Design and Development of Svace Static Analyzers

Static analysis became the mainstream technology that is widely used in secure development lifecycles. As such it is covered by a lot of research works highlighting many diverse aspects. We would like to make this paper a single place that focuses on two important questions. First, it is a very long road to travel for a tool to be deployed in production, and the technology and design that actually worked is of interest. Second, once the tool has been made, it needs to be pushed further both with the evolutional approach of gradually improving analysis algorithms and with exploring completely new ideas, yet this task is not easy as inviting directions are many. This paper presents our view for the above problems in the context of a static analysis that strives to be fully automatic, scalable to modern computing systems, and generating good quality warnings. We derive the discussion from our experience put into the Svace static analyzers that have been made at ISP RAS and deployed to various production development environments.

[1]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[2]  I. A. Dudina,et al.  Buffer overflow detection via static analysis: expectations vs. Reality , 2018 .

[3]  A. A. Belevantsev,et al.  SharpChecker: Static analysis tool for C# programs , 2017, Programming and Computer Software.

[4]  A. Borodin,et al.  Statically detecting buffer overflows in C/C++ , 2016 .

[5]  A. E. Borodin,et al.  Using unreachable code analysis in static analysis tool for finding defects in source code , 2016 .

[6]  A. A. Belevantsev,et al.  Analysis of entities in C and C++ programs and relations between them for program understanding , 2016, Programming and Computer Software.

[7]  Alexey Borodin Summary Based Static Analysis for Practical Search for Defects in C Programs and Libraries , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops.

[8]  Dawson R. Engler,et al.  A few billion lines of code later , 2010, Commun. ACM.

[9]  Valery Ignatyev Static Analysis Usage for Customizable Semantic Checks of C and C++ Programming Languages Constraints , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops.

[10]  Andrey Belevantsev,et al.  Comparative analysis of two approaches to the static taint analysis , 2017 .

[11]  A. A. Belevantsev,et al.  Using static symbolic execution to detect buffer overflows , 2017, Programming and Computer Software.

[12]  Jochen Hoenicke,et al.  Doomed program points , 2010, Formal Methods Syst. Des..

[13]  Keith D. Cooper,et al.  Value Numbering , 1997, Softw. Pract. Exp..

[14]  Murali Krishna Ramanathan,et al.  Scalable and incremental software bug detection , 2013, ESEC/FSE 2013.

[15]  Shuvendu K. Lahiri,et al.  Angelic Verification: Precise Verification Modulo Unknowns , 2015, CAV.

[16]  Arutyun Avetisyan,et al.  Static analyzer Svace for finding defects in a source program code , 2014, Programming and Computer Software.

[17]  В.К. Кошелев,et al.  Поиск ошибок доступа к буферу в программах на языке C/C++ , 2016 .

[18]  A. Merkulov,et al.  Supporting Java programming in the Svace static analyzer , 2017 .

[19]  V. K. Koshelev,et al.  Formalization of Error Criteria for static symbolic execution , 2016 .

[20]  A. A. Belevantsev Multilevel static analysis for improving program quality , 2017, Programming and Computer Software.

[21]  Alexey Borodin,et al.  Deterministic Static Analysis , 2018, 2018 Ivannikov Memorial Workshop (IVMEM).

[22]  Arutyun Avetisyan,et al.  Multi-level Static Analysis for Finding Error Patterns and Defects in Source Code , 2017, Ershov Informatics Conference.