论文信息 - Multi-level Static Analysis for Finding Error Patterns and Defects in Source Code

Multi-level Static Analysis for Finding Error Patterns and Defects in Source Code

This paper presents the formalism for multiple level static analysis for defect detection in source code. The first level has the program and memory model that are suitable for AST-level checks. The following levels address detection of critical errors: on the second level interprocedural partially context-sensitive analysis is performed via dataflow analysis and symbolic execution with state merging, whereas the third level adds path-sensitivity via predicate tracking for the dataflow information computed on the second. The analysis designer can freely choose the appropriate analysis level or their combination to check the desired program property. The presented methods are implemented in the Svace static analysis toolset. The first analysis levels for C/C++ and Java are implemented as extensions of corresponding production compilers (Clang and javac) and FindBugs tool plugins, while the second and third levels make the core of Svace analyzer together with 100+ implemented checkers for critical defects. The evaluation on extra large codebases of millions lines of code such as full-blown Android and Tizen OSes has shown the approach scalability and the acceptable false positives ratio (less than 40%).

Arutyun Avetisyan | Andrey Belevantsev

[1] I. Dudina. Inter-procedural buffer overflows detection in C/C++ source code via static analysis , 2016 .

[2] Sriram Sankaranarayanan,et al. Program Analysis Using Symbolic Ranges , 2007, SAS.

[3] Welf Löwe,et al. Cross-Language Program Analysis and Refactoring , 2006, 2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation.

[4] Jian Zhang,et al. A Memory Model for Static Analysis of C Programs , 2010, ISoLA.

[5] Keith D. Cooper,et al. Value Numbering , 1997, Softw. Pract. Exp..

[6] Patrick Cousot,et al. Why does Astrée scale up? , 2009, Formal Methods Syst. Des..

[7] Herb Sutter,et al. C++ coding standards , 2004 .

[8] H. Schmalz,et al. Selective Template Removal by Thermal Depolymerization to Obtain Mesostructured Molybdenum Oxycarbide , 2015 .

[9] В.К. Кошелев,et al. Инфраструктура статического анализа программ на языке C , 2016 .

[10] François Pottier,et al. A constraint-based approach to guarded algebraic data types , 2007, TOPL.

[11] В. П. Иванников,et al. Статический анализатор Svace для поиска дефектов в исходном коде программ , 2014 .

[12] Alexander Aiken,et al. Saturn: A scalable framework for error detection using Boolean satisfiability , 2007, TOPL.

[13] V. Koshelev,et al. C# static analysis framework , 2016 .