Основанный на резюме метод реализации произвольных контекстно-чувствительных проверок при анализе исходного кода посредством символьного выполнения
Copyright policy )Основанный на резюме метод реализации произвольных контекстно-чувствительных проверок при анализе исходного кода посредством символьного выполнения
A specific approach to summary-based interprocedural symbolic execution is described. The approach is suitable for analysis of program source code developed with high-level programming languages and allows executing arbitrarily complex checks during symbolic execution, including throwing reports in the callee function about defects that only become certain within the caller context. The structure of the function summary, procedure of applying the summary in a particular context, composition of symbolic values for particular contexts, effect of summary-based analysis on complexity of implementing specific checker modules, procedure for constructing path-sensitive bug reports, and other aspects of the implementation are discussed in detail. A particular implementation of the approach, based on Clang Static Analyzer, is described. The implementation is scalable enough to allow analysis of large-scale software projects in reasonable time, finding bugs faster than the existing implementation of the inlining-based interprocedural analysis, without sacrificing correctness and soundness of the analysis. Particular checker modules, which find various defects, such as integer overflows, modifications of constant-qualified memory, multithreading issues, array bound checks, exception safety checks, and file stream errors, were updated to use the summary-based approach, demonstrating flexibility of the technique proposed. The implementation was tested by running full intra-unit inter-procedural analysis of the Android Open Source Project codebase.
Описывается методика, позволяющая реализовать поиск дефектов достаточно общего и произвольного вида при использовании межпроцедурного анализа методом резюме при анализе исходного кода программы на высокоуровневых языках программирования, таких как C и C++. Основное внимание уделено трудностям, возникающим при построении и применении резюме в процессе анализа исходного кода (по сравнению с анализом низкоуровневого представления программы), а также достижению гибкости метода анализа, необходимой для поиска дефектов произвольного вида.
СТАТИЧЕСКИЙ АНАЛИЗ,СИМВОЛЬНОЕ ВЫПОЛНЕНИЕ,МЕЖПРОЦЕДУРНЫЙ АНАЛИЗ,КОНТЕКСТНО-ЧУВСТВИТЕЛЬНЫЙ АНАЛИЗ,РЕЗЮМЕ,C,C++,CLANG STATIC ANALYZER,STATIC ANALYSIS,SYMBOLIC EXECUTION,INTERPROCEDURAL ANALYSIS,CONTEXT-SENSITIVE ANALYSIS,SUMMARY-BASED ANALYSIS
СТАТИЧЕСКИЙ АНАЛИЗ,СИМВОЛЬНОЕ ВЫПОЛНЕНИЕ,МЕЖПРОЦЕДУРНЫЙ АНАЛИЗ,КОНТЕКСТНО-ЧУВСТВИТЕЛЬНЫЙ АНАЛИЗ,РЕЗЮМЕ,C,C++,CLANG STATIC ANALYZER,STATIC ANALYSIS,SYMBOLIC EXECUTION,INTERPROCEDURAL ANALYSIS,CONTEXT-SENSITIVE ANALYSIS,SUMMARY-BASED ANALYSIS
selected citations These citations are derived from selected sources.This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).0 popularity This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.Average influence This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).Average impulse This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.Average
Citations provided by BIP!Popularity provided by BIP!