|
From: chenping19850429 <che...@16...> - 2008-08-04 14:26:43
|
As I know, complier will give a warning when the type of pionter is different from the type of memory that it accesses to. Yet I want to give more detail information of the type conflict. In my opinion, some of the warnings represent acutal error, while others may be done by the programmer delibrately.Moreover, compiler may give no warnings in some cases. For example, if memory is allocated with the type of "int", and an pointer with "unsigned int" type points to it.This may lead to integer overflow. So I want to use valgrind give more information about the warning, give some useful information to the programmer and tell them the potential vulnerability.
But I'm not sure that whether the work I mentioned above is worthy to do. So I want to get some suggestions from you.
(1)Whether "pointer type checking" based on valgrind is worthy to do?
(2)Are there some previous tools which can give some type information of memory ?
Thank you.
Chenping
|
|
From: Filipe C. <fi...@gm...> - 2008-08-04 18:24:44
|
On 4 Aug, 2008, at 15:26, chenping19850429 wrote: > > As I know, complier will give a warning when the type of pionter > is different from the type of memory that it accesses to. Yet I want > to give more detail information of the type conflict. In my opinion, > some of the warnings represent acutal error, while others may be > done by the programmer delibrately.Moreover, compiler may give no > warnings in some cases. For example, if memory is allocated with > the type of "int", and an pointer with "unsigned int" type points to > it.This may lead to integer overflow. So I want to use valgrind give > more information about the warning, give some useful information to > the programmer and tell them the potential vulnerability. This example, in a strongly typed language, would blow up. In C it doesn't due to type compatability (which could be added to "the other language", if it allowed it. Even summing a float with an integer may be a type error :-) > But I'm not sure that whether the work I mentioned above is > worthy to do. So I want to get some suggestions from you. > (1)Whether "pointer type checking" based on valgrind is > worthy to do? You can't do this with valgrind because of type erasure. The compiled code has no type information so you can't do any pointer type checking. > (2)Are there some previous tools which can give some type > information of memory ? Due to type erasure: no. Maybe you could use some debug information and take care of the types (when the code is compiled with debug information), but I don't think it would work very well and I guess it could be rather fragile. What you can do is use a static analysis tool in your code. Something like clang may be of use if you're using C/Objective-C (C++ support is no that good... yet :-)) - Filipe Cabecinhas |
|
From: Nicholas N. <nj...@cs...> - 2008-08-12 05:05:39
|
On Mon, 4 Aug 2008, chenping19850429 wrote: > As I know, complier will give a warning when the type of pionter is different from the type of memory that it accesses to. Yet I want to give more detail information of the type conflict. In my opinion, some of the warnings represent acutal error, while others may be done by the programmer delibrately.Moreover, compiler may give no warnings in some cases. For example, if memory is allocated with the type of "int", and an pointer with "unsigned int" type points to it.This may lead to integer overflow. So I want to use valgrind give more information about the warning, give some useful information to the programmer and tell them the potential vulnerability. > But I'm not sure that whether the work I mentioned above is worthy to do. So I want to get some suggestions from you. > (1)Whether "pointer type checking" based on valgrind is worthy to do? > (2)Are there some previous tools which can give some type information of memory ? > Thank you. You might find this paper interesting: Symbolic execution and run-time type inference for integer conversion errors Available here: http://www.cs.berkeley.edu/~dmolnar/papers/papers.html Nick |
|
From: chenping19850429 <che...@16...> - 2008-08-13 03:11:53
|
Thank you! That's really an interesting work for me.:) 在2008-08-12,"Nicholas Nethercote" <nj...@cs...> 写道: On Mon, 4 Aug 2008, chenping19850429 wrote: > As I know, complier will give a warning when the type of pionter is different from the type of memory that it accesses to. Yet I want to give more detail information of the type conflict. In my opinion, some of the warnings represent acutal error, while others may be done by the programmer delibrately.Moreover, compiler may give no warnings in some cases. For example, if memory is allocated with the type of "int", and an pointer with "unsigned int" type points to it.This may lead to integer overflow. So I want to use valgrind give more information about the warning, give some useful information to the programmer and tell them the potential vulnerability. > But I'm not sure that whether the work I mentioned above is worthy to do. So I want to get some suggestions from you. > (1)Whether "pointer type checking" based on valgrind is worthy to do? > (2)Are there some previous tools which can give some type information of memory ? > Thank you. You might find this paper interesting: Symbolic execution and run-time type inference for integer conversion errors Available here: http://www.cs.berkeley.edu/~dmolnar/papers/papers.html Nick |