@misc{MTMT:34019576, title = {Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses Using Dataflow Analyses}, url = {https://m2.mtmt.hu/api/publication/34019576}, author = {Umann, Kristóf and Porkoláb, Zoltán and Horváth, Gábor}, unique-id = {34019576}, abstract = {The lack of sound, concise and comprehensive error reports emitted by a static analysis tool can cause increased fixing cost, bottleneck at the availability of experts and even may undermine the trust in static analysis as a method. This paper presents novel techniques to improve the quality of bug reports for static analysis tools that employ symbolic execution. With the combination of data and control dependency analysis, we can identify the relevance of particular code snippets that were previously missing from the report. We demonstrated the benefits of our approach by implementing an improved bug report generator algorithm for the Clang Static Analyzer. After being tested by the open source community our solution became enabled by default in the tool.}, keywords = {Clang; Symbolic execution; static analysis; Control dependency; reaching definitions analysis}, year = {2022}, orcid-numbers = {Porkoláb, Zoltán/0000-0001-6819-0224; Horváth, Gábor/0000-0002-0834-0996} } @article{MTMT:33540927, title = {Report on the Differential Testing of Static Analyzers}, url = {https://m2.mtmt.hu/api/publication/33540927}, author = {Horváth, Gábor and Kovács, Réka Nikolett and Szecsi, Peter}, doi = {10.14232/actacyb.282831}, journal-iso = {ACTA CYBERN-SZEGED}, journal = {ACTA CYBERNETICA}, volume = {25}, unique-id = {33540927}, issn = {0324-721X}, abstract = {Program faults, best known as bugs, are practically unavoidable in today's ever growing software systems. One increasingly popular way of eliminating them, besides tests, dynamic analysis, and fuzzing, is using static analysis based bug-finding tools. Such tools are capable of finding surprisingly sophisticated bugs automatically by inspecting the source code. Their analysis is usually both unsound and incomplete, but still very useful in practice, as they can find non-trivial problems in a reasonable time (e.g. within hours, for an industrial project) without human intervention Because the problems that static analyzers try to solve are hard, usually intractable, they use various approximations that need to be fine-tuned in order to grant a good user experience (i.e. as many interesting bugs with as few distracting false alarms as possible). For each newly introduced heuristic, this normally happens by performing differential testing of the analyzer on a lot of widely used open source software projects that are known to use related language constructs extensively. In practice, this process is ad hoc, error-prone, poorly reproducible and its results are hard to share. We present a set of tools that aim to support the work of static analyzer developers by making differential testing easier. Our framework includes tools for automatic test suite selection, automated differential experiments, coverage information of increased granularity, statistics collection, metric calculations, and visualizations, all resulting in a convenient, shareable HTML report.}, year = {2022}, eissn = {2676-993X}, pages = {781-795}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996; Szecsi, Peter/0000-0001-9156-1337} } @article{MTMT:32723245, title = {Improved Loop Execution Modeling in the