[cfe-dev] my experience with clang
Nuno Lopes
nunoplopes at sapo.pt
Tue Jan 8 15:14:25 PST 2008
> Hi Nuno,
>
> Sorry for the late response to this email. As I promised in my personal
> communication, I wanted to take a look at what you did in some detail
> after the holidays so that I could share it with the list. I think it is
> exciting what you were able to do with clang in such a short time.
> Comments inline.
Thank you for your throughout answer (as usual)! I really appreciate it and
I've really learned a lot with your answers.
A few little comments:
> The checking of the parameters for PHP is also really nice. With not
> that much code you were able to write a custom check for a code base that
> in practice can be really useful.
Yes, I agree. It is quite simple and really useful (it can save a few
crashes and potential security bugs). I now need to port it to the liveness
analyzer to get info about unititalized variables.
My initial idea was to extend this to user-space (I even sent a proposal to
the gcc mailing list some time ago). This would require some mechanism to
allow arbitrary functions to be passed to the gcc's
__attribute__((__format__(my_function, 1, 2))). Not sure how the user-space
program would specify the my_function, but if someone has an idea about it,
I would love to ear/read it :) I wouldn't mind to implement it in clang.
> Regarding your implementation of the buffer overrun checker, one thing
> that I wasn't certain about was whether or not your analysis did any
> backtracking when it encountered an infeasible state. For example:
>
> if (x == 1) // do something
> ...
> if (x == 1) // do something
Yes, it is able to skip some infeasible paths. However, in this case it
wouldn't work, as I didn't implemented support for != restrictions (in this
case, x != 1). If using e.g. 'x > 1' instead, it would crop the infeasible
paths. Anyway the memory usage was really excessive. I had to limit the
memory at 700 MBs (in the CC script), because before linux was freezing
(linux is really bad at swapping..). This was not clang fault, though (I had
major memory leakages).
Nuno
More information about the cfe-dev
mailing list