1. 6

Abstract: “Static program analysis is used to automatically determine program properties, or to detect bugs or security vulnerabilities in pro- grams. It can be used as a stand-alone tool or to aid compiler optimiza- tion as an intermediary step. Developing precise, inter-procedural static analyses, however, is a challenging task, due to the algorithmic complex- ity, implementation effort, and the threat of state explosion which leads to unsatisfactory performance. Software written in C and C++ is noto- riously hard to analyze because of the deliberately unsafe type system, unrestricted use of pointers, and (for C++) virtual dispatch. In this work, we describe the design and implementation of the LLVM-based static analysis framework PhASAR for C/C++ code. PhASAR allows data-flow problems to be solved in a fully automated manner. It pro- vides class hierarchy, call-graph, points-to, and data-flow information, hence requiring analysis developers only to specify a definition of the data-flow problem. PhASAR thus hides the complexity of static analysis behind a high-level API, making static program analysis more accessible and easy to use. PhASAR is available as an open-source project. We evaluate PhASAR’s scalability during whole-program analysis. Analyz- ing 12 real-world programs using a taint analysis written in PhASAR, we found PhASAR’s abstractions and their implementations to provide a whole-program analysis that scales well to real-world programs. Further- more, we peek into the details of analysis runs, discuss our experience in developing static analyses for C/C++, and present possible future improvements.”

Their website.