EU AdaCore Tech Day 2015

1. Static Analysis with
CodePeer
Arnaud Charlet
October 1st 2015

2. What is Static Analysis?
• Basic Static Analysis: coding standard checking, metrics, compiler
warnings and style checks
• Advanced Static Analysis: symbolic execution/interpretation of
source code, whole program analysis to perform software
verification
• Formal Verification: verify high level or abstract properties on your
application, give strong guarantees

3. Why Use Static Analysis?
• Make software more reliable at reasonable cost
– Full coverage of your code (detect corner cases)
– No missing check when needed (no “false negatives”)
• Anticipate problems (get results before testing)
• Automate part of code review
• Express and verify your requirements and architecture

4. CodePeer Overview
• Advanced static analysis tool for Ada
– Includes also basic static analysis (gnatcheck, gnatmetric)
• Detects runtime and logic errors
– Buffer overflow, division by zero, dead code, …
• Analyzes complete or partial programs (e.g. libraries)
– Supports all versions of Ada
– Supports most Ada compilers and targets
– Can tune level of analysis and accuracy

5. CodePeer Overview
• Generates human readable annotations
• Support for IEEE 754 floating point semantics
• Integrated in GPS, GNATbench and third party tools
• Uses project files (.gpr)
• Comes with an HTML server

6. A Qualifiable Tool
DO178C (Avionics)
• Automate part of DO178C 6.3.4.f - determine the correctness and
consistency of the Source Code
• Qualified as a verification tool (TQL 5 in DO178C)
• Generation of a detailed report file (date of run, switches,
messages, limitations, …)
EN50128 (Railway)
• Qualified as a tool class T2
• Used for boundary value analysis, control flow and data flow
analysis

7. CodePeer Use Cases
1. Early testing: detect errors earlier on code modifications/new code
2. Find bugs (on existing code)
3. Impact analysis (before making a change)
4. Code review: help focusing on potential problems/complex code
5. Check consistent use of (third party) libraries:
Detect inconsistencies between assumptions in callee and caller
6. Identify race conditions
7. Provide evidence for program verification

8. CodePeer 3.1
• Integration with Jenkins - Continuous Builder
• Integration with Sonar, Squore - Dashboards
• CWE compatibility – Security Analysis
• Detection of dangling references
• Static Debugger
• Incremental (re)analysis

9. Integration with Jenkins

10. Integration with Jenkins

11. Integration with Dashboards

12. Integration with Dashboards

13. CWE - Security Analysis
• cwe.mitre.org
• Filters on 36 detected
CWE ids

14. Detection of Dangling References
• Detect use after free
with Unchecked_Deallocation;
procedure Dangling is
type Ref is access Integer;
procedure Free_Int is new Unchecked_Deallocation (Integer, Ref);
Ptr1 : constant Ref := new Integer;
Ptr2 : Ref := Ptr1;
begin
Free_Int (Ptr2);
Ptr1.all := 123; -- high: validity check fails here: requires not Ptr1’Freed
end;

15. Static Debugger
Display possible values of variables

16. Static Debugger
Backtrace capability on messages related to preconditions

17. Incremental Analysis
• Ability to re-analyze only impacted files
On a 10K SLOC project, 75 files
Time to analyze from scratch: 75 files in 18 minutes
Time to re-analyze and update the database: 9 seconds
Modifying a few files and re-analyzing: 44 files in 2 minutes
• Ability to refine analysis (more precise on new runs)