Cobra: a light-weight tool for static and dynamic program analysis

Original Paper

Abstract

Static source code analysis tools have become indispensable for the development of reliable software applications. The best analyzers can reveal subtle flaws in a code base, but they can also be slow. In part this is due to the collection of detailed information about the possible data and control flow of an application to support the broadest possible range of analyses. For larger code bases it is not unusual that even the best of breed static analyzers can take an hour or more to complete an analysis. In this paper we describe a framework for a much faster, but more light-weight type of static analysis that can support interactive use for standard types of queries. The Cobra tool we designed for this purpose can scale to explore millions of lines of code interactively. The tool is mostly language agnostic, and can therefore easily be configured to resolve even dynamic program analysis queries.

Keywords

Static analysis Source code analysis Lightweight tools Token expression matching Dynamic analysis Runtime verification 

References

  1. 1.
    Havelund K (2015) Rule-based runtime verification revisited. Int J Softw Tools Technol Transf 17(2):143–170CrossRefGoogle Scholar
  2. 2.
    Holzmann GJ (2016) Tiny tools. IEEE Software, pp 24–28Google Scholar
  3. 3.
  4. 4.
    Overview of static analyzers. http://spinroot.com/static

Copyright information

© Springer-Verlag London 2016

Authors and Affiliations

  1. 1.NASA Jet Propulsion LaboratoryCalifornia Institute of TechnologyPasadenaUSA

Personalised recommendations