search

metasepi / postmortem

Postmortem for open-source operating systems
MIT License
1 stars 0 forks source link

Write Checked C code to avoid some of bugs #32

Closed master-q closed 3 years ago

master-q commented 3 years ago

https://www.microsoft.com/en-us/research/project/checked-c/

master-q commented 3 years ago

https://www.i-programmer.info/news/184-cc/12130-microsoft-making-c-safe-checked-c.html

The average run-time overhead was 8.6%

It needs checking on runtime?

master-q commented 3 years ago

It depends on clang, doesn't support gcc.

master-q commented 3 years ago

We think it has compile-time checking and run-time checking. How to classify things to these?

master-q commented 3 years ago

https://github.com/microsoft/checkedc/wiki/Benchmarks-for-evaluating-Checked-C

It has already compile above codes?

master-q commented 3 years ago

https://github.com/Microsoft/checkedc/wiki#example-code

To see some real-world C code that has been converted to Checked C, see

  • The Checked C fork of the parson JSon parser.

We think the fork of the parson is suitable for understand this approach and benchmark runtime checking.

master-q commented 3 years ago 
$ pwd
/home/kiwamu/src/checkedc
$ cat /proc/cpuinfo | grep "model name" | head -1
model name      : Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz
$ git clone git@github.com:kgabis/parson.git
$ cd parson
$ git diff
diff --git a/Makefile b/Makefile
index 98654de..059e457 100644
--- a/Makefile
+++ b/Makefile
@@ -1,19 +1,11 @@
-CC = gcc
-CFLAGS = -O0 -g -Wall -Wextra -std=c89 -pedantic-errors
+CC = clang
+CFLAGS = -O0 -g -Wall -Wextra -std=c99 -pedantic-errors

-CPPC = g++
-CPPFLAGS = -O0 -g -Wall -Wextra
+all: test

-all: test testcpp
-
-.PHONY: test testcpp
+.PHONY: test
 test: tests.c parson.c
        $(CC) $(CFLAGS) -o $@ tests.c parson.c
-       ./$@
-
-testcpp: tests.c parson.c
-       $(CPPC) $(CPPFLAGS) -o $@ tests.c parson.c
-       ./$@

 clean:
        rm -f test *.o
diff --git a/tests.c b/tests.c
index 72de9ae..dc1345d 100644
--- a/tests.c
+++ b/tests.c
@@ -72,6 +72,7 @@ static int tests_passed;
 static int tests_failed;

 int main(int argc, char *argv[]) {
+    int i;
     /* Example functions from readme file:      */
     /* print_commits_info("torvalds", "linux"); */
     /* serialization_example(); */
@@ -83,6 +84,7 @@ int main(int argc, char *argv[]) {
         tests_path = "tests";
     }

+    for (i = 0; i < 1000; i++) {
     json_set_allocation_functions(counted_malloc, counted_free);
     test_suite_1();
     test_suite_2_no_comments();
@@ -100,6 +102,7 @@ int main(int argc, char *argv[]) {

     printf("Tests failed: %d\n", tests_failed);
     printf("Tests passed: %d\n", tests_passed);
+    }
     return 0;
 }
$ make
clang -O0 -g -Wall -Wextra -std=c99 -pedantic-errors -o test tests.c parson.c
$ time ./test > /dev/null
./test > /dev/null  3.33s user 0.27s system 98% cpu 3.655 total
$ time ./test > /dev/null
./test > /dev/null  3.35s user 0.28s system 99% cpu 3.664 total
$ time ./test > /dev/null
./test > /dev/null  3.37s user 0.29s system 98% cpu 3.694 total
master-q commented 3 years ago

Asking Linux build process. https://github.com/microsoft/checkedc-clang/issues/588#issuecomment-720850598

xxx TODO:

master-q commented 3 years ago

https://github.com/Microsoft/checkedc/wiki/Extension-overview

Above is summary of this solution.

