Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors

Mechanisms for extending the system of static analysis Svace by new types of detectors of vulnerabilities and critical errors

A static analysis tool Svace finding vulnerabilities and critical errors in the source code of C/C++  programs is developed in the ISP RAS. The purpose of Svace is to find as many errors as possible with  low level of false positives and suitable use of available resources. Important requirements fo...

Full description

Bibliographic Details
Main Authors: Arutyun Avetisyan, Alexey Borodin
Format: Article
Language:English
Published: Ivannikov Institute for System Programming of the Russian Academy of Sciences 2018-10-01
Series:Труды Института системного программирования РАН
Subjects:
статический анализ
анализ потока данных
расширяемость
ошибки разыменования нулевого указателя
ошибки работы с динамической памятью
Online Access:https://ispranproceedings.elpub.ru/jour/article/view/1027
Description
Summary:A static analysis tool Svace finding vulnerabilities and critical errors in the source code of C/C++  programs is developed in the ISP RAS. The purpose of Svace is to find as many errors as possible with  low level of false positives and suitable use of available resources. Important requirements for this kind of systems are scalability and extensibility. The article presents the mechanism supporting the addition to the Svace system detectors of new kinds of errors that preserves the scalability. Using the mechanism illustrated by the four detectors developed errors.
ISSN:2079-8156
2220-6426

Similar Items