From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) by sourceware.org (Postfix) with ESMTPS id CA7773858C66 for ; Mon, 20 Mar 2023 17:28:14 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org CA7773858C66 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-ed1-x532.google.com with SMTP id x3so49731174edb.10 for ; Mon, 20 Mar 2023 10:28:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679333293; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=HhPil+BbyGqMARLIDle9d6zw9kY/Z61SwfM62qvSDnE=; b=PzRas9M22N4AOXQw8BRw4MDePMLzbETnwfIj9HUQm/sXJdCzKqbaJ1ZvdsV9nX5x2/ V3OlZn+iUb5VXOeMIAZPuWRNsLlWDKg967yUDNm2mj6ZPf76vUhptZEHkZNAu7U4HFJa pvp6x8zuvjisTC0HXA9oe8vK0YlrY0HZvA8bvpeueDVOI3mK1G4MXAWAFufXpQ7z/cWw 58rZoD4UUjbtJyXGASMZBqjWfvkguEsg/rcJ0Cl1tqQVnrOzYpuDpkvSR7v94NOao8/n HSYi8eJy6ZPZxxPnmIl4LwJEyBDfusmYw07HFb/AcWFYuIqwW+yaFxR8QvtKzm6BoHqT wr4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679333293; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HhPil+BbyGqMARLIDle9d6zw9kY/Z61SwfM62qvSDnE=; b=R2UDJ2FpykCVE5vn2wcY6LPwt9U7cZh0GxKq+tW5kUIPkyNTIBORF0y/w5793lX5Sg VYGs+lzeojN47D3Fls6wRiwtXdnJ6hnRNPxU+mw9eTIII9GOX0qfhLAnLdT4mpZt9oMQ spQCjt8icyqICcL0mBT/+iKhAedQ7EQtRyvH3jHjZgJDAJ5SPTxCc/Q9zHItssVlhB63 e8LzAb/mgWUqjR+rQBomb730Ee0yw2gZmu0FpYDOA0gcF2xqUkIAVxXQeA9hmk+Dj21+ pd2oGXJ4vnQVQq3PymzFADpP4XyUbYgJULTVmL3LNUdZ3RSwB4HfT7ciYCK1o0ORb1Fo wXmw== X-Gm-Message-State: AO0yUKW14wSJo4JzC9zO7/o7I9BjMfJB9XxoVtfFIUT67AXxGJKCq6wF K/Kdc1cIz/at4Xl4SjuXnJQ= X-Google-Smtp-Source: AK7set9Z90AkO1ylT1CNvjNlR2h/TQygvjsQvZniSMJrGylfOwwm/uAi49z4v0nJ30lcvIMepenejA== X-Received: by 2002:a17:906:a254:b0:872:b17a:9b59 with SMTP id bi20-20020a170906a25400b00872b17a9b59mr9952436ejb.38.1679333292953; Mon, 20 Mar 2023 10:28:12 -0700 (PDT) Received: from smtpclient.apple ([2001:620:618:5c8:2:80b3:0:764]) by smtp.gmail.com with ESMTPSA id z3-20020a170906434300b008d427df3245sm4707116ejm.58.2023.03.20.10.28.12 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 20 Mar 2023 10:28:12 -0700 (PDT) From: Shengyu Huang Message-Id: <2344350B-6AD2-46A5-A335-BD3ECBBAA4DF@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_648024A5-7F17-4CC0-87D7-09F418660484" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\)) Subject: [GSoC][Static Analyzer] First proposal draft and a few more questions/requests Date: Mon, 20 Mar 2023 18:28:01 +0100 In-Reply-To: <3dfad33dec50c9f8bfb13e42a29cfb41b6aab457.camel@redhat.com> Cc: GCC Development To: David Malcolm References: <960EE623-1B17-4321-B77E-FBCD9496BE1F@gmail.com> <40fbb064f56845908f797400e5d9443b6cf97fe4.camel@redhat.com> <0e6a972dac60ad290d21a82b428cc76c4e8565e9.camel@redhat.com> <4CBE37A2-7D50-4ECC-9B70-951AB7176D9B@gmail.com> <3dfad33dec50c9f8bfb13e42a29cfb41b6aab457.camel@redhat.com> X-Mailer: Apple Mail (2.3731.200.110.1.12) X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --Apple-Mail=_648024A5-7F17-4CC0-87D7-09F418660484 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Dave, Thanks for always getting back to me so promptly! I am drafting the proposa= l today. Here is the link: https://docs.google.com/document/d/1MRI1R5DaX8kM6DaqRQsEri5Mx2FvHmWv13qe1W0= Bj0g/ (The proposal was first written in markdown and then copied pasted to Googl= e Docs, so some formatting may look ugly...) In the timeline section, I mention your name twice where I expect your inpu= t can help me speed up the work. For example, the mentioned paper (https://= users.ece.cmu.edu/~aavgerin/papers/Oakland10.pdf) has a section =E2=80=9Cpe= rformance=E2=80=9D on page 12 that lists out several solutions to mitigate = the exponential blow up in straightforward implementation of symbolic execu= tion, but the current implementation may have some clever tricks already (e= .g., purging the states?) that some of the solutions may not be applicable = to us. I can further polish this proposal based on your feedback. I may not be as = responsive as you are because I have several deadlines from coursework ever= y week. >> 1. What should I do with the integration tests? >=20 > First of all, AFAIK I'm the only person who's tried running the > integration tests. They're the test scripts I wrote to help me > validate my own patches, so there will be rough edges; please let me > know as you run into them, so I can fix/document them. You append the path =E2=80=9C../sarifdump=E2=80=9D in results.py, but this = path is not in the repo.