gnat pro user day: latest advances in adacore static analysis tools
DESCRIPTION
A presentation given at GNAT Pro User Day about Latest Advances in AdaCore Static Analysis ToolsTRANSCRIPT
![Page 1: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/1.jpg)
Latest Advances in AdaCore Static Analysis
Tools
Arnaud CharletPresented by
![Page 2: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/2.jpg)
What is Static Analysis?
• Basic Static Analysis: coding standard checking, metrics, compiler warnings and style checks
• Advanced Static Analysis: symbolic execution/interpretation of source code, whole program analysis to perform software verification
• Formal Verification: verify high level or abstract properties on your application, give strong guarantees
![Page 3: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/3.jpg)
Why Use Static Analysis?• Make software more reliable at reasonable cost
• Full coverage of your code
• No missing check (no “false negatives”)
• Anticipate problems (get results before testing)
• Automate part of code review
• Express and verify your requirements and architecture
![Page 4: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/4.jpg)
CodePeer Overview• Advanced static analysis tool for Ada
• Includes also basic static analysis (gnatcheck, gnatmetric)
• Detects runtime and logic errors
• Buffer overflow, division by zero, dead code, …
• Analyzes complete or partial programs (full Ada)
• Generates human readable annotations
![Page 5: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/5.jpg)
Why Use CodePeer?
• Early testing (detect errors earlier on code modifications/new code)
• Find bugs (on existing code)
• Impact analysis
• Code review: help focusing on potential problems/complex code
![Page 6: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/6.jpg)
Why Use CodePeer?
• Race conditions
• Provide evidence for program verification
![Page 7: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/7.jpg)
SPARK Overview• Formal verification tool and language
developed by AdaCore and Altran
• Subset of Ada 2012: no pointers, no exceptions
• New aspects, pragmas, attributes
• Can add (executable) contracts for more precise analysis
• Can combine test and proof at subprogram level
• Allows 100% automatic proof
![Page 8: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/8.jpg)
Why Use SPARK?
• Guarantee no runtime errors, no uninitialized variables
• Functional verification
• Check data flows (data coupling)
• Express and verify high level properties
![Page 9: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/9.jpg)
Why Use SPARK?
When starting from existing code:
• You can start by adding incrementally annotations (pre/post)
• Get immediate benefit from tests
• Incrementally get additional benefits from the SPARK toolset
![Page 10: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/10.jpg)
Why Use SPARK?
When (re)writing (new) code:
• Express your requirements in a way that can be reviewed by humans, checked by testing, and verified by SPARK
• Express your software architecture, and verify it automatically
![Page 11: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/11.jpg)
SPARK CodePeer• Ada subset (no
pointers/exceptions)
• Requires more effort (add contracts)
• Find (and prove) all runtime errors
• Verify functional correctness and security properties
• Full Ada
• Very easy to run (easier than writing tests)
• Find possible runtime errors and suspicious code worth reviewing
• No functional error detection
• Can tune level of detection/false alarms
![Page 12: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/12.jpg)
Next Release
SPARK 15.0 and CodePeer 3.0
![Page 13: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/13.jpg)
What’s New in SPARK 15.0
• Improved proof capability
• Improved user interface
• New language features
![Page 14: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/14.jpg)
Improved Proof Capability
• Local subprograms can be used without contracts
• Improved parallelism
• Use of Ada functions in contracts
• Improved handling of arrays, integers, floating-point
![Page 15: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/15.jpg)
Improved User Interface
• Improved handling of error and warning messages
• More precise generation of contracts (Globals/Depends)
• Support for manual provers (e.g. Coq, Isabelle)
• Computation and display of remaining assumptions
• Improved documentation (examples, tutorials, …)
![Page 16: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/16.jpg)
New Language Features• Support for tagged types and dynamic dispatching
• Library of (un)bounded indefinite containers
• Support for dynamic constants/types
• Improved usability of volatile objects
• Support for simple raise statements
• Support for proof-only (“ghost”) code
![Page 17: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/17.jpg)
What’s New in CodePeer 3.0• DO178B and EN50128 qualification
• Support for IEEE 754 floating point semantics
• Symbolic debugger
• Enhanced project file support
• Improved support for non GNAT compilers
• Enhanced Messages
![Page 18: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/18.jpg)
DO178B Qualification• CodePeer can be used to automate part of DO178B 6.3.4.f
The objective is to determine the correctness and consistency of the Source Code
• Qualified as a verification tool (TQL 5 in DO178C)
• Most checks have been qualified: overflow, range, index, division by zero, uninitialized variables
• Generation of a detailed report file (date of run, switches, messages, limitations, …)
![Page 19: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/19.jpg)
EN50128 Qualification• Qualified as a tool class T2
• Boundary value analysis
• Null dereference, buffer overflow, numeric overflow, …
• Control flow analysis
• Unreachable code, redundant conditionals, …
• Data flow analysis
• Uninitialized variables, redundant assignments, …
![Page 20: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/20.jpg)
IEEE 754 Floating Point• CodePeer used to approximate floating point using infinite
precision values (mathematical results)
• This could lead to missing potential errors, or false alarms
• IEEE 754 rounding and loss of precision now taken into account
• Reliable detection of possible overflows, division by zero
• Understand properties of mathematical functions (cos, sin, sqrt, …)
![Page 21: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/21.jpg)
Symbolic Debugger
• Display of Backtraces on precondition messages
• Display of possible values for any variable
![Page 22: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/22.jpg)
Enhanced Project File Support
• Aggregate projects
• Specifying main files on command line
• Analyzing closure of project
• Excluding some files from analysis
• Improved documentation on getting started with project files
![Page 23: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/23.jpg)
Support for Other Compilers
• Compiler specific libraries
• Support for a target configuration file
• Ability to generate a target configuration file using target compiler
• Support for Ada 83 non portable or invalid code
![Page 24: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/24.jpg)
Enhanced Messages
• New message: check on possible parameter aliasing
• New filter on security related vulnerabilities
• Support for CWE (Common Weakness Enumeration) cwe.mitre.org
• Compiler-like behavior: file by file quick incremental analysis
• More accurate messages, fewer false positives
![Page 25: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/25.jpg)
Future Plans
SPARK 16.0 and CodePeer 3.1
![Page 26: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/26.jpg)
SPARK 16.0• Generation of counter examples
• Integration with tests
• Symbolic debugger
• Improved proof
• Support for tasking
![Page 27: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/27.jpg)
CodePeer 3.1
• Detection of dangling references
• Incremental (re)analysis
• Integration with GNATtest
• New HTML interface
• Integration with Jenkins
![Page 28: GNAT Pro User Day: Latest Advances in AdaCore Static Analysis Tools](https://reader033.vdocuments.net/reader033/viewer/2022061214/547ea80db479598e508b4c11/html5/thumbnails/28.jpg)
Questions?