Static Analysis in C/C++ code with Polyspace

Similar documents
Intro to Proving Absence of Errors in C/C++ Code

From Design to Production

Leveraging Formal Methods Based Software Verification to Prove Code Quality & Achieve MISRA compliance

Verification and Test with Model-Based Design

Increasing Embedded Software Confidence Model and Code Verification. Daniel Martins Application Engineer MathWorks

Jay Abraham 1 MathWorks, Natick, MA, 01760

Increasing Design Confidence Model and Code Verification

Simulink 모델과 C/C++ 코드에대한매스웍스의정형검증툴소개 The MathWorks, Inc. 1

SOFTWARE QUALITY OBJECTIVES FOR SOURCE CODE

2015 The MathWorks, Inc. 1

Automating Best Practices to Improve Design Quality

Developing AUTOSAR Compliant Embedded Software Senior Application Engineer Sang-Ho Yoon

Leveraging Formal Methods for Verifying Models and Embedded Code Prashant Mathapati Application Engineering Group

Model-Based Design for High Integrity Software Development Mike Anthony Senior Application Engineer The MathWorks, Inc.

Verification and Validation of Models for Embedded Software Development Prashant Hegde MathWorks India Pvt. Ltd.

WHITE PAPER. 10 Reasons to Use Static Analysis for Embedded Software Development

Verification and Validation of High-Integrity Systems

Implementation and Verification Daniel MARTINS Application Engineer MathWorks

Verification & Validation of Open Source

Homework #3 CS2255 Fall 2012

[0569] p 0318 garbage

Utilisation des Méthodes Formelles Sur le code et sur les modèles

정형기법을활용한 AUTOSAR SWC 의구현확인및정적분석

Principles of Software Construction: Objects, Design, and Concurrency (Part 2: Designing (Sub )Systems)

Static Analysis methods and tools An industrial study. Pär Emanuelsson Ericsson AB and LiU Prof Ulf Nilsson LiU

Verifying source code

Understanding Undefined Behavior

Automatización de Métodos y Procesos para Mejorar la Calidad del Diseño

Automatic Qualification of Abstract Interpretation-based Static Analysis Tools. Christian Ferdinand, Daniel Kästner AbsInt GmbH 2013

CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak

Verification and Validation

MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING

CS 161 Exam II Winter 2018 FORM 1

Static program checking and verification

Objectives. Chapter 19. Verification vs. validation. Topics covered. Static and dynamic verification. The V&V process

Using Static Code Analysis to Find Bugs Before They Become Failures

Static Program Analysis Part 1 the TIP language

Verification and Validation

Verification and Validation

Computer Components. Software{ User Programs. Operating System. Hardware

CS558 Programming Languages

Examining the Code. [Reading assignment: Chapter 6, pp ]

Program Correctness and Efficiency. Chapter 2

Page 1. Stuff. Last Time. Today. Safety-Critical Systems MISRA-C. Terminology. Interrupts Inline assembly Intrinsics

Advances in Programming Languages

Lecture 9 Assertions and Error Handling CS240

FORM 1 (Please put your name and section number (001/10am or 002/2pm) on the scantron!!!!) CS 161 Exam II: True (A)/False(B) (2 pts each):

C++ Undefined Behavior What is it, and why should I care?

CS2141 Software Development using C/C++ C++ Basics

Static Analysis of C++ Projects with CodeSonar

Synopsys Static Analysis Support for SEI CERT C Coding Standard

C Language Part 1 Digital Computer Concept and Practice Copyright 2012 by Jaejin Lee

PIC 10A Pointers, Arrays, and Dynamic Memory Allocation. Ernest Ryu UCLA Mathematics

Program Verification. Aarti Gupta

Information Flow Analysis and Type Systems for Secure C Language (VITC Project) Jun FURUSE. The University of Tokyo

Pierce Ch. 3, 8, 11, 15. Type Systems

Verification and Validation

Page 1. Today. Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right? Compiler requirements CPP Volatile

