SlideShare ist ein Scribd-Unternehmen logo

CodeChecker Overview Nov 2019

Als PPTX, PDF herunterladen
O
Olivera Milenkovic

Using static code analysis tools and detecting and fixing identified issues is very important in order to improve the quality and security of the code baseline. CodeChecker (https://github.com/Ericsson/codechecker ) is an open source analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. It provides a number of additional features: - Good visualization of problems in the code - Overview of results for the whole product - Filtering - Cross translational unit analysis and statistical checkers support - Suppression handling - And many others... These features simplify the follow up of results and make it more efficient. In the video, an overview of features and capabilities of CodeChecker is demonstrated as well as a description and recommendation of how to introduce new tools. Recording of the demo: https://youtu.be/sQ2Qj0kHoRY published in C++ Dublin User group https://www.youtube.com/channel/UCZ4UNE_1IMUFfAhcdq7CMOg/ Useful links: open source project: https://github.com/Ericsson/codechecker http://codechecker-demo.eastus.cloudapp.azure.com/login.html# demo/demo https://codechecker.readthedocs.io/en/latest/ http://clang-analyzer.llvm.org/available_checks.html http://clang.llvm.org/extra/clang-tidy/checks/list.html Other related videos about Clang Static Analyzer and CodeChecker that goes a bit more deeply into how Clang Static Analyzer works: Clang Static Analysis - Meeting C++ 2016 Gabor Horvath https://www.youtube.com/watch?v=UcxF6CVueDM CppCon 2016: Gabor Horvath “Make Friends with the Clang Static Analysis Tools" https://www.youtube.com/watch?v=AQF6hjLKsnM

