From Fedora Project Wiki
(Feature has been announced on devel-announce mailing list on 2013-01-24)
 
(7 intermediate revisions by 3 users not shown)
Line 16: Line 16:
== Current status ==
== Current status ==
* Targeted release: [[Releases/19]]
* Targeted release: [[Releases/19]]
* Last updated: 2013-01-22
* Last updated: 2013-03-11
* Percentage of completion: 50%
* Percentage of completion: 100%
  The non-overlapping testsuite could use some minor improvements though.


== Detailed Description ==
== Detailed Description ==
Line 24: Line 25:
[w]memcpy, str[n]cat, wcs[n]cat, str[n]cpy, wcs[n]cpy, [w]mempcpy, memccpy, stp[n]cpy
[w]memcpy, str[n]cat, wcs[n]cat, str[n]cpy, wcs[n]cpy, [w]mempcpy, memccpy, stp[n]cpy


While valgrind can detect these cases, using a DSO such as MEMSTOMP can be significantly faster.
While valgrind can detect these cases, using a DSO such as MEMSTOMP can be significantly faster. (The current valgrind-3.8.1 does not detect overlap in any of the wide-character copy functions such as wmemcpy etc. unless the implementation calls the non-wide version or other non-wide code.)


The MEMSTOMP code utilizes GPLV2+ and LGPL3 code.  The GPLV2+ code is limited to the backtrace code which is not thread safe and may need to be disabled/rewritten.
The MEMSTOMP code utilizes GPLV2+ and LGPL3 code.  The GPLV2+ code is limited to the backtrace code which is not thread safe and may need to be disabled/rewritten.


== Benefit to Fedora ==
== Benefit to Fedora ==
MEMSTOMP benefits Fedora by providing additional tools to help developers identify code with undefined behaviour and at a lower runtime cost than tools such as valgrind.
MEMSTOMP benefits Fedora by providing additional tools to help developers identify code with undefined behaviour and at a lower runtime cost than tools such as valgrind.


== Scope ==
== Scope ==
Line 43: Line 43:


== How To Test ==
== How To Test ==
MEMSTOMP does not currently have a testsuite.  I propose adding a simple testsuite to MEMSTOMP which verifies that a call to each of the listed functions with overlapping arguments is detected and that a call to each without overlapping arguments results in proper copying.
MEMSTOMP has a testsuite that is run as part of its build process that will verify non-conforming calls to certain functions are caught accordingly and that conforming calls are not caught.


Users can test the feature on any existing executable by running "memstomp <your executable>".
Users can test the feature on any existing executable by running "memstomp <your executable>".
Line 57: Line 57:
== Contingency Plan ==
== Contingency Plan ==
None necessary as nothing depends on MEMSTOMP.
None necessary as nothing depends on MEMSTOMP.


== Documentation ==
== Documentation ==
None available yetUsage, list of functions/arguments checked would be added if package is approved.
Simple manpage in placeStill needs list of functions/arguments checked.


== Release Notes ==
== Release Notes ==
Fedora 19 comes MEMSTOMP a DSO which can be preloaded into an application to discover overlapping memory arguments to certain functions at a lower runtime cost than valgrind.
Fedora 19 comes MEMSTOMP a DSO which can be preloaded into an application to discover overlapping memory arguments to certain functions at a lower runtime cost than valgrind.


== Comments and Discussion ==
== Comments and Discussion ==
* See [[Talk:Features/MEMSTOMP]]
* See [[Talk:Features/MEMSTOMP]]


[[Category:FeatureAnnounced]]
[[Category:FeatureAcceptedF19]]

Latest revision as of 13:38, 13 May 2013


MEMSTOMP

Summary

Include the MEMSTOMP DSOs in Fedora 19 to enable developers to more quickly detect certain library calls which result in undefined behaviour due to overlapping memory arguments.

Owner

  • Name: Jeff Law
  • Email: law@redhat.com

Current status

  • Targeted release: Releases/19
  • Last updated: 2013-03-11
  • Percentage of completion: 100%
 The non-overlapping testsuite could use some minor improvements though.

Detailed Description

MEMSTOMP is a DSO which can be preloaded by an application to detect calls to library routines with overlapping memory arguments. Specifically MEMSTOMP will detect calls to the following routines with overalapping memory arguments:

[w]memcpy, str[n]cat, wcs[n]cat, str[n]cpy, wcs[n]cpy, [w]mempcpy, memccpy, stp[n]cpy

While valgrind can detect these cases, using a DSO such as MEMSTOMP can be significantly faster. (The current valgrind-3.8.1 does not detect overlap in any of the wide-character copy functions such as wmemcpy etc. unless the implementation calls the non-wide version or other non-wide code.)

The MEMSTOMP code utilizes GPLV2+ and LGPL3 code. The GPLV2+ code is limited to the backtrace code which is not thread safe and may need to be disabled/rewritten.

Benefit to Fedora

MEMSTOMP benefits Fedora by providing additional tools to help developers identify code with undefined behaviour and at a lower runtime cost than tools such as valgrind.

Scope

The MEMSTOMP code utilizes GPLV2+ and LGPL3 code. The GPLV2+ code is limited to the backtrace code which is not thread safe and may need to be disabled/rewritten. If the thread safe code is disabled, applications making these calls with undefined semantics will immediately abort, which is still better than silently continuing.

A minimal testsuite needs to be written and the code needs trivial bundling into an RPM format.

Minimal documentation needs to be provided. A simple man page should be sufficient.

This feature won't affect any other parts of the distribution.

How To Test

MEMSTOMP has a testsuite that is run as part of its build process that will verify non-conforming calls to certain functions are caught accordingly and that conforming calls are not caught.

Users can test the feature on any existing executable by running "memstomp <your executable>".

If the executable does not make undefined calls, then it will run normally. If it does make undefined calls you will either get an abort as soon as the undefined call is detected or you will get a backtrace when the undefined call is detected.

User Experience

No user visible changes unless the user explicitly used the MEMSTOP DSO. For those who use the MEMSTOP DSO they would get a segfault or backtrace when running their application if the application has a call to one of the affected functions with overalapping memory arguments.

Dependencies

None.

Contingency Plan

None necessary as nothing depends on MEMSTOMP.

Documentation

Simple manpage in place. Still needs list of functions/arguments checked.

Release Notes

Fedora 19 comes MEMSTOMP a DSO which can be preloaded into an application to discover overlapping memory arguments to certain functions at a lower runtime cost than valgrind.

Comments and Discussion