Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
static analysis of openafs code base

Static analysis of OpenAFS code base Cheyenne Wills OpenAFS 2019 - PowerPoint PPT Presentation

Oct 31, 2023 •343 likes •559 views

Static analysis of OpenAFS code base Cheyenne Wills OpenAFS 2019 Workshop Overview What is static analysis What are the tools Analysis of the OpenAFS code base What is static analysis Static analysis is performed by analysing

  1. Static analysis of OpenAFS code base Cheyenne Wills OpenAFS 2019 Workshop

  2. Overview • What is static analysis • What are the tools • Analysis of the OpenAFS code base

  3. What is static analysis • Static analysis is performed by analysing the source or object code of a program – as opposed to dynamic analysis, which is done by analysing a running program

  4. What are the tools • Manual code reviews • Automated tools – Enhancements to compilers – Standalone utilities

  5. Manual Code Reviews • Traditional method • Gerrit reviews – More than one set of eyes – “voting”

  6. Enhancements to compilers • GCC 8/9, clang – Truncation using string functions – Alignment errors – Some pointer operations – Detecting out-of-bounds on arrays – format overflows and truncations

  7. Compiler checks • --enable-checking on configure • compilers are getting “better” on reporting errors

  8. gcc compiler warnings

  9. Standalone utilities • Clang’s static analyzer - scan-build – part of Clang – Suite of checkers: • Core language features and general purpose checks • Dead Code • NULL dereferencing • Security • Unix/POSIX APIs

  10. clang scan-build

  11. clang scan-build

  12. clang scan-build

  13. Standalone utilities • cppcheck – variable checking – out of bounds conditions – depreciated functions – memory leaks – resource leaks – stylistic and performance errors

  14. cppcheck ... [src/rxgen/rpc_parse.c:2208]: (warning) %u in format string (no. 3) requires 'unsigned int' but the argument type is 'signed int'. [src/rxgen/rpc_parse.c:2208]: (warning) %u in format string (no. 5) requires 'unsigned int' but the argument type is 'signed int'. [src/rxgen/rpc_parse.c:690] -> [src/rxgen/rpc_parse.c:696]: (style) Variable 'tailp' is reassigned a value before the old one has been used. [src/rxgen/rpc_parse.c:818]: (style) The scope of the variable 'defp' can be reduced. [src/rxgen/rpc_parse.c:972]: (style) The scope of the variable 'typecontents' can be reduced. [src/rxgen/rpc_parse.c:997]: (style) The scope of the variable 'typecontents' can be reduced. [src/rxgen/rpc_parse.c:1175]: (style) The scope of the variable 'noofparams' can be reduced. [src/rxgen/rpc_parse.c:1175]: (style) The scope of the variable 'i' can be reduced. [src/rxgen/rpc_parse.c:1245]: (style) The scope of the variable 'i' can be reduced. [src/rxgen/rpc_parse.c:1347]: (style) The scope of the variable 'defp1' can be reduced. [src/rxgen/rpc_parse.c:1557]: (style) The scope of the variable 'i' can be reduced. [src/rxgen/rpc_parse.c:1944]: (style) The scope of the variable 'defp' can be reduced. [src/rxgen/rpc_util.h:62] -> [src/rxgen/rpc_parse.c:1528]: (style) Local variable zflag shadows outer variable ...

  15. Standalone utilities • infer – null pointer problems – memory leaks – coding conventions – system APIs

  16. infer src/bucoord/config.c:98: error: NULL_DEREFERENCE pointer `tentry` last assigned on line 97 could be null and is dereferenced at line 98, column 5. 96. /* tlast now points to the next pointer (or head pointer) we should overwrite */ 97. tentry = calloc(1, sizeof(struct bc_hostEntry)); 98. > tentry->name = strdup(aname); 99. *tlast = tentry; 100. tentry->next = (struct bc_hostEntry *)0; src/afs/afs_cell.c:108: error: UNINITIALIZED_VALUE The value read from code was never initialized. 106. timeout); 107. 108. > if (!hostCount || (code && code != EEXIST)) 109. /* null out the cellname if the lookup failed */ 110. afsdb_req.cellname = NULL;

  17. infer Summary of the reports UNINITIALIZED_VALUE: 681 DEAD_STORE: 325 NULL_DEREFERENCE: 188 MEMORY_LEAK: 173 RESOURCE_LEAK: 20 USE_AFTER_FREE: 1

  18. Analysis of the OpenAFS code base • “static-analysis” topic in OpenAFS Gerrit – Analysis and patches by Pat Riehecky • Memory and resource leaks • NULL pointer dereferences • Problems with “printf” format strings • Boundary conditions (arrays and strings) • Uninitialized variables • Dead code – 25 commits, 19 pending merge

  19. Commits pending approvals

  20. Improving the code base • Continued code reviews, adding more eyes. – Automated tools can’t catch everything • Integrate automated checks into commit and build processes – adding analysis checks into the buildbot workers

Recommend

OpenAFS Release Team Report Michael Meffie June 19, 2019 Michael Meffie OpenAFS Release Team

