[LLVMdev] -fbounds-checking vs {SAFECode,ASan}

Kostya Serebryany kcc at google.com
Thu May 24 02:43:55 PDT 2012

Hi Nuno,

I noticed your commits related to -fbounds-checking and have some
The functionality of this new phase seems to (partially?) overlap with
AddressSanitizer and SAFECode,
so I am curious how would you compare the two existing tools with the new

Earlier you wrote:
>> So the main idea of this new flag is not for debugging, but rather for
>> This means that we won't be able to perform as many checks as
>> AddressSanitizer,

>From the code (lib/Transforms/Scalar/BoundsChecking.cpp) I can conclude
that you add checks only if you can
deduct the array boundaries, either from constants or from malloc()
How many run-time checks does -fbounds-checking create? Do you have such
Do you also have performance numbers?

Are there any bugs that -fbounds-checking can find but {SAFECode,ASan} can

>> but the performance is supposed to be acceptable for
>> binaries that are shipped for production.

Btw, AddressSanitizer's performance *is* acceptable for production in many

Why do you route all run-time checks to a single trap BB?
I understand this as a code-side optimization, but it makes analyzing the
failure almost entirely impossible.
Even if you use different traps, what is the expected user experience once
he/she receives the trap?

Finally, do you have any document describing the tool?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20120524/b19f7908/attachment.html>

More information about the llvm-dev mailing list