[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: catching 32/64 bit integer mixing

Hello Drew,

I have used LGTM for one of my open source projects. If the sources are
deposited on GitHub (or Gitlab) for example, this is immediate to use:
create an account under lgtm.com, create a project and point it to the
git repo. It will fetch sources and start the analysis. The results take
typically half a day to one day to pop up but then you get a list of
warnings,... that include integer typing issues such as those identified
(we killed plenty of them thanks to this). Possibly, you may see what 
it produces here (this is what remains after a big cleaning effort that
removed around 100 warnings I think).


LGTM also offers a query language that possibly allows to target a
specific custom form of issue but I have not used it.

I'm sorry to say my agenda is totally over-saturated. I can possibly
spend 20 to 30' interacting (zoom/meet/...) with the PETSC
team/maintainer to explain how to setup LGTM, but that's my maximum I'm


Le 27/05/2020 à 07:31, Drew Parsons a écrit :
> Hi again Thomas,
> upstream says they've looked at clang-static-analyzer, but it'll be
> nontrivial to implement. Not entirely obvious how to proceed with lgtm
> either, it only comes with simple examples.
> If you (or anyone else) has time to work on this, they'd sure
> appreciate a helping hand.
> This is the PETSc project (http://www.mcs.anl.gov/petsc, cf.
> Bug#953116 for 64 bit builds)
> Drew
> On 2020-05-24 10:02, Drew Parsons wrote:
>> Thanks Thomas, I'll pass that on.
>> Drew
>> On 2020-05-23 21:33, Thomas Schiex wrote:
>>> For open source projects, a few online static analyzers are available
>>> and usable for free. This kind of integer type mismach will be caught
>>> by most of them. Possibly clang-static-analyzer will do the job.
>>> Otherwise, an easy one is lgtm for example. See  https://lgtm.com/
>>> (I have no link with them except as an open source software developer
>>> using their services for free).
>>> There are other tools (mostly geared towards security)  available for
>>> free for open source software but I just forgot their name. Any web
>>> search tool should help you here.
>>> Thomas
>>> Le 23/05/2020 à 09:03, Drew Parsons a écrit :
>>>> An upstream author has asked whether we know of tools or compiler
>>>> flags to help catch problems mixing 64 and 32 bit integers, for
>>>> instance catching implicit conversions, as in
>>>> int64_t n = ...;
>>>> for (int32_t i=0; i<n; i++) {
>>>> ...
>>>> }
>>>> There is -fsanitize=signed-integer-overflow (which generates a
>>>> runtime error message), but that requires data to cause overflow at
>>>> every possible location.
>>>> Is there a better tool for catching this kind of problem?
>>>> Drew

Reply to: