Web-Based Cqual

You can use this page to try Cqual over the web. Our web interface lets you run Cqual on several small examples illustrating the security vulnerability analysis and the deadlock detection, or you can supply your own pre-processed C code annotated with qualifiers. The web version of Cqual mimics the emacs-based browsing interface in the regular distribution.

You can read more about Cqual on the main Cqual page.

Our demonstration includes examples of two applications of Cqual. The qualifiers $tainted and $untainted can be used to detect potential security bugs, specifically format-string vulnerabilities. The qualifiers $locked and $unlocked can be used to detect potential deadlocks.

Step 0. Read a short tutorial on web-based cqual
Step 1. Find out more about our examples Tainting: Small Example
Tainting: Function Calls
Locking: Small Example
Step 2. Select a source file Choose an example
(Will automatically select qualifiers for step 3)


Or upload your own file
Step 3. Choose the qualifiers. In the regular distribution you can name your own qualifiers and give relations between them.
const $tainted/$untainted
$locked/$unlocked
Step 4. Send in your request

Notes