Instalation:

OpenSolaris:

  1. Make sure awk/gawk are installed;

  2. Update gcc;

  3. Download and install Sunstudio and Splint;

  4. Download and untar DEEEP package (ex. tar -xvjf deeep-0.4.SunOS.tgz > /export/home/username/);

  5. Add DEEEP executable to your $PATH (ex. /export/home/username/deeep-0.4);

  6. Edit DEEEP configuration file, config, and make sure the path to make, lint and splint are correct. Example:

    • make, MAKE=/usr/xpg4/bin

    • lint, LINT=/opt/SUNWspro/bin

    • splint, SPLINT=/usr/bin

Linux:

  1. Make sure awk/gawk are installed;

  2. Update gcc;

  3. Download and install Sunstudio and Splint;

  4. Download and untar DEEEP package (ex. tar -xvjf deeep-0.4.x86.tgz > /home/username/);

  5. Add DEEEP executable to your $PATH (ex. /home/username/deeep-0.4);

  6. Edit DEEEP configuration file, config, and make sure the path to make, lint and splint are correct. Example:

    • make, MAKE=/usr/bin

    • lint, LINT="path_to_sunstudio"/sunstudio/bin

    • splint, SPLINT=/usr/bin

Using:

deeep [-fl files [-hf

]] |
[-pj project [[-cf configure flags] [-mk make flags] [-tmp] [-cm]]]
[-w64 -help]

Options:

  • -fl files: verify one or more .c files, that aren't included in a project.

  • -hf: specifies extra header files/directory.
    One flag for each file/directory (use only with -fl)
    Example: -hf/pathto/headerfile.h -hf/pathto/dir

  • -pj project: Analyze a project, which contains source code, configure, Makefile and header files.
    In this case the user specify the path of the project.

  • -cf: pass optional flags to configure.
    Example: -cf --prefixe=/usr

  • -mk: pass optional flags to make.
    By default '-wki CC=gcc' are passed
    Example: -mk -n

  • -tmp: preserve temporary files like the result from configure and make.

  • -cm: do not execute configure.

  • -w64: print only 64 bits warnings.

  • -help: print this text.

Publications:

Ibéria Medeiros, Miguel Correia. Finding Vulnerabilities in Software Ported from 32 to 64-bit CPUs (fast-abstract). In Proceedings at the 39th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN'09), Lisboa, Portugal, July, 2009.

Ibéria Medeiros. Detection of Integer Vulnerabilities in Software Portability from 32 to 64 bits (in portuguese). MsC Thesis. Faculdade de Ciências da Universidade de Lisboa, Lisboa, March 2008.

Ibéria Medeiros, Miguel Correia. Detection of Integer Vulnerabilities in Software Portability from 32 to 64 bits (in portuguese). In 3th Nacional Conference about Computer Security on Organizations (SINO'07), Lisbon, Portugal, November, 2007.