
Publica
Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten. PhASAR: An Inter-procedural Static Analysis Framework for C/C++
| Vojnar, T.: Tools and Algorithms for the Construction and Analysis of Systems. 25th International Conference, TACAS 2019. Proceedings. Pt.II : Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019, Prague, Czech Republic, April 6-11, 2019 Cham: Springer Nature, 2019 (Lecture Notes in Computer Science 11428) ISBN: 978-3-030-17464-4 (Print) ISBN: 978-3-030-17465-1 (Online) S.393-410 |
| International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS) <25, 2019, Prague> European Joint Conference on Theory and Practice of Software (ETAPS) <22, 2019, Prague> TOOLympics <2019, Prague> |
|
| Englisch |
| Konferenzbeitrag, Elektronische Publikation |
| Fraunhofer IEM () |
Abstract
Static program analysis is used to automatically determine program properties, or to detect bugs or security vulnerabilities in programs. It can be used as a stand-alone tool or to aid compiler optimization as an intermediary step. Developing precise, inter-procedural static analyses, however, is a challenging task, due to the algorithmic complexity, implementation effort, and the threat of state explosion which leads to unsatisfactory performance. Software written in C and C++ is notoriously hard to analyze because of the deliberately unsafe type system, unrestricted use of pointers, and (for C++) virtual dispatch. In this work, we describe the design and implementation of the LLVM-based static analysis framework PhASAR for C/C++ code. PhASAR allows data-flow problems to be solved in a fully automated manner. It provides class hierarchy, call-graph, points-to, and data-flow information, hence requiring analysis developers only to specify a definition of the data-flow problem. PhASAR thus hides the complexity of static analysis behind a high-level API, making static program analysis more accessible and easy to use. PhASAR is available as an open-source project. We evaluate PhASAR’s scalability during whole-program analysis. Analyzing 12 real-world programs using a taint analysis written in PhASAR, we found PhASAR’s abstractions and their implementations to provide a whole-program analysis that scales well to real-world programs. Furthermore, we peek into the details of analysis runs, discuss our experience in developing static analyses for C/C++, and present possible future improvements. Data or code related to this paper is available at.