Adding a new checker to the clang static analyzer – Debugging Using LLVM Tools-2
We can create a new directory to implement the new checker as a clang plugin, and add the implementations within the IconvChecker.cpp file:
Adding a new checker to the clang static analyzer – Debugging Using LLVM Tools-1
Many C libraries provide functions that must be used in pairs. For example, the C standard library provides the malloc() and free() functions. The memory that’s allocated by malloc() function must be freed exactly one time by the free() function. Not calling the free() function, or calling it several times, is a programming error. There are many more instances of …
Checking the source with the clang static analyzer – Debugging Using LLVM Tools
The clang static analyzer is a tool that performs additional checks on C, C++, and Objective C source code. The checks that are performed by the static analyzer are more thorough than the checks the compiler performs. They are also more costly in terms of time and required resources. The static analyzer has a set of checkers, which check for …
Performance profiling with XRay – Debugging Using LLVM Tools-2
A stack frame is the sequence of how a function is called. The func2() function is called by the main() function, and this is the stack frame with the largest accumulated time. The depth depends on how many functions are called, and the stack frames are usually large. This sub-command can also be used to create a flame graph from …
Performance profiling with XRay – Debugging Using LLVM Tools-1
If your application seems to run slow, then you might want to know where the time is spent in the code. Here, instrumenting the code with XRay can assist with this task. Basically, at each function entry and exit, a special call is inserted into the runtime library. This allows you to count how often a function is called, and …
Limitations and alternatives – Debugging Using LLVM Tools
The libFuzzer implementation is fast but poses several restrictions on the test target. They are as follows: The first two restrictions are an implication of the implementation of libFuzzer as a library. The latter two restrictions are needed to avoid confusion in the evaluation algorithm. If one of these restrictions is not met, then two identical calls to the fuzz …
Finding bugs with libFuzzer – Debugging Using LLVM Tools-2
INFO: A corpus is not provided, starting from an empty corpus 28 NEW cov: 6 ft: 9 corp: 6/19b lim: 4 exec/s: 0 rss: 29Mb L: 4/4 MS: 4 CopyPart-PersAutoDict-CopyPart-ChangeByte- DE: “1\x00”- artifact_prefix=’./’; Test unit written to ./crash-17ba0791499db908433b80f37c5fbc89b870084b With the saved input, the test case can be executed with the same crashing input again: $ ./fuzzer crash-17ba0791499db908433b80f37c5fbc89b870084b This helps identify …
Finding bugs with libFuzzer – Debugging Using LLVM Tools-1
To test your application, you’ll need to write unit tests. This is a great way to make sure your software behaves correctly and as you might expect. However, because of the exponential number of possible inputs, you’ll probably miss certain weird inputs, and a few bugs as well. Fuzz testing can help here. The idea is to present your application …
Pointing out data races with the thread sanitizer – Debugging Using LLVM Tools
To leverage the power of modern CPUs, applications now use multiple threads. This is a powerful technique, but it also introduces new sources of errors. A very common problem in multi-threaded applications is that the access to global data is not protected, for example, with a mutex or semaphore. This is called a data race. The thread sanitizer can detect …