User:Dswilkerson/Oink (C/C++ analysis framework)

Oink is an Open Source analysis framework for C and C++ based on the Elsa C and C++ front-end.

Oink is a framework for and a collection of (a "collaboration") of C++ static analysis tools. The C/C++ front-end for Oink is Elsa by  Scott McPeak. Currently the main tool provided by Oink is CQual++, a polymorphic whole-program dataflow analysis for C++.

Oink aims to be


 * industrial-strength for immediate utility in finding bugs,
 * extensible for ease in adding backends, and
 * composable for ease in combining existing backends.

Oink computes both


 * expression-level and type-level dataflow, and
 * statement-level intra-procedural controlflow (by delegating to Elsa)

Oink also comes with a client of the dataflow analysis that does type qualifier inference: Cqual++, a C/C++ frontend for Cqual. Whole-program analyses may be attempted using the linker imitator.

History and previous work
Oink was implemented at the University of California, Berkeley.

Cqual was the original tool that lead to the development of Oink/Cqual++. Cqual++ is not really a fork or a second version of Cqual as everything was completely re-written; however the design was informed by the close connection with the Cqual developers.

The Oink front-end, Elsa, is completely original work by Scott McPeak, whereas the Cqual front-end was a version of gcc 2.8.1 hacked by David Gay.

The qualifier dataflow backend, libqual, is a polymorphic re-implementation by Rob Johnson of  Jeff Foster monomorphic backend. The oink dataflow analysis was written by Daniel S. Wilkerson and is separate from the libqual backend so that it can be re-used. Only David Gay's libregion library was re-used as-is.

Significant testing, bug fixes, and optimizations and generalizations were made by Karl Chen starting late February 2006 making Oink much more industrial strength.

The original work on Cqual was supported by Alex Aiken. The work on Oink and Cqual++ was supported by Alex Aiken and David Wagner.

Articles
The following articles used the Oink infrastructure.


 * Large-Scale Analysis of Format String Vulnerabilities in Debian Linux. Karl Chen and David Wagner. In Proceedings of the ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS 2007), June 14, 2007.
 * Preventing Secret Leakage from fork: Securing Privilege-Separated Applications. Umesh Shankar and David Wagner. In Proceedings of the 2006 IEEE International Conference on Communications (Network Security and Information Assurance Symposium at ICC 2006), June 2006.
 * Scrash: A System for Generating Secure Crash Information. Pete Broadwell, Matthew Harren, and Naveen Sastry. In Proceedings of the 12th USENIX Security Symposium, August 2003.