Skip to main content
SpringerLink
Log in

Using dependencies to improve precision of code analysis

  • Published:
Automatic Control and Computer Sciences Aims and scope Submit manuscript

Abstract

Development of dependency analysis methods in order to improve static code analysis precision is considered in this paper. Reasons for precision loss when detecting defects in program source code using abstract interpretation methods are explained. Need for program object dependency extraction and interpretation is justified by numerous real-world examples. Dependency classification is presented. Necessity for aggregate analysis of values and dependencies is considered. Dependency extraction from assignment statements is described. Dependency interpretation based on logic inference using logic and arithmetic rules is proposed. The methods proposed are implemented in defect detection tool Digitek Aegis, significant increase of precision is shown.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Zhivich, M. and Cunningham, R., The Real Cost of Software Errors. IEEE Security and Privacy, IEEE Comput. Soc., 2009, vol. 7, no. 2, pp. 87–90.

    Google Scholar 

  2. Nielson, F., Nielson, N., and Hankin, C., Principles of Program Analysis, Springer-Verlag, 2005.

  3. Cousot, P., Abstract Interpretation, ACM Comput. Surveys, 1996, vol. 28,no. 2, pp. 324–328.

    Article  Google Scholar 

  4. Jones, N. and Nielson, F., Abstract Interpretation: A Semantic-Based Tool for Program Analysis. Handbook of Logic in Computer Science, vol. 4: Semantic Modeling, Oxford: Oxford University Press, 1995.

    Google Scholar 

  5. Nesov, V.S. and Malikov, O.R., Using the Linear Dependencies for Vulnerability Detection in Program Source Code, Trudy Inst. Sist. Progr. Ross. Akad. Nauk, 2006, no. 9, pp. 51–57.

  6. Cousot, P. and Hallwachs, N., Automatic Discovery of Linear Restraints Among Variables of a Program, Proc. 5th ACM SIGACT-SIGPLAN Symp. on Principles of Programming Languages (POPL-78), New York, 1978, pp. 84–96.

  7. Code Analysis for C/C++. Overview. http://msdn.microsoft.com/en-us/library/d3bbz7tz.aspx

  8. Frama-C Software Analyzers. http://frama-c.com

  9. Splint Home Page. http://www.splint.org

  10. Fortify Software. http://www.fortify.com

  11. Itsykson, V.M., Moiseev, M.Yu., Tsesko, V.A., and Karpenko, A.V., Research on Tools for Automation of Defects Detection in Program Source Code, Sci. J. St. Petersburg State Polytechnical Univ. Informat. Telecommun., 2008, no. 5(65), pp. 119–127.

  12. Schwartzbach, M., Lecture Notes on Static Analysis, Aarhus, 2000.

  13. Aegis — A Defect Detection System. http://www.digiteklabs.ru/en/aegis/platform/

  14. Itsykson, V.M., Moiseev, M.Yu., Tsesko, V.A., Zakharov, A.V., and Akhin, M.Kh., Interval Analysis Algorithms for Source Code Defect Detection, Inf. Control Syst., 2009, no. 2(39), pp. 34–41.

  15. Itsykson, V.M., Moiseev, M.Yu., Akhin, M.Kh., Zakharov, A.V., and Tsesko, V.A., Points-to Analysis Algorithms for Source Code Defect Detection, in Sb. st. “Sistemnoe programmirovanie,” (Coll. Papers ’system Programming’), Terekhov, A.N. and Bulychev, D.Yu., Eds., St. Petersburg: St. Petersburg Univ., 2009, no. 4, pp. 5–30.

    Google Scholar 

  16. Bush, W., Pincus, J., and Sielaff, D., A Static Analyzer for Finding Dynamic Programming Errors, Softw. Pract. Exper., 2000, vol. 30, pp. 795–802.

    Article  Google Scholar 

  17. Wang, A., Fei, H., Gu, M., and Song, X., Verifying Java Programs by Theorem Prover HOL, Proc. 30th Ann. Int. Computer Software and Applications Conf., Washington, 2006.

  18. HOL 4 Kananaskis. http://hol.sourceforge.net

  19. WHY — A Software Verification Platform. http://why.lri.fr

  20. Steensgaard, B., Points-To Analysis in Almost Linear Time, Proc. the 23rd ACM SIGPLAN-SIGACT Symp. on Principles of Programming Languages, New York, 1996.

  21. Avots, D., Dalton, M., Livshits, V., and Lam, M., Improving Software Security with a C Pointer Analysis, Proc. 27th Int. Conf. on Software Engineering, New York, 2005, pp. 139–142.

  22. VCC. http://vcc.codeplex.com

  23. Z3. http://research.microsoft.com/en-us/um/Redmond/projects/z3

  24. SMT-LIB. http://www.smtlib.org

Download references

Author information

Authors and Affiliations

  1. St. Petersburg State Polytechnical University, St. Petersburg, Russia

    M. I. Glukhikh, V. M. Itsykson & V. A. Tsesko

Authors
  1. M. I. Glukhikh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. M. Itsykson
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. A. Tsesko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to M. I. Glukhikh.

Additional information

Original Russian Text © M.I. Glukhikh, V.M. Itsykson, V.A. Tsesko, 2011, published in Modelirovanie i Analiz Informatsionnykh Sistem, 2011, No. 4, pp. 68–79.

The article was translated by the author.

About this article

Cite this article

Glukhikh, M.I., Itsykson, V.M. & Tsesko, V.A. Using dependencies to improve precision of code analysis. Aut. Control Comp. Sci. 46, 338–344 (2012). https://doi.org/10.3103/S0146411612070097

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.3103/S0146411612070097

Keywords

Search

Navigation