UNPKG

svf-tools

Version:

* <b>[TypeClone](https://github.com/SVF-tools/SVF/wiki/TypeClone) published in our [ECOOP paper](https://yuleisui.github.io/publications/ecoop20.pdf) is now available in SVF </b> * <b>SVF now uses a single script for its build. Just type [`source ./build.

github.com/SVF-tools/SVF

SVF-tools/SVF

143 lines (93 loc) 12.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<!DOCTYPE html> <html lang="en-us"> <head> <meta charset="UTF-8"> <title>SVF: Static Value-Flow Analysis Framework for Source Code </title> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="stylesheet" type="text/css" href="docs/stylesheets/normalize.css" media="screen"> <link href='http://fonts.googleapis.com/css?family=Open+Sans:400,700' rel='stylesheet' type='text/css'> <link rel="stylesheet" type="text/css" href="docs/stylesheets/stylesheet.css" media="screen"> <link rel="stylesheet" type="text/css" href="docs/stylesheets/github-light.css" media="screen"> <link rel="icon" type="image/x-icon" href="./docs/images/svf_logo_1.png"> </head> <body> <section class="page-header"> <h1 class="project-name">SVF</h1> <h2 class="project-tagline">Source Code Analysis with Static Value-Flow</h2> <a href="https://github.com/SVF-tools/SVF/wiki" class="btn">View Wiki on GitHub</a> <a href="https://github.com/SVF-tools/SVF" class="btn">Download Source Code </a> <a href="https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker" class="btn">Download Dockerfile</a> </section> <section class="main-content"> <h2> <a id="what-is-svf" class="anchor" href="#what-is-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>What is SVF?</h2> <p><a href="https://github.com/svf-tools/SVF">SVF</a> is a static tool that enables scalable and precise value-flow analysis for source code. SVF allows value-flow construction and pointer analysis to be performed iteratively, thereby providing increasingly improved precision for both. </p> For pointer analysis frameworks that work for Java and Rust, we refer to <a href="https://qilinpta.github.io/"> Qilin</a> and <a href="https://rustanlys.github.io/rupta"> Rupta </a>. <h2> <a id="what-kind-of-analyses-does-svf-provide" class="anchor" href="#what-kind-of-analyses-does-svf-provide" aria-hidden="true"><span class="octicon octicon-link"></span></a>What kind of analyses does SVF provide?</h2> <ul> <li>SVF IR: language-independent intermediate representation</li> <li>Code graphs, including call graph and interprocedural control-flow graph, constraint graph and value-flow graph</li> <li>A set of pointer analyses including field-sensitive, flow-sensitive, context-sensitive analyses</li> <li>Value-flow dependence analysis</li> <li>Interprocedural memory SSA</li> <li>Context-free-language reachability analysis</li> <li>Abstract execution</li> <li>Detecting source-sink related bugs, such as memory leaks and incorrect file-open close errors.</li> <li>An <a href= "https://github.com/svf-tools/SVF-EclipsePlugin">Eclipse plugin </a> for visualizing bugs </li> </ul> <h2> <a id="how-to-setup-svf" class="anchor" href="#how-to-setup-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>License </h2> GPLv3 <h2> <a id="how-to-setup-svf" class="anchor" href="#how-to-setup-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>How to setup SVF?</h2> <p>Please download the <a href="https://github.com/svf-tools/SVF">source code</a> of SVF and refer to this <a href="https://github.com/svf-tools/SVF/wiki/Setup-Guide#getting-started"> step-by-step guide</a> to setup SVF.</p> <h2> <a id="how-to-run-svf" class="anchor" href="#how-to-run-svf" aria-hidden="true"><span class="octicon octicon-link"></span></a>How to run SVF?