CoBOT: Static C/C++ Bug Detection in the Presence of Incomplete Code

To obtain precise and sound results, most of existing static analyzers require whole program analysis with complete source code. However, in reality, the source code of an application always interacts with many third-party libraries, which are often not easily accessible to static analyzers. Worse still, more than 30% of legacy projects cannot be compiled easily due to complicated configuration environments (e.g., third-party libraries, compiler options and macros), making ideal "whole-program analysis" unavailable in practice. This paper presents CoBOT, a static analysis tool that can detect bugs in the presence of incomplete code. It analyzes function APIs unavailable in application code by either using function summarization or automatically downloading and analyzing the corresponding library code as inferred from the application code and its configuration files. The experiments show that CoBOT is not only easy to use, but also effective in detecting bugs in real-world programs with incomplete code. Our demonstration video is at: https://youtu.be/bhjJp3e7LPM.

[1]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[2]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[3]  Jingling Xue,et al.  On-demand strong update analysis via value-flow refinement , 2016, SIGSOFT FSE.

[4]  Sen Ma,et al.  Practical null pointer dereference detection via value-dependence analysis , 2015, 2015 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[5]  Ken Kennedy,et al.  Interprocedural side-effect analysis in linear time , 1988, PLDI '88.

[6]  Barbara G. Ryder,et al.  A schema for interprocedural modification side-effect analysis with pointer aliasing , 2001, TOPL.

[7]  KennedyKen,et al.  Interprocedural side-effect analysis in linear time , 2004 .

[8]  Ondrej Lhoták,et al.  Averroes: Whole-Program Analysis without the Whole Program , 2013, ECOOP.

[9]  Jingling Xue,et al.  SVF: interprocedural static value-flow analysis in LLVM , 2016, CC.

[10]  Xiangke Liao,et al.  Boosting the precision of virtual call integrity protection with partial pointer analysis for C++ , 2017, ISSTA.

[11]  Reinhold Plösch,et al.  Automatically Adding Missing Libraries to Java Projects to Foster Better Results from Static Analysis , 2017, 2017 IEEE 17th International Working Conference on Source Code Analysis and Manipulation (SCAM).

[12]  Alexander Aiken,et al.  Saturn: A SAT-Based Tool for Bug Detection , 2005, CAV.

[13]  Robert W. Bowdidge,et al.  Why don't software developers use static analysis tools to find bugs? , 2013, 2013 35th International Conference on Software Engineering (ICSE).