Abstract

Program bugs may result in unexpected software error, crash or serious security attack. Static program analysis is one of the most common methods to find program bugs. In this paper we present MLSA — a static analysis tool based on LLVM Intermediate Representation (IR), which can analyze programs written in multiple programming languages. MLSA combines symbolic execution with Z3 SMT solver to find bugs. At present, MLSA can detect some kinds of bugs, such as divide zero error, pointer overflow and dead code. Moreover, as a framework, MLSA follows the scalability and extensibility principles, which can help detect other types of bugs. Experiments show that MLSA is effective in finding bugs in real world software.

Highlights

  • Program analysis technology has been proposed to detect bugs in software

  • In this paper we present MLSA, which uses symbolic execution technique based on LLVM Intermediate Representation (IR) to find bugs

  • The contributions in this paper are as follows: 1) We present a static analysis tool MLSA, which is built on LLVM IR to support multiple programming languages and can detect three types kinds of program bugs, such as, division zero error, pointer overflow, dead code

Read more

Summary

Introduction

Program analysis technology has been proposed to detect bugs in software. Based on whether the target program will be running, program analysis can be divided into dynamic program analysis and static analysis. Dynamic analysis can detect bugs through instrumenting analysis instructions into target program or simulating the running status of the target programs in virtual machine environment. Contrary to the dynamic analysis, static program analysis technique mainly focus on the source code of target program or intermediate language compiled by the compiler frontend, which needs no running status. 2) Data flow analysis concerns the operands more instead of the operators, which analyzes the data flow of the program execution path and the possible values of each variable. It can be divided into flow insensitive analysis, flow sensitive analysis and path sensitive analysis according to analysis precision. It can be divided into flow insensitive analysis, flow sensitive analysis and path sensitive analysis according to analysis precision. 3) Model checking will firstly construct the bugs’ automaton from the program bugs patterns, and record the behaviors of the program

Methods
Results
Conclusion

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.