scholarly journals Improved Loop Execution Modeling in the Clang Static Analyzer

2020 ◽  
Author(s):  
Péter György Szécsi ◽  
Gábor Horváth ◽  
Zoltán Porkoláb
Keyword(s):  
Arbitrary Number ◽  
Symbolic Execution ◽  
Source Code ◽  
Current Method ◽  
Analysis Tool ◽  
Constant Number ◽  
Loop Modeling ◽  
Code Analysis ◽  
C Programs ◽  
Alternative Approaches

The LLVM Clang Static Analyzer is a source code analysis tool which aims to find bugs in C, C++, and Objective-C programs using symbolic execution, i.e. it simulates the possible execution paths of the code. Currently the simulation of the loops is somewhat naive (but efficient), unrolling the loops a predefined constant number of times. However, this approach can result in a loss of coverage in various cases. This study aims to introduce two alternative approaches which can extend the current method and can be applied simultaneously: (1) determining loops worth to fully unroll with applied heuristics, and (2) using a widening mechanism to simulate an arbitrary number of iteration steps. These methods were evaluated on numerous open source projects, and proved to increase coverage in most of the cases. This work also laid the infrastructure for future loop modeling improvements.

scholarly journals Map2Check: Using Symbolic Execution and Fuzzing

2020 ◽  
pp. 403-407 ◽  
Author(s):  
Herbert Rocha ◽  
Rafael Menezes ◽  
Lucas C. Cordeiro ◽  
Raimundo Barreto
Keyword(s):  
Software Verification ◽  
Symbolic Execution ◽  
Source Code ◽  
Reachability Analysis ◽  
Experimental Results ◽  
Safety Properties ◽  
C Programs ◽  
Verification Tool ◽  
Inductive Invariants ◽  
Monitor Data

Abstract Map2Check is a software verification tool that combines fuzzing, symbolic execution, and inductive invariants. It automatically checks safety properties in C programs by adopting source code instrumentation to monitor data (e.g., memory pointers) from the program’s executions using LLVM compiler infrastructure. For SV-COMP 2020, we extended Map2Check to exploit an iterative deepening approach using LibFuzzer and Klee to check for safety properties. We also use Crab-LLVM to infer program invariants based on reachability analysis. Experimental results show that Map2Check can handle a wide variety of safety properties in several intricate verification tasks from SV-COMP 2020.

scholarly journals Enhanced Bug Prediction in JavaScript Programs with Hybrid Call-Graph Based Invocation Metrics

Technologies ◽  
2020 ◽  
Vol 9 (1) ◽  
pp. 3
Author(s):  
Gábor Antal ◽  
Zoltán Tóth ◽  
Péter Hegedűs ◽  
Rudolf Ferenc
Keyword(s):  
Software Maintenance ◽  
Positive Impact ◽  
Source Code ◽  
Code Analysis ◽  
Static Source ◽  
Static Code Analysis ◽  
Function Calls ◽  
Hybrid Code ◽  
Code Metrics ◽  
Scripting Language

Bug prediction aims at finding source code elements in a software system that are likely to contain defects. Being aware of the most error-prone parts of the program, one can efficiently allocate the limited amount of testing and code review resources. Therefore, bug prediction can support software maintenance and evolution to a great extent. In this paper, we propose a function level JavaScript bug prediction model based on static source code metrics with the addition of a hybrid (static and dynamic) code analysis based metric of the number of incoming and outgoing function calls (HNII and HNOI). Our motivation for this is that JavaScript is a highly dynamic scripting language for which static code analysis might be very imprecise; therefore, using a purely static source code features for bug prediction might not be enough. Based on a study where we extracted 824 buggy and 1943 non-buggy functions from the publicly available BugsJS dataset for the ESLint JavaScript project, we can confirm the positive impact of hybrid code metrics on the prediction performance of the ML models. Depending on the ML algorithm, applied hyper-parameters, and target measures we consider, hybrid invocation metrics bring a 2–10% increase in model performances (i.e., precision, recall, F-measure). Interestingly, replacing static NOI and NII metrics with their hybrid counterparts HNOI and HNII in itself improves model performances; however, using them all together yields the best results.

scholarly journals FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

2021 ◽  
pp. 363-367 ◽  
Author(s):  
Kaled M. Alshmrany ◽  
Rafael S. Menezes ◽  
Mikhail R. Gadelha ◽  
Lucas C. Cordeiro
Keyword(s):  
Model Checking ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Test Cases ◽  
Security Vulnerabilities ◽  
C Programs ◽  
Code Coverage

AbstractWe describe and evaluate a novel white-box fuzzer for C programs named , which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. successfully participates in Test-Comp’21 and achieves first place in the category and second place in the category.

SharpChecker: Static analysis tool for C# programs

2017 ◽  
Vol 43 (4) ◽  
pp. 268-276 ◽  
Author(s):  
V. K. Koshelev ◽  
V. N. Ignatiev ◽  
A. I. Borzilov ◽  
A. A. Belevantsev
Keyword(s):  
Static Analysis ◽  
Analysis Tool ◽  
C Programs ◽  
Static Analysis Tool
Sign in / Sign up

Export Citation Format

Share Document