> int a; /* invalid value */ > int b; > if (a > 0) /* conditional on invalid value */ > b = a; > else > b = 0; > > ...memcheck produces a warning on the conditional branch. But if you look at > what this code actually computes, it is just "b = max(a,0)", which is not so > different from "b = a + 1". (That is, b is just some simple function of a.) I > want to teach memcheck to treat this second example like the first; > that is, just taint b as invalid if a is invalid.
Teaching VEX about the x86 opcode CMOVG (conditional move if Greater) might not be so difficult. Teaching VEX about branch-and-reconverge control flow involving multiple instructions, probably is harder. > > Another example: > > extern unsigned char lookup[256]; // assume this is initialized > > unsigned char x; > unsigned char y = lookup[x]; > > Here, I have some 8-bit function implemented using a lookup table. Again, > memcheck issues a diagnostic for using x as part of computing an address. But > I want to think of y as a simple function of x, and tell memcheck to just let > y inherit x's invalidity. > The key here is range analysis on the subscripting operation "lookup[x]". If the bounds on 'x' propagate, and if 'lookup' has effective bounds, then probably it is not so hard. -- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Valgrind-users mailing list Valgrind-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/valgrind-users
