[LLVMdev] summer of code idea― update the SAFECode project to the new LLVM API
criswell at uiuc.edu
Wed Apr 7 08:57:21 PDT 2010
> Hi， John Criswell！
> You have said to me that SAFECode had not been maintained for several
Just to clarify, SAFECode *has* been and *is* maintained (primarily by
me). The release_26 branch in the SVN repository works with LLVM 2.6,
and mainline is working (with some regressions) with the upcoming LLVM
2.7. You can subscribe to the SVA Commits mailing list
(http://lists.cs.uiuc.edu/mailman/listinfo/sva-commits) to get email
whenever a commit is made to SAFECode.
However, there is an inter-procedural static array bounds checking pass
that comprises a small component of SAFECode. It is an optional
component, so SAFECode works without it, but SAFECode would work better
if this static array bounds checking pass were working.
This inter-procedural static array bounds checking pass in SAFECode has
not been maintained and needs to 1) be updated to work with LLVM
2.6/2.7; 2) have its bugs fixed; and 3) improved so that it has better
performance (i.e., no repeated fork()/exec() for constraint solving).
> now I have submitted my proposal for updating the SAFCode project to
> the new LLVM APIs.
> If you are still interested in the topic and willing to guid my
> project, I will be very happy.
> Now I'm waiting for you comments.
> Here is my proposal:
Looking back at my previous email, I see that I was unclear. SAFECode,
as a whole, is up-to-date with LLVM. However, it is missing its static
array bounds checking pass (because that specific pass has not been
maintained). What I was suggesting is that, as a GSoC project, you could
update the static array bounds checking code from the SAFECode project.
With that in mind, here is what I think you should do:
1) Update your "Check bounds overflow bugs in C programs based on LLVM"
In it, state that
a) you are specifically interested in implementing *static* array bounds
b) there is old code in the SAFECode project which you may reuse to
build your static array bounds checking pass
c) you will investigate whether any of the static array bounds checking
code in SAFECode is useful. If it is, you can reuse it. Otherwise, you
will develop something new.
d) remove the comment about Edwin Torok's pass being intra-procedural.
He has told us (or at least me) that his analysis is inter-procedural.
e) you can list me as a potential mentor, if you like.
2) Delete the "Update the SAFECode project to the new LLVM API"
proposal. SAFECode, as a whole, works with LLVM 2.6/2.7. Reusing the old
static array bounds checking pass from SAFECode can be merged into your
bounds checking proposal (as I stated above).
3) In all of your proposals, you should state why the mentor would be a
good mentor. In my case, you can state that I am a past LLVM contributor
and that I am the primary maintainer of the SAFECode project (which uses
4) In your ABCD proposal, did you copy the text describing the ABCD
algorithm from the ABCD paper? If so, don't do that; describe the
algorithm in your own words (even if your English isn't perfect). It
will show that you understand the algorithm and prevent you from being
accused of plagiarism.
5) Cite sources. If your proposal states that you are going to implement
an algorithm described in a paper, specify exactly which paper it is.
That way, the proposal reviewer can look at the paper.
-- John T.
> *发件人：* John Criswell
> *发送时间：* 2010-03-30 22:42:53
> *收件人：* John Regehr
> *抄送：* 易秋萍; llvmdev at cs.uiuc.edu
> *主题：* Re: [LLVMdev]summer_of_code_idea_―_checking_bounds_overflow_bugs
> John Regehr wrote:
> > Qiuping,
> > Have you looked at what has already been done? I would expect that
> > previous work such as this:
> > http://llvm.org/pubs/2006-05-24-SAFECode-BoundsCheck.html
> > and integrating into current LLVM would be a better idea than starting
> > over.
> This code is publicly available from the SAFECode project (see
> http://safecode.cs.illinois.edu to see how to get it). However, it has
> not been maintained well over the years and is currently disabled.
> Getting it to work again with LLVM 2.6 or replacing it with something
> better would be nice.
> I'm writing up a response to this project idea as I'm willing to mentor
> it; I'll send it out shortly.
> -- John T.
> > John
> > On Tue, 30 Mar 2010, ??? wrote:
> >> Hi,
> >> Some days ago I am interested in detecting undefined behaviors
> >> in C programs based on Clang. After several days? investigation, I
> >> checking bounds overflow bugs is more interesting, because bounds
> >> overflow is one of the most frequently encountered errors in C
> >> For example, performing pointer arithmetic without checking bounds
> >> can cause bounds overflow. To increase the accuracy of finding bugs,
> >> I want to write several passes, based on slicing, inline and summary
> >> function
> >> / (partial) transition function, to implement intre-procedural
> >> Does some person have interest in the project? I need a mentor,
> >> and wait for your reply.
> >> Best Reagards!
> >> Qiuping Yi
> > >
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
More information about the llvm-dev