



We have a new release of Clang with SAFECode technology for detecting

memory safety errors. Memory safety checking (SAFECode for short) can be

turned on with a single command line switch to clang/clang++. The

SAFECode techniques do not change the behavior of the clang/clang++

compilers in any way when the switch is turned off, so this can be used

as a drop-in replacement for clang/clang++.



Clang with SAFECode has the following advantages over tools such as

Valgrind:



o) It is faster since it does not use dynamic binary translation and can

optimize away some run-time checks.

o) It is more accurate since it knows the boundaries of individual stack

and global objects (Valgrind's ptrcheck tool needs to use heuristics to

find these boundaries).

o) It provides better error diagnostics that give more useful

information about each memory safety violation.



The current release primarily detects dereferences of pointers that are

generated from buffer overflows. There are many features from the LLVM

2.7 version of SAFECode that we are updating to work with LLVM mainline

and will be incorporating into our version of Clang soon. These

features include:



o) Detecting invalid memory accesses (e.g., dangling pointer dereferences)

o) Detecting invalid calls to free()

o) Detecting uses of uninitialized pointers

o) Detecting memory errors caused by misuse of C standard library functions

o) Several optimizations, including type-safe load/store check removal

and a loop hoisting optimization



Clang with SAFECode is available for download either in source form for

Linux and Mac OS X or as a pre-built Mac OS X binary at

. The source code is also

available directly from our SAFECode Subversion repository; download

directions are given on the web page above.



We're very interested in feedback (positive, negative, or otherwise).



Regards,



John Criswell





_______________________________________________

cfe-dev mailing list

[hidden email]

http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev

Dear All,We have a new release of Clang with SAFECode technology for detectingmemory safety errors. Memory safety checking (SAFECode for short) can beturned on with a single command line switch to clang/clang++. TheSAFECode techniques do not change the behavior of the clang/clang++compilers in any way when the switch is turned off, so this can be usedas a drop-in replacement for clang/clang++.Clang with SAFECode has the following advantages over tools such asValgrind:o) It is faster since it does not use dynamic binary translation and canoptimize away some run-time checks.o) It is more accurate since it knows the boundaries of individual stackand global objects (Valgrind's ptrcheck tool needs to use heuristics tofind these boundaries).o) It provides better error diagnostics that give more usefulinformation about each memory safety violation.The current release primarily detects dereferences of pointers that aregenerated from buffer overflows. There are many features from the LLVM2.7 version of SAFECode that we are updating to work with LLVM mainlineand will be incorporating into our version of Clang soon. Thesefeatures include:o) Detecting invalid memory accesses (e.g., dangling pointer dereferences)o) Detecting invalid calls to free()o) Detecting uses of uninitialized pointerso) Detecting memory errors caused by misuse of C standard library functionso) Several optimizations, including type-safe load/store check removaland a loop hoisting optimizationClang with SAFECode is available for download either in source form forLinux and Mac OS X or as a pre-built Mac OS X binary at http://sva.cs.illinois.edu/downloads.html . The source code is alsoavailable directly from our SAFECode Subversion repository; downloaddirections are given on the web page above.We're very interested in feedback (positive, negative, or otherwise).Regards,John Criswell_______________________________________________cfe-dev mailing list