[cfe-dev] my experience with clang

Nuno Lopes nunoplopes at sapo.pt
Tue Jan 8 15:14:25 PST 2008 

> Hi Nuno,
>
> Sorry for the late response to this email.  As I promised in my  personal 
> communication, I wanted to take a look at what you did in  some detail 
> after the holidays so that I could share it with the  list.  I think it is 
> exciting what you were able to do with clang in  such a short time. 
> Comments inline.

Thank you for your throughout answer (as usual)! I really appreciate it and 
I've really learned a lot with your answers.

A few little comments:

> The checking of the parameters for PHP is also really nice.  With not 
> that much code you were able to write a custom check for a code base  that 
> in practice can be really useful.

Yes, I agree. It is quite simple and really useful (it can save a few 
crashes and potential security bugs). I now need to port it to the liveness 
analyzer to get info about unititalized variables.
My initial idea was to extend this to user-space (I even sent a proposal to 
the gcc mailing list some time ago). This would require some mechanism to 
allow arbitrary functions to be passed to the gcc's 
__attribute__((__format__(my_function, 1, 2))). Not sure how the user-space 
program would specify the my_function, but if someone has an idea about it, 
I would love to ear/read it :) I wouldn't mind to implement it in clang.


> Regarding your implementation of the buffer overrun checker, one thing 
> that I wasn't certain about was whether or not your analysis did any 
> backtracking when it encountered an infeasible state.  For example:
>
>    if (x == 1) // do something
>    ...
>    if (x == 1) // do something

Yes, it is able to skip some infeasible paths. However, in this case it 
wouldn't work, as I didn't implemented support for != restrictions (in this 
case, x != 1). If using e.g. 'x > 1' instead, it would crop the infeasible 
paths. Anyway the memory usage was really excessive. I had to limit the 
memory at 700 MBs (in the CC script), because before linux was freezing 
(linux is really bad at swapping..). This was not clang fault, though (I had 
major memory leakages).


Nuno

More information about the cfe-dev mailing list