Driving a sound static software analyzer with branch-and-bound

2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM) Pub Date : 2013-10-28 DOI:10.1109/SCAM.2013.6648185

Sven Mattsen, Pascal Cuoq, S. Schupp

{"title":"Driving a sound static software analyzer with branch-and-bound","authors":"Sven Mattsen, Pascal Cuoq, S. Schupp","doi":"10.1109/SCAM.2013.6648185","DOIUrl":null,"url":null,"abstract":"During the last decade, static analyzers of source code have improved greatly. Today, precise analyzers that propagate values for the program's variables, for instance with interval arithmetic, are used in the industry. The simultaneous propagation of sets of values, while computationally efficient, is a source of approximations, and ultimately of false positives. When the loss of precision is detrimental to the user's goals, a user needs to provide some kind of manual guidance. Frama-C, a framework for the static analysis of C programs, provides a sound value analyzer. This analyzer can optionally be guided by skillfully placed user annotations. This article describes SPALTER, a Frama-C plug-in that uses a variation of the Skelboe-Moore algorithm from the field of interval arithmetic to guide Frama-C's value analyzer towards a high-level objective set by the user. SPALTER reproduces the results of a case study that used Frama-C's value analysis and required extensive manual guidance. In difference, our approach with SPALTER required no guidance, except preparation of the analyzed program by slicing.","PeriodicalId":170882,"journal":{"name":"2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM)","volume":"304 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SCAM.2013.6648185","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

During the last decade, static analyzers of source code have improved greatly. Today, precise analyzers that propagate values for the program's variables, for instance with interval arithmetic, are used in the industry. The simultaneous propagation of sets of values, while computationally efficient, is a source of approximations, and ultimately of false positives. When the loss of precision is detrimental to the user's goals, a user needs to provide some kind of manual guidance. Frama-C, a framework for the static analysis of C programs, provides a sound value analyzer. This analyzer can optionally be guided by skillfully placed user annotations. This article describes SPALTER, a Frama-C plug-in that uses a variation of the Skelboe-Moore algorithm from the field of interval arithmetic to guide Frama-C's value analyzer towards a high-level objective set by the user. SPALTER reproduces the results of a case study that used Frama-C's value analysis and required extensive manual guidance. In difference, our approach with SPALTER required no guidance, except preparation of the analyzed program by slicing.

查看原文本刊更多论文

用分支定界驱动一个健全的静态软件分析器

在过去的十年中，源代码的静态分析器有了很大的改进。今天，精确的分析器传播程序变量的值，例如用区间算法，在工业中使用。同时传播一组值，虽然计算效率很高，但它是近似的来源，最终会产生误报。当精确度的丧失对用户的目标有害时，用户需要提供某种手动指导。Frama-C是一个用于C程序静态分析的框架，它提供了一个可靠的值分析器。这个分析器可以通过巧妙放置的用户注释来指导。本文描述了SPALTER，这是一个Frama-C插件，它使用区间算法领域的skelbo - moore算法的变体来指导Frama-C的值分析器实现用户设置的高级目标。SPALTER再现了一个案例研究的结果，该研究使用了Frama-C的价值分析，并需要大量的手动指导。不同的是，我们使用SPALTER的方法不需要指导，除了通过切片准备分析程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2013 IEEE 13th International Working Conference on Source Code Analysis and Manipulation (SCAM)

自引率

0.00%

发文量