[LLVMdev] LLVM-based address sanity checker
Kostya Serebryany
kcc at google.com
Thu Jun 16 01:27:25 PDT 2011
Hello again,
The tool we announced 1.5 months ago has matured quite a bit.
In addition to heap out-of-bound and use-after-free bugs it also finds stack
overruns/underruns.
AddressSanitizer is being actively used by the Chromium developers and
already found over 20 bugs:
http://blog.chromium.org/2011/06/testing-chromium-addresssanitizer-fast.html
Question to the LLVM developers: would you consider adding the AddressSanitizer
code to the LLVM trunk?
Thanks,
--kcc
On Tue, May 3, 2011 at 10:52 PM, Kostya Serebryany <kcc at google.com> wrote:
> Hello,
>
> We've just released the first version of our LLVM-based address sanity
> checker: AddressSanitizer (http://code.google.com/p/address-sanitizer/).
> The tool finds out-of-bound and use-after-free bugs (the subset of bugs
> detectable by Valgrind/Memcheck);
> it consists of a LLVM compiler plugin which performs simple code
> instrumentation and a malloc replacement library.
> The main advantage of the new tool is high speed: the slowdown is usually
> within 2x-2.5x.
> Detailed description of the algorithm is found here:
> http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm
> The tool is young, but it already can run the Chromium browser
> (interactively!) and find bugs in it.
>
> Would the LLVM community be interested in adopting this code into the LLVM
> trunk?
> The instrumentation pass is ~350 LOC (
> http://code.google.com/p/address-sanitizer/source/browse/trunk/llvm/AddressSanitizer.cpp),
> but may grow over time as we add optimizations.
> The run-time library (malloc replacement,
> http://code.google.com/p/address-sanitizer/source/browse/trunk/asan/asan_rtl.cc)
> is ~1500 LOC.
>
> Thanks,
>
> --kcc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20110616/e95aacf3/attachment.html>
More information about the llvm-dev
mailing list