static analysis of openafs code base
play

Static analysis of OpenAFS code base Cheyenne Wills OpenAFS 2019 - PowerPoint PPT Presentation

Oct 31, 2023 •343 likes •556 views

Static analysis of OpenAFS code base Cheyenne Wills OpenAFS 2019 Workshop Overview What is static analysis What are the tools Analysis of the OpenAFS code base What is static analysis Static analysis is performed by analysing

  1. Static analysis of OpenAFS code base Cheyenne Wills OpenAFS 2019 Workshop

  2. Overview • What is static analysis • What are the tools • Analysis of the OpenAFS code base

  3. What is static analysis • Static analysis is performed by analysing the source or object code of a program – as opposed to dynamic analysis, which is done by analysing a running program

  4. What are the tools • Manual code reviews • Automated tools – Enhancements to compilers – Standalone utilities

  5. Manual Code Reviews • Traditional method • Gerrit reviews – More than one set of eyes – “voting”

  6. Enhancements to compilers • GCC 8/9, clang – Truncation using string functions – Alignment errors – Some pointer operations – Detecting out-of-bounds on arrays – format overflows and truncations

  7. Compiler checks • --enable-checking on configure • compilers are getting “better” on reporting errors

  8. gcc compiler warnings

  9. Standalone utilities • Clang’s static analyzer - scan-build – part of Clang – Suite of checkers: • Core language features and general purpose checks • Dead Code • NULL dereferencing • Security • Unix/POSIX APIs

  10. clang scan-build

  11. clang scan-build

  12. clang scan-build

  13. Standalone utilities • cppcheck – variable checking – out of bounds conditions – depreciated functions – memory leaks – resource leaks – stylistic and performance errors

  14. cppcheck ... [src/rxgen/rpc_parse.c:2208]: (warning) %u in format string (no. 3) requires 'unsigned int' but the argument type is 'signed int'. [src/rxgen/rpc_parse.c:2208]: (warning) %u in format string (no. 5) requires 'unsigned int' but the argument type is 'signed int'. [src/rxgen/rpc_parse.c:690] -> [src/rxgen/rpc_parse.c:696]: (style) Variable 'tailp' is reassigned a value before the old one has been used. [src/rxgen/rpc_parse.c:818]: (style) The scope of the variable 'defp' can be reduced. [src/rxgen/rpc_parse.c:972]: (style) The scope of the variable 'typecontents' can be reduced. [src/rxgen/rpc_parse.c:997]: (style) The scope of the variable 'typecontents' can be reduced. [src/rxgen/rpc_parse.c:1175]: (style) The scope of the variable 'noofparams' can be reduced. [src/rxgen/rpc_parse.c:1175]: (style) The scope of the variable 'i' can be reduced. [src/rxgen/rpc_parse.c:1245]: (style) The scope of the variable 'i' can be reduced. [src/rxgen/rpc_parse.c:1347]: (style) The scope of the variable 'defp1' can be reduced. [src/rxgen/rpc_parse.c:1557]: (style) The scope of the variable 'i' can be reduced. [src/rxgen/rpc_parse.c:1944]: (style) The scope of the variable 'defp' can be reduced. [src/rxgen/rpc_util.h:62] -> [src/rxgen/rpc_parse.c:1528]: (style) Local variable zflag shadows outer variable ...

  15. Standalone utilities • infer – null pointer problems – memory leaks – coding conventions – system APIs

  16. infer src/bucoord/config.c:98: error: NULL_DEREFERENCE pointer `tentry` last assigned on line 97 could be null and is dereferenced at line 98, column 5. 96. /* tlast now points to the next pointer (or head pointer) we should overwrite */ 97. tentry = calloc(1, sizeof(struct bc_hostEntry)); 98. > tentry->name = strdup(aname); 99. *tlast = tentry; 100. tentry->next = (struct bc_hostEntry *)0; src/afs/afs_cell.c:108: error: UNINITIALIZED_VALUE The value read from code was never initialized. 106. timeout); 107. 108. > if (!hostCount || (code && code != EEXIST)) 109. /* null out the cellname if the lookup failed */ 110. afsdb_req.cellname = NULL;

  17. infer Summary of the reports UNINITIALIZED_VALUE: 681 DEAD_STORE: 325 NULL_DEREFERENCE: 188 MEMORY_LEAK: 173 RESOURCE_LEAK: 20 USE_AFTER_FREE: 1

