search

CTSRD-CHERI / cheribsd-ports

FreeBSD ports tree adapted for CheriBSD.
https://CheriBSD.org
Other
5 stars 11 forks source link

Clang Static Analyzer for CHERI #109

Closed eupharina closed 5 months ago

eupharina commented 10 months ago

This is the port for Clang Static Analyzer for Morello. I used llvm-morello port as a template but had to add a few auxiliary scripts:

  1. ccc-analyzer and cxx-analyzer wrappers are installed to LOCALBASE/libexec (similar to the wrappers installed by llvm-base) to build code with purecap ABI for analysis by default.

CSA works by overriding the path to the original compiler with c**-analyzer wrapper to capture all the compiler invocations and their arguments. When building a project for analysis using cc wrapper to add purecap flags to the compiler, CSA doesn't capture these flags, as they don't appear in the original compiler's arguments list but are added later by cc. Therefore, CSA builds code for analysis with -target-abi aapcs even though the original compiler invocation eventually builds project code for purecap.

LOCALBASE/llvm-csa/libexec/ccc-analyzer <args>  
          | -> cc <args> 
          |     -> LOCALBASE/bin/clang -march=morello -mabi=purecap <args>  
          |         -> LOCALBASE/llvm-morello/bin/clang -cc1 -target-abi purecap <cc1_args>
          | -> LOCALBASE/llvm-csa/bin/clang <args> ->
                -> LOCALBASE/llvm-csa/bin/clang -cc1 -target-abi aapcs <cc1_args>

c**-analyzer wrapper adds purecap flags to c**-analyzer argument list, which then get propagated to the original compiler (cc) and analyser's clang, making the latter build and analyse code for purecap ABI.

LOCALBASE/libexec/ccc-analyzer <args> -> 
    LOCALBASE/llvm-csa/libexec/ccc-analyzer -march=morello -mabi=purecap <args> 
          | -> cc -march=morello -mabi=purecap <args> 
          |     -> LOCALBASE/bin/clang -march=morello -mabi=purecap -march=morello -mabi=purecap <args>
          |         -> LOCALBASE/llvm-morello/bin/clang -cc1 -target-abi purecap  <cc1_args>
          | -> LOCALBASE/llvm-csa/bin/clang -march=morello -mabi=purecap <args>
                -> LOCALBASE/llvm-csa/bin/clang -cc1 -target-abi purecap <cc1_args>
  1. scan-build-csa script is installed to LOCALBASE/bin. This is a copy of LOCALBASE/llvm-csa/bin/scan-build patched after installation to use LOCALBASE/llvm-csa/bin to look for the analyser's compiler and scripts (except for c**-analyzers, which are located by relative paths leading to wrappers mentioned above). See scan-build-base.patch.in.

I am unsure about a few things regarding the port:

  1. I added to the pkg-plist only the files that CSA needs, making llvm-csa package size to be ~30MB vs. ~130MB for llvm-morello. Is it OK if STAGEDIR contains files that are not included in pkg-plist, or must I clean it somehow?

  2. What would be a proper revision of Morello LLVM to rebase all my CSA patches onto (probably the one that will be used in the upcoming release)?

Thanks!

kwitaszczyk commented 7 months ago

@brooksdavis Could you have a look at this PR? The change in devel/llvm-cheri would require your approval. Would it have to be upstreamed to FreeBSD first?

kwitaszczyk commented 7 months ago

@eupharina Brooks has added the change from devel/llvm-cheri/Makefile in upstream and cherry-picked it into main. Could you rebase this PR onto latest main?

eupharina commented 6 months ago

I added one more change to devel/llvm-cheri, I guess this should not be squashed. Otherwise, I think everything else should be squashed into a single commit.

kwitaszczyk commented 6 months ago

@brooksdavis Do you want to upstream https://github.com/CTSRD-CHERI/cheribsd-ports/pull/109/commits/5ed36818139d8b17066be65660f1860571dc04b4 first?

kwitaszczyk commented 6 months ago

I added one more change to devel/llvm-cheri, I guess this should not be squashed. Otherwise, I think everything else should be squashed into a single commit.

I agree.

brooksdavis commented 6 months ago

@brooksdavis Do you want to upstream 5ed3681 first?

Sure, I can do that.

brooksdavis commented 6 months ago

@brooksdavis Do you want to upstream 5ed3681 first?

Sure, I can do that.

I've done this and pushed a cherry-pick of it.

kwitaszczyk commented 6 months ago

@brooksdavis Thank you!

@eupharina Could you rebase this PR and squash appropriate commits? Once it's done, I can merge this PR.

kwitaszczyk commented 5 months ago

I think all of the issues except for the duplicate code in csa-wrapper.sh.in are resolved now. I've correctly built the port and its package in a hybrid ABI jail.

I agree with Jessica's point that it would be better to make use of llvm-base instead. However, I think it will require changes to llvm-base itself. For now, we can use the port as it is and improve it separately.