Hacker News new | ask | show | jobs
by mechtaev 1294 days ago
Souffle Datalog is used for defining program analyses in such projects like Doop [1] for Java and cclyzer++ [2] for LLVM.

GitHub's CodeQL [3] is another Datalog dialect used for detecting bugs and vulnerabilities.

Datomic [4] is a database that uses Datalog as the query language.

[1] https://bitbucket.org/yanniss/doop/src/master/

[2] https://github.com/GaloisInc/cclyzerpp

[3] https://codeql.github.com/

[4] https://www.datomic.com/
1 comments
gavinray 1294 days ago
I'd never heard of this cclyzer tool, thanks for sharing. This looks really interesting. Know of any other tools for C/C++/JVM static analysis that folks might not be aware of?

At the moment, I use GCC's -fanalyzer, the LLVM sanitizers + static analyzer, FB's Infer, and PVS Studio.

link
yababa_y 1294 days ago
https://github.com/kframework/c-semantics while you can do static analysis with this the dynamic instrumentation of UB isnfar more thorough than ubsan
link
gavinray 1293 days ago
This is great and I'd also never seen this either -- thank you!
link