<div dir="ltr">Hi Adam!<br><div class="gmail_extra"><br><div class="gmail_quote">On 20 March 2015 at 22:34, Adam Romanek <span dir="ltr"><<a href="mailto:romanek.adam@gmail.com" target="_blank">romanek.adam@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hi Gábor!<br>
<br>
Thanks for the information. The work you've done might in fact help me to push the C++ related checkers further. I'd like to investigate it a bit.<br>
<br>
Is there any summary of what has been done and what is still missing? Are there any code examples?<br></blockquote><div><br></div><div>There is some inline documentation in the code and there are some tests that can be used as code examples. The corresponding commit can be found here: <a href="http://reviews.llvm.org/rL216550">http://reviews.llvm.org/rL216550</a> The commit message contains some documentation as well as some notes.<br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
BTW, how would I know which parts of C++ standard library might need to be synthesized through BodyFarm?<br></blockquote><div><br><br></div><div>Depending on your needs. Usually models are for function bodies that are not available in a translation unit. When a function body is available the model file for that function will not be used. It would not be too hard to make it possible to implement "strong" models that take precedence over the original implementation. <br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
I'm just trying to understand the amount of work required to use this approach for a basic checker I mentioned at the beginning. Any further hints would be useful.<br></blockquote><div><br></div><div>This "textual bodyfarm" only works on limited examples right now (c functions). It would not be too hard to add support for methods, overloaded functions as well. Supporting templates would be challenging, however most of the time it would be irrelevant for weak models.<br><br></div><div>There are also some bugs related to macros that I did not have the chance yet to sort out.<br><br></div><div>The handling of multiple model files are also not implemented yet. The plan was to handle them similar to how headers are handled (model search paths instead of header search paths).<br><br></div><div>If you think these "textual models" would be useful for you and you have some requirements/expectations/assumptions feel free to share with me. If you plan to improve anything regarding this feature and need some help or guidance feel free to ping me.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
Thanks!<br>
Adam Romanek<span class=""><br>
<br>
On 19.03.2015 09:39, Gábor Horváth wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">
Hi Jared!<br>
<br>
You might be interested in this GSoC project from last year:<br>
<a href="http://www.google-melange.com/gsoc/project/details/google/gsoc2014/xazax/5717271485874176" target="_blank">http://www.google-melange.com/<u></u>gsoc/project/details/google/<u></u>gsoc2014/xazax/<u></u>5717271485874176</a><br>
<br>
It makes it possible to wrote C++ code for the bodyfarm instead of<br>
assembling the AST manually. It works for simple cases and available in<br>
the trunk already. Unfortunately there is a lot of work left to do which<br>
I plan to solve, but I lack the time for that at the moment.<br>
<br>
Cheers,<br>
Gábor<br>
<br>
<br>
<br>
On 19 March 2015 at 06:00, Jared Grubb <<a href="mailto:jared.grubb@gmail.com" target="_blank">jared.grubb@gmail.com</a><br></span>
<mailto:<a href="mailto:jared.grubb@gmail.com" target="_blank">jared.grubb@gmail.com</a>><u></u>> wrote:<br>
<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><span class="">
On Mar 16, 2015, at 15:18, Adam Romanek <<a href="mailto:romanek.adam@gmail.com" target="_blank">romanek.adam@gmail.com</a><br></span><div><div class="h5">
<mailto:<a href="mailto:romanek.adam@gmail.com" target="_blank">romanek.adam@gmail.com</a><u></u>>> wrote:<br>
<br>
Hi!<br>
<br>
I'm new to this list and to Clang development. Nevertheless I've<br>
been interested in Clang Static Analyzer for a while. I've been<br>
using it on a large code base with a lot of success. So let me<br>
start by saying: thanks for this amazing piece of code!<br>
<br>
