static analyzer non comprehensive overview
play

Static Analyzer Non-Comprehensive Overview Dr Christopher Jones HOW - PowerPoint PPT Presentation

Nov 11, 2022 •437 likes •566 views

FERMILAB-SLIDES-19-035-CD Static Analyzer Non-Comprehensive Overview Dr Christopher Jones HOW 2019 21 March 2019 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of

  1. FERMILAB-SLIDES-19-035-CD Static Analyzer Non-Comprehensive Overview Dr Christopher Jones HOW 2019 21 March 2019 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of Energy, Office of Science, Office of High Energy Physics

  2. Purpose of Talk • Provide an overview of some of the code static analysis done by experiments • Not a comprehensive list • I only contacted people I knew • Any mistakes in the information presented are mine • I list all CMS ones though other experiments may have similar checkers • Meant to start a discussion in the meeting � 2 21/03/2019 C Jones I Static Analyzers

  3. Compiler • Experiments known to use: all • Warnings from the compiler are a form of static analysis • Many experiments use multiple compilers or versions of a compiler • clang and gcc seem to be the most popular � 3 21/03/2019 C Jones I Static Analyzers

  4. Coverity • Experiments known to use: ATLAS, CMS, LHCb • Commercial package • https://www.synopsys.com/software-integrity/security-testing/static-analysis-sast.html • CERN has a license • Provides a wide selection of sanity and correctness checking for C++ • improper memory handle • many kinds of resource leaks • failing to release file handles • threading problems • deadlocks • improper locking • Has had problems keeping up with the C++ standard • All known experiments have temporarily stopped using it because of this � 4 21/03/2019 C Jones I Static Analyzers

  5. Codacy • Experiments Known to Use: ALICE • Commercial Tool • https://www.codacy.com • https://github.com/marketplace/codacy • Provides tools for automating code reviews • Uses a plugin system to run different tools for multiple languages • cppcheck • flawfinder • Pylint • Easy integration with GitHub • Nice reporting tools � 5 21/03/2019 C Jones I Static Analyzers

  6. cppcheck • Experiments known to use: ALICE, ATLAS • Open Source • http://cppcheck.sourceforge.net • Reports bug in C/C++ with an emphasis on undefined behavior • dead pointers • integer overflows • invalid use of STL � 6 21/03/2019 C Jones I Static Analyzers

  7. clang-tidy • Experiments Known to Use: ALICE, CMS • Open source • https://clang.llvm.org/extra/clang-tidy/ • stand alone executable • Can diagnose and in some cases fix typical programming errors • add override keyword • change comparison of std::string to “” to call to empty() • Very customizable via configuration • Can be extended • Examples from ALICE • enforce member data naming convention • catch cases where sizeof should be used � 7 21/03/2019 C Jones I Static Analyzers

  8. clang Static Analyzer • Experiment known to use: CMS • Open source • Plugins loaded by the clang compiler • Uses exhaustive program-flow to try to find problems • returning null reference • dead assignment • memory leaks • CMS extensions • using namespace in headers • lots of thread safety checks • global variables • const member functions returning non-const pointers to member data • Use thread-safety report in conjunction with a graph of what functions call other functions to find all Framework modules associated with ‘global’ variables � 8 21/03/2019 C Jones I Static Analyzers

  9. gcc plugin • Experiment known to use: ATLAS • Open source • plugins loaded by the gcc compiler • ATLAS uses • enforcing naming conventions • flagging thread-unsafe constructs • mark code as being required to be thread safe using C++ annotations • marked code can only call other marked code � 9 21/03/2019 C Jones I Static Analyzers

  10. Include What You Use • Experiment known to use: CMS • Open source • https://github.com/include-what-you-use/include-what-you-use • based on clang • Can identify and fix incorrect includes • unneeded headers • missing direct includes for cases where functions/classes are indirectly included � 10 21/03/2019 C Jones I Static Analyzers

  11. gcc libCheck • Experiment known to use: CMS • Open source • gcc using -as-needed flag • makes linker say which linked libraries were unnecessary � 11 21/03/2019 C Jones I Static Analyzers

  12. CMS Homegrown • Package dependency checker • packages are the smallest unit CMS uses to compile • attempt to enforce allowed dependencies between groups of packages • e.g. Reconstruction code should not dependent on simulation • Checks for ROOT dictionaries • find duplicate ROOT dictionaries across packages • find dictionaries defined in a package not containing the C++ class • catch class changes without corresponding ROOT version number change � 12 21/03/2019 C Jones I Static Analyzers

Recommend

Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs

Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs

Developing the Clang Static Analyzer Artem Dergachev, Apple Clang Static Analyzer Finds bugs at compile time by inspecting your source code Bugs it finds are more sophisticated than warnings or Clang-Tidy Clang Static Analyzer 1

544 views • 29 slides
Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of

Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of

Learning a Static Analyzer from Data Pavol Bielik Veselin Raychev Martin Vechev Department of Computer Science CAV 2017 ETH Zurich July 22-28, Heidelberg Writing a Static Analyzer Framework for Java Static Type Checker Static Type

