FreeHand is a static analysis tool for automated detection of dynamic memory bugs that focuses on detection of Use-After-Free (UAF) and Double-Free (DF) bugs within single-threaded C programs. FreeHand uses LLVM to traverse intra-procedural control-flow graphs and identify potential bugs.
| Requirement | Version |
|---|---|
| C++ | >=20 |
| Boost | >=1.8.0 |
| LLVM | >=14.0 |
| Clang(++) | >=14.0 |
| CMake | >=3.22 |
FreeHand requires Clang, LLVM, libBoost to compile and uses CMake as a build system. Building FreeHand on Windows machines is untested and difficult due to the complexity of installing LLVM on Windows. Clang is also used to generate LLVM bytecode for testing/using FreeHand. Ninja is recommended as a build tool.
For Ubuntu-based Linux systems:
sudo apt install -y llvm-14 libboost-all-dev CMake clang-14 ninja-build
For Ubuntu-based Linux systems:
cmake -B build -G Ninja .
Usage: freehand [options] bytecode_file
Options:
-v [ --version ] Print a version string
-h [ --help ] Produce a help message
-f [ --function ] arg Specific functions to analyze
--bytecode_file arg Bytecode file to analyze.\
freehand.cpp: main function; pass the bytecode to MemoryAllocationAnalyzer.cpp for analysisMemoryAllocationAnalyzer.hpp,MemoryAllocationAnalyzer.cpp: functions implementing algorithms for detecting any use after free cases or double free casesDF.hpp: header file including functions used for detecting double free casesUAF.hpp: header file including functions used for detecting use after free cases
Under the folder called tests,
conditionals: test case with if, else statementcorrect: correct version of the test casedf: version with double free caseuaf: version with use after free case
loops: test case with for loop; needs fix as it cannot track different allocations called during iterationscorrectdfuaf
simple: test case with simple allocationcorrectdfuaf
Whithin the tests folder, run make