Skip to Content.
Sympa Menu

svadev - Re: [svadev] Fwd: BBC _barebone_boundscheck function

svadev AT lists.siebelschool.illinois.edu

Subject: Svadev mailing list

List archive

Re: [svadev] Fwd: BBC _barebone_boundscheck function


Chronological Thread 
  • From: Baozeng <sploving1 AT gmail.com>
  • To: John Criswell <criswell AT illinois.edu>
  • Cc: svadev AT cs.illinois.edu
  • Subject: Re: [svadev] Fwd: BBC _barebone_boundscheck function
  • Date: Tue, 29 May 2012 09:13:16 +0800
  • List-archive: <http://lists.cs.uiuc.edu/pipermail/svadev>
  • List-id: <svadev.cs.uiuc.edu>
2012/5/28 John Criswell
<criswell AT illinois.edu>:
> On 5/26/12 6:19 AM, Baozeng wrote:
>
>
>
> 2012/5/26 John Criswell
> <criswell AT illinois.edu>
>>
>> On 5/25/12 7:53 AM, Baozeng wrote:
>>
>>
>> [snip]
>>>
>>>
>>>
>>
>> Does this make sense?
>
> Yes. But  there is a restriction about this technique as showed in the
> paper: it can only handle OOB pointers that are within SLOTSIZE/2 bytes from
> the original objects.
>
>
>
> I know.  That's fine.  We'll find out later if that's a problem in practice,
> and if so, we can try to devise a solution for it.
>
> The first goal is to get a basic but complete implementation working.
>
>
> Another thing not mentioned is that: why do we need to recover a pointer to
> the referent object?
>
> "If p is in the slot before the start of the referent, you can add SLOTSIZE
> to p, and you'll be pointing back into the referent memory object. "
>
> yes. Buy why only adds SLOTSIZE? I think p+SLOTSIZE/2+1 is also make it
> point back into the referent memory object.
>
>
> I haven't thought about it, but assuming that either one works, then I would
> opt for just adding SLOTSIZE.  This is because: a) it doesn't incur an
> additional computation than the other solution, and b) it is the method
> described in the original paper, which means the source code comment doesn't
> need to explain how and why it diverges from the paper's implementation.
>
>
> After p is pointing back into the referent memory object, then what can we
> use p to do?
>
>
> The reason why you need to find the referent is because boundscheck() is
> trying to determine if the result of the pointer indexing operation (i.e.,
> the gep instruction) starts in the same memory object as the source
> pointer.  The (partial) algorithm for boundscheck is:
>
> boundscheck (dest, source) {
>     referent = findReferent (source)
>     if (dest is within the bounds of referent)
>         check passes
>     else
>         handle the case in which dest is out-of-bounds
> }
>
> Even if source is an OOB pointer, we need to find the bounds of the original
> referent to determine if dest falls within those bounds.  That is why we
> need to find the referent.
Okay. I got it!
>
> -- John T.
>



--
     Best Regards,
                                                                 Baozeng Ding
                                                                
OSTG,NFS,ISCAS



Archive powered by MHonArc 2.6.16.

Top of Page