Florin Papa added the comment:
Hi Antoine,
The Py_INIT_BOUNDS calls were used because MPX generated a very large number of
error messages about pointer bounds violations at compile or run time, that
made Python unusable. The approach was to analyze the errors and ignore
checking if no obvious violation took place, in the hope to find the root cause.
The problem is that the errors can come from an actual bug or from a false
positive that can be propagated throughout the code. While we could not find
evidence of actual bugs, we found 2 examples of the latter, in listobject.c
(line 1100, in the binarysort function) and dictobject.c (line 1797 in
dict_keys function and line 1892 in dict_items).
The problem is caused by this coding pattern that is used in the two instances
mentioned above: a pointer to an allocated memory zone is used to access a
different allocated memory zone by adding the difference between their start
addresses to that pointer. Although this newly formed address is valid, in the
context of the pointer used for this operation it is outside its bounds so it’s
signaled as a bounds violation.
p *----------------* q *-------------------------------*
<-------------------------------------->
offset
p and q point to valid memory zones, being separated by an offset. If we do
something like
new_pointer = q – offset; // which is actually equal to p
value = *new_pointer; // dereferencing will generate an MPX
bounds violation, because
// new_pointer will keep q’s original
bounds
I will rewrite the code for these cases and provide the new patch as soon as I
have it.
Regards,
Florin
----------
_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25300>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
