Cited By
View all- Khaled LAbdelbaki N(2020)Evaluation of Software Static AnalyzersProceedings of the 9th International Conference on Software and Information Engineering10.1145/3436829.3436835(11-17)Online publication date: 11-Nov-2020
VBSAC: a value-based static analyzer for C
Authors: 
Chi Li, Min Zhou, Zuxing Gu, Guang Chen, Yuexing Wang, Jiecheng Wu, Ming GuAuthors Info & Claims
Chi Li, Min Zhou, Zuxing Gu, Guang Chen, Yuexing Wang, Jiecheng Wu, Ming GuAuthors Info & ClaimsPages 382 - 385
Abstract
Static analysis has long prevailed as a promising approach to detect program bugs at an early development process to increase software quality. However, such tools face great challenges to balance the false-positive rate and the false-negative rate in practical use. In this paper, we present VBSAC, a value-based static analyzer for C aiming to improve the precision and recall. In our tool, we employ a pluggable value-based analysis strategy. A memory skeleton recorder is designed to maintain the memory objects as a baseline. While traversing the control flow graph, diverse value-based plug-ins analyze the specific abstract domains and share program information to strengthen the computation. Simultaneously, checkers consume the corresponding analysis results to detect bugs. We also provide a user-friendly web interface to help users audit the bug detection results. Evaluation on two widely-used benchmarks shows that we perform better to state-of-the-art bug detection tools by finding 221-339 more bugs and improving F-Score 9.88%-40.32%.
References
[1]
Al Bessey, Ken Block, Benjamin Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles-Henri Gros, Asya Kamsky, Scott McPeak, and Dawson R. Engler. 2010. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM 53, 2 (2010), 66–75.
[2]
Dirk Beyer and M. Erkan Keremoglu. 2009. CPAchecker: A Tool for Configurable Software Verification. CoRR abs/0902.0019 (2009).
[3]
Ben-Chung Cheng and Wen-mei W. Hwu. 2000. Modular interprocedural pointer analysis using access paths: design, implementation, and evaluation. In PLDI 2000, Canada. 57–69.
[4]
Xi Cheng, Min Zhou, Xiaoyu Song, Ming Gu, and Jiaguang Sun. 2017. IntPTI: automatic integer error repair with proper-type inference. In ASE 2017, Urbana, IL, USA. 996–1001.
[5]
Aurélien Delaitre, Bertrand Stivalet, Elizabeth Fong, and Vadim Okun. 2015. Evaluating Bug Finders - Test and Measurement of Static Code Analyzers. In COUFLESS 2015, Florence, Italy. 14–20.
[6]
Yoshiki Higo and Shinji Kusumoto. 2014. MPAnalyzer: a tool for finding unintended inconsistencies in program source code. In ASE 2014, Sweden. 843–846.
[7]
Clang Static Analyzer. Accessed on May 28. 2018. http://clang-analyzer.llvm.org/
[8]
Frama-C. Accessed on May 28. 2018. http://frama-c.com/
[9]
PVS-Studio. Accessed on May 28. 2018. https://www.viva64.com/en/pvs-studio/
[10]
Ganesh Selvaraj, Gerald Weber, and Christof Lutteroth. 2017. Efficient Program Analyses Using Deductive and Semantic Methodologies. 2017 IEEE 13th International Conference on e-Science (e-Science) (2017), 440–441.
[11]
Cppcheck: A tool for static C/C++ code analysis. Accessed on May 28. 2018. http://cppcheck.sourceforge.net/
[12]
Infer: A tool to detect bugs in Java and C/C++/Objective-C code. Accessed on May 28. 2018.
[13]
https://fbinfer.com/
[14]
Vesal Vojdani, Kalmer Apinis, Vootele Rõtov, Helmut Seidl, Varmo Vene, and Ralf Vogler. 2016. Static race detection for device drivers: the Goblint approach. In ASE 2016, Singapore. 391–402.
[15]
Jim Witschey, Olga A. Zielinska, Allaire K. Welk, Emerson R. Murphy-Hill, Christopher B. Mayhorn, and Thomas Zimmermann. 2015. Quantifying developers’ adoption of security tools. In ESEC/FSE 2015, Bergamo, Italy. 260–271.
[16]
Zhenbo Xu, Jian Zhang, and Zhongxing Xu. 2015. Melton: a practical and precise memory leak detection tool for C programs. Frontiers Comput. Sci. (2015), 34–54.
[17]
Hua Yan, Yulei Sui, Shiping Chen, and Jingling Xue. 2017. Machine-Learning-Guided Typestate Analysis for Static Use-After-Free Detection. In Computer Security Applications Conference. 42–54. Abstract 1 Introduction 2 Related Work 3 Design of VBSAC 3.1 Code Parsing Phase 3.2 Bug Detecting Phase 3.3 Report Generating Phase 4 Implementation 5 Evaluation 6 Conclusion References
Index Terms
- VBSAC: a value-based static analyzer for C
Recommendations
Path-sensitive and alias-aware typestate analysis for detecting OS bugs
ASPLOS '22: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating SystemsOperating system (OS) is the cornerstone for modern computer systems. It manages devices and provides fundamental service for user-level applications. Thus, detecting bugs in OSes is important to improve reliability and security of computer systems. ...
Scalable and systematic detection of buggy inconsistencies in source code
OOPSLA '10Software developers often duplicate source code to replicate functionality. This practice can hinder the maintenance of a software project: bugs may arise when two identical code segments are edited inconsistently. This paper presents DejaVu, a highly ...
Comments
Information & Contributors
Information
Published In
July 2019
451 pages
Copyright © 2019 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 10 July 2019
Check for updates
Author Tags
Qualifiers
- Short-paper
Conference
ISSTA '19
Sponsor:
ISSTA '19: 28th ACM SIGSOFT International Symposium on Software Testing and Analysis
July 15 - 19, 2019
Beijing, China
Acceptance Rates
Overall Acceptance Rate 58 of 213 submissions, 27%
Upcoming Conference
ISSTA '25
- Sponsor:
- sigsoft
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 224Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)1
Reflects downloads up to 28 Feb 2025
Other Metrics
Citations
Cited By
View all- Khaled LAbdelbaki N(2020)Evaluation of Software Static AnalyzersProceedings of the 9th International Conference on Software and Information Engineering10.1145/3436829.3436835(11-17)Online publication date: 11-Nov-2020
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in