Comment by LegionMammal978

From GP:

> (with checks for things like this enabled)

You can (and could) easily compile an optimized build with debug symbols to track down sources of issues, but catching a bug like this would likely take a dynamic checker like Valgrind or MSan, which do not allow for any optimizations if you want to avoid false negatives, and add even more overhead on top of that. (Valgrind with its full processor-level virtualization, and MSan with its shadow state on every access. But MSan didn't exist at the time, and Valgrind barely existed.)

At minimum, fine-grained stack randomization might have exposed the issue, but only if it happened to be spotted in playtests on the debug build.

AssKoala 17 hours ago

This was a PS2 game and codebase.

MSan didn’t exist at the time and valgrind doesn’t work on a ps2.

Neither of those are necessary to find this bug as it could be found using a stomp allocator if you’re a developer on the project at the time.

Reply View 1 reply

LegionMammal978 9 hours ago

How could a stomp allocator have possibly found this bug? The offending values are stored on the stack, in-bounds when written to, and again in-bounds when read from.
At no point is there an OOB access, just a failure to initialize stack variables. And to catch that, you'd need either MSan-style shadow state that didn't exist, thorough playtesting with fine-grained stack randomization, or some sort of poisoning that I don't think existed.

Reply View | 0 replies