[LLVMdev] Clang + SAFECode Release Announcement

John Criswell criswell at illinois.edu
Thu Aug 18 09:56:10 CDT 2011


Dear All,

We have a new release of Clang with SAFECode technology for detecting 
memory safety errors. Memory safety checking (SAFECode for short) can be 
turned on with a single command line switch to clang/clang++. The 
SAFECode techniques do not change the behavior of the clang/clang++ 
compilers in any way when the switch is turned off, so this can be used 
as a drop-in replacement for clang/clang++.

Clang with SAFECode has the following advantages over tools such as 
Valgrind:

o) It is faster since it does not use dynamic binary translation and can 
optimize away some run-time checks.
o) It is more accurate since it knows the boundaries of individual stack 
and global objects (Valgrind's ptrcheck tool needs to use heuristics to 
find these boundaries).
o) It provides better error diagnostics that give more useful 
information about each memory safety violation.

The current release primarily detects dereferences of pointers that are 
generated from buffer overflows.  There are many features from the LLVM 
2.7 version of SAFECode that we are updating to work with LLVM mainline 
and will be incorporating into our version of Clang soon.  These 
features include:

o) Detecting invalid memory accesses (e.g., dangling pointer dereferences)
o) Detecting invalid calls to free()
o) Detecting uses of uninitialized pointers
o) Detecting memory errors caused by misuse of C standard library functions
o) Several optimizations, including type-safe load/store check removal 
and a loop hoisting optimization

Clang with SAFECode is available for download either in source form for 
Linux and Mac OS X or as a pre-built Mac OS X binary at 
http://sva.cs.illinois.edu/downloads.html.  The source code is also 
available directly from our SAFECode Subversion repository; download 
directions are given on the web page above.

We're very interested in feedback (positive, negative, or otherwise).

Regards,

John Criswell




More information about the LLVMdev mailing list