[cfe-dev] Static taint analysis

Piotr Padlewski via cfe-dev cfe-dev at lists.llvm.org
Wed Jan 4 03:11:56 PST 2017 

Clang-tidy is a good start. By writing one simple check you can learn about
AST

2017-01-04 9:17 GMT+01:00 Daniel Marjamäki via cfe-dev <
cfe-dev at lists.llvm.org>:

> Hello!
>
> I personally think that if you only have 1 month then that is very little
> time. Sorry but I personally don't think it's realistic to first learn
> Clang and then implement and commit a new analysis framework in that time.
>
> I suggest you try to limit the scope. Learn Clang and use existing
> framework to develop a new small check or tweak some existing check.
>
> You don't need to worry about LLVM IR at all. There are many utility
> classes like StringRef,SmallSet,etc... but I suggest you focus on
> the analysis. You can spend a lot of time looking around at utility classes
> and learning all details about the framework.. and getting no work done.
>
> Good luck!!
>
> Best regards,
> Daniel Marjamäki
>
> ............................................................
> ......................................................
>
> Daniel Marjamäki Senior Engineer
>
> Evidente ES East AB  Warfvinges väg 34  SE-112 51 Stockholm  Sweden
>
>
>
> Mobile:                 +46 (0)709 12 42 62
>
> E-mail:                 Daniel.Marjamaki <Daniel.Marjamaki at evidente.se>
> @evidente.se <Daniel.Marjamaki at evidente.se>
>
>
>
> www.evidente.se
> ------------------------------
> *From:* cfe-dev [cfe-dev-bounces at lists.llvm.org] on behalf of Muhui Jiang
> via cfe-dev [cfe-dev at lists.llvm.org]
> *Sent:* 04 January 2017 03:21
> *To:* Mads Ravn
> *Cc:* cfe-dev at lists.llvm.org
> *Subject:* Re: [cfe-dev] Static taint analysis
>
> Hi Mads
>
> Thanks. I made the decision to develop the tool in Clang. I never used
> Clang before. The only thing I know is that clang is the frontend of llvm.
> I also watched the tutorial for write a checker in 24hours in clang and had
> a basic understanding now. Do you have any suggestions to me. Do I need to
> understand llvm IR or other thing related to llvm before using clang. Many
> Thanks
>
> Regards
> Muhui
>
> 2017-01-02 3:12 GMT+08:00 Mads Ravn <madsravn at gmail.com>:
>
>> Hi Muhui,
>>
>> I am not sure how much of these static analysis are already present in
>> Clang, but I'm sure you can develop them here. I would look into the files
>> and directories I mentioned in my previous mail. I can't say how hard it
>> will be to implement. There is also a IRC channel, if you want a more
>> flowing conversation about the subject.
>>
>> Best regards,
>> Mads Ravn
>>
>> On Sun, Jan 1, 2017 at 9:06 AM Muhui Jiang <jiangmuhui at gmail.com> wrote:
>>
>>> Hi Mads
>>>
>>> Thanks for your reply. Actually, I am completely new to clang. I know
>>> the theory of program analysis and I tried to find a powerful tool to carry
>>> out static analysis for my research. I need taint propagation,field
>>> sensitive, context sensitive,flow sensitive with implicit and explicit
>>> flows and pointer analysis. I think Clang should be available to develop
>>> such a tool. I am familiar with C, C++ linux programming. There are about
>>> one month left for me. Do you have any suggestions and do you  have any
>>> comments on the difficulty of implementation. Many Thanks
>>>
>>> Regards
>>> Muhui
>>>
>>> 2016-12-31 6:48 GMT+08:00 Mads Ravn <madsravn at gmail.com>:
>>>
>>> Hi Muhui,
>>>
>>> It looks like clang has some kind of taint analysis already. I don't
>>> know if it fits your purpose. But have a look at DivZeroChecker.cpp and
>>> GenericTaintChecker.cpp in clang. There are also other files.
>>>
>>> If these do not fit your purpose, I think you should be able to
>>> construct your own. If you have any questions about how to do this, please
>>> also elaborate on your experience with clang. It's much easier to guide you
>>> in the right direction, if we know your current level.
>>>
>>> Best regards,
>>> Mads Ravn
>>>
>>> On Fri, Dec 30, 2016 at 9:46 PM Muhui Jiang via cfe-dev <
>>> cfe-dev at lists.llvm.org> wrote:
>>>
>>> Hi
>>>
>>> I am trying to use clang analyzer to conduct static taint analysis on
>>> the Linux kernel.  I am wondering whether clang has a static taint analysis
>>> framework or do I have to write a new one. If so, any suggestions or hints
>>> to write the static taint analysis tool. Many thanks
>>>
>>> Regards
>>> Muhui
>>> _______________________________________________
>>> cfe-dev mailing list
>>> cfe-dev at lists.llvm.org
>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>>
>>>
>>>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170104/d6517f6e/attachment.html>

More information about the cfe-dev mailing list