Killing Bugs in C with Smatch
Session information has not yet been published for this event.
One Line Summary
An introduction to the Smatch static checker and a look at the future.
Smatch is a static analysis tool for C that is used on the kernel. It has resulted in hundreds of patches. Quite a few have been security related or were significant enough for the stable kernel.
This talk will give an introduction to Smatch. It will describe some of the internals. It will also describe briefly how to make a Smatch check which is custom to a specific project.
The Linux kernel is twenty years old. In another twenty years, it is still going to be around and it is still going to be written in C. If we’re going to achieve Star Trek level code then we need better tools. The latter part of the talk will look ahead at the five year plan for Smatch. For example, Smatch has found many buffer overflows but in the future it could find even more.
Static analysis, C
Dan Carpenter is the author of the Smatch static analysis tool. In 2010 he was one of the top five kernel contributors in terms number of patches.
He is currently in Kenya. His money, passport, ATM card and laptop were recently stolen. He is unemployed.