Annotation of wikisrc/users/maya.mdwn, revision 1.1

1.1     ! maya        1: # Tips for using analyzers on NetBSD #
        !             2: 
        !             3: ## Address Sanitizer (+UBsan) (preliminary) ##
        !             4: 
        !             5: ASan reports memory violations, and detects many off-by-ones. It seems
        !             6: to produce very high quality reports.
        !             7: 
        !             8: It only needs to be compiled on the resulting binary[1]. It cannot compile
        !             9: static objects so requires some fiddling with makefiles to disable those.
        !            10: 
        !            11: I've been running it on netbsd tests in the following manner[2]:
        !            12: 
        !            13:     cd /usr/src/tests/lib/libc
        !            14:     env USETOOLS=never MK_SSP=no HAVE_SSP=no CFLAGS="-fno-omit-frame-pointer -O0 -g -ggdb -U_FORTIFY_SOURCE -fsanitize=address -fsanitize=undefined" LDFLAGS="-lasan -lubsan" make -j20
        !            15: 
        !            16:     env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run
        !            17: 
        !            18: 1. Seems like this is a cause of worse reports, as in-library functions
        !            19: are not intercepted.
        !            20: 
        !            21: 2. Not even close to canonical commands, should probably be improved.
        !            22: 
        !            23: 3. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself
        !            24:     triggers a bug. Should have a look at it so this option doesn't
        !            25:     need to be disabled.
        !            26: 
        !            27: Important note: ASan should not be run on production systems. [It can pose a
        !            28: security risk](http://www.openwall.com/lists/oss-security/2016/02/17/9).
        !            29: 
        !            30: ## Coverity ##
        !            31: 
        !            32: Coverity is a static analyzer.
        !            33: 
        !            34: You can see a part of its output in coverity-updates@, and a lot more
        !            35: if you go to the website (sign up with your netbsd email or poke someone
        !            36: for access).
        !            37: 
        !            38: A lot of the reports are about strncpy/strcpy or in code that belongs
        !            39: to GCC (in the case of userland), you can tackle this by limiting
        !            40: results to a particular directory (click the folder icon). You can
        !            41: also sort by issue.
        !            42: 
        !            43: Some suggestions for things to focus on, as there are many defects
        !            44: reported:
        !            45: 
        !            46: - Setuid programs
        !            47: - Anything kernel
        !            48: - Stuff that runs as root
        !            49: 
        !            50: - Library or other code you know well already
        !            51: - Drivers for hardware you actually own and can test
        !            52: 
        !            53: Future ideas:
        !            54: 
        !            55: - GCC could be told to add ASan flags for all shared objects, making
        !            56:   it easier to build world with those flags
        !            57: - We could run all of NetBSD with ASan for some real world tests.
        !            58: - ASan for kernel? (subr_kmem.c has some flags which do some of the
        !            59:   work, could it do more?)
        !            60: - Fuzzers are cool.

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb