GSoC: Getting started

GSoC: Getting started

[Mir Immad]

HI everyone,

I'm Immad Mir -- one of the GSoC students this year. I'll be working on
adding static analysis support for POSIX file description APIs this summer.

The plan is to let the static analyzer know about the FD APIs through the
use of function attributes, although initially we might hardcode the logic
to get started working. I'm looking for the suggestions on this from the
people who have experience working with file-descriptors.

Thank you.
Immad

Re: GSoC: Getting started

[David Malcolm]

On Wed, 2022-06-01 at 23:22 +0530, Mir Immad wrote:
> HI everyone,
> 
> I'm Immad Mir -- one of the GSoC students this year. I'll be working on
> adding static analysis support for POSIX file description APIs this
> summer.

Welcome Immad - I'm looking forward to helping you on this project.

For reference, I think you posted an initial prototype of this work
earlier this year here:
  https://gcc.gnu.org/pipermail/gcc/2022-January/238192.html
  https://gcc.gnu.org/pipermail/gcc/2022-February/238215.html

> 
> The plan is to let the static analyzer know about the FD APIs through
> the
> use of function attributes, although initially we might hardcode the
> logic
> to get started working. I'm looking for the suggestions on this from
> the
> people who have experience working with file-descriptors.

We talked about this off-list; I think next steps could be:

(1) get your initial prototype working again, hardcoding the names of
the functions for simplicity at first

(2) find a list of system calls (e.g. those implemented on Linux), and
see which ones relate to file descriptors e.g. acquiring them, using
them, releasing them, and duplicating them.  Look for patterns of usage
that could be expressed using function attributes.  Probably ignore
"ioctl" for now.

(3) probably talk to glibc's developers about this, since glibc
provides headers that wrap system calls, which would want to use the
attributes if we provide them

(4) implement the attributes, so that the analyzer doesn't have
hardcoded function names, and can instead rely on function attributes.
GCC's attributes are implemented in gcc/c-family/c-attribs.cc; see the
big c_common_attribute_table array, which associates the string names
of the attrbutes with properties, including a handler callback.  These
either set flags of a decl, or the attribute itself is appended to a
singly-linked list on that decl (for those things that don't directly
relate to fields of a decl).

I believe Siddhesh Poyarekar has been looking at attributes from the
glibc side of things, so I'm CCing him in case he has input on this.

I'm wondering if other people on this list have ideas for projects that
make heavy use of syscalls/file-descriptors that would benefit from
having this analyzer feature.  Maybe systemd?

Welcome again; hope this makes sense and is helpful
Dave

Re: GSoC: Getting started

[Siddhesh Poyarekar]

On 02/06/2022 00:20, David Malcolm wrote:
> (2) find a list of system calls (e.g. those implemented on Linux), and
> see which ones relate to file descriptors e.g. acquiring them, using
> them, releasing them, and duplicating them.  Look for patterns of usage
> that could be expressed using function attributes.  Probably ignore
> "ioctl" for now.
> 
> (3) probably talk to glibc's developers about this, since glibc
> provides headers that wrap system calls, which would want to use the
> attributes if we provide them

There are a significant number of interfaces that use file descriptors, 
not just limited to syscall interfaces. Another area I can think of is 
stdio, i.e. FILE interfaces.  There are interfaces (e.g. fdopen) that 
interact with file descriptors and they may require some special handling.

> (4) implement the attributes, so that the analyzer doesn't have
> hardcoded function names, and can instead rely on function attributes.
> GCC's attributes are implemented in gcc/c-family/c-attribs.cc; see the
> big c_common_attribute_table array, which associates the string names
> of the attrbutes with properties, including a handler callback.  These
> either set flags of a decl, or the attribute itself is appended to a
> singly-linked list on that decl (for those things that don't directly
> relate to fields of a decl).
> 
> I believe Siddhesh Poyarekar has been looking at attributes from the
> glibc side of things, so I'm CCing him in case he has input on this.
> 
> I'm wondering if other people on this list have ideas for projects that
> make heavy use of syscalls/file-descriptors that would benefit from
> having this analyzer feature.  Maybe systemd?

Systemd AFAIK doesn't bypass glibc's syscall interfaces, so annotating 
glibc headers ought to be good start for a GSoC project.  If this is 
done before time we can explore server software, e.g. sshd, httpd, etc. 
to see if there's scope for additional annotations there.  I'll be happy 
to help on the glibc and interfaces front.

Siddhesh

Re: GSoC: Getting started

[David Malcolm]

On Wed, 2022-06-01 at 14:50 -0400, David Malcolm wrote:
> On Wed, 2022-06-01 at 23:22 +0530, Mir Immad wrote:
> > HI everyone,
> > 
> > I'm Immad Mir -- one of the GSoC students this year. I'll be working
> > on
> > adding static analysis support for POSIX file description APIs this
> > summer.
> 
> Welcome Immad - I'm looking forward to helping you on this project.
> 
> For reference, I think you posted an initial prototype of this work
> earlier this year here:
>   https://gcc.gnu.org/pipermail/gcc/2022-January/238192.html
>   https://gcc.gnu.org/pipermail/gcc/2022-February/238215.html
> 
> > 
> > The plan is to let the static analyzer know about the FD APIs through
> > the
> > use of function attributes, although initially we might hardcode the
> > logic
> > to get started working. I'm looking for the suggestions on this from
> > the
> > people who have experience working with file-descriptors.
> 
> We talked about this off-list; I think next steps could be:
> 
> (1) get your initial prototype working again, hardcoding the names of
> the functions for simplicity at first
> 
> (2) find a list of system calls (e.g. those implemented on Linux), and
> see which ones relate to file descriptors e.g. acquiring them, using
> them, releasing them, and duplicating them.  Look for patterns of usage
> that could be expressed using function attributes.  Probably ignore
> "ioctl" for now.
> 
> (3) probably talk to glibc's developers about this, since glibc
> provides headers that wrap system calls, which would want to use the
> attributes if we provide them
> 
> (4) implement the attributes, so that the analyzer doesn't have
> hardcoded function names, and can instead rely on function attributes.
> GCC's attributes are implemented in gcc/c-family/c-attribs.cc; see the
> big c_common_attribute_table array, which associates the string names
> of the attrbutes with properties, including a handler callback.  These
> either set flags of a decl, or the attribute itself is appended to a
> singly-linked list on that decl (for those things that don't directly
> relate to fields of a decl).
> 
> I believe Siddhesh Poyarekar has been looking at attributes from the
> glibc side of things, so I'm CCing him in case he has input on this.
> 
> I'm wondering if other people on this list have ideas for projects that
> make heavy use of syscalls/file-descriptors that would benefit from
> having this analyzer feature.  Maybe systemd?
> 
> Welcome again; hope this makes sense and is helpful
> Dave

I've gone ahead and filed an RFE bug in our bugzilla to help track this
work:
  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106003

Immad: you should probably assign that bug to yourself.  Do you have an
account yet for bugzilla?  See:
  https://gcc.gnu.org/gitwrite.html#authenticated
for info on how to get an account on sourceware.org/gcc.gnu.org

I can be your sponsor.

Once you have that, I think you automatically get a
USERNAME@gcc.gnu.org account that you can use to login to the GCC
bugzilla.


Dave