[LLVMdev] Clang + SAFECode Release Announcement
criswell at illinois.edu
Thu Aug 18 09:56:10 CDT 2011
We have a new release of Clang with SAFECode technology for detecting
memory safety errors. Memory safety checking (SAFECode for short) can be
turned on with a single command line switch to clang/clang++. The
SAFECode techniques do not change the behavior of the clang/clang++
compilers in any way when the switch is turned off, so this can be used
as a drop-in replacement for clang/clang++.
Clang with SAFECode has the following advantages over tools such as
o) It is faster since it does not use dynamic binary translation and can
optimize away some run-time checks.
o) It is more accurate since it knows the boundaries of individual stack
and global objects (Valgrind's ptrcheck tool needs to use heuristics to
find these boundaries).
o) It provides better error diagnostics that give more useful
information about each memory safety violation.
The current release primarily detects dereferences of pointers that are
generated from buffer overflows. There are many features from the LLVM
2.7 version of SAFECode that we are updating to work with LLVM mainline
and will be incorporating into our version of Clang soon. These
o) Detecting invalid memory accesses (e.g., dangling pointer dereferences)
o) Detecting invalid calls to free()
o) Detecting uses of uninitialized pointers
o) Detecting memory errors caused by misuse of C standard library functions
o) Several optimizations, including type-safe load/store check removal
and a loop hoisting optimization
Clang with SAFECode is available for download either in source form for
Linux and Mac OS X or as a pre-built Mac OS X binary at
http://sva.cs.illinois.edu/downloads.html. The source code is also
available directly from our SAFECode Subversion repository; download
directions are given on the web page above.
We're very interested in feedback (positive, negative, or otherwise).
More information about the LLVMdev