DEEEP is a open source static analysis tool to detect, in C programs, integer vulnerabilities caused by the bad adaption of aplications from ILP32 to LP64. It uses the tools Lint and Splint, and runs over Open Solaris and Linux operating systems.

This tool semantically analyses source code. More precisely, it does type checking, data-flow analysis, and it automatically correlates the results of these two types of analysis. Type checking is used for finding bugs on the way integers are handled, and data-flow analysis is used to see if hazardous functions (eg. memcpy, strcpy) are accessible from outside the program.

After this two analyses, the tool correlates the results from the previous phases to attain if the data that comes from the inputs are affected by vulnerabilities from porting to LP64, and if these are handled by dangerous functions (memcpy, strcpy,...). In resume, identify if the found bugs

Features

  • Integer Vulnerabilities
  • Static Analysis
  • Portability from 32 bits to 64 bits

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow DEEEP

DEEEP Web Site

Other Useful Business Software
Gen AI apps are built with MongoDB Atlas Icon
Gen AI apps are built with MongoDB Atlas

Build gen AI apps with an all-in-one modern database: MongoDB Atlas

MongoDB Atlas provides built-in vector search and a flexible document model so developers can build, scale, and run gen AI apps without stitching together multiple databases. From LLM integration to semantic search, Atlas simplifies your AI architecture—and it’s free to get started.
Start Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of DEEEP!

Additional Project Details

Operating Systems

Solaris, Linux

Intended Audience

Security Professionals

User Interface

Console/Terminal

Programming Language

Perl, C

Related Categories

Perl Security Software, Perl Source Code Analysis Tool, C Security Software, C Source Code Analysis Tool

Registered

2014-03-02