OpenAFS Release Team Report Michael Meffie June 19, 2019 Michael Meffie OpenAFS Release Team

OpenAFS Release Team Report Michael Meffie June 19, 2019 Michael Meffie OpenAFS Release Team Report June 19, 2019 1 / 17 OpenAFS Release Team Weekly meetings via jabber on Fridays jabber: release-team@conference.openafs.org email:

311 views • 17 slides
OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS

OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS

OpenAFS Status 2012 Nothing and a lot n Derrick Brashear and Jeffrey Altman n The OpenAFS Project n 16 October 2012 Tuesday, October 16, 12 History n OpenAFS 1.6.0 was released on 1 September 2011. Just 3 years late n You

437 views • 31 slides
Linux Kernel Evolution vs OpenAFS Marc Dionne Edinburgh - 2012 The stage Linux is widely

Linux Kernel Evolution vs OpenAFS Marc Dionne Edinburgh - 2012 The stage Linux is widely

Linux Kernel Evolution vs OpenAFS Marc Dionne Edinburgh - 2012 The stage Linux is widely deployed as an OpenAFS client platform Many large OpenAFS sites rely heavily on Linux on both servers and clients The OpenAFS Linux client

682 views • 30 slides
A Robot Framework Test Suite for OpenAFS Michael Meffie, Sine Nomine Associates June 21, 2019 A

A Robot Framework Test Suite for OpenAFS Michael Meffie, Sine Nomine Associates June 21, 2019 A

A Robot Framework Test Suite for OpenAFS Michael Meffie, Sine Nomine Associates June 21, 2019 A Robot Framework Test Suite for OpenAFS 1 of 32 A Robot Framework Test Suite for OpenAFS 2 of 32 Tests suites OpenAFS unit tests c-based

438 views • 32 slides
OpenAFS Native Mountpoints on Linux Andrew Deason June 2019 OpenAFS Workshop 2019 1 Background

OpenAFS Native Mountpoints on Linux Andrew Deason June 2019 OpenAFS Workshop 2019 1 Background

OpenAFS Native Mountpoints on Linux Andrew Deason June 2019 OpenAFS Workshop 2019 1 Background Single mountpoints are pretty simple: 2 Background What about multiple mountpoints? What is ..? 3 Dentries and Inodes Inodes:

747 views • 15 slides
OpenAFS on Windows: A Status Report Jeffrey Altman The OpenAFS Project 16 October 2012 Status

OpenAFS on Windows: A Status Report Jeffrey Altman The OpenAFS Project 16 October 2012 Status

OpenAFS on Windows: A Status Report Jeffrey Altman The OpenAFS Project 16 October 2012 Status of Win7 Netbios Name Lookup Bug 2011 EuroAFS: Microsoft has officially declared the bug WONT_FIX The IFS is the only fix that

294 views • 17 slides
DTrace/SystemTap SDT Probes in OpenAFS Andrew Deason June 2019 OpenAFS Workshop 2019 1

DTrace/SystemTap SDT Probes in OpenAFS Andrew Deason June 2019 OpenAFS Workshop 2019 1

DTrace/SystemTap SDT Probes in OpenAFS Andrew Deason June 2019 OpenAFS Workshop 2019 1 Userspace DTrace Background Specify triggers on events (function calls) No special support needed Complex functionality builtin threading

311 views • 14 slides
OpenAFS as Persistent Storage inside Kubernetes using Container Storage Interface plugin for

OpenAFS as Persistent Storage inside Kubernetes using Container Storage Interface plugin for

OpenAFS as Persistent Storage inside Kubernetes using Container Storage Interface plugin for OpenAFS Yadavendra Yadav T odd DeSantis OpenAFS WorkShop 2019 Pittsburgh, US Application Modernization Evolution of Container Agenda

543 views • 27 slides
OpenAFS Audit Interface Enhancements Cheyenne Wills OpenAFS 2019 Workshop 1 Overview

OpenAFS Audit Interface Enhancements Cheyenne Wills OpenAFS 2019 Workshop 1 Overview

OpenAFS Audit Interface Enhancements Cheyenne Wills OpenAFS 2019 Workshop 1 Overview Multiple Interfaces Multiple Instances of an interface New FIFO (named pipe) interface Collecting information from the audit facility 2

423 views • 17 slides
Status and Futures Derrick Brashear Jeffrey Altman What is OpenAFS? OpenAFS is a global,

Status and Futures Derrick Brashear Jeffrey Altman What is OpenAFS? OpenAFS is a global,

Status and Futures Derrick Brashear Jeffrey Altman What is OpenAFS? OpenAFS is a global, federated, location independent open source storage system that provides pervasive data access from a broad range of heterogeneous devices scaling

396 views • 15 slides
Introducing a common interface to access AFS statistics Marcio Barbosa 2019 OpenAFS Workshop

Introducing a common interface to access AFS statistics Marcio Barbosa 2019 OpenAFS Workshop

Introducing a common interface to access AFS statistics Marcio Barbosa 2019 OpenAFS Workshop AGENDA Motivation Problem Solution StatsStore StatsStore and OpenAFS Other platforms Collectd Collectd and OpenAFS Links MOTIVATION

414 views • 21 slides
Profiles with OpenAFS Lars Schimmer European OpenAFS Conference August 10, 2010 Why at all?