master-q commented 3 years ago

https://github.com/Microsoft/checkedc/releases

If you understand the detail, read this.

master-q commented 3 years ago

Here are the instructions to build the Checked C Clang compiler: https://github.com/microsoft/checkedc-clang/blob/master/clang/docs/checkedc/Setup-and-Build.md

Let's try.

master-q commented 3 years ago

Build Checked C:

$ git clone git@github.com:microsoft/checkedc-clang.git
$ cd checkedc-parson/llvm/projects/checkedc-wrapper
$ git clone git@github.com:microsoft/checkedc.git
$ cd ../../../..
$ mkdir checkedc-clang-build
$ cd checkedc-clang-build
$ cmake -G Ninja -DLLVM_TARGETS_TO_BUILD="X86" -DLLVM_ENABLE_PROJECTS=clang ../checkedc-clang/llvm
$ ninja clang
$ ./bin/clang --version
clang version 9.0.0 (git@github.com:microsoft/checkedc-clang.git 07c6082412d73d07676014a78651af56d327acc8)
Target: x86_64-unknown-linux-gnu
Thread model: posix
InstalledDir: /home/kiwamu/src/checkedc/checkedc-clang-build/./bin
master-q commented 3 years ago

Run checkedc-parson:

$ git clone git@github.com:microsoft/checkedc-parson.git
$ ls
checkedc-clang/  checkedc-clang-build/  checkedc-parson/  parson/
$ cd checkedc-parson
$ git diff
diff --git a/Makefile b/Makefile
index 3972877..7cb6519 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-CC = clang
+CC = ../checkedc-clang-build/bin/clang
 CFLAGS = -O0 -g -Wall -Wextra -std=c99 -pedantic-errors

 all: test
diff --git a/tests.c b/tests.c
index 76c1611..f067a92 100644
--- a/tests.c
+++ b/tests.c
@@ -68,10 +68,12 @@ static int tests_passed;
 static int tests_failed;

 int main() {
+    int i;
     /* Example functions from readme file:      */
     /* print_commits_info("torvalds", "linux"); */
     /* serialization_example(); */
     /* persistence_example(); */
+    for (i = 0; i < 1000; i++) {
     json_set_allocation_functions(counted_malloc, counted_free);
     test_suite_1();
     test_suite_2_no_comments();
@@ -88,6 +90,7 @@ int main() {

     printf("Tests failed: %d\n", tests_failed);
     printf("Tests passed: %d\n", tests_passed);
+    }
     return 0;
 }
$ make compile |& grep -A 6 error
../checkedc-clang-build/bin/clang -O0 -g -Wall -Wextra -std=c99 -pedantic-errors -o test tests.c parson.c
parson.c:78:29: error: static variable 'parson_malloc' has a type that uses a type variable bound in an enclosing scope (type is 'JSON_Malloc_Function' and type variable is 'T')
static JSON_Malloc_Function parson_malloc;
                            ^
./parson.h:63:24: note: type variable 'T' declared here
typedef _Itype_for_any(T) void * tmp_malloc_fun(size_t s) : byte_count(s) itype(_Array_ptr<T>);
                       ^
parson.c:79:27: error: static variable 'parson_free' has a type that uses a type variable bound in an enclosing scope (type is 'JSON_Free_Function' and type variable is 'T')
static JSON_Free_Function parson_free;
                          ^
./parson.h:64:24: note: type variable 'T' declared here
typedef _Itype_for_any(T) void tmp_free_fun(void * : byte_count(0) itype(_Array_ptr<T>));
                       ^
parson.c:292:35: warning: cannot prove argument meets declared bounds for 1st parameter [-Wcheck-bounds-decls-checked-scope]
--
44 warnings and 2 errors generated.
make: *** [Makefile:12: compile] Error 1

Reported this compile errors. https://github.com/microsoft/checkedc-parson/issues/20

xxx Fix the compile error

master-q commented 3 years ago

This issue should be closed, because I think Checked C has been not active.