scholarly journals Detecting Uninitialized Variables in C++ with the Clang Static Analyzer

2020 ◽  
Author(s):  
Kristóf Umann ◽  
Zoltán Porkoláb
Keyword(s):  
Software Engineering ◽  
Open Source ◽  
Programming Languages ◽  
Static Analysis ◽  
Common Source ◽  
Initial Value ◽  
Analysis Techniques ◽  
Specific Variable ◽  
Prototype Tool ◽  
Run Time

Uninitialized variables have been a source of errors since the beginning of software engineering. Some programming languages (e.g. Java and Python) will automatically zero-initialize such variables, but others, like C and C++, leave their state undefined. While laying aside initialization in C and C++ might be a performance advantage if an initial value can't be supplied, working with such variables is an undefined behavior, and is a common source of instabilities and crashes. To avoid such errors, whenever meaningful initialization is possible, it should be used. Tools for detecting these errors run time have existed for decades, but those require the problematic code to be executed. Since in many cases the number of possible execution paths are combinatoric, static analysis techniques emerged as an alternative. In this paper, we overview the technique for detecting uninitialized C++ variables using the Clang Static Analyzer, and describe various heuristics to guess whether a specific variable was left in an undefined state intentionally. We implemented a prototype tool based on our idea and successfully tested it on large open source projects.

scholarly journals Obtaining Real-World Benchmark Programs from Open-Source Repositories Through Abstract-Semantics Preserving Transformations

2020 ◽  
Author(s):  
Maria Paquin
Keyword(s):  
Open Source ◽  
Static Analysis ◽  
Real World ◽  
Program Analysis ◽  
Symbolic Execution ◽  
Analysis Techniques ◽  
Second Stage ◽  
The Third ◽  
Third Stage ◽  
Transformation Algorithms

Benchmark programs are an integral part of program analysis research. Researchers use benchmark programs to evaluate existing techniques and test the feasibility of new approaches. The larger and more realistic the set of benchmarks, the more confident a researcher can be about the correctness and reproducibility of their results. However, obtaining an adequate set of benchmark programs has been a long-standing challenge in the program analysis community. In this thesis, we present the APT tool, a framework we designed and implemented to automate the generation of realistic benchmark programs suitable for program analysis evaluations. Our tool targets intra-procedural analyses that operate on an integer domain, specifically symbolic execution. The framework is composed of three main stages. In the first stage, the tool extracts potential benchmark programs from open-source repositories suitable for symbolic execution. In the second stage, the tool transforms the extracted programs into compilable, stand-alone benchmarks by removing external dependencies and nonlinear expressions. In the third stage, the benchmarks are verified and made available for the user. We have designed our transformation algorithms to remove program dependencies and nonlinear expressions while preserving their semantics-equivalence in the abstraction of symbolic analysis. That is, we want the information the analysis computes on the original program and its transformed version to be equivalent. Our work provides static analysis researchers with concise, compilable benchmark programs that are relevant to symbolic execution, allowing them to focus their efforts on advancing analysis techniques. Furthermore, our work benefits the software engineering community by enabling static analysis researchers to perform benchmarking with a large, realistic set of programs, thus strengthening the empirical evidence of the advancements in static program analysis.

scholarly journals Analysis and Transformation of Constrained Horn Clauses for Program Verification

2021 ◽  
pp. 1-69
Author(s):  
EMANUELE DE ANGELIS ◽  
FABIO FIORAVANTI ◽  
JOHN P. GALLAGHER ◽  
MANUEL V. HERMENEGILDO ◽  
ALBERTO PETTOROSSI ◽  
...  
Keyword(s):  
Logic Programming ◽  
Programming Languages ◽  
Recent Work ◽  
Static Analysis ◽  
Program Verification ◽  
Software Systems ◽  
Transformation Techniques ◽  
Analysis Techniques ◽  
Future Developments ◽  
Horn Clauses

Abstract This paper surveys recent work on applying analysis and transformation techniques that originate in the field of constraint logic programming (CLP) to the problem of verifying software systems. We present specialization-based techniques for translating verification problems for different programming languages, and in general software systems, into satisfiability problems for constrained Horn clauses (CHCs), a term that has become popular in the verification field to refer to CLP programs. Then, we describe static analysis techniques for CHCs that may be used for inferring relevant program properties, such as loop invariants. We also give an overview of some transformation techniques based on specialization and fold/unfold rules, which are useful for improving the effectiveness of CHC satisfiability tools. Finally, we discuss future developments in applying these techniques.

scholarly journals Human-Centered Approach to Static-Analysis-Driven Developer Tools

