Pointer analysis

[Theldus]

Description

There are two ways to analyze pointers: 1) tracking the pointer value, as a normal variable (eg: ptr++ would be tracked) and 2) tracking the content pointed by the pointer.

The former is already handled by PBD, as can be seen from the test file in src/tests/test.c. The latter is more complicated and this issue aims to discuss some possible approaches to it.

Two main issues with the analysis of (the content of) pointers I can think of are:

• a) Where does the address come from? The address can come from a dynamic allocation (mmap, malloc, calloc...), a reference to a variable or part of it (ptr = &vec, ptr = &vec[2], ...), shared memory and so on.

• b) How big is this memory? If the address comes from a dynamically allocated variable, array... the size changes as well.

Both cases can be 'easily' handled if the addresses are already known, as in references to variables and structures... but it becomes quite annoying if dynamically allocated. With dynamic allocation some kind of mechanism should be used to get addresses and their size, maybe something like a dynamic library with hooks for malloc/calloc + LD_PRELOAD could be a reasonable solution to this, although it cannot handle all memory allocation cases it might be able to handle most of them.

That's it, there is no trivial solution to this, so any help in this regard is most welcome, ;-).