[cfe-dev] Proposal: Integrate static analysis test suites
<Alexander G. Riccio> via cfe-dev
cfe-dev at lists.llvm.org
Tue Jan 19 22:11:59 PST 2016
A quick update on this project:
I've been slowed by a technical issue, and I lost ~2 weeks as two family
members were in the hospital (sorry!).
Since I develop on Windows, I quickly hit a testcase that clang didn't
detect, as I discussed in "Clang on Windows fails to detect trivial double
free in static analysis".
That resulted in D16245 <http://reviews.llvm.org/D16245>, which (when
accepted) fixes that issue. I want to ensure that novice can simply pass
"--analyze", and clang to "just work", so I've intentionally put off
further testing work. Otherwise, I could hack around it, and subsequently
forget about the workaround. Once that's dealt with, then I can resume work
at a faster pace.
Sincerely,
Alexander Riccio
--
"Change the world or go home."
about.me/ariccio
<http://about.me/ariccio>
If left to my own devices, I will build more.
⁂
On Mon, Jan 4, 2016 at 3:05 PM, Anna Zaks <ganna at apple.com> wrote:
>
> On Jan 2, 2016, at 12:45 PM, <Alexander G. Riccio> <test35965 at gmail.com>
> <Alexander G. Riccio> wrote:
>
> Devin has started writing scripts for running additional analyzer tests as
>> described in this thread:
>>
>
> A buildbot sounds like the perfect idea!
>
> The idea was to check out the tests/projects from the existing repos
>> instead of copying them. Would it be possible to do the same with these
>> tests?
>>
>
> Eh? What do you mean? Would that stop someone from running them in the
> clang unit test infrastructure?
>
> I believe that these tests WILL need to be modified to run in the Clang
> testing infrastructure.
>
>
> Currently, the analyzer is only tested with the regression tests. However,
> those need to be fast (since they effect all clang developers) and they
> have limited coverage. Internally, we’ve been testing the analyzer with the
> test scripts Devin described in the email I referenced. We use that testing
> method to analyze whole projects and long running tests. Those tests can
> and should be executed separately as they take more than an hour to
> complete. The plan is to set up an external builedbot running those tests.
>
> How long would it take to analyze the tests you are planning to add?
> Depending on the answer to that question, adding your tests to the new
> builedbot might be a better fit than adding them to the regression tests.
>
> I also prefer not to modify the externally written tests since it would
> allow us to update them more easily, for example, when a new version of the
> tests comes out.
>
> Is there any way to treat static analyzer warnings as plain old
> warnings/errors? Dumping them to a plist file from a command line
> compilation is a bit annoying, and I think is incompatible with the clang
> unit testing infrastructure?
>
>
> Plist output is one if the outputs that the clang static analyzer
> supports. It is a much richer format than the textual warning since it
> contains information about the path on which the error occurred. We did
> have some lit tests checking plist output as well.
>
>
>
> Sincerely,
> Alexander Riccio
> --
> "Change the world or go home."
> about.me/ariccio
>
> <http://about.me/ariccio>
> If left to my own devices, I will build more.
> ⁂
>
> On Mon, Dec 28, 2015 at 12:23 AM, Anna Zaks <ganna at apple.com> wrote:
>
>>
>> On Dec 17, 2015, at 11:01 AM, <Alexander G. Riccio> <alexander at riccio.com>
>> <Alexander G. Riccio> wrote:
>>
>> However, if the goal is to have the tests
>>> because you would like to make efforts to have the compiler diagnose
>>> their cases properly, that's far more interesting and a good reason to
>>> bring in the tests.
>>
>>
>> That's exactly my intention. Improving the static analyzer to detect
>> these cases, that will be interesting.
>> placeholder text
>>
>> If the other tests are not clearly licensed, we
>>> should try to get NIST to clarify the license of them before
>>> inclusion.
>>
>>
>> That sounds like the best idea, as a government agency, they almost
>> certainly have lawyers.
