C++ program-analysis

Open-source C++ projects categorized as program-analysis

Top 5 C++ program-analysis Projects

  • Triton

    Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. (by JonathanSalwan)

    Project mention: Installing Triton in fresh linux VM step-by-step guide (hairpull-free edition) | reddit.com/r/RELounge | 2022-10-12

    $ git clone https://github.com/JonathanSalwan/Triton $ cd Triton $ mkdir build $ cd build $ cmake .. $ make -j3 $ sudo make install

  • ikos

    Static analyzer for C/C++ based on the theory of Abstract Interpretation.

    Project mention: NSA Cybersecurity Information Sheet remarks on C and C++. | reddit.com/r/cpp | 2022-11-11
  • Sonar

    Free webinar: The Power of Clean C++. Are you ready to take your C++ code to the next level? Join Sonar on December 7th for our live webinar as we discuss how to get your code clean - and stay clean - with minimal effort and without being overloaded with warnings. Register now!

  • DIE-engine

    DIE engine

  • psychec

    A compiler frontend for the C programming language

    Project mention: The Jotai Benchmark Collection | reddit.com/r/Compilers | 2022-08-16

    We, at UFMG, have been working on a methodology to generate benchmarks in C. We have a working collection of benchmarks here with a bit more than 30K executable programs. Benchmarks are single functions mined from open-source repositories. We have designed a domain-specific language to generate inputs for them. We use psyche-c to infer missing types and declarations. We use kcc and AddressSanitizier to filter out as much undefined behavior as possible. We use CFGGrind to check input coverage and to count the number of instructions executed. These benchmarks can be used in many ways: to stress test compilers; to autotune predictive compilation tasks; to analyze the dynamic behavior of programs; to improve compiler optimizations; etc. We have a technical report here.

  • vast

    VAST is an experimental frontend designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction. (by trailofbits)

    Project mention: Compilers and IRS: LLVM IR, SPIR-V, and MLIR | news.ycombinator.com | 2022-10-29

    At Trail of Bits, we are creating a new compiler front/middle end for Clang called VAST [1]. It consumes Clang ASTs and creates a high-level, information-rich MLIR dialect. Then, we progressively lower it through various other dialects, eventually down to the LLVM dialect in MLIR, which can be translated directly to MLIR.

    Our goals with this pipeline are to enable static analyses that can choose the right abstraction level(s) for their goals, and using provenance, cross abstraction levels to relate results back to source code.

    Neither Clang ASTs nor LLVM IR alone meet our needs for static analysis. Clang ASTs are too verbose and lack explicit representations for implicit behaviours in C++. LLVM IR isn't really "one IR," it's a two IRs (LLVM proper, and metadata), where LLVM proper is an unspecified family of dialects (-O0, -O1, -O2, -O3, then all the arch-specific stuff). LLVM IR also isn't easy to relate to source, even in the presence of maximal debug information. The Clang codegen process does ABI-specific lowering takes high-level types/values and transforms them to be more amenable to storing in target-cpu locations (e.g. registers). This actively works against relating information across levels; something that we want to solve with intermediate MLIR dialects.

    Beyond our static analysis goals, I think an MLIR-based setup will be a key enabler of library-aware compiler optimizations. Right now, library-aware optimizations are challenging because Clang ASTs are hard to mutate, and by the time things are in LLVM IR, the abstraction boundaries provided by libraries are broken down by optimizations (e.g. inlining, specialization, folding), forcing optimization passes to reckon with the mechanics of how libraries are implemented.

    We're very excited about MLIR, and we're pushing full steam ahead with VAST. MLIR is a technology that we can use to fix a lot of issues in Clang/LLVM that hinder really good static analysis.

    [1] https://github.com/trailofbits/vast

  • Zigi

    The context switching struggle is real. Zigi makes context switching a thing of the past. It monitors Jira and GitHub updates, pings you when PRs need approval and lets you take fast actions - all directly from Slack!

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2022-11-11.

C++ program-analysis related posts


What are some of the best open-source program-analysis projects in C++? This list will help you:

Project Stars
1 Triton 2,612
2 ikos 1,731
3 DIE-engine 1,394
4 psychec 453
5 vast 83
Build time-series-based applications quickly and at scale.
InfluxDB is the Time Series Data Platform where developers build real-time applications for analytics, IoT and cloud-native services in less time with less code.