An Easy to Use Infrastructure for Building Static Analysis Tools

Snadno použitelná infrastruktura pro výstavbu nástrojů na statickou analýzu

software

In order to use the result by another entity, it is always necessary to acquire a license

The licensor does not require a license fee for the result

Dudka Kamil, Ing.
Peringer Petr, Dr. Ing. (DITS)
Vojnar Tomáš, prof. Ing., Ph.D. (DITS)

gcc, plug-in, static analysis, program verification, C

Our goal is to wrap the interfaces of existing code parsers and provide a unified and well-documented, object-oriented API (Application Programming Interface). The key advantage of our solution is that we allow building of analysers capable of handling everything that gcc is able to compile. Additionally, there is no need to pre-process the sources, neither to change the way the sources are being built. Hence, we make it easy to, e.g., run an analysis on a Linux kernel module or an autotools-based project, etc. Our infrastructure is implemented as a C++ library that can be used to build an analyser as a gcc plug-in (using the native gcc plug-in interface (http://gcc.gnu.org/wiki/GCC_Plugins)).

   - http://www.fit.vutbr.cz/research/groups/verifit/tools/code-listener

• http://www.gnu.org/licenses/gpl-3.0.txt

Dealing with Complex Data Structures and Concurrency within the Rich Model Toolkit, MŠMT, COST, OC10009, 2010-2012, running
Secured, reliable and adaptive computer systems, BUT, Vnitřní projekty VUT, FIT-S-10-1, 2010, completed
Security-Oriented Research in Information Technology, MŠMT, Institucionální prostředky SR ČR (např. VZ, VC), MSM0021630528, 2007-2013, running
Static and Dynamic Verification of Programs with Advanced Features of Concurrency and Unboundedness, GACR, Standardní projekty, GAP103/10/0306, 2010-2013, running

Automated Analysis and Verification Research Group - VeriFIT (RG VERIFIT)

Department of Intelligent Systems (DITS)