  18. Analysis of the OpenAFS code base • “static-analysis” topic in OpenAFS Gerrit – Analysis and patches by Pat Riehecky • Memory and resource leaks • NULL pointer dereferences • Problems with “printf” format strings • Boundary conditions (arrays and strings) • Uninitialized variables • Dead code – 25 commits, 19 pending merge

  19. Commits pending approvals

  20. Improving the code base • Continued code reviews, adding more eyes. – Automated tools can’t catch everything • Integrate automated checks into commit and build processes – adding analysis checks into the buildbot workers

Recommend

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis Automatisierte Sicherheitsanalyse of Complex PHP Application Vulnerabilities von Webapplikationen Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code Analysis Automatisierte

1.48k views • 89 slides
Bridging the Semantic Gap Through Static Code Analysis Christian Schneider, Jonas Pfoh, Claudia

Bridging the Semantic Gap Through Static Code Analysis Christian Schneider, Jonas Pfoh, Claudia

Motivation Static Code Analysis Implementation Conclusion References Bridging the Semantic Gap Through Static Code Analysis Christian Schneider, Jonas Pfoh, Claudia Eckert { schneidc,pfoh,eckertc } @in.tum.de Chair for IT Security

632 views • 28 slides
Static and dynamic verification Software inspections Concerned with analysis of the static

Static and dynamic verification Software inspections Concerned with analysis of the static

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis Software

430 views • 12 slides
Static Code Analysis on Networking Code: Identifying the capabilities of finding implementation

Static Code Analysis on Networking Code: Identifying the capabilities of finding implementation

RP1 Presenter: Ivar Slotboom Supervisor: Wouter van Dongen , DongIT UvA/SNE Static Code Analysis on Networking Code: Identifying the capabilities of finding implementation flaws using Abstract Syntax Trees RP1 4th of July, 2019 Presenter:

439 views • 20 slides
Static and dynamic verification Software inspections Concerned with analysis of the

Static and dynamic verification Software inspections Concerned with analysis of the

1 Static and dynamic verification Software inspections Concerned with analysis of the static system representation to discover problems (static verification) May be supplement by tool-based document and code analysis

310 views • 12 slides
Static execution-time analysis CPU speed model Bounds on Static (Sub)program code exec time

Static execution-time analysis CPU speed model Bounds on Static (Sub)program code exec time

Tid rum Static Execution Time Analysis Niklas Holsti Space Systems Finland Ltd (now) Tidorum Ltd(to be) Overview Area of interest Current state Work in progress What to do next 1 bo Akademi, ES lab, 2003-10-03 Tid rum

466 views • 12 slides
Dataflow Analysis Iterative Data-flow Analysis and Static-Single-Assignment cs5363 1

Dataflow Analysis Iterative Data-flow Analysis and Static-Single-Assignment cs5363 1

Dataflow Analysis Iterative Data-flow Analysis and Static-Single-Assignment cs5363 1 Optimization And Analysis Improving efficiency of generated code Correctness: optimized code must preserve meaning of the original program

467 views • 31 slides
Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code Analyzer for Security Static Code Analyzer for Security (HP Fortify SCA) C/C++ Java Vulnerabilities LLVM Language independent Services C/C++ Swift

325 views • 31 slides
Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile

Whats Coverity static analysis ever done for us? Philip Withnall Endless Mobile philip@tecnocode.co.uk July 30, 2017 MANCHESTER What is static analysis? Compile-time testing of all possible code paths. Whats Coverity static analysis

236 views • 12 slides
Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting

Static Analysis of Haskell Neil Mitchell http://ndmitchell.com Static Analysis is getting insights at compile time Full branch coverage Terminates Doesnt rely on a test suite Types are static analysis. Lets talk about

784 views • 39 slides
An OpenAFS Site Report Code Name Sunrise Ralf Brunckhorst Michael Meffie (SNA) June 19, 2019

An OpenAFS Site Report Code Name Sunrise Ralf Brunckhorst Michael Meffie (SNA) June 19, 2019

An OpenAFS Site Report Code Name Sunrise Ralf Brunckhorst Michael Meffie (SNA) June 19, 2019 An OpenAFS Site Report 1 of 21 History of AFS at Sunrise 1999 AFS was introduced at one site in Sweden. 2000s More sites were added. 2006 AFS

