[LLVMdev] summer of code idea — checking bounds overflow bugs
John Regehr
regehr at cs.utah.edu
Wed Mar 31 09:35:57 PDT 2010
John,
Thanks for the detailed response.
> Regarding the use of alternative algorithms, there are new, simple static
> array bounds checking passes within SAFECode that utilize analysis group
> chaining. When one analysis cannot determine that a GEP remains within
> bounds, it can ask a more powerful pass to return a result. This could
> potentially be used to reduce the use of the Omega method to just those GEPs
> that cannot be proven safe using simpler methods.
I think this is the right engineering choice, with a command line option
to simply disable the heavyweight decision procedure for people who want
faster compile times.
> I'm curious why you think some undefined behavior detectors need to be built
> in Clang. It seems to me that any static analysis could be built using
> either LLVM or Clang; there are just tradeoffs to each approach. What
> advantages does Clang provide?
Some checks must live in Clang because too much information has been lost
by the time LLVM sees the code. There are many examples but here is the
canonical one. A program has undefined behavior if "between two sequence
points, an object is modified more than once, or is modified and the prior
value is read other than to determine the value to be stored."
To implement this check in LLVM, we would have to answer the question:
Where, in the LLVM code, are the sequence points?
John
More information about the llvm-dev
mailing list