Abstract
In this paper, we discuss some program analysis methods for finding defects in source code that are combined to form a multilevel analysis system. The first level consists of the checks using abstract syntax tree (AST) walks and intraprocedural dataflow; this level also builds a memory model for the subsequent levels. The memory model requires evaluating integer expressions and points-to sets. The second level is an interprocedural summary-based approach whereby the program features of interest are calculated as attributes of value classes that are formed in the program. Finally, the third level is a path-sensitive analysis that builds reachability formulas for program points and tracks the predicates that should hold for the desired features to be observable. The errors are found by testing the formulas for satisfiability with an SMT solver. All these levels of analysis are implemented in the Svace analyzer toolset, which demonstrates scalability up to millions of lines of code and precision of 60–90% true positives.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Knuth, D., The Art of Computer Programming, Volume 3: Sorting and Searching, Addison-Wesley, 1998.
Strein, D., Kratz, H., and Lowe, W., Cross-language program analysis and refactoring, Proc. 6th IEEE Int. Workshop on Source Code Analysis and Manipulation (SCAM'06), Washington, DC: IEEE Comput. Soc., 2006, pp. 207–216.
Xu, Z., Kremenek, T., and Zhang, J., A memory model for static analysis of C programs, Proc. 4th Int. Conf. Leveraging Applications of Formal Methods, Verification, and Validation (ISoLA'10), Margaria, T. and Steffen, B., Eds., Berlin: Springer, 2010, vol. 1, pp. 535–548.
Cousot, P. and Cousot, R., Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints, Proc. 4th ACM SIGACT SIGPLAN Symp. on Principles of Programming Languages (POPL'77), New York: ACM, 1977, pp. 238–252
Wang, Sh., Dai, X., Yellajyosula, K.S., Zhai, A., and Yew, P.-Ch., Loop selection for thread-level speculation, Proc.18th Int. Conf. Languages and Compilers for Parallel Computing (LCPC), Ayguade, E., Baumgartner, G., Ramanujam, J., and Sadayappan, P., Eds., Berlin: Springer, 2005, pp. 289–303.
Borodin, A.E., Interprocedural context-sensitive static analysis for bug detection in the source code of C and C++ programs, Cand. Sci. (Phys.–Math.) Dissertation, Moscow, 2016.
Taft, T., The use of value numbers in static analysis. http://www.adacore.com/knowledge/technicalpapers/the-use-of-value-numbers-in-static-analysis.
Koshelev, V.K., Ignat’ev, V.N., and Borzilov, A.I., Infrastructure for static analysis of C# programs, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2016, vol. 28, no. 1, pp. 21–40.
Ivannikov, V.P., Belevantsev, A.A., Borodin, A.E., Ignat’ev, V.N., Zhurikhin, D.M., Avetisyan, A.I., and Leonov, M.I., Svace static analyzer for bug detection in program source code, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2014, vol. 26, pp. 231–250.
Borodin, A.E. and Belevantsev, A.A., Svace static analyzer as a collection of analyzers of different levels of complexity, Tr. Inst. Sistemnogo Program. Ross. Akad. Nauk, 2015, vol. 27, no. 6, pp. 111–134.
Sharir, M., Structural analysis: A new approach to flow analysis in optimizing compilers, Comput. Lang., 1980. doi 10.1016/0096-0551(80)90007-7
Author information
Authors and Affiliations
Corresponding author
Additional information
Original Russian Text © A.A. Belevantsev, 2017, published in Programmirovanie, 2017, Vol. 43, No. 6.
Rights and permissions
About this article
Cite this article
Belevantsev, A.A. Multilevel static analysis for improving program quality. Program Comput Soft 43, 321–336 (2017). https://doi.org/10.1134/S0361768817060044
Received:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768817060044