Groups | Search | Server Info | Login | Register

Groups > comp.compilers > #140

Re: Dealing with load/store instructions on static tainted flow analysis

From kym@kymhorsell.com
Newsgroups comp.compilers
Subject Re: Dealing with load/store instructions on static tainted flow analysis
Date 2011-06-08 07:53 +0000
Organization kymhorsell.com
Message-ID <11-06-014@comp.compilers> (permalink)
References <11-06-010@comp.compilers>

Show all headers | View raw

Gabriel Quadros <gabrielquadros@hotmail.com> wrote:
...
> So, the problem is that it is hard to know that c != b and i != j.
> Once information flows into memory, the safest thing to do is to flag
> the whole memory as a SOURCE. Of course, that is very conservative. I
> was wondering if you guys could recommend me some strategies and
> techniques to be more precise. In particular, if you could point me
> some paper that does it, that would be great.
...

Something that may be of use.

You can create a hash value for address expressions and memory
accesses using a simple hash scheme.

Each constant in an expression is represented by itself.
Each variable is assigned a random number.
All operations + * / and performed modulo p (a nice big prime; there are
better choices if you're working with mixed integer and real expressions
e.g. if you want i**2 and exp(i*pi) to hash to -1 (i.e. p-1)).

Assignments copy the hash from one variable to another.

A pointer access can be modeled by generating a PRN using the hash
of the address as the seed.

If 2 hash values are different there is a strong probability the 2
expressions are not identical.

Of course, put this under an optimisation and give warnings in the manual. :)

Back to comp.compilers | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Dealing with load/store instructions on static tainted flow analysis Gabriel Quadros <gabrielquadros@hotmail.com> - 2011-06-06 21:00 -0700
  Re: Dealing with load/store instructions on static tainted flow analysis glen herrmannsfeldt <gah@ugcs.caltech.edu> - 2011-06-07 09:04 +0000
  Re: Dealing with load/store instructions on static tainted flow analysis kym@kymhorsell.com - 2011-06-08 07:53 +0000
  Re: Dealing with load/store instructions on static tainted flow analysis George Neuner <gneuner2@comcast.net> - 2011-06-09 18:51 -0400
  Re: Dealing with load/store instructions on static tainted flow analysis Martin Ward <martin@gkc.org.uk> - 2011-06-12 12:11 +0100

csiph-web