Skip to content
/ SVF Public
forked from SVF-tools/SVF

Static Value-Flow Analysis for C and C++ Programs

License

Notifications You must be signed in to change notification settings

petablox/SVF

 
 

Repository files navigation

News


We are looking for self-motivated PhD students and we welcome industry collaboration/sponsorship to improve SVF (Please contact yulei.sui@uts.edu.au if you are interested)




SVF is a static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs. SVF allows value-flow construction and pointer analysis to be performed iteratively, thereby providing increasingly improved precision for both.

SVF accepts the points-to information generated by any pointer analysis (e.g., Andersen’s analysis) and constructs an interprocedural memory SSA form so that the def-use chains of both top-level and address-taken variables are captured. SVF is implemented on top of an industry-strength compiler LLVM (version 6.0.0). SVF contains a third party software package CUDD-2.5.0 (Binary Decision Diagrams (BDDs)), which is used to encode path conditions.


About SVF Setup Guide User Guide Developer Guide
About Setup User Developer
Introducing SVF -- what it does and how we design it A step by step setup guide to build SVF Command-line options to run SVF, get analysis outputs, and test SVF with an example or PTABen Detailed technical documentation and how to write your own analyses in SVF or use SVF as a lib for your tool


We release SVF source code in the hope of benefiting others. You are kindly asked to acknowledge usage of the tool by citing some of our publications listed http://svf-tools.github.io/SVF, especially the following two:

@inproceedings{sui2016svf,
  title={SVF: interprocedural static value-flow analysis in LLVM},
  author={Sui, Yulei and Xue, Jingling},
  booktitle={Proceedings of the 25th international conference on compiler construction},
  pages={265--266},
  year={2016},
  organization={ACM}
}
@article{sui2014detecting,
  title={Detecting memory leaks statically with full-sparse value-flow analysis},
  author={Sui, Yulei and Ye, Ding and Xue, Jingling},
  journal={IEEE Transactions on Software Engineering},
  volume={40},
  number={2},
  pages={107--122},
  year={2014},
  publisher={IEEE}
}

Petablox Additions

SVF Reachability

Our static reachability tool is implemented at tools/Reach. To build, execute the SVF build process above. Once built, you can locate the executable at BUILD_DIR/bin/svf-reach.

To use the tool, we require a .bc file for both the executable we want to calculate reachability from, and all of its dependendant libraries. Our dep-trace tool aids in building a .bc for all of an application's dependencies. Note that for the tool calculates reachability per linkage module, which mostly corresponds to a shared library.

Currently, on fir07, we have pre-built .bc files for a few packages. /data3/pkg-debloating/wllvm-build/wget-src-out/wllvm-bc/ contains .bc files for wget and its dependencies. The following is an example to use the tool to calculate dependencies reachable from wget main function:

BUILD_DIR/bin/svf-reach -t type $HOME/dep-trace/srcs/wllvm-build/wget-src-out/wllvm-bc/*.b

The above uses class-hierarchy analysis (-t type) option. To use the more precise but slower andersen wave difference analysis, pass the anders option instead:

BUILD_DIR/bin/svf-reach -t anders $HOME/dep-trace/srcs/wllvm-build/wget-src-out/wllvm-bc/*.bc

Lastly, because libraries opened with dlopen and invoked with dlsym are tricky to trace with static analysis, we have a separate way to trace their usage. We create a module file that includes a list of bc files (shared libraries) where each library will be used as a starting point (including the main function). Each line in the file should name a .bc module with a path as the same path used as input to the tool. For example, lets say we create m1.txt:

$HOME/dep-trace/srcs/wllvm-build/wget-src-out/wllvm-bc/libacl.so.1.bc
$HOME/dep-trace/srcs/wllvm-build/wget-src-out/wllvm-bc/libidn2.so.0.bc

And run as:

BUILD_DIR/bin/svf-reach -t type -m m1.txt $HOME/dep-trace/srcs/wllvm-build/wget-src-out/wllvm-bc/*.bc

About

Static Value-Flow Analysis for C and C++ Programs

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C++ 56.6%
  • C 42.4%
  • HTML 0.3%
  • CSS 0.2%
  • CMake 0.2%
  • Makefile 0.2%
  • Other 0.1%