Abstract
While in the past in the C/C++ world compilers and static analyzers took two separate paths and were two separate lines of tools, nowadays they are coming back together, especially the Clang compiler and its Clang/LLVM based static analyzers. The paper will show why and how this "reunion" is beneficial, especially when analyzing large codebases. In particular the paper first will present these relatively new analyzers, then it will show how these tools are currently integrated in code quality platforms - e.g. SonarQube; finally, the paper will describe the author's recent results in terms of improving the analyzers - code quality platforms integration and facilitating the adoption and execution of static analysis in software projects.
- http://clang.llvm.org/Google Scholar
- https://clang.llvm.org/docs/ JSONCompilationDatabase.htmlGoogle Scholar
- https://www.sonarqube.org/Google Scholar
- https://www.gimpel.com/Google Scholar
- http://cppcheck.net/Google Scholar
- https://www.mathworks.com/products/ polyspace.htmlGoogle Scholar
- https://frama-c.com/value.htmlGoogle Scholar
- https://clang-analyzer.llvm.org/Google Scholar
- http://frama-c.com/wp.htmlGoogle Scholar
- http://www.cprover.org/cbmc/Google Scholar
- https://clang-analyzer.llvm.org/available_checks.htmlGoogle Scholar
- https://clang.llvm.org/extra/clang-tidy/ checks/list.htmlGoogle Scholar
- http://gnat-asis.sourceforge.net/Google Scholar
- https://github.com/AdaCore/libadalangGoogle Scholar
- https://cmake.org/Google Scholar
- https://github.com/nickdiego/compiledbGoogle Scholar
- https://github.com/rizsotto/BearGoogle Scholar
- https://ninja-build.org/Google Scholar
- https://github.com/SonarOpenCommunity/sonar-cxxGoogle Scholar
- https://www.sonarsource.com/Google Scholar
- https://www.spazioit.com/pages_en/sol_inf_en/ code_quality_en/safe-toolset-en/Google Scholar
Recommendations
Know your analysis: how instrumentation aids understanding static analysis
SOAP 2019: Proceedings of the 8th ACM SIGPLAN International Workshop on State Of the Art in Program AnalysisThe development of a high-quality data-flow analysis---one that is precise and scalable---is a challenging task. A concrete client analysis not only requires data-flow but, in addition, type-hierarchy, points-to, and call-graph information, all of which ...
Model checking driven static analysis for the real world: designing and tuning large scale bug detection
Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential ...
Precise flow-insensitive may-alias analysis is NP-hard
Determining aliases is one of the foundamental static analysis problems, in part because the precision with which this problem is solved can affect the precision of other analyses such as live variables, available expressions, and constant propagation. ...






Comments