<div dir="ltr"><div><span style="font-size:12.8px">Sorry, forgot to add the mailing list....</span></div><span style="font-size:12.8px"><div><span style="font-size:12.8px"><br></span></div>Hi, </span><div style="font-size:12.8px">Thanks for the detailed response.</div><div style="font-size:12.8px">.</div><div class="gmail_extra" style="font-size:12.8px"><div class="gmail_quote"><span class="im"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><br>The most useful project for SAFECode right now is to update its code to work with either LLVM 3.7 or LLVM 3.8. I had a student work on this last summer (code is at <a href="https://github.com/jtcriswell/safecode-llvm37" target="_blank">https://github.com/jtcriswell/safecode-llvm37</a>), but it needs to be completed and tested. On my end, I'm interested in getting SAFECode dusted off because I'd like to use it for research projects that need to attach metadata to memory objects.<br><br>Until SAFECode is updated to a newer version of LLVM, its utility is pretty limited, and any projects to enhance it will basically require that it be updated to a newer version of LLVM.</div></blockquote><div><br></div></span><div>I would definitely love to work on this, I do have experience with using LLVM (atleast till the last version) for the past 1 year. I couldn't completely compile and get the code (int the link) to work though. But, I would like to try and work on it's completion.</div><span class="im"><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><br>Static Array Bounds Checking requires that you understand static analysis. Multiple static analysis methods are applicable: range analysis, integer linear programming, SMT solvers, etc. For a successful proposal for static array bounds checking, you should know which algorithm you will implement and be able to explain why you think it will work well. For SAFECode, the algorithm must be sound with respect to two's complement arithmetic (i.e., the algorithm must take into account that integers in C can experience underflow or overflow when used in arithmetic).</div></blockquote><div><br></div><div><br></div></span><div>I have experience with Integer linear programming using octave and matlab. I also developed very basic solvers of my own. Would it be enough for this project or should I focus on updating SAFECode to newer version?</div><span class="im"><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">The CompleteChecks pass currently uses the DSA points-to analysis (which is large and complicated). There are simpler analyses that one could do to determine whether a memory object is read or written by external code. For example, a simple intra-procedural analysis could determine if a memory object is allocated and only used by the current function, and a simple inter-procedural analysis could create a very simple heap abstraction and perform data-flow analysis on the pointers contained within heap objects to determine if they are influenced by external library code. Basically, there are some simple quick analyses that would be imprecise but could probably find memory objects that are not manipulated by external code.</div></blockquote><div><br></div></span><div>This seems fairly daunting task. Although, I love challenges but since the last date of sending proposal is very close I don't think I can read and understand much in this aspect of code analysis to write a decent proposal. </div><span class="im"><div> </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">I think the only proficiency test is whether you can show in your proposal that you have the necessary programming skills and background information to be able to do what you propose. In both of these projects, if you're not familiar with static analysis (e.g., Kam/Ulman data-flow analysis), then you're likely not ready for these projects. For the two projects you mentioned, I would also expect existing familiarity with LLVM.<br><br>Again, though, the best project is probably to update SAFECode to a modern version of LLVM.<br></div></blockquote><div><br></div><div><br></div></span><div>Thanks. I am definitely inclined to updating SAFECode for now. I will submit the proposal to google within a couple of days. I hope you could provide some pointers in my proposal before the end date so that I could improve it.</div><div>I have existing familiarity with llvm and clang as I used it for working on a project to marshal codes from C/C++ to C# and C++/CLI.</div><div><br></div><div>Regards,</div><div>Abhinav</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><br>Regards,<br><br>John Criswell<div class=""><div id=":110" class="" tabindex="0"><img class="" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div></div></div></blockquote></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Mar 19, 2016 at 12:24 PM, Abhinav Tripathi <span dir="ltr"><<a href="mailto:ee130002001@iiti.ac.in" target="_blank">ee130002001@iiti.ac.in</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi, <div>Thanks for the detailed response.</div><div>.</div><div class="gmail_extra"><div class="gmail_quote"><span class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span><br></span>
The most useful project for SAFECode right now is to update its code
to work with either LLVM 3.7 or LLVM 3.8. I had a student work on
this last summer (code is at
<a href="https://github.com/jtcriswell/safecode-llvm37" target="_blank">https://github.com/jtcriswell/safecode-llvm37</a>), but it needs to be
completed and tested. On my end, I'm interested in getting SAFECode
dusted off because I'd like to use it for research projects that
need to attach metadata to memory objects.<br>
<br>
Until SAFECode is updated to a newer version of LLVM, its utility is
pretty limited, and any projects to enhance it will basically
require that it be updated to a newer version of LLVM.</div></blockquote><div><br></div></span><div>I would definitely love to work on this, I do have experience with using LLVM (atleast till the last version) for the past 1 year. I couldn't completely compile and get the code (int the link) to work though. But, I would like to try and work on it's completion.</div><span class=""><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><span><br></span>
Static Array Bounds Checking requires that you understand static
analysis. Multiple static analysis methods are applicable: range
analysis, integer linear programming, SMT solvers, etc. For a
successful proposal for static array bounds checking, you should
know which algorithm you will implement and be able to explain why
you think it will work well. For SAFECode, the algorithm must be
sound with respect to two's complement arithmetic (i.e., the
algorithm must take into account that integers in C can experience
underflow or overflow when used in arithmetic).</div></blockquote><div><br></div><div><br></div></span><div>I have experience with Integer linear programming using octave and matlab. I also developed very basic solvers of my own. Would it be enough for this project or should I focus on updating SAFECode to newer version?</div><span class=""><div><br></div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
The CompleteChecks pass currently uses the DSA points-to analysis
(which is large and complicated). There are simpler analyses that
one could do to determine whether a memory object is read or written
by external code. For example, a simple intra-procedural analysis
could determine if a memory object is allocated and only used by the
current function, and a simple inter-procedural analysis could
create a very simple heap abstraction and perform data-flow analysis
on the pointers contained within heap objects to determine if they
are influenced by external library code. Basically, there are some
simple quick analyses that would be imprecise but could probably
find memory objects that are not manipulated by external code.</div></blockquote><div><br></div></span><div>This seems fairly daunting task. Although, I love challenges but since the last date of sending proposal is very close I don't think I can read and understand much in this aspect of code analysis to write a decent proposal. </div><span class=""><div> </div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
I think the only proficiency test is whether you can show in your
proposal that you have the necessary programming skills and
background information to be able to do what you propose. In both
of these projects, if you're not familiar with static analysis
(e.g., Kam/Ulman data-flow analysis), then you're likely not ready
for these projects. For the two projects you mentioned, I would
also expect existing familiarity with LLVM.<br>
<br>
Again, though, the best project is probably to update SAFECode to a
modern version of LLVM.<br></div></blockquote><div><br></div><div><br></div></span><div>Thanks. I am definitely inclined to updating SAFECode for now. I will submit the proposal to google within a couple of days. I hope you could provide some pointers in my proposal before the end date so that I could improve it.</div><div>I have existing familiarity with llvm and clang as I used it for working on a project to marshal codes from C/C++ to C# and C++/CLI.</div><div><br></div><div>Regards,</div><div>Abhinav</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
<br>
Regards,<br>
<br>
John Criswell<span class=""><br><span><font color="#888888"><pre cols="72">John Criswell
Assistant Professor
Department of Computer Science, University of Rochester
<a href="http://www.cs.rochester.edu/u/criswell" target="_blank">http://www.cs.rochester.edu/u/criswell</a></pre>
</font></span></span></div>
</blockquote></div><br></div></div>
</blockquote></div><br></div>