Argot is a collection of static analysis tools:
taint
performs a taint analysis on a given programbacktrace
identifies backwards data-flow traces from function callscli
is an interactive terminal-like interface for parts of the analysis (incmd/cli
)syntactic
runs syntactic analysescompare
prints a comparison of the functions that are reachable according to two different analyses, and the functions that appear in the binarydependencies
prints the dependencies of a given programmaypanic
performs a may-panic analysis on a given programpackagescan
scans imports in packagesreachability
analyzes the program an prints the functions that are reachable within itrender
can be used to render a graph representation of the callgraph, or to print the SSA form from the go analysis packagessa-statistics
prints statistics about the program
All of these tools are sub-commands of the argot
command.
The Makefile
at the project root has commands to build Argot.
Run make argot-build
to only compile the argot
binary.
Run make argot-install
to install argot
via the go install
command.
Run make release
to run all the linters and tests.
For a more detailed guide on how to run and use the tools, see the 00_intro.md document. There are links to documents for each of the tools listed above, as well as an explanation on how to configure those tools that have shared options.
The executables are in the cmd
folder. There are currently only two: argot
and racerg
(an experimental static data race detector).
There is user documentation in the doc
folder.
The library code, and most of the analysis implementations, is in the analysis
folder. The main entry points are in
the load_program.go
file for loading the program and analyzers.go
to call the analyzers. The rest is organized in subfolders:
astfuncs
contains functions for manipulating the Go AST,backtrace
implements the "backtrace" analysis,concurrency
contains the concurrency analyses,config
implements the config file system that is shared by all analyses,dataflow
implements the dataflow analysis as well as the analysis state object, which is shared by many analyses. Static analyses that require pointer and callgraph information should depend on the dataflow analysis state and use its functionality to build information about the SSA program.defers
contains the defers analysis,dependencies
contains the dependencies analysis,lang
contains function for manipulating the Go SSA form (from the x/tools packages),loadprogram
contains utilities to load a program with its SSA representation and the annotations of the program,maypanic
contains the may-panic analysis,ptr
contains utilities to build an analysis state with the pointer analysis result,reachability
contains function-reachability analyses,refactor
contains implements refactoring operations,render
contains various information rendering utilitiessummaries
defines dataflow summaries of some functions,taint
implements the taint analysis
The test data for the analyses are in individual analysis/___/testdata
folders.
The internal
folder also contains code that implements utility functions used through the analysis code.