Static analyzer Svace for finding defects in a source program code

被引:15
作者
Ivannikov, V. P. [1 ]
Belevantsev, A. A. [1 ]
Borodin, A. E. [1 ]
Ignatiev, V. N. [1 ]
Zhurikhin, D. M. [1 ]
Avetisyan, A. I. [1 ]
机构
[1] Russian Acad Sci, Inst Syst Programming, Moscow 109004, Russia
来源
PROGRAMMING AND COMPUTER SOFTWARE | 2014年 / 40卷 / 05期
关键词
static analysis; data-flow analysis; vulnerabilities; interprocedural analysis; annotation-based analysis;
D O I
10.1134/S0361768814050041
中图分类号
TP31 [计算机软件];
学科分类号
081202 ; 0835 ;
摘要
This paper describes Svace, a tool for static program analysis developed at the Institute for Systems Programming, Russian Academy of Sciences. This tool allows one to find defects and potential vulnerabilities in the source program code written in C/C++ languages. The main features of the tool are simplicity of use, wide variety of supported types of warnings, scalability up to programs of millions of code lines, and acceptable quality of analysis (30-80% of true positive warnings).
引用
收藏
页码:265 / 275
页数:11
相关论文
共 6 条
  • [1] Avetisyan A., 2011, TR I SIST UPR ROSS A, V21, P23
  • [2] Avetisyan A., 2011, TR I SIST UPR ROSS A, V21, P39
  • [3] Ignatyev V., 2012, TR I SIST UPR ROSS A, V22, P169
  • [4] Lifshiz V.B., 2003, TRACKING POINTERS PA
  • [5] Misra SC, 2003, LECT NOTES COMPUT SC, V2667, P724
  • [6] Nessov V.S., 11 MEZHD K RUSKRIPTO
1