Write a Blog >>
PLDI 2020
Mon 15 - Fri 19 June 2020
Mon 15 Jun 2020 08:30 - 08:45 at SOAP live stream - Tool Talks 1

The Ericsson CodeChecker team will present their work on the CodeChecker frontend to Clang/LLVM-based checkers and industrial experiences. Speaker: Márton Gábor

Link to the tool: https://github.com/Ericsson/codechecker

CodeChecker project was created to replace commercial static analyzer tools to open source ones for C/C++ language. Clang analyzers were chosen as the analysis engine. One important missing analysis feature from the Clang Static Analyzer was Cross-translation unit analysis (whole-program analysis).

Solution alternatives were provided:

  • Naïve inlining - upstreamed
  • Summary based analysis – work in progress

Missing checkers – Focus on SEI Cert Secure coding checkers

  • C++ container handling (invalidated iterator, accessing emelemnts out of container bounds)
  • Invalid memory accesses (padding problems, over/under-indexing arrays), modeling of memcpy functions
  • Taint analysis feature is incomplete
  • Missing statistical checkers – if the return value of a function call is handled at 90% of the cases, it is an error not to handle it
  • Improve analyzer messages – sometimes it is difficult to understand the error report

Remarks on deployment of Static Analysis tools

  • Developers/CI Team want simple analysis execution/integration to their build system
  • Many users use gcc/g++, compiler call/code is not always compatible with clang
  • Cross–compiled gcc projects are the most difficult to analyze

Developers expect good analysis quality

  • They want the analysis to be integrated into the code review loop – to prevent new faults to be introduced – CI integration
  • The analysis should be fast enough in the review loop – incremental analysis can speed up things
  • Low false positive rate
  • Self explaining error reports
  • Possibility to suppress false positives

Quality managers expect dashboard like views

  • Good overview of errors per error type, severity (central web service)
  • Location of the errors per module
  • Follow up trends of new/fixed errors per (software release/commit)

Mon 15 Jun
Times are displayed in time zone: Pacific Time (US & Canada) change

08:00 - 09:00: Tool Talks 1SOAP at SOAP live stream
08:00 - 08:15
Other
SOAP
Bernhard ScholzUniversity of Sydney, Australia
Media Attached
08:15 - 08:30
Other
SOAP
Yannis SmaragdakisUniversity of Athens, Greece
Media Attached
08:30 - 08:45
Other
SOAP
Gábor MártonEricsson Ltd, Dániel KruppEricsson Ltd
Media Attached
08:45 - 09:00
Other
SOAP
Cristian CadarImperial College London, Martin NowackImperial College London
Media Attached