Svadev mailing list

[John Criswell <criswell AT illinois.edu>]

Dear Brandon,

Sorry for the late reply.  I have been on vacation for awhile and just 
got back to the office.  I saw the moderation request for your email but 
didn't see it on svadev; perhaps someone mistakenly discarded your email 
thinking it was SPAM.  Sorry if that is what happened.

To answer your question regarding third party libraries: SAFECode works 
as a compiler transform, so anything that is *not* compiled with the 
-fmemsafety option will not have run-time checks inserted into it, and 
SAFECode will not report memory safety errors for that code.  If you are 
linking in standard native code libraries compiled without memory safety 
checks, SAFECode will report no errors for the code in those libraries.

Usually, we see that as one weakness of using compiler instrumentation 
instead of dynamic binary translation, but if it's what you want, that's 
great.

As far as the class of errors that SAFECode can catch, it currently 
catches array-indexing based errors.  There is an optional libLTO 
replacement that will get SAFECode to catch more errors; I just need to 
tweak it a bit and write up the directions for installing it.

Finally, what do your SAFECode errors look like?  I'm surprised that 
they cannot find the source location of where the error is occurring.  
Are you sure you're compiling with the -g option?

-- John T.