Coccinelle: Tool support for automated CERT C Secure Coding Standard certification

Writing correct C programs is well-known to be hard, not least due to the many low-level language features intrinsic to C. Writing secure C programs is even harder and, at times, seemingly impossible. To improve this situation the US CERT has developed and published a set of coding standards, the “CERT C Secure Coding Standard,” that (currently) enumerates 122 rules and 180 recommendations, with the aim of making C programs (more) secure. The large number of rules and recommendations makes automated tool support essential for certifying that a given system complies with the standard. In this paper we report on ongoing work on adapting the Coccinelle bug-finder and program transformation tool, into a tool for analysing and certifying C programs according to, e.g., the CERT C Secure Coding Standard or the MISRA (the Motor Industry Software Reliability Association) C standard. We argue that such a tool must be highly adaptable and customisable to each software project as well as to the certification rules required by a given standard. Furthermore, we present current work on integrating Clang (the LLVM C front-end) as a program analysis component into Coccinelle. Program analysis information, e.g., from data-flow or pointer analysis, is necessary both for more precise compliance checking, i.e., with fewer false positives, and also for enabling more complete checking, i.e., with fewer false negatives, e.g., resulting from pointer aliasing. ⺠Report on adapting the Coccinelle bug-finder and program transformation tool for analysis and certification of C programs. ⺠Reference is considered wrt the CERT C Secure Coding and MISRA standards. ⺠Discusses the integration of a program analysis component into the framework.