From Fedora Project Wiki


MEMSTOMP

Summary

Include the MEMSTOMP DSOs in Fedora 19 to enable developers to more quickly detect certain library calls which result in undefined behaviour due to overlapping memory arguments.

Owner

  • Name: Jeff Law
  • Email: law@redhat.com

Current status

  • Targeted release: Releases/19
  • Last updated: 2013-03-11
  • Percentage of completion: 95%
 The non-overlapping testsuite could use some minor improvements.  Skeleton manpage could probably use further work, but it's certainly in good enough shape to include.

Detailed Description

MEMSTOMP is a DSO which can be preloaded by an application to detect calls to library routines with overlapping memory arguments. Specifically MEMSTOMP will detect calls to the following routines with overalapping memory arguments:

[w]memcpy, str[n]cat, wcs[n]cat, str[n]cpy, wcs[n]cpy, [w]mempcpy, memccpy, stp[n]cpy

While valgrind can detect these cases, using a DSO such as MEMSTOMP can be significantly faster. (The current valgrind-3.8.1 does not detect overlap in any of the wide-character copy functions such as wmemcpy etc.)

The MEMSTOMP code utilizes GPLV2+ and LGPL3 code. The GPLV2+ code is limited to the backtrace code which is not thread safe and may need to be disabled/rewritten.

Benefit to Fedora

MEMSTOMP benefits Fedora by providing additional tools to help developers identify code with undefined behaviour and at a lower runtime cost than tools such as valgrind.

Scope

The MEMSTOMP code utilizes GPLV2+ and LGPL3 code. The GPLV2+ code is limited to the backtrace code which is not thread safe and may need to be disabled/rewritten. If the thread safe code is disabled, applications making these calls with undefined semantics will immediately abort, which is still better than silently continuing.

A minimal testsuite needs to be written and the code needs trivial bundling into an RPM format.

Minimal documentation needs to be provided. A simple man page should be sufficient.

This feature won't affect any other parts of the distribution.

How To Test

MEMSTOMP has a testsuite that is run as part of its build process that will verify non-conforming calls to certain functions are caught accordingly and that conforming calls are not caught.

Users can test the feature on any existing executable by running "memstomp <your executable>".

If the executable does not make undefined calls, then it will run normally. If it does make undefined calls you will either get an abort as soon as the undefined call is detected or you will get a backtrace when the undefined call is detected.

User Experience

No user visible changes unless the user explicitly used the MEMSTOP DSO. For those who use the MEMSTOP DSO they would get a segfault or backtrace when running their application if the application has a call to one of the affected functions with overalapping memory arguments.

Dependencies

None.

Contingency Plan

None necessary as nothing depends on MEMSTOMP.

Documentation

Simple manpage in place. Still needs list of functions/arguments checked.

Release Notes

Fedora 19 comes MEMSTOMP a DSO which can be preloaded into an application to discover overlapping memory arguments to certain functions at a lower runtime cost than valgrind.

Comments and Discussion