Cobra: fast structural code checking (keynote)
暂无分享,去创建一个
In software analysis most research has traditionally been focused on the development of tools and techniques that can be used to formally prove key correctness properties of a software design. Design errors can be hard to catch without the right tools, and even after decades of development, the right tools can still be frustratingly hard to use. Most software developers know, though, that the number of coding errors is usually much larger than the number of design errors. If something is wrong, the problem can usually be traced back to a coding mistake, and less frequently to an algorithmic error. Tools for chasing down those types of errors are indeed widely used. They are simple to use, and considered effective, although they do not offer much more than sophisticated types of trial and error. The first commercial static source code analyzers hit the market a little over a decade ago, aiming to fill the gap between ease of use and more meaningful types of code analysis. Today these tools are mature, and their use is widespread in commercial software development, but they tend to be big and slow. There does not seem to be any tool of this type yet that can be used for interactive code analysis. We'll describe the design and use of a different type of static analysis tool, that is designed to be simple, small, and fast enough that it can effectively be used for interactive code analysis even for large code bases.
[1] Ken Thompson,et al. Programming Techniques: Regular expression search algorithm , 1968, Commun. ACM.
[2] Gerard J. Holzmann. Cobra: a light-weight tool for static and dynamic program analysis , 2016, Innovations in Systems and Software Engineering.
[3] Gerard J. Holzmann,et al. The power of 10: rules for developing safety-critical code , 2006, Computer.