[cfe-dev] my experience with clang

Ted Kremenek kremenek at apple.com
Wed Jan 9 09:15:13 PST 2008 

On Jan 9, 2008, at 6:57 AM, Nuno Lopes wrote:

>>>>
>>>> Yes, I agree. It is quite simple and really useful (it can save a  
>>>> few
>>>> crashes and potential security bugs). I now need to port it to the
>>>> liveness
>>>> analyzer to get info about unititalized variables.
>>>> My initial idea was to extend this to user-space (I even sent a
>>>> proposal to
>>>> the gcc mailing list some time ago).
>>>
>>> One random and maybe interesting thought: the linux kernel people  
>>> are
>>> marking pointers as user or kernel and using their 'sparse' tool to
>>> flag semantic violations.  Instead of adding special support to  
>>> clang
>>> to handle something like this, I wonder if Christopher's alternate
>>> address space work could be used to handle this...
>>
>> Interesting possibility! If this is something you're interested in
>> I'll try to get my address spaces clang work committed sooner rather
>> than later.
>>
>> Another use of these types of pointer attributes is Microsoft's
>> __ptr32/__ptr64, though I don't think that's so much for analysis as
>> pure pointer hackery.
>
>
> Uhm I wonder how this relates with the varargs function checks I was  
> talking
> about.. As you probably know gcc supports the printf checks through an
> __attribute__, and I don't know how the address spaces thing could  
> be used
> to parse the format string and so on. (please enlighten me if I'm  
> wrong!).

Hi Nuno,

I think there may be a misunderstanding by what you mean by "extend  
this to user-space."  I agree that the vararg checking and the address  
space qualifiers are not the same exact topic, although the latter  
could be used to augment the former.

Not everyone has looked at your code, so they may not even be aware of  
what kinds of problems you were looking for in the use of the PHP  
interpreter API varargs functions.  My understanding you were looking  
at internal consistency within the interpreter codebase of how these  
functions were used; from this perspective, I'm not certain what you  
mean by "user-space."  That term is often overloaded; to an OS person  
the world is often divided into the "kernel" and "user" address  
spaces, and user-space pointers should never be directly dereferenced  
within the kernel (this can happen when arguments passed from system  
calls, etc., are not properly handled in the kernel).

My understanding (which I could be wrong) is that this is a completely  
different concept from what you mean by extending the checking to user- 
space.  If you could clarify a little more about what you mean that  
would be helpful.  I'm also not really clear by what you mean by  
"porting" it (the varargs checker) to the liveness/uninitialized  
analyses.

Ted

More information about the cfe-dev mailing list