strcpy -> strlcpy?

Anil Madhavapeddy anil at recoil.org
Tue Jan 4 16:40:31 PST 2005


On Tue, Jan 04, 2005 at 04:17:39PM -0800, Matthew Dillon wrote:
> 
> It sounds like a better approach to detecting these sorts of
> bugs would be to have a separate code parser and analysis tool.  C
> is actually very easy to parse (having written a C compiler I can
> say that with assurance), and even not all that hard to analyze. 
> The hard part is producing the assembly/other output.  I'll bet it
> would be easier then trying to build it directly into the GCC
> framework.

Yeah, this is definitely how to do it.  CIL (url below) is a framework
for doing this already, and it can also do transformations on the output
code.  The clincher is the 'cilly' frontend which just pretends to be GCC
so you can compile using it directly.  If you can't just slot the static
analysis into your existing compile cycle by changing ${CC}, I think
you've lost a lot of people already (and it makes checking everything in
the ports tree incredibly easy).

Incidentally, real-world GNU/Microsoft C is pretty tough to parse ---
Necula has a great page on it:
http://manju.cs.berkeley.edu/cil/cil017.html
I spent some time trying to make the whole of OpenBSD be successfully
parsed by CIL, and found some pretty wierd corner cases, in addition to
all the various GNU C extensions that find their way into modern C code.

CIL: http://manju.cs.berkeley.edu/cil/

-- 
Anil Madhavapeddy                                 http://anil.recoil.org
University of Cambridge                          http://www.cl.cam.ac.uk





More information about the Kernel mailing list