Re: [Valgrind-developers] Proposed valgrind division patch

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 8/19/24 12:43, D. J. Bernstein wrote:
> There have been many successful "timing attacks" that break
> cryptographic software by working backwards from timings to secrets. One
> common use of valgrind's memcheck tool in cryptography is to catch data
> flow from secrets (marked with VALGRIND_MAKE_MEM_UNDEFINED) to branch
> instructions and array indices.

This appears to be dynamic tracking (during an actual execution)
of dataflow between designated classes of endpoints (some in RAM
and some in CPU.)

Modern static analyzers that employ theorem-proving techniques
have become quite good at identifying bugs that involve dataflow,
even simultaneously across all possible dataflows (not just the
flows of one actual execution), up to a dozen or more steps.

How much more effective is the dynamic technique than such a
static analysis?