Software
1 von 58
CodeChecker overview and demo Olivera Milenkovic, Ericsson Dublin C++ Meetup,18.11.2019. Olivera.O.Milenkovic@ericsson.com
Contents • Introduction • What is CodeChecker • Why to use Codechecker - features • Demo • Deployment • Limitations • Next steps
Introduction
Main reasons to use Static Code analyses • Find bugs • have reliable and robust code • Increase path coverage not just line coverage • Identify potential security vulnerabilities • Improve customer perception - find software bugs before they find your customers • Reduce cost of fixing customer trouble reports • by decreasing number of potential defects, especially those that are hard to reproduce • Comply to Coding standards for example MISRA • Increase coding and design rules competence within teams • Analyze source code without running it • Find optimization opportunities • Visualize • Metrics It saves time and money
• No additional test code needed • Features • Full path coverage • False path pruning • Inline explanations of defects • Customer trust and satisfaction • Enforce safe coding standards: MISRA, CWE, STATIC CODE ANALYSES ClangSA Cppcheck Flexlint Speed Depth Accuracy Usability Supported versions of OS and language Commercial Open source And many more….
1. Textual Pattern Matching – (CppCheck...) 2. AST Matchers/Walkers - (CppCheck, Clang Tidy...) 3. Abstract Interpretation - Flow sensitive Algorithms (Compiler warnings) 4. Abstract Interpretation - Path sensitive algorithms, Symbolic Execution (Clang static analyzer) 5. Concolic Execution 6. … How can we measure the precision of the checkers? 1. False positive rate: False Reports / All Reports 2. False negative rate: Non-reported defects / All existing defects The lower these values, the better, but 0 is impossible. Checking techniques
1. Pattern matching int foo (const int value){ int clampedValue=value; if (clampedValue<minVal) clampedValue=minVal; else if (clampedValue > maxVal) clampedVal=maxVal; return clampedValue; } int foo (const int value){ const int clampedValue=value; clampedValue = clamp(value,minVal,maxVal); return clampedValue; } if ( w+ x3c w+ ) { w+ = w+ ; } else {if ( w+ x3c w+ ) { w+ = w+ ; } } Design rule matching pattern (Sample from CppCheck) Original Code Desired Code
2. ASTMatchers void foo (double * p, size_t s){ … p=(double*) malloc(s*sizeof(p)); … } void foo (double * p, size_t s){ … p=(double*) malloc(s*sizeof(*p)); … } Arglist Arg Type double * Name p Primary Expr sizeof paramlist Param 1 p Suspicious code Correct code Size of the pointer is obtained instead of the pointed to type
3. SymbolicExecution
Multiple tool usage More tools -> • More defects detected due to different analyses engines • Better quality – shift left • Less security vulnerabilities • Less vendor lock-in • More false positives • More hardware usage • More education • More cost if commercial tools used tool4 tool1 tool2 Tool 3
Successful projects depend on • Members • Developers • Standards • Infrastructure… To develop products that market will adopt
Ericsson CodeChecker Team • Develops the CodeChecker Tooling in open source: • https://github.com/Ericsson/codechecker • Contributes to the open source Clang project • With new checkers • With new analyzer features: CTU, Statistical analysis • With bug fixes • Contributing to open source Clang since 2013
What is CodeChecker
CodeChecker references • https://github.com/Ericsson/codechecker • https://codechecker.readthedocs.io/en/latest/ • https://codechecker.readthedocs.io/en/latest/usage/ • http://codechecker-demo.eastus.cloudapp.azure.com/login.html# • User id: demo • Password: demo • http://clang-analyzer.llvm.org/available_checks.html • http://clang.llvm.org/extra/clang-tidy/checks/list.html
CODECHECKER LLVM Project http://llvm.org/ Clang http://clang.llvm.org/ http://clang.llvm.org/docs/index.html "LLVM native" C/C++/Objective-C compiler: C/C++/Objective C compiler Open source, modular Can be reused as library Many analysis related tools: Address Sanitizer, Thread Sanitizer, Clang-format, … Clang Tidy, Clang Static Analyzer, Clang compiler warnings Up to date C/C++ language support (C++11,14,17) Active developer community: Google, Samsung, Sony, Ericsson … source code analysis tool • find programming bugs in C/C++, Objective C • Impressive checker framework • Symbolic Execution • 150+ Checkers • Extensible with new checkers • Active community: Apple, Ericsson, Samsung … collection of modular and reusable compiler and toolchain technologies http://llvm.org/ Clang Static Analyzer http://clang-analyzer.llvm.org CodeChecker database and viewer extension for Clang Static Analyzer https://github.com/Ericsson/codechecker Clang Tidy http://clang-analyzer.llvm.org
CodeChecker by Ericsson open source tooling for clang analyzers Clang Tidy clang.llvm.org Clang SA clang-analyzer.llvm.org CodeChecker Report Mgmt Web Server GIT (CI) Commit Loop utilities Browser Eclipse Client CodeChecker command line E/// Checkers Analyzer Report Storage Ericsson only checkers New Analyzer Features Cross Translation Unit Analysis Statistical Checkers Viewer & Report Management Features 1 2 3
Summary Short summary card CodeChecker 6.10.1 - current latest version (Clang 8 ) Description Analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain Supported Languages C,C++,Objective C Supported Architectures Linux, OSX, docker support Technology AST Matcher, Symbolic Execution Analyzers Support for multiple analyzers, currently Clang Static Analyzer and Clang-Tidy, soon also CppCheck, plan is to also add FB Infer and other tools (sanitizers) Features Inter-procedural analysis, Cross TU Analysis, statistical checkers, suppression handling, filtering,… Price Free False Positive Rate Low Checker Database ~300+ checkers (Clangsa 120+, clang-tidy 250+,clang warnings…) +50 Ericsson rules Developer Community Large open source. Apple, Google, Ericsson supported
ClangSA Capabilities & Limitations Codechecker is invocation of clang analyses and ClangSA has following capabilities • Constraints registered for bools, integers, chars, pointers (during symbolic execution values represented as intervals) • Memory Aliasing detected int a=0; int* p =&a; 1/*p; //!Div by Zero! - pointer value followed • Hierarchical memory model for arrays, structs and classes - tracking all values of members • Path-sensitive analysis -all branches, switch statements followed • Context-sensitive inter-procedural analysis – function calls are followed even in external TUs Limitations (mainly scalability) • Number of unique paths are exponential with the number of branches: Opportunistic exploration of some paths (does not give full path coverage) if, switch, for loop, while potential branches… - promising paths selected by heuristics • Limited loop unrolling – by defaults not all possible explored (4 times unrolled if we do not know condition variable for loop), for fixed numbers try to unroll • Limited call depths – cannot go indefinitely, fixed limit used • Too long paths are hard to understand for humans – in some cases presume that return value is unknown
CodeChecker features
Included checkers • CodeChecker is doing many type of checks • http://clang-analyzer.llvm.org/available_checks.html • http://clang.llvm.org/extra/clang-tidy/checks/list.html • Ericsson customized checkers • new clang analysis features, such as CTU (Cross Translation Unit Analysis) • statistical checkers not open sourced yet, but plan is to open source them in 2020 • It is identifying • defects in the code that were missed during deskchecks and testing • places where users did not follow some of design rules and best practices
SEI Cert rules and testing • https://wiki.sei.cmu.edu/confluence/display/seccode • Example • https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL50- CPP.+Do+not+define+a+C-style+variadic+function • Automation tools support info on SEI Cert website is not complete and up to date • Ericsson test suite testing SEI cert rules • CodeChecker with Clang 8 covers about 38% of rules • 151 PASSED from the 380 Test-cases: in total 39.7% rule coverage • We need clarification from SEI Cert to publish test suite • With other Clang dynamic sanitizer tools coverage can be increased
Checker categories covered by clang I Null pointer dereferences Dereference after a null check Dereference a null return value Dereference before a null check Security best practice violations Possible buffer overflow Copy into a fixed sized buffer Calling risky function User pointer dereference Program hangs sleep()while holding lock Double lock or missing unlock Infinite loop Negative loop bound Thread deadlock Code Maintainability Issues Multiple return statements Unused pointer value Incorrect Expressions Evaluation Order Violation Copy & paste error Insecure Data handling Integer overflow Loop bound by untrusted source Write/read array/pointer with untrusted value Format string with untrusted source Performance inefficiencies Big parameter passed by value Large stack use
Checker categories covered by clang II Resource Leaks Memory Leaks Resource leak in object Incomplete delete Uninitialized variables Missing return statement Uninitialized pointer/scalar/… Uninitialized data member in class or struct Integer Handling Issues Improper use of negative value Unintended sign extension Incompatible cast Improper use of APIs Insecure chroot Using invalid iterator printf() argument mismatch Memory Corruptions Out-of-bounds access String length miscalculations Copying to too small destination buffers Overflowed pointer write Negative array index write Allocation size error Memory-illegal access Incorrect delete operator Overflowed pointer read Out-of-bounds read Returning pointer to local variable Negative array index read User/read pointer after free Control Flow issues Logically/structurally dead code Missing break in switch Error handling issues Unchecked return value Uncaught exception
MAIN REASONS TO USE CODECHECKER 1. Easier visual understanding of defects (The root cause of each defect is clearly explained, making it easy to fix bugs) 2. Full path coverage – CTU analyses and statistical checkers 3. Overall summary of results for product (good for Status monitoring and Planning of cleanups) 4. Filtering possibilities 5. Visibility of “Depth” of finding - number of steps that lead to error 6. Suppression handling (Per finding not file, False positive vs intentional) 7. Report generation 8. Easy detection of new defects 9. Easy integration to Gerrit verification for new defects 10. Additional Ericsson checkers 11. Eclipse integration... 12. Low false positive rate – path pruning
THE CLANG STATIC ANALYZER •Approximations/heuristics • Non-complete and non-sound • False positive/false negative • Industrial use (Ericsson, Apple, …) •Symbolic execution • Path sensitive 28 Introduction • Motivation • Implementation • Evaluation • Summary
Ericsson Internal | 2016-03-08 | Page 5 Sim pl e An a l y s is test1(){ int z=1/(3-abs(3)); } int abs(int a){ if a<0 return –a; else return a; } source1.c Error: Division by zero Interprocedural: symbolic execution across procedure (function) boundaries. Simple analyses
