Unmodelled external functions optimistically considered to never be sinks

hal-ler commented 7 years ago

Calls to unmodelled functions without bodies should be considered sinks in a conservative analysis. The current code actually implements this conservative behavior, but circumvents it with a continue statement. As such, these functions are considered always safe by the analysis.

https://github.com/sslab-gatech/unisan/blob/master/analysis/src/lib/SafeAllocation.cc#L791

kengiter commented 7 years ago

Fixed. Thanks!

hal-ler commented 7 years ago

Can you please publish new evaluation numbers after the fixes? These changes might have relavant performance impact and it is only fair to showcase the updated numbers.

kengiter commented 7 years ago

Sure. I quickly tested it over the Android kernel (including more modules, compared with that in the paper). I think the additional performance impact is negligible, based on the following numbers.

assuming empty functions as sinks

Number of static allocas: 17065

Number of dynamic allocas: 32

Number of unsafe allocas: 1675

Number of static mallocs: 2000

Number of dynamic mallocs: 1731

Number of unsafe mallocs: 584
not assuming empty function as sinks

Number of static allocas: 17065

Number of dynamic allocas: 32

Number of unsafe allocas: 1634

Number of static mallocs: 2000

Number of dynamic mallocs: 1731

Number of unsafe mallocs: 591

hal-ler commented 7 years ago

Thank you!

sslab-gatech / unisan

Unmodelled external functions optimistically considered to never be sinks #2

Number of static allocas: 17065

Number of dynamic allocas: 32

Number of unsafe allocas: 1675

Number of static mallocs: 2000

Number of dynamic mallocs: 1731

Number of unsafe mallocs: 584

Number of static allocas: 17065

Number of dynamic allocas: 32

Number of unsafe allocas: 1634

Number of static mallocs: 2000

Number of dynamic mallocs: 1731

Number of unsafe mallocs: 591