805 views • 46 slides
Learning a Static Analyzer from Data by Pavol Bielik, Veselin Raychev, and Martin Vechev Daniel

Learning a Static Analyzer from Data by Pavol Bielik, Veselin Raychev, and Martin Vechev Daniel

Learning a Static Analyzer from Data by Pavol Bielik, Veselin Raychev, and Martin Vechev Daniel Perez The University of Tokyo January 29, 2018 Static analyzers Writing a static analyzer is hard JavaScript points-to sample global.length = 4;

299 views • 15 slides
Faster, Stronger C++ Analysis with the Clang Static Analyzer George Karpenkov, Apple Artem

Faster, Stronger C++ Analysis with the Clang Static Analyzer George Karpenkov, Apple Artem

Faster, Stronger C++ Analysis with the Clang Static Analyzer George Karpenkov, Apple Artem Dergachev, Apple Agenda Introduction to Clang Static Analyzer Using coverage-based iteration order Improved C++ constructor and destructor

789 views • 40 slides
Using the Clang Static Analyzer Vince Bridgers About this tutorial Soup to nuts

Using the Clang Static Analyzer Vince Bridgers About this tutorial Soup to nuts

Using the Clang Static Analyzer Vince Bridgers About this tutorial Soup to nuts Small amount of theory to a practical example Why Static Analysis? Static Analysis in Continuous Integration What is Cross Translation Unit

480 views • 34 slides
A static analyzer for PE executables RMLL 2016 Security Track Ivan Kwiatkowski, AMIR

A static analyzer for PE executables RMLL 2016 Security Track Ivan Kwiatkowski, AMIR

A static analyzer for PE executables RMLL 2016 Security Track Ivan Kwiatkowski, AMIR Consulting Project origins Started in Feb. 2014 Annoyance at AV softwares opaque decisions Needed to automate repetitive tasks Overview: A

567 views • 21 slides
Summary-based inter-unit analysis for Clang Static Analyzer Aleksei Sidorin 2016-11-01 . S

Summary-based inter-unit analysis for Clang Static Analyzer Aleksei Sidorin 2016-11-01 . S

Summary-based inter-unit analysis for Clang Static Analyzer Aleksei Sidorin 2016-11-01 . S amsung R &D Institute, R ussia 1 . . . . . Clang Static Analyzer Source-based analysis of high-level programming languages (C, C++,

631 views • 27 slides
Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy

Formal verification of a static analyzer: abstract interpretation in type theory Xavier Leroy Inria Paris-Rocquencourt TYPES meeting, 2014-05-14 X. Leroy (Inria) Verified static analyzer 2014-05-14 1 / 57 In memoriam Radhia Cousot, 2014

647 views • 63 slides
A checker for dangling string pointers in C++ in the Clang Static Analyzer Rka Kovcs

A checker for dangling string pointers in C++ in the Clang Static Analyzer Rka Kovcs

A checker for dangling string pointers in C++ in the Clang Static Analyzer Rka Kovcs Mentors: Artem Dergachev Etvs Lornd University, Budapest, Hungary Gbor Horvth rekanikolett@gmail.com Real-world example return

257 views • 9 slides
Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation

Verasco: Formal verification of a C static analyzer based on abstract interpretation Jacques-Henri Jourdan, Vincent Laporte Sandrine Blazy, Xavier Leroy , David Pichardie Inria / U. Rennes 1 / ENS Rennes Workshop on Realistic Program

885 views • 63 slides
The Penultimate Challenge: Bug report construction in the Clang Static Analyzer Kristf Umann

The Penultimate Challenge: Bug report construction in the Clang Static Analyzer Kristf Umann

The Penultimate Challenge: Bug report construction in the Clang Static Analyzer Kristf Umann dkszelethus@gmail.com Etvs Lornd University, Budapest Ericsson Hungary 2019. oct. 22. 2/38 Clear, precise bug reports are important One of

1.91k views • 175 slides
MPI-Checker Static Analysis for MPI Alexander Droste, Michael Kuhn, Thomas Ludwig November

MPI-Checker Static Analysis for MPI Alexander Droste, Michael Kuhn, Thomas Ludwig November

MPI-Checker Static Analysis for MPI Alexander Droste, Michael Kuhn, Thomas Ludwig November 15, 2015 Motivation Clang Static Analyzer MPI-Checker Limitations Evaluation Future Work Motivation 2 / 39 Motivation Clang Static Analyzer

535 views • 41 slides
Resolving the almost decade old checker dependency issue in the Clang Static Analyzer Kristf

Resolving the almost decade old checker dependency issue in the Clang Static Analyzer Kristf

. . . . . . . . . . . . . . . . Resolving the almost decade old checker dependency issue in the Clang Static Analyzer Kristf Umann dkszelethus@gmail.com Etvs Lornd University, Budapest Ericsson Hungary . . . . . .

