Zigi makes context switching a thing of the past. It monitors Jira and GitHub updates, pings you when PRs need approval and lets you take fast actions - all directly from Slack! Learn more →
Top 5 C++ program-analysis Projects
Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code. (by JonathanSalwan)Project mention: Installing Triton in fresh linux VM step-by-step guide (hairpull-free edition) | reddit.com/r/RELounge | 2022-10-12
$ git clone https://github.com/JonathanSalwan/Triton $ cd Triton $ mkdir build $ cd build $ cmake .. $ make -j3 $ sudo make install
Static analyzer for C/C++ based on the theory of Abstract Interpretation.Project mention: NSA Cybersecurity Information Sheet remarks on C and C++. | reddit.com/r/cpp | 2022-11-11
Free webinar: The Power of Clean C++. Are you ready to take your C++ code to the next level? Join Sonar on December 7th for our live webinar as we discuss how to get your code clean - and stay clean - with minimal effort and without being overloaded with warnings. Register now!
A compiler frontend for the C programming languageProject mention: The Jotai Benchmark Collection | reddit.com/r/Compilers | 2022-08-16
We, at UFMG, have been working on a methodology to generate benchmarks in C. We have a working collection of benchmarks here with a bit more than 30K executable programs. Benchmarks are single functions mined from open-source repositories. We have designed a domain-specific language to generate inputs for them. We use psyche-c to infer missing types and declarations. We use kcc and AddressSanitizier to filter out as much undefined behavior as possible. We use CFGGrind to check input coverage and to count the number of instructions executed. These benchmarks can be used in many ways: to stress test compilers; to autotune predictive compilation tasks; to analyze the dynamic behavior of programs; to improve compiler optimizations; etc. We have a technical report here.
VAST is an experimental frontend designed for program analysis of C and C++. It provides a tower of IRs as MLIR dialects to choose the best fit representations for a program analysis or further program abstraction. (by trailofbits)Project mention: Compilers and IRS: LLVM IR, SPIR-V, and MLIR | news.ycombinator.com | 2022-10-29
At Trail of Bits, we are creating a new compiler front/middle end for Clang called VAST . It consumes Clang ASTs and creates a high-level, information-rich MLIR dialect. Then, we progressively lower it through various other dialects, eventually down to the LLVM dialect in MLIR, which can be translated directly to MLIR.
Our goals with this pipeline are to enable static analyses that can choose the right abstraction level(s) for their goals, and using provenance, cross abstraction levels to relate results back to source code.
Neither Clang ASTs nor LLVM IR alone meet our needs for static analysis. Clang ASTs are too verbose and lack explicit representations for implicit behaviours in C++. LLVM IR isn't really "one IR," it's a two IRs (LLVM proper, and metadata), where LLVM proper is an unspecified family of dialects (-O0, -O1, -O2, -O3, then all the arch-specific stuff). LLVM IR also isn't easy to relate to source, even in the presence of maximal debug information. The Clang codegen process does ABI-specific lowering takes high-level types/values and transforms them to be more amenable to storing in target-cpu locations (e.g. registers). This actively works against relating information across levels; something that we want to solve with intermediate MLIR dialects.
Beyond our static analysis goals, I think an MLIR-based setup will be a key enabler of library-aware compiler optimizations. Right now, library-aware optimizations are challenging because Clang ASTs are hard to mutate, and by the time things are in LLVM IR, the abstraction boundaries provided by libraries are broken down by optimizations (e.g. inlining, specialization, folding), forcing optimization passes to reckon with the mechanics of how libraries are implemented.
We're very excited about MLIR, and we're pushing full steam ahead with VAST. MLIR is a technology that we can use to fix a lot of issues in Clang/LLVM that hinder really good static analysis.
The context switching struggle is real. Zigi makes context switching a thing of the past. It monitors Jira and GitHub updates, pings you when PRs need approval and lets you take fast actions - all directly from Slack!
C++ program-analysis related posts
Compilers and IRS: LLVM IR, SPIR-V, and MLIR
2 projects | news.ycombinator.com | 29 Oct 2022
Installing Triton in fresh linux VM step-by-step guide (hairpull-free edition)
2 projects | reddit.com/r/RELounge | 12 Oct 2022
Rizin 0.3.0 is !now available and also Cutter 2.0.3 is out!
2 projects | reddit.com/r/rizin | 25 Sep 2021
(x-post) Why static analysis on C projects is not widespread already?
1 project | reddit.com/r/embedded | 19 Mar 2021
Some Were Meant For C [pdf]
2 projects | news.ycombinator.com | 1 Mar 2021
A note from our sponsor - Zigi
www.zigi.ai | 30 Nov 2022
What are some of the best open-source program-analysis projects in C++? This list will help you: