VBSAC: a value-based static analyzer for C

Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis Pub Date : 2019-07-10 DOI:10.1145/3293882.3338998

Chi Li, Min Zhou, Zuxing Gu, Guang Chen, Yuexing Wang, Jiecheng Wu, M. Gu

{"title":"VBSAC: a value-based static analyzer for C","authors":"Chi Li, Min Zhou, Zuxing Gu, Guang Chen, Yuexing Wang, Jiecheng Wu, M. Gu","doi":"10.1145/3293882.3338998","DOIUrl":null,"url":null,"abstract":"Static analysis has long prevailed as a promising approach to detect program bugs at an early development process to increase software quality. However, such tools face great challenges to balance the false-positive rate and the false-negative rate in practical use. In this paper, we present VBSAC, a value-based static analyzer for C aiming to improve the precision and recall. In our tool, we employ a pluggable value-based analysis strategy. A memory skeleton recorder is designed to maintain the memory objects as a baseline. While traversing the control flow graph, diverse value-based plug-ins analyze the specific abstract domains and share program information to strengthen the computation. Simultaneously, checkers consume the corresponding analysis results to detect bugs. We also provide a user-friendly web interface to help users audit the bug detection results. Evaluation on two widely-used benchmarks shows that we perform better to state-of-the-art bug detection tools by finding 221-339 more bugs and improving F-Score 9.88%-40.32%.","PeriodicalId":20624,"journal":{"name":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","volume":"15 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2019-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3293882.3338998","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Static analysis has long prevailed as a promising approach to detect program bugs at an early development process to increase software quality. However, such tools face great challenges to balance the false-positive rate and the false-negative rate in practical use. In this paper, we present VBSAC, a value-based static analyzer for C aiming to improve the precision and recall. In our tool, we employ a pluggable value-based analysis strategy. A memory skeleton recorder is designed to maintain the memory objects as a baseline. While traversing the control flow graph, diverse value-based plug-ins analyze the specific abstract domains and share program information to strengthen the computation. Simultaneously, checkers consume the corresponding analysis results to detect bugs. We also provide a user-friendly web interface to help users audit the bug detection results. Evaluation on two widely-used benchmarks shows that we perform better to state-of-the-art bug detection tools by finding 221-339 more bugs and improving F-Score 9.88%-40.32%.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

一个基于值的C语言静态分析器

长期以来，静态分析作为一种在早期开发过程中检测程序缺陷以提高软件质量的有前途的方法一直很流行。然而，这些工具在实际使用中面临着平衡假阳性率和假阴性率的巨大挑战。本文提出了基于值的C语言静态分析器VBSAC，旨在提高C语言的查全率和查全率。在我们的工具中，我们采用了可插入的基于值的分析策略。内存骨架记录器被设计用来维护内存对象作为基线。在遍历控制流图时，各种基于值的插件分析特定的抽象域并共享程序信息以加强计算。同时，检查人员使用相应的分析结果来检测错误。我们还提供了一个用户友好的web界面，以帮助用户审计错误检测结果。对两个广泛使用的基准测试的评估表明，我们比最先进的错误检测工具表现更好，发现了221-339个错误，F-Score提高了9.88%-40.32%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis

自引率

0.00%

发文量