Abstract. This paper describes the CIntermediate Language: a highlevel representation along with a set of tools that permit easy analysis and source-to-source transformation of C programs. Compared to C, CIL has fewer constructs. It breaks down certain complicated constructs of C into simpler ones, and thus it works at a lower level than abstract-syntax trees. But CIL is also more high-level than typical intermediate languages (e.g., three-address code) designed for compilation. As a result, what we have is a representation that makes it easy to analyze and manipulate C programs, and emit them in a form that resembles the original source. Moreover, it comes with a front-end that translates to CIL not only ANSI C programs but also those using Microsoft C or GNU C extensions. We describe the structure of CIL with a focus on how it disambiguates those features of C that we found to be most confusing for program analysis and transformation. We also describe a whole-program merger based on structural type equality, allowing a complete project to be viewed as a single compilation unit. As a representative application of CIL, we show a transformation aimed at making code immune to stack-smashing attacks. We are currently using CIL as part of a system that analyzes and instruments C programs with run-time checks to ensure type safety. CIL has served us very well in this project, and we believe it can usefully be applied in other situations as well. 1

Many software systems today are concurrent programs as multi-core pro-cessors become popular. However, the correctness of an industrial-size concur-rent program (e.g. operating system) is difficult to achieve by the traditional testing or model checking technique. In this research, we propose a light-weight concurrency bug detection technique based on bug pattern matching targeting for Linux kernel source code. In order to understand concurrency bugs (e.g. deadlock, data race), we first survey the previously reported bugs detected from Linux file systems, and then classify the bugs with respect to the five attributes: symptom, fault, resolution, synchronization primitives, and syn-chronization granularity. Second, we identify ten concurrency bug patterns. And then we develop the bug pattern detectors and applied to the Linux file systems. Finally, and foremost, we improve the accuracy of the concurrency bug detection technique by enhancing semantic information in pattern match-ing. We demonstrate the effectiveness of our technique through detection of concurrency bugs in the Linux file systems. i Contents