cclyzer++

cclyzer++ is a precise and scalable global pointer analysis for LLVM code. The output of cclyzer++ can be used for a variety of program analysis tasks, including:

  • Creation of callgraphs with precise handling of indirect function calls and virtual method calls

  • Precise inter-procedural control- and data-flow analysis

  • Answering may-alias and must-not-alias queries

See the design documentation for further explanation and examples of the output of cclyzer++.

cclyzer++ is field- and array-sensitive, performs on-the-fly callgraph construction, and supports many different configurations of context-sensitivity including k-callsite sensitivity. It has subset-based (Andersen style) and unification-based (Steensgaard style) analyses. cclyzer++ is written in Soufflé Datalog, and so is highly parallel. cclyzer++ was derived from cclyzer.

Documentation is also available online.

cclyzer++ is actively developed and maintained by Galois, Inc.

Note

You may also want to peruse the Release Announcement and Visual Guide to Pointer Analysis blog posts.

Indices and tables

Acknowledgments

This material is based upon work supported by the United States Air Force and Defense Advanced Research Project Agency (DARPA) under Contract No. FA8750-19-C-0004. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Air Force or DARPA. Approved for Public Release, Distribution Unlimited.