363 views • 21 slides
Graph-based analysis of JavaScript source code repositories Gbor Szrnyas Graph Processing

Graph-based analysis of JavaScript source code repositories Gbor Szrnyas Graph Processing

Graph-based analysis of JavaScript source code repositories Gbor Szrnyas Graph Processing devroom @ FOSDEM 2018 JAVASCRIPT Latest standard: ECMAScript 2017 STATIC ANALYSIS Static source code analysis is a software testing approach

1.09k views • 40 slides
Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL

Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL

Comparing the Effectiveness of Penetration Testing and Static Code Analysis Detection of SQL Injection Vulnerabilities in Web Services Nuno Antunes, Marco Vieira PRDC 2009 nmsa@dei.uc.pt, mvieira@dei.uc.pt University of Coimbra

370 views • 24 slides
OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS

OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS

OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS Project n 16 October 2012 Tuesday, October 16, 12 History n OpenAFS 1.6.0 was released on 1 September 2011. Just 3 years late n You

434 views • 31 slides
Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State

Binarylevel program analysis: Static Disassembly Gang Tan CSE 597 Spring 2019 Penn State University 3 Disassemblers Disassembler Convert machine code in a binary file into assembly code or code in an equivalent IR Assume a

514 views • 26 slides
CPSC 213 2.2.3, 2.3, 2.4.1-2.4.3, 2.6 static base types (e.g., int, char) Textbook

CPSC 213 2.2.3, 2.3, 2.4.1-2.4.3, 2.6 static base types (e.g., int, char) Textbook

Reading Examine Java and C Piece by Piece Companion Reading writing and arithmetic on variables CPSC 213 2.2.3, 2.3, 2.4.1-2.4.3, 2.6 static base types (e.g., int, char) Textbook static and dynamic arrays of base types

347 views • 3 slides
Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ?

Static Analysis for Secure Development Introduction Static analysis : What , and why ? Basic analysis ! Example : Flow analysis ! Increasing precision ! Context -, flow -, and path sensitivity Scaling it up !

527 views • 27 slides
Lua Code: Security Overview and Practical Approaches to Static Analysis Andrei Costin

Lua Code: Security Overview and Practical Approaches to Static Analysis Andrei Costin

IEEE SPW: LangSec'17 (San Jose, CA) Lua Code: Security Overview and Practical Approaches to Static Analysis Andrei Costin ancostin@jyu.fi, andrei@firmware.re University of Jyvaskyla, Finland Agenda Introduction Contributions

374 views • 23 slides
Program analysis for security Two main classes Static: Operates on source or binary at

Program analysis for security Two main classes Static: Operates on source or binary at

Program analysis for security Two main classes Static: Operates on source or binary at rest Dynamic: Operates at runtime Also hybrids of the two Static: Examples Code review Grep Taint analysis Symbolic

726 views • 49 slides
Status and Futures Derrick Brashear Jeffrey Altman What is OpenAFS? OpenAFS is a global,

Status and Futures Derrick Brashear Jeffrey Altman What is OpenAFS? OpenAFS is a global,

Status and Futures Derrick Brashear Jeffrey Altman What is OpenAFS? OpenAFS is a global, federated, location independent open source storage system that provides pervasive data access from a broad range of heterogeneous devices scaling

392 views • 15 slides
Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker

Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker

Using Static Code Analysis to Find Bugs Before They Become Failures Presented by Brian Walker Senior Software Engineer, Video Product Line, Tektronix, Inc. Pacific Northwest Software Quality Conference, 2010 In the Beginning, There Was Lint

486 views • 20 slides
1 Analysis Information Where Do Facts Hold? How much information depends on the client

1 Analysis Information Where Do Facts Hold? How much information depends on the client

711? CS711 Advanced Programming Languages Topics in Program Analysis Radu Rugina Fall 2005 CS711 Overview 2 Program Analysis Static vs. Dynamic Static analysis: inspect programs at compile-time Static analysis: Work done at

282 views • 4 slides
Abstract a unified lattice model for static analysis of programs by construction or approximation

Abstract a unified lattice model for static analysis of programs by construction or approximation

Abstract a unified lattice model for static analysis of programs by construction or approximation of fixpoints Interpretation Patrick Cousot and Radhia Cousot, 1977 Motivation (for static analysis) Say youve written code that you really

619 views • 25 slides

More recommend