From dwheeler at dwheeler.com Sun May 8 18:17:07 2005 From: dwheeler at dwheeler.com (David A. Wheeler) Date: Wed Mar 22 17:10:54 2006 Subject: [splint-discuss] Paid summer research: Automated identification of vulnerabilities in Java source code Message-ID: <427E8FE3.8050407@dwheeler.com> I have a paid research position available for this summer (2005) for a graduate student or Junior/Senior in college, to investigate how to (better) automatically identify security vulnerabilities in Java source code. Goal is a publishable paper, though we'd definitely entertain the idea of code too. Must be U.S. citizen; work is in Northern Virginia. Anyone interested, or know who's interested? I realize it's late, but the person who WAS going to do this suddenly fell through, so I'm looking for someone else ASAP. --- David A. Wheeler From woodzltc at cn.ibm.com Tue May 10 12:13:12 2005 From: woodzltc at cn.ibm.com (Wu Zhou) Date: Wed Mar 22 17:10:56 2006 Subject: [splint-discuss] how to run splint on a large software project as a whole Message-ID: <004d01c5557b$2e73da50$3e7ffea9@ibmcsdl9m89c83> hi all, We am now considering using splint on some large software project, which has more than 500 source files and 100,000 lines of codes. I know that splint could run against each source file seperatedly. But I wish to know whether there is a way to run splint on the software package as a whole? If yes, how? Another related question is: whether splint could use the package's Makefile to specify the splint options(such as -I, -D) against each source file? If it does support this, that will be of great help. This is the first time for me to use splint. If there are any error in my understanding of splint, please feel free to correct me. Thanks. Cheers. - Wu Zhou From roland.illig at gmx.de Tue May 10 12:28:28 2005 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:56 2006 Subject: [splint-discuss] how to run splint on a large software project as a whole In-Reply-To: <004d01c5557b$2e73da50$3e7ffea9@ibmcsdl9m89c83> References: <004d01c5557b$2e73da50$3e7ffea9@ibmcsdl9m89c83> Message-ID: <4280E12C.4040607@gmx.de> Wu Zhou wrote: > hi all, > > We am now considering using splint on some large software project, which > has more than 500 source files and 100,000 lines of codes. I know that > splint could run against each source file seperatedly. But I wish to know > whether there is a way to run splint on the software package as a whole? > If yes, how? > > Another related question is: whether splint could use the package's Makefile > to specify the splint options(such as -I, -D) against each source file? If it > does support this, that will be of great help. > > This is the first time for me to use splint. If there are any error in my > understanding of splint, please feel free to correct me. Thanks. The easiest thing would be a compiler wrapper that calls both the compiler and splint, depending on the options. make CC=splint-cc Roland From woodzltc at cn.ibm.com Tue May 10 22:24:01 2005 From: woodzltc at cn.ibm.com (Wu Zhou) Date: Wed Mar 22 17:10:56 2006 Subject: [splint-discuss] how to run splint on a large software projectas a whole References: <004d01c5557b$2e73da50$3e7ffea9@ibmcsdl9m89c83> <4280E12C.4040607@gmx.de> Message-ID: <005601c555d0$828af330$7b86b509@ibmcsdl9m89c83> Thank you. Roland. Do you means that we could use such a wrapper to first call cc to execute compiling process, then call splint to execute static analysis process on each source file? If it is like that, how should we let the splint to recognize these building options for gcc: pass the interested options(such as -I, -D..), and ignore others? Or any other ways? I also noted that there are quite a lot of parse errors while using splint to handle gcc code? Is splint supposed to handle all GNU's extension to ANSI C? If not, is there any other simpler ways for splint to workaround the parse error besides adding some conditional statement around these error place? Thanks. - Wu Zhou ----- Original Message ----- From: "Roland Illig" To: "Discussions about the Splint annotation-assisted static analysis project" Sent: Wednesday, May 11, 2005 12:28 AM Subject: Re: [splint-discuss] how to run splint on a large software projectas a whole > Wu Zhou wrote: > > hi all, > > > > We am now considering using splint on some large software project, which > > has more than 500 source files and 100,000 lines of codes. I know that > > splint could run against