LogoLogo
Open TrustInSoft CI
  • Overview
  • Introduction tutorial
    • Prepare the demo project
    • Set up the continuous analysis
    • Find the root cause of the undefined behavior
    • Prove the absence of undefined behaviors
    • Go beyond your test suite
  • C++ tutorial
    • Prerequisites
    • Identifiers, constructors and calling conventions
    • Learn more
  • Configuration files
    • Build preparation stage
    • Analyses configuration
    • Tips: Switching from a Global configuration to a Committed configuration
    • Tips: Generalize analyses for several architectures
    • Tips: Factorize options between several analyses
  • Get help
  • Changelog
  • Glossary
  • FAQ
  • REFERENCE
    • Supported architectures
    • Add a status badge
    • GitHub organizations
    • CWE coverage
Powered by GitBook
On this page
  • Account
  • Analysis
  • Analyses configuration
  • Build
  • Build preparation
  • Committed configuration
  • Entry point
  • Global configuration
  • Project
  • Reference
  • TrustInSoft CI Analyzer
  • Undefined behavior

Glossary

PreviousChangelogNextFAQ

Last updated 3 years ago

Account

An account (or also user) is either a GitHub user or a . You can only log-in in TrustInSoft CI as a GitHub user, then your organization will automatically be shown in menus if the correct permissions have been granted.

Analysis

An analysis is a verification of a program with . This verification is quite similar to a symbolic execution of the program, starting from a given , to ensures to detect all by using formal methods.

In TrustInSoft CI, an analysis is a part of a . It is recommended to add as many analyses as possible to cover all possible behaviors of the analyzed program.

Analyses configuration

The Analyses configuration is a piece of JSON information describing how to perform . Each require to have an Analysis configuration. The Analyses configuration is a part of the to configure a inside TrustInSoft CI.

See also .

Build

A build is a set of associated to a particular commit of a .

To run analyses, a build uses the associated to the build's commit if it exist, or the otherwise. If no configuration is available for the build, analyses will not be run.

Build preparation

The Build preparation is an optional stage executed for each before running the . The Build preparation is a part of the to configure a inside TrustInSoft CI.

Learn more about the .

Committed configuration

Entry point

Global configuration

Project

A project is a GitHub repository registered in TrustInSoft CI. A project can only be registered by an owner of the associated GitHub repository.

Reference

TrustInSoft CI Analyzer

Undefined behavior

Undefined behaviors are defined by the C and C++ standards. They usually correspond to illegal operations and may lead to crashes and security vulnerabilities. Their effects are also highly dependent on the interactions with the compilers and their optimizations.

A Committed configuration is one of the . This Committed configuration allows to write the configuration of the inside a .trustinsoft directory in the GitHub repository.

Unlike the , the Committed configuration allows to have a different configuration for each and of the project.

The entry point of an analysis is the function where the begins. Usually, the entry point of programs is the mainfunction. With , any function can be used as the entry point of the analysis as soon as its inputs can be .

A Global configuration is one of the . The Global configuration allows to write the configuration directly in TrustInSoft CI in the 's settings page without modifying the associated GitHub repository.

Unlike the , the Global configuration is common to all and of the project (except if a Committed configuration is detected for the reference or build).

Once a project registered, one or several should be added in order to run for the respective reference.

A reference is either a branch, a tag or a pull request associated to a or GitHub repository.

TrustInSoft CI Analyzer is a version of dedicated to the TrustInsoft CI online service to analyze GitHub repositories.

TrustInSoft CI Analyzer is run during for each . Then, its Graphical User Interface can be used to in details the result of a single analysis.

detects all major families of undefined behaviors including but not restricted to buffer overflow, dangling pointer, invalid pointer operation, division by zero, uninitialized memory read and arithmetic overflow.

TrustInSoft Analyzer
GitHub organization
Configuration files
how to write an Analysis configuration
Configuration files
Build preparation stage
TrustInSoft CI Analyzer
entry point
undefined behaviors
build
analyses
build
project
analyses
project
Committed configuration
Global configuration
build
analyses
project
two kinds of configuration
project
Global configuration
reference
build
two kinds of configuration
project
Committed configuration
references
builds
references
analyses
project
TrustInSoft CI Analyzer
analysis
TrustInSoft CI Analyzer
builds
analysis
inspect
specified