Static analyzer Svace for finding defects in a source program code

被引：0

作者：

V. P. Ivannikov

A. A. Belevantsev

A. E. Borodin

V. N. Ignatiev

D. M. Zhurikhin

A. I. Avetisyan

机构：

[1] Russian Academy of Sciences,Institute for Systems Programming

来源：

Programming and Computer Software | 2014年 / 40卷

关键词：

static analysis; data-flow analysis; vulnerabilities; interprocedural analysis; annotation-based analysis;

D O I：

暂无

中图分类号：

学科分类号：

摘要：

This paper describes Svace, a tool for static program analysis developed at the Institute for Systems Programming, Russian Academy of Sciences. This tool allows one to find defects and potential vulnerabilities in the source program code written in C/C++ languages. The main features of the tool are simplicity of use, wide variety of supported types of warnings, scalability up to programs of millions of code lines, and acceptable quality of analysis (30–80% of true positive warnings).

引用

页码：265 / 275

页数：10

共 7 条

[1] Avetisyan A(2011)Using static analysis to find vulnerabilities and critical errors in source code of programs Tr. Inst. Sist. Upr., Ross. Akad. Nauk 21 23-38
[2] Belevantsev A(2011)Extension mechanisms of static analysis Svace by detectors of new types of vulnerabilities and critical errors Tr. Inst. Sist. Upr., Ross. Akad. Nauk 21 39-54
[3] Borodin A(2012)Using lightweight static analysis for the verification of adjustable semantic constraints of a programming language Tr. Inst. Sist. Upr., Ross. Akad. Nauk 22 169-188
[4] Nessov V(undefined)undefined undefined undefined undefined-undefined
[5] Avetisyan A(undefined)undefined undefined undefined undefined-undefined
[6] Borodin A(undefined)undefined undefined undefined undefined-undefined
[7] Ignatyev V(undefined)undefined undefined undefined undefined-undefined

← 1 →