GSoC - Static Analyzer project ideas?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

GSoC - Static Analyzer project ideas?

Martin Milata
Hello,

I would like to participate in this year's Google Summer of Code
program. I'm interested in working on the Static Analyzer, because I
think it has great potential to be a tool that a lot of programmers can
benefit from, and it also overlaps with my academic interests.

The analyzer is not mentioned on the open projects page, so my question
is if anybody has some project idea and/or is willing to mentor it? I
have tried to come up with something, but I don't know if it would be
really possible, useful and doable in the given time:

- support for interprocedural analysis

- support for external checkers (i.e. loadable at runtime, so clang does
  not have to be recompiled in order to use new checker)

- false positive elimination with constraint solver (klee seems to
  contain a solver that could be specifically used for this)

- C++ support (only thing mentioned on the analyzer web, I don't have an
  idea of extent of the work needed)

Thank you for any feedback,
Martin Milata
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Ben Laurie
On 21 March 2011 12:05, Martin Milata <[hidden email]> wrote:
> Hello,
>
> I would like to participate in this year's Google Summer of Code
> program. I'm interested in working on the Static Analyzer, because I
> think it has great potential to be a tool that a lot of programmers can
> benefit from, and it also overlaps with my academic interests.
>
> The analyzer is not mentioned on the open projects page, so my question
> is if anybody has some project idea and/or is willing to mentor it?

Sadly I don't think I'm qualified to mentor, or I would certainly
offer. I like your list (not so sure about dynamic loading, that seems
low priority).

One I'd like to add is some kind of support for rule-based finding of
particular known bad patterns (e.g. the OpenSSL bug where return
values that could be -1, 0 or 1 were checked as if they were
true/false). Yes, this is vague :-)

> I
> have tried to come up with something, but I don't know if it would be
> really possible, useful and doable in the given time:
>
> - support for interprocedural analysis
>
> - support for external checkers (i.e. loadable at runtime, so clang does
>  not have to be recompiled in order to use new checker)
>
> - false positive elimination with constraint solver (klee seems to
>  contain a solver that could be specifically used for this)
>
> - C++ support (only thing mentioned on the analyzer web, I don't have an
>  idea of extent of the work needed)
>
> Thank you for any feedback,
> Martin Milata
> _______________________________________________
> cfe-dev mailing list
> [hidden email]
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>

_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Joel Sherrill
On 03/21/2011 08:18 AM, Ben Laurie wrote:

> On 21 March 2011 12:05, Martin Milata<[hidden email]>  wrote:
>> Hello,
>>
>> I would like to participate in this year's Google Summer of Code
>> program. I'm interested in working on the Static Analyzer, because I
>> think it has great potential to be a tool that a lot of programmers can
>> benefit from, and it also overlaps with my academic interests.
>>
>> The analyzer is not mentioned on the open projects page, so my question
>> is if anybody has some project idea and/or is willing to mentor it?
> Sadly I don't think I'm qualified to mentor, or I would certainly
> offer. I like your list (not so sure about dynamic loading, that seems
> low priority).
>
> One I'd like to add is some kind of support for rule-based finding of
> particular known bad patterns (e.g. the OpenSSL bug where return
> values that could be -1, 0 or 1 were checked as if they were
> true/false). Yes, this is vague :-)
>
I'm not a mentor candidate either but have tried to use
clang to analyse RTEMS (http://www.rtems.org).  We had
some issues with RTEMS always being cross built and
some noise from system header files.  All in all, I recall
enough not working that we didn't get far.

I'd been happy to be a tester for you and provide more
details on the issues we had.  It should all be in the
mailing list log.