But... Some time ago I realized there are hardly any strictly C++<br>
related checkers in CSA. I was wondering if there's any movement<br>
in this area. I was thinking about some checkers for<br>
use-after-free for STL containers like std::string, for example:<br>
<br>
const char* x = NULL;<br>
{<br>
std::string foo("foo");<br>
x = foo.c_str();<br>
}<br>
printf("%s", x); // boom<br>
<br>
There are also some other common types of errors in C++ like use<br>
of iterator after it has been invalidated. FYI this one in<br>
particular is detected by cppcheck.<br>
<br>
So I decided to dig a bit to find out whether it is hard to write<br>
a checker for use-after-free like in the example with std::string.<br>
It looks like MallocChecker deals with a similar class of issues.<br>
<br>
I was wondering whether it would be the right approach to try to<br>
"bend" MallocChecker to my needs (but it's already 2.5k lines of<br>
code) or to start something new on my own.<br>
<br>
Honestly it took me some time even to detect a simple std::string<br>
constructor call so the road looks rather long and bumpy...<br>
<br>
Any hints, pointers? Any related work?<br>
</div></div></blockquote><div><div class="h5">
<br>
I have looked at this in the past, but it was about 18 months ago.<br>
So take my thoughts with that grain of salt. Also note that I’m not<br>
a regular or major contributor here. I’ve done very minor patches,<br>
but always hoping to do more :) So here’s my thoughts, and take them<br>
as you will.<br>
<br>
The MallocChecker is fine, but the problem is that libc++ is really<br>
hard to analyze. It is an efficient implementation, but that<br>
cleverness really stresses the analyzer. For example, std::string’s<br>
memory layout is a union of three different types (“long”, “short”,<br>
“raw” buffers). I think the SA gives up on unions immediately.<br>
<br>
The best way around this is to simplify what the analyzer sees. Here<br>
are two approaches.<br>
<br>
One idea is to use “BodyFarm”, whose role is to synthesize alternate<br>
implementations for functions that should be simple to model. If you<br>
look here, you’ll see a bit about that:<br>
<a href="http://clang-analyzer.llvm.org/open_projects.html" target="_blank">http://clang-analyzer.llvm.<u></u>org/open_projects.html</a><br>
<br>
Another idea is to actually implement a “simple libc++” and<br>
interpose that for analysis. For example, std::basic_string class<br>
would just be a pointer and two size_t’s, along with simple<br>
implementations of all the member functions and simple iterators. In<br>
the future, you could add other analysis hooks (for example, check<br>
for iterator invalidation).<br>
<br>
I did play around a bit on this for Body Farm, and I can forward you<br>
the code I did. I got a couple constructors implemented, as well as<br>
“empty()” and “size()” for some very basic cases (string literal<br>
initialized strings). However, it got a bit tedious and I’m not sure<br>
it would scale. I think the second approach is far more interesting<br>
and maintainable. But a “simple libc++” could be hard for its own<br>
reasons.<br>
<br>
Anyway I’m happy to give you my sketches. I’ll email them off-list.<br>
Take them or ignore them however you like.<br>
<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div class="h5">
<br>
Thanks in advance.<br>
<br>
Best regards,<br>
Adam Romanek<br>
______________________________<u></u>_________________<br>
cfe-dev mailing list<br></div></div>
<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a> <mailto:<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a>><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/<u></u>mailman/listinfo/cfe-dev</a><br>
</blockquote>
<br>
<br>
______________________________<u></u>_________________<br>
cfe-dev mailing list<br>
<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a> <mailto:<a href="mailto:cfe-dev@cs.uiuc.edu" target="_blank">cfe-dev@cs.uiuc.edu</a>><br>
<a href="http://lists.cs.uiuc.edu/mailman/listinfo/cfe-dev" target="_blank">http://lists.cs.uiuc.edu/<u></u>mailman/listinfo/cfe-dev</a><br>
<br>
<br>
</blockquote>
<br></blockquote><div><br></div><div>Cheers,<br></div><div>Gábor <br></div></div><br></div></div>