Abstract
Program bugs may result in unexpected software error, crash or serious security attack. Static program analysis is one of the most common methods to find program bugs. In this paper we present MLSA — a static analysis tool based on LLVM Intermediate Representation (IR), which can analyze programs written in multiple programming languages. MLSA combines symbolic execution with Z3 SMT solver to find bugs. At present, MLSA can detect some kinds of bugs, such as divide zero error, pointer overflow and dead code. Moreover, as a framework, MLSA follows the scalability and extensibility principles, which can help detect other types of bugs. Experiments show that MLSA is effective in finding bugs in real world software.
Highlights
Program analysis technology has been proposed to detect bugs in software
In this paper we present MLSA, which uses symbolic execution technique based on LLVM Intermediate Representation (IR) to find bugs
The contributions in this paper are as follows: 1) We present a static analysis tool MLSA, which is built on LLVM IR to support multiple programming languages and can detect three types kinds of program bugs, such as, division zero error, pointer overflow, dead code
Summary
Program analysis technology has been proposed to detect bugs in software. Based on whether the target program will be running, program analysis can be divided into dynamic program analysis and static analysis. Dynamic analysis can detect bugs through instrumenting analysis instructions into target program or simulating the running status of the target programs in virtual machine environment. Contrary to the dynamic analysis, static program analysis technique mainly focus on the source code of target program or intermediate language compiled by the compiler frontend, which needs no running status. 2) Data flow analysis concerns the operands more instead of the operators, which analyzes the data flow of the program execution path and the possible values of each variable. It can be divided into flow insensitive analysis, flow sensitive analysis and path sensitive analysis according to analysis precision. It can be divided into flow insensitive analysis, flow sensitive analysis and path sensitive analysis according to analysis precision. 3) Model checking will firstly construct the bugs’ automaton from the program bugs patterns, and record the behaviors of the program
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
