From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x336.google.com (mail-wm1-x336.google.com [IPv6:2a00:1450:4864:20::336]) by sourceware.org (Postfix) with ESMTPS id 155F13858D32 for ; Sun, 12 Mar 2023 22:20:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 155F13858D32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-x336.google.com with SMTP id k37so6744103wms.0 for ; Sun, 12 Mar 2023 15:20:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1678659653; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:from:to:cc:subject:date:message-id:reply-to; bh=Royztm2XTGmJVJWgyRWm6fyt0/fxGEzazpb2s5Q1eGk=; b=Sbw07gx7Cm7x9fhENYchXtiaO3ePtCmySs/tWzqsg6+gV7zjf4ELQY+Pz9oY/iNXkj Lg01Oj7h+s8aZLrO7/xT6UuXY05/GIG4f9dKzA6qQEZ7ubTLR7w1H3JyHitFZBPXrSsD 6mAX94luSzYXWkApf0Yq/jGqMuC350uX+nUucNR6t3KC72TJ484ZTGkanY78yGU3R2xN N9LMnqdlthmKP6lIx0SY9zGelILB8P1jIO05m93NJtY/pmwC70IRoghw9ESlxlcMY2pV XV2WIEuPNdL0KT5DNkBR8GYB35TJnThy1pMEecogfMkYJvvroDz2IsU7lo4yeIc3GxE6 e6CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678659653; h=references:to:cc:in-reply-to:date:subject:mime-version:message-id :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Royztm2XTGmJVJWgyRWm6fyt0/fxGEzazpb2s5Q1eGk=; b=qZZziiJTFM5C0Aj11sxBrG1BQ3nCjx3SNYjR0cGiS/Yke8sUm124Vsgy6W0GmC0A11 ZC+3kY5emi6N/xOWNO7ObPJx5iv1EaAaqs57wvPWBAxTTVz1INNaGSevCFTp/EsjMCNM l0mlH0fpjyUPVE1LvEXUtM8Q0a6AWHEke87s0ma+KURn6AIJnZUQuTh5p9BiYfBVppXY asAWJzMC1SJTgwJadMqyfMTHrNo5nT53Jp0F9uWHWzljMO/ixhVR8lN33IZVOr9DE9m4 2usXaGMEUqWxmN8/iFU5VmbD5EJEBOMSGjN1qCz91NS7KFBKWKi8Cl65hdc36bBh4vkR lf7w== X-Gm-Message-State: AO0yUKUbdZpr+1xtaAo8RULt91TzBrmkjewRMsbSfCbKW2L3IJSOnqvJ olqJaBocTq9xAvt13NehZJA= X-Google-Smtp-Source: AK7set9rc9MFal1DPCy1kLl+ESW6VbJkMaViy8OFVZ9cPCz1D3bK+kAPC2aoKBfRJ7w2rTsVA8SaFQ== X-Received: by 2002:a05:600c:a41:b0:3eb:9822:f0 with SMTP id c1-20020a05600c0a4100b003eb982200f0mr9377390wmq.30.1678659652402; Sun, 12 Mar 2023 15:20:52 -0700 (PDT) Received: from smtpclient.apple ([213.55.220.106]) by smtp.gmail.com with ESMTPSA id l13-20020a5d410d000000b002c5598c14acsm6282585wrp.6.2023.03.12.15.20.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 12 Mar 2023 15:20:52 -0700 (PDT) From: Shengyu Huang Message-Id: <4CBE37A2-7D50-4ECC-9B70-951AB7176D9B@gmail.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_FF4CDA97-3A71-4950-BD50-2581B798C173" Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.200.110.1.12\)) Subject: Re: [GSoC][Static Analyzer] Ideas for proposal Date: Sun, 12 Mar 2023 23:20:40 +0100 In-Reply-To: <0e6a972dac60ad290d21a82b428cc76c4e8565e9.camel@redhat.com> Cc: GCC Development To: David Malcolm References: <960EE623-1B17-4321-B77E-FBCD9496BE1F@gmail.com> <40fbb064f56845908f797400e5d9443b6cf97fe4.camel@redhat.com> <0e6a972dac60ad290d21a82b428cc76c4e8565e9.camel@redhat.com> X-Mailer: Apple Mail (2.3731.200.110.1.12) X-Spam-Status: No, score=0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,KAM_SHORT,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --Apple-Mail=_FF4CDA97-3A71-4950-BD50-2581B798C173 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi Dave, >>=20 >> 4. What=E2=80=99s the most interesting to me are PR103533 >> (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103533), >=20 > Turning on taint detection by default would be a great project. It > would be good to run the integration tests: > https://github.com/davidmalcolm/gcc-analyzer-integration-tests > to see if anything regresses, or if it adds noise - so this might be a > bit of an open-ended project, in that we'd want to fix whatever issues > show up there, as well as the known ones that are documented in that > bug. >=20 Sorry for replying to you late due to another project from my university.=20 Since most other ideas are being worked on by you or not big enough to make= a GSoC project, I decided to take on this project and have been getting fa= miliar with the analyzer this weekend. I want to sort several things out be= fore writing the proposal. 1. What should I do with the integration tests? 2. I ran gcc -fanalyzer -fanalyzer-checker=3Dtaint ./gcc-src/gcc/testsuite/= gcc.dg/analyzer/pr93032-mztools-signed-char.c , but I got different results= from what you documented in PR103533: /usr/bin/ld: /lib/x86_64-linux-gnu/crt1.o: in function `_start': (.text+0x17): undefined reference to `main' collect2: error: ld returned 1 exit status 3. What does =E2=80=9CICE=E2=80=9D mean when you said =E2=80=9CICE in alt_g= et_inherited_state in abs-1.c, =E2=80=A6=E2=80=9D? 4. For the following program, nothing is reported with the taint mode turne= d on. But there is -Wanalyzer-tained-divisor, is it expected? __attribute__((tainted_args)) int fun0(int a) { return a; } int main() { int b =3D 3 / fun0(0); return b; } 5. I guess the project would mostly modify constraint-manager.h and sm-tain= t.cc . Or are there other files that you suspect relev= ant for this project? 6. Is the current implementation based on some papers? I found this (https:= //users.ece.cmu.edu/~aavgerin/papers/Oakland10.pdf) and this (https://www.n= dss-symposium.org/wp-content/uploads/2017/09/Dynamic-Taint-Analysis-for-Aut= omatic-Detection-Analysis-and-SignatureGeneration-of-Exploits-on-Commodity-= Software-Dawn-Song.pdf), but haven=E2=80=99t started reading yet. In additi= on, purging states of the constraint manager sounds like a problem other pe= ople may have looked at. Is there any related progress since you documented= in PR103533? As you said, this would be an open-ended project, so it would be very helpf= ul to get some feedback from you so that I know how to draft my proposal. I= n addition, is it ok to deviate from the proposal after I start working?=20 Best, Shengyu --Apple-Mail=_FF4CDA97-3A71-4950-BD50-2581B798C173--