<meta http-equiv="content-type" content="text/html; charset=utf-8"><span class="Apple-style-span" style="border-collapse: collapse; font-family: arial, sans-serif; font-size: 13px; ">Hello, <div><br></div><div>We've just released the first version of our LLVM-based address sanity checker: AddressSanitizer (<a href="http://code.google.com/p/address-sanitizer/" target="_blank" style="color: rgb(0, 101, 204); ">http://code.google.com/p/address-sanitizer/</a>).</div>
<div>The tool finds out-of-bound and use-after-free bugs (the subset of bugs detectable by Valgrind/Memcheck); </div><div>it consists of a LLVM compiler plugin which performs simple code instrumentation and a malloc replacement library. </div>
<div>The main advantage of the new tool is high speed: the slowdown is usually within 2x-2.5x. </div><div>Detailed description of the algorithm is found here: <a href="http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm" target="_blank" style="color: rgb(0, 101, 204); ">http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm</a></div>
<div>The tool is young, but it already can run the Chromium browser (interactively!) and find bugs in it. </div><div><br></div><div>Would the LLVM community be interested in adopting this code into the LLVM trunk? </div><div>
The instrumentation pass is ~350 LOC (<a href="http://code.google.com/p/address-sanitizer/source/browse/trunk/llvm/AddressSanitizer.cpp">http://code.google.com/p/address-sanitizer/source/browse/trunk/llvm/AddressSanitizer.cpp</a>), but may grow over time as we add optimizations. </div>
<div>The run-time library (malloc replacement, <a href="http://code.google.com/p/address-sanitizer/source/browse/trunk/asan/asan_rtl.cc">http://code.google.com/p/address-sanitizer/source/browse/trunk/asan/asan_rtl.cc</a>) is ~1500 LOC. </div>
<div><br></div><div>Thanks, </div><div><br></div><div>--kcc </div></span>