Make sure that statements such as: strcpy (dst, "/gnu/store/…"); or static const char str[] = "/gnu/store/…"; … strcpy (dst, str); do not result in chunked /gnu/store strings that are undetectable by Guix's GC and its grafting code. See and . --- gcc-5.3.0/gcc/builtins.c 2016-10-18 10:50:46.080616285 +0200 +++ gcc-5.3.0/gcc/builtins.c 2016-11-09 15:26:43.693042737 +0100 @@ -3012,6 +3012,58 @@ determine_block_size (tree len, rtx len_rtx, GET_MODE_MASK (GET_MODE (len_rtx))); } +extern void debug_tree (tree); + +/* Return true if STR contains the string "/gnu/store". */ + +bool +store_reference_p (tree str) +{ + if (getenv ("GUIX_GCC_DEBUG") != NULL) + debug_tree (str); + + if (TREE_CODE (str) == ADDR_EXPR) + str = TREE_OPERAND (str, 0); + + if (TREE_CODE (str) == VAR_DECL + && TREE_STATIC (str) + && TREE_READONLY (str)) + { + /* STR may be a 'static const' variable whose initial value + is a string constant. See . */ + str = DECL_INITIAL (str); + if (str == NULL_TREE) + return false; + } + + if (TREE_CODE (str) != STRING_CST) + return false; + + int len; + const char *store; + + store = getenv ("NIX_STORE") ? getenv ("NIX_STORE") : "/gnu/store"; + len = strlen (store); + + /* Size of the hash part of store file names, including leading slash and + trailing hyphen. */ + const int hash_len = 34; + + if (TREE_STRING_LENGTH (str) < len + hash_len) + return false; + + /* We cannot use 'strstr' because 'TREE_STRING_POINTER' returns a string + that is not necessarily NUL-terminated. */ + + for (int i = 0; i < TREE_STRING_LENGTH (str) - (len + hash_len); i++) + { + if (strncmp (TREE_STRING_POINTER (str) + i, store, len) == 0) + return true; + } + + return false; +} + /* Try to verify that the sizes and lengths of the arguments to a string manipulation function given by EXP are within valid bounds and that the operation does not lead to buffer overflow or read past the end. @@ -3605,6 +3657,13 @@ expand_builtin_memory_copy_args (tree dest, tree src, tree len, unsigned HOST_WIDE_INT max_size; unsigned HOST_WIDE_INT probable_max_size; + /* Do not emit block moves, which translate to the 'movabs' instruction on + x86_64, when SRC refers to store items. That way, store references + remain visible to the Guix GC and grafting code. See + . */ + if (store_reference_p (src)) + return NULL_RTX; + /* If DEST is not a pointer type, call the normal function. */ if (dest_align == 0) return NULL_RTX; --- gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:36:16.709442004 +0100 +++ gcc-5.5.0/gcc/gimple-fold.c 2018-03-20 11:46:43.838487065 +0100 @@ -635,6 +635,8 @@ var_decl_component_p (tree var) return SSA_VAR_P (inner); } +extern bool store_reference_p (tree); + /* If the SIZE argument representing the size of an object is in a range of values of which exactly one is valid (and that is zero), return true, otherwise false. */ @@ -742,6 +744,9 @@ gimple_fold_builtin_memory_op (gimple_stmt_iterator *gsi, off0 = build_int_cst (build_pointer_type_for_mode (char_type_node, ptr_mode, true), 0); + if (store_reference_p (src)) + return false; + /* If we can perform the copy efficiently with first doing all loads and then all stores inline it that way. Currently efficiently means that we can load all the memory into a single integer 6ebf6578 Ludovic Courtès 2023-10-01secret-service: Increase default handshake timeout....* gnu/build/secret-service.scm (secret-service-send-secrets): Increase #:handshake-timeout. Ludovic Courtès 2023-05-06services: dbus-service, secret-service: Do not cause (fibers) to be loaded....* gnu/build/dbus-service.scm (sleep*): Pass #:ensure #f to 'resolve-module'. * gnu/build/secret-service.scm (wait-for-readable-fd): Likewise. Ludovic Courtès 2022-09-13secret-service: Mark sockets as SOCK_CLOEXEC....* gnu/build/secret-service.scm (secret-service-send-secrets) (secret-service-receive-secrets): Pass SOCK_CLOEXEC to 'socket'. Ludovic Courtès 2022-04-07secret-service: Allow cooperative scheduling when Fibers is used....This lets the 'childhurd' service start in the background, letting shepherd perform other tasks in the meantime, including serving clients (such as the 'herd' command). * gnu/build/secret-service.scm (with-modules): New macro. (wait-for-readable-fd): Add cooperative implementation when Fibers is in use. (secret-service-send-secrets): Define 'sleep' so that it cooperates when Fibers is in use. Ludovic Courtès 2022-04-07secret-service: Abstract 'wait-for-readable-fd'....* gnu/build/secret-service.scm (wait-for-readable-fd): New procedure. (secret-service-send-secrets): Use it instead of 'select'. Ludovic Courtès