Code Listener
Code Listener is an easy to use infrastructure for building static analysis tools. Our goal is to wrap the interfaces of existing code parsers and provide a unified and well-documented, object-oriented API (Application Programming Interface). The key advantage of our solution is that we allow building of analysers capable of handling everything that GCC is able to compile (unlike, e.g., the CIL infrastructure). Additionally, there is no need to pre-process the sources, neither to change the way the sources are being built. Hence, we make it easy to, e.g., run an analysis on a Linux kernel module or an autotools-based project, etc. Our infrastructure is implemented as a C++ library that can be used to build an analyser as a GCC plug-in (using the native GCC plug-in interface).
In order to demonstrate how easily the code storage API can be
used, we provide a short example of an analysis using code
storage. It is named
fwnull
and implements a lightweight
variant of the
FORWARD_NULL analysis used by the Coverity
analyser. The analysis is based on the idea that if a value is
checked against NULL
, it should be checked before the
value is first dereferenced. Using our infrastructure, we implemented
the analysis in the form of a GCC plug-in and analysed the whole
sources of curl with it. This simple
check has found a hidden
flaw in the curl sources, without disturbing by any false
positives.
Although the infrastructure is intended to be as portable as GCC is, we support only Linux for now.
Available Analyzers
Source Code
Documentation
Related Papers
- K. Dudka, P. Peringer, and T. Vojnar. An Easy to Use Infrastructure for Building Static Analysis Tools. In Proc. of 13th International Conference on Computer Aided Systems Theory---EUROCAST'11, Las Palmas, Spain, volume 6927 of LNCS, pages 527--534, 2012. Springer-Verlag.
Authors
Acknowledgement
This work was supported by the Czech Science Foundation (project P103/10/0306), the Czech Ministry of Education, Youth, and Sports (projects COST OC10009 and MSM 0021630528), the EU/Czech IT4Innovations Centre of Excellence CZ.1.05/1.1.00/02.0070, and the internal Brno University of Technology projects FIT-S-11-1 and FIT-S-12-1.