lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <864o6v89n4.fsf@peer.zerties.org>
Date:	Tue, 22 Mar 2011 16:20:15 +0100
From:	Christian Dietrich <christian.dietrich@...ormatik.uni-erlangen.de>
To:	vamos-dev@...informatik.uni-erlangen.de,
	daca-devel@...ts.alioth.debian.org, linux-kernel@...r.kernel.org
Cc:	Julia Lawall <julia@...u.dk>
Subject: [ANNOUNCE] undertaker 1.1

The VAMOS team is pleased to announce undertaker 1.1. The undertaker
tool is a result of the VAMOS[1] research project. Please visit our
project site at:

http://vamos.informatik.uni-erlangen.de/trac/undertaker

What is undertaker?
-------------------

The undertaker is a tool for static code analysis for code with C
preprocessor directives that can be used in various modes. The most
prominent one checks every single preprocessor block within the file
whether it can be selected or deselected, which in many cases is a great
asset for code maintenance.

Some preprocessor blocks are only seemingly conditional. In many cases,
it turns out that additional constraints from the project's
configuration model causes such #ifdef blocks to be in fact
unconditionally selected or unselected. We call such block "dead" and
"undead" conditional blocks.

Undertaker provides tools to extract the configuration model from the
Linux configuration tooling Kconfig and to perform this check on whole
source trees.

New in 1.1 is the support for #define and #undef directives in CPP
Code.

 ,----
 | #undef A
 | #ifdef A
 | // Block 1
 | #endif
 `----


Here we identify Block 1 as an dead code-block, because it will never
be compiled into the resulting binary. This analysis can be done
completly without any information about the configuration model.

We have already performed a check on the v2.6.38 tree and provide easy
access to the results via an online interface[2]. There is also a cpio
archive with the report files.

What undertaker is not?
-----------------------

It isn't an automatic patch generator. Because of peculiarities in the
Kconfig semantics, (ignored) coding guidelines and simply engineering
issues, the reports might contain false negatives. Note that our
philosophy is that we prefer false negatives over false positives, i.e.,
we prefer to miss reports than reports that are no issue at all.

What else can i do with undertaker?
-----------------------------------

You can extract boolean formulas (with or without model) for a given
line of sourcecode in a file or for a given symbol. There is also an
integration for emacs for interactive browsing of block and symbol
preconditions.

Additional uses are currently under development.

[1] http://www4.informatik.uni-erlangen.de/Research/VAMOS/
[2] http://www4.informatik.uni-erlangen.de/Research/VAMOS/linux-trees/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