Static analyzer Svace for finding defects in a source program code
- 505 Downloads
This paper describes Svace, a tool for static program analysis developed at the Institute for Systems Programming, Russian Academy of Sciences. This tool allows one to find defects and potential vulnerabilities in the source program code written in C/C++ languages. The main features of the tool are simplicity of use, wide variety of supported types of warnings, scalability up to programs of millions of code lines, and acceptable quality of analysis (30–80% of true positive warnings).
Keywordsstatic analysis data-flow analysis vulnerabilities interprocedural analysis annotation-based analysis
Unable to display preview. Download preview PDF.
- 1.Misra, S.C. and Bhavsar, V.C., Relationships between selected software measures and latent bug-density: Guidelines for improving quality, in Proceedings of the International Conference on Computational Science and its Applications, ICCSA, in Lecture Notes in Computer Science, vol. 2667, Montreal: Springer, 2003, pp. 724–732.Google Scholar
- 2.Nessov, V.S., Automatic detection of defects using interprocedural static source code analysis, Materialy XI mezhdunarodnoi konferentsii “RusKripto’2009” (Proc. XI Int. Conf. “RusKripto’2009”).Google Scholar
- 3.Avetisyan, A., Belevantsev, A., Borodin, A., and Nessov, V., Using static analysis to find vulnerabilities and critical errors in source code of programs, Tr. Inst. Sist. Upr., Ross. Akad. Nauk, 2011, vol. 21, pp. 23–38.Google Scholar
- 4.Coverity SAVE tool. http://www.coverity.com/products/coverity-save.html
- 5.Static analysis tool of Klocwork. http://www.kloc-work.com/products/insight/klocwork-truepath
- 6.Lifshiz, V.B. and Lam, M.S., Tracking pointers with path and context sensitivity for bug detection in C programs, 2003.Google Scholar
- 7.Avetisyan, A. and Borodin, A., Extension mechanisms of static analysis Svace by detectors of new types of vulnerabilities and critical errors, Tr. Inst. Sist. Upr., Ross. Akad. Nauk, 2011, vol. 21, pp. 39–54.Google Scholar
- 8.Ignatyev, V., Using lightweight static analysis for the verification of adjustable semantic constraints of a programming language, Tr. Inst. Sist. Upr., Ross. Akad. Nauk, 2012, vol. 22, pp. 169–188.Google Scholar