Philipp Dominik Schubert successfully completed his doctorate on the subject of "Scaling Static Whole-Program Analysis to Modern C and C++ Software Development" with Prof. Dr. Eric Bodden.
Abstract:
Static analyses that aim at detecting bugs and security breaches have to be precise and inter-procedural, i.e., must span the whole program to compute results that are actually useful to developers. Analyses run in a whole-program manner, however, oftentimes lead to unsatisfactory performance.
Unfortunately, traditional whole-program analysis also does not match modern software development that is characterized by extensive library usage and continuous integration/continuous deployment, which compromises performance to the point at which it becomes practically infeasible.
To address the challenging problem of making precise static whole-program analysis scale, we exploit the fact that virtually all serious software projects are organized with help of version control systems such as Git, Mercurial or Apache Subversion. Starting from a “blank” repository that contains only the target source code, we enrich the repository with additional, persisted static analysis information to make whole-program analysis actually feasible in practice.
The first problem that needs to be addressed when analyzing C and C++ software is that every non-trivial program, due to the preprocessor, is written in a mixed language and represents a software product line. We therefore present VarAlyzer, a variability-aware static analysis approach that analyzes software product lines as a whole.
To avoid unnecessary repeated reanalysis of library components that do not change from one analysis run to another, we introduce ModAlyzer, a compositional analysis approach that analyzes and summarizes library components. These summaries can then be employed while analyzing the actual application code to significantly reduce analysis times.
To further avoid unnecessary reanalysis for parts of the code that do undergo frequent changes, but whose static analysis results computed in a previous analysis run are still valid, we present IncAlyzer. IncAlyzer exploits commit information provided by the target project's version control system to recompute analysis information only for the parts of the code that actually changed. This reduces analysis times---even for deep, semantic analysis---to a minimum.
We have implemented our approaches within PhASAR, our novel static analysis framework that aims at making the analysis of real-world C and C++ programs feasible in practice by matching precise whole-program analysis to modern software development. We show that PhASAR---the host of VarAlyzer, ModAlyzer, and IncAlyzer---not only looks good on paper but is actually useful and helps solve real problems by discussing its applications in interesting projects from academia and its application in a large industry project with a leading telecommunications company in which PhASAR-based technology has been successfully applied.
(shortened version of the abstract, taken from the dissertation of Philipp Dominik Schubert)
