[cfe-dev] [llvm-dev] [GSOC 2018] Information gathering

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Fri Mar 2 13:58:50 PST 2018


Hey, welcome!

I'm curious about the unsequenced modification checker, is it something 
that I should have seen but missed for whatever reason? It might be 
useful, and I think I'm seeing why don't compiler warnings cover all 
cases, i.e. why the analyzer's path sensitivity would help here. But I 
can't answer until I see it :) -eg. on our Phabricator.

We are currently having two confirmed mentors for the Analyzer for now 
(me and George), so we'd most likely be able to mentor one student each, 
for two projects, and it'd likely be the two projects we proposed - 
unless someone proposes something really interesting. And already two 
fairly motivated students have shown up here in the mailing lists, but 
this shouldn't stop you from posting your own proposal here in cfe-dev 
(most of the analyzer contributors aren't actively scanning llvm-dev, as 
far as I know).

I don't know much about the binutils replacement project; someone else 
should reply on that one.

A couple of words about the use-after-free-like checker for values 
managed by temporary objects (mostly strings) that go out of scope. 
Because internals of std::string and other similar classes are too hard 
for the analyzer's generic use-after-free checker to understand (mostly 
due to how hard it is to track STL's internal invariants, and how not 
all of the code is necessarily present in the header), an API-specific 
checker seems to be necessary. The original plan we've had in mind was 
to keep track of dangerous values like str.c_str() in the program state 
(similarly to how SimpleStreamChecker tracks file descriptors) and then 
see if any of them are still present in memory at the end of the 
original value's lifetime (similarly to how StackAddrEscape checker 
finds stack pointers at the end of a function's stack frame).

The unknowns here include how easy would it be to track scopes (for now 
we only track function scopes, but if fairly old but recently 
reincarnated patches [1] and [2] land any time soon, we may get a much 
better granularity), how easy would it be to track objects when they are 
moved or lifetime-extended by binding to references, which was a large 
problem for other C++ object checkers, but we may work our way around it 
to some extent (or do it properly, depending on my current work outlined 
in [3] and in follow-up mails in February), and also how helpful 
inlining would be (eg. would we be able to automagically support 
string_view-like classes by inlining their methods?). So the checker 
would need an almost indefinite amount of incremental improvements once 
the initial prototype is done, some of which must be fairly curious and 
would certainly expose you to some of the analyzer's internals.



On 01/03/2018 11:43 AM, Paul Semel via cfe-dev wrote:
> Hey,
>
> On 02/20/2018 11:51 PM, Paul Semel wrote:
>> Hello,
>>
>>
>> I'm Paul Semel, a French student in computer science. I am currently 
>> in my 4th year (1st year of graduate school) at EPITA and enrolled in 
>> the system and security laboratory of the school.
>>
>> I would be very interested in working on a LLVM project during this 
>> GSoC. Implementing a PoC for an unsequenced modification checker in 
>> CSA helped me discover LLVM. However, I would like to dive deeper in 
>> this project.
>>
>> I've seen some of the proposals, and I would like to ask a few 
>> questions about two of those.
>>
>> As you might have guessed, I have some interest in the checker for 
>> dangling string pointers :
>>
>> - Do you think it would help if I kept working on improving my 
>> unsequenced modification checker to get more familiar with Clang 
>> Static Analyzer ?
>>
>> I'm also interested in the command line replacements for GNU Binutils :
>>
>> - What tools would you like to replace in priority ?
>> - Does this subject imply to add options/features to some of the 
>> tools, or is it only about handling command line ?
>>
>> Thank you very much,
>>
>>
>
> Adding cfe-dev..
>
> Regards,
>




More information about the cfe-dev mailing list