>>
>> I think the next step is to integrate the working (error correctly
>> diagnosed) tests, only those that are obviously in the public domain, and
>> propose them as a big batched patch. This shouldn't itself be
>> controversial.
>>
>> How exactly do I submit a patch? I see that the LLVM developer policy
>> says to send it to the mailing list (cfe-commits), but I also see that Phabricator
>> comes into this somewhere
>> <http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20151214/145026.html>
>> ?
>>
>>
>> Devin has started writing scripts for running additional analyzer tests
>> as described in this thread:
>>
>> http://clang-developers.42468.n3.nabble.com/analyzer-Adding-build-bot-for-static-analyzer-reference-results-td4047770.html
>>
>> The idea was to check out the tests/projects from the existing repos
>> instead of copying them. Would it be possible to do the same with these
>> tests?
>>
>> Sorry for not replying sooner!
>> Anna.
>>
>> Sincerely,
>> Alexander Riccio
>> --
>> "Change the world or go home."
>> about.me/ariccio
>>
>> <http://about.me/ariccio>
>> If left to my own devices, I will build more.
>> ⁂
>>
>> On Thu, Dec 10, 2015 at 4:04 PM, Aaron Ballman <aaron at aaronballman.com>
>> wrote:
>>
>>> On Mon, Dec 7, 2015 at 9:50 PM, <Alexander G. Riccio> via cfe-dev
>>> <cfe-dev at lists.llvm.org> wrote:
>>> > First time Clang contributor here,
>>> >
>>> > I'd like to add the "C Test Suite for Source Code Analyzer v2", a
>>> > relatively small test suite (102 cases/flaws), some of which Clang
>>> > doesn't yet detect*. See link at bottom.
>>> >
>>> > Immediate questions:
>>> > 0. Does the Clang community/project like the idea?
>>>
>>> I've included a few other devs (CCed) to get further opinions.
>>>
>>> I like the idea of being able to diagnose the issues covered by the
>>> test suite, but I don't think including the test suite by itself is
>>> particularly useful without that goal in mind. Also, one question I
>>> would have has to do with the licensing of the tests themselves and
>>> whether we would need to do anything special there.
>>>
>>> > 1. What's the procedure for including new tests? (not the technical,
>>> > but the community/project).
>>>
>>> Getting the discussion going about the desired goal (as you are doing)
>>> is the right first step.
>>>
>>> > 2. How do I include failing tests without breaking things? Some of
>>> > these tests will fail - that's why I'm proposing their inclusion - but
>>> > they shouldn't yet cause the regression testing system to complain.
>>>
>>> Agreed, any test cases that are failing would have to fail gracefully.
>>> I assume that by failure, you mean "should diagnose in some way, but
>>> currently does not". I would probably split the tests into two types:
>>> one set of tests that properly diagnose the issue (can be checked with
>>> FileCheck or -verify, depending on the kind of tests we're talking
>>> about), and one set of tests where we do not diagnose, but want to see
>>> them someday (which can be tested with expect-no-diagnostics, for
>>> example). This way, we can ensure test cases continue to diagnose when
>>> we want them to, and we can be alerted when new diagnostics start to
>>> catch previously uncaught tests. This is assuming that it makes sense
>>> to include all of the tests at once, which may not make sense in
>>> practice.
>>>
>>> > 3. How does Clang handle licensing of third party code? Some of these
>>> > tests are clearly in the public domain (developed at NIST, says "in
>>> > the public domain"), but others are less clearly licensed.