Queue ◽  
2021 ◽  
Vol 19 (4) ◽  
pp. 68-95
Author(s):  
Ayman Nadeem
Keyword(s):  
Programming Languages ◽  
Static Analysis ◽  
Abstract Thinking ◽  
Program Behavior ◽  
Structure Information ◽  
Analysis Techniques ◽  
Developer Tools

Complex and opaque systems do not scale easily. A human-centered approach for evolving tools and practices is essential to ensuring that software is scaled safely and securely. Static analysis can unveil information about program behavior, but the goal of deriving this information should not be to accumulate hairsplitting detail. HCI can help direct static-analysis techniques into developer-facing systems that structure information and embody relationships in representations that closely mirror a programmer's thought. The survival of great software depends on programming languages that support, rather than inhibit, communicating, reasoning, and abstract thinking.

scholarly journals Leveraging Final Degree Projects for Open Source Software Contributions

Electronics ◽  
2021 ◽  
Vol 10 (10) ◽  
pp. 1181
Author(s):  
Juanan Pereira
Keyword(s):  
Graduate Students ◽  
Software Engineering ◽  
Computer Science ◽  
Open Source ◽  
Communication Skills ◽  
Open Source Software ◽  
Real World ◽  
Practical Experience ◽  
Multiple Challenges ◽  
Final Degree

(1) Background: final year students of computer science engineering degrees must carry out a final degree project (FDP) in order to graduate. Students’ contributions to improve open source software (OSS) through FDPs can offer multiple benefits and challenges, both for the students, the instructors and for the project itself. This work reports on a practical experience developed by four students contributing to mature OSS projects during their FDPs, detailing how they addressed the multiple challenges involved, both from the students and teachers perspective. (2) Methods: we followed the work of four students contributing to two established OSS projects for two academic years and analyzed their work on GitHub and their responses to a survey. (3) Results: we obtained a set of specific recommendations for future practitioners and detailed a list of benefits achieved by steering FDP towards OSS contributions, for students, teachers and the OSS projects. (4) Conclusion: we find out that FDPs oriented towards enhancing OSS projects can introduce students into real-world, practical examples of software engineering principles, give them a boost in their confidence about their technical and communication skills and help them build a portfolio of contributions to daily used worldwide open source applications.

A Survey of Parametric Static Analysis

2021 ◽  
Vol 54 (7) ◽  
pp. 1-37
Author(s):  
Jihyeok Park ◽  
Hongki Lee ◽  
Sukyoung Ryu
Keyword(s):  
Recent Work ◽  
Static Analysis ◽  
Abstract Interpretation ◽  
Black Box ◽  
Parameter Selection ◽  
Survey Analysis ◽  
Future Directions ◽  
Analysis Techniques ◽  
Analysis Quality

Understanding program behaviors is important to verify program properties or to optimize programs. Static analysis is a widely used technique to approximate program behaviors via abstract interpretation. To evaluate the quality of static analysis, researchers have used three metrics: performance, precision, and soundness. The static analysis quality depends on the analysis techniques used, but the best combination of such techniques may be different for different programs. To find the best combination of analysis techniques for specific programs, recent work has proposed parametric static analysis . It considers static analysis as black-box parameterized by analysis parameters , which are techniques that may be configured without analysis details. We formally define the parametric static analysis, and we survey analysis parameters and their parameter selection in the literature. We also discuss open challenges and future directions of the parametric static analysis.

scholarly journals Options for putting CDS/ISIS databases on the internet

2006 ◽  
Vol 40 (3) ◽  
pp. 286-295 ◽  
Author(s):  
Andrew Buxton
Keyword(s):  
Open Source ◽  
Programming Languages ◽  
Operating Systems ◽  
Open Source Software ◽  
Design Methodology ◽  
The Internet ◽  
Content Type

PurposeTo review the variety of software solutions available for putting CDS/ISIS databases on the internet. To help anyone considering which route to take.Design/methodology/approachBriefly describes the characteristics, history, origin and availability of each package. Identifies the type of skills required to implement the package and the kind of application it is suited to. Covers CDS/ISIS Unix version, JavaISIS, IsisWWW, WWWISIS Versions 3 and 5, Genisis, IAH, WWW‐ISIS, and OpenIsis.FindingsThere is no obvious single “best” solution. Several are free but may require more investment in acquiring the skills to install and configure them. The choice will depend on the user's experience with CDS/ISIS formatting language, HTML, programming languages, operating systems, open source software, and so on.Originality/valueThere is detailed documentation available for most of these packages, but little previous guidance to help potential users to distinguish and choose between them.

Sign in / Sign up

Export Citation Format

Share Document