Transforming programs to allow Static Analysis to do better

During software development, bugs are costly and difficult to find and fix. There are many static and dynamic analyzers now available that analyze the source code to identify possible defects. For higher quality software, static analysis and dynamic analysis should be used in a complementary manner. We present a comparative study of various static analysis tools for JAVA and C and discuss the techniques used by them. We explore the concept of partitioning a program such that the partitions can be analyzed separately. With such partitioning, potentially different analysis techniques can be applied to different program partitions, with each analysis having to deal with reduced code which can increase its effectiveness. Our experiments show that partitioning can indeed increase the effectiveness of static analysis. Our initial experience in using testing data for partitioning and applying static analysis only on the complementary partition indicates that it results in detection of more errors which might have gone unnoticed otherwise. Finally we discuss the merits and demerits of using our approach on some of these tools.

[1]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[2]  David E. Evans,et al.  Static detection of dynamic memory errors , 1996, PLDI '96.

[3]  Pankaj Jalote,et al.  Efficient static analysis with path pruning using coverage data , 2005, ACM SIGSOFT Softw. Eng. Notes.

[4]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[5]  Cyrille Artho Finding faults in multi-threaded programs , 2001 .

[6]  David A. Wagner,et al.  Model Checking One Million Lines of C Code , 2004, NDSS.

[7]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[8]  David Hovemeyer,et al.  Finding bugs is easy , 2004, SIGP.

[9]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[10]  Klaus Havelund,et al.  Using Runtime Analysis to Guide Model Checking of Java Programs , 2013, SPIN.

[11]  Sriram K. Rajamani,et al.  Checking Temporal Properties of Software with Boolean Programs , 2000 .

[12]  Michael D. Ernst Static and dynamic analysis: synergy and duality , 2003 .

[13]  D. Engler,et al.  Using redundancies to find errors , 2003, SOEN.

[14]  William R. Bush,et al.  A static analyzer for finding dynamic programming errors , 2000, Softw. Pract. Exp..

[15]  Richard G. Hamlet,et al.  Partition Testing Does Not Inspire Confidence , 1990, IEEE Trans. Software Eng..

[16]  D. Engler,et al.  Using meta-level compilation to check FLASH protocol code , 2000, ASPLOS IX.