Thread: Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
From
Tom Browder
Date:
Interesting article in latest issue of subject titled: "A Differential Approach to Undefined Behavior Detection" which may describe procedures not used in other static analysis programs. Article references the authors' website here: http://css.csail.mit.edu/stack which contains more info links and a link to the software on github here: https://github.com/xiw/stack Best regards, -Tom
Re: Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
From
Tomas Vondra
Date:
Hi, On Sat, 2016-03-05 at 06:24 -0600, Tom Browder wrote: > Interesting article in latest issue of subject titled: > > "A Differential Approach to Undefined Behavior Detection" > > which may describe procedures not used in other static analysis programs. > > Article references the authors' website here: > > http://css.csail.mit.edu/stack > > which contains more info links and a link to the software on github here: > > https://github.com/xiw/stack > > Best regards, AFAIK this is not an entirely new tool - it was published a few years back (2013?) along with a paper that also mentioned a few issues in PostgreSQL. And it was dealt with, see for example this thread http://www.postgresql.org/message-id/flat/20130715215950.GA4165@eldon.alvh.no-ip.org Or is this something new? regards -- Tomas Vondra http://www.2ndQuadrant.com PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Re: Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
From
Tom Browder
Date:
On Sat, Mar 5, 2016 at 6:41 AM, Tomas Vondra <tomas.vondra@2ndquadrant.com> wrote: > On Sat, 2016-03-05 at 06:24 -0600, Tom Browder wrote: >> Interesting article in latest issue of subject titled: >> >> "A Differential Approach to Undefined Behavior Detection" ... > AFAIK this is not an entirely new tool - it was published a few years > back (2013?) along with a paper that also mentioned a few issues in > PostgreSQL. And it was dealt with, see for example this thread > > http://www.postgresql.org/message-id/flat/20130715215950.GA4165@eldon.alvh.no-ip.org > > Or is this something new? No, and I think the article mentions that at least one bug was found in the postgresql code. Sorry for the false alarm. Best regards, -Tom
Re: Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
From
Greg Stark
Date:
On Sat, Mar 5, 2016 at 12:41 PM, Tomas Vondra <tomas.vondra@2ndquadrant.com> wrote: > And it was dealt with Well. Not dealt with yet. I think it's more or less clear how to tackle it using macros and builtins now but there's a lot of drudgery work to actually rewrite all the checks. I have the reports from Xi Wang's tool saved if anyone else wants to take it up. I would say it's on my TODO list but that's more of an abstract concept than an actual list. -- greg
Re: Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
From
Greg Stark
Date:
On Sat, Mar 5, 2016 at 12:59 PM, Greg Stark <stark@mit.edu> wrote: > Well. Not dealt with yet. I think it's more or less clear how to > tackle it using macros and builtins now but there's a lot of drudgery > work to actually rewrite all the checks. I have the reports from Xi > Wang's tool saved if anyone else wants to take it up. I would say it's > on my TODO list but that's more of an abstract concept than an actual > list. [Removing all the other xposted lists -- don't do that!] And fwiw the reason it's not an urgent issue for Postgres is because we build with -fwrapv, essentially asking the compiler for a C language that offers more guarantees than the standard (but matches traditional C environments). So there isn't an active bug on Postgres with GCC (or I think Clang) but may be with other compilers if they don't have that option. -- greg
Re: Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
From
Tom Browder
Date:
On Sat, Mar 5, 2016 at 7:03 AM, Greg Stark <stark@mit.edu> wrote: > On Sat, Mar 5, 2016 at 12:59 PM, Greg Stark <stark@mit.edu> wrote: >> Well. Not dealt with yet. I think it's more or less clear how to >> tackle it using macros and builtins now but there's a lot of drudgery >> work to actually rewrite all the checks. I have the reports from Xi >> Wang's tool saved if anyone else wants to take it up. I would say it's >> on my TODO list but that's more of an abstract concept than an actual >> list. > > [Removing all the other xposted lists -- don't do that!] Okay, sorry. I thought since the reply was pg-specific it would cut down noise. -Tom
Re: Static code checker research worth investigating (Communications of the ACM, 03/2016, Vol. 59, No. 03, p. 99)
From
Greg Stark
Date:
On Sat, Mar 5, 2016 at 2:35 PM, Tom Browder <tom.browder@gmail.com> wrote: >> [Removing all the other xposted lists -- don't do that!] > > Okay, sorry. I thought since the reply was pg-specific it would cut down noise. I'm sorry I was unclear. I meant, I was removing all the others from my reply and was saying not to cross-post like that in the first place. I see you removed them in your response too which is good but I missed that and responded to the previous message. -- greg