A static analysis tool Svace as a collection of analyzers with various complexity levels

The paper describes a practical approach for finding bugs in the source code of programs using static analysis. This approach allows missing some of the defects. The goal is to find as many defects as possible while minimizing false positives and acceptable analysis time. Various methods of statistical analysis including an analysis based on the abstract syntax tree and data flow analysis were considered. All described algorithms have been implemented in a static analysis tool Svace.

static analysis, C language, defects in source code, abstract syntax tree, flow-sensitivity, path-sensitivity, interprocedural analysis, unsound analysis, null pointer dereference

1. S. C. Misra, V. C. Bhavsar. Relationships between selected software measures and latent bug-density: Guidelines for improving quality //Computational Science and Its Applications—ICCSA 2003. – Springer Berlin Heidelberg, 2003. – pp. 724-732.

2. https://msdn.microsoft.com/library/cc307416

3. M. Tim Jones. Static and dynamic testing in the software development life cycle. 26 August 2013 (http://www.ibm.com/developerworks/library/se-static/)

4. A. S. Markov, V. L. Cirlov, A. V. Barabanov. Metody ocenki nesootvetstvija sredstv zawity informacii [Methods for assessing non-compliance means of information protection] //M.: Radio i svjaz' [Radio and Communication] – 2012. (in Russian)

5. T. Kremenek, D. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations //Static Analysis. – Springer Berlin Heidelberg, 2003. – pp. 295-315.

6. V.N. Ignat'ev. Ispol'zovanie legkovesnogo staticheskogo analiza dlja proverki nastraivaemykh semanticheskikh ogranichenij jazyka programmirovanija [Static analysis usage for customizable checks of programming languages semantic constraints ]. Trudy ISP RAN [The Proceedings of ISP RAS], volume 22, 2012, pp. 169–188. DOI: 10.15514/ISPRAS-2012-22-11. (in Russian)

7. V.P. Ivannikov, A.A. Belevancev, A.E. Borodin, V.N. Ignat'ev, D.M. Zhurikhin, A.I. Avetisjan, M.I. Leonov. Staticheskij analizator Svace dlja poiska defektov v iskhodnom kode programm [Svace: static analyzer for detecting of defects in program source code] // Trudy ISP RAN [The Proceedings of ISP RAS], volume 26, issue 1, pp. 231–250. DOI: 10.15514/ISPRAS-2014-26(1)-7. (in Russian)

8. A.I. Avetisjan, A.E. Borodin. Mekhanizmy rasshirenija sistemy staticheskogo analiza Svace detektorami novykh vidov ujazvimostej i kriticheskikh oshibok [Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors]. Trudy ISP RAN [The Proceedings of ISP RAS], volume 21, 2011, pp. 39–54. (in Russian)

9. A.I. Avetisjan, A.A. Belevancev, A.E. Borodin, V.S. Nesov. Ispol'zovanie staticheskogo analiza dlja poiska ujazvimostej i kriticheskikh oshibok v iskhodnom kode programm [Using static analysis for searching vulnerabilities and critical errors in the source code of programs]. Trudy ISP RAN [The Proceedings of ISP RAS], volume 21, 2011, pp. 23–38. (in Russian)

10. M. Shapiro, S. Horwitz. Fast and accurate flow-insensitive points-to analysis //Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages. – ACM, 1997. – pp. 1-14.

11. L. De Moura, N. Bjørner. Z3: An efficient SMT solver //Tools and Algorithms for the Construction and Analysis of Systems. – Springer Berlin Heidelberg, 2008. – pp. 337-340.