On Thu, Jun 16, 2011 at 11:00 PM, Chris Lattner <clattner at apple.com>
wrote:
>
> On Jun 16, 2011, at 1:27 AM, Kostya Serebryany wrote:
>
> Hello again,
>
> The tool we announced 1.5 months ago has matured quite a bit.
> In addition to heap out-of-bound and use-after-free bugs it also finds
> stack overruns/underruns.
> AddressSanitizer is being actively used by the Chromium developers and
> already found over 20 bugs:
>
http://blog.chromium.org/2011/06/testing-chromium-addresssanitizer-fast.html
>
> Question to the LLVM developers: would you consider adding the
AddressSanitizer
> code to the LLVM trunk?
>
>
> Having functionality like this in mainline would be really interesting. I
> haven't looked at your code yet, what are the major components, what
impact
> does it have on the codebase?
>
LLVM:
- The instrumentation pass
http://code.google.com/p/address-sanitizer/source/browse/trunk/llvm/AddressSanitizer.cpp
.
It instruments all memory accesses and inserts redzones around stack objects
(around globals too, but this is unfinished).
- Tiny patch to actually insert the instrumentation pass and to handle the
"-fasan" flag in the driver.
http://code.google.com/p/address-sanitizer/source/browse/trunk/llvm/clang.patch
This
patch is a bit outdated (applies to r130919)
- The 'ignore' machinery is taken from the ThreadSanitizer project.
This
is basically a whitelist/blacklist by function name, file name or module
name.
http://code.google.com/p/data-race-test/source/browse/trunk/tsan/ignore.h.
If LLVM has its own whitelist/blacklist functionality, we could use that
instead.
This is my first code in LLVM, so it definitely needs cleanup to meet the
LLVM guidelines.
Run time library (could be used with any other compiler):
- Almost everything is on one file:
http://code.google.com/p/address-sanitizer/source/browse/trunk/asan/asan_rtl.cc
This library replaces malloc, tracks thread stacks, replaces SIGILL and
SIGSEGV handlers, reports warnings. Linux x86/x86_64 and ChromiumOS is fully
functional, MacOS is in flight.
Tests:
http://code.google.com/p/address-sanitizer/source/browse/trunk/asan/asan_test.cc
--kcc
> -Chris
>
>
>
> Thanks,
>
> --kcc
>
> On Tue, May 3, 2011 at 10:52 PM, Kostya Serebryany <kcc at
google.com> wrote:
>
>> Hello,
>>
>> We've just released the first version of our LLVM-based address
sanity
>> checker: AddressSanitizer
(http://code.google.com/p/address-sanitizer/).
>> The tool finds out-of-bound and use-after-free bugs (the subset of bugs
>> detectable by Valgrind/Memcheck);
>> it consists of a LLVM compiler plugin which performs simple code
>> instrumentation and a malloc replacement library.
>> The main advantage of the new tool is high speed: the slowdown is
usually
>> within 2x-2.5x.
>> Detailed description of the algorithm is found here:
>>
http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm
>> The tool is young, but it already can run the Chromium browser
>> (interactively!) and find bugs in it.
>>
>> Would the LLVM community be interested in adopting this code into the
LLVM
>> trunk?
>> The instrumentation pass is ~350 LOC (
>>
http://code.google.com/p/address-sanitizer/source/browse/trunk/llvm/AddressSanitizer.cpp),
>> but may grow over time as we add optimizations.
>> The run-time library (malloc replacement,
>>
http://code.google.com/p/address-sanitizer/source/browse/trunk/asan/asan_rtl.cc)
>> is ~1500 LOC.
>>
>> Thanks,
>>
>> --kcc
>>
>
> _______________________________________________
> LLVM Developers mailing list
> LLVMdev at cs.uiuc.edu http://llvm.cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/llvmdev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.llvm.org/pipermail/llvm-dev/attachments/20110616/7f3f3fdd/attachment.html>