Svadev mailing list

[John Criswell <criswell AT illinois.edu>]

On 12/5/11 5:05 AM, cdiddca wrote:
> Hi. I've built, with some trouble(Werror, ptrdiff_t , detection of
> libraries and includes in clang Driver), safecode variant of clang,
> according to instuctions in Installation Guide. With gcc 4.6.
>
> When I compile and run test.c from Users Guide, it doesn't print Fault
> PC Source. Instead it prints just this:
>
> SAFECode: Fault!
> SAFECode:Violation Type 0x6 when accessing  0 at IP=0xb76aa7fc
>
> =======+++++++    SAFECODE RUNTIME ALERT +++++++=======
> = Error type                            : Load/Store Error
> = CWE ID                                : 120
> = Faulting pointer                      : 0
> = Program counter                       : 0xb76aa7fc
> = Fault PC Source                       :<unknown>:0
>
> ...
>
> What could be the trouble?

Did you use the -g option when compiling the program?  Without the -g 
option, Clang won't insert debug information into the LLVM IR that 
SAFECode analyzes and transforms.  Consequently, the run-time checks 
won't report any source line/debug information.
> Also, I'm interested to know what is the status of the project? How
> ready it is? And what is current estimate of the overhead?

As far as functionality, SAFECode is able to catch errors that occur due 
to pointer arithmetic (e.g., buffer overflows, integer overflow errors) 
as well as errors in calls to C library functions (e.g., overlapping 
strcpy() arguments, incorrect length argument to fgets()).  It can also 
detect invalid free() calls (e.g., free'ing stack objects or pointers 
into the middle of a stack object) as well as loads or stores that "fall 
off" the beginning or end of a valid memory object.

Additional checks (such as invalid load/store errors unrelated to 
pointer arithmetic and indirect function call checks) are currently 
working with support from an enhanced libLTO.  I simply need to fix a 
thing or two and then document how to install the libLTO component.

This system is very robust.  I've compiled the old DotGNU compiler with 
SAFECode using the libLTO component (which does inter-procedural 
points-to analysis).  This generated C# compiler, in turn, can compile 
its entire standard library sans the XSharp GUI component (once I fixed 
the overlapping strcpy() calls that SAFECode found, of course).  DotGNU 
is about 312,000 source lines of code (that does not include comments 
and the like).  I have also compiled GNU flex, GNU tar, GNU zip, and GNU M4.

As far as performance, SAFECode has suffered some serious performance 
regressions.  Before the integration into Clang, we utilized more 
optimizations and delayed instrumentation until after link-time 
optimization.  Even with the Jones/Kelley approach (which does not split 
the splay trees up based-on points-to sets as SAFECode does in our 
publications), we were seeing about 3x overhead on average for SPEC INT 
2000.  This made us made faster than Valgrind despite the fact that we 
were doing more checks than Valgrind's default memcheck tool (SAFECode 
is closer to Valgrind's ptrcheck tool, which has far more overhead than 
memcheck).

There are probably multiple causes for the regression: I disabled some 
optimizations because they weren't sufficiently robust, the run-time 
checks are inserted earlier during compilation and may interfere with 
LLVM optimizations, we aren't compiling the run-time library to LLVM 
bitcode at present, SAFECode now inserts many new checks on C library 
functions, etc, etc, etc.  We plan to investigate what is causing the 
regression and to fix it, but that has taken a back seat to robustness 
and usability in the past 6 months.

-- John T.

> Are optimisations enabled in compiler when it compiles with
> -fmemsafety? Some benchmarks from "shootout" have something like 100x
> slowing down compared to clang -O3


> _______________________________________________
> svadev mailing list
> svadev AT cs.uiuc.edu
> http://lists.cs.uiuc.edu/mailman/listinfo/svadev