[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] Re: valgrind functionality in qemu?

From: Johannes Schindelin
Subject: Re: [Qemu-devel] Re: valgrind functionality in qemu?
Date: Mon, 22 Nov 2004 19:50:19 +0100 (CET)


On Mon, 22 Nov 2004, Ben Pfaff wrote:

> Johannes Schindelin <address@hidden> writes:
> > It would also be difficult to find the reference to the source code,
> > because there is no support for working with the debug information in the
> > code in QEmu that I know of. If you want to debug the Linux kernel, you
> > need to hack the "-kernel" loading code for that.
> It's not *that* hard, it just takes writing some code.  We did
> this in a simulation paper: "Understanding Data Lifetime via
> Whole System Simulation" available at
> <URL:http://www.stanford.edu/~blp/papers>, although our
> implementation used Bochs instead of qemu because qemu wasn't
> quite ready at the time.

Okay. Unfortunately, you didn't publish the source code for TaintBochs.
So how did you tackle following problems:

- when deciding what to taint, you want to be as specific as possible. How
did you tell bochs what was tainted, and what not?

- when you tested inside bochs, you didn't have control over loading of
programs. How did bochs know where the code came from?

- even more importantly, when you analyzed where tainting data was
propagated or freed, how did you find out which *source code* was
responsible for that?

I would do tha "just write some code" part, but I still look for
elegant solutions to those problems.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]