- clang: C语言编译器,类似于gcc
- clang++: C++编译器,类似于g++。clang++只是clang的一个别名。
- lld: 链接器,类似于ld。但是默认不用它,默认用vc的link.exe。
- clang-format:按照固定的规范格式化C/C++代码,非常智能。文档请见:
- clang-modernize:把按照C++98标准写的代码,转成C++11标准的。文档请见:
- llvm-as - LLVM 汇编器
- llvm-dis - LLVM 反汇编器
- opt - LLVM 优化器
- llc - LLVM 静态编译器
- lli - LLVM的字节码执行器(某些平台下支持JIT)
- llvm-link - LLVM的字节码链接器
- llvm-ar - LLVM的静态库打包器,类似unix的ar。
- llvm-nm - 类似于unix的nm
Sanitizer
clang有一个王牌功能是sanitizer。它包含三种:AddressSanitizer、MemorySanitizer、ThreadSanitizer。AddressSanitizer和MemorySanitizer最初是google开发的,用于运行时检测C/C++程序中的内存错误。在编译的时候加上-fsanitizer参数,编译器就会在生成的代码中插入一些运行时检查。比如你可以拿下面的这段代码试下:
#include
#include int main(int argc,char* argv[]){ char buf[4]; strcpy(buf,argv[1]); printf("%s\n",buf); return 0; } 它把命令行的第一个参数复制到一个临时的缓存区中,然后打印出来。
这段代码有两个bug:
- 在访问argv的时候可能会越界。(用户执行时没有加任何参数)
- buf不够长,写入时可能会越界,这将会造成严重的安全漏洞。
来,编译试下:
C:>clang++ -fsanitize=address -o t.exe badcode.cpp -g3 -DDEBUG -D_DEBUG
然后运行:
C:>t 3
3 C:>t 355 355 C:>t 3554664 ================================================================= ==4044==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x0024fd44 at pc 0x1274038 bp 0xdeadbeef sp 0x24fbf0 WRITE of size 8 at 0x0024fd44 thread T0 #0 0x127404c wrap_strcpy c:\users\cm\documents\os\llvm-3.4\projects\compile r-rt\lib\asan\asan_interceptors.cc:490 #1 0x12612a7 main+0x0x000002a7 #2 0x1278212 __tmainCRTStartup f:\dd\vctools\crt\crtw32\startup\crt0.c:255 #3 0x772d3369 BaseThreadInitThunk+0x0x00000011 #4 0x77ba9f71 RtlInitializeExceptionChain+0x0x00000062 #5 0x77ba9f44 RtlInitializeExceptionChain+0x0x00000035 Address 0x0024fd44 is located in stack of thread T0 at offset 228 in frame #0 0x126100f main+0x0x0000000f This frame has 4 object(s): [32, 36) ” [96, 100) ” [160, 164) ” [224, 228) ‘buf’ <== Memory access at offset 228 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow ??:0 ?? Shadow bytes around the buggy address: 0x20049f50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x20049f60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x20049f70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x20049f80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 0x20049f90: 04 f4 f4 f4 f2 f2 f2 f2 04 f4 f4 f4 f2 f2 f2 f2 =>0x20049fa0: 04 f4 f4 f4 f2 f2 f2 f2[04]f4 f4 f4 f3 f3 f3 f3 0x20049fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x20049fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x20049fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x20049fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x20049ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 ASan internal: fe ==4044==ABORTING 它会提前把错误检测出来,并终止程序。但是memory sanitizer目前在windows下还不能用。