An Easy to Use Infrastructure for Building Static Analysis Tools

Czech title

Snadno použitelná infrastruktura pro výstavbu nástrojů na statickou analýzu

Type

software

License

required - free

Authors

Dudka Kamil, Ing. (DITS FIT BUT)
Peringer Petr, Dr. Ing. (DITS FIT BUT)
Vojnar Tomáš, prof. Ing., Ph.D. (DITS FIT BUT)

Keywords

gcc, plug-in, static analysis, program verification, C

Description

Our goal is to wrap the interfaces of existing code parsers and provide a unified and well-documented, object-oriented API (Application Programming Interface). The key advantage of our solution is that we allow building of analysers capable of handling everything that gcc is able to compile. Additionally, there is no need to pre-process the sources, neither to change the way the sources are being built. Hence, we make it easy to, e.g., run an analysis on a Linux kernel module or an autotools-based project, etc. Our infrastructure is implemented as a C++ library that can be used to build an analyser as a gcc plug-in (using the native gcc plug-in interface).

Location

http://www.fit.vutbr.cz/research/groups/verifit/tools/code-listener

Licence

http://www.gnu.org/licenses/gpl-3.0.txt

Projects

Dealing with Complex Data Structures and Concurrency within the Rich Model Toolkit (OC10009)
Secured, reliable and adaptive computer systems (FIT-S-10-1)
Security-Oriented Research in Information Technology (MSM0021630528)
Static and Dynamic Verification of Programs with Advanced Features of Concurrency and Unboundedness (GAP103/10/0306)

Research groups

Automated Analysis and Verification Research Group - VeriFIT (VZ VERIFIT)
Formal verification and simulation for the design of secure systems (DC7-VZ)

Departments

Department of Intelligent Systems FIT BUT (DITS FIT BUT)