Ericsson Internal | 2016-03-08 | Page 6 int abs(int a){ if a<0 return –a; else return a; } test1(){ int z=1/(3-abs(3)); } Cr o s s Tr a n s l a t io n Un it a n a l y s is (CTU) source1.c source2.c Translation Unit 1 Translation Unit 2 Error: Division by zero To detect bugs across source file boundaries CTU analysis is needed! Cross translational unit analyses (CTU)
Ericsson Internal | 2016-03-08 | Page 7 St a t is t ic a l a n a l y s is func1(){ char *s = read_from_user(); if (s!=NULL) print(“user said: %s”, s); } func2(){ char *s = read_from_user(); if (s!=NULL) print(“user says: %s”, s); } func3(){ char *s = read_from_user(); if (s) print(“user thinks: %s”, s); } func4(){ char *s = read_from_user(); print(“user wrote: %s”, s); } Based on usage samples the analyzer knows that read_from_user() can return NULL pointer. Error: s can potentially be NULL, so we report a null pointer dereference error here. Null return, negative return, checked return Statistical analyses
SUMMARY CTU •Clang SA TU-internal analysis extended to Cross- TU analysis for C/C++ •Finds 2-3 times more reports •Scalable & useful for industrial-size projects (PostgreSql, OpenSSL, …) •Patch has been accepted into upstream Clang •Try it yourself with latest Clang and CodeChecker 32
• Executable level • Generate code, create build database and analyse all code included in executable • Library level • Generate code and build database only for lib/code under investigation • Analyse code • Limitations • Some higher level defects would be missed • Statistical analyses would also give different results Analysis approach
Example of flag usage • --ctu --stats --report-hash context-free -j10 --skip <path>/codechecker_skip_file -e sensitive -e abseil-string- find-startswith -e apiModeling.TrustNonnull -e bugprone-narrowing-conversions -e cert-msc32-c -d bugprone- virtual-near-miss -d bugprone-incorrect-roundings -o • CodeChecker checkers --profile sensitive - display all checkers included
CodeChecker suppression handling
STATIC ANALYSES findings Bug Intentional False positive • Fix the code • Tool correctly reports • We have reason not to fix • Tool not correct and should be improved
• Before doing any suppressions please read user guide https://github.com/Ericsson/codechecker/blob/master/docs/false_positives.md that explains how to deal with false positives • Also https://github.com/Ericsson/codechecker/blob/master/docs/user_guide.md#suppression-code explains format of suppressions if you still decide to go ahead with suppressions • codechecker_false_positive • codechecker_intentional • codechecker_confirmed • If by mistake you have added suppression into the code and then change your mind after some run was stored to the database then you need to both remove suppression from the code, but also change review status in the database for that bug to "Unreviewed" Suppression handling
Tracking results & Reporting tool issues False positives False negatives • Configuration or filtering issue or • Tool does not detect • Checker exist but limitation of the tool • Unsupported type of checker • Should be fixed to improve tool and prevent waste True positive-bug • Should be treated as TR • Collect stats about identified issues • Track accuracy of checker True positive - intentional • Prepare standalone reproducible example and report ticket!
CodeChecker demo
Examples using open source projects • http://codechecker-demo.eastus.cloudapp.azure.com/Default/# • Password – Demo/Demo • https://codechecker.readthedocs.io/en/latest/usage/
Demo of codechecker workflow 1. Analyze a project 2. View results in command line & static HTML 3. Upload results to CodeChecker Web Server (optional) 4. Add a bug & Fix a bug 5. List results changes after code update 6. Fix the added bugs 7. Confirm that no new bug is introduced 8. Commit patch & (Store new analysis results)
1. Analyze project //Create compile commands json CodeChecker log -b "make clean;make -j10" -o compile_commands.json //Create a first clean analysis CodeChecker analyze ./compile_commands.json -j20 -o reports [INFO 2018-03-04 19:08] - Starting static analysis ... [INFO 2018-03-04 19:08] - [1/10] clang-tidy analyzed tinystr.cpp successfully. [INFO 2018-03-04 19:08] - [2/10] clang-tidy analyzed tinyxmlerror.cpp successfully. Analysis results are stored in the reports directory.
2. View results CodeChecker parse ./reports --print-steps Found no defects while analyzing xmltest.cpp [HIGH] tinyxml.cpp:1542:23: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'node') [core.NullDereference] node->prev->next = node->next; ^ Report hash: f99cd33b42d9620b2aba1e32bfdce636 Steps: 1, tinyxml.cpp:564:2: Calling 'TiXmlElement::ClearThis' 2, tinyxml.cpp:568:1: Entered call from '~TiXmlElement' 3, tinyxml.cpp:571:9: Entering loop body 4, tinyxml.cpp:574:3: Calling 'TiXmlAttributeSet::Remove' 5, tinyxml.cpp:1534:1: Entered call from 'TiXmlElement::ClearThis' 6, tinyxml.cpp:1538:29: Entering loop body 7, tinyxml.cpp:1538:48: Value assigned to 'node' 8, tinyxml.cpp:1538:2: Looping back to the head of the loop 9, tinyxml.cpp:1538:29: Entering loop body 10, tinyxml.cpp:1540:8: Assuming 'node' is equal to 'removeMe' 11, tinyxml.cpp:1540:8: Assuming pointer value is null 12, tinyxml.cpp:1542:23: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'node') Found 2 defect(s) while analyzing tinyxml.cpp ----==== Summary ====---- -------------------------------- Filename | Report count -------------------------------- tinyxmlparser.cpp | 2 tinyxml.cpp | 1 tinyxml.h | 1 -------------------------------- ----------------------- Severity | Report count ----------------------- HIGH | 4 ----------------------- ----=================---- Total number of reports: 4 -----------
3. Generate reports to static html CodeChecker parse ./reports -e html -o reports_html [INFO 2018-03-04 19:11] - Generating html output files: ... To view the results in a browser run: > firefox /home/ednikru/work/codechecker/education_material/TinyXML/reports_html
4. Start server and store results //Starting server (with sqlite db backend) CodeChecker server -v 12345 -w ./workspace& //Store analysis results to the local server CodeChecker store ./reports --url http://localhost:12345/Default -n tinyxml_base //results can be viewed at //firefox http://localhost:12345/Default For official CI runs in your organizations setup permanent database, setup access rights and push results to it This is done by CI scripts and not by the developer!
5. List results changes after code update //Re-analyzing the project CodeChecker check -b "make" -o reports -j10 //Calculating diff to the central DB CodeChecker cmd diff -n ./reports -b tinyxml_base --url http://localhost:12345/Default --new [INFO 2018-03-04 20:07] - Matching against runs: tinyxml_base /home/ednikru/work/codechecker/education_material/TinyXML/tinyxml.cpp:1 887:2: Potential leak of memory pointed to by 'something' [cplusplus.NewDeleteLeaks] DoIndent(); Edit the code and reanalyze the project! Note: Here we use incremental analysis! CodeChecker cmd diff -n ./reports -b tinyxml_base --url http://localhost:12345/Default --new -o html -e ./diff_html //To see the results //$ firefox ./diff_html You can generate the diff output to static HTML too:
6. Fix the code and re-check //Re-analyzing the project CodeChecker check -b "make" -o reports -j10 CodeChecker cmd diff -n ./reports -b tinyxml_base --url http://localhost:12345/Default --new [INFO 2018-03-04 19:49] - Matching against runs: tinyxml_base [INFO 2018-03-04 19:49] - No results Fix the errors reported by CodeChecker in your source code! All good! Your patch will not introduce new faults that can be detected by Clang!  It is safe to push it for gerrit review. All re-analysis and diff is done locally by the developer without updating the central DB!
What to do with false positives? 1. Ruling out infeasible paths 1. Use asserts (and debug builds) 2. Correlated conditions 3. Partial functions 4. Loops 5. Prefer standard functions 6. Use const whenever possible 7. Do not turn off core checks 2. Suppress or skip results 1. 3rd party/Unauthored code • Put them to skip list 2. Authored code: • Use asserts, make intents explicit • Otherwise //codechekcer_suppress For more info see: CodeChecker False positives Guide Clang SA FAQ and How to Deal with Common False Positives
If nothing else helps use codechecker suppress If nothing else helps, you can use in-line code suppression to suppress false positive. It is likely that this indicates a bug in the analyzer.
CodeChecker analyze ./compile_commands.json -j20 -o reports -i SKIPFILE False positives in 3pp code: use skip file -/skip/all/files/in/directory/* -/do/not/check/this.file +/dir/do.check.this.file -/dir/* Skip file format:
Recommended deployment steps
Introducing new analysis tool or changing settings New tool, new version of existing tool or modified settings New legacy findings identified preventing new defects Continue using new version Cleanup of legacy findings ( most critical first) and/or suppressions of some less critical
Limitations
CLANG STATIC ANALYZER – RESTRICTIONS •Limits on exploration: Callstack depth, number of inlined function, number of ExplodedNodes… •Analysis Budget •Clang SA supported: Inter-procedural within one translation unit (TU) 56 void foo(bool b) { for(int i = 0; i < 100; ++i) { if (b) ... } }
How to get more complete results • Limitations • Hardware limitations – abstract syntax tree size • Analyses time limitations • Settings control depth of analyses, number of loops etc • Goal • to get from tool potential defects in the code • Not speed of runs • Regular default setting but also some less frequent longer runs with increased settings • Cross translational analyses • Statistical checkers • Incremental analyses
Summary/Next steps
Further plans • Multiple analyzers will be supported • More checkers will be added • Source code will be updated to Python 3 • Debian packages will be released
Activities in open source • Contributors on GitHub:​ • Total: 27​ • External active in this year: 5​ • Open source projects analyzed regurarly with CodeChecker:​ • Firefox​ • Chromium​ • …​ • Docker image is available on dockerhub for the webserver • docker run -d -p 8001:8001 -v /home/$USER/codechecker_workspace:/workspace codechecker/codechecker-web:6.10.1​
Various comparisons of tools – additional features and settings matter •https://www.spazioit.com/pages_en/sol_inf_en/code_quality_en/clang_vrs_fb_infer_en/ Here you are with the reports produced by the two tools: Clang Report FB Infer Report •>>SAFe Toolset<< •>Clang Analizer Demo I< •>Clang Analyzer Demo II< •>Clang Analyzer Demo III< •>Facebook Infer Demo< •>SonarQube Demo<
Summary • Define good strategy for legacy cleanups • Together we can do more in open source community • Reuse more and share findings • Report bugs and examples • Contribute with checkers • Compare tools so that we specialize usage and get more in total

