ANNOUNCE: Undertaker 1.5

The VAMOS team is pleased to announce the release of the undertaker tool version 1.5. The tool is a result of the VAMOS[1] research project and available for download at

Please visit our project site at:

What is new in undertaker 1.5

  • New tool: satyr: introduces model-version 2.0 (.cnf) which is more accurate than version 1.0 but computation takes more time
  • New tool: busyfix: enables our framework to be run on a busybox source tree
  • undertaker-kconfigdump can be used to create the new .cnf models with the -c option
  • undertaker-kconfigdump can be used to run busyfix on a given busybox source tree with the -b option before creating the model file
  • undertaker: can now be run in decision coverage mode with the 2 new coverage strategies simple_decision and min_decision
  • Futher improvements and bugfixes in our tools

What is undertaker?

The undertaker is a tool for static code analysis for code with C preprocessor directives, which can be used in various modes. The most prominent one checks every single preprocessor block within the file whether it can be selected or deselected, which in many cases is a great asset for code maintenance. Some preprocessor blocks are only seemingly conditional. In many cases, it turns out that additional constraints from the project's configuration model causes such conditional blocks to be in fact unconditionally selected or unselected. We call such block "dead" and "undead" conditional blocks.

Undertaker provides tools to extract the configuration model from the Linux configuration tooling Kconfig and to perform this check on whole source trees.

Please see for a quick tour.

What undertaker is not?

It isn't an automatic patch generator. Because of peculiarities in the Kconfig semantics, (ignored) coding guidelines and simply engineering issues, the reports might contain false negatives. Note that our philosophy is that we prefer false negatives over false positives, i.e., we prefer to miss reports than reports that are no issue at all.

What is golem

Golem is a tool for build system analysis. It exploits the "dancing makefiles" pattern found in Kbuild to induce dependency constraints from build rules. The resulting inferences significantly improve the results of undertaker. The tool undertaker-kconfigdump has learned the option -i to automatically add inferences to the models.

A basic primitive of golem is to learn what files would get compiled with the current configuration. This is accessibly with golem -l.

What is vampyr

Vampyr is a conditional-compilation aware driver for static-analysis on a single file or a list of files (batchmode -b).

With the -C option it is possible to run static analysis with a compiler like gcc / clang or the sparse tool.

A complete analysis of the variability can be done with the -a directive and additionally the coverage strategy can be chosen with vampyr -A {simple, min, simple_decision, min_decision}

What is decision coverage mode

For a better understanding of the coverage modes, a brief explanation:

The classic coverage modes provide statement coverage. This means, we are trying to create a number of configurations where all kconfig-symbols of the file are enabled. With decision coverage mode we are explicitly creating additional configurations where these symbols are also disabled. In this way we are able to detect additional compiler warnings/errors, which occur only if the given Kconfig symbol is disabled.


int test_func(int param) {

int foo;


foo = param*20;


return foo + param;


What is undertaker-tailor

If the intended use of a system is known at kernel compilation time, an effective approach to reduce the kernel's attack surface is to configure the kernel to not compile unneeded functionality. However, finding a fitting configuration requires extensive technical expertise about currently more than 10.000 Linux configuration options, and needs to be repeated at each kernel update. Therefore, maintaining such a custom-configured kernel entails considerable maintenance and engineering costs.

undertaker-tailor automatically determines a kernel configuration that enables only kernel functionalities that are actually necessary in a given scenario. The approach exhibits promising security improvements by simply not compiling unnecessary files and code.

Please see for an elaborate explanation of the tool.


Last modified 6 years ago Last modified on 11/25/13 14:35:00
Note: See TracWiki for help on using the wiki.