Hi I hope this is the right mailing list to ask some questions related to the llvm. I am new to llvm and I decided to use llvm to conduct static analysis of the linux kernel( mostly on the TCP/IP stack). One thing is that whether llvm support static taint analysis. Could you please give me some examples if you have or do I have to implement it by myself. If so, any suggestions available? My requirements is to do some model checking and pattern checking on the linux source code and static taint analysis might solve it. Thanks Regards Muhui -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20161229/37c9e084/attachment.html>
John Criswell via llvm-dev
2016-Dec-29 15:28 UTC
[llvm-dev] Static analysis on TCP/IP stack
On 12/29/16 3:52 AM, Muhui Jiang via llvm-dev wrote:> Hi > > I hope this is the right mailing list to ask some questions related to > the llvm. I am new to llvm and I decided to use llvm to conduct static > analysis of the linux kernel( mostly on the TCP/IP stack). One thing > is that whether llvm support static taint analysis. Could you please > give me some examples if you have or do I have to implement it by > myself. If so, any suggestions available?To the best of my knowledge, there is no static information flow analysis for LLVM IR. There might be a taint analysis for Clang ASTs, but someone else will need to comment on that. For LLVM IR, you'll need to write your own.> > My requirements is to do some model checking and pattern checking on > the linux source code and static taint analysis might solve it. ThanksTaint analysis through SSA values should be relatively straightforward to implement; the in-memory LLVM IR provides iterators that allow you to iterate through all uses of a value. Taint analysis through values stored in memory (e.g., loads, stores) will require alias analysis or points-to analysis. For that, you might try Type-Based Alias Analysis (TBAA) or DSA. TBAA is included with LLVM. DSA is in a sub-project; an updated version can be found at https://github.com/jtcriswell/llvm-dsa. Regards, John Criswell> > Regards > Muhui > > > _______________________________________________ > LLVM Developers mailing list > llvm-dev at lists.llvm.org > http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev-- John Criswell Assistant Professor Department of Computer Science, University of Rochester http://www.cs.rochester.edu/u/criswell -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20161229/af7e135c/attachment.html>