KT Advance Memory Safety Analyzer for C
The software in this repository is restricted to those explicitly
given access by Kestrel Technology.
IDENTIFICATION AND ASSERTION OF RESTRICTIONS ON THE GOVERNMENT’S USE,
RELEASE, OR DISCLOSURE OF TECHNICAL DATA AND COMPUTER SOFTWARE
Rights In Technical Data—Noncommercial Items
FAR Supplement: 252.227-7013
Platform: macOS or Linux
The KT Advance C Source Analyzer consists of two parts that are run separately and may be run on different platforms:
parseFile); this program is an extension of the CIL parser-front end, developed by George Necula at UC Berkeley, and now maintained by INRIA, France;the KT Advance Analyzer (ktadvance); this program generates the proof obligations, and performs invariant generation by abstract interpretation to discharge the proof obligations.
Both programs are provided in executable form for macOS (suffix mac) and Linux (suffix linux). The correct version for your platform is set automatically in the bin/Config.py file.
Utility Program: The front-end parser makes use of the utility bear to record and replay the actions performed by the makefile when compiling an application. This utility is usually available via a package manager.
Other Dependencies: The analyzer and the Python scripts make use of JAR files, which require a working Java installation.
This repository is organized as follows:
README file that describes the origin and structure of the test cases in that directory.The analysis consists of two phases that may be performed on different platforms:
Parsing: This phase takes as input the original source code, a Makefile (if there is more than
one source file), and, in case of library includes, the library header files resident on the system.
This phase produces as output a set of XML files that completely capture the semantics of the application, and are the sole input for the Analysis phase.
Because of the dependency on the resident system library header files it is generally recommended to perform this phase of the analysis on a Linux system, because of its more standard library environment than macOS (the CIL parser also may have issues with some of the Darwin constructs on macOS).
Analysis: This phase takes as input the XML files produced by the parsing phase. As long as the source code is not modified, the analysis can be run several times without having to repeat the parsing step. The Analysis step can be run on either macOS or Linux, independently of where the parsing step was performed, as it operates solely on the XML files produced and is not dependent on any external programs or library headers.
For several of the test cases in tests/sard/kendra and for all of the test cases in tests/sard/juliet_v1.2
the parsing step has already been performed (on Linux) and the results are checked in in files namedsemantics_linux.tar.gz. These gzipped tar files contain all XML files necessary for the analysis, and thus to analyze these files the parsing phase can be skipped altogether.
At this point all interactions with the KT Advance C Analyzer are
performed via Python scripts, from the command line. It is recommended
to use Python 2.7. (Most of the Python code is compatible with
Python 3.x, but some file system interactions may not be at this
point).
All scripts to interact with the analyzer are in the directoryktadvance/advance/cmdline. This directory has a few subdirectories
with scripts dedicated to some of the test sets in the ktadvance/tests
directory, as follows:
tests/sard/kendratests/sard/zitser (quickstart instructions)tests/sard/juliet-1.3 (quickstart instructions)The remaining two subdirectories in the advance/cmdline directory
contain scripts that can be used to parse, analyze, and
report on new files and projects: