Automatic Control and Computer Sciences

, Volume 46, Issue 7, pp 338–344 | Cite as

Using dependencies to improve precision of code analysis

Article

Abstract

Development of dependency analysis methods in order to improve static code analysis precision is considered in this paper. Reasons for precision loss when detecting defects in program source code using abstract interpretation methods are explained. Need for program object dependency extraction and interpretation is justified by numerous real-world examples. Dependency classification is presented. Necessity for aggregate analysis of values and dependencies is considered. Dependency extraction from assignment statements is described. Dependency interpretation based on logic inference using logic and arithmetic rules is proposed. The methods proposed are implemented in defect detection tool Digitek Aegis, significant increase of precision is shown.

Keywords

Static analysis abstract interpretation dependency analysis program defect detection 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Zhivich, M. and Cunningham, R., The Real Cost of Software Errors. IEEE Security and Privacy, IEEE Comput. Soc., 2009, vol. 7, no. 2, pp. 87–90.Google Scholar
  2. 2.
    Nielson, F., Nielson, N., and Hankin, C., Principles of Program Analysis, Springer-Verlag, 2005.Google Scholar
  3. 3.
    Cousot, P., Abstract Interpretation, ACM Comput. Surveys, 1996, vol. 28,no. 2, pp. 324–328.CrossRefGoogle Scholar
  4. 4.
    Jones, N. and Nielson, F., Abstract Interpretation: A Semantic-Based Tool for Program Analysis. Handbook of Logic in Computer Science, vol. 4: Semantic Modeling, Oxford: Oxford University Press, 1995.Google Scholar
  5. 5.
    Nesov, V.S. and Malikov, O.R., Using the Linear Dependencies for Vulnerability Detection in Program Source Code, Trudy Inst. Sist. Progr. Ross. Akad. Nauk, 2006, no. 9, pp. 51–57.Google Scholar
  6. 6.
    Cousot, P. and Hallwachs, N., Automatic Discovery of Linear Restraints Among Variables of a Program, Proc. 5th ACM SIGACT-SIGPLAN Symp. on Principles of Programming Languages (POPL-78), New York, 1978, pp. 84–96.Google Scholar
  7. 7.
    Code Analysis for C/C++. Overview. http://msdn.microsoft.com/en-us/library/d3bbz7tz.aspx
  8. 8.
    Frama-C Software Analyzers. http://frama-c.com
  9. 9.
    Splint Home Page. http://www.splint.org
  10. 10.
    Fortify Software. http://www.fortify.com
  11. 11.
    Itsykson, V.M., Moiseev, M.Yu., Tsesko, V.A., and Karpenko, A.V., Research on Tools for Automation of Defects Detection in Program Source Code, Sci. J. St. Petersburg State Polytechnical Univ. Informat. Telecommun., 2008, no. 5(65), pp. 119–127.Google Scholar
  12. 12.
    Schwartzbach, M., Lecture Notes on Static Analysis, Aarhus, 2000.Google Scholar
  13. 13.
    Aegis — A Defect Detection System. http://www.digiteklabs.ru/en/aegis/platform/
  14. 14.
    Itsykson, V.M., Moiseev, M.Yu., Tsesko, V.A., Zakharov, A.V., and Akhin, M.Kh., Interval Analysis Algorithms for Source Code Defect Detection, Inf. Control Syst., 2009, no. 2(39), pp. 34–41.Google Scholar
  15. 15.
    Itsykson, V.M., Moiseev, M.Yu., Akhin, M.Kh., Zakharov, A.V., and Tsesko, V.A., Points-to Analysis Algorithms for Source Code Defect Detection, in Sb. st. “Sistemnoe programmirovanie,” (Coll. Papers ’system Programming’), Terekhov, A.N. and Bulychev, D.Yu., Eds., St. Petersburg: St. Petersburg Univ., 2009, no. 4, pp. 5–30.Google Scholar
  16. 16.
    Bush, W., Pincus, J., and Sielaff, D., A Static Analyzer for Finding Dynamic Programming Errors, Softw. Pract. Exper., 2000, vol. 30, pp. 795–802.CrossRefGoogle Scholar
  17. 17.
    Wang, A., Fei, H., Gu, M., and Song, X., Verifying Java Programs by Theorem Prover HOL, Proc. 30th Ann. Int. Computer Software and Applications Conf., Washington, 2006.Google Scholar
  18. 18.
    HOL 4 Kananaskis. http://hol.sourceforge.net
  19. 19.
    WHY — A Software Verification Platform. http://why.lri.fr
  20. 20.
    Steensgaard, B., Points-To Analysis in Almost Linear Time, Proc. the 23rd ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, New York, 1996.Google Scholar
  21. 21.
    Avots, D., Dalton, M., Livshits, V., and Lam, M., Improving Software Security with a C Pointer Analysis, Proc. 27th Int. Conf. on Software Engineering, New York, 2005, pp. 139–142.Google Scholar
  22. 22.
  23. 23.
  24. 24.

Copyright information

© Allerton Press, Inc. 2012

Authors and Affiliations

  • M. I. Glukhikh
    • 1
  • V. M. Itsykson
    • 1
  • V. A. Tsesko
    • 1
  1. 1.St. Petersburg State Polytechnical UniversitySt. PetersburgRussia

Personalised recommendations