This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: [patch] libbounds an extension of libmudflap with referent object tracking
- From: fche at redhat dot com (Frank Ch. Eigler)
- To: "Sebastian Pop" <sebpop at gmail dot com>
- Cc: "Gcc Patch List" <gcc-patches at gcc dot gnu dot org>, "Alexander Lamaison" <awl03 at doc dot ic dot ac dot uk>, "Paul H J Kelly" <p dot kelly at doc dot ic dot ac dot uk>
- Date: Sun, 06 Apr 2008 22:27:47 -0400
- Subject: Re: [patch] libbounds an extension of libmudflap with referent object tracking
- References: <cb9d34b20804051209p61549757o7b05814154b0f60b@mail.gmail.com>
"Sebastian Pop" <sebpop@gmail.com> writes:
> As Alex has obtained his copyright assignment, I have committed his
> work to the graphite branch such that others can review and try the
> bounds checker. This bounds checker is an extension of the existing
> mudflap code. [...]
Thanks for working on this area.
>From a brief reading of the MEng report paper, it seems to me that:
- the old mudflap bug that breaks c++ has a fix that fell between the
cracks: please repost it (cc: me for most reliable attention), and
many thanks!
- it may be wortwhile to investigate an extension of the stack/global
allocator code to optionally add small gaps between adjacent
objects. This would give plain mudflap a small bit of extra
protection against pointers that cross into neighbours. It would
not be as thorough as the effort of the new code (checking each
pointer *arithmetic* operation too like the old Jones work did), but
it may be enough to catch a large subset of such bugs.
- to assess the performance effect of the lookup cache by itself,
which is missing from the new work, the "lc-*" set of
MUDFLAP_OPTIONS could be used to disable it. Or more accurately, a
compiler option could force an out-of-line __mf_check() call for
each dereference.
- the libmudflap runtime could learn the same heuristic used by this
new code to guess that pointers suspected as foreign (coming from
uninstrumented library functions, via unhooked memory allocation)
are valid as opposed to invalid. It is probably not possible to
guess their bounds.... Hmm (just thinking out loud), when the
compiler sees a call to an extern function returning a pointer, it
could make a tentative __mf_register() call on that value with the
declared struct size.
- FChE