Advertisement

Programming and Computer Software

, Volume 40, Issue 5, pp 265–275 | Cite as

Static analyzer Svace for finding defects in a source program code

  • V. P. IvannikovEmail author
  • A. A. Belevantsev
  • A. E. Borodin
  • V. N. Ignatiev
  • D. M. Zhurikhin
  • A. I. Avetisyan
Article

Abstract

This paper describes Svace, a tool for static program analysis developed at the Institute for Systems Programming, Russian Academy of Sciences. This tool allows one to find defects and potential vulnerabilities in the source program code written in C/C++ languages. The main features of the tool are simplicity of use, wide variety of supported types of warnings, scalability up to programs of millions of code lines, and acceptable quality of analysis (30–80% of true positive warnings).

Keywords

static analysis data-flow analysis vulnerabilities interprocedural analysis annotation-based analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Misra, S.C. and Bhavsar, V.C., Relationships between selected software measures and latent bug-density: Guidelines for improving quality, in Proceedings of the International Conference on Computational Science and its Applications, ICCSA, in Lecture Notes in Computer Science, vol. 2667, Montreal: Springer, 2003, pp. 724–732.Google Scholar
  2. 2.
    Nessov, V.S., Automatic detection of defects using interprocedural static source code analysis, Materialy XI mezhdunarodnoi konferentsii “RusKripto’2009” (Proc. XI Int. Conf. “RusKripto’2009”).Google Scholar
  3. 3.
    Avetisyan, A., Belevantsev, A., Borodin, A., and Nessov, V., Using static analysis to find vulnerabilities and critical errors in source code of programs, Tr. Inst. Sist. Upr., Ross. Akad. Nauk, 2011, vol. 21, pp. 23–38.Google Scholar
  4. 4.
  5. 5.
  6. 6.
    Lifshiz, V.B. and Lam, M.S., Tracking pointers with path and context sensitivity for bug detection in C programs, 2003.Google Scholar
  7. 7.
    Avetisyan, A. and Borodin, A., Extension mechanisms of static analysis Svace by detectors of new types of vulnerabilities and critical errors, Tr. Inst. Sist. Upr., Ross. Akad. Nauk, 2011, vol. 21, pp. 39–54.Google Scholar
  8. 8.
    Ignatyev, V., Using lightweight static analysis for the verification of adjustable semantic constraints of a programming language, Tr. Inst. Sist. Upr., Ross. Akad. Nauk, 2012, vol. 22, pp. 169–188.Google Scholar

Copyright information

© Pleiades Publishing, Ltd. 2014

Authors and Affiliations

  • V. P. Ivannikov
    • 1
    Email author
  • A. A. Belevantsev
    • 1
  • A. E. Borodin
    • 1
  • V. N. Ignatiev
    • 1
  • D. M. Zhurikhin
    • 1
  • A. I. Avetisyan
    • 1
  1. 1.Institute for Systems ProgrammingRussian Academy of SciencesMoscowRussia

Personalised recommendations