Brussels / 1 & 2 February 2020


LLVM meets Code Property Graphs

The security of computer systems fundamentally depends on the quality of its underlying software. Despite a long series of research in academia and industry, security vulnerabilities regularly manifest in program code. Consequently, they remain one of the primary causes of security breaches today. The discovery of software vulnerabilities is a classic yet challenging problem of the security domain. In the last decade, there appeared several production-graded solutions with a favorable outcome.

Code Property Graph[1] (or CPG) is one such solution. CPG is a representation of a program that combines properties of abstract syntax trees, control flow graphs, and program dependence graphs in a joint data structure. There exist two counterparts[2][3] that allow traversals over code property graphs in order to find vulnerabilities and to extract any other interesting properties.

In this talk, we want to cover the following topics:

  • an intro to the code property graphs
  • how we built llvm2cpg, a tool that converts LLVM Bitcode to the CPG representation
  • how we teach the tool to reason about properties of high-level languages (C/C++/ObjC) based on the low-level representation only
  • interesting findings and some results

[1] [2] [3]


Photo of Alex Denisov Alex Denisov
Fabian Yamaguchi