Proceedings of ISP RAS


Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors.

Arutyun Avetisyan, Alexey Borodin.

Abstract

A static analysis tool Svace finding vulnerabilities and critical errors in the source code of C/C++ programs is developed in the ISP RAS. The purpose of Svace is to find as many errors as possible with low level of false positives and suitable use of available resources. Important requirements for this kind of systems are scalability and extensibility. The article presents the mechanism supporting the addition to the Svace system detectors of new kinds of errors that preserves the scalability. Using the mechanism illustrated by the four detectors developed errors.

Keywords

static analysis; dataflow analysis; extensibility; null pointer dereference; improper use of dynamic memory

Edition

Proceedings of the Institute for System Programming, vol. 21, 2011, pp. 39-54.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

Full text of the paper in pdf (in Russian) Back to the contents of the volume