Skip to Content.
Sympa Menu

svadev - Re: [svadev] Fwd: BBC _barebone_boundscheck function

svadev AT lists.siebelschool.illinois.edu

Subject: Svadev mailing list

List archive

Re: [svadev] Fwd: BBC _barebone_boundscheck function


Chronological Thread 
  • From: John Criswell <criswell AT illinois.edu>
  • To: Baozeng <sploving1 AT gmail.com>
  • Cc: svadev AT cs.illinois.edu
  • Subject: Re: [svadev] Fwd: BBC _barebone_boundscheck function
  • Date: Mon, 28 May 2012 10:29:24 -0500
  • List-archive: <http://lists.cs.uiuc.edu/pipermail/svadev>
  • List-id: <svadev.cs.uiuc.edu>
  • Organization: University of Illinois
On 5/26/12 6:19 AM, Baozeng wrote:

2012/5/26 John Criswell <criswell AT illinois.edu>
On 5/25/12 7:53 AM, Baozeng wrote:

[snip]



Does this make sense?
Yes. But  there is a restriction about this technique as showed in the paper: it can only handle OOB pointers that are within SLOTSIZE/2 bytes from the original objects.


I know.  That's fine.  We'll find out later if that's a problem in practice, and if so, we can try to devise a solution for it.

The first goal is to get a basic but complete implementation working.

Another thing not mentioned is that: why do we need to recover a pointer to the referent object?

"If p is in the slot before the start of the referent, you can add SLOTSIZE to p, and you'll be pointing back into the referent memory object. "

yes. Buy why only adds SLOTSIZE? I think p+SLOTSIZE/2+1 is also make it point back into the referent memory object.

I haven't thought about it, but assuming that either one works, then I would opt for just adding SLOTSIZE.  This is because: a) it doesn't incur an additional computation than the other solution, and b) it is the method described in the original paper, which means the source code comment doesn't need to explain how and why it diverges from the paper's implementation.

After p is pointing back into the referent memory object, then what can we use p to do?

The reason why you need to find the referent is because boundscheck() is trying to determine if the result of the pointer indexing operation (i.e., the gep instruction) starts in the same memory object as the source pointer.  The (partial) algorithm for boundscheck is:

boundscheck (dest, source) {
    referent = findReferent (source)
    if (dest is within the bounds of referent)
        check passes
    else
        handle the case in which dest is out-of-bounds
}

Even if source is an OOB pointer, we need to find the bounds of the original referent to determine if dest falls within those bounds.  That is why we need to find the referent.

-- John T.


Archive powered by MHonArc 2.6.16.

Top of Page