Open Projects

There are many additions and improvements from which SAFECode could benefit. If you're looking for a memory-safety related project, the ideas below may be helpful. If you have ideas for other projects, feel free to email to get feedback.

Potential SAFECode projects include:

  • Compile your favorite program with SAFECode: A good way of testing SAFECode and generating attention for the project is to compile programs with it and see what happens. Did SAFECode help locate bugs you didn't know were in your program? Did it make fixing those bugs easier? Did it break in some way on your program? Feedback on SAFECode, whether positive or negative, is invaluable.

  • Improve static array bounds checking: SAFECode used to have an inter-procedural static array bounds checking pass, but it suffered serious scalability issues and was eventually disabled. Improving the old code or writing a new pass would be extremely beneficial.

  • Improve existing SAFECode optimizations: There are a number of optimizations that could benefit SAFECode. Some are implemented but are disabled due to code quality issues; others need to be written from scratch. Examples of optimizations include:
    • Type-safe load/store check elimination
    • Hoisting run-time checks out of loops
    • Redundant check elimination
    • Unnecessary object registration elimination

  • Create a simpler CompleteChecks pass: By default, SAFECode inserts weaker checks called incomplete checks; these checks assume that the pointer can point to a memory object that is manipulated by external code. SAFECode currently has a transform called CompleteChecks that will convert some of these checks into more stringent complete checks when it can prove that the memory object is always manipulated by internal code.

    The current CompleteChecks pass uses DSA and only works within libLTO. There should be a simpler CompleteChecks pass that can be used within the Clang compiler to mark some of the checks complete.

  • Port SAFECode to another operating system/architecture: While most of SAFECode is portable across platforms, some features e.g., dangling pointer detection and uninitialized pointer use, use operating system specific features. Getting these features to work on other platforms should be relatively easy but still needs to be done.