Is there a static analysis tool to compute use-define chains?
I'm looking for a s开发者_JAVA百科tatic analysis tool for C that performs dataflow analysis and computes use-define chains (preferably a command line tool). So far I have tried CIL, clang, lint, goanna and a few other static analysis tools, but none of them compute use-define chains. I also prefer not to work at the IR level (such as LLVM) but if the IR isn't too complex it could be fine. Is there any tool that satisfies my requirements?
Thanks!
The Frama-C platform has plugins that compute def/use and can be used in batch mode from the command line.
Our DMS Software Reengineering Toolkit with its C Front End can provide this.
DMS provides basic parsing and flow analysis machinery; the C Front End provides DMS with the details of the C language including where the data flows originate/sink. The def-use chains are provided as links between AST nodes representing assignments and AST nodes representing sinks. The variables in question can be found in the symbol table easily.
See a discussion of various types of DMS-extractable flows.
Cil can do it if you have read the kernel code as usedef.ml and reachingDef.ml may help.
精彩评论