ropas / Sparrow
Labels
Projects that are alternatives of or similar to Sparrow
Sparrow
Sparrow is a state-of-the-art static analyzer that aims to verify the absence of fatal bugs in C source. Sparrow is designed based on the Abstract Interpretation framework and the analysis is sound in design. Sparrow adopts a number of well-founded static analysis techniques for scalability, precision, and user convenience. This is the academic version of Sparrow that is different from the commercial version.
Build Status
| Linux | MAC OSX |
|---|---|
 |
Sparrow Dependencies
To build Sparrow, you need
- OCaml >= 4.04.0
- OPAM >= 1.2.2
- Batteries >= 2.3.1
- Cil >= 1.7.3
- Ocamlgraph >= 1.8.7
- Apron >= 0.9.10
- Yojson >= 1.2.3
- Lymp >= 0.1.3
- Ppx_compare >= 113.33
- Ppx_deriving >= 4.1
Optionally, you need the following prerequisites to use machine-learning features
- Python >= 2.7
- Scikit-learn >= 0.18
Install Sparrow with OPAM
The easiest way to install Sparrow is to use OPAM. Once you have cloned the source codes, run the build script to install the prerequisites and Sparrow:
$ git clone [email protected]:ropas/sparrow.git
$ cd sparrow
$ ./build.sh
$ eval `opam config env`
After that, you can directly run make or make install.
Optionally, you need to set up environment variables to use machine-learning features depending on the installation prefix.
$ export SPARROW_BIN_PATH= # PREFIX/bin
$ export SPARROW_DATA_PATH= # PREFIX/etc
For example, if you install Sparrow using OPAM:
$ export SPARROW_BIN_PATH=`opam config var sparrow:bin`
$ export SPARROW_DATA_PATH=`opam config var sparrow:etc`
Run the analysis
You can run Sparrow for buffer overflow detection on pre-processed C files. For example:
$ ./bin/sparrow test.i
# partially flow-sensitive analysis with degree [0-100]
$ ./bin/sparrow -pfs 10 test.i
# selectively unsound analysis with bugfinder level [0-2]
$ ./bin/sparrow -bugfinder 2 test.i