Set up the continuous analysis

PreviousPrepare the demo project NextFind the root cause of the undefined behavior

Last updated 3 years ago

Set up the continuous analysis

1. Visit TrustInSoft CI Sign-in page and click Sign in/up with GitHub.

2. If not already signed in, sign in to GitHub.

You'll be redirected to the GitHub authorization page for TrustInSoft CI to be granted access to your GitHub projects:

Note: TrustInSoft CI requests both Read & Write access to your public repositories but TrustInSoft CI will never write to them. Requiring Write access on top of Read is a known limitation of the GitHub API.

3. Optionally grant access to any of your GitHub organizations, that own C and C++ projects, by clicking Grant.

4. Click Authorize TrustInSoft.

You'll be redirected to TrustInSoft CI.

Add your first project

1. After sign-in in TrustInSoft CI, you are redirected to your Dashboard that gathers all your recent activity.

2. To add a project, you can directly click on Create your first project in the Last activity section here, or you can go to the Projects page and click on the Add project button (on the top-right corner of the screen):

3. Then, select the project demo-caesar and click on Add and select branch:

The Owner field is only shown when you own GitHub organizations.

4. Now, select the master branch.

5. The status notifies the branch does not have (yet) a configuration required to run a build in TrustInSoft CI. So click on the Add and create configuration button to create this missing configuration.

Create your first configuration

After clicking on Add and create configuration, you will be redirected to the Build configuration page of your project.

The configuration is split instead two steps:

The optional Build preparation stage (to execute an arbitrary Bash script before the run a build): this stage is not required for this tutorial.
The required Analyses configuration, which describes how to perform analyses.

1. Skip the Build preparation section, and scroll down to the Analysis configuration section.

Here we are using the Global configuration, allowing us to specify a configuration directly on TrustInSoft CI without modifying the repository. Later, you may want to use a Committed configuration by writing this configuration in files committed in your repository.

You can learn more about the advantages of each kind of configuration in the Configuration files section.

Now, you will have to write an Analyses configuration, which is defined as a sort of "light" specification in JSON of your analyses.

For each analysis, TrustInSoft CI will emulate a user-defined hardware architecture and propagate the program's input values, statement by statement, from the beginning until the entry point function returns or an undefined behavior has been detected.

2. Copy the following Analyses configuration:

[
    {
        "name": "Test shift values 7 and -3",
        "files": [ "main.c", "caesar.c" ],
        "cpp-extra-args": "-I ."
    }
]

In the demo-caesar repository, the source files main.c and caesar.cinclude a test, which encrypts and decrypts the string "People of Earth, your attention please", using 2 different shift values -3 and 7.

This Analyses configuration provides both the source files in the "files" field, and the compilation options (used by TrustInSoft CI to preprocess these source files) in the "cpp-extra-args" field.

The "name"field is only cosmetic to easily identify the analysis in the results table later.

3. Click on Add reference to save the changes and add the master branch.

If you did not change the project settings, a build will automatically be run for the master branch and you will be redirected to the page of this build.

After adding a reference, each new group of commits pushed on GitHub on this reference will also trigger a new build. This behavior can be changed in the Project Settings to manually run builds by clicking on the Run new build button in the Reference page.

Observe your first undefined behavior

1. Wait for the analysis to complete, then look at the results in Build status (see the capture below).

Build Status displays the analyses counts according to four categories with a specific color for each, such as red for Undefined behavior and green for No undefined behavior. In our case, only one analysis has been configured and it is red so an undefined behavior has been found.

2. Click on the only analysis. The detected undefined behavior corresponds to an invalid memory access:

Now that we know that the project demo-caesar contains an undefined behavior, let's understand its root cause!