Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses using Dataflow Analyses

Keywords: static analysis, symbolic execution, control dependency analysis, reaching definitions analysis, Clang Static Analyzer, report generation, code comprehension

Abstract

The lack of sound, concise and comprehensive error reports emitted by a static analysis tool can cause increased fixing cost, bottleneck at the availability of experts and even may undermine the trust in static analysis as a method. This paper presents novel techniques to improve the quality of bug reports for static analysis tools that employ symbolic execution. With the combination of data and control dependency analysis, we can identify the relevance of particular code snippets that were previously missing from the report. We demonstrated the benefits of our approach by implementing an improved bug report generator algorithm for the Clang Static Analyzer. After being tested by the open source community our solution became enabled by default in the tool.

Downloads

Download data is not yet available.

Author Biographies

Gábor Horváth, Department of Programming Languages and Compilers, Faculty of Informatics, Eötvös Loránd University, Budapest, Hungary

PhD at Eötvös Loránd University, Faculty of Informatics, Department of Programming Languages and Compilers

Zoltán Porkoláb, Department of Programming Languages and Compilers, Faculty of Informatics, Eötvös Loránd University, Budapest, Hungary

Associate Professor of the Department of Programming Languages and Compilers at the Faculty of Informatics, Eötvös Loránd University (ELTE), Budapest, Hungary.

Published
2024-03-04
How to Cite
Umann, K., Horváth, G., & Porkoláb, Z. (2024). Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses using Dataflow Analyses. Acta Cybernetica, 26(3), 713-747. https://doi.org/10.14232/actacyb.299805
Section
Special Issue of the 13th Conference of PhD Students in Computer Science