Multiplier provides precise and comprehensive code understanding capabilities. It does so by saving build artifacts into a database, and then making them persistently accessible using a C++ or Python API.
Multiplier emphasizes the ability to uniquely identify all entities in a build process, including individual tokens, AST nodes, and intermediate representations. With Multiplier, an analyst can identify code patterns of interest over one of the representations, and then accurately relay results back to humans in a readable form, or to follow-on scripts via entity IDs.
Multiplier's APIs are extensive, and often provide as-good or better-than compiler-level quality information, but linked at a whole-program granularity. We like to say that with its APIs, you can get everywhere from anywhere.
- About
- How do other indexers work, and why the normal way of indexing code is insufficient for C/C++
- Why Multiplier? What analysis challenges does Multiplier solve?
- Usage
- Writeups
- Included tools
- Find function calls inside macro argument lists
- Find possible divergent representations
- Find uses of
copy_to_user
in the Linux kernel that overwrite flexible array members - Find data structures containing self-referential pointers, such as linked lists and trees
- Find "sketchy" casts flowing to function arguments and to return sites
- Extract an entity, e.g. a function, and all of its dependencies into a file
- Highlight a specific entity within its surrounding code
- Highlight all references to an entity
- Print a call graph
- Print the reference graph
- Print a graph relating source code, macros, parsed tokens, and AST nodes
- Print the taint graph given a taint source, and treating memory dereferences as taint sinks
- Included utilities
This research was developed with funding from the Defense Advanced Research Projects Agency (DARPA). The views, opinions and/or findings expressed are those of the author and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.
Distribution Statement "A" (Approved for Public Release, Distribution Unlimited).