[WIP][PATCH] "pointer-overflow" sanitizer
Richard Smith
richard at metafoo.co.uk
Mon Oct 28 15:44:23 PDT 2013
Seems like a nice idea to me. (Your test coverage is pretty weak, though.)
Have you tried this much on large codebases? Does this find many bugs? (I
can imagine it would be effective when combined with fuzz testing...)
On Mon, Oct 28, 2013 at 3:39 PM, Will Dietz <wdietz2 at illinois.edu> wrote:
> Hi all,
>
> Recently I thought it would be useful to have a sanitizer for
> detecting overflows in pointer expressions. Such overflows are
> undefined behavior and are pretty much always bugs. While it's true
> that if such an overflowed pointer is dereferenced a tool such as ASan
> will catch the error, detection of these bugs when the occur helps fix
> them without requiring an input that triggers a crash.
>
> Two examples of this in the wild:
>
> * binutils undefined behavior bug that leads to segfault when built
> with clang[1]
> * ASTVector bug I just submitted patch for, discovered using this
> sanitizer[2]
>
> Attached are patches for clang and compiler-rt that implement this
> sanitizer and seem to work well in my testing so far.
>
> There is some work to do yet:
>
> * Adding lit tests to clang/compiler-rt
> * Finalizing what constructs are useful/worth checking (iterative
> process, I imagine)
> * More testing/benchmarking
>
> Before tackling the above, I was hoping to get some early feedback:
>
> * Is this something the community is interested in/would find useful?
> * Code review (the current implementation should be complete in terms
> of the checking code itself)
>
> Thank you for your time, here's to finding even more bugs! :)
>
> ~Will
>
> [1] http://wdtz.org/undefined-behavior-in-binutils-causes-segfault.html
> [2]
> http://lists.cs.uiuc.edu/pipermail/cfe-commits/Week-of-Mon-20131028/091878.html
>
> _______________________________________________
> cfe-commits mailing list
> cfe-commits at cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-commits
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20131028/a41f2450/attachment.html>
More information about the cfe-commits
mailing list