</h2> <p>SVF analyzes a program by taking the LLVM IR of the program as its input. Please refer to <a href="https://github.com/svf-tools/SVF/wiki/User-Guide#quick-start">this user guide</a> to run SVF with <a href="https://github.com/svf-tools/SVF/wiki/Analyze-a-Simple-C-Program#an-example">a simple example</a> and generate the <a href="https://github.com/svf-tools/SVF/wiki/User-Guide#analysis-outputs">outputs</a> of each analysis pass in your local machine.</p> <p>Alternatively, you can also try <a href="https://github.com/SVF-tools/SVF/wiki/Try-SVF-in-Docker">SVF in Docker</a> or <a href="https://github.com/SVF-tools/SVF/wiki/Set-up-the-Debugging-Environment-for-SVF-in-VSCode">SVF in VSCode</a>. </p> <p> Please refer to <a href="https://github.com/svf-tools/SVF/wiki/Technical-documentation">this wiki documentation</a> and <a href="https://svf-tools.github.io/SVF-doxygen/html">doxygen code manual to understand the internal working of SVF.</a> </p> <h2> <a id="how-does-svf-work-internally" class="anchor" href="#how-does-svf-work-internally" aria-hidden="true"><span class="octicon octicon-link"></span></a>Publications and References</h2> <p> Please make a <b>pull request</b> or <b>email us</b> if you have a paper for this list.</p> <p> Xiao Cheng, Jiawei Ren and Yulei Sui. <a href = "https://yuleisui.github.io/publications/fse24a.pdf">Fast Graph Simplification for Path-Sensitive Typestate Analysis through Tempo-Spatial Multi-Point Slicing </a>. ACM International Conference on the Foundations of Software Engineering. (FSE'24) </p> <p> Xiao Cheng, Jiawei Wang and Yulei Sui. <a href= "https://yuleisui.github.io/publications/icse24a.pdf"> Precise Sparse Abstract Execution via Cross-Domain Interaction. </a> 46th International Conference on Software Engineering (ICSE'24) </p> <p> Yuxiang Lei, Camille Bossut, Yulei Sui and Qirun Zhang. <a href="https://dl.acm.org/doi/pdf/10.1145/3656451"> Context-Free Language Reachability via Skewed Tabulation. </a> ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'24) </p> <p> Yuxiang Lei, Yulei Sui, Shin Hwei Tan, Qirun Zhang. <a href="https://yuleisui.github.io/publications/pldi23.pdf">Recursive State Machine Guided Graph Folding for Context-Free Language Reachability. </a> 44th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'23) </p> <p> Yuxiang Lei, Yulei Sui, Shuo Ding, and Qirun Zhang. <a href ="https://yuleisui.github.io/publications/oopsla22.pdf"> Taming Transitive Redundancy for Context-Free Language Reachability</a>. ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'22) </p> <p>Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo,Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. <a href ="https://arxiv.org/pdf/1906.07327.pdf">SAVIOR: Towards Bug-Driven Hybrid Testing</a>, 41st IEEE Symposium on Security and Privacy (S&ampP'20)</p> <p>Dae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, and Insik Shin. <a href ="https://lifeasageek.github.io/papers/jeong:razzer.pdf">RAZZER: Finding Kernel Race Bugs through Fuzzing</a>, 40th IEEE Symposium on Security and Privacy (S&ampP'19) </p> <p>Meni Orenbach, Yan Michalevsky, Christof Fetzer, and Mark Silberstein. <a href ="https://www.usenix.org/system/files/atc19-orenbach.pdf">CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves</a>, 2019 USENIX Annual Technical Conference (ATC'19) </p> <p>Yuxiang Lei and Yulei Sui. <a href ="http://yuleisui.github.io/publications/sas2019a.pdf"> Fast and Precise Handling of Positive Weight Cycles for Field-sensitive Pointer Analysis </a>, 26th International Static Analysis Symposium (SAS'19) </p> <p>Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang. <a href="https://www.usenix.org/system/files/sec19-khandaker.pdf"> Origin-sensitive Control Flow Integrity</a>, 28th USENIX Security Symposium (USENIX Security'19)</p> <p>Timotej Kapus and Cristian Cadar. <a href ="https://srg.doc.ic.ac.uk/files/papers/segmem-esecfse-19.pdf">A Segmented Memory Model for Symbolic Execution</a>, ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE'19) </p> <p>Yulei Sui and Jingling Xue. <a href ="http://yuleisui.github.io/publications/tse18.pdf"> Value-Flow-Based Demand-Driven Pointer Analysis for C and C++ </a>, IEEE Transaction on Software Engineering (TSE'18) </p> <p>Yulei Sui, Hua Yan, Yunpeng Zhang, Jingling Xue and Zheng Zheng. <a href ="http://yuleisui.github.io/publications/jss18.pdf"> Parallel Construction of Interprocedural Memory SSA Form</a>, Journal of Systems and Software (JSS'18)</p> <p>Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu.