hc825b / kint Goto Github PK
View Code? Open in Web Editor NEWThis project forked from cryptolab/kint
git://g.csail.mit.edu/kint
License: GNU General Public License v3.0
This project forked from cryptolab/kint
git://g.csail.mit.edu/kint
License: GNU General Public License v3.0
See INSTALL for build instructions or download prebuilt binaries. Make sure Kint binaries are in the PATH. Preparation ----------- Kint works on LLVM bitcode. To analyze a software project, the first step is to generate LLVM bitcode. Kint provides a script called `kint-build`, which both calls gcc (or g++) and in parallel uses Clang to obtain LLVM bitcode from your source code, stored in .ll files. For example: $ cd /path/to/your/project $ kint-build make Integer overflow checker ------------------------ To find integer overflows, you can first run Kint's global analysis on the generated LLVM bitcode (the .ll files) to generate some whole-program constraints that will reduce false positives in the subsequent analysis steps. This step is optional, and if it doesn't work (e.g., due to some bug), you can skip it and continue on to the next step. This global analysis writes its output back to the LLVM bitcode .ll files, so it produces no terminal output (unless you specify the -v flag). In our example, you can run the global analysis as follows: $ find . -name "*.ll" > bitcode.lst $ intglobal @bitcode.lst Finally, run the following command in the project directory. $ pintck You can find bug reports in `pintck.txt`. Taint annotation ------------------------ To help you focus on high-risk reports, the global analysis performs taint analysis that marks values derived from untrusted inputs in the generated LLVM bitcode. You can tell Kint what is taint source by annotating the target software's source code with this intrinsic function: int __kint_taint(const char *description, value, ...); Kint will mark the second argument (value) as a taint source. 'value' can be of any integer or pointer types. The return value of __kint_taint(), if used, is also considered as a taint. For Linux kernel, for example, we redefined the macro copy_from_user() and get_user() as follows: #define copy_from_user(to, from, n) \ __kint_taint("copy_from_user", (to), from, n) #define get_user(x, ptr) \ ({ (x) = *(ptr); __kint_taint("get_user", (x)); }) To annotate sensitive contexts (taint sinks, such as allocation sizes), you should change annotateSink() in Kint's src/Annotation.cc. Each pair in the 'Allocs' array specifies a function name and which of its argument is sensitive. Kint will highlight the report if it sees a tainted and overflowed value reaches that argument. You can obtain our annotated linux kernel source as follows: $ git clone -b kint git://g.csail.mit.edu/kint-linux Tautological comparison checker ------------------------------- Tautological control flow decisions (i.e., branches that are always taken or never taken) are often indicative of bugs. To find them, simply run the following command in the project directory. $ pcmpck You can find bug reports in `pcmpck.txt`. Contact ------- If you find any bugs in Kint, feel free to contact us: you can send us email at [email protected].
Hello, what's the most suitable version of LLVM to install in order to compile kint?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.