|
From: Julian S. <js...@ac...> - 2005-05-19 16:21:25
|
> Actually, I think using a checksum at all is a bad idea. In the best > case you leave a small chance of "bad things happening", with 64bit > the chance is just smaller than with a 32bit checksum. But I think > that valgrind should be always correct, not just most of the time :-) With a 32-bit checksum your screwup probability is 2.33e-10. With a 64-bit checksum the probability is 5.42e-20. The probability of a meteorite striking my house each day is almost certainly larger than 5.42e-20. I'm not going to worry about a 64-bit checksum being wrong. > And there is the question of exploits. If there is a deterministic > case where valgrind makes a mistake, someone might decide to write a > webpage that uses the exploit to take over your computer. Ok, that is > highly unlikely, but not impossible. Huh? Valgrind is "just another" userspace process; you don't get elevated privileges from running your program on it. And so there is no extra risk. > Since the trampolins are usually small, what about just doing a > memcmp() with the original code? It's possible, but I would prefer a more general mechanism that did not assume the code fragments are small. J |