CS504 4 th Quiz solved by MCS GROUP

Important From Last Time

CS558 Programming Languages

Important From Last Time

Important From Last Time

Simulink Verification and Validation

MISRA-C. Subset of the C language for critical systems

DECLARAING AND INITIALIZING POINTERS

Pointer Basics. Lecture 13 COP 3014 Spring March 28, 2018

CS2141 Software Development using C/C++ Debugging

Seminar in Software Engineering Presented by Dima Pavlov, November 2010

Automating Best Practices to Improve Design Quality

Verification Using Static Analysis

2/5/2018. Expressions are Used to Perform Calculations. ECE 220: Computer Systems & Programming. Our Class Focuses on Four Types of Operator in C

CS2255 HOMEWORK #1 Fall 2012

Page 1. Today. Important From Last Time. Is the assembly code right? Is the assembly code right? Which compiler is right?

CS6202: Advanced Topics in Programming Languages and Systems Lecture 0 : Overview

Static Analysis in Practice

Parameter passing. Programming in C. Important. Parameter passing... C implements call-by-value parameter passing. UVic SEng 265

C Review. MaxMSP Developers Workshop Summer 2009 CNMAT

'Safe' programming languages

6. Pointers, Structs, and Arrays. 1. Juli 2011

Compiler Construction

Lecture 12 Integers. Computer and Network Security 19th of December Computer Science and Engineering Department

CS 31: Intro to Systems Pointers and Memory. Kevin Webb Swarthmore College October 2, 2018

Introduction to Computer Science Midterm 3 Fall, Points

JAYARAM COLLEGE OF ENGINEERING AND TECHNOLOGY Pagalavadi, Tiruchirappalli (An approved by AICTE and Affiliated to Anna University)

6. Pointers, Structs, and Arrays. March 14 & 15, 2011

Testing. ECE/CS 5780/6780: Embedded System Design. Why is testing so hard? Why do testing?

Hybrid Verification in SPARK 2014: Combining Formal Methods with Testing

Stanford University Computer Science Department CS 295 midterm. May 14, (45 points) (30 points) total

CS 61c: Great Ideas in Computer Architecture

Memory Safety for Embedded Devices with nescheck

AstréeA From Research To Industry

C PROGRAMMING LANGUAGE. POINTERS, ARRAYS, OPERATORS AND LOOP. CAAM 519, CHAPTER5

MC: Meta-level Compilation

CS201- Introduction to Programming Current Quizzes

C Pointers. 7.2 Pointer Variable Definitions and Initialization

Formal C semantics: CompCert and the C standard

CSC 1300 Exam 4 Comprehensive-ish and Structs

Recursion. What is Recursion? Simple Example. Repeatedly Reduce the Problem Into Smaller Problems to Solve the Big Problem

Increases Program Structure which results in greater reliability. Polymorphism

Transcription:

1

Static Analysis in C/C++ code with Polyspace Yongchool Ryu Application Engineer gary.ryu@mathworks.com 2016 The MathWorks, Inc. 2

Agenda Efficient way to find problems in Software Category of Static Analysis Code Verification with Polyspace Q&A 3

The Lifecycle: Remember ISO 26262 and the implied waterfall lifecycle & V-Model DO-178, and the implied software lifecycles, V-Model, Spiral & Waterfall Perhaps you ve adopted [Fr]Agile methods Where does Static Analysis fit? 4

Barry Boehm s Top 10 List of Software Defect Reduction* 1. Finding and fixing a software problem after delivery is often 100 times more expensive than finding and fixing it during the requirements and design phase. Fix Earlier, reduce cost! 6. Peer reviews catch 60 percent of the defects. 7. Perspective-based reviews catch 35 percent more defects than nondirected reviews. 8. Disciplined personal practices can reduce defect introduction rates by up to 75 percent. 9. About 40 to 50 percent of user programs contain nontrivial defects. 5

The Spiral model described by Barry Boehm 6

Software Quality Observations From Capers Jones* * Capers Jones, CTO of Namcook Analytics LLC, the presentation of Software Quality in 2013 7

