Write a Blog >>
PLDI 2020
Mon 15 - Fri 19 June 2020
Mon 15 Jun 2020 08:30 - 08:45 at SOAP live stream - Tool Talks 1

The Ericsson CodeChecker team will present their work on the CodeChecker frontend to Clang/LLVM-based checkers and industrial experiences. Speaker: Márton Gábor

Link to the tool: https://github.com/Ericsson/codechecker

CodeChecker project was created to replace commercial static analyzer tools to open source ones for C/C++ language. Clang analyzers were chosen as the analysis engine. One important missing analysis feature from the Clang Static Analyzer was Cross-translation unit analysis (whole-program analysis).

Solution alternatives were provided:

  • Naïve inlining - upstreamed
  • Summary based analysis – work in progress

Missing checkers – Focus on SEI Cert Secure coding checkers

  • C++ container handling (invalidated iterator, accessing emelemnts out of container bounds)
  • Invalid memory accesses (padding problems, over/under-indexing arrays), modeling of memcpy functions
  • Taint analysis feature is incomplete
  • Missing statistical checkers – if the return value of a function call is handled at 90% of the cases, it is an error not to handle it
  • Improve analyzer messages – sometimes it is difficult to understand the error report

Remarks on deployment of Static Analysis tools

  • Developers/CI Team want simple analysis execution/integration to their build system
  • Many users use gcc/g++, compiler call/code is not always compatible with clang
  • Cross–compiled gcc projects are the most difficult to analyze

Developers expect good analysis quality

  • They want the analysis to be integrated into the code review loop – to prevent new faults to be introduced – CI integration
  • The analysis should be fast enough in the review loop – incremental analysis can speed up things
  • Low false positive rate
  • Self explaining error reports
  • Possibility to suppress false positives

Quality managers expect dashboard like views

  • Good overview of errors per error type, severity (central web service)
  • Location of the errors per module
  • Follow up trends of new/fixed errors per (software release/commit)

Mon 15 Jun

Displayed time zone: Pacific Time (US & Canada) change

08:00 - 09:00
Tool Talks 1SOAP at SOAP live stream
Tool Talk: Soufflé
Bernhard Scholz University of Sydney, Australia
Media Attached
Tool Talk: DOOP
Yannis Smaragdakis University of Athens, Greece
Media Attached
Tool Talk: CodeChecker
Gábor Márton Ericsson Ltd, Dániel Krupp Ericsson Ltd
Media Attached
Tool Talk: KLEE
Cristian Cadar Imperial College London, Martin Nowack Imperial College London
Media Attached