Taming the Static Analysis Beast release_zvuipg2z3na2pkyeuk4ddkcjbi

by John Toman, Dan Grossman

Released as a article-journal by Dagstuhl Publishing.

2017  

Abstract

While industrial-strength static analysis over large, real-world codebases has become commonplace , so too have difficult-to-analyze language constructs, large libraries, and popular frameworks. These features make constructing and evaluating a novel, sound analysis painful, error-prone, and tedious. We motivate the need for research to address these issues by highlighting some of the many challenges faced by static analysis developers in today's software ecosystem. We then propose our short-and long-term research agenda to make static analysis over modern software less burdensome. 1 Introduction The ubiquitous use of static analysis to ensure the absence of software defects has been a long-held goal of the static analysis research community. As such, we should marvel at and celebrate the mainstream success of scalable code-analysis tools that are now routine for many projects, including at large software companies (such as Microsoft [29, 43], Google [59], and Facebook [17, 16]). Although we can continue to study why static analyses are not more widely deployed [35, 8], industrial-strength static analyses are finally becoming a reality. Static analysis researchers also now enjoy excellent tool support. Analysis frameworks exist for several popular languages and platforms. These frameworks handle tedious tasks shared across almost all static analyses, such as translation from bytecode or source-code to an intermediate representation, call-graph construction, type information, string analyses, and points-to information [37, 71, 72, 52, 15]. The developers of these frameworks deserve substantial credit: thanks to these platforms, researchers have been able to ignore complex implementation details and focus solely on implementing their analyses. Unfortunately, writing a sound static analysis that produces useful results for real programs is now harder than ever. Analysis implementations can easily exceed tens of thousands of lines of code [48, 7]. To understand the sources of complexity, one need look no further than today's software environment. Industrial-strength analyses must handle industrial-strength applications in industrial-strength languages. Analyses must handle objects, the pervasive use of callbacks, threads, exceptions, frameworks, reflection, native code, several layers of indirection, metaprogramming, enormous library dependency graphs, etc. In our experience (and those shared by other static analysis authors), getting a realistic static analysis to
In text/plain format

Archived Files and Locations

application/pdf  618.3 kB
file_ytv4mrl3lncijohd7ysvx4c7qe
web.archive.org (webarchive)
drops.dagstuhl.de (web)
Read Archived PDF
Preserved and Accessible
Type  article-journal
Stage   unknown
Year   2017
Work Entity
access all versions, variants, and formats of this works (eg, pre-prints)
Catalog Record
Revision: b088676f-e5ca-4bb5-88cd-fb9458f3eaea
API URL: JSON