GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → GrammaTech → swap-detector

GrammaTech / swap-detector

Licence: MIT license
A library for detecting swapped arguments in function calls, and a Clang Static Analyzer plugin used to demonstrate the library.

Programming Languages

c
50402 projects - #5 most used programming language

Labels

analysisstatic-analysiscode-analysis

Projects that are alternatives of or similar to swap-detector

Phpmnd
PHP Magic Number Detector
Stars: ✭ 431 (+2168.42%)
Mutual labels:  analysis, static-analysis
Structured Acceptance Test
An open format definition for static analysis tools
Stars: ✭ 10 (-47.37%)
Mutual labels:  analysis, static-analysis
Security Code Scan
Vulnerability Patterns Detector for C# and VB.NET
Stars: ✭ 550 (+2794.74%)
Mutual labels:  analysis, static-analysis
Detekt
Static code analysis for Kotlin
Stars: ✭ 4,169 (+21842.11%)
Mutual labels:  analysis, static-analysis
Htmlhint
⚙️ The static code analysis tool you need for your HTML
Stars: ✭ 2,723 (+14231.58%)
Mutual labels:  analysis, code-analysis
Go Ruleguard
Define and run pattern-based custom linting rules.
Stars: ✭ 402 (+2015.79%)
Mutual labels:  analysis, static-analysis
Sonar Java
☕️ SonarSource Static Analyzer for Java Code Quality and Security
Stars: ✭ 745 (+3821.05%)
Mutual labels:  analysis, static-analysis
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (+1236.84%)
Mutual labels:  analysis, static-analysis
Zpa
A parser and source code analyzer for PL/SQL and Oracle SQL.
Stars: ✭ 124 (+552.63%)
Mutual labels:  analysis, static-analysis
Analyzer
🔍 Offline Analyzer for extracting features, artifacts and IoCs from Windows, Linux, Android, iPhone, Blackberry, macOS binaries, emails and more
Stars: ✭ 108 (+468.42%)
Mutual labels:  analysis, static-analysis
Exakat
The Exakat Engine : smart static analysis for PHP
Stars: ✭ 346 (+1721.05%)
Mutual labels:  analysis, static-analysis
SDA
SDA is a rich cross-platform tool for reverse engineering that focused firstly on analysis of computer games. I'm trying to create a mix of the Ghidra, Cheat Engine and x64dbg. My tool will combine static and dynamic analysis of programs. Now SDA is being developed.
Stars: ✭ 98 (+415.79%)
Mutual labels:  analysis, static-analysis
Horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (+1536.84%)
Mutual labels:  analysis, static-analysis
Binee
Binee: binary emulation environment
Stars: ✭ 408 (+2047.37%)
Mutual labels:  analysis, static-analysis
Chronos
Chronos - A static race detector for the go language
Stars: ✭ 272 (+1331.58%)
Mutual labels:  analysis, static-analysis
Phan
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Stars: ✭ 5,194 (+27236.84%)
Mutual labels:  analysis, static-analysis
MalScan
A Simple PE File Heuristics Scanners
Stars: ✭ 41 (+115.79%)
Mutual labels:  analysis, static-analysis
Static Analysis
⚙️ A curated list of static analysis (SAST) tools for all programming languages, config files, build tools, and more.
Stars: ✭ 9,310 (+48900%)
Mutual labels:  analysis, static-analysis
Codechecker
CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy
Stars: ✭ 1,209 (+6263.16%)
Mutual labels:  analysis, static-analysis
Dg
[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Stars: ✭ 242 (+1173.68%)
Mutual labels:  analysis, static-analysis
View All Similar Projects ➔

Swap Detector

Module that checks for swapped arguments in function calls. For instance, the library can be used to detect swaps in code like:

/* Apparent swap of 'e' and 'n' based on parameter names. */
RSA_get0_key(rkey, &e, &n, NULL);

Prerequisites

  • CMake 3.10
  • GCC 7 or Visual Studio 2017
  • If enabling Clang plugin support: Clang 10 source

Getting Started

Setup for building Clang

  • Check out Clang from git.
git clone https://github.com/llvm/llvm-project.git
git checkout llvmorg-10.0.0
  • Build and install LLVM.
mkdir llvm-build; pushd llvm-build
cmake -G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo -DLLVM_ENABLE_ASSERTIONS=1 -DLLVM_TARGETS_TO_BUILD=X86 -DLLVM_INSTALL_UTILS=1 -DLLVM_ENABLE_PROJECTS=clang -DLLVM_TOOL_CLANG_BUILD=1 -DCMAKE_INSTALL_PREFIX=$PWD/../llvm-install ../llvm-src
cmake --build . --target check-clang
cmake --build . --target install
popd
  • Install lit. Optional but required to be able to run tests.
pip install --user lit
export PATH=$PATH:$HOME/.local/bin

Use cmake to build the plugin

mkdir build; cd build
cmake -G Ninja -DLLVM_EXTERNAL_LIT=$(which lit) -DSWAPPED_ARGS_BUILD_CLANG_PLUGIN=ON -DCMAKE_PREFIX_PATH=$PWD/../../llvm-install/lib/cmake ~/path/to/swap-detector
cmake --build . --target check-all

Notes

If you don't have Ninja installed, you can use -G "Unix Makefiles" to generate makefiles instead and build using make -j.

There is a linker warning about use of tmpnam. This API is only used by the testing infrastructure to generate a temporary statistics database, and is not used as part of the swapped argument checker API.

Example

../../llvm-install/bin/scan-build -load-plugin lib/SwapDetectorPlugin.so -enable-checker gt.SwapDetector -analyzer-config gt.SwapDetector:ModelPath=sample.db clang++ ~/dummy.cpp

The root directory of the repository has a sample database, named sample.db, which can be used to explore the behavior of the library. This database is not complete (it only covers ten functions), but does contain statistically useful information about the functions it covers.

Configuration Options

Option Description
SWAPPED_ARGS_BUILD_CLANG_PLUGIN Enables building the Clang plugin. Default: ON
SWAPPED_ARGS_BUILD_TESTS Enables building tests. Default: ON
SWAPPED_ARGS_BUILD_PYTHON Enables building the Python extension. Default: Off
SWAPPED_ARGS_INSTALL_PYTHON Enables installing the Python extension if it's been built. Default: Off

Automatic Downloads

As part of the CMake configuration, the latest master branch of googletest is downloaded and built if testing functionality is enabled.

Testing

To run the C++ unit tests, ensure that SWAPPED_ARGS_BUILD_TESTS is not disabled when configuring the cmake project. The TestSwappedArgsCpp executable will be generated on successful build and can be run to perform unit testing.

To run the Clang plugin tests, you can execute cmake --build . --target check-all from the CMake build directory.

Research Paper

We expand on the concepts and algorithms behind Swap Detector in a research paper, published in the 2020 IEEE Source Code Analysis and Manipulation Conference. Note that not all algorithms, heuristics, and features described in the research paper are present in this implementation.

Acknowledgements

This material is based on research sponsored by the Department of Homeland Security (DHS) Office of Procurement Operations, S&T acquisition Division via contract number 70RSAT19C00000056. The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the Department of Homeland Security.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].