>>>
>>> Oh look, you asked the same question I asked. ;-) If the tests are in
>>> the public domain and clearly state as such, I think we can go ahead
>>> and include them. If the other tests are not clearly licensed, we
>>> should try to get NIST to clarify the license of them before
>>> inclusion. Depending on the license, we may be able to include them
>>> under their original license. If we cannot clarify the license, I
>>> would guess that we simply should not include those tests as part of
>>> our test suite. Note: I could be totally wrong, IANAL. :-)
>>>
>>> > Should the community accept that testsuite, and I successfully add
>>> > that test suite, then I'd like to step it up a bit, and include the
>>> > "Juliet Test Suite for C/C++". "Juliet" is a huge test suite by the
>>> > NSA Center for Assured Software & NIST's Software Assurance Metrics
>>> > And Tool Evaluation project, which has 25,477 test cases (!!) for 118
>>> > CWEs. I don't think any other open source compiler could compete with
>>> > Clang after this. There's a ton of literature on the "Juliet" suite,
>>> > and listing it here is not necessary.
>>> >
>>> > This project would be my first Clang contribution :)
>>> >
>>> > Personally, I'm interested in static analysis, and this is the first
>>> > step in understanding & improving Clang's static analysis
>>> > capabilities.
>>> >
>>> > I have some ideas on how to detect the currently undetected bugs, and
>>> > I'm curious to see where things lead.
>>>
>>> Adding the tests by themselves is not necessarily interesting to the
>>> project unless they exercise the compiler in ways it's not currently
>>> being exercised. So just having tests for the sake of having the tests
>>> is not too useful (IMO). However, if the goal is to have the tests
>>> because you would like to make efforts to have the compiler diagnose
>>> their cases properly, that's far more interesting and a good reason to
>>> bring in the tests.
>>>
>>> One possible approach if you are interested in having the compiler
>>> diagnose the cases is to bring the tests in one at a time. Start with
>>> the initial batch of "these are diagnosed properly", then move on to
>>> "this test is diagnosed properly because of this patch." Eventually
>>> we'll get to the stage where all of the tests are diagnosed properly.
>>>
>>> > Secondary questions:
>>> > 1. How should I break the new tests up into patches? Should I just
>>> > whack the whole 102 case suite into a single patch, or a bunch of
>>> > smaller ones?
>>>
>>> See comments above.
>>>
>>> > 2. How does the Clang/LLVM static analysis testing infrastructure
>>> > work? I'm going to have to figure this out myself anyways, but where
>>> > should I start? Any tips on adding new tests?
>>>
>>> http://clang-analyzer.llvm.org/checker_dev_manual.html
>>>
>>> Another good place for some of these checkers may be clang-tidy, or
>>> the compiler frontend itself. It's likely to depend on case-by-case
>>> code patterns.
>>>
>>> http://clang.llvm.org/extra/clang-tidy/
>>>
>>> Thank you for looking into this!
>>>
>>> ~Aaron
>>>
>>> >
>>> > *If I remember correctly,
>>> > https://samate.nist.gov/SRD/view_testcase.php?tID=149055 passes
>>> > analysis without complaint. I manually spot checked a very small
>>> > number of tests.
>>> >
>>> > "C Test Suite for Source Code Analyzer v2" (valid code):
>>> > https://samate.nist.gov/SRD/view.php?tsID=101
>>> > "C Test Suite for Source Code Analyzer v2" (invalid code):
>>> > https://samate.nist.gov/SRD/view.php?tsID=100
>>> >
>>> > "Juliet Test Suite for C/C++" (files):
>>> >
>>> https://samate.nist.gov/SRD/testsuites/juliet/Juliet_Test_Suite_v1.2_for_C_Cpp.zip
>>> > "Juliet Test Suite for C/C++" (docs):
>>> >
>>> https://samate.nist.gov/SRD/resources/Juliet_Test_Suite_v1.2_for_C_Cpp_-_User_Guide.pdf
>>> >
>>> >
>>> > Sincerely,
>>> > Alexander Riccio
>>> > _______________________________________________
>>> > cfe-dev mailing list
>>> > cfe-dev at lists.llvm.org
>>> > http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>>
>>
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160120/34861f71/attachment.html>
More information about the cfe-dev
mailing list