Re: [Valgrind-users] New skin available: Annelid, a pointer-misuse checker

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 29 Sep 2003, Philippe Elie wrote:

> On a different subject I used a few years ago a compiler
> doing bound checking by instrumenting code, one feature
> was the check of all pointer arithmetic to catch error
> earlier than at memory read/write.
>
> i.e.
>
> char * p = malloc(1000);
> p += 1024;
>
> the addition is not valid in C and was catched. Annelid seems
> able to do some pointer arithmetic check, have you plan to
> catch this sort of things ?

Hmm, I hadn't thought of doing that.  It's not very hard to fit in to
Annelid, and I just tried it.

It doesn't work, unfortunately, because going one past the end of an array
is quite common, eg:

  #include <stdlib.h>

  int main ( void )
  {
     char* a = malloc(10);
     char* p;

     for (p = a; p < a+10; p++)
        printf("%c\n", *p);

     return 0;
  }

The last time around the loop, p is one past the end of a's block.  This
example is contrived, but in practice it seems to be very common -- when I
added the check to Annelid, it caused 44 incorrectly diagnosed errors when
checking 'date'.  So it doesn't look feasible.

I think it's a bit like Memcheck allowing you to copy around uninitialised
memory, as long as you don't actually use it in a way that affects the
program's outcome -- you have to allow it, because it actually happens a
lot.

But thanks for the suggestion, I hadn't thought of this and it's useful to
know that it doesn't work.

N