Match efficiency in Finding Bugs Which method is the best match for the first efficiency graph? a Individual Programmers b Normal Test Steps c Static Analysis d Design Reviews/ Code Inspections 1. 65 2. 65 95% 0 100 90% 0 100 3. 4. 75% 0 100 50% 0 100 8

Efficiency in Finding Bugs Static analysis, Inspections and testing is best 1. 2. 65 c Static Analysis 65 d Design Reviews/ Code Inspections 95% 0 100 90% 0 100 3. 4. b Normal Test Steps a Individual Programmers 75% 0 100 50% 0 100 9

Quality Measurements Have Found: * Capers Jones, CTO of Namcook Analytics LLC, the presentation of Software Quality in 2013 10

How Quality Affects Software Costs * Capers Jones, CTO of Namcook Analytics LLC, the presentation of Software Quality in 2013 11

Defects affect Software Quality and Productivity * Capers Jones, CTO of Namcook Analytics LLC, the presentation of Software Quality in 2013 12

Efficient way to find problems in Software c Static Analysis 13

CATEGORY OF STATIC ANALYSIS OF USING TOOLS Coding Rules, Code Metrics Compiler Warnings Error Prevention Error Detection Bug Findings (False negative) Formal Methods (No False negative) 14

Polyspace PRODUCTS Coding Rules, Code Metrics Error Prevention Compiler Warnings Polyspace Bug Finder Polyspace Code Prover Error Detection Bug Findings (False negative) Polyspace Bug Finder Formal Methods (No False negative) Polyspace Code Prover 15

Types of bugs detected by Polyspace Bug Finder Numerical Zero divide, overflow, shift Integer and float conversion overflow Invalid use of std. library math routine Static memory Array access out of bounds Null pointer Dynamic memory Memory leaks Use of previously freed pointer Unprotected dynamic memory allocation Programming Invalid use of = or == operator Declaration mismatch Dataflow Write without further read Non-initialized variable Language support C C++ Concurrency Data races (atomic, nonatomic) Deadlocks www.mathworks.com/help/bugfinder/check-reference.html 16

Full list of run-time checks in Polyspace Code Prover C run-time checks Unreachable Code Out of Bounds Array Index Division by Zero Non-Initialized Variable Scalar and Float Overflow (left shift on signed variables, float underflow versus values near zero) Initialized Return Value Shift Operations (shift amount in 0..31/0..63, left operand of left shift is negative) Illegal Dereferenced Pointer (illegal pointer access to variable of structure field, pointer within bounds) Correctness Condition (array conversion must not extend range, function pointer does not point to a valid function) Non-Initialized Pointer User Assertion Non-Termination of Call (non-termination of calls and loops, arithmetic expressions) Known Non-Termination of Call Non-Termination of Loop Standard Library Function Call Absolute Address Inspection Points www.mathworks.com/help/codeprover/results.html C++ run-time checks Unreachable Code Out of Bounds Array Index Division by Zero Non-Initialized Variable Scalar and Float Overflow Shift Operations Pointer of function Not Null Function Returns a Value Illegal Dereferenced Pointer Correctness Condition Non-Initialized Pointer Exception Handling (calls to throws, destructor or delete throws, main/tasks/c_lib_func throws, exception raised is not specified in the throw list, throw during catch parameter construction, continue execution in except) User Assertion Object Oriented Programming (invalid pointer to member, call of pure virtual function, incorrect type for this-pointer) Non-Termination of Call Non Termination of Loop Absolute Address Potential Call Green: reliable safe pointer access Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; i = get_bus_status(); if (i >= 0) { *(p - i) = 10; C++ Specific Checks (positive array size, incorrect typeid argument, incorrect dynamic_cast on reference) 17

Not all bugs can be statically proven All Bugs Statically Detectable e.g., if(x=y) vs. if(x==y), memory leaks, partial array access Polyspace Bug Finder Provable Polyspace Code Prover e.g., divide by zero, overflow, illegal pointer dereferences 18

