0

I need to perform static taint analysis on my C program. I tried using Splint, no luck. Are there any other open source or freeware tools that are available to perform taint analysis?

If yes, can you please also mention about the way to use it or refer to any link. Appreciate your help. Thanks

Romaan
  • 2,645
  • 5
  • 32
  • 63

3 Answers3

1

Searching google I have found the following that support taint analysis for C programs:

  1. http://code.google.com/p/tanalysis/
  2. http://www.cs.umd.edu/~jfoster/cqual/ -- see their printf format string example
reece
  • 7,945
  • 1
  • 26
  • 28
  • thanks for your help. I have tried both the links before. The first depends on frama-c. Frama-c however gets installed, but STAC that is mentioned in link 1 fails to install due to obsolete library packages. Similarly, I have also tried with cqual. It says linux/config.h is missing. I tried this on both linux and solaris. No luck :( Appreciate your suggestions – Romaan Nov 01 '12 at 23:01
  • @Romaan If it really matters to you, you could go to the length of installing (or making sure you have) a version of OCaml that compiles the version of Frama-C STAC was designed for, then install the version of Frama-C STAC was designed for, then install STAC. – Pascal Cuoq Nov 18 '12 at 20:47
0

I haven't tried it, but taintgrind (for Valgrind) is probably where I would start. It's on GitHub and seems reasonably "alive".

unwind
  • 391,730
  • 64
  • 469
  • 606
  • But I am wanting a static taint analysis and isnt Valgrind based on dynamic taint analysis? – Romaan Nov 01 '12 at 13:44
  • @Romaan Oops, my bad. I tried deleting this answer, since it's clearly wrong, but I can't since you accepted it. :/ – unwind Nov 01 '12 at 14:40
  • I accepted the answer because there was no better one. Please try deleting it again. I have unchecked the accepted answer option.. Thanks for your help – Romaan Nov 01 '12 at 22:59
0

You can use SAINT: a static taint analysis tool for C to perform static taint analysis on C programs.

The tool is still in development.

Xavier
  • 1
  • 1