[cfe-dev] clang vs llvm for verifying code
Nuno Lopes
nunoplopes at sapo.pt
Sat May 9 06:50:31 PDT 2009
>> Next week I'm going to start to write a tool to verify the absence of
>> buffer
>> overflows in C code.
> Clang contains the static checker, which detects this and similar
> situations. It doesn't yet do interprocedural analysis, but I think it
> would be easier and more useful to extend the checker than starting your
> own project.
>
> http://clang.llvm.org/StaticAnalysis.html
>
>
> Is there any reason you can't use it as a starting point?
In fact, I know clang's static analyzer quite well :) I think I can claim
that I've implemented the first static analyzer based on clang about 2 years
ago (with some help and advise from Ted)..
Anyway, I'm now looking to another problem. The goal is not to find bugs
per-se, but to give a proof that a particular piece of code doesn't have,
for example, buffer overflows. For this, I'll apply a (abstraction
refinement) model checker.
In summary, I don't see how I could reuse clang's static analyzer for this
project.
Nuno
More information about the cfe-dev
mailing list