Menu
▾
▴
Re: [Valgrind-users] trampolines - how to work around
|
From: Jeremy F. <je...@go...> - 2005-05-26 00:45:07
|
Julian Seward wrote:
>So we can easily enough generate self-checking translations. A problem
>is, since self-checking translations are expensive to run, we want to
>make as few as possible. That means having a good heuristic for deciding
>when to do so. The currently postulated heuristic is to make a self-
>checking translation for code within some small offset of the stack
>pointer. Ideally the heuristic should say "yes" as infrequently as
>possible, but it should also never miss any such cases either.
>
>Is that correct? Any other things I need to take into account?
>
>
How about "generate self-checking code if the code is being fetched from
a writable page"? That will never happen in normal operation, since all
code is mapped read-only. It could be fooled by someone changing page
permissions with mprotect (write some code into a page, make it RO,
execute it, make it RW, change it), but you could fix that by clearing
the translation cache for a memory range when either switching it from
RW->RO or RO->RW (one or the other should do the trick).
The problem with the "near ESP" heuristic is that it won't cope with
generated elsewhere in the address space, such as running another JIT VM
under Valgrind.
J
|