>> I
>> have tried to come up with something, but I don't know if it would be
>> really possible, useful and doable in the given time:
>>
>> - support for interprocedural analysis
>>
>> - support for external checkers (i.e. loadable at runtime, so clang does
>>   not have to be recompiled in order to use new checker)
>>
>> - false positive elimination with constraint solver (klee seems to
>>   contain a solver that could be specifically used for this)
>>
>> - C++ support (only thing mentioned on the analyzer web, I don't have an
>>   idea of extent of the work needed)
>>
>> Thank you for any feedback,
>> Martin Milata
>> _______________________________________________
>> cfe-dev mailing list
>> [hidden email]
>> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>>
> _______________________________________________
> cfe-dev mailing list
> [hidden email]
> http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev


--
Joel Sherrill, Ph.D.             Director of Research&  Development
[hidden email]        On-Line Applications Research
Ask me about RTEMS: a free RTOS  Huntsville AL 35805
    Support Available             (256) 722-9985


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Martin Milata
In reply to this post by Ben Laurie
On Mon, Mar 21, 2011 at 13:18:42 +0000, Ben Laurie wrote:

> On 21 March 2011 12:05, Martin Milata <[hidden email]> wrote:
> > Hello,
> >
> > I would like to participate in this year's Google Summer of Code
> > program. I'm interested in working on the Static Analyzer, because I
> > think it has great potential to be a tool that a lot of programmers can
> > benefit from, and it also overlaps with my academic interests.
> >
> > The analyzer is not mentioned on the open projects page, so my question
> > is if anybody has some project idea and/or is willing to mentor it?
>
> Sadly I don't think I'm qualified to mentor, or I would certainly
> offer. I like your list (not so sure about dynamic loading, that seems
> low priority).
>
> One I'd like to add is some kind of support for rule-based finding of
> particular known bad patterns (e.g. the OpenSSL bug where return
> values that could be -1, 0 or 1 were checked as if they were
> true/false). Yes, this is vague :-)

If I understand your proposal correctly, it may actually be related to
the dynamic loading. Instead of just loading the ordinary compiled
checker, it might be possible to allow writing external checkers as some
set of rules or in some general-purpose scripting language. This might
make it possible to write simple, project-specific checkers.

But I'm even less sure here whether it would be possible, useful and
small enough project to do over the summer.

> > I
> > have tried to come up with something, but I don't know if it would be
> > really possible, useful and doable in the given time:
> >
> > - support for interprocedural analysis
> >
> > - support for external checkers (i.e. loadable at runtime, so clang does
> >  not have to be recompiled in order to use new checker)
> >
> > - false positive elimination with constraint solver (klee seems to
> >  contain a solver that could be specifically used for this)
> >
> > - C++ support (only thing mentioned on the analyzer web, I don't have an
> >  idea of extent of the work needed)
> >
> > Thank you for any feedback,
> > Martin Milata
> > _______________________________________________
> > cfe-dev mailing list
> > [hidden email]
> > http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> >
>
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Martin Milata
In reply to this post by Joel Sherrill
On Mon, Mar 21, 2011 at 09:02:00 -0500, Joel Sherrill wrote:

> On 03/21/2011 08:18 AM, Ben Laurie wrote:
> >On 21 March 2011 12:05, Martin Milata<[hidden email]>  wrote:
> >>Hello,
> >>
> >>I would like to participate in this year's Google Summer of Code
> >>program. I'm interested in working on the Static Analyzer, because I
> >>think it has great potential to be a tool that a lot of programmers can
> >>benefit from, and it also overlaps with my academic interests.
> >>
> >>The analyzer is not mentioned on the open projects page, so my question
> >>is if anybody has some project idea and/or is willing to mentor it?
> >Sadly I don't think I'm qualified to mentor, or I would certainly
> >offer. I like your list (not so sure about dynamic loading, that seems
> >low priority).
> >
> >One I'd like to add is some kind of support for rule-based finding of
> >particular known bad patterns (e.g. the OpenSSL bug where return
> >values that could be -1, 0 or 1 were checked as if they were
> >true/false). Yes, this is vague :-)
> >
> I'm not a mentor candidate either but have tried to use
> clang to analyse RTEMS (http://www.rtems.org).  We had
> some issues with RTEMS always being cross built and
> some noise from system header files.  All in all, I recall
> enough not working that we didn't get far.
>
> I'd been happy to be a tester for you and provide more
> details on the issues we had.  It should all be in the
> mailing list log.

>From what I understood from the list log, it seems to be general clang
cross-compilation issue. I think that you cannot run the analyzer on
something you cannot compile with clang.

However, Ted's reply suggests another possible project:
> (1) Support transparent integration into almost any build system on most
> platforms.
> (2) Support different workflows with processing analysis results other
> than generating static HTML reports.
I didn't think of that, because the scan-build script seemed to work
pretty well, at least on Linux.

