Tech Days 2015: CodePeer - Introduction and Examples of Use
Transcript of Tech Days 2015: CodePeer - Introduction and Examples of Use
CodePeer – Introduction and Examples of Use
Tucker TaftNovember 2015
What is new in CodePeer?• Support for Ada 2012 and user-specified “contracts”• Precise analysis of IEEE Float computations• Analysis of library-unit elaboration to detect uninitialized globals• Better support in GPS for analysis of race conditions• CWE message IDs included in messages and filtering checkboxes• GPS can display Value Sets and Backtraces – “static debugging”• Incremental Analysis
Why CodePeer?❖How Robust is your code?
❖ How do you know your code really works on all possible
inputs?
❖Do you ever worry about...
❖ Uninitialized variables or components?
❖ Unreachable code?
❖ Race conditions?
❖ Unexpected run-time exceptions?
Why CodePeer?❖Do you really understand your code?
The
packages your code is calling?
❖ Is there any documentation?
❖ Is that documentation correct and up to
date?
❖Do you participate in code reviews?
❖ How much fun is that?
How to use CodePeer❖ In a single installation directory:
❖ Download and install latest GPS
❖ Download and install latest CodePeer
❖Create a project using GPS in the usual way
❖ Make sure it builds successfully
How to use CodePeer❖Use CodePeer menu in GPS to ‘Analyze All’
❖ Progress bar shows number of files analyzed
❖View CodePeer results:
❖ Summary report with totals of high/medium/low ranking
messages
❖ Double click on file in summary to bring up file and
annotations
❖ Click on message at bottom to scroll to associated line
CodePeer overall structure
GNAT Tree
SCIL
Annotations
HTML
GNAT2SCIL
CodePeerGPS / GNATBench
HistoricalDatabase
Web Browser
DB_Lister
XMLCodePeer Web Server
CodePeer Screen Shot
CodePeer Screen shot: Inferred Pre/Postconditions and Test Vectors
CodePeer - Behind the scenes❖ Determines all possible values at every point in subprogram of:
❖ Every variable
❖ Every expression
❖ Deals with values coming from ‘outside’ world:
❖ Inputs to subprogram => Preconditions
❖ Results of calling analyzed code => Postconditions
❖ Results of calling unanalyzed code => Presumptions
❖ Global constants => Postconditions of ‘init’ procedures
CodePeer - Behind the scenes
❖ Substitutes actual parameters into Postconditions to
produce precise output value sets
❖ Iterates to deal with recursion and indirection
❖ Does it all symbolically and numerically
❖ Does it all before breakfast…
CodePeer Checks and Warnings• CodePeer analyzes every line of code looking for places
where run-time checks might fail• CodePeer also looks for “suspicious” code which might be
redundant, unreachable, or otherwise not serving a useful purpose
• CodePeer analyzes multitasking programs for possible race conditions
Run-time checks• array index check
– Index value could be outside the array bounds (buffer overflow)• divide by zero
– Second operand of a divide, mod or rem operation could be zero• tag check
– Tag check may fail• discriminant check
– Field of wrong variant / discriminant is accessed• access check
– Attempt to dereference a null pointer• range check
– Calculation may generate a value outside the bounds of the Ada type or subtype
• overflow check– Calculation may overflow the bounds of a numeric type
• precondition– Subprogram call may violate the subprogram’s generated precondition
Other checks
• User checks– assertion
• User assertion (pragma Assert or Precondition) could fail– conditional check
• Exception could be raised depending on a conditional test– raise exception
• Exception is raised on a reachable path– postcondition
• Subprogram’s body may violate its specified postcondition
• Uninitialized and invalid variables– validity check
• Code may be reading an uninitialized or invalid value
Liveness warnings• dead code
– Code cannot be executed• test predetermined / test always true / test always false
– Condition tested has a known value• condition predetermined
– Comparison inside a conditional has a known result• loop does not terminate
– Loop runs forever or fails to terminate normally• unused assignment
– Value written is ignored• unused assignment in callee
– Value written in out parameter or global is ignored• useless self assignment
– Assignment does not change the value stored in the variable
Other warnings
• suspicious precondition– A precondition requires a non-contiguous set of values for some
input• suspicious input
– A value for an out parameter may be read before the parameter is assigned
• suspicious constant operation– An operation computes a constant value from non-constant
operands
Race condition detection
• Detect concurrent access to an object, with one task doing an update– Performed by default
• Identify daemon / reentrant entry points– Task bodies and task types– Given by user in options / pragmas
• Identify locking mechanism– Ada protected objects– Given by user in pragmas
CodePeer Examples of Use
CodePeer - Technology❖ CodePeer ‘engine’ is ground breaking in its depth of
code source analysis for:
❖ Logic inconsistencies
❖ Race conditions
❖ Redundant code
❖ Automated pre and post condition generation
❖ Orients tool toward formal methods and
review/understanding
CodePeer - Technology❖ Scalable to realistic-sized programs
❖ Uses a highly modular, ‘bottom-up’ approach
❖ Avoids exponential ‘top-down’ path explosion
❖ Historical database preserves results of every
inspection
❖ Allows user to focus on ‘new’ problems or compare against
baseline
❖ Integrated with GNAT front-end and GPS
❖ CodePeer messages can be available on every build
CodePeer - Features of Architecture❖ Sound
❖ Algorithms use conservative assumptions to avoid False
Negatives
❖ Precise
❖ Whole-program alias analysis with flow sensitivity
❖ Global value numbering
❖ Precise value set propagation (not just ranges)
❖ Scalable
❖ Bottom-up structure based on compiler technology
CodePeer - Features of Architecture
❖Flexible
❖ Flow analysis and propagation algorithms work on real and
‘pseudo’ components of entities
❖ Incremental
❖ Strictly bottom-up, pre/post-condition approach support
iterative and incremental analysis
What is new in CodePeer?
• Support for Ada 2012– New syntax for specifying pre/postconditions
• with Pre => not Full(S);• Precise analysis of IEEE Float computations
– Identifies Underflow and Overflow possibilities
• Analysis of the elaboration of library units– Enables detection of uninitialized global variables
What is new in CodePeer? (cont’d)
• Better support for analysis of race conditions– Includes new GPS reports
• CWE (Common Weakness Enumeration) message IDs used througout– CWE Ids shown in brackets [124, 393] in messages– CWE Ids used as labels for filtering checkboxes
What is new in CodePeer? (cont’d)
• GPS can display Value Sets and Backtraces– Hover over variable to see value set at that point in program– Can display set of lines that contribute to a message or precondition– A kind of “static debugger”
• Incremental Analysis– Program can be reanalyzed using results of prior CodePeer run– Provides dramatic speedup– Improves precision for “partitioned” analyses