Categorization of C++ Classes for Static Lifetime Analysis

While C++ is a powerful language, it has many subtle ways to introduce object lifetime-related errors. According to Microsoft, 70% of their security patches are fixing memory issues. Thus, it is crucial to develop safety measures to counteract these problems. Static analysis is an essential approach to detect runtime errors by analyzing the source code without executing it. One of the reasons why is it so easy to make mistakes using C++ is that the language provides a rich taxonomy of object lifetime-related concepts such as containers, values, iterators, raw pointers, lvalue and rvalue references, smart pointers, etc. The behavior of user-defined types depends on their category. Classical static analysis approaches treat user-defined types as black boxes and do not reason about their correctness. In this paper, we argue for an approach that infers the category of user-defined types and leverages this information during analysis. To achieve this goal we first analyze user-defined classes to predict their ownership semantics. Then we use this information to generalize existing static analysis methods. We evaluated the proposed method on large open source projects.

[1]  Gogul Balakrishnan,et al.  ARC++: effective typestate and lifetime dependency analysis , 2014, ISSTA 2014.

[2]  Bjarne Stroustrup,et al.  C++ Programming Language , 1986, IEEE Softw..

[3]  Amruth N. Kumar Learning the interaction between pointers and scope in C , 2001 .

[4]  Amruth N. Kumar Learning the interaction between pointers and scope in C++ , 2001, ITiCSE.

[5]  Bjarne Stroustrup,et al.  The C++ Programming Language, 4th Edition , 2013 .

[6]  Norbert Pataki,et al.  [Engineering Paper] Challenges of Implementing Cross Translation Unit Analysis in Clang Static Analyzer , 2018, 2018 IEEE 18th International Working Conference on Source Code Analysis and Manipulation (SCAM).

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  Nicholas D. Matsakis,et al.  The rust language , 2014, HILT '14.

[9]  Milo M. K. Martin,et al.  Ironclad C++: a library-augmented type-safe subset of c++ , 2013, OOPSLA.

[10]  John Freeman,et al.  C++ lambda expressions and closures , 2010, Sci. Comput. Program..

[11]  James Noble,et al.  Aliasing in Object-Oriented Programming. Types, Analysis and Verification , 2013, Lecture Notes in Computer Science.

[12]  Dave Clarke,et al.  Ownership Types: A Survey , 2013, Aliasing in Object-Oriented Programming.

[13]  Norbert Pataki,et al.  Measuring the Overhead of C++ Standard Template Library Safe Variants , 2011, Electron. Notes Theor. Comput. Sci..

[14]  Derek Bruening,et al.  AddressSanitizer: A Fast Address Sanity Checker , 2012, USENIX Annual Technical Conference.