> >>I
> >>have tried to come up with something, but I don't know if it would be
> >>really possible, useful and doable in the given time:
> >>
> >>- support for interprocedural analysis
> >>
> >>- support for external checkers (i.e. loadable at runtime, so clang does
> >>  not have to be recompiled in order to use new checker)
> >>
> >>- false positive elimination with constraint solver (klee seems to
> >>  contain a solver that could be specifically used for this)
> >>
> >>- C++ support (only thing mentioned on the analyzer web, I don't have an
> >>  idea of extent of the work needed)
> >>
> >>Thank you for any feedback,
> >>Martin Milata
> >>_______________________________________________
> >>cfe-dev mailing list
> >>[hidden email]
> >>http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
> >>
> >_______________________________________________
> >cfe-dev mailing list
> >[hidden email]
> >http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
>
>
> --
> Joel Sherrill, Ph.D.             Director of Research&  Development
> [hidden email]        On-Line Applications Research
> Ask me about RTEMS: a free RTOS  Huntsville AL 35805
>    Support Available             (256) 722-9985
>
>
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Ted Kremenek
In reply to this post by Martin Milata
On Mar 21, 2011, at 5:05 AM, Martin Milata wrote:

> Hello,
>
> I would like to participate in this year's Google Summer of Code
> program. I'm interested in working on the Static Analyzer, because I
> think it has great potential to be a tool that a lot of programmers can
> benefit from, and it also overlaps with my academic interests.
>
> The analyzer is not mentioned on the open projects page, so my question
> is if anybody has some project idea and/or is willing to mentor it? I
> have tried to come up with something, but I don't know if it would be
> really possible, useful and doable in the given time:
>
> - support for interprocedural analysis
>
> - support for external checkers (i.e. loadable at runtime, so clang does
>  not have to be recompiled in order to use new checker)
>
> - false positive elimination with constraint solver (klee seems to
>  contain a solver that could be specifically used for this)
>
> - C++ support (only thing mentioned on the analyzer web, I don't have an
>  idea of extent of the work needed)
>
> Thank you for any feedback,
> Martin Milata

Hi Martin,

I'm happy to hear that you are so excited about the static analyzer, and there are definitely task areas of it that would make good GSoC projects.

I think the "support for external projects" is probably the most reasonable for a GSoC project you proposed.  Argiris recently reworked the checker registration system so that all checkers register themselves with a CheckerManager object.  I think we should be able to naturally extend this to dynamically loadable checkers.  Not only is this a tractable project, but it would have direct impact on others trying to extend the static analyzer.

I think all the other projects are great ideas, but unless you are intimately familiar with the static analyzer engine I don't think interprocedural analysis or integration of a constraint solver are good part-time projects.  They both will require a huge amount of work and intimate understanding of the analyzer core.  I just don't think you'll have enough time in a GSoC project, and I think if this is your first time working with the analyzer internals its probably best to start on a less ambitious project that will have more immediate direct impact.

Concerning C++ static analysis support, there is a bunch of random things to be done.  Some of it dovetails into inter-procedural analysis and enhancing the core analyzer engine, but writing C++ specific checkers would be really beneficial.  Note that full C++ support is definitely much more than a GSoC project, but it's definitely something you can help with by carving out key pieces that need to be done.

Cheers,
Ted
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Joerg Sonnenberger
In reply to this post by Martin Milata
On Mon, Mar 21, 2011 at 01:05:16PM +0100, Martin Milata wrote:
> The analyzer is not mentioned on the open projects page, so my question
> is if anybody has some project idea and/or is willing to mentor it?

Let me hijack this a bit and see if I can offload some long term work :)

NetBSD has a semi-maintained implementation of lint. One of the
things that would be nice for us (NetBSD) is if it could be fully
replaced by the static analyzer of clang.

I don't have an exhaustive lists of check lint does and clang doesn't,
but there is at least one major set of functions missing. The static
analyzer is currently operating strictly on a per file base. It can't do
inter-file (or even inter-library) consistency checks of type or
function definitions.

This means checking if function prototypes have compatible argument
lists in all files. Types are either only used locally or are equivalent
across the project etc.

