18-335 / 18-732: Secure Software Systems

Assignment Quick Links

  1. Overview
  2. Build It
  3. Break It
    1. Coverity details
  4. Fix It
  5. Oracle
  6. Program specifications
    1. logappend
    2. logread
  7. Grading
  8. Scoring
  9. Rules

Coverity

Coverity is a static analysis tool often used by engineers in the industry to find both trivial and non-trivial bugs in their code. It is not easy to write bug-free code in the first attempt. Engineers know this, so they tend to write unit tests and beyond that, use tools like Coverity to quickly find bugs before releasing the binaries.

Here’s your chance to learn about the tool and find bugs in your code and other’s! So how do you use Coverity?

Download the Docker image at the link we provided to you on Piazza. It’s very similar to the Docker file we provided you for the Build It phase, but now it has Coverity installed. You can load it into Docker by running:

docker load --input coverity-image.tar

You can then start the container by running:

docker run --mac-address=a0:b1:c2:d3:e4:f5  -v "$(pwd):/connect" -it coverity-dist:v3.0

DO NOT change the MAC address value in the command above. The working directory on your host machine will appear as /connect inside the container.

Once in the container, perform the following steps to run the Coverity analysis. path_to_code is the path inside the VM to the code you want to analyze. It’s simplest if you have the code in the working directory of your host machine, since then it will be accessible from inside the container in the /connect directory, and likewise, the results of your analysis will be accessible from outside the container. These steps assume you’re using the default Makefile provided in the initial handout. If you edited the Makefile to change which compiler is used, you may need to adjust the cov-build command.

$ cd <path_to_code>
$ make clean
$ mkdir analysis_dir
$ cov-build --dir analysis_dir make CC=gcc
$ cov-analyze -all --dir analysis_dir
$ cov-format-errors --dir analysis_dir

The above lines will use Coverity to execute the build process, and in the process, Coverity will analyze the code. The summary of Coverity’s analysis can be found in the file analysis_dir/output/summary.txt. The command cov-format-errors... generates an HTML report of the analysis which explains the potential bugs found and their location in the source code; the output can be found at analysis_dir/output/errors/index.html. If you followed the directions above, you should be able to access both files from your host machine.

Be careful to run make clean before you run cov-build to ensure that you generate a correct analysis of the source code.