Solutions formulated at this abstraction level are also sensitive to reformatting and refactoring transformations applied to the source code. The tokenized source code does not reveal the structure of the software which is normally added by the parser. The main limitation, however, is that for tools performing automated analysis on the stream of tokens, this representation can prove to be an insufficient source of information. ![]() This representation is natural for the developer to read, and can be used for review purposes, the code style and the applicability of certain guidelines can be analyzed. Some analysis techniques can be run on the source code text that can be seen in Listing 1. In this section, we present how the methods differ. Static analysis methods are different and their outcome may be based on the their capabilities. Finally, this paper concludes in Section 11. Details on future work are given in Section 10. We present a typical use-case in Section 9. An integration of our approach with the Clang infrastructure can be seen in Section 8. In Section 6 and 7, we define our domain-specific language regarding its syntactic and semantic elements. The related work is discussed in Section 5. We show how finite state automata help detecting resource problems in Section 4. In Section 3, we present some typical resource-oriented problems. First, we give details on the different levels of static analysis in Section 2. The rest of this paper is organized as follows. ![]() Moreover, we have added an overview of related works. We have developed and presented a more precise and more detailed example how to use our DSL. We have improved the DSL, especially an error handling sublanguage has been proposed. One can define a special resource-oriented checker with our domain-specific language (DSL) and our tool generates a static analysis method to detect the problems regarding the proposed resource. In this paper, we argue for a generic, resource-oriented static analysis approach. Taint analysis also takes advantage of finite state automata. įinite state automaton (FSA) is a handy tool for modeling usage of resources. Special runtime environment can detect these problems, such as Valgrind. This kind of problems typically is not analysed by unit tests, therefore they are not found and the problems may exist for a long time. Their validation is not part of the usual compilation process. memory leak) may occur in C and C++ programs. Validation of resource management is an important process because resource problems ( e.g. Because static analysis is closely related to the compilation of the code, the formats used to represent the different abstractions are not unique to the analysis process, but can be found in the compilation pipeline as well. One major difference is the level of abstraction at which the code is represented. While most static analysis methods are designed to detect anomalies (called bugs) in software code, the methods they employ are varied. Static analysis is a widely-used method which is by definition the act of uncovering properties and reasoning about software without observing its runtime behaviour, restricting the scope of tools to those which operate on the source representation, the code written in a single or multiple programming languages. However, many problems may remain undiscovered. Compilers validate the syntactic elements, referred variables, called functions to name a few. ![]() We show an example automaton in our domain-specific language and the usage of generated checker.Ĭompilers play an essential role in the early detection of software problems regarding many aspects of the source code. We have developed a tool for this approach which parses the automaton and generates Clang Static Analyzer checker that can be used in the symbolic execution engine. We present our domain-specific language to define automata in terms of syntactic and semantic rules. ![]() The generic automaton can be customized for different resources. In this paper, we argue for an approach in which automata are in-use during symbolic execution. files, memory) requires finite state automata (FSA) for modeling the state of resource ( e.g. input data) are interpreted with symbolic values.Ĭlang Static Analyzer is a powerful symbolic execution engine based on the Clang compiler infrastructure that can be used with C, C++ and Objective-C. Symbolic execution is a static analysis method where the variables ( e.g. Moreover, static analysis can help in software engineering comprehensively, since static analysis can be used for the validation of code conventions, for measuring software complexity and for executing code refactorings as well. It checks the source code without execution and no test cases are required, therefore its cost is lower than testing. Static analysis is an essential way to find code smells and bugs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |