prefast/MartLubbers_answers.tex

   1 \documentclass[a4paper]{article}
   2
   3 \usepackage[british]{babel}
   4 \usepackage[british]{isodate}
   5 \usepackage{geometry}
   6
   7 \title{Program Analysis with \emph{PREfast} and \emph{SAL}}
   8 \date{\printdate{21.9.2016}}
   9 \author{Mart Lubbers (s4109503)}
  10
  11 \begin{document}
  12 \pagenumbering{gobble}
  13 \thispagestyle{empty}
  14 \clearpage
  15 \maketitle
  16 \begin{enumerate}
  17         \item\emph{PREfast tries to check annotations at compile time. Suppose that
  18                 we have a way to check the annotations at runtime. (Actually, it is not
  19                 so straightforward to do this at runtime, for all annotations, but
  20                 let's assume it is possible.) Name one advantage and two disadvantages
  21                 of doing these checks at runtime instead of doing them at compile-time.
  22                 (Hint: there are very generic advantages and disadvantages when it
  23                 comes to runtime vs compile-time checking.)}
  24
  25                 An advantage is that you can inspect the actual value of the variable
  26                 and check whether the buffer is big enough. (Assuming the tool keeps
  27                 track of the buffersize).
  28                 A disadvantage would be the overhead that is added to the program.
  29                 Checking all these things at runtime costs processor time and will
  30                 result in slower programs.
  31                 Lastly, another disadvantage is that it is difficult to check all
  32                 runtime configurations when using dynamic buffer sizes, so that will
  33                 mean that you require a very big testset which you have to design then.
  34                 In other words; you have to the same work twice, once while annotating
  35                 and once writing a testset.
  36         \item\emph{Sometimes PREfast only warns about problems \textbf{after} you
  37                 add annotations. For example, the tool does not complain about
  38                 \texttt{zero()} until after you add an annotation about the size of
  39                 \texttt{buf}.  An alternative tool design would be to produce a warning
  40                 about \texttt{zero()} if there are no annotations for it. (The warning
  41                 would then not so much be that there is a potential buffer overflow
  42                 problem, but rather that the tool does not have enough information to
  43                 determine whether there is a buffer overflow or not.) Can you give a
  44                 plausible explanation why PREfast has been designed so that it does not
  45                 complain about such unannotated methods?}
  46
  47                 It might very well be that a lot of the functions handling buffers are
  48                 not in any way in danger of causing a buffer overflow and therefore the
  49                 tool will spew out way to many warnings and it then forces the user to
  50                 do excessive annotating just to get rid of warning that are not
  51                 dangerous in the first place.
  52 \end{enumerate}
  53
  54 \end{document}