DataFlowSanitizer: Add a design doc paragraph on checking ABI consistency.

author Peter Collingbourne <peter@pcc.me.uk>

Thu, 22 Aug 2013 20:08:20 +0000 (20:08 +0000)

committer Peter Collingbourne <peter@pcc.me.uk>

Thu, 22 Aug 2013 20:08:20 +0000 (20:08 +0000)
author Peter Collingbourne <peter@pcc.me.uk>
Thu, 22 Aug 2013 20:08:20 +0000 (20:08 +0000)
committer Peter Collingbourne <peter@pcc.me.uk>
Thu, 22 Aug 2013 20:08:20 +0000 (20:08 +0000)
diff --git a/docs/DataFlowSanitizerDesign.rst b/docs/DataFlowSanitizerDesign.rst

index 8f1cc6866d9c9eccb6aa8ea8bd7ecabf1a955f6a..32db88bda26908f0fc49a2e127b87e28bc7100e5 100644 (file)
--- a/docs/DataFlowSanitizerDesign.rst
+++ b/docs/DataFlowSanitizerDesign.rst
@@ -205,3 +205,16 @@ native ABI function directly and the pass will compute the appropriate label
  internally.  This has the advantage of reducing the number of union operations
  required when the return value label is known to be zero (i.e. ``discard``
  functions, or ``functional`` functions with known unlabelled arguments).
+
+Checking ABI Consistency
+------------------------
+
+DFSan changes the ABI of each function in the module.  This makes it possible
+for a function with the native ABI to be called with the instrumented ABI,
+or vice versa, thus possibly invoking undefined behavior.  A simple way
+of statically detecting instances of this problem is to prepend the prefix
+"dfs$" to the name of each instrumented-ABI function.
+
+This will not catch every such problem; in particular function pointers passed
+across the instrumented-native barrier cannot be used on the other side.
+These problems could potentially be caught dynamically.
author	Peter Collingbourne <peter@pcc.me.uk>
	Thu, 22 Aug 2013 20:08:20 +0000 (20:08 +0000)
committer	Peter Collingbourne <peter@pcc.me.uk>
	Thu, 22 Aug 2013 20:08:20 +0000 (20:08 +0000)