[LLVMdev] The difference between BoundsChecking.c annd AddressSanitizer
Nuno Lopes
nunoplopes at sapo.pt
Sat Sep 7 08:31:37 PDT 2013
Hi,
BoundsChecking.c is the code that implements clang's -fsanitize=bounds.
Address sanitizer (ASan) and this bounds checker (BC) are very different in
implementation, overheads, and class of detected bugs.
The motivation of BC was to be able to ship applications with it enabled.
Therefore it targets a low overhead of a few %. It can only catch buffer
overflows where the memory allocation and the memory accesses occur within
the same function. Addresses that are stored and then loaded from the
memory will likely escape the control.
ASan is more of a debug tool. It has a significant higher overhead (around
2x). In addition to buffer overflow, it can also detect use-after-free and
double-free kind of bugs. ASan's buffer overflow detection is significantly
more comprehensive than BC's. You can read more at
http://clang.llvm.org/docs/AddressSanitizer.html
Nuno
----- Original Message -----
> Hello everyone,
>
> I have noticed that there is a BoundsChecking.c under
> lib/Transforms/Instrumentation/. I am wondering how to use this tool and
> which type of bugs it targets. Are the tool provide the same functionality
> with Address Aanitizer?
>
> Thanks a lot
More information about the llvm-dev
mailing list