Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Clog : A Declarative Language for C Static Code Checkers

Dura, Alexandru LU orcid and Reichenbach, Christoph LU orcid (2024) 33rd ACM SIGPLAN International Conference on Compiler Construction, CC 2024 p.186-197
Abstract

We present Clog, a declarative language for describing static code checkers for C. Unlike other extensible state-of-the-art checker frameworks, Clog enables powerful interprocedural checkers without exposing the underlying program representation: Clog checkers consist of Datalog-style recursive rules that access the program under analysis via syntactic pattern matching and control flow edges only. We have implemented Clog on top of Clang, using a custom Datalog evaluation strategy that piggy-backs on Clang’s AST matching facilities while working around Clang’s limitations to achieve our design goal of representation independence. Our experiments demonstrate that Clog can concisely express a wide variety of checkers for different... (More)

We present Clog, a declarative language for describing static code checkers for C. Unlike other extensible state-of-the-art checker frameworks, Clog enables powerful interprocedural checkers without exposing the underlying program representation: Clog checkers consist of Datalog-style recursive rules that access the program under analysis via syntactic pattern matching and control flow edges only. We have implemented Clog on top of Clang, using a custom Datalog evaluation strategy that piggy-backs on Clang’s AST matching facilities while working around Clang’s limitations to achieve our design goal of representation independence. Our experiments demonstrate that Clog can concisely express a wide variety of checkers for different security vulnerabilities, with performance that is similar to Clang’s own analyses and highly competitive on real-world programs.

(Less)
Please use this url to cite or link to this publication:
author
and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
C, Datalog, Static Analysis Frameworks, Syntactic Patterns
host publication
CC 2024 - Proceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction
editor
Rodriguez, Gabriel ; Sadayappan, P. and Sukumaran-Rajam, Aravind
pages
12 pages
publisher
Association for Computing Machinery (ACM)
conference name
33rd ACM SIGPLAN International Conference on Compiler Construction, CC 2024
conference location
Edinburgh, United Kingdom
conference dates
2024-03-02 - 2024-03-03
external identifiers
  • scopus:85187234961
ISBN
9798400705076
DOI
10.1145/3640537.3641579
project
WASP startup package Christoph Reichenbach
Performance bug detection through combined static and dynamic program analysis
language
English
LU publication?
yes
additional info
Publisher Copyright: © 2024 Copyright held by the owner/author(s).
id
99e3fdd2-8a10-4910-9e63-e1bf0eb5fcb7
date added to LUP
2024-03-21 10:12:28
date last changed
2024-03-21 16:17:21
@inproceedings{99e3fdd2-8a10-4910-9e63-e1bf0eb5fcb7,
  abstract     = {{<p>We present Clog, a declarative language for describing static code checkers for C. Unlike other extensible state-of-the-art checker frameworks, Clog enables powerful interprocedural checkers without exposing the underlying program representation: Clog checkers consist of Datalog-style recursive rules that access the program under analysis via syntactic pattern matching and control flow edges only. We have implemented Clog on top of Clang, using a custom Datalog evaluation strategy that piggy-backs on Clang’s AST matching facilities while working around Clang’s limitations to achieve our design goal of representation independence. Our experiments demonstrate that Clog can concisely express a wide variety of checkers for different security vulnerabilities, with performance that is similar to Clang’s own analyses and highly competitive on real-world programs.</p>}},
  author       = {{Dura, Alexandru and Reichenbach, Christoph}},
  booktitle    = {{CC 2024 - Proceedings of the 33rd ACM SIGPLAN International Conference on Compiler Construction}},
  editor       = {{Rodriguez, Gabriel and Sadayappan, P. and Sukumaran-Rajam, Aravind}},
  isbn         = {{9798400705076}},
  keywords     = {{C; Datalog; Static Analysis Frameworks; Syntactic Patterns}},
  language     = {{eng}},
  month        = {{02}},
  pages        = {{186--197}},
  publisher    = {{Association for Computing Machinery (ACM)}},
  title        = {{Clog : A Declarative Language for C Static Code Checkers}},
  url          = {{http://dx.doi.org/10.1145/3640537.3641579}},
  doi          = {{10.1145/3640537.3641579}},
  year         = {{2024}},
}