603 views • 15 slides
Infer A static analyzer for catching bugs before you ship Jules Villard jul@fb.com Facebook

Infer A static analyzer for catching bugs before you ship Jules Villard jul@fb.com Facebook

Infer A static analyzer for catching bugs before you ship Jules Villard jul@fb.com Facebook London github.com/facebook/infer/ Programming is Hard Need to think of ALL possible cases Keep track of all possible values If it can be null, it

1.09k views • 41 slides
in the Clang Static Analyzer dm Balogh adam.balogh@ericsson.com Euro LLVM 2019, Brussels,

in the Clang Static Analyzer dm Balogh adam.balogh@ericsson.com Euro LLVM 2019, Brussels,

Statistics Based Checkers in the Clang Static Analyzer dm Balogh adam.balogh@ericsson.com Euro LLVM 2019, Brussels, Belgium Ericsson 2019-04-08 Ericsson Internal | 2018-02-21 The Problem Huge legacy code with weak documentation

428 views • 28 slides
Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code

Source Code Analysis for Security through LLVM Lu Zhao HP Fortify lu.zhao@hp.com Static Code Analyzer for Security Static Code Analyzer for Security (HP Fortify SCA) C/C++ Java Vulnerabilities LLVM Language independent Services C/C++ Swift

325 views • 31 slides
High Pressure-Constant Volume Reactor Calculations in OLI Studio Analyzer Static HP reactor

High Pressure-Constant Volume Reactor Calculations in OLI Studio Analyzer Static HP reactor

High Pressure-Constant Volume Reactor Calculations in OLI Studio Analyzer Static HP reactor http://www.princeton.edu/cbe/people/faculty/register/group/facilities/hydrog-reactors/ Example high pressure, constant volume reactor procedure Step 4

493 views • 12 slides
Build Your Own Static WCET Analyzer the Case of f the Automotiv ive Proce cessor AURIX TC275

Build Your Own Static WCET Analyzer the Case of f the Automotiv ive Proce cessor AURIX TC275

Build Your Own Static WCET Analyzer the Case of f the Automotiv ive Proce cessor AURIX TC275 2020-01-29 @ ERTS 2020 Wei-Tsun SUN* ASTC-Design France; IRT Saint Exupry, France; IRIT - University of Toulouse, France Eric JENN IRT Saint

1.1k views • 69 slides
Cross Translational Unit Analysis in Clang Static Analyzer: Prototype and Measurements Gabor

Cross Translational Unit Analysis in Clang Static Analyzer: Prototype and Measurements Gabor

Cross Translational Unit Analysis in Clang Static Analyzer: Prototype and Measurements Gabor Horvath (xazax 1 ), Peter Szecsi (ps95 1 ), Zoltan Gera (gerazo 1 ) Daniel Krupp (daniel.krupp 2 ), Zoltan Porkolab (zoltan.porkolab 2 ) [1]

480 views • 29 slides
M ARVIN : Efficient And Comprehensive Mobile App Classification Through Static and Dynamic

M ARVIN : Efficient And Comprehensive Mobile App Classification Through Static and Dynamic

M ARVIN : Efficient And Comprehensive Mobile App Classification Through Static and Dynamic Analysis Martina Lindorfer, Matthias Neugschwandtner, Christian Platzer SBA Research, Vienna, Austria IBM Research, Zurich, Switzerland International

394 views • 25 slides
Infrared Gas Analyzer - component analyzer - component analyzer Type: ZRJ Standard type Type:

Infrared Gas Analyzer - component analyzer - component analyzer Type: ZRJ Standard type Type:

Arbitraryrangesettingisallowedwithinspecifiedrange. Stand-alone type Infrared Gas Analyzer - component analyzer - component analyzer Type: ZRJ Standard type Type: ZKJ High performance type Ideal for combustion

278 views • 4 slides
An Overview of the Alloy Language & Analyzer Slides contain some modified content from the

An Overview of the Alloy Language & Analyzer Slides contain some modified content from the

An Overview of the Alloy Language & Analyzer Slides contain some modified content from the Alloy Tutorial by G. Dennis & R. Seater (see alloy.mit.edu) Alloy Lecture 1 1 What is Alloy? A formal language and analyzer based on Z

329 views • 6 slides
BC-5300 Auto Hematology Analyzer Satisfaction in test BC-5300 Auto Hematology Analyzer The new

BC-5300 Auto Hematology Analyzer Satisfaction in test BC-5300 Auto Hematology Analyzer The new

BC-5300 Auto Hematology Analyzer Satisfaction in test BC-5300 Auto Hematology Analyzer The new BC-5300 Auto Hematology Analyzer is a bench top system, combining three mainstream technologies: laser scatter, flow cytometry and chemical dye to

276 views • 4 slides
PointsTo Static Use-After-Free Detector for C/C++ Presented by: Peter Goodman PointsTo detects

PointsTo Static Use-After-Free Detector for C/C++ Presented by: Peter Goodman PointsTo detects

PointsTo Static Use-After-Free Detector for C/C++ Presented by: Peter Goodman PointsTo detects use-after-free bugs Static, whole-program analyzer that finds use-after-free bugs in C/C++ code Implemented in C++ as an LLVM plugin that

591 views • 26 slides

More recommend