Coverity Origins, Static Analysis & DHS
of 38
-
Upload
billy-johnson -
Category
Documents
-
view
226 -
download
0
Transcript of Coverity Origins, Static Analysis & DHS
-
8/14/2019 Coverity Origins, Static Analysis & DHS
1/38
Coverity Origins,Static Analysis & DHS
Oct, 2009
David Maxwell
Coverity's Open Source Strategist
For
Stanford Open Source Group
-
8/14/2019 Coverity Origins, Static Analysis & DHS
2/38
Agenda
The Origins of Coverity (Stanford!)
Static Analysis
The Open Source Hardening Project
What about my project?
Open Source Report 2009
Architectural Analysis
Summary
-
8/14/2019 Coverity Origins, Static Analysis & DHS
3/38
-
8/14/2019 Coverity Origins, Static Analysis & DHS
4/38
$60,000,000,000
-
8/14/2019 Coverity Origins, Static Analysis & DHS
5/38
$10,500
-
8/14/2019 Coverity Origins, Static Analysis & DHS
6/38
The Origins of Coverity
Stanford Professor Dawson Engler
Graduate Students
Ben Chelf (CTO)
Andy Chou (Chief Scientist)
Seth Hallem (CEO)
Dave Park
-
8/14/2019 Coverity Origins, Static Analysis & DHS
7/38
The Origins of Coverity
Bugs as Deviant Behavior: A General Approach to InferringErrors in Systems Code (2001)
-
8/14/2019 Coverity Origins, Static Analysis & DHS
8/38
The Origins of Coverity
Bugs as Deviant Behavior: A General Approach to InferringErrors in Systems Code (2001)
Programmers' beliefs about the program state affect the codethey write
-
8/14/2019 Coverity Origins, Static Analysis & DHS
9/38
The Origins of Coverity
Bugs as Deviant Behavior: A General Approach to InferringErrors in Systems Code (2001)
Programmers' beliefs about the program state affect the codethey write
B = *A; Means the programmer believes A is a valid pointer
-
8/14/2019 Coverity Origins, Static Analysis & DHS
10/38
The Origins of Coverity
Bugs as Deviant Behavior: A General Approach to InferringErrors in Systems Code (2001)
Programmers' beliefs about the program state affect the codethey write
B = *A; Means the programmer believes A is a valid pointer
If (A) { Means the programmer believes A is onlysometimes valid at this point in the code
-
8/14/2019 Coverity Origins, Static Analysis & DHS
11/38
Contradictions
If these lines occur together:
B = *A;
If (A) {
There's a contradiction, since A can't be both 'valid' and'sometimes invalid' at the same time
-
8/14/2019 Coverity Origins, Static Analysis & DHS
12/38
Static Analysis
Static Analysis includes:
Path Simulation
Code is not a single linear sequence of instructions
-
8/14/2019 Coverity Origins, Static Analysis & DHS
13/38
Static Analysis
Static Analysis includes:
Path Simulation
Code is not a single linear sequence of instructions
Data Flow Analysis
Values of one variable affect values of others
-
8/14/2019 Coverity Origins, Static Analysis & DHS
14/38
Static Analysis
Static Analysis includes:
Path Simulation
Code is not a single linear sequence of instructions
Data Flow Analysis
Values of one variable affect values of others
False Path Pruning
Some paths can not occur at runtime. Reporting errorson those paths is a distraction
-
8/14/2019 Coverity Origins, Static Analysis & DHS
15/38
Open Source Hardening Project
DHS contract awarded to Stanford, Coverity, and Symantec
-
8/14/2019 Coverity Origins, Static Analysis & DHS
16/38
Open Source Hardening Project
DHS contract awarded to Stanford, Coverity, and Symantec
3 years, total of $300,000
Research automated detection of software vulnerabilities
-
8/14/2019 Coverity Origins, Static Analysis & DHS
17/38
Open Source Hardening Project
DHS contract awarded to Stanford, Coverity, and Symantec
3 years, total of $300,000
Research automated detection of software vulnerabilities
Prove value of technique
-
8/14/2019 Coverity Origins, Static Analysis & DHS
18/38
Open Source Hardening Project
DHS contract awarded to Stanford, Coverity, and Symantec
3 years, total of $300,000
Research automated detection of software vulnerabilities
Prove value of technique
Harden Open Source
-
8/14/2019 Coverity Origins, Static Analysis & DHS
19/38
Open Source Hardening Project
DHS contract awarded to Stanford, Coverity, and Symantec
3 years, total of $300,000
Research automated detection of software vulnerabilities
Prove value of technique
Harden Open Source
Validate findings from a Security centric point of view
-
8/14/2019 Coverity Origins, Static Analysis & DHS
20/38
20
Coverity Scan Site
Created by U.S. Department of Homeland SecurityPart of Open Source Hardening Project
Coverity Prevent is exclusive static analysis tool
Now contains over 250 open source packages
-
8/14/2019 Coverity Origins, Static Analysis & DHS
21/38
> 11,200
-
8/14/2019 Coverity Origins, Static Analysis & DHS
22/38
-
8/14/2019 Coverity Origins, Static Analysis & DHS
23/38
Software Tools
Version Control
Bug Trackers
Debuggers
-
8/14/2019 Coverity Origins, Static Analysis & DHS
24/38
What about my project?
