Dataflow Sanitizer Design Question

Dear list,

I’m aware of the following design document for clang’s/llvm’s dataflow sanitizer:

However, is there a more complete/detailed/formal documentation of its design and semantics available somewhere else (e.g., papers, discussion forums) that I could refer to and possibly cite?

I often find myself looking at its source code spread across LLVM (for instrumentation) and compiler-rt to understand its behavior in certain situations. In particular, I didn’t find any documentation online for the instrumentation passes performed by dfsan.

Thank you!


Hi Frederico,

I am afraid that that document and the source code are the best documentation
available at the moment.