1$NetBSD: verification,v 1.1 2017/01/13 10:14:58 dholland Exp $ 2 3NetBSD Verification Roadmap 4=========================== 5 6This roadmap covers things that we intend or would like to do pursuant 7to verification and quality control. 8 9The following elements, projects, and goals are relatively near-term: 10 11 1. Cut down the Coverity backlog 12 2. Deploy asan/ubsan 13 3. Deploy clang-static-analyzer 14 15The following elements, projects, and goals are longer-term: 16 17 4. mint 18 5. Database-driven program analyzer 19 20The following elements, projects, and goals are rather blue-sky so far: 21 22 6. Use Frama-C to verify fsck_ffs 23 24 25Explanations 26============ 27 281. Cut down the Coverity backlog 29 30Coverity provides us with free analysis reports, which we sometimes 31handle and sometimes don't. Apparently though Linux has a lower number 32of Coverity hits per line than we do; that seems fundamentally wrong 33and something that should get attention. Most of the problems Coverity 34finds are pretty easily fixed, or are false positives. 35 36 - As of January 2017 coypu has been working on this. Christos often 37 also fixes these. 38 - There is currently no clear timeframe or release target. 39 - Contact christos for further information. 40 41 422. Deploy asan/ubsan 43 44It ought to be possible to build any program in NetBSD, or the whole 45world, using asan and/or ubsan. Currently there isn't an easy way to 46do this. We should also do regular test runs with asan and ubsan 47engaged. 48 49 - As of January 2017 nobody is known to be working on this. 50 - There is currently no clear timeframe or release target. 51 - Contact joerg (?) for further information. 52 53 543. Deploy clang-static-analyzer 55 56There is some makefile support for running clang-static-analyzer, but 57it doesn't get done regularly. This should probably get added to the 58autobuilds. 59 60 - As of January 2017 nobody is known to be working on this. 61 - There is currently no clear timeframe or release target. 62 - Contact joerg for further information. 63 64 654. mint 66 67A while back dholland started on a replacement for the existing lint, 68since lint is not really smart enough to be useful and its code is 69only marginally maintainable. The code is in othersrc, but it needs 70some tidying before anyone else tries hacking on it. 71 72 - As of January 2017 nobody is known to be working on this. 73 - There is currently no clear timeframe or release target. 74 - Responsible: dholland 75 76 775. Database-driven program analyzer 78 79In the long run we would like to have a program analyzer that can 80scale to the whole kernel and can do differential analyses across 81different versions. This is a nontrivial project though. 82 83 - As of January 2017 nobody is known to be working on this. 84 - There is currently no clear timeframe or release target. 85 - Contact: dholland 86 87 886. Use Frama-C to verify fsck_ffs 89 90Frama-C is a framework for doing formal verification of C code using 91(mostly) precondition/postcondition specs. It is not everything one 92necessarily wants in a verification framework; but on the other hand 93it exists and people do use it. 94 95fsck_ffs seems like a good candidate for this because it's 96mission-critical and what it needs to do is comparatively well 97understood even in detail. However, the code may be too messy. 98 99 - As of January 2017 nobody is known to be working on this. 100 - There is currently no clear timeframe or release target. 101 - Contact: dholland 102