Improving the accuracy of static analysis by accounting for the values of class fields that can have only one constant value
https://doi.org/10.15514/ISPRAS-2022-34(6)-2
Abstract
The paper describes the approach for the improvement of the accuracy of general purpose static symbolic execution analysis of C# sources based on the accounting for the values of class fields that can have only one possible value. In addition, we propose the detector of forgotten readonly modifiers and unused fields, that use data collected by the main analysis. The approach and detectors were implemented as part of the industrial static analyzer SharpChecker. The main analysis is performed at the AST level to reduce time and resource costs. Collected values of the fields are used during symbolic execution phase allowing it to use concrete value instead of symbolic for the subset of class fields. As a result, we managed to noticeably improve the accuracy of some analyzers, such as UNREACHABLE_CODE (improved by 7.57%) or DEREF_OF_NULL (improved by 1.33%) and get new results in cases with forgotten readonly or unused fields. Achieved results allow to use analysis and detectors in the main branch of the SharpChecker and make it available to users. The paper considers in detail the algorithm of the detector and provides examples of results on the set of open source software.
About the Authors
Vadim Sergeevitch KARCEVRussian Federation
Bachelor’s Student at the Department of Radio Engineering and Computer Technologies of MIPT, an employee of the ISP RAS
Valery Nikolayevich IGNATYEV
Russian Federation
PhD in Computer Sciences, Senior Researcher at Ivannikov Institute for System Programming RAS and Associate Professor at system programming division of CMC faculty of Lomonosov Moscow State University
References
1. Tiobe index for ranking the popularity of programming languages, 2022. URL: https://www.tiobe.com/tiobe-index.
2. Иванников В.П., Белеванцев А.А. и др. Статический анализатор Svace для поиска дефектов в исходном коде программ. Труды ИСП РАН, том 26, вып. 1, 2014 г., стр. 231-250. DOI: 10.15514/ISPRAS-2014-26(1)-7 / Ivannikov V.P., Belevantsev A.A. et al. Static analyzer Svace for finding defects in a source program code. Programming and Computer Software, vol. 40, issue 5, 2014, pp. 265-275.
3. Аветисян А., Бородин А. Механизмы расширения системы статического анализа svace детекторами новых видов уязвимостей и критических ошибок. Труды ИСП РАН, том 21, 2011 г., стр. 39-54 / Avetisyan A., Borodin A. Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors. Trudy ISP RAN/Proc. ISP RAS, vol. 21, 2011, pp. 39-54 (in Russian).
4. Аветисян А., Белеванцев А. и др. Использование статического анализа для поиска уязвимостей и критических ошибок в исходном коде программ. Труды ИСП РАН, том 21, 2011 г., стр. 23-38 / Avetisyan A., Belevantsev A. et al. Using static analysis for finding security vulnerabilities and critical errors in source code. Trudy ISP RAN/Proc. ISP RAS, vol. 21, 2011, pp. 23-38 (in Russian).
5. Lenarduzzi V., Lomio F. et al. Are SonarQube rules inducing bugs? In Proc. of the IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER), 2020, pp. 501—511.
6. Henry J., Monniaux D., Moy M. Pagai: a path sensitive static analyser. Electronic Notes in Theoretical Computer Science, vol. 289, 2012, pp. 15-25.
7. Detecting forgotten readonly in visual studio. Available at: https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0044, accessed 20.08.2022.
8. Detecting unused class members in visual studio. Available at: https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/style-rules/ide0051, accessed 20.08.2022.
9. Atkinson D.C., King T. Lightweight detection of program refactorings. In Proc. of the 12th Asia-Pacific Software Engineering Conference (APSEC’05), 2005, 8 p.
10. Кошелев В.К., Игнатьев В.Н., Борзилов А.И. Инфраструктура статического анализа программ на языке C#. Труды ИСП РАН, том 28, вып. 1, 2016 г., стр. 21-40. DOI: 10.15514/ISPRAS-2016-28(1)-2 / Koshelev V.K., Ignatiev V.N. et al. SharpChecker: Static analysis tool for C# programs. Programming and Computer Software, vol. 43, issue 4, 2017, pp. 268—276.
11. dotnet/roslyn: The Roslyn .NET compiler provides C# and Visual Basic languages with rich code analysis APIs. Available at: https://github.com/dotnet/roslyn, accessed 23.10.2021.
12. Baldoni R., Coppa E. et al. A survey of symbolic execution techniques. ACM Computing Surveys (CSUR), vol. 51, issue 3, 2018, pp. 1-39.
13. Lucene.NET 4.8.0. Available at: https://lucenenet.apache.org, accessed 23.10.2021.
Review
For citations:
KARCEV V.S., IGNATYEV V.N. Improving the accuracy of static analysis by accounting for the values of class fields that can have only one constant value. Proceedings of the Institute for System Programming of the RAS (Proceedings of ISP RAS). 2022;34(6):29-40. (In Russ.) https://doi.org/10.15514/ISPRAS-2022-34(6)-2