Skip to Content.
Sympa Menu

svadev - Re: [svadev] runtime-check clarification

svadev AT lists.siebelschool.illinois.edu

Subject: Svadev mailing list

List archive

Re: [svadev] runtime-check clarification


Chronological Thread 
  • From: John Criswell <criswell AT illinois.edu>
  • To: Daniel Huang <dan.e.huang AT gmail.com>
  • Cc: "<svadev AT cs.illinois.edu>" <svadev AT cs.illinois.edu>
  • Subject: Re: [svadev] runtime-check clarification
  • Date: Sun, 24 Feb 2013 16:35:18 -0600
  • List-archive: <http://lists.cs.uiuc.edu/pipermail/svadev/>
  • List-id: <svadev.cs.uiuc.edu>
On 02/23/13 23:58, Daniel Huang wrote:
Hi Svadev,

Since the boundscheck function does not take an object length or know the pointer's type, what does it mean for a pointer to be in-bounds?

A boundscheck considers a pointer to be within bounds if it points within the bounds of the memory object.

For example, if I had a pointer to the last byte in a memory object, would calling boundscheck give me a rewrite pointer or a regular pointer? It's not clear to me what happens in this situation, since if I originally had an i8 pointer, it would be in-bounds, but if I had an i32 pointer, it would be out of bounds. However, the boundscheck function does not have access to the pointer's type (or size), so which does it pick? This also seems to imply that a boundscheck must always be followed by a poolcheck, where the poolcheck specifies the object length.

You are almost exactly correct.  A boundscheck does not ensure that a load or store through a pointer will access memory that is entirely within bounds.  That is the job of poolcheck (and its optimized companion, fastlscheck).  A boundscheck only ensures that the first byte address of a memory access is within bounds.

It is not necessarily true that a boundscheck must be followed by a poolcheck.  There are cases in which the result of a GEP instruction is never used to access memory.  In such cases, a poolcheck is unnecessary and is not performed.

The easiest way to think of it is that a boundscheck ensures that a GEP doesn't generate an out-of-bounds pointer, and a poolcheck ensures that a load or store accesses memory completely within the bounds of a memory object.  If you do pointer arithmetic without loads and stores, then you only need a boundscheck.  If you do loads and stores without any pointer arithmetic, then you only need a poolcheck.  If you do pointer arithmetic and a memory access, then you need both checks.

One of the enhancements we should make to SAFECode at some point is to have an optimization that can merge these checks together when it makes sense to do so.  There are many cases in which it would make sense to call a single function that performs both the GEP check and the load/store check (e.g., a GEP is post-dominated by load or store).

-- John T.


Could I get some clarification on what a boundscheck does?

Thanks,
Dan


_______________________________________________
svadev mailing list
svadev AT cs.uiuc.edu
http://lists.cs.uiuc.edu/mailman/listinfo/svadev


Archive powered by MHonArc 2.6.16.

Top of Page