Re: [Valgrind-users] valgrind as a dynamic monitor

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

>The motivating example here is a fairly ambitious 
>project to automatically patch certain known classes 
>of software vulnerabilities like stack or heap-based
>overflows. 

Have you looked at libsafe? It might be an easier approach
to do this kind of thing. As a matter of fact, I have
hacked it to add instrumentation for several more overflows
than the authors did. You can get my imprroved version
here: www.web-insights.net/libsafe. You can diff it against
the official version to see how easy it is to add
instrumentation.

As for doing a transaction based system, it sounds like you
are going to be doing a setjmp & longjmp when it doesn't
work out. This is similar in concept to libchkpt which is a
check pointing library. The only difference is that rather
than moving the process to another machine, you will want
to do something else.

You may be able to adapt libsafe+libchkpt to achieve a
transaction based system. Sounds interesting.

-Steve Grubb

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com