提高静态分析的精度:基于GCC抽象语法树的符号执行

2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD) Pub Date : 2017-06-01 DOI:10.1109/SNPD.2017.8022752

Hongliang Liang, Shirun Liu, Yini Zhang, Meilin Wang

{"title":"提高静态分析的精度:基于GCC抽象语法树的符号执行","authors":"Hongliang Liang, Shirun Liu, Yini Zhang, Meilin Wang","doi":"10.1109/SNPD.2017.8022752","DOIUrl":null,"url":null,"abstract":"To improve the accuracy of analysis results is one of the hard challenges for static analysis. Especially, static analyzers generally analyze all paths of a program, including infeasible paths, which undoubtedly decreases the analysis accuracy. To mitigate the issue, we design and implement a static analyzer, called ABAZER-SE, which is based on the meta-compilation and the GCC abstract syntax tree. ABAZER-SE combines symbolic execution and static analysis techniques to detect bugs in the source code. In addition, it allows users to write a custom checker for a specific bug.","PeriodicalId":186094,"journal":{"name":"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":"12 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Improving the precision of static analysis: Symbolic execution based on GCC abstract syntax tree\",\"authors\":\"Hongliang Liang, Shirun Liu, Yini Zhang, Meilin Wang\",\"doi\":\"10.1109/SNPD.2017.8022752\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To improve the accuracy of analysis results is one of the hard challenges for static analysis. Especially, static analyzers generally analyze all paths of a program, including infeasible paths, which undoubtedly decreases the analysis accuracy. To mitigate the issue, we design and implement a static analyzer, called ABAZER-SE, which is based on the meta-compilation and the GCC abstract syntax tree. ABAZER-SE combines symbolic execution and static analysis techniques to detect bugs in the source code. In addition, it allows users to write a custom checker for a specific bug.\",\"PeriodicalId\":186094,\"journal\":{\"name\":\"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"volume\":\"12 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SNPD.2017.8022752\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD.2017.8022752","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

提高分析结果的准确性是静态分析面临的难题之一。特别是，静态分析器通常分析程序的所有路径，包括不可行的路径，这无疑降低了分析的准确性。为了缓解这个问题，我们设计并实现了一个静态分析器，称为ABAZER-SE，它基于元编译和GCC抽象语法树。ABAZER-SE结合了符号执行和静态分析技术来检测源代码中的错误。此外，它允许用户为特定的错误编写自定义的检查器。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improving the precision of static analysis: Symbolic execution based on GCC abstract syntax tree

To improve the accuracy of analysis results is one of the hard challenges for static analysis. Especially, static analyzers generally analyze all paths of a program, including infeasible paths, which undoubtedly decreases the analysis accuracy. To mitigate the issue, we design and implement a static analyzer, called ABAZER-SE, which is based on the meta-compilation and the GCC abstract syntax tree. ABAZER-SE combines symbolic execution and static analysis techniques to detect bugs in the source code. In addition, it allows users to write a custom checker for a specific bug.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 18th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)

自引率

0.00%

发文量