Skip to content
/ y2k38-checker Public

Clang Static Analyzer plugin which detects the Y2K38 bug in 64bit enviroment

2 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

cysec-lab/y2k38-checker

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

157 Commits
.devcontainer
.devcontainer
 
 
.vscode
.vscode
 
 
checker
checker
 
 
dataset
dataset
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

y2k38-checker

Paper

y2k38-checker is a tool that identifies and reports code with potential Year 2038 problem issues in C language source code.

Check List

Check list ID Description
read-fs-timestamp Since the file timestamp attributes of ext2/3, XFS (versions prior to Linux 5.10), ReiserFS are 32-bit signed integers, programs that read file timestamps in these environments may be affected by the Y2K38.
write-fs-timestamp Since the file timestamp attributes of ext2/3, XFS (versions prior to Linux 5.10), ReiserFS are 32-bit signed integers, programs that write file timestamps in these environments may be affected by the Y2K38.
timet-to-int-downcast Since in many environments the int type is a 32-bit signed integer, there is a possibility that downcasting from time_t type to int may be affected by the Y2K38.
timet-to-long-downcast Since in many environments the int type is a 32-bit signed integer, there is a possibility that downcasting from time_t to long may be affected by the Y2K38.

How to use

Requirements:

  • Docker / Docker Compose
  • OS: Ubuntu (TODO: macOS / Windows)

Setup

  1. Download the releases.

  2. Unzip the downloaded file.

    unzip y2k38-checker-<version>.zip

    Then, the following directory structure is created.

    y2k38-checker/
├── checker/
│ ├── bin/y2k38-checker  # detection tool binary
│ ├── lib/               # Clang plugin library
│ └── scripts/           # scripts for running the detection tool
├── dataset/             # example for C source code
├── volumes/             # target source code
└── .devcontainer/
  ├── Dockerfile
  ├── docker-compose.yml
  └── devcontainer.json

  3. Add the path of the created the directory in .devcontainer/docker-compose.yml

    services:
   y2k38-checker-app:
      build:
         context: ..
         dockerfile: .devcontainer/Dockerfile
      tty: true
      volumes:
         - ..:/root/y2k38-checker/volumes/
         - type: bind
-          source: /home/cysec/develop/.y2k38-checker/analysis-objects/
+          source: <path/to/dir>
         target: /root/analysis-objects

  4. Build & Run the docker container with CLI or DevContainer

    cd y2k38-checker
docker-compose build # only first time
docker-compose run y2k38-checker

    Alternatively, start it in the devcontainer of VSCode.

  5. Run the detection tool with the following command.

Run as script

Check the source code in the volumes/ directory with the detection tool. If the option --consent is specified, the analysis results will be used for research purposes.

python3 run.py --consent
python3 ./checker/script/run.py --help
# Usage: python3 run.py [option]

# Options:
#   -h, --help     Print this help message and exit
#   --consent <Yes/No>      Consent: Agree to the use of analysis results in our research

Run as standalone tool

./checker/bin/check-y2k38 --help

# Usage: check-y2k38 [options] <source0>
#
# Options:
#   -h, --help                      - Print this help message and exit
#   -v, --version                   - Print the version number and exit
#   -p=<build-path>                 - Path to a compile_commands.json file
#
# Example:
#   ./check-y2k38 -p=path/to/compile_commands.json

Run as a Clang plugin

clang -fplugin=./lib/libread-y2k38-checker-plugin.so -c <file>.c

Development

Setup

  1. Clone the repository

    git clone https://github.com/cysec-lab/y2k38-checker.git

  2. Create the directory for the detecting target source code, and add files to be analyzed.

    mkdir <path/to/dir>
cp -r <files/to/be/analyzed> <path/to/dir>

  3. Download LLVM library

    cd ./checker/
curl -L https://github.com/llvm/llvm-project/releases/download/llvmorg-11.0.0/clang+llvm-11.0.0-x86_64-linux-gnu-ubuntu-20.04.tar.xz | tar -Jxf -

  4. Add the path of the created the directory in .devcontainer/docker-compose.yml

    services:
   y2k38-checker-app:
      build:
         context: ..
         dockerfile: .devcontainer/Dockerfile
      tty: true
      volumes:
         - ..:/root/y2k38-checker/volumes/
         - type: bind
-          source: /home/cysec/develop/.y2k38-checker/analysis-objects/
+          source: <path/to/dir>
         target: /root/analysis-objects

  5. Build & Run the docker container with CLI or DevContainer

    cd y2k38-checker
docker-compose build # only first time
docker-compose run y2k38-checker

    Alternatively, start it in the devcontainer of VSCode.

Build

  1. Move to the checker/ directory

    cd ./checker

  2. Build with CMake

    mkdir build
cd ../y2k38-checker/build
cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=True \
   -DLLVM_DIR=../clang+llvm-11.0.0-x86_64-linux-gnu-ubuntu-20.04/lib/cmake/llvm/ \
   ../clang-analyzer
make

    Then, the plugin library is created in the build/lib directory.

License

TODO

About

Clang Static Analyzer plugin which detects the Y2K38 bug in 64bit enviroment

Topics

llvm clang-static-analyzer y2k38 clang-plugins

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases 1

Test Release Latest
Jun 20, 2024

Packages

No packages published

Languages