Groups | Search | Server Info | Login | Register
Groups > comp.compilers > #143
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!feeder1.hal-mli.net!nx02.iad01.newshosting.com!newshosting.com!69.16.185.16.MISMATCH!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!news.glorb.com!news-out.readnews.com!news-xxxfer.readnews.com!news.misty.com!news.iecc.com!nerds-end |
|---|---|
| From | Martin Ward <martin@gkc.org.uk> |
| Newsgroups | comp.compilers |
| Subject | Re: Dealing with load/store instructions on static tainted flow analysis |
| Date | Sun, 12 Jun 2011 12:11:38 +0100 |
| Organization | Compilers Central |
| Lines | 40 |
| Sender | news@iecc.com |
| Approved | comp.compilers@iecc.com |
| Message-ID | <11-06-017@comp.compilers> (permalink) |
| References | <11-06-010@comp.compilers> |
| NNTP-Posting-Host | news.iecc.com |
| X-Trace | gal.iecc.com 1307893492 40789 64.57.183.58 (12 Jun 2011 15:44:52 GMT) |
| X-Complaints-To | abuse@iecc.com |
| NNTP-Posting-Date | Sun, 12 Jun 2011 15:44:52 +0000 (UTC) |
| Keywords | analysis, storage |
| Posted-Date | 12 Jun 2011 11:44:52 EDT |
| X-submission-address | compilers@iecc.com |
| X-moderator-address | compilers-request@iecc.com |
| X-FAQ-and-archives | http://compilers.iecc.com |
| Xref | x330-a1.tempe.blueboxinc.net comp.compilers:143 |
Show key headers only | View raw
On Tuesday 07 Jun 2011 at 05:00, Gabriel Quadros <gabrielquadros@hotmail.com> wrote: > I am using LLVM, and I am analyzing the LLVM bitcodes. My pass is > working well, but I am having some issues with memory. Once > information flows to the heap, it is hard to know how it propagates to > the rest of the program. Example: > > a = SOURCE > b = malloc(100) > ... > b[i] = a > ... > SINK = c[j] > ... > > So, the problem is that it is hard to know that c != b and i != j. > Once information flows into memory, the safest thing to do is to flag > the whole memory as a SOURCE. Of course, that is very conservative. I > was wondering if you guys could recommend me some strategies and > techniques to be more precise. In particular, if you could point me > some paper that does it, that would be great. I suggest that you look at the research on "points-to analysis" with regions: this attempts to divide the memory of the machine into disjoint regions where each pointer can be guaranteed to address one or more of these regions. As long as the SOURCE pointers are in different regions to the SINK pointers, you should be OK. A possible starting point: "Putting Pointer Analysis to Work" (1998) by Rakesh Ghiya , Laurie J. Hendren http://citeseer.ist.psu.edu/viewdoc/summary?doi=10.1.1.40.9725 -- Martin STRL Reader in Software Engineering and Royal Society Industry Fellow martin@gkc.org.uk http://www.cse.dmu.ac.uk/~mward/ Erdos number: 4 G.K.Chesterton web site: http://www.cse.dmu.ac.uk/~mward/gkc/ Mirrors: http://www.gkc.org.uk and http://www.gkc.org.uk/gkc
Back to comp.compilers | Previous | Next — Previous in thread | Find similar
Dealing with load/store instructions on static tainted flow analysis Gabriel Quadros <gabrielquadros@hotmail.com> - 2011-06-06 21:00 -0700 Re: Dealing with load/store instructions on static tainted flow analysis glen herrmannsfeldt <gah@ugcs.caltech.edu> - 2011-06-07 09:04 +0000 Re: Dealing with load/store instructions on static tainted flow analysis kym@kymhorsell.com - 2011-06-08 07:53 +0000 Re: Dealing with load/store instructions on static tainted flow analysis George Neuner <gneuner2@comcast.net> - 2011-06-09 18:51 -0400 Re: Dealing with load/store instructions on static tainted flow analysis Martin Ward <martin@gkc.org.uk> - 2011-06-12 12:11 +0100
csiph-web