Eligibility guidelines are available on the Scan site http://scan.coverity.com/devfaq.html
Essentially, non-commercial open source is automaticallyeligible
http://scan.coverity.com/devfaq.htmlhttp://scan.coverity.com/devfaq.html -
8/14/2019 Coverity Origins, Static Analysis & DHS
25/38
Self-Builds
Coverity's Analysis requires code be compiled
Coverity has been managing builds for all Open Source projects in theScan
Changing version control systems
Changing library dependencies
Changing compiler dependencies
Changing Environment dependencies
Creates a bottleneck on Scan staff time
Released to current Scan projects in Nov 2008 Projects can now do their own builds, and submit them for analysis
-
8/14/2019 Coverity Origins, Static Analysis & DHS
26/38
Self-Builds
http://scan.coverity.com/self-build/
-
8/14/2019 Coverity Origins, Static Analysis & DHS
27/38
Report on Open Source Software 2009
Let's Reconsidersome common beliefs
about good coding practices...
By looking at a lot of code,
and a lot of bugs
-
8/14/2019 Coverity Origins, Static Analysis & DHS
28/38
Original Research
60 million LOC
250 open source projects
26,181 analysis runs
Over 11 billion LOC analyzed
-
8/14/2019 Coverity Origins, Static Analysis & DHS
29/38
Overall Project Progress
-
8/14/2019 Coverity Origins, Static Analysis & DHS
30/38
Frequency of Defects (2008)
0.21%49Use Before Test (negative)
0.31%72Buffer Overrun (dynamically allocated)
0.62%144Type and Allocation Size Mismatch
3.72%859Unsafe use of Returned Negative
5.50%1,268Uninitialized Values Read
5.85%1,349Unsafe use of Returned NULL
6.46%1,491Use After Free
6.14%1,417Buffer Overrun (statically allocated)
8.09%1,867Use Before Test (NULL)
9.76%2,252Unintentional Ignored Expressions
25.73%5,852Resource Leak
27.95%6,448NULL Pointer Dereference
Percentage# of DefectsDefect Type
-
8/14/2019 Coverity Origins, Static Analysis & DHS
31/38
Cyclomatic Complexity/Lines of Code
-
8/14/2019 Coverity Origins, Static Analysis & DHS
32/38
Architectural Analysis
Data about high level architecture of code,
not low level code defects
Collected by the same analysis mechanisms
-
8/14/2019 Coverity Origins, Static Analysis & DHS
33/38
Architectur
alAnalysis
Ar
chitectural
Analysis
-
8/14/2019 Coverity Origins, Static Analysis & DHS
34/38
Architectural Analysis
-
8/14/2019 Coverity Origins, Static Analysis & DHS
35/38
-
8/14/2019 Coverity Origins, Static Analysis & DHS
36/38
-
8/14/2019 Coverity Origins, Static Analysis & DHS
37/38
Q & A
Questions?
-
8/14/2019 Coverity Origins, Static Analysis & DHS
38/38
http://scan.coverity.com/http://scan.coverity.com/report/http://scan.coverity.com/arch/
David MaxwellOpen Source Strategist
d ll@ it
http://scan.coverity.com/http://scan.coverity.com/report/http://scan.coverity.com/report/http://scan.coverity.com/
![[China merge world tour] Coverity Development Testing](https://static.fdocuments.net/doc/165x107/559b6bd01a28ab27188b4787/china-merge-world-tour-coverity-development-testing.jpg)