<a href="https://chenbihuan.github.io/paper/ccs18-chen-hawkeye.pdf"> Hawkeye: Towards a Desired Directed Grey-box Fuzzer</a>, 25th ACM Conference on Computer and Communications Security (CCS'18)</p> <p>David Trabish, Andrea Mattavelli, Noam Rinetzky and Cristian Cadar.<a href="https://srg.doc.ic.ac.uk/files/papers/chopper-icse-18.pdf"> Chopped Symbolic Execution</a>, 40th International Conference on Software Engineering (ICSE’18)</p> <p>Chung Hwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu <a href ="https://lifeasageek.github.io/papers/kim-minion.pdf">Securing Real-Time Microcontroller Systems through Customized Memory View Switching</a>, The Network and Distributed System Security Symposium (NDSS'18) </p> <p>David Gens, Simon Schmitt, Lucas Davi, and Ahmad-Reza Sadegh <a href ="https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_05A-1_Gens_paper.pdf">K-Miner: Uncovering Memory Corruption in Linux</a>, The Network and Distributed System Security Symposium (NDSS'18) </p> <p>Xiaokang Fan, Yulei Sui and Jingling Xue. <a href ="https://yuleisui.github.io/publications/issta17.pdf"> Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++ </a>, The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'17) </p> <p>Yulei Sui and Jingling Xue. <a href ="https://yuleisui.github.io/publications/fse16.pdf"> On-Demand Strong Update Analysis via Value-Flow Refinement</a>, ACM SIGSOFT International Symposium on the Foundation of Software Engineering (FSE'16)</p> <p>Yulei Sui and Jingling Xue. <a href ="https://yuleisui.github.io/publications/cc16.pdf"> SVF: Interprocedural Static Value-Flow Analysis in LLVM</a>, 25th International Conference on Compiler Construction (CC'16)</p> <p>Yulei Sui, Peng Di and Jingling Xue. <a href ="https://yuleisui.github.io/publications/cgo16.pdf"> Sparse Flow-Sensitive Pointer Analysis for Multithreaded Programs</a>, International Symposium on Code Generation and Optimization (CGO'16)</p> <p>Yulei Sui, Ding Ye, and Jingling Xue. <a href="https://yuleisui.github.io/publications/tse14.pdf"> Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis</a>, IEEE Transactions on Software Engineering (TSE'14)</p> <p>Yulei Sui, Sen Ye and Jingling Xue. <a href = "https://yuleisui.github.io/publications/sas2014.pdf"> Region-based Selective Flow-Sensitive Pointer Analysis</a>, 21th International Static Analysis Symposium (SAS'14) </p> <p>Ding Ye, Yulei Sui, and Jingling Xue. <a href = "https://yuleisui.github.io/publications/cgo14.pdf"> Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis</a>, 12th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO'14)</p> <p>Yulei Sui, Ding Ye, and Jingling Xue. <a href = "https://yuleisui.github.io/publications/issta12.pdf"> Static Memory Leak Detection Using Full-Sparse Value-Flow Analysis</a>, 2012 International Symposium on Software Testing and Analysis (ISSTA'12)</p> <h2> <a id="contacts" class="anchor" href="#contacts" aria-hidden="true"><span class="octicon octicon-link"></span></a>Contacts</h2> Any comments, contributions and collaborations are welcomed. Please contact <a href="mailto:y.sui@unsw.edu.au">Yulei Sui</a> if you have any questions. </section> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-105021663-1', 'auto'); ga('send', 'pageview'); </script> </body> </html>