Swap Detector is a tool that uses statistical information about code usage patterns to detect instances of swapped arguments in API function calls, as in the following OpenSSL usage example:
/* Apparent swap of 'e' and 'n' based on parameter names. */ RSA_get0_key(rkey, &e, &n, NULL);
Swap Detector is available as open-source software.
We describe concepts and algorithms behind Swap Detector in a research paper, published in the 2020 IEEE Source Code Analysis and Manipulation Conference. A video from our presentation is available. Note that not all algorithms, heuristics, and features described in the research paper are present in our open-source release.
This material is based upon work supported by HHS and DHS under Contract(s) No. HHSP233201600062C and 70RSAT19C00000056. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of HHS or DHS.