Information Source Code Documentation Contact How to Help Gallery | |
Table of Contents To use this tool, you must specify
SGCheck is a tool for finding overruns of stack and global arrays. It works by using a heuristic approach derived from an observation about the likely forms of stack and global array accesses. When a source file is compiled
with Checking of accesses to such arrays would then be relatively simple, if the compiler could also tell us which array (if any) each memory referencing instruction was supposed to access. Unfortunately the DWARF3 debugging format does not provide a way to represent such information, so we have to resort to a heuristic technique to approximate it. The key observation is that if a memory referencing instruction accesses inside a stack or global array once, then it is highly likely to always access that same array. To see how this might be useful, consider the following buggy fragment: { int i, a[10]; // both are auto vars for (i = 0; i <= 10; i++) a[i] = 42; } At run time we will know the precise address
of There is an important caveat. Imagine a function such as To avoid this problem, SGCheck instantiates fresh likely-target
records for each entry to a function, and discards them on exit. This
allows detection of cases where (e.g.) It is important to note that the association is done between a binary instruction and an array, the first time this binary instruction accesses an array during a function call. When the same instruction is executed again during the same function call, then SGCheck might report a problem, if these further executions are not accessing the same array. This technique causes several limitations in SGCheck, see Limitations. SGCheck and Memcheck are complementary: their capabilities do not overlap. Memcheck performs bounds checks and use-after-free checks for heap arrays. It also finds uses of uninitialised values created by heap or stack allocations. But it does not perform bounds checking for stack or global arrays. SGCheck, on the other hand, does do bounds checking for stack or global arrays, but it doesn't do anything else. This is an experimental tool, which relies rather too heavily on some not-as-robust-as-I-would-like assumptions on the behaviour of correct programs. There are a number of limitations which you should be aware of.
Items marked CRITICAL are considered important for correctness: non-fixage of them is liable to lead to crashes or assertion failures in real use.
|
|
Copyright © 2000-2024 Valgrind™ Developers |