A static analyzer to find bugs in computer programs and smart contracts.
Discover is a static analysis tool that aims find bugs and vulnerabilities in computer programs and smart contracts. Currently, it can analyze programs written in C, C++, or any languages that can be compiled directly to LLVM bitcode. We are also working to extend Discover to analyze smart contracts written in Golang, Typescript of Hyperledger Fabric blockchain and in Solidity of Ethereum blockchain.
Memory Leaks, Null Pointer Dereference, Buffer Overflow, etc.
Integer Overflow, Integer Underflow, Division by Zero, etc.
Reentrancy, Out of Gas, etc.
All the news related to the development of Discover.
We are happy to share that:
Discover is built on top of the industrial compiler infrastructure LLVM and is equipped with state-of-the-art static analysis techniques.
Our ambition is to develop Discover as a robust and versatile analyzer that can find bugs in computer programs and smart contracts of different programming languages, such as C/C++, Golang, Typescript, Solidity…
We build it on top of LLVM, an industrial strength compiler infrastructure, to leverage LLVM bitcode as the unified intermediate code representation for such languages. The following compilers are used to compile programs and smart contracts into LLVM bitcode:
We have been working to both leverage state-of-the-art static analysis techniques and develop our own advanced methods to find different bug types:
Data-flow analysis for integer bugs such as integer overflows, integer underflow, conversion error, division-by-zero (in C, C++, Solidity, Golang, Typescript) and out-of-gas bug (in Solidity).
Control flow analysis for smart contract bugs such as reentrancy in Solidity.
Separation logic and pointer analysis for memory bugs such as null-pointer dereference, memory leaks (in C/C++), buffer overflow (in C, C++, Solidity, Golang, Typescript).
To handle large program (of thousands of lines of code), we also develop a sparse analysis framework based on data-flow analysis.
Discover is now open-sourced! It is easy to use and well-documented.
Discover is currently under active development and is publicly available in this GitHub repository: discover-analyzer. We also provide detailed documentations on how to compile, install, and use our tool to analyze source code of programs.
Please feel free to contact us if you have any query regarding the current development of Discover.
We are a group of passionate and hard-working researchers and engineers from National University of Singapore. We also have collaboration with researchers from Peking University. Our core members are: