I've been doing a lot of debugging lately. There are probably many explanations for each of the different bugs, but "naming" problems seem to be the cause or symptom of most of the bugs. Here's one example :
Out of thin air
I start with a callgraph where each node represents a function. Each of the graph nodes have an integer ID. Sometimes the wrong node would be summoned, namely, the node representing a function called "pthread_mutex_lock".
Explaination: To determine what to summon, I refer to mutable variable "current function" (yes, ugh... mutation). In some cases that variable wasn't being set, so it referenced a "dummy" function. When the "current function" was dereferenced, it would summon "pthread_mutex_lock". The function "pthread_mutex_lock" was the first function analyzed, so it was assigned ID #0. The dummy function comes from CIL (which my analysis uses), and CIL assigns the dummy function ID #0 as well.
Fix: set the "current function" variable at the right times. To reduce the headache next time, use dummy IDs that are more unique like 0xDEADBEEF.
No comments:
Post a Comment