Static analysis on ns-3-dev as debug tool

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Static analysis on ns-3-dev as debug tool

Natale Patriciello
Hi all,

since static analysis tools are really powerful and can help a lot (in
the last three weeks I have reported many bugs found by clang, some of
them very dangerous) the development of new features, I would like to
propose to add static analysis as check done to every commit, warning
the developers if the new commit is introducing new errors.

Of course, before doing that, we should remove all the existing
warnings, and get a little of confidence about these tools. At the end,
I tried some of them but after some weeks of use I feel very confortable
with clang and its static analyzer. If you want to try, just do these steps:

1) Install clang (I have 3.9.0)
2) run the following:

$ scan-build ./waf configure --enable-examples --disable-tests --disable-gtk -d debug
$ scan-build -o /home/nat/Work/ns-3-dev-git/html-dir ./waf

Yes, you should replace the -o argument with the directory you wish. At
the end, there will be various html files and an index.html, that you
can open with your favorite browser.

There could be some false positives, but these can be silenced by
putting an assert (NS_ASSERT is fine) on what you are expecting from the
piece of code (pre and/or post conditions).

Any thoughs?

Natale

Reply | Threaded
Open this post in threaded view
|

Re: Static analysis on ns-3-dev as debug tool

Barnes, Peter D.
For those of us who are time-challenged…

Could you please host an example of the output somewhere?  Perhaps at https://www.nsnam.org/~nat/…
I know it’s possible to put an html file set there to be hosted by nsnam, but I've forgotten the details.  Tom?

Could you please give an example of suppressing false positive?  showing the initial code, the error message, and the modified code.

Thanks,
Peter

On Dec 8, 2016, at 12:36 PM, Natale Patriciello <[hidden email]<mailto:[hidden email]>> wrote:

Hi all,

since static analysis tools are really powerful and can help a lot (in
the last three weeks I have reported many bugs found by clang, some of
them very dangerous) the development of new features, I would like to
propose to add static analysis as check done to every commit, warning
the developers if the new commit is introducing new errors.

Of course, before doing that, we should remove all the existing
warnings, and get a little of confidence about these tools. At the end,
I tried some of them but after some weeks of use I feel very confortable
with clang and its static analyzer. If you want to try, just do these steps:

1) Install clang (I have 3.9.0)
2) run the following:

$ scan-build ./waf configure --enable-examples --disable-tests --disable-gtk -d debug
$ scan-build -o /home/nat/Work/ns-3-dev-git/html-dir ./waf

Yes, you should replace the -o argument with the directory you wish. At
the end, there will be various html files and an index.html, that you
can open with your favorite browser.

There could be some false positives, but these can be silenced by
putting an assert (NS_ASSERT is fine) on what you are expecting from the
piece of code (pre and/or post conditions).

Any thoughs?

Natale


_____________________________________________________________
Dr. Peter D. Barnes, Jr. NACS Division
Lawrence Livermore National Laboratory Physical and Life Sciences
7000 East Avenue, L-50 email:  [hidden email]<mailto:[hidden email]>
P. O. Box 808 Voice:  (925) 422-3384
Livermore, California 94550 Fax:    (925) 423-3371





Reply | Threaded
Open this post in threaded view
|

Re: Static analysis on ns-3-dev as debug tool

Natale Patriciello
On 09/12/16 at 05:58pm, Barnes, Peter D. wrote:
> For those of us who are time-challenged…
>
> Could you please host an example of the output somewhere?  Perhaps at
> https://www.nsnam.org/~nat/…
> I know it’s possible to put an html file set there to be hosted by
> nsnam, but I've forgotten the details.  Tom?

I have a personal space on the uni's server, but in some days I have to
remove it. So, I uploaded a .tar.xz of an example html output:

http://netlab.ing.unimo.it/ns3/html-dir.tar.xz

download it, untar it (bsdtar -xf html-dir.tar.xz or xz html-dir.tar.xz
&& tar xvf html-dir.tar) and then open 2016-.../index.html

> Could you please give an example of suppressing false positive?
> showing the initial code, the error message, and the modified code.
>

Of course. Open the html file, then search for the file
"src/wifi/model/minstrel-ht-wifi-manager.cc". The error reported is
division by 0 at line 1110:

1110      station->m_sampleGroup %= m_numGroups;

m_numGroups is initialized at 0 in the constructor, but it's set at a
value != 0 in DoInitialize (). Since the analyzer doesn't know that
DoInitialize () is called always, by adding a NS_ASSERT (m_numGroups >
0) before the offending line (somewhere at the beginning of the method)
is enough to making the signalled error fading away. A more smart coder
than me probably would add it at the end of DoInitialize() method, in
order to be sure to not leave some variables out in the set of
initializations, but the effect is the same.

Nat