Profiles with OpenAFS Lars Schimmer European OpenAFS Conference August 10, 2010 Why at all?

Windows Roaming Profiles with OpenAFS Lars Schimmer European OpenAFS Conference August 10, 2010 Why at all? Central management Central backup Central templates No data on workstations Users get their own setup on every

357 views • 10 slides
Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code

Static Code Analysis Automatisierte Sicherheitsanalyse of Complex PHP Application Vulnerabilities von Webapplikationen Static Code Analysis of Complex PHP Application Vulnerabilities Johannes Dahse Static Code Analysis Automatisierte

1.48k views • 89 slides
An OpenAFS Site Report Code Name Sunrise Ralf Brunckhorst Michael Meffie (SNA) June 19, 2019

An OpenAFS Site Report Code Name Sunrise Ralf Brunckhorst Michael Meffie (SNA) June 19, 2019

An OpenAFS Site Report Code Name Sunrise Ralf Brunckhorst Michael Meffie (SNA) June 19, 2019 An OpenAFS Site Report 1 of 21 History of AFS at Sunrise 1999 AFS was introduced at one site in Sweden. 2000s More sites were added. 2006 AFS

366 views • 21 slides
Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables

Static and Method Overloading static One per class, not per object static variables all instances of the class share the same static variable example: serial/VIN number for Car static methods invoked through class

325 views • 7 slides
OpenAFS development a.k.a. That thing lurking just over the hill is version 1.4 Derrick

OpenAFS development a.k.a. That thing lurking just over the hill is version 1.4 Derrick

OpenAFS development a.k.a. That thing lurking just over the hill is version 1.4 Derrick Brashear The OpenAFS project 26 March 2004 Weve come so far... Large file support now also in the server (currently namei only) HP-UX

435 views • 15 slides
CS-527 Software Security Bug finding techniques Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Bug finding techniques Asst. Prof. Mathias Payer Department of Computer

CS-527 Software Security Bug finding techniques Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Testing Table of Contents Testing

677 views • 33 slides
Learning a Static Analyzer from Data by Pavol Bielik, Veselin Raychev, and Martin Vechev Daniel

Learning a Static Analyzer from Data by Pavol Bielik, Veselin Raychev, and Martin Vechev Daniel

Learning a Static Analyzer from Data by Pavol Bielik, Veselin Raychev, and Martin Vechev Daniel Perez The University of Tokyo January 29, 2018 Static analyzers Writing a static analyzer is hard JavaScript points-to sample global.length = 4;

301 views • 15 slides
Background Program must be brought into memory and placed within a process for it to be run.

Background Program must be brought into memory and placed within a process for it to be run.

Background Program must be brought into memory and placed within a process for it to be run. Storage Allocation Input queue collection of processes on the disk that are waiting to be brought into memory to run the program.

225 views • 9 slides
Project 1: -allocator Computation structures October 9, 2018 Memory allocation Static

Project 1: -allocator Computation structures October 9, 2018 Memory allocation Static

Project 1: -allocator Computation structures October 9, 2018 Memory allocation Static allocation : size must be known at compile-time, handled by compilers in high-level languages. In -assembly: | static allocation on the stack |

261 views • 9 slides
Static Analyzer Non-Comprehensive Overview Dr Christopher Jones HOW 2019 21 March 2019 This

Static Analyzer Non-Comprehensive Overview Dr Christopher Jones HOW 2019 21 March 2019 This

FERMILAB-SLIDES-19-035-CD Static Analyzer Non-Comprehensive Overview Dr Christopher Jones HOW 2019 21 March 2019 This manuscript has been authored by Fermi Research Alliance, LLC under Contract No. DE-AC02-07CH11359 with the U.S. Department of

567 views • 12 slides
Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview

Outline Static Analysis: Overview, Syntactic Analysis and Abstract Interpretation Overview TDDC90: Software Security Syntactic Analysis Ahmed Rezine Abstract Interpretation IDA, Linkpings Universitet Hsttermin 2014 Static Program

79 views • 7 slides
Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all

Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Static analysis and all that Martin Steffen IfI UiO Spring 2014 uio Plan approx. 15 lectures, details see web-page flexible time-schedule, depending on

941 views • 69 slides
Efficient Static Analysis of XML Paths and Types Pierre Genevs EPFL, Switzerland Joint

Efficient Static Analysis of XML Paths and Types Pierre Genevs EPFL, Switzerland Joint

Efficient Static Analysis of XML Paths and Types Pierre Genevs EPFL, Switzerland Joint work with Nabil Layada and Alan Schmitt INRIA, France PLDI07, San Diego, June 2007 Introduction More and more XML data Objective: ensuring

629 views • 42 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.