From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-return-43066-listarch-gcc=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 28210 invoked by alias); 18 Dec 2001 19:54:23 -0000
Mailing-List: contact gcc-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Archive: <http://gcc.gnu.org/ml/gcc/>
List-Post: <mailto:gcc@gcc.gnu.org>
List-Help: <http://gcc.gnu.org/ml/>
Sender: gcc-owner@gcc.gnu.org
Received: (qmail 28086 invoked from network); 18 Dec 2001 19:53:07 -0000
Received: from unknown (HELO lotus.CS.Berkeley.EDU) (128.32.131.63)
  by sources.redhat.com with SMTP; 18 Dec 2001 19:53:07 -0000
Received: from lotus.CS.Berkeley.EDU (ejr@localhost)
	by lotus.CS.Berkeley.EDU (8.9.1a/8.9.1) with ESMTP id LAA10854;
	Tue, 18 Dec 2001 11:53:06 -0800 (PST)
Message-Id: <200112181953.LAA10854@lotus.CS.Berkeley.EDU>
To: Linus Torvalds <torvalds@transmeta.com>
cc: gcc@gcc.gnu.org
Subject: Re: Big-endian Gcc on Intel IA32 
In-Reply-To: Your message of "Mon, 17 Dec 2001 15:08:58 PST."
             <Pine.LNX.4.33.0112171504140.1891-100000@penguin.transmeta.com> 
Date: Tue, 18 Dec 2001 11:55:00 -0000
From: Jason Riedy <ejr@CS.Berkeley.EDU>
X-SW-Source: 2001-12/txt/msg01002.txt.bz2

And Linus Torvalds writes:
 - 
 - And I suspect some people might want to use it not as a "taint" bit, but
 - simply as a way to have a mechanism to strengthen the C type system.

There's some interesting UCB research in type qualifiers in 
general.  One specific target has been checking tainting,
and another has been locking in Linux.  The tool works on
pre-processed code, and it can take quite a lot of memory
when analyzing across multiple files.

  tool: http://www.cs.berkeley.edu/Research/Aiken/cqual/
	(older version; Jeff may provide a newer, experimental
	 one on request if he has time)
  tainting: http://www.cs.berkeley.edu/~jfoster/papers/usenix01.ps.gz
  locking: http://www.cs.berkeley.edu/~jfoster/papers/pldi02-flow.pdf

The most relevant observation:  Doing this properly (i.e. 
few to no false positives) requires polymorphic qualifiers.  
The "taint" has to pass through functions silently.  Treating
it just like "const" _does_ yield too many false positives.
So for this to be useful, you'll need more than what gcc
currently provides.

Providing polymorphic machinery for general gcc front-ends 
would take a good amount of work.  IIRC, Perl's data tainting 
is essentially a dynamic type tag.  Polymorphism is a static 
type system's way of avoiding the dynamic tag.  (One view of 
polymorphism, that is.)

Jason