Empfohlen

CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021Olivera Milenkovic
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Sam Bowne
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege EscalationRiyaz Walikar
 
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Amazon Web Services
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
Blazing Performance with Flame Graphs
Blazing Performance with Flame GraphsBlazing Performance with Flame Graphs
Blazing Performance with Flame GraphsBrendan Gregg
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorSam Bowne
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 

Empfohlen

CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021Olivera Milenkovic
 
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms
Ch 1: Web Application (In)security & Ch 2: Core Defense Mechanisms Sam Bowne
 
Windows Privilege Escalation
Windows Privilege EscalationWindows Privilege Escalation
Windows Privilege EscalationRiyaz Walikar
 
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...
Infrastructure at Scale: Apache Kafka, Twitter Storm & Elastic Search (ARC303...Amazon Web Services
 
CNIT 141 13. TLS
CNIT 141 13. TLSCNIT 141 13. TLS
CNIT 141 13. TLSSam Bowne
 
Blazing Performance with Flame Graphs
Blazing Performance with Flame GraphsBlazing Performance with Flame Graphs
Blazing Performance with Flame GraphsBrendan Gregg
 
Practical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorPractical Malware Analysis: Ch 11: Malware Behavior
Practical Malware Analysis: Ch 11: Malware BehaviorSam Bowne
 
PHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabPHDays 2018 Threat Hunting Hands-On Lab
PHDays 2018 Threat Hunting Hands-On LabTeymur Kheirkhabarov
 
Lightweight Transactions in Scylla versus Apache Cassandra
Lightweight Transactions in Scylla versus Apache CassandraLightweight Transactions in Scylla versus Apache Cassandra
Lightweight Transactions in Scylla versus Apache CassandraScyllaDB
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army ToolChandrapal Badshah
 
Grokking Techtalk #37: Data intensive problem
Grokking Techtalk #37: Data intensive problem Grokking Techtalk #37: Data intensive problem
Grokking Techtalk #37: Data intensive problemGrokking VN
 
GoLang Introduction
GoLang IntroductionGoLang Introduction
GoLang IntroductionSpandana Govindgari
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservicespflueras
 
A story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMFrans Rosén
 
Actor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachActor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachEmre Akış
 
Ch 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsCh 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsSam Bowne
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking themMikhail Egorov
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Kubernetes Resource Mis-management - What not to do
Kubernetes Resource Mis-management - What not to doKubernetes Resource Mis-management - What not to do
Kubernetes Resource Mis-management - What not to doNatan Yellin
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricksGarethHeyes
 
CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)Sam Bowne
 
Cassandra concepts, patterns and anti-patterns
Cassandra concepts, patterns and anti-patternsCassandra concepts, patterns and anti-patterns
Cassandra concepts, patterns and anti-patternsDave Gardner
 
Rate Limiting with NGINX and NGINX Plus
Rate Limiting with NGINX and NGINX PlusRate Limiting with NGINX and NGINX Plus
Rate Limiting with NGINX and NGINX PlusNGINX, Inc.
 
CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)Sam Bowne
 
Clang tidy
Clang tidyClang tidy
Clang tidyYury Yafimachau
 
Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingRISC-V International
 

Weitere ähnliche Inhalte

Was ist angesagt?

Lightweight Transactions in Scylla versus Apache Cassandra
Lightweight Transactions in Scylla versus Apache CassandraLightweight Transactions in Scylla versus Apache Cassandra
Lightweight Transactions in Scylla versus Apache CassandraScyllaDB
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 
Grokking Techtalk #37: Data intensive problem
Grokking Techtalk #37: Data intensive problem Grokking Techtalk #37: Data intensive problem
Grokking Techtalk #37: Data intensive problemGrokking VN
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservicespflueras
 
A story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMFrans Rosén
 
Actor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachActor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachEmre Akış
 
Ch 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsCh 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsSam Bowne
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking themMikhail Egorov
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operationsSunny Neo
 
Kubernetes Resource Mis-management - What not to do
Kubernetes Resource Mis-management - What not to doKubernetes Resource Mis-management - What not to do
Kubernetes Resource Mis-management - What not to doNatan Yellin
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the ApplicationSam Bowne
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricksGarethHeyes
 
CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)Sam Bowne
 
Cassandra concepts, patterns and anti-patterns
Cassandra concepts, patterns and anti-patternsCassandra concepts, patterns and anti-patterns
Cassandra concepts, patterns and anti-patternsDave Gardner
 
Rate Limiting with NGINX and NGINX Plus
Rate Limiting with NGINX and NGINX PlusRate Limiting with NGINX and NGINX Plus
Rate Limiting with NGINX and NGINX PlusNGINX, Inc.
 
CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)Sam Bowne
 

Was ist angesagt? (20)

Lightweight Transactions in Scylla versus Apache Cassandra
Lightweight Transactions in Scylla versus Apache CassandraLightweight Transactions in Scylla versus Apache Cassandra
Lightweight Transactions in Scylla versus Apache Cassandra
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
Netcat - A Swiss Army Tool
Netcat - A Swiss Army ToolNetcat - A Swiss Army Tool
Netcat - A Swiss Army Tool
 
Grokking Techtalk #37: Data intensive problem
Grokking Techtalk #37: Data intensive problem Grokking Techtalk #37: Data intensive problem
Grokking Techtalk #37: Data intensive problem
 
GoLang Introduction
GoLang IntroductionGoLang Introduction
GoLang Introduction
 
Stability Patterns for Microservices
Stability Patterns for MicroservicesStability Patterns for Microservices
Stability Patterns for Microservices
 
A story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEMA story of the passive aggressive sysadmin of AEM
A story of the passive aggressive sysadmin of AEM
 
Actor model : A Different Concurrency Approach
Actor model : A Different Concurrency ApproachActor model : A Different Concurrency Approach
Actor model : A Different Concurrency Approach
 
Ch 10: Attacking Back-End Components
Ch 10: Attacking Back-End ComponentsCh 10: Attacking Back-End Components
Ch 10: Attacking Back-End Components
 
Securing AEM webapps by hacking them
Securing AEM webapps by hacking themSecuring AEM webapps by hacking them
Securing AEM webapps by hacking them
 
Introduction to red team operations
Introduction to red team operationsIntroduction to red team operations
Introduction to red team operations
 
Kubernetes Resource Mis-management - What not to do
Kubernetes Resource Mis-management - What not to doKubernetes Resource Mis-management - What not to do
Kubernetes Resource Mis-management - What not to do
 
4 Mapping the Application
4 Mapping the Application4 Mapping the Application
4 Mapping the Application
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
XSS Magic tricks
XSS Magic tricksXSS Magic tricks
XSS Magic tricks
 
CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)CNIT 127: 8: Windows overflows (Part 2)
CNIT 127: 8: Windows overflows (Part 2)
 
Cassandra concepts, patterns and anti-patterns
Cassandra concepts, patterns and anti-patternsCassandra concepts, patterns and anti-patterns
Cassandra concepts, patterns and anti-patterns
 
Rate Limiting with NGINX and NGINX Plus
Rate Limiting with NGINX and NGINX PlusRate Limiting with NGINX and NGINX Plus
Rate Limiting with NGINX and NGINX Plus
 
CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)CNIT 127 Ch 8: Windows overflows (Part 1)
CNIT 127 Ch 8: Windows overflows (Part 1)
 
Clang tidy
Clang tidyClang tidy
Clang tidy
 

Ähnlich wie CodeChecker Overview Nov 2019

Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Securitysedukull
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingRISC-V International
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Engineering Software Lab
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error predictionNIKHIL NAWATHE
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldAndrey Karpov
 
Incremental Model Queries for Model-Dirven Software Engineering
Incremental Model Queries for Model-Dirven Software EngineeringIncremental Model Queries for Model-Dirven Software Engineering
Incremental Model Queries for Model-Dirven Software EngineeringÁkos Horváth
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools
GNAT Pro User Day: Latest Advances in AdaCore Static Analysis ToolsGNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools
GNAT Pro User Day: Latest Advances in AdaCore Static Analysis ToolsAdaCore
 
EKON 23 Code_review_checklist
EKON 23 Code_review_checklistEKON 23 Code_review_checklist
EKON 23 Code_review_checklistMax Kleiner
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerAndrey Karpov
 
Design Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesDesign Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesInductive Automation
 
Sista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performanceSista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performanceESUG
 
Design Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesDesign Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesInductive Automation
 
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Pôle Systematic Paris-Region
 
Полезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теорииПолезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теорииSQALab
 
Functional verification techniques EW16 session
Functional verification techniques EW16 sessionFunctional verification techniques EW16 session
Functional verification techniques EW16 sessionSameh El-Ashry
 

Ähnlich wie CodeChecker Overview Nov 2019 (20)

Code Quality - Security
Code Quality - SecurityCode Quality - Security
Code Quality - Security
 
Getting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testingGetting started with RISC-V verification what's next after compliance testing
Getting started with RISC-V verification what's next after compliance testing
 
Introduction to White box testing
Introduction to White box testingIntroduction to White box testing
Introduction to White box testing
 
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis Parasoft .TEST, Write better C# Code Using Data Flow Analysis
Parasoft .TEST, Write better C# Code Using Data Flow Analysis
 
Pragmatic Code Coverage
Pragmatic Code CoveragePragmatic Code Coverage
Pragmatic Code Coverage
 
Code Analysis-run time error prediction
Code Analysis-run time error predictionCode Analysis-run time error prediction
Code Analysis-run time error prediction
 
SAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security worldSAST, CWE, SEI CERT and other smart words from the information security world
SAST, CWE, SEI CERT and other smart words from the information security world
 
Incremental Model Queries for Model-Dirven Software Engineering
Incremental Model Queries for Model-Dirven Software EngineeringIncremental Model Queries for Model-Dirven Software Engineering
Incremental Model Queries for Model-Dirven Software Engineering
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools
GNAT Pro User Day: Latest Advances in AdaCore Static Analysis ToolsGNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools
GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools
 
EKON 23 Code_review_checklist
EKON 23 Code_review_checklistEKON 23 Code_review_checklist
EKON 23 Code_review_checklist
 
Price of an Error
Price of an ErrorPrice of an Error
Price of an Error
 
The operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzerThe operation principles of PVS-Studio static code analyzer
The operation principles of PVS-Studio static code analyzer
 
Design Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesDesign Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best Practices
 
Sista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performanceSista: Improving Cog’s JIT performance
Sista: Improving Cog’s JIT performance
 
Design Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best PracticesDesign Like a Pro: Scripting Best Practices
Design Like a Pro: Scripting Best Practices
 
ASIC design verification
ASIC design verificationASIC design verification
ASIC design verification
 
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
Mise en œuvre des méthodes de vérification de modèle et d'analyse statique de...
 
Полезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теорииПолезные метрики покрытия. Практический опыт и немного теории
Полезные метрики покрытия. Практический опыт и немного теории
 
Functional verification techniques EW16 session
Functional verification techniques EW16 sessionFunctional verification techniques EW16 session
Functional verification techniques EW16 session
 

Kürzlich hochgeladen

DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

Kürzlich hochgeladen (20)

DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 

CodeChecker Overview Nov 2019

  • 1. CodeChecker overview and demo Olivera Milenkovic, Ericsson Dublin C++ Meetup,18.11.2019. Olivera.O.Milenkovic@ericsson.com
  • 2. Contents • Introduction • What is CodeChecker • Why to use Codechecker - features • Demo • Deployment • Limitations • Next steps
  • 4. Main reasons to use Static Code analyses • Find bugs • have reliable and robust code • Increase path coverage not just line coverage • Identify potential security vulnerabilities • Improve customer perception - find software bugs before they find your customers • Reduce cost of fixing customer trouble reports • by decreasing number of potential defects, especially those that are hard to reproduce • Comply to Coding standards for example MISRA • Increase coding and design rules competence within teams • Analyze source code without running it • Find optimization opportunities • Visualize • Metrics It saves time and money
  • 5. • No additional test code needed • Features • Full path coverage • False path pruning • Inline explanations of defects • Customer trust and satisfaction • Enforce safe coding standards: MISRA, CWE, STATIC CODE ANALYSES ClangSA Cppcheck Flexlint Speed Depth Accuracy Usability Supported versions of OS and language Commercial Open source And many more….
  • 6.
  • 7. 1. Textual Pattern Matching – (CppCheck...) 2. AST Matchers/Walkers - (CppCheck, Clang Tidy...) 3. Abstract Interpretation - Flow sensitive Algorithms (Compiler warnings) 4. Abstract Interpretation - Path sensitive algorithms, Symbolic Execution (Clang static analyzer) 5. Concolic Execution 6. … How can we measure the precision of the checkers? 1. False positive rate: False Reports / All Reports 2. False negative rate: Non-reported defects / All existing defects The lower these values, the better, but 0 is impossible. Checking techniques
  • 8. 1. Pattern matching int foo (const int value){ int clampedValue=value; if (clampedValue<minVal) clampedValue=minVal; else if (clampedValue > maxVal) clampedVal=maxVal; return clampedValue; } int foo (const int value){ const int clampedValue=value; clampedValue = clamp(value,minVal,maxVal); return clampedValue; } if ( w+ x3c w+ ) { w+ = w+ ; } else {if ( w+ x3c w+ ) { w+ = w+ ; } } Design rule matching pattern (Sample from CppCheck) Original Code Desired Code
  • 9. 2. ASTMatchers void foo (double * p, size_t s){ … p=(double*) malloc(s*sizeof(p)); … } void foo (double * p, size_t s){ … p=(double*) malloc(s*sizeof(*p)); … } Arglist Arg Type double * Name p Primary Expr sizeof paramlist Param 1 p Suspicious code Correct code Size of the pointer is obtained instead of the pointed to type
  • 11. Multiple tool usage More tools -> • More defects detected due to different analyses engines • Better quality – shift left • Less security vulnerabilities • Less vendor lock-in • More false positives • More hardware usage • More education • More cost if commercial tools used tool4 tool1 tool2 Tool 3
  • 12. Successful projects depend on • Members • Developers • Standards • Infrastructure… To develop products that market will adopt
  • 13. Ericsson CodeChecker Team • Develops the CodeChecker Tooling in open source: • https://github.com/Ericsson/codechecker • Contributes to the open source Clang project • With new checkers • With new analyzer features: CTU, Statistical analysis • With bug fixes • Contributing to open source Clang since 2013
  • 15. CodeChecker references • https://github.com/Ericsson/codechecker • https://codechecker.readthedocs.io/en/latest/ • https://codechecker.readthedocs.io/en/latest/usage/ • http://codechecker-demo.eastus.cloudapp.azure.com/login.html# • User id: demo • Password: demo • http://clang-analyzer.llvm.org/available_checks.html • http://clang.llvm.org/extra/clang-tidy/checks/list.html
  • 16. CODECHECKER LLVM Project http://llvm.org/ Clang http://clang.llvm.org/ http://clang.llvm.org/docs/index.html "LLVM native" C/C++/Objective-C compiler: C/C++/Objective C compiler Open source, modular Can be reused as library Many analysis related tools: Address Sanitizer, Thread Sanitizer, Clang-format, … Clang Tidy, Clang Static Analyzer, Clang compiler warnings Up to date C/C++ language support (C++11,14,17) Active developer community: Google, Samsung, Sony, Ericsson … source code analysis tool • find programming bugs in C/C++, Objective C • Impressive checker framework • Symbolic Execution • 150+ Checkers • Extensible with new checkers • Active community: Apple, Ericsson, Samsung … collection of modular and reusable compiler and toolchain technologies http://llvm.org/ Clang Static Analyzer http://clang-analyzer.llvm.org CodeChecker database and viewer extension for Clang Static Analyzer https://github.com/Ericsson/codechecker Clang Tidy http://clang-analyzer.llvm.org
  • 17. CodeChecker by Ericsson open source tooling for clang analyzers Clang Tidy clang.llvm.org Clang SA clang-analyzer.llvm.org CodeChecker Report Mgmt Web Server GIT (CI) Commit Loop utilities Browser Eclipse Client CodeChecker command line E/// Checkers Analyzer Report Storage Ericsson only checkers New Analyzer Features Cross Translation Unit Analysis Statistical Checkers Viewer & Report Management Features 1 2 3
  • 18. Summary Short summary card CodeChecker 6.10.1 - current latest version (Clang 8 ) Description Analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy static analysis infrastructure built on the LLVM/Clang Static Analyzer toolchain Supported Languages C,C++,Objective C Supported Architectures Linux, OSX, docker support Technology AST Matcher, Symbolic Execution Analyzers Support for multiple analyzers, currently Clang Static Analyzer and Clang-Tidy, soon also CppCheck, plan is to also add FB Infer and other tools (sanitizers) Features Inter-procedural analysis, Cross TU Analysis, statistical checkers, suppression handling, filtering,… Price Free False Positive Rate Low Checker Database ~300+ checkers (Clangsa 120+, clang-tidy 250+,clang warnings…) +50 Ericsson rules Developer Community Large open source. Apple, Google, Ericsson supported
  • 19. ClangSA Capabilities & Limitations Codechecker is invocation of clang analyses and ClangSA has following capabilities • Constraints registered for bools, integers, chars, pointers (during symbolic execution values represented as intervals) • Memory Aliasing detected int a=0; int* p =&a; 1/*p; //!Div by Zero! - pointer value followed • Hierarchical memory model for arrays, structs and classes - tracking all values of members • Path-sensitive analysis -all branches, switch statements followed • Context-sensitive inter-procedural analysis – function calls are followed even in external TUs Limitations (mainly scalability) • Number of unique paths are exponential with the number of branches: Opportunistic exploration of some paths (does not give full path coverage) if, switch, for loop, while potential branches… - promising paths selected by heuristics • Limited loop unrolling – by defaults not all possible explored (4 times unrolled if we do not know condition variable for loop), for fixed numbers try to unroll • Limited call depths – cannot go indefinitely, fixed limit used • Too long paths are hard to understand for humans – in some cases presume that return value is unknown
  • 21. Included checkers • CodeChecker is doing many type of checks • http://clang-analyzer.llvm.org/available_checks.html • http://clang.llvm.org/extra/clang-tidy/checks/list.html • Ericsson customized checkers • new clang analysis features, such as CTU (Cross Translation Unit Analysis) • statistical checkers not open sourced yet, but plan is to open source them in 2020 • It is identifying • defects in the code that were missed during deskchecks and testing • places where users did not follow some of design rules and best practices
