[Toybox] LLVM sanitizers

Andy Chu andychup at gmail.com
Thu Jul 21 11:16:25 PDT 2016


On Thu, Jul 21, 2016 at 10:08 AM, enh <enh at google.com> wrote:
> On Wed, Jul 20, 2016 at 10:33 PM, Andy Chu <andychup at gmail.com> wrote:
>>>> Feel free to run it. I've never had much interest in false positive
>>>> generators myself.
>>
>> I also have to point out the insanity of this statement, because ASAN
>> found a bug that YOU INTRODUCED on top of my code, in expr.c.
>
> i think some of the static analyzers have really pissed in the pool
> here... even as someone who's a supporter of "all the help we can
> get", something like clang-tidy, for example, seems to be mostly
> noise[*]. i don't think it's clear to folks who aren't already using
> the sanitizers that they're fundamentally different.

Yes I agree, but that's why I sent patches and demos out, and didn't
just wave my hands and say "please start using sanitizers".  And why I
sent bug fixes that got merged.

There are more bugs that are being hit by the tests now, as well as
bugs which aren't being hit due to lack of test coverage.  But since
they weren't being treated as high priority (1-line obvious fixes
should be fast to merge), and because the tree was drifting away from
my ASAN build patches, I stopped working on them.

You just have to understand that LLVM sanitizers are dynamic analysis,
not static analysis.

Static analysis works on the source code, with no program input.
Dynamic analysis works on the running binary, and require input.  (And
I know you know that.)

Andy


More information about the Toybox mailing list