Bug Hunting Session
Bug 43059 - apply sixgill static analyser to the code ...
Summary: apply sixgill static analyser to the code ...
Status: NEW
Alias: None
Product: LibreOffice
Classification: Unclassified
Component: LibreOffice (show other bugs)
Version:
(earliest affected)
unspecified
Hardware: Other All
: medium trivial
Assignee: Not Assigned
URL:
Whiteboard:
Keywords: difficultyInteresting, easyHack, skillCpp, topicCleanup
Depends on:
Blocks: Compiling
  Show dependency treegraph
 
Reported: 2011-11-18 03:31 UTC by Michael Meeks
Modified: 2018-09-24 18:21 UTC (History)
3 users (show)

See Also:
Crash report or crash signature:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Meeks 2011-11-18 03:31:41 UTC
There -seems- to be a nice tool here:

http://sixgill.org/
svn checkout http://svn.sixgill.org/trunk xgill

That we could run over LibreOffice - clearly you'd need to be able to build it, and then enable the gcc (4.5 at least) plugin.

Then of course, we'd need to compile LibreOffice with this enabled, and see if the analysis is useful - and/or whether the tool can cope with a project the size and complexity of LibreOffice.

If so - I suspect it will throw up a lot of interesting output.
Comment 1 Julien Nabet 2012-01-20 16:48:25 UTC
I downloaded sixgill and as required install gcc-plugin, downloaded CVC3 + yices , used this command :
./configure --with-yices=/home/julien/yices/yices-1.0.33
then
make
but I've got the error :
xgill.c:812:46: error: ‘PLUGIN_FINISH_DECL’ undeclared (first use in this function)

The INSTALL file of sixgill tells :
If your build fails with an error about PLUGIN_FINISH_DECL not being found,
then you need to patch your GCC and rebuild it. The patch is at
http://gcc.gnu.org/ml/gcc-patches/2009-12/msg01032.html

I'm not sure to be ready to recompile gcc

(PC Debian x86-64, gcc (Debian 4.6.2-11) 4.6.2)
Comment 2 Michael Meeks 2012-01-24 06:49:28 UTC
Gosh, clearly this task fits someone best who has an up-to-date gcc. Then again, compiling gcc is much less scary than compiling libreoffice ;-) [ although you tend to need a new binutils too ;-].

Thanks for trying !
Comment 3 Florian Reisinger 2012-05-18 09:35:00 UTC
Deleted "Easyhack" from summary.
Comment 4 Julien Nabet 2012-10-20 06:30:40 UTC
Just for information, there's a new repo for sixgill here:
https://github.com/rillian/xgill
In order to have gcc plugin enabled during xgill building, we just need to have gcc-4.<version>-plugin-dev package installed.

So I could build xgill but I don't know how to use it. I found about COMPILER_PLUGINS in configure.ac and then I took a look on clang part but it didn't help me to know how to quickly use the plugin.
Comment 5 Mathias Hasselmann 2013-01-22 13:56:13 UTC
Is there actually any documentation how to use this tool?
Comment 6 Julien Nabet 2013-01-27 18:27:05 UTC
I gave a new try but had this:

julien@julienPC:~/sixgill/xgill/testjul$ gcc  -fplugin=/home/julien/sixgill/xgill/gcc/xgill.so -c test.cpp 
cc1plus: error: cannot load plugin /home/julien/sixgill/xgill/gcc/xgill.so
/home/julien/sixgill/xgill/gcc/xgill.so: undefined symbol: get_identifier

Mathias: never found doc too about this.
Comment 7 Stephen Torri 2013-09-30 13:07:02 UTC
I am interested in working on this task. Looking at Sixgill it appears tha project has not been updated in 3 years. It depends on GCC 4.5 plugin and Yices 1.0 (if you want their solver) APIs. I am using GCC 4.8 on Fedora 19.

At first glance Yices appears to have been updated to 2.0 since the last release of sixgill as well as GCC being updated. I see the tasks to get this project working to be:

- Update Sixgill to use Yices 2.0
- Fix compiling problems
- Figure out how to use Sixgill on the code.

Is there a particular directory we should start on?
Comment 8 Michael Meeks 2013-09-30 13:16:55 UTC
Hi Stephen ! great to have you interested - of course, we're interested in throwing as much static checking as we can get at the LibreOffice code-base and fixing the results :-)

Sixgill was just an idea - if there are other better analysers out there you're aware of that would be better, we should use those - but either way - thanks so much for digging into this one !

The "we produce bazillions of false-positives" angle on this that I now see in their website sounds a bit concerning ;-)

Then again, we compile rather well with clang these days, so that bit should be easy.

I imagine you'd need to compile all of the code to get far; but there are some smaller pieces that you could do - eg. low-level tooling to check how 'sal' works. eg. svx's 'gengal' is 1/2 way up the software stack - or rsc/Executable_rsc.mk is reasonably near the bottom.

HTH ! & looking forward to you results.

Thanks,
Comment 9 Björn Michaelsen 2013-10-04 18:47:51 UTC
adding LibreOffice developer list as CC to unresolved EasyHacks for better visibility.

see e.g. http://nabble.documentfoundation.org/minutes-of-ESC-call-td4076214.html for details
Comment 10 Robinson Tryon (qubit) 2013-10-23 17:27:06 UTC Comment hidden (obsolete)
Comment 11 Robinson Tryon (qubit) 2015-12-14 05:01:16 UTC Comment hidden (obsolete)
Comment 12 Robinson Tryon (qubit) 2016-02-18 14:52:33 UTC Comment hidden (obsolete)