C-Strider: Type-Aware Heap Traversal for C
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



C-strider is a framework for writing C heap traversals and transformations. Writing a basic C-strider service requires implementing only four callbacks; C-strider then generates a program-specific traversal that invokes the callbacks as each heap location is visited. Critically, C-strider is type aware—it tracks types as it walks the heap, so every callback is supplied with the exact type of the associated location

See our paper for full description

Requires ocaml...tested with "The OCaml toplevel, version 4.00.1"

Files to look at first:

  1. The API header: src/cstrider_api.h ( from figure 5 of paper)
  2. Template callback functions to fill out: src/transform.c
  3. Examples of how to use: examples/*
  4. Code generator: tools/ocaml-src/tools/cstridgen.ml (the user doesn't need to edit this file, but this file is the guts of cstrider's type-based traversal generation

Known limitations:

  1. Our Cil (1.3.7) code might infinite loop with Ocaml >4.02
    • Also, Cil 1.3.7 can't handle some 64 bit stuff such as UINT64_C(0x0000000000000000)
  2. Since C-strider takes the address of struct fields to process them, it can't handle bit fields (Ex: unsigned type:4;)
  3. Does not automatically traverse static variables...you must call "visit" on them while in scope.