How do Bug Finder results differ from Code Prover results? Bug Finder Nothing Found S. Code Prover Orange - Vulnerability Green - Reliable Probable Bug Grey Unreachable / Dead Red - Faulty Purple - coding rule violations 19

Understanding Abstract Interpretation To prove the absence of errors, the Polyspace verification accounts for all possible execution paths using abstract interpretation. signed char x, y; x = random(); if (x > 0) { x = 5; else if (x!= 0){ y = 100 / x; -128 127 1 5 127-128 -1 0 printf( %d,x); 20

Results from Polyspace Code Prover Start with C/C++ source code static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 21

Results from Polyspace Code Prover Source code painted in green, red, gray, orange static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 22

Results from Polyspace Code Prover Green: reliable safe pointer access static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 23

Results from Polyspace Code Prover Green: reliable safe pointer access Red: faulty out of bounds error static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 24

Results from Polyspace Code Prover Green: reliable safe pointer access Red: faulty out of bounds error Gray: dead unreachable code static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 25

Results from Polyspace Code Prover Green: reliable safe pointer access Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 26

Results from Polyspace Code Prover Green: reliable safe pointer access Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; for (i = 0; i < 100; i++) { *p = 0; p++; if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; Purple: violation MISRA-C/C++ or JSF++ code rules i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 27

Results from Polyspace Code Prover Green: reliable safe pointer access static void pointer_arithmetic (void) { int array[100]; int *p = array; int i; Red: faulty out of bounds error Gray: dead unreachable code Orange: unproven may be unsafe for some conditions for (i = 0; i < 100; i++) { *p = 0; p++; variable I (int32): [0.. 99] assignment of I (int32): [1.. 100] if (get_bus_status() > 0) { if (get_oil_pressure() > 0) { *p = 5; else { i++; Purple: violation MISRA-C/C++ or JSF++ code rules Range data tool tip i = get_bus_status(); if (i >= 0) { *(p - i) = 10; 28

Polyspace Bug Finder & Code Prover 29

Who should use the tools? BF Legend Bug Finder CP Code Prover Specification SW Acceptance tests Quality Assurance Engineers CP BF Design SW Integration tests BF CP Software Architects/Engineers and/or Quality Engineers BF Implementation SW Unit Tests CP Software Engineers Software Engineers and/or Quality engineers 30

Software Quality Objectives (SQO) Specify software quality levels in Polyspace Identify when a file, module, or component achieves desired quality level Define customizable thresholds based on Software metrics Code rule violations Number of red, gray, oranges Use SQO as a process guide Practical plan for an incremental adoption of tools and process changes to meet quality objectives www.mathworks.com/discovery/software-quality-objectives.html 31

Dashboard for management view With top-level rollup, trends, and pass/fail objectives 32

Save time by using both Bug Finder and Code Prover Improvements every 6 months 33

Q & A 34

New features in R2015b and R2016a Full support of MISRA-C:2012 rules MISRA 2012 Directives New MISRA 2012 Directives 4.5 and 4.13 Improve support of directive 4.3 When you want the MISRA 2012 checker to be applied to C90 only, you can tick Respect C90 Standard It may have some side effects on compilation v Polyspace Code Prover: MISRA C:2012 rules 22.1 to 22.4 and rule 22.6 are not supported 35

New features in R2015b and R2016a Polyspace Bug Finder defects: now 140 defects! 81 new defects with new defect categories: Programming, C++, Security, Resources management Additional: Improved precision on memory leaks 36

Use cases BF Legend Bug Finder CP Code Prover Specification SW Acceptance tests - Measure SW quality - Quality report generation CP BF Design SW Integration tests BF - Find integration bugs - Declaration mismatches - Data race on shared variables - Global variables usage CP BF Implementation - Find local bugs - Find MISRA violations - Find untestable functions - Perform Code Reviews SW Unit Tests CP - Quality gate - Find runtime errors / unused code - Prove absence of runtime errors on modules - Justify MISRA violations 37

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback