Finding Bugs with Clang at Compile and Run Time

By Bernhard Merkle

Code-Analysis and Verification gains more and more importance within programming and quality assurance of software projects. Especially in languages like C/C++ undefined behaviour and memory leaks can cause great problems. Static analysis tools help a lot but often hard to detect problems happen at runtime.

In this session we will use clang’s features to find bugs at compile time (via static analysis) and runtime (via sanitizers). The combination of both approaches can improve software quality a lot. First we will look how clang is able to detect common C/C++ traps and pitfalls via static analysis. Additionally we will write our own code checker to implement one of Scott Meyers Effective C++ rules. So expect to see an editor + code and not only slides ;-)

Second, we will look at sanitizers which enable code instrumentation and detection of problems which happen at runtime. Problems like undefined behaviour, memory leaks, data races and un-initialized read from memory can be found by special sanitizers and we will look how each of them works. I will do some coding during the session and show how the static analysis and sanitizers help to catch bugs. We will also talk about experiences applying this technique to a large C++ project.