Declarative Interface of Detecting Defects on Syntax Trees: KAST Language

In many cases source code defects can be detected by analyzing the corresponding syntax trees. In this article we investigate advantages and drawbacks of this approach in comparison with more complex types of static code analysis and prove that a user needs an interface for writing his own defect detectors. Different ways of implementing such an interface are considered. We also introduce a new declarative language for describing code defects that a user wants to detect, in the form of syntax tree patterns. Some aspects of the language analyzer implementation are also discussed.

syntax tree, source code defect, checker, program, source code, declarative interface, language, pattern

1. Ахо А., Ульман Дж. Теория синтаксического анализа, перевода и компиляции. Т. 1. Синтаксический анализ. М., 1978. 613 с.

2. S. Muchnick. Advanced Compiler Design and Implementation. Morgan Kaufmann Publishers, 1997. 888 с.

3. A. Belevantsev, O. Malikov. Using data flow analysis for detecting security vulnerabilities. Сборник трудов Института системного программирования РАН. Под ред. чл.-корр. РАН Иванникова В.П. Т. 11. М., ИСП РАН, 2006. 128 c., с. 83-98.

4. http://www.zvon.org/xxl/XPathTutorial/General/examples.html

5. http://www.w3schools.com/XPath/default.asp

6. http://www.mmsindia.com/jstyle.html

7. http://www.fortify.com/security-resources/rats.jsp

8. http://www.dwheeler.com/flawfinder

9. http://www.coverity.com

10. http://www.appperfect.com/products/java-code-test.html

11. http://pmd.sourceforge.net

12. http://checkstyle.sourceforge.net

13. http://tinyxpath.sourceforge.net

14. http://xerces.apache.org

15. Д. А. Лизоркин. Оптимизация вычисления обратных осей языка XML Path при его реализации функциональными методами. Сборник трудов Института системного программирования РАН. Под ред. чл.-корр. РАН Иванникова В.П. Т. 8, ч. 2. М., ИСП РАН, 2004. 214 c., с. 93-119.

16. R. Cole, R Hariharan, P. Indyk. Tree pattern matching and subset matching in deterministic O(n log3m) time. Proceedings of the Tenth Annual ACM-SIAM Symposium on Discrete Algorithms, Baltimore, MD, 1999, pp. 245-254.