011-11-18). "Implementation of nested functions". StackOverflow. Archived from the original on 2016-03-29. Retrieved 2018-05-26. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  6. ^ "Trampolines for Nested Functions". Using the GNU Compiler Collection (GCC). 2018 [2002]. 18.11. Archived from the original on 2018-05-27. Retrieved 2018-05-26. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  7. ^ "Nested functions". Using the GNU Compiler Collection (GCC). 2018 [2002]. 6.4. Archived from the original on 2018-05-27. Retrieved 2018-05-26. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  8. ^ Breuel, Thomas M. (2013). "Lexical Closures for C++" (PDF). Archived from the original (PDF) on 2017-12-12. Retrieved 2018-05-26. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  9. ^ Walton, Jeffrey; Manico, Jim; Wall, Kevin (2018-03-02) [2013]. "C-Based Toolchain Hardening". The Open Web Application Security Project (OWASP). Archived from the original on 2018-05-27. Retrieved 2018-03-02. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  10. ^ "Intel Analysis of Speculative Execution Side Channels" (PDF) (White Paper). Revision 1.0 (336983–001). Intel. January 2018: 5. Archived from the original (PDF) on 2018-05-01. Retrieved 2018-01-11. second technique introduces the concept of a "return trampoline", also known as "retpoline" {{cite journal}}: Cite journal requires |journal= (help); Unknown parameter |dead-url= ignored (|url-status= suggested) (help)
  11. ^ Turner, Paul (2018-01-04). "Retpoline: a software construct for preventing branch-target-injection – Google Help". support.google.com. Archived from the original on 2018-01-05. {{cite web}}: Unknown parameter |dead-url= ignored (|url-status= suggested) (help)