tech days 2015: static analysis codepeer
TRANSCRIPT
![Page 1: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/1.jpg)
Static Analysis with CodePeer
Arnaud CharletOctober 1st 2015
![Page 2: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/2.jpg)
What is Static Analysis?• Basic Static Analysis: coding standard checking, metrics, compiler
warnings and style checks
• Advanced Static Analysis: symbolic execution/interpretation of source code, whole program analysis to perform software verification
• Formal Verification: verify high level or abstract properties on your application, give strong guarantees
![Page 3: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/3.jpg)
Why Use Static Analysis?• Make software more reliable at reasonable cost
– Full coverage of your code (detect corner cases)
– No missing check when needed (no “false negatives”)
• Anticipate problems (get results before testing)
• Automate part of code review
• Express and verify your requirements and architecture
![Page 4: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/4.jpg)
CodePeer Overview• Advanced static analysis tool for Ada
– Includes also basic static analysis (gnatcheck, gnatmetric)
• Detects runtime and logic errors
– Buffer overflow, division by zero, dead code, …
• Analyzes complete or partial programs (e.g. libraries)
– Supports all versions of Ada
– Supports most Ada compilers and targets
– Can tune level of analysis and accuracy
![Page 5: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/5.jpg)
CodePeer Overview• Generates human readable annotations
• Support for IEEE 754 floating point semantics
• Integrated in GPS, GNATbench and third party tools
• Uses project files (.gpr)
• Comes with an HTML server
![Page 6: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/6.jpg)
A Qualifiable ToolDO178C (Avionics)• Automate part of DO178C 6.3.4.f - determine the correctness and
consistency of the Source Code• Qualified as a verification tool (TQL 5 in DO178C)• Generation of a detailed report file (date of run, switches,
messages, limitations, …)
EN50128 (Railway)• Qualified as a tool class T2• Used for boundary value analysis, control flow and data flow
analysis
![Page 7: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/7.jpg)
CodePeer Use Cases1. Early testing: detect errors earlier on code modifications/new
code
2. Find bugs (on existing code)
3. Impact analysis (before making a change)
4. Code review: help focusing on potential problems/complex code
5. Check consistent use of (third party) libraries:Detect inconsistencies between assumptions in callee and caller
6. Identify race conditions7. Provide evidence for program verification
![Page 8: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/8.jpg)
CodePeer 3.1• Integration with Jenkins - Continuous Builder• Integration with Sonar, Squore - Dashboards• CWE compatibility – Security Analysis• Detection of dangling references• Static Debugger• Incremental (re)analysis
![Page 9: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/9.jpg)
Integration with Jenkins
![Page 10: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/10.jpg)
Integration with Jenkins
![Page 11: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/11.jpg)
Integration with Dashboards
![Page 12: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/12.jpg)
Integration with Dashboards
![Page 13: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/13.jpg)
CWE - Security Analysis• cwe.mitre.org• Filters on 36 detected
CWE ids
![Page 14: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/14.jpg)
Detection of Dangling References• Detect use after free
with Unchecked_Deallocation;
procedure Dangling is type Ref is access Integer; procedure Free_Int is new Unchecked_Deallocation (Integer, Ref); Ptr1 : constant Ref := new Integer; Ptr2 : Ref := Ptr1;begin Free_Int (Ptr2); Ptr1.all := 123; -- high: validity check fails here: requires not Ptr1’Freedend;
![Page 15: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/15.jpg)
Static DebuggerDisplay possible values of variables
![Page 16: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/16.jpg)
Static DebuggerBacktrace capability on messages related to preconditions
![Page 17: Tech Days 2015: Static Analysis CodePeer](https://reader036.vdocuments.site/reader036/viewer/2022070513/588303b81a28abe70d8b600b/html5/thumbnails/17.jpg)
Incremental Analysis• Ability to re-analyze only impacted files
On a 10K SLOC project, 75 files
Time to analyze from scratch: 75 files in 18 minutes
Time to re-analyze and update the database: 9 seconds
Modifying a few files and re-analyzing: 44 files in 2 minutes
• Ability to refine analysis (more precise on new runs)