  • 22. SEI Cert rules and testing • https://wiki.sei.cmu.edu/confluence/display/seccode • Example • https://wiki.sei.cmu.edu/confluence/display/cplusplus/DCL50- CPP.+Do+not+define+a+C-style+variadic+function • Automation tools support info on SEI Cert website is not complete and up to date • Ericsson test suite testing SEI cert rules • CodeChecker with Clang 8 covers about 38% of rules • 151 PASSED from the 380 Test-cases: in total 39.7% rule coverage • We need clarification from SEI Cert to publish test suite • With other Clang dynamic sanitizer tools coverage can be increased
  • 23. Checker categories covered by clang I Null pointer dereferences Dereference after a null check Dereference a null return value Dereference before a null check Security best practice violations Possible buffer overflow Copy into a fixed sized buffer Calling risky function User pointer dereference Program hangs sleep()while holding lock Double lock or missing unlock Infinite loop Negative loop bound Thread deadlock Code Maintainability Issues Multiple return statements Unused pointer value Incorrect Expressions Evaluation Order Violation Copy & paste error Insecure Data handling Integer overflow Loop bound by untrusted source Write/read array/pointer with untrusted value Format string with untrusted source Performance inefficiencies Big parameter passed by value Large stack use
  • 24. Checker categories covered by clang II Resource Leaks Memory Leaks Resource leak in object Incomplete delete Uninitialized variables Missing return statement Uninitialized pointer/scalar/… Uninitialized data member in class or struct Integer Handling Issues Improper use of negative value Unintended sign extension Incompatible cast Improper use of APIs Insecure chroot Using invalid iterator printf() argument mismatch Memory Corruptions Out-of-bounds access String length miscalculations Copying to too small destination buffers Overflowed pointer write Negative array index write Allocation size error Memory-illegal access Incorrect delete operator Overflowed pointer read Out-of-bounds read Returning pointer to local variable Negative array index read User/read pointer after free Control Flow issues Logically/structurally dead code Missing break in switch Error handling issues Unchecked return value Uncaught exception
  • 25. MAIN REASONS TO USE CODECHECKER 1. Easier visual understanding of defects (The root cause of each defect is clearly explained, making it easy to fix bugs) 2. Full path coverage – CTU analyses and statistical checkers 3. Overall summary of results for product (good for Status monitoring and Planning of cleanups) 4. Filtering possibilities 5. Visibility of “Depth” of finding - number of steps that lead to error 6. Suppression handling (Per finding not file, False positive vs intentional) 7. Report generation 8. Easy detection of new defects 9. Easy integration to Gerrit verification for new defects 10. Additional Ericsson checkers 11. Eclipse integration... 12. Low false positive rate – path pruning
  • 26. THE CLANG STATIC ANALYZER •Approximations/heuristics • Non-complete and non-sound • False positive/false negative • Industrial use (Ericsson, Apple, …) •Symbolic execution • Path sensitive 28 Introduction • Motivation • Implementation • Evaluation • Summary
  • 27. Ericsson Internal | 2016-03-08 | Page 5 Sim pl e An a l y s is test1(){ int z=1/(3-abs(3)); } int abs(int a){ if a<0 return –a; else return a; } source1.c Error: Division by zero Interprocedural: symbolic execution across procedure (function) boundaries. Simple analyses
  • 28. Ericsson Internal | 2016-03-08 | Page 6 int abs(int a){ if a<0 return –a; else return a; } test1(){ int z=1/(3-abs(3)); } Cr o s s Tr a n s l a t io n Un it a n a l y s is (CTU) source1.c source2.c Translation Unit 1 Translation Unit 2 Error: Division by zero To detect bugs across source file boundaries CTU analysis is needed! Cross translational unit analyses (CTU)
  • 29. Ericsson Internal | 2016-03-08 | Page 7 St a t is t ic a l a n a l y s is func1(){ char *s = read_from_user(); if (s!=NULL) print(“user said: %s”, s); } func2(){ char *s = read_from_user(); if (s!=NULL) print(“user says: %s”, s); } func3(){ char *s = read_from_user(); if (s) print(“user thinks: %s”, s); } func4(){ char *s = read_from_user(); print(“user wrote: %s”, s); } Based on usage samples the analyzer knows that read_from_user() can return NULL pointer. Error: s can potentially be NULL, so we report a null pointer dereference error here. Null return, negative return, checked return Statistical analyses
  • 30. SUMMARY CTU •Clang SA TU-internal analysis extended to Cross- TU analysis for C/C++ •Finds 2-3 times more reports •Scalable & useful for industrial-size projects (PostgreSql, OpenSSL, …) •Patch has been accepted into upstream Clang •Try it yourself with latest Clang and CodeChecker 32
  • 31. • Executable level • Generate code, create build database and analyse all code included in executable • Library level • Generate code and build database only for lib/code under investigation • Analyse code • Limitations • Some higher level defects would be missed • Statistical analyses would also give different results Analysis approach
  • 32. Example of flag usage • --ctu --stats --report-hash context-free -j10 --skip <path>/codechecker_skip_file -e sensitive -e abseil-string- find-startswith -e apiModeling.TrustNonnull -e bugprone-narrowing-conversions -e cert-msc32-c -d bugprone- virtual-near-miss -d bugprone-incorrect-roundings -o • CodeChecker checkers --profile sensitive - display all checkers included
  • 34. STATIC ANALYSES findings Bug Intentional False positive • Fix the code • Tool correctly reports • We have reason not to fix • Tool not correct and should be improved
  • 35. • Before doing any suppressions please read user guide https://github.com/Ericsson/codechecker/blob/master/docs/false_positives.md that explains how to deal with false positives • Also https://github.com/Ericsson/codechecker/blob/master/docs/user_guide.md#suppression-code explains format of suppressions if you still decide to go ahead with suppressions • codechecker_false_positive • codechecker_intentional • codechecker_confirmed • If by mistake you have added suppression into the code and then change your mind after some run was stored to the database then you need to both remove suppression from the code, but also change review status in the database for that bug to "Unreviewed" Suppression handling
  • 36. Tracking results & Reporting tool issues False positives False negatives • Configuration or filtering issue or • Tool does not detect • Checker exist but limitation of the tool • Unsupported type of checker • Should be fixed to improve tool and prevent waste True positive-bug • Should be treated as TR • Collect stats about identified issues • Track accuracy of checker True positive - intentional • Prepare standalone reproducible example and report ticket!
  • 38. Examples using open source projects • http://codechecker-demo.eastus.cloudapp.azure.com/Default/# • Password – Demo/Demo • https://codechecker.readthedocs.io/en/latest/usage/
  • 39. Demo of codechecker workflow 1. Analyze a project 2. View results in command line & static HTML 3. Upload results to CodeChecker Web Server (optional) 4. Add a bug & Fix a bug 5. List results changes after code update 6. Fix the added bugs 7. Confirm that no new bug is introduced 8. Commit patch & (Store new analysis results)
