[cfe-dev] my experience with clang

Nuno Lopes nunoplopes at sapo.pt
Wed Jan 9 14:42:43 PST 2008 

> I think there may be a misunderstanding by what you mean by "extend  this 
> to user-space."  I agree that the vararg checking and the address  space 
> qualifiers are not the same exact topic, although the latter  could be 
> used to augment the former.
>
> Not everyone has looked at your code, so they may not even be aware of 
> what kinds of problems you were looking for in the use of the PHP 
> interpreter API varargs functions.  My understanding you were looking  at 
> internal consistency within the interpreter codebase of how these 
> functions were used; from this perspective, I'm not certain what you  mean 
> by "user-space."  That term is often overloaded; to an OS person  the 
> world is often divided into the "kernel" and "user" address  spaces, and 
> user-space pointers should never be directly dereferenced  within the 
> kernel (this can happen when arguments passed from system  calls, etc., 
> are not properly handled in the kernel).


I think I didn't explain myself well, sorry.

The PHP interpreter has the following function:
int zend_parse_parameters(int num_args, char *type_spec, ...);

it is usually used like this:
zend_parse_parameters(ZEND_NUM_ARGS(), "s|l", &str, &str_len, &number);

The problem is that the number and type of arguments depend on the format 
string. In this case it receives a string (str + length) and a long 
(optional). No compiler is currently able (AFAIK) to check if the function 
is called correctly. Also, 'number' might not be initialized, while str and 
str_len do (if the function doesn't return FAILURE).
I implemented a simple checker with clang to verify the parameter types. I 
mentioned that I need to port it to the liveness analyzer because I want to 
check if the parameters after the '|' are used before initialization and if 
the ones before are not initialized unnecessarily.

I doubt that anytime soon compilers will be able to analyze these varargs 
functions automatically (well, you could try to do use some heuristics, like 
searching for a switch, but..), so my idea was to expose some kind of API to 
the programmers to allow them to specify some arbitrary function to validate 
the arguments.
GCC supports the following:
void my_printf(const char *format, ...)  __attribute__((format(printf, 1, 
2)));

but GCC only supports the printf and scanf functions. My idea was to 
generalize this, by allowing the user to specify some function (without 
touching in the compiler's code).
While the idea seems fairly acceptable, I don't have any syntax proposal.

Reference: http://gcc.gnu.org/ml/gcc/2006-11/msg00331.html

Any thoughts? :)

Nuno

More information about the cfe-dev mailing list