each source file seperatedly. But I wish to know > > whether there is a way to run splint on the software package as a whole? > > If yes, how? > > > > Another related question is: whether splint could use the package's Makefile > > to specify the splint options(such as -I, -D) against each source file? If it > > does support this, that will be of great help. > > > > This is the first time for me to use splint. If there are any error in my > > understanding of splint, please feel free to correct me. Thanks. > > The easiest thing would be a compiler wrapper that calls both the > compiler and splint, depending on the options. > > make CC=splint-cc > > Roland > _______________________________________________ > splint-discuss mailing list > splint-discuss@ares.cs.Virginia.EDU > http://www.cs.Virginia.EDU/mailman-2.1.5/listinfo/splint-discuss > > From roland.illig at gmx.de Wed May 11 11:19:11 2005 From: roland.illig at gmx.de (Roland Illig) Date: Wed Mar 22 17:10:56 2006 Subject: [splint-discuss] how to run splint on a large software projectas a whole In-Reply-To: <005601c555d0$828af330$7b86b509@ibmcsdl9m89c83> References: <004d01c5557b$2e73da50$3e7ffea9@ibmcsdl9m89c83> <4280E12C.4040607@gmx.de> <005601c555d0$828af330$7b86b509@ibmcsdl9m89c83> Message-ID: <4282226F.8020608@gmx.de> Wu Zhou wrote: > Thank you. Roland. Do you means that we could use such a wrapper to first call cc > to execute compiling process, then call splint to execute static analysis process on > each source file? If it is like that, how should we let the splint to recognize these > building options for gcc: pass the interested options(such as -I, -D..), and ignore > others? Or any other ways? Don't forget the -U... option. :) I have just written such a wrapper for gcc. You may use it for > I also noted that there are quite a lot of parse errors while using splint to handle gcc > code? Is splint supposed to handle all GNU's extension to ANSI C? If not, is there > any other simpler ways for splint to workaround the parse error besides adding > some conditional statement around these error place? That depends highly on the extensions. I don't know these extensions very well because I only write portable ISO C90 code. ;) Please provide some examples of the extensions you use. Roland -------------- next part -------------- #! /usr/bin/env perl # # A wrapper for gcc that calls splint with the appropriate -D..., -I... # and -U... flags, and after that calls gcc. To use it, define the # Makefile variable CC="splintcc cc". # # Copyright (c) 2005 # Roland Illig . # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # This software is provided ``as is'' and without any warranties. # Use it at your own risk. # use strict; use warnings; use constant false => 0; use constant true => 1; sub fork_exec(@) { my (@argv) = @_; my $pid = fork(); if (!defined($pid)) { return undef; } elsif ($pid == 0) { exec { $argv[0] } @argv or return undef; } else { waitpid($pid, 0) or return undef; } return true; } my @lint_args = ("splint"); my @cc_args = (shift()); my $compiling = false; my $arg; while (defined($arg = shift(@ARGV))) { push(@cc_args, $arg); if ($arg =~ qr"^-[DIU]") { push(@lint_args, $arg); } elsif ($arg =~ qr"^(?:-E|-f.*|-m.*|-O.*|-S|-static|-W.*)$") { # ignore them for splint } elsif ($arg eq "-c") { push(@lint_args, "+partial"); $compiling = true; } elsif ($arg eq "-o") { # skip this and the next argument for splint push(@cc_args, shift(@ARGV)); } elsif ($arg =~ qr"^-.") { print STDERR "Unknown argument: $arg\n"; } else { push(@lint_args, $arg); } } if ($compiling) { fork_exec(@lint_args); } exec { $cc_args[0] } @cc_args or die; From spam_account at sympatico.ca Mon May 16 14:56:39 2005 From: spam_account at sympatico.ca (Bill Pringlemeir) Date: Wed Mar 22 17:10:56 2006 Subject: [splint-discuss] How to fully determine a structure? Message-ID: I have a code snippet like this, struct basic { int a; } basic; struct specialized { struct basic base; int b; }; static struct specialized global_special = { {5}, 6}; struct basic *init_special(void) { global_special.base.a = 0; global_special.b = 11; return &global_special.base; } I want to annotate "init_special()" to make sure that all members of "global_special" are initialized by the function. Thanks, Bill Pringlemeir. From ptp at lysator.liu.se Mon May 30 09:11:01 2005 From: ptp at lysator.liu.se (Tommy Pettersson) Date: Wed Mar 22 17:10:56 2006 Subject: [splint-discuss] How to