Hi Evan,
2013/8/13 Evan Huus <eapache@xxxxxxxxx>:
> On Tue, Aug 13, 2013 at 10:07 AM, Alexis La Goutte
> <alexis.lagoutte@xxxxxxxxx> wrote:
>>
>>
>>
>>
>> On Tue, Aug 13, 2013 at 3:44 PM, Evan Huus <eapache@xxxxxxxxx> wrote:
>>>
>>> On Tue, Aug 13, 2013 at 6:29 AM, Bálint Réczey <balint@xxxxxxxxxxxxxxx>
>>> wrote:
>>>>
>>>> Hi,
>>>>
>>>> 2013/8/12 Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>:
>>>> > Hi,
>>>> >
>>>> > it is now possible to build wireshark with clang (CC=clang ./configure
>>>> > &&
>>>> > make) (i fix last issue last week end).
>>>> Great news!
>>>>
>>>> >
>>>> >
>>>> > I will try the ASAN feature (
>>>> > http://clang.llvm.org/docs/AddressSanitizer.html )
>>>> ASAN is also ported to GCC 4.8.
>>>> I'm not sure which compiler is more reliable regarding ASAN checks,
>>>> though.
>>>>
>>>> ...
>>>> >
>>>> > Also may be now add a clang build to buildbot? (no only scan-build)
>>>> I also wanted to raise the question of adding '-fsanitize=address' to
>>>> the C flags.
>>>> I think fuzzing with ASAN would worth the extra CPU time on buildbots
>>>> and I'm even considering
>>>> turning ASAN on in the Debian packages by default.
>>>
>>>
>>> ASAN is basically a borrowed subset of valgrind, so fuzzing with ASAN is
>>> not necessary if we can ever get fuzzing with valgrind to work...
>>>
>> ASAN is only 2x slower (valgrind is 20x slower...) and some bugs is only
>> detect by ASAN...
>
>
> I knew it would be faster, but I didn't know it also detected stack errors
> (and not just heap errors). However, it does not detect uninitialized reads
> (which Valgrind does) so for full coverage we need to do both.
Yes, Valgrind still have better coverage and also capable of doing
other nice things.
Maybe fuzzing with ASAN often (like daily) and fuzzing with Valgrind
(weekly) would be
a good compromise resulting catching most problems quickly and the
rest with a few days of lag.
Cheers,
Balint
