Code Listener

Code Listener is an easy to use infrastructure for building static analysis tools. Our goal is to wrap the interfaces of existing code parsers and provide a unified and well-documented, object-oriented API (Application Programming Interface). The key advantage of our solution is that we allow building of analysers capable of handling everything that GCC is able to compile (unlike, e.g., the CIL infrastructure). Additionally, there is no need to pre-process the sources, neither to change the way the sources are being built. Hence, we make it easy to, e.g., run an analysis on a Linux kernel module or an autotools-based project, etc. Our infrastructure is implemented as a C++ library that can be used to build an analyser as a GCC plug-in (using the native GCC plug-in interface).

 
block diagram
 

In order to demonstrate how easily the code storage API can be used, we provide a short example of an analysis using code storage. It is named fwnull and implements a lightweight variant of the FORWARD_NULL analysis used by the Coverity analyser. The analysis is based on the idea that if a value is checked against NULL, it should be checked before the value is first dereferenced. Using our infrastructure, we implemented the analysis in the form of a GCC plug-in and analysed the whole sources of curl with it. This simple check has found a hidden flaw in the curl sources, without disturbing by any false positives.

Although the infrastructure is intended to be as portable as GCC is, we support only Linux for now.

Available Analyzers

Source Code

tgzcode-listener-2013-10-30-d1bd405.tar.gz
gitgit repository

Documentation

pdfPresentation (Eurocast '11)
linkAPI documentation

Related Papers

  1. K. Dudka, P. Peringer, and T. Vojnar. An Easy to Use Infrastructure for Building Static Analysis Tools. In Proc. of 13th International Conference on Computer Aided Systems Theory---EUROCAST'11, Las Palmas, Spain, volume 6927 of LNCS, pages 527--534, 2012. Springer-Verlag.

Authors

Acknowledgement

This work was supported by the Czech Science Foundation (project P103/10/0306), the Czech Ministry of Education, Youth, and Sports (projects COST OC10009 and MSM 0021630528), the EU/Czech IT4Innovations Centre of Excellence CZ.1.05/1.1.00/02.0070, and the internal Brno University of Technology projects FIT-S-11-1 and FIT-S-12-1.