On Fri, 29 Apr 2011 12:30:45 +0200 David Brown <da...@westcontrol.com> wrote: > > There is a lot of interesting and useful work that could be done here. > Melt is a nice idea, but the big barrier (for me, anyway) is the > language - it's Lisp, which is very different to other languages that > I've used.
Pierre Vittet knows MELT quite well and has already successfully used it (and he did found some bugs in MELT that I was happy to correct). He is one of the most active posters on the gcc-melt-fre...@googlegroups.com list. We (Pierre & me Basile) met regularily (with Alexandre Lissy). Pierre is perhaps one of the best (and few) MELT users. So MELT is definitely no more an obstacle for him! And regarding the Lispy syntax, I do have a infix syntax in the works. However, contrarily to many others, and conforming to Pierre's experience, the hard part is not learning MELT syntax (which is looking similar to e.g. Elisp or Scheme or Common Lisp code, so learning MELT is fast if you did try Elisp or Scheme before), the hard part is learning GCC internals. Pierre struggled much more understanding where to insert his pass and what precise kind of Gimple he wants to detect than with the MELT syntax. So my feeling is even more than before that MELT lispy syntax is not important: providing an infix syntax to MELT (which in my eyes would be parsed into exactly the same abstract MELT trees as the current lisped syntax) is a significant amount of work, and I am not sure at all it will buy new users to MELT. Hence a question to David Brown: will he use MELT if it had an infix syntax (but all the rest of MELT being the same)? [I am not sure, and this is why making an infix syntax is not my priority] > Most gcc users are C or C++ programmers - while they might > like the idea of having customised warnings or checks, it would take > them a great deal of work to learn enough Lisp to get something useful > from melt. No, the idea is that the users of Pierre's work will just invoke gcc with appropriate (and indeed lenghty) option, perhaps something as simple as gcc -fplugin=melt -fplugin-arg-melt-mode=give-posix-warnings -c -O2 foobar.c so that means essentially adding CFLAGS += -fplugin=melt -fplugin-arg-melt-mode=give-posix-warnings in a Makefile. If Pierre coded a specific plugin directly in C (a seperate plugin for each family of warnings), that would be much more work for him (since he does know MELT!) and indeed the user of such a plugin would have to pass CFLAGS += -fplugin=some-plugin-to-give-posix-warnings I (Basile) don't think it is such a big issue for the users of Pierre's work. And Pierre (and of course me Basile) prefer to code in MELT instead of C (because there is no pattern matching in C, while there is a quite powerful pattern matching in MELT to match Gimple or Tree-s...). > So if you manage to make something that C and C++ > programmers can easily make use of, then that would be great. Again, the goal of Pierre's work is to give a set of extra contextual warnings to users. Users of Pierre code don't need to understand the MELT lispy syntax (and they don't need neither to understand what is a Gimple or a Tree). But Pierre need to know all (MELT, what is a Gimple... and understanding Gimple is much harder than understanding MELT syntax). > > Another problem with Melt is that it is inconvenient to install and use, Did you try the latest MELT plugin from http://gcc-melt.org/ (the 0.7 was released but I did not announce it yet, because I want to write a small tutorial docuemntation) ? It is a plugin for GCC 4.6 (I put it there a few days ago), and can be installed (by running a script given inside the MELT plugin source tar ball) as a melt.so plugin. I am surprised by the "inconvenient to use" phrase. MELT is just a [meta-] plugin, it is as easy to use as any other plugin. > and slow to run - if you make a layer on top of that, it will be worse. MELT is not that slow (what is slow is indeed the translation of C code generated by MELT from a *.melt file; the translation from *.melt to *.c is quite fast.). For the kind of checks that Pierre wish to implement, MELT seems definitely the right tool, it was designed for such use. For the simple pass that Pierre already coded in MELT, using it on the entire readline6 source code to find untested calls to fopen did not slow much the compilation time (but I have no figures for that claim, just an impression). Besides, I want a lot to improve these issues! > This is not necessary a major issue, but it will typically mean that > the extra checking will be done as a separate "make target" rather than > as a standard compile option (such as is done with normal gcc warnings). I dont understand that point. Once Pierre developped his GCC extensions in MELT, using them is nearly as simple as using any other plugin, except that one have to pass an extra -fplugin-melt-arg-mode=XXXX argument. Is that such a big deal? But of course, adding extra checks is costly, and probably MELT is 2 or 4 times slower than native hand written C. So what? The passes written by Pierre won't run for long (since they are essentially shallow verifications and don't transform Gimple, just analyze it). > Of course, if Melt makes it easier to do this development then it's a > good choice - speed issues can be looked at later, once you know the > idea is good. > > Have you also considered looking at other types of static checking? The > ideas you have so far are definitely interesting, but there is scope for > much more in the same vein. Checks aimed at spotting potential buffer > overflows or security issues are always popular. Another idea is to > enforce style or coding standard checks. Of course, complete > implementations of such checks would keep you busy for a lot longer than > the summer - but it might be interesting to think about. Yes, these are the checking Pierre have in mind. Buffer overflow (or security issues) is more a semantic issue (it requires some abstract interpretation techniques with real lattices, and Pierre won't have time for that). BTW, if you are interested in these issues, you could look at http://frama-c.com (a free C code analyzer coded in Ocaml by colleagues). But Frama-C requires users to specific formally the intended behavior of their code (and such a formalization is a hard work). Frama-C is targetted towards very safety critical code (e.g. Airbus embedded software in planes, or embedded software in nuclear power plants), for which high development costs are accepted. And I do know that Pierre will find other bugs in MELT (he already did) and I am delighted of that -hoping to improve MELT this way, by having it used. Regards. -- Basile STARYNKEVITCH http://starynkevitch.net/Basile/ email: basile<at>starynkevitch<dot>net mobile: +33 6 8501 2359 8, rue de la Faiencerie, 92340 Bourg La Reine, France *** opinions {are only mine, sont seulement les miennes} ***