Clang and Coccinelle: Synergising program analysis tools for CERT C Secure Coding Standard certification

Authors

  • Mads Olesen
  • Rene Hansen
  • Julia Lawall
  • Nicolas Palix

DOI:

https://doi.org/10.14279/tuj.eceasst.33.455

Abstract

Writing correct C programs is well-known to be hard, not least due to the many language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve on this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard”, that (in the current version) enumerates 118 rules and 182 recommendations with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system is in compliance with the standard. In this paper we report on ongoing work on integrating two state of the art analysis tools, Clang and Coccinelle, into a combined tool well suited for analysing and certifying C programs according to, e.g., the CERT C Secure Coding standard or the MISRA (the Motor Industry Software Reliability Assocation) C standard. We further argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Clang is the C frontend for the LLVM compiler/virtual machine project which includes a comprehensive set of static analyses and code checkers. Coccinelle is a program transformation tool and bug-finder developed originally for the Linux kernel, but has been successfully used to find bugs in other Open Source projects such as WINE and OpenSSL.

Downloads

Published

2010-12-10

How to Cite

[1]
M. Olesen, R. Hansen, J. Lawall, and N. Palix, “Clang and Coccinelle: Synergising program analysis tools for CERT C Secure Coding Standard certification”, eceasst, vol. 33, Dec. 2010.