[Hardeneddrivers-discuss] RE: [cgl_discussion] Some Initial Comments
on DDH-Spec-0.5h.pdf
Jeff Garzik
jgarzik at pobox.com
Tue Sep 24 11:28:27 PDT 2002
Patrick Mochel wrote:
> [ Some students at Stanford did something called the Stanford Checker, an
> extension to gcc that they could teach to check for many things: large
> on-stack variables, unfreed memory, etc etc. It's not open source, but
> some people at Berkeley did something similar that was.. That's a big
> project in itself, but would be great for compile-time checking..]
Let me highlight this point...
The Stanford Checker was a great tool. Something like it would be an
excellent weapon in the driver hardening arsenal. Adding custom
compile-checks let to the killing of _hundreds_ of bugs, with the kernel
developers describing patterns the compiler could match for a set of
particular bugs.
[and I still wonder why the Stanford Checker wasn't open source, since
gcc is GPL'd... but anyway, I'll take that question to #offtopic]
Jeff
More information about the cgl_discussion
mailing list