Monthly Archives: September 2008

C Statical Analysis Tools

This week I’ve been researching on some statical analysis tools for C language that suits the needs of the project I’m currently working on at LSD-FI-UPM.

Here is a summary of what I’ve found out.

CIL: Intermediate Language and Tools for Analysis and Transformations of C Programs

It’s suitable, but the transformations have to be written in Ocaml.

From the CIL Documentation:

The most common way to use CIL is to write an Ocaml module containing your analysis and transformation, which you then link into our boilerplate driver application called cilly.

It’s possible to use it as a library, but the API is also for Ocaml projects.

CIL is able to handle big projects, through a module they call the whole-program merger. It’s not explicitly mentioned if it’s able to handle shared libs, but it seems so, since it was able to handle some very big projects like the Linux kernel, the gcc compiler and the Apache web server.

It has a Control Flow Graph module and a Data-flow Analysis module, but the paper says that they were not as much exercised as the other parts of CIL.


Written using CIL, has the same drawback that the extensions have to be written in Ocaml.


Clang is the C/C++ front-end of the LLVM compiler. It’s under heavy development, and since it’s intended use is real world compiling, we can expect to have a very good and complete tool. It’s development is founded by Apple Inc. Clang is built with a library based architecture that makes it relatively easy to adapt it and build new tools with it. These are some of it’s layers:

  • libast – Provides classes to represent the C AST, the C type system, builtin functions, and various helpers for analyzing and manipulating the AST (visitors, pretty printers, etc).l
  • libsema – Semantic Analysis. This provides a set of parser actions to build a standardized AST for programs.
  • librewrite – Editing of text buffers (important for code rewriting transformation, like refactoring).
  • libcodegen – Lower the AST to LLVM IR for optimization & code generation.

It fails to compile on my machine at the lab, so I compiled it at my laptop and was able to generate CFG’s for parts of a program, but not for the whole program. Also, I wasn’t able to control exactly for witch parts of the program the CFG’s were generated.


It’s a tool intended for compilers construction. It seems to suit the project needs, but it’s not available for download on the project page. One need to contact the authors in order to get the tool. In the CIL paper, it’s author says that C-Breeze doesn’t support analyzing programs that span over multiple files, but I haven’t checked this issue.


The documentation of this tool is a bit confusing. It seems to do a lot of stuff, the documentation mentions AST’s but it doesn’t say nothing about CFG’s or call graphs, so I’m not sure if it’s suitable for the project or no. In the CIL paper, the author says it can’t handle many of the GCC extensions, so it can’t analyze real-world programs.


Right now, it seems to me that LLVM/Clang is the best choice. I still have to figure out how to generate call-graphs using it, but I think it’s possible. Another choice wouId be CIL, but since I’ve never used Ocaml, and don’t have a strong basis on functional languages, I prefer to avoid it. If someone has any sugestions on other tools, or pointers on more detailed info regarding these tools (specially LLVM/Clang), please leave a comment.

GSoC 2008

This year I’ve participated in the Google Summer of Code program. Despite the fact that wasn’t summer in the southern hemisphere, everything happened as expected. I’ve worked with BlueZ as my mentoring organization, and my project was to add bluetooth support to the PulseAudio sound server. The abstract of my application can be found here.

The implementation was made through 2 modules: module-bluetooth-device and module-bluetooth-discover. The latter connects to BlueZ through D-Bus to find out what devices have already been paired with each adapter present on the system, and the loads one instance of the module-bluetooth-device for each device found (in contrast to linux kernel modules, PulseAudio modules can be loaded more than once at the same time). It also keeps watching for new adapters and devices, so it can load a module to take care of each new device that shows up.

The former, module-bluetooth-device, is the one who actually does the job of creating the bluetooth audio channel in PulseAudio. First, it connects to the BlueZ audio service through one unix socket to obtain the device capabilities. Then it configures the device according to it’s capabilities, setup the SBC encoder (if applicable) and obtain a file descriptor to write audio data to the device. This fd is passed to a PulseAudio I/O thread (which runs with real time priorities if the user has real time privileges properly set), which gets the audio data coming to this sink (sink is the name of an output channel in PulseAudio), encode it (if applicable) and write it on the device fd. Also, the I/O thread has to take care of the clock synchronization between PulseAudio an the device.

I really enjoyed doing this job. Working with an open source community is outstanding! I’ve learned a lot during the program, made good contacts, and the most important: had a lot of fun! I would like to thank a lot my mentor, Luiz Augusto von Dentz, and the PulseAudio maintainer, Lennart Poettering. Without the help of these two guys I wouldn’t have been able to finish this project. And of course I have to thank Google for helping FLOSS develpment throug this program and LH for making the program happen and for being so kind and patient with all the students. LH, you rock!

I’ll continue working on this project, since there still a lot to be done. Time synchronization is not the best and the usability is far from ideal. I have a git repository for this on gitorious, on an branch called bt. Feel free to point bugs and make sugestions. Also, if you really enjoyed the project and want to help more, I accept donations of A2DP, HSP, or HFP bluetooth audio devices, for test and development. All of this was made so far with a borrowed device from my good friend João Eduardo Ferreira Bertacchi (thanks JE!). The oficial release note on the BlueZ website about this project can be found here.

Hello world!

Welcome to my weblog. Here I plan to publish some techie stuff, especially news about projects I’m working on and maybe some articles and reviews. And in the middle of all of this, maybe some thoughts or interesting things I’ve seen somewhere.

Bem vindo ao meu weblog. Aqui eu planejo publicar coisas técnicas, especialmente novidades sobre os projetos nos quais estou trabalhando e talvez alguns artigos e análises. E no meio de tudo isso, talvez alguns pensamentos ou coisas interessantes que eu tenha visto em algum lugar.

Bienvenido a mi weblog. Aqui yo planejo publicar cosas tecnicas, especialmente novidads sobre los proyectos en que estoy trabajando y talvez alguns articulos y analisys. Y en el medio de todo eso, talvez alguns pensamientos o cosas interesantes que yo tenga visto en algun sitio.