Proceedings of ISP RAS


Using Different Views Java-Programs for Static Analysis

E.A. Karpulevitch (ISP RAS, Moscow)

Abstract

Static analysis of the source code used for the automated detection of software defects. Particularly noticeable benefits of static analysis in the development of large projects, consisting of hundreds of thousands of lines of code, because this amount of code is almost impossible to check manually.
Static analyzer of the compiler in contrast, not so much limited in time. Because of this, you can implement more complex and accurate algorithms that give more truth, and less false positives than the compiler's analysis algorithms. At the heart of any algorithm is an internal representation of the program code. The article discusses the various options for the internal representation of programs and software bug detectors that work on these ideas. Analysis of the internal representation of an abstract syntax tree (AST) allows you to quickly detect simple errors, such as a dangerous type conversions. By using abstract syntax tree is convenient to look for errors associated with re-use of code. An analysis of the control flow graph (CFG) allows you to find a more sophisticated error detection which requires passage by the program code. Instead pass code analysis is executed using the CFG bypass. Through analysis of the CFG can detect defects such as, for example, a resource leak, double release of the resource, buffer overflow. There are also other internal representations, which is convenient to carry out certain tests classes. The article, by way of example, the principles of operation described SVACE analyzer several detectors corresponding internal representations.

Keywords

static analysis, java, FindBugs, SVACE

Edition

Proceedings of the Institute for System Programming, vol. 27, issue 6, 2015, pp. 151-158.

ISSN 2220-6426 (Online), ISSN 2079-8156 (Print).

DOI: 10.15514/ISPRAS-2015-27(6)-10

Full text of the paper in pdf (in Russian) Back to the contents of the volume