Object Model Construction for Inheritance in C++ and Its Applications to Program Analysis Jing Yang 1,2 , Gogul Balakrishnan 1 , Naoto Maeda 3 , Franjo Ivanˇ ci´ c 1 , Aarti Gupta 1 , Nishant Sinha 4,⋆ , Sriram Sankaranarayanan 5 , and Naveen Sharma 6 1 NEC Labs America 2 University of Virginia 3 NEC Corporation, Japan 4 IBM Research, India 5 University of Colorado, Boulder 6 NEC-HCL Tech., India Abstract. Modern object-oriented programming languages such as C++ provide convenient abstractions and data encapsulation mechanisms for software devel- opers. However, these features also complicate testing and static analysis of pro- grams that utilize object-oriented programming concepts. In particular, the C++ language exhibits features such as multiple inheritance, static and dynamic type- casting that make static analyzers for C++ quite hard to implement. In this paper, we present an approach where static analysis is performed by lowering the origi- nal C++ program into a semantically equivalent C program. However, unlike ex- isting translation mechanisms that utilize complex pointer arithmetic operations, virtual-base offsets, virtual-function pointer tables, and calls to run-time libraries to model C++ features, our translation is targeted towards making static program analyzers for C++ easier to write and provide more precise results. We have im- plemented our ideas in a framework for C++ called CILpp that is analogous to the popular C Intermediate Language (CIL) framework. We evaluate the effec- tiveness of our translation in a bug finding tool that uses abstract interpretation and model checking. The bug finding tool uncovered several previously unknown bugs in C++ open source projects. 1 Introduction Modern object-oriented programming languages provide convenient abstraction and data encapsulation mechanisms for software developers. Such mechanisms include function and operator overloading, constructors and destructors, multiple class inher- itance, dynamic virtual-function dispatch, templates, exceptions, functors, standard li- braries such as STL and BOOST. However, on the flip side, these features complicate the static analysis of programs that use such features. In the past decade, there have been numerous approaches for static program analysis techniques based on source code. These tools rely on abstract interpretation [12] or software model checking [9], such as ASTRE ´ E [13], Saturn [40], SLAM [3], CBMC [8], Java PathFinder [16], and Find- Bugs [17]. However, in practice, these tools have largely been developed and optimized ⋆ Work done while at NEC Labs America. M. O‘Boyle (Ed.): CC 2012, LNCS 7210, pp. 144–164, 2012. c  Springer-Verlag Berlin Heidelberg 2012