What is SVF?
SVF is a static tool that enables scalable and precise value-flow analysis for source code. SVF allows value-flow construction and pointer analysis to be performed iteratively, thereby providing increasingly improved precision for both.
For a pointer analysis framework that works for Java, we refer to Qilin.What kind of analyses does SVF provide?
- SVF IR: language-independent intermediate representation
- Code graphs, including call graph and interprocedural control-flow graph, constraint graph and value-flow graph
- A set of pointer analyses including field-sensitive, flow-sensitive, context-sensitive analyses
- Value-flow dependence analysis
- Interprocedural memory SSA
- Context-free-language reachability analysis
- Abstract execution
- Detecting source-sink related bugs, such as memory leaks and incorrect file-open close errors.
- An Eclipse plugin for visualizing bugs
License
GPLv3How to setup SVF?
Please download the source code of SVF and refer to this step-by-step guide to setup SVF.
How to run SVF?
SVF analyzes a program by taking the LLVM IR of the program as its input. Please refer to this user guide to run SVF with a simple example and generate the outputs of each analysis pass in your local machine.
Alternatively, you can also try SVF in Docker or SVF in VSCode.
Please refer to this wiki documentation and doxygen code manual to understand the internal working of SVF.
Publications and References
Please make a pull request or email us if you have a paper for this list.
Yuxiang Lei, Yulei Sui, Shuo Ding, and Qirun Zhang. Taming Transitive Redundancy for Context-Free Language Reachability. ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA'22)
Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo,Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. SAVIOR: Towards Bug-Driven Hybrid Testing, 41st IEEE Symposium on Security and Privacy (S&P'20)
Dae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, and Insik Shin. RAZZER: Finding Kernel Race Bugs through Fuzzing, 40th IEEE Symposium on Security and Privacy (S&P'19)
Meni Orenbach, Yan Michalevsky, Christof Fetzer, and Mark Silberstein. CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves, 2019 USENIX Annual Technical Conference (ATC'19)
Yuxiang Lei and Yulei Sui. Fast and Precise Handling of Positive Weight Cycles for Field-sensitive Pointer Analysis , 26th International Static Analysis Symposium (SAS'19)
Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang. Origin-sensitive Control Flow Integrity, 28th USENIX Security Symposium (USENIX Security'19)
Timotej Kapus and Cristian Cadar. A Segmented Memory Model for Symbolic Execution, ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE'19)
Yulei Sui and Jingling Xue. Value-Flow-Based Demand-Driven Pointer Analysis for C and C++ , IEEE Transaction on Software Engineering (TSE'18)
Yulei Sui, Hua Yan, Yunpeng Zhang, Jingling Xue and Zheng Zheng. Parallel Construction of Interprocedural Memory SSA Form, Journal of Systems and Software (JSS'18)
Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 25th ACM Conference on Computer and Communications Security (CCS'18)
David Trabish, Andrea Mattavelli, Noam Rinetzky and Cristian Cadar. Chopped Symbolic Execution, 40th International Conference on Software Engineering (ICSE’18)
Chung Hwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu Securing Real-Time Microcontroller Systems through Customized Memory View Switching, The Network and Distributed System Security Symposium (NDSS'18)
David Gens, Simon Schmitt, Lucas Davi, and Ahmad-Reza Sadegh K-Miner: Uncovering Memory Corruption in Linux, The Network and Distributed System Security Symposium (NDSS'18)
Xiaokang Fan, Yulei Sui and Jingling Xue. Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++ , The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'17)
Yulei Sui and Jingling Xue. On-Demand Strong Update Analysis via Value-Flow Refinement, ACM SIGSOFT International Symposium on the Foundation of Software Engineering (FSE'16)
Yulei Sui and Jingling Xue. SVF: Interprocedural Static Value-Flow Analysis in LLVM, 25th International Conference on Compiler Construction (CC'16)
Yulei Sui, Peng Di and Jingling Xue. Sparse Flow-Sensitive Pointer Analysis for Multithreaded Programs, International Symposium on Code Generation and Optimization (CGO'16)
Yulei Sui, Ding Ye, and Jingling Xue. Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis, IEEE Transactions on Software Engineering (TSE'14)
Yulei Sui, Sen Ye and Jingling Xue. Region-based Selective Flow-Sensitive Pointer Analysis, 21th International Static Analysis Symposium (SAS'14)
Ding Ye, Yulei Sui, and Jingling Xue. Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis, 12th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO'14)
Yulei Sui, Ding Ye, and Jingling Xue. Static Memory Leak Detection Using Full-Sparse Value-Flow Analysis, 2012 International Symposium on Software Testing and Analysis (ISSTA'12)