fully determine a structure? In-Reply-To: References: Message-ID: <20050530131101.GK6537@lysator.liu.se> Bill Pringlemeir wrote: > I have a code snippet like this, > > struct basic { > int a; > } basic; > > struct specialized > { > struct basic base; > int b; > }; > > static struct specialized global_special = { {5}, 6}; > > > struct basic *init_special(void) > { > global_special.base.a = 0; > global_special.b = 11; > return &global_special.base; > } > > I want to annotate "init_special()" to make sure that all members of > "global_special" are initialized by the function. The correct annotation would be struct basic *init_special(void) /*@sets global_special@*/ ...which gives: Global variable global_special used state clause. (Global variables are not recognized in state clauses. If they are present they are ignored. If there is sufficient interest in support for this, it may be added to a future release. Send mail to info@splint.org.) so the answer is, you can't. If you give the struct as a parameter to init_special it works. struct basic { int a; int b; /* <-- not set in init_special */ } basic; struct basic *init_special(/*@special@*/ struct specialized *me) /*@sets *me @*/ { me->base.a = 0; me->b = 11; return &(me->base); } /* <-- line 21 */ gives: f.c:21: Returned storage me->base contains 1 undefined field: b Storage derivable from a parameter, return value or global is not defined. -- Tommy Pettersson From spam_account at sympatico.ca Mon May 30 10:34:49 2005 From: spam_account at sympatico.ca (Bill Pringlemeir) Date: Wed Mar 22 17:10:57 2006 Subject: [splint-discuss] How to fully determine a structure? Message-ID: > Bill Pringlemeir wrote: >> I want to annotate "init_special()" to make sure that all members >> of "global_special" are initialized by the function. On 30 May 2005, ptp@lysator.liu.se wrote: [snip] > so the answer is, you can't. If you give the struct as a > parameter to init_special it works. [snip] > struct basic *init_special(/*@special@*/ struct specialized *me) > /*@sets *me @*/ > { > me->base.a = 0; > me->b = 11; > return &(me->base); > } /* <-- line 21 */ > gives: > f.c:21: Returned storage me->base contains 1 undefined field: b > Storage derivable from a parameter, return value or global is not > defined. Thanks. I think that will start me down the correct path. I have two cases like this. One are control state or goals for a robot. The main loop doesn't need to care what the particular state is. It just needs to call "do_action", "cleanup", etc. The goals are set from a UI. Like approach object, go home, etc. The same UI can be on a local display or remotely over a network. The UI is the second case. Basically I wanted to have C++ virtual inheritance in C. I have an embedded system and didn't want to depend on a heap allocation. On a PC, etc I would use malloc to allocate the structure. I don't think it makes sense to pass the allocated space to the routine. "init_special" is like "new". Having to pass a pointer to "struct specialized" would mean that the caller has to know what "struct specialized" is. That defeat most of the point of this. I did run your example through splint. At first I got nothing. Then I realized that I needed to use "+checked" ;-) Having an example to work with was helpful. Just knowing the annotation /*@special@*/ is also useful. I didn't know which part of the manual to look at. Figure 15 "clauses.c" is useful. I think I can find a way to do what I want with some conditional compilation. Thanks again, Bill Pringlemeir. From derek at knosof.co.uk Mon May 30 16:25:29 2005 From: derek at knosof.co.uk (Derek M Jones) Date: Wed Mar 22 17:10:57 2006 Subject: [splint-discuss] Book providing detailed analysi sof C Message-ID: <4.3.2.7.2.20050530212333.00b84670@pop3.demon.co.uk> All, You can now download my book "The New C Standard" http://www.knosof.co.uk/cbook/cbook1_00.pdf There is plenty to read for those interested in C coding guidelines. Comments welcome (I know that some of the margin references at the bottom of the page apply to material at the top of the next page; I have given up wrestling with the page layout system for the time being). Updated subsets of the material will be appearing on the books web page over the coming days. www.knosof.co.uk/cbook/cbook.html derek -- Derek M Jones tel: +44 (0) 1252 520 667 Knowledge Software Ltd mailto:derek@knosof.co.uk Applications Standards Conformance Testing http://www.knosof.co.uk