Cobra: a light-weight tool for static and dynamic program analysis
- 325 Downloads
Static source code analysis tools have become indispensable for the development of reliable software applications. The best analyzers can reveal subtle flaws in a code base, but they can also be slow. In part this is due to the collection of detailed information about the possible data and control flow of an application to support the broadest possible range of analyses. For larger code bases it is not unusual that even the best of breed static analyzers can take an hour or more to complete an analysis. In this paper we describe a framework for a much faster, but more light-weight type of static analysis that can support interactive use for standard types of queries. The Cobra tool we designed for this purpose can scale to explore millions of lines of code interactively. The tool is mostly language agnostic, and can therefore easily be configured to resolve even dynamic program analysis queries.
KeywordsStatic analysis Source code analysis Lightweight tools Token expression matching Dynamic analysis Runtime verification
This research was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration.