Discover

A static analyzer to find bugs in computer programs and smart contracts.

Overview

Discover is a static analysis tool that aims find bugs and vulnerabilities in computer programs and smart contracts. Currently, it can analyze programs written in C, C++, or any languages that can be compiled directly to LLVM bitcode. We are also working to extend Discover to analyze smart contracts written in Golang, Typescript of Hyperledger Fabric blockchain and in Solidity of Ethereum blockchain.

Memory Bugs

Memory Leaks, Null Pointer Dereference, Buffer Overflow, etc.

Integer Bugs

Integer Overflow, Integer Underflow, Division by Zero, etc.

Smart Contract Bugs

Reentrancy, Out of Gas, etc.

News

All the news related to the development of Discover.

We are happy to share that:

Technology

Discover is built on top of the industrial compiler infrastructure LLVM and is equipped with state-of-the-art static analysis techniques.

Our ambition is to develop Discover as a robust and versatile analyzer that can find bugs in computer programs and smart contracts of different programming languages, such as C/C++, Golang, Typescript, Solidity…

We build it on top of LLVM, an industrial strength compiler infrastructure, to leverage LLVM bitcode as the unified intermediate code representation for such languages. The following compilers are used to compile programs and smart contracts into LLVM bitcode:

  • Clang: for C, C++ programs.
  • Solang: for smart contracts written in Solidity.
  • Gollvm: for smart contracts written in Golang.
  • Typescriptllvm: for smart contracts written in Typescript (under development).

We have been working to both leverage state-of-the-art static analysis techniques and develop our own advanced methods to find different bug types:

  • Data-flow analysis for integer bugs such as integer overflows, integer underflow, conversion error, division-by-zero (in C, C++, Solidity, Golang, Typescript) and out-of-gas bug (in Solidity).

  • Control flow analysis for smart contract bugs such as reentrancy in Solidity.

  • Separation logic and pointer analysis for memory bugs such as null-pointer dereference, memory leaks (in C/C++), buffer overflow (in C, C++, Solidity, Golang, Typescript).

To handle large program (of thousands of lines of code), we also develop a sparse analysis framework based on data-flow analysis.

Download

Discover is now open-sourced! It is easy to use and well-documented.

Discover is currently under active development and is publicly available in this GitHub repository: discover-analyzer. We also provide detailed documentations on how to compile, install, and use our tool to analyze source code of programs.

Please feel free to contact us if you have any query regarding the current development of Discover.

Meet the Team

We are a group of passionate and hard-working researchers and engineers from National University of Singapore. We also have collaboration with researchers from Peking University. Our core members are:

Professors

Avatar

Beng Chin Ooi

Lee Kong Chian Centennial Professor, National University of Singapore

Avatar

Siau-Cheng Khoo

Associate Professor, National University of Singapore

Researchers

Avatar

Quang-Trung Ta

Research Fellow, National University of Singapore

Avatar

Kunpeng Ren

PhD Candidate, National University of Singapore

Avatar

Ngoc-Khanh Trinh

BsC, National University of Singapore

Avatar

Lung-Chen Huang

MsC, National University of Singapore

Contact

  • contact@sbip.sg
  • Singapore Blockchain Innovation Programme (SBIP), #06-01, Innovation 4.0 Building, 3 Research Link, NUS, Singapore, 117602.