Context-sensitive detection of information exposure bugs with symbolic execution

Static analysis tools used for detecting information exposure bugs can help software engineers detecting bugs without introducing run-time overhead. Such tools can make the detection of information-flow bugs faster and cheaper without having to provide user input in order to trigger the bug detection. In this paper we present a bug-detection tool for detecting information exposure bugs in C/C++ programs. Our tool is context-sensitive and uses static code analysis for bug detection. We developed our bug finding tool as a Eclipse plug-in in order to easily integrate it in software development work flows. The bug reports provide user friendly visualizations that can be easily traced back to the location where the bug was detected. We discuss one static analysis approach for detecting information exposure bugs and relate briefly the usability of our bug testing tool to empirical research. We conducted an empirical evaluation based on 90 test programs which were selected from the Juliet test suite for C/C++ code. We reached a true-positive coverage of 94.4% in 121 seconds for 90 test programs having a total of 12589 source code lines.