GSoC 2016 - Memory Safety
Overview
The main objective of this project is to reduce the memory leaks faced by the Scilab codebase.
A program can be called memory safe as long as a particular list of bad things, called memory access errors, never occur.
Memory safety errors in C/C++ code include null pointer dereferences, outofbounds array accesses, use after free, double free, etc. Taken together, these bugs are extremely costly since they are at the root of a substantial fraction of all security vulnerabilities.
Memory safety is a concern in software development that aims to avoid software bugs that cause security vulnerabilities dealing with randomaccess memory (RAM) access, such as buffer overflows and dangling pointers. Solving these bugs will enhance the security and efficiency Scilab significantly.
Coverity
Coverity Scan is a service by which Coverity provides the results of analysis on open source coding projects to open source code developers that have registered their products with Coverity Scan. Coverity offers the results of the analysis completed by Coverity Quality Advisor on registered projects at no charge to registered open source developers.
In static analysis, the code under examination is not executed. As a result, test cases and specially designed input datasets are not required. Examination for defects and vulnerabilities is not limited to the lines of code that are run during some number of executions of the code, but can include all lines of code in the codebase. Additionally, Coverity's implementation of static analysis can follow all the possible paths of execution through source code (including inter procedurally) and find defects and vulnerabilities caused by the conjunction of statements that are not errors independent of each other.
Coverity scan is run atleast 2-3 times in a week on Scilab’s code base and it shows all the newly detected errors as well as the errors which have been eliminated. So, it is easy to check whether the changes we are making are memory safe or not. So, everyday we can get to know about the defects which have been solved and also new errors which are introduced by some contributors. << BR >>
Progress
Link to Coverity Scilab Dashboard
Link to all my commits
I am currently solving all memory leaks in the Scilab's code.
I have solved around 90% of Memory Leaks in the following modules:
- graphics
- string
- renderer
- tclsci
- optimization
- localization
- uidata
- umfpack
- signal_processing
Now, I have decided to solve memory errors for ast, api_scilab and core since they have apis used elsewhere in Scilab.
Current Defect Density : 1.09 (Around half of when I started)
Email: <dhruv AT SPAMFREE khattarindia DOT com>