[llvm-dev] Static analysis on TCP/IP stack
John Criswell via llvm-dev
llvm-dev at lists.llvm.org
Thu Dec 29 07:28:35 PST 2016
On 12/29/16 3:52 AM, Muhui Jiang via llvm-dev wrote:
> Hi
>
> I hope this is the right mailing list to ask some questions related to
> the llvm. I am new to llvm and I decided to use llvm to conduct static
> analysis of the linux kernel( mostly on the TCP/IP stack). One thing
> is that whether llvm support static taint analysis. Could you please
> give me some examples if you have or do I have to implement it by
> myself. If so, any suggestions available?
To the best of my knowledge, there is no static information flow
analysis for LLVM IR. There might be a taint analysis for Clang ASTs,
but someone else will need to comment on that. For LLVM IR, you'll need
to write your own.
>
> My requirements is to do some model checking and pattern checking on
> the linux source code and static taint analysis might solve it. Thanks
Taint analysis through SSA values should be relatively straightforward
to implement; the in-memory LLVM IR provides iterators that allow you to
iterate through all uses of a value.
Taint analysis through values stored in memory (e.g., loads, stores)
will require alias analysis or points-to analysis. For that, you might
try Type-Based Alias Analysis (TBAA) or DSA. TBAA is included with
LLVM. DSA is in a sub-project; an updated version can be found at
https://github.com/jtcriswell/llvm-dsa.
Regards,
John Criswell
>
> Regards
> Muhui
>
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
--
John Criswell
Assistant Professor
Department of Computer Science, University of Rochester
http://www.cs.rochester.edu/u/criswell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20161229/af7e135c/attachment.html>
More information about the llvm-dev
mailing list