=20 >> 2. I ran gcc -fanalyzer -fanalyzer-checker=3Dtaint ./gcc- >> src/gcc/testsuite/gcc.dg/analyzer/pr93032-mztools-signed-char.c , but >> I got different results from what you documented in PR103533: >>=20 >> /usr/bin/ld: /lib/x86_64-linux-gnu/crt1.o: in function `_start': >> (.text+0x17): undefined reference to `main' >> collect2: error: ld returned 1 exit status >=20 > gcc's default is to try to compile, assemble, and link into an > executable. This testcase doesn't have a "main" function, hence the > linker complains. If you pass "-S", it will merely compile the .c to a > .s assembler file whilst still running the analyzer. >=20 > In terms of actually running the test suite via DejaGnu, see: > https://gcc-newbies-guide.readthedocs.io/en/latest/working-with-the-tests= uite.html >=20 > I typically use: >=20 > make -k -jN \ > && time make check-gcc \ > RUNTESTFLAGS=3D"-v -v --target_board=3Dunix\{-m32,-m64\} analyzer= -torture.exp=3D*.c analyzer.exp=3D*.c" >=20 > when testing the analyzer regression test suite, where N is the number > of cores on my box >=20 > When I run an individual testcase, I do something like: >=20 > ./xgcc -B. -S -fanalyzer ../../src/PATH_TO_TEST_CASE >=20 > in the "gcc" subdirectory of the build directory. Yeah sorry for not taking a good look at the testcase before sending you th= is question=E2=80=A6the tips were very helpful still, thanks a lot! Under latest trunk, all the individual testcases documented in PR103533 com= pile with no error (no ICE or state explosion). I double checked that I did= turn on -fanalyzer-checker=3Dtaint (although it is a bit annoying there is= no error or warning when I mistyped it as -fanalyzer-checker=3Dtai8nt). I = also ran the test suite via DejaGNU, and there are only four unexpected fai= lures (no unexpected successes) and some unsupported tests: ``` FAIL: gcc.dg/analyzer/file-CWE-1341-example.c (test for excess errors)=20 FAIL: gcc.dg/analyzer/pipe-glibc.c (test for excess errors)=20 FAIL: gcc.dg/analyzer/file-CWE-1341-example.c (test for excess errors)=20 FAIL: gcc.dg/analyzer/pipe-glibc.c (test for excess errors) ``` (Why is the same file reported twice in the summary?) These testcases are not relevant for taint analysis, but indeed when I turn= ed on the taint mode other checkers are suppressed without any warnings (I = guess this should be one of the goals if we don=E2=80=99t manage to turn on= the taint mode by default in the end). Does it mean there are no small testcases that will cause state explosion a= t the moment? It is a bit tricky for me to have an intuition for where the = problem stems when I don=E2=80=99t have a concrete example to investigate= =E2=80=A6During the project, how often do you expect we need to run the int= egration tests? I guess we run it whenever we don=E2=80=99t have a small ex= ample to work at hand, and iteratively we use the integration test results = to construct a minimal example to fix the next encountered issue? By the way, I have applied for the compile farm account after the first ema= il exchanges and I have been working on compile farm for a while now. Best, Shengyu P.S. There is no more `pr93032-mztools.c` in the testsuit, and the two file= s `pr93032-mztools-{simplified, signed-char, unsigned-char}.c` do not incur= state explosion. --Apple-Mail=_648024A5-7F17-4CC0-87D7-09F418660484--