File:  [NetBSD Developer Wiki] / wikisrc / users / maya.mdwn
Revision 1.1: download - view: text, annotated - select for diffs
Thu Feb 16 00:01:14 2017 UTC (4 years, 5 months ago) by maya
Branches: MAIN
CVS tags: HEAD
Some info on how I've been using asan and coverity
(Not sure if this is sane markdown)

# Tips for using analyzers on NetBSD #

## Address Sanitizer (+UBsan) (preliminary) ##

ASan reports memory violations, and detects many off-by-ones. It seems
to produce very high quality reports.

It only needs to be compiled on the resulting binary[1]. It cannot compile
static objects so requires some fiddling with makefiles to disable those.

I've been running it on netbsd tests in the following manner[2]:

    cd /usr/src/tests/lib/libc
    env USETOOLS=never MK_SSP=no HAVE_SSP=no CFLAGS="-fno-omit-frame-pointer -O0 -g -ggdb -U_FORTIFY_SOURCE -fsanitize=address -fsanitize=undefined" LDFLAGS="-lasan -lubsan" make -j20

    env ASAN_OPTIONS=alloc_dealloc_mismatch=0 LD_PRELOAD="/usr/lib/libasan.so /usr/lib/libubsan.so" atf-run

1. Seems like this is a cause of worse reports, as in-library functions
are not intercepted.

2. Not even close to canonical commands, should probably be improved.

3. ASAN_OPTIONS=alloc_dealloc_mismatch=0 is because atf-run itself
    triggers a bug. Should have a look at it so this option doesn't
    need to be disabled.

Important note: ASan should not be run on production systems. [It can pose a
security risk](http://www.openwall.com/lists/oss-security/2016/02/17/9).

## Coverity ##

Coverity is a static analyzer.

You can see a part of its output in coverity-updates@, and a lot more
if you go to the website (sign up with your netbsd email or poke someone
for access).

A lot of the reports are about strncpy/strcpy or in code that belongs
to GCC (in the case of userland), you can tackle this by limiting
results to a particular directory (click the folder icon). You can
also sort by issue.

Some suggestions for things to focus on, as there are many defects
reported:

- Setuid programs
- Anything kernel
- Stuff that runs as root

- Library or other code you know well already
- Drivers for hardware you actually own and can test

Future ideas:

- GCC could be told to add ASan flags for all shared objects, making
  it easier to build world with those flags
- We could run all of NetBSD with ASan for some real world tests.
- ASan for kernel? (subr_kmem.c has some flags which do some of the
  work, could it do more?)
- Fuzzers are cool.

CVSweb for NetBSD wikisrc <wikimaster@NetBSD.org> software: FreeBSD-CVSweb