Static analyzer Svace for finding of defects in program source code

This paper describes Svace, a tool for static program analysis developed in ISP RAS. This tool allows to find defects and potential vulnerabilities in source code of programs written in C/C++ languages. Main features of the tool are simplicity of usage, wide variety of supported warning types, scalability up to programs of millions lines of code and acceptable quality of analysis (30-80% of true positive warnings).

static analysis, data-flow analysis, vulnerabilities, interprocedural analysis, annotation-based analysis

1. S.C. Misra, V.C. Bhavsar. Relationships between selected software measures and latent bug-density: Guidelines for improving quality, in: Proceedings of the International Conference on Computational Science and its Applications, ICCSA, in: Lecture Notes in Computer Science, vol. 2667, Springer, Montreal, Canada, 2003, pp. 724–732.

2. V.S. Nesov. Automatic defect detection with the help of interprocedural static analysis of source code, in: Proceedings of International Conference Ruscrypto'2009.

3. Coverity SAVE, http://www.coverity.com/products/coverity-save.html

4. Klocwork Insight, http://www.klocwork.com/products/insight/klocwork-truepath

5. V. Benjamin Livshits, Monica S. Lam. Tracking pointers with path and context sensitivity for bug detection in C programs, 2003.

6. A. Avetisyan, A. Borodin. Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors, in: Proceedings of the Institute for System Programming of RAS, volume 21, 2011, pp. 39-54.

7. V.N. Ignatyev. Using static analysis for checking configurable semantic restrictions on a programming language, in: Proceedings of the Institute for System Programming of RAS, volume 22, 2012, pp. 169-188. DOI: 10.15514/ISPRAS-2012-22-11.