  • 40. 1. Analyze project //Create compile commands json CodeChecker log -b "make clean;make -j10" -o compile_commands.json //Create a first clean analysis CodeChecker analyze ./compile_commands.json -j20 -o reports [INFO 2018-03-04 19:08] - Starting static analysis ... [INFO 2018-03-04 19:08] - [1/10] clang-tidy analyzed tinystr.cpp successfully. [INFO 2018-03-04 19:08] - [2/10] clang-tidy analyzed tinyxmlerror.cpp successfully. Analysis results are stored in the reports directory.
  • 41. 2. View results CodeChecker parse ./reports --print-steps Found no defects while analyzing xmltest.cpp [HIGH] tinyxml.cpp:1542:23: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'node') [core.NullDereference] node->prev->next = node->next; ^ Report hash: f99cd33b42d9620b2aba1e32bfdce636 Steps: 1, tinyxml.cpp:564:2: Calling 'TiXmlElement::ClearThis' 2, tinyxml.cpp:568:1: Entered call from '~TiXmlElement' 3, tinyxml.cpp:571:9: Entering loop body 4, tinyxml.cpp:574:3: Calling 'TiXmlAttributeSet::Remove' 5, tinyxml.cpp:1534:1: Entered call from 'TiXmlElement::ClearThis' 6, tinyxml.cpp:1538:29: Entering loop body 7, tinyxml.cpp:1538:48: Value assigned to 'node' 8, tinyxml.cpp:1538:2: Looping back to the head of the loop 9, tinyxml.cpp:1538:29: Entering loop body 10, tinyxml.cpp:1540:8: Assuming 'node' is equal to 'removeMe' 11, tinyxml.cpp:1540:8: Assuming pointer value is null 12, tinyxml.cpp:1542:23: Access to field 'next' results in a dereference of a null pointer (loaded from variable 'node') Found 2 defect(s) while analyzing tinyxml.cpp ----==== Summary ====---- -------------------------------- Filename | Report count -------------------------------- tinyxmlparser.cpp | 2 tinyxml.cpp | 1 tinyxml.h | 1 -------------------------------- ----------------------- Severity | Report count ----------------------- HIGH | 4 ----------------------- ----=================---- Total number of reports: 4 -----------
  • 42. 3. Generate reports to static html CodeChecker parse ./reports -e html -o reports_html [INFO 2018-03-04 19:11] - Generating html output files: ... To view the results in a browser run: > firefox /home/ednikru/work/codechecker/education_material/TinyXML/reports_html
  • 43. 4. Start server and store results //Starting server (with sqlite db backend) CodeChecker server -v 12345 -w ./workspace& //Store analysis results to the local server CodeChecker store ./reports --url http://localhost:12345/Default -n tinyxml_base //results can be viewed at //firefox http://localhost:12345/Default For official CI runs in your organizations setup permanent database, setup access rights and push results to it This is done by CI scripts and not by the developer!
  • 44. 5. List results changes after code update //Re-analyzing the project CodeChecker check -b "make" -o reports -j10 //Calculating diff to the central DB CodeChecker cmd diff -n ./reports -b tinyxml_base --url http://localhost:12345/Default --new [INFO 2018-03-04 20:07] - Matching against runs: tinyxml_base /home/ednikru/work/codechecker/education_material/TinyXML/tinyxml.cpp:1 887:2: Potential leak of memory pointed to by 'something' [cplusplus.NewDeleteLeaks] DoIndent(); Edit the code and reanalyze the project! Note: Here we use incremental analysis! CodeChecker cmd diff -n ./reports -b tinyxml_base --url http://localhost:12345/Default --new -o html -e ./diff_html //To see the results //$ firefox ./diff_html You can generate the diff output to static HTML too:
  • 45. 6. Fix the code and re-check //Re-analyzing the project CodeChecker check -b "make" -o reports -j10 CodeChecker cmd diff -n ./reports -b tinyxml_base --url http://localhost:12345/Default --new [INFO 2018-03-04 19:49] - Matching against runs: tinyxml_base [INFO 2018-03-04 19:49] - No results Fix the errors reported by CodeChecker in your source code! All good! Your patch will not introduce new faults that can be detected by Clang!  It is safe to push it for gerrit review. All re-analysis and diff is done locally by the developer without updating the central DB!
  • 46. What to do with false positives? 1. Ruling out infeasible paths 1. Use asserts (and debug builds) 2. Correlated conditions 3. Partial functions 4. Loops 5. Prefer standard functions 6. Use const whenever possible 7. Do not turn off core checks 2. Suppress or skip results 1. 3rd party/Unauthored code • Put them to skip list 2. Authored code: • Use asserts, make intents explicit • Otherwise //codechekcer_suppress For more info see: CodeChecker False positives Guide Clang SA FAQ and How to Deal with Common False Positives
  • 47. If nothing else helps use codechecker suppress If nothing else helps, you can use in-line code suppression to suppress false positive. It is likely that this indicates a bug in the analyzer.
  • 48. CodeChecker analyze ./compile_commands.json -j20 -o reports -i SKIPFILE False positives in 3pp code: use skip file -/skip/all/files/in/directory/* -/do/not/check/this.file +/dir/do.check.this.file -/dir/* Skip file format:
  • 50. Introducing new analysis tool or changing settings New tool, new version of existing tool or modified settings New legacy findings identified preventing new defects Continue using new version Cleanup of legacy findings ( most critical first) and/or suppressions of some less critical
  • 52. CLANG STATIC ANALYZER – RESTRICTIONS •Limits on exploration: Callstack depth, number of inlined function, number of ExplodedNodes… •Analysis Budget •Clang SA supported: Inter-procedural within one translation unit (TU) 56 void foo(bool b) { for(int i = 0; i < 100; ++i) { if (b) ... } }
  • 53. How to get more complete results • Limitations • Hardware limitations – abstract syntax tree size • Analyses time limitations • Settings control depth of analyses, number of loops etc • Goal • to get from tool potential defects in the code • Not speed of runs • Regular default setting but also some less frequent longer runs with increased settings • Cross translational analyses • Statistical checkers • Incremental analyses
  • 55. Further plans • Multiple analyzers will be supported • More checkers will be added • Source code will be updated to Python 3 • Debian packages will be released
  • 56. Activities in open source • Contributors on GitHub:​ • Total: 27​ • External active in this year: 5​ • Open source projects analyzed regurarly with CodeChecker:​ • Firefox​ • Chromium​ • …​ • Docker image is available on dockerhub for the webserver • docker run -d -p 8001:8001 -v /home/$USER/codechecker_workspace:/workspace codechecker/codechecker-web:6.10.1​
  • 57. Various comparisons of tools – additional features and settings matter •https://www.spazioit.com/pages_en/sol_inf_en/code_quality_en/clang_vrs_fb_infer_en/ Here you are with the reports produced by the two tools: Clang Report FB Infer Report •>>SAFe Toolset<< •>Clang Analizer Demo I< •>Clang Analyzer Demo II< •>Clang Analyzer Demo III< •>Facebook Infer Demo< •>SonarQube Demo<
  • 58. Summary • Define good strategy for legacy cleanups • Together we can do more in open source community • Reuse more and share findings • Report bugs and examples • Contribute with checkers • Compare tools so that we specialize usage and get more in total

Hinweis der Redaktion

  1. static analysis tools are able to look for patterns that will lead to performance issues or security holes. Using a static analysis program can significantly improve the quality of your code, although it will never be a replacement for a code review by an experienced developer.
  2. Lets see how the clang static analyzer works more in details. It aims to find bugs by static analysis. No exec ->
  3. The current solution seems bad but actually its fine in most cases (definitely improvable though
  4. https://wcdma-userarea.rnd.ki.sw.ericsson.se/ewmrci/production_logs/cl2/ct/main/14.10/codechecker/2017/05/18/tc_DrhCcRhBlIfU_target_2017-05-18T14:07:13/
  5. Clang supports nterproceural analyss wthn a sngle TU For loops even more branches TU – egy forrasfajl