svadev AT lists.siebelschool.illinois.edu
Subject: Svadev mailing list
List archive
- From: John Criswell <criswell AT illinois.edu>
- To: Matthew Wala <wala1 AT illinois.edu>
- Cc: "svadev AT cs.uiuc.edu" <svadev AT cs.uiuc.edu>
- Subject: Re: [svadev] string transform and complete flag
- Date: Wed, 6 Apr 2011 16:56:50 -0500
- List-archive: <http://lists.cs.uiuc.edu/pipermail/svadev>
- List-id: <svadev.cs.uiuc.edu>
- Organization: University of Illinois
On 4/6/11 12:17 AM, Matthew Wala wrote:
On Apr 5, 2011, at 11:43 PM, John Criswell wrote:
On 4/5/2011 7:56 PM, Matthew Wala wrote:Why would the string function transform module need this information?
Hi everyone:The Complete flag is a DSA flag set on a DSNode. It indicates that
What's the purpose of the "complete" byte which is passed as an
argument and the end of the pool_* string
functions?
the DSA information computed for the DSNode is as complete as it can
be: everything that can be known about the memory object has been
computed.
Does its presence affect the guarantee of
memory safety, or is it there for some other work, or can we take it
out?
It affects the memory safety guarantees. If DSA cannot infer all that can be known about a memory object, then SAFECode relaxes its memory safety guarantees. Specifically, for the string functions, if the DSNode for a memory buffer is Incomplete, then the run-time check on the memory buffer is as follows:
1) If the pointer doesn't point into a valid memory object found within the splay tree, assume the pointer is okay.
2) If the pointer does point into a valid memory object within the splay tree, do the appropriate bounds check.
Note that (1) differs from a complete check: for a complete check, if the pointer is not found within a valid memory object, the run-time check flags a memory safety error. This is because all memory objects to which the pointer can point are guaranteed to be registered with the splay tree.
This is a problem unrelated to completeness. In this case, DSA doesOkay - it seems I can fix the error I'm getting by checking the pointer
not create a DSNode for the null pointer constant. In this instance,
you should create a NULL Pool handle and pass that in. If the string
function is supposed to handle NULL string pointers, then your
run-time checks should be adjusted to take NULL pool handles and NULL
pointers into account.
For a NULL constant pointer, you can consider it Complete since it is
trivial to know everything about it that we care to know.
for a NULL constant and
marking it complete if it is one.
Yes.
What do you mean by creating a NULL Pool handle? If I am not mistaken a
NULL pool handle is already created
by the StringTransform module, then filled by poolalloc, for every
string parameter. Doesn't poolalloc
already fill the pool handle for the NULL constant?
Yes. You can either put in a NULL pool handle or just leave the NULL pool handle that is already there in place.
-- John T.
Thanks for your reply,
Matt
- [svadev] string transform and complete flag, Matthew Wala, 04/05/2011
- Re: [svadev] string transform and complete flag, John Criswell, 04/05/2011
- Re: [svadev] string transform and complete flag, Matthew Wala, 04/06/2011
- Re: [svadev] string transform and complete flag, John Criswell, 04/06/2011
- Re: [svadev] string transform and complete flag, Matthew Wala, 04/06/2011
- Re: [svadev] string transform and complete flag, John Criswell, 04/05/2011
Archive powered by MHonArc 2.6.16.