What is SVF?
SVF is a static tool that enables scalable and precise interprocedural dependence analysis for C and C++ programs. SVF allows value-flow construction and pointer analysis to be performed iteratively, thereby providing increasingly improved precision for both.
What kind of analyses does SVF provide?
- Call graph construction for C and C++ programs
- Field-sensitive Andersen's pointer analysis
- Sparse flow-sensitive pointer analysis
- Value-flow dependence analysis
- Interprocedural memory SSA
- Detecting source-sink related bugs, such as memory leaks and incorrect file-open close errors.
- An Eclipse plugin for visualizing bugs
How to setup SVF?
Please download the source code of SVF and refer to this step-by-step guide to setup SVF.
How to run SVF?
SVF analyzes a program by taking the LLVM IR of the program as its input. Please refer to this user guide to run SVF with a simple example and generate the outputs of each analysis pass in your local machine.
Alternatively, we have also prepared a virtual machine image for you to run SVF on any machine with VirtualBox installed. Please refer to this step-by-step guide to try SVF in a VM.
Please refer to this wiki documentation, doxygen code manual and the following publications to understand the internal working of SVF.
Yaohui Chen, Peng Li, Jun Xu, Shengjian Guo,Rundong Zhou, Yulong Zhang, Tao Wei, and Long Lu. SAVIOR: Towards Bug-Driven Hybrid Testing, 41st IEEE Symposium on Security and Privacy (S&P'20)
Dae R. Jeong, Kyungtae Kim, Basavesh Shivakumar, Byoungyoung Lee, and Insik Shin. RAZZER: Finding Kernel Race Bugs through Fuzzing, 40th IEEE Symposium on Security and Privacy (S&P'19)
Meni Orenbach, Yan Michalevsky, Christof Fetzer, and Mark Silberstein. CoSMIX: A Compiler-based System for Secure Memory Instrumentation and Execution in Enclaves, 2019 USENIX Annual Technical Conference (ATC'19)
Yuxiang Lei and Yulei Sui. Fast and Precise Handling of Positive Weight Cycles for Field-sensitive Pointer Analysis , 26th International Static Analysis Symposium (SAS'19)
Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang. Origin-sensitive Control Flow Integrity, 28th USENIX Security Symposium (USENIX Security'19)
Timotej Kapus and Cristian Cadar. A Segmented Memory Model for Symbolic Execution, ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE'19)
Yulei Sui and Jingling Xue. Value-Flow-Based Demand-Driven Pointer Analysis for C and C++ , IEEE Transaction on Software Engineering (TSE'18)
Yulei Sui, Hua Yan, Yunpeng Zhang, Jingling Xue and Zheng Zheng. Parallel Construction of Interprocedural Memory SSA Form, Journal of Systems and Software (JSS'18)
Hongxu Chen, Yinxing Xue, Yuekang Li, Bihuan Chen, Xiaofei Xie, Xiuheng Wu, and Yang Liu. Hawkeye: Towards a Desired Directed Grey-box Fuzzer, 25th ACM Conference on Computer and Communications Security (CCS'18)
David Trabish, Andrea Mattavelli, Noam Rinetzky and Cristian Cadar. Chopped Symbolic Execution, 40th International Conference on Software Engineering (ICSE’18)
Chung Hwan Kim, Taegyu Kim, Hongjun Choi, Zhongshu Gu, Byoungyoung Lee, Xiangyu Zhang, and Dongyan Xu Securing Real-Time Microcontroller Systems through Customized Memory View Switching, The Network and Distributed System Security Symposium (NDSS'18)
David Gens, Simon Schmitt, Lucas Davi, and Ahmad-Reza Sadegh K-Miner: Uncovering Memory Corruption in Linux, The Network and Distributed System Security Symposium (NDSS'18)
Xiaokang Fan, Yulei Sui and Jingling Xue. Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++ , The ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'17)
Yulei Sui and Jingling Xue. On-Demand Strong Update Analysis via Value-Flow Refinement, ACM SIGSOFT International Symposium on the Foundation of Software Engineering (FSE'16)
Yulei Sui and Jingling Xue. SVF: Interprocedural Static Value-Flow Analysis in LLVM, 25th International Conference on Compiler Construction (CC'16)
Yulei Sui, Peng Di and Jingling Xue. Sparse Flow-Sensitive Pointer Analysis for Multithreaded Programs, International Symposium on Code Generation and Optimization (CGO'16)
Yulei Sui, Ding Ye, and Jingling Xue. Detecting Memory Leaks Statically with Full-Sparse Value-Flow Analysis, IEEE Transactions on Software Engineering (TSE'14)
Yulei Sui, Sen Ye and Jingling Xue. Region-based Selective Flow-Sensitive Pointer Analysis, 21th International Static Analysis Symposium (SAS'14)
Ding Ye, Yulei Sui, and Jingling Xue. Accelerating Dynamic Detection of Uses of Undefined Values with Static Value-Flow Analysis, 12th Annual IEEE/ACM International Symposium on Code Generation and Optimization (CGO'14)
Yulei Sui, Ding Ye, and Jingling Xue. Static Memory Leak Detection Using Full-Sparse Value-Flow Analysis, 2012 International Symposium on Software Testing and Analysis (ISSTA'12)