[cfe-dev] Static taint analysis

Daniel Marjamäki via cfe-dev cfe-dev at lists.llvm.org
Wed Jan 4 00:17:53 PST 2017


Hello!

I personally think that if you only have 1 month then that is very little time. Sorry but I personally don't think it's realistic to first learn Clang and then implement and commit a new analysis framework in that time.

I suggest you try to limit the scope. Learn Clang and use existing framework to develop a new small check or tweak some existing check.

You don't need to worry about LLVM IR at all. There are many utility classes like StringRef,SmallSet,etc... but I suggest you focus on the analysis. You can spend a lot of time looking around at utility classes and learning all details about the framework.. and getting no work done.

Good luck!!

Best regards,
Daniel Marjamäki

..................................................................................................................
Daniel Marjamäki Senior Engineer
Evidente ES East AB  Warfvinges väg 34  SE-112 51 Stockholm  Sweden

Mobile:                 +46 (0)709 12 42 62
E-mail:                 Daniel.Marjamaki<mailto:Daniel.Marjamaki at evidente.se>@evidente.se<mailto:Daniel.Marjamaki at evidente.se>

www.evidente.se
________________________________
From: cfe-dev [cfe-dev-bounces at lists.llvm.org] on behalf of Muhui Jiang via cfe-dev [cfe-dev at lists.llvm.org]
Sent: 04 January 2017 03:21
To: Mads Ravn
Cc: cfe-dev at lists.llvm.org
Subject: Re: [cfe-dev] Static taint analysis

Hi Mads

Thanks. I made the decision to develop the tool in Clang. I never used Clang before. The only thing I know is that clang is the frontend of llvm. I also watched the tutorial for write a checker in 24hours in clang and had a basic understanding now. Do you have any suggestions to me. Do I need to understand llvm IR or other thing related to llvm before using clang. Many Thanks

Regards
Muhui

2017-01-02 3:12 GMT+08:00 Mads Ravn <madsravn at gmail.com<mailto:madsravn at gmail.com>>:
Hi Muhui,

I am not sure how much of these static analysis are already present in Clang, but I'm sure you can develop them here. I would look into the files and directories I mentioned in my previous mail. I can't say how hard it will be to implement. There is also a IRC channel, if you want a more flowing conversation about the subject.

Best regards,
Mads Ravn

On Sun, Jan 1, 2017 at 9:06 AM Muhui Jiang <jiangmuhui at gmail.com<mailto:jiangmuhui at gmail.com>> wrote:
Hi Mads

Thanks for your reply. Actually, I am completely new to clang. I know the theory of program analysis and I tried to find a powerful tool to carry out static analysis for my research. I need taint propagation,field sensitive, context sensitive,flow sensitive with implicit and explicit flows and pointer analysis. I think Clang should be available to develop such a tool. I am familiar with C, C++ linux programming. There are about one month left for me. Do you have any suggestions and do you  have any comments on the difficulty of implementation. Many Thanks

Regards
Muhui

2016-12-31 6:48 GMT+08:00 Mads Ravn <madsravn at gmail.com<mailto:madsravn at gmail.com>>:
Hi Muhui,

It looks like clang has some kind of taint analysis already. I don't know if it fits your purpose. But have a look at DivZeroChecker.cpp and GenericTaintChecker.cpp in clang. There are also other files.

If these do not fit your purpose, I think you should be able to construct your own. If you have any questions about how to do this, please also elaborate on your experience with clang. It's much easier to guide you in the right direction, if we know your current level.

Best regards,
Mads Ravn

On Fri, Dec 30, 2016 at 9:46 PM Muhui Jiang via cfe-dev <cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>> wrote:
Hi

I am trying to use clang analyzer to conduct static taint analysis on the Linux kernel.  I am wondering whether clang has a static taint analysis framework or do I have to write a new one. If so, any suggestions or hints to write the static taint analysis tool. Many thanks

Regards
Muhui
_______________________________________________
cfe-dev mailing list
cfe-dev at lists.llvm.org<mailto:cfe-dev at lists.llvm.org>
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20170104/eb7ca5db/attachment.html>


More information about the cfe-dev mailing list