It could be further extended to provide an ABI compatibility checker.
Consider you are maintaining a larger library and you are in the process
of preparing a new release. Is the new version ABI compatible with the
old release? If it isn't, you have to either fix that or bump major
versions etc. I'm not aware of any program in this area and it is a
major hassle to do it correctly. Many, many programmers don't get this
right, so having an automated tool would be a huge improvement.

Just to give you some ideas for what could be done.

Joerg
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Konstantin Tokarev


23.03.2011, 15:20, "Joerg Sonnenberger" <[hidden email]>:
> It could be further extended to provide an ABI compatibility checker.

Please consider using

   http://linuxtesting.org/upstream-tracker/

for this purpose (you can ignore word "Linux" inside:)

--
Regards,
Konstantin
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Joerg Sonnenberger
On Wed, Mar 23, 2011 at 03:58:02PM +0300, Konstantin Tokarev wrote:

>
>
> 23.03.2011, 15:20, "Joerg Sonnenberger" <[hidden email]>:
> > It could be further extended to provide an ABI compatibility checker.
>
> Please consider using
>
>    http://linuxtesting.org/upstream-tracker/
>
> for this purpose (you can ignore word "Linux" inside:)

Hm. Thanks, useful.

Joerg
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: GSoC - Static Analyzer project ideas?

Martin Milata
In reply to this post by Ted Kremenek
On Tue, Mar 22, 2011 at 21:01:37 -0700, Ted Kremenek wrote:

> On Mar 21, 2011, at 5:05 AM, Martin Milata wrote:
>
> > Hello,
> >
> > I would like to participate in this year's Google Summer of Code
> > program. I'm interested in working on the Static Analyzer, because I
> > think it has great potential to be a tool that a lot of programmers can
> > benefit from, and it also overlaps with my academic interests.
> >
> > The analyzer is not mentioned on the open projects page, so my question
> > is if anybody has some project idea and/or is willing to mentor it? I
> > have tried to come up with something, but I don't know if it would be
> > really possible, useful and doable in the given time:
> >
> > - support for interprocedural analysis
> >
> > - support for external checkers (i.e. loadable at runtime, so clang does
> >  not have to be recompiled in order to use new checker)
> >
> > - false positive elimination with constraint solver (klee seems to
> >  contain a solver that could be specifically used for this)
> >
> > - C++ support (only thing mentioned on the analyzer web, I don't have an
> >  idea of extent of the work needed)
> >
> > Thank you for any feedback,
> > Martin Milata
>
> Hi Martin,
>
> I'm happy to hear that you are so excited about the static analyzer,
> and there are definitely task areas of it that would make good GSoC
> projects.
>
> I think the "support for external projects" is probably the most
> reasonable for a GSoC project you proposed.  Argiris recently reworked
> the checker registration system so that all checkers register
> themselves with a CheckerManager object.  I think we should be able to
> naturally extend this to dynamically loadable checkers.  Not only is
> this a tractable project, but it would have direct impact on others
> trying to extend the static analyzer.
>
> I think all the other projects are great ideas, but unless you are
> intimately familiar with the static analyzer engine I don't think
> interprocedural analysis or integration of a constraint solver are
> good part-time projects.  They both will require a huge amount of work
> and intimate understanding of the analyzer core.  I just don't think
> you'll have enough time in a GSoC project, and I think if this is your
> first time working with the analyzer internals its probably best to
> start on a less ambitious project that will have more immediate direct
> impact.
>
> Concerning C++ static analysis support, there is a bunch of random
> things to be done.  Some of it dovetails into inter-procedural
> analysis and enhancing the core analyzer engine, but writing C++
> specific checkers would be really beneficial.  Note that full C++
> support is definitely much more than a GSoC project, but it's
> definitely something you can help with by carving out key pieces that
> need to be done.
>
> Cheers,
> Ted

Thank you for your reply, it's good to know what is feasible to do and
what is not.

Regarding the external projects support, what exactly would that entail?
I can imagine that making the dynamic loading working on all supported
platforms will be nontrivial (unless clang already has some
infrastructure for that) and that the wrapper scripts will require
modifications. Is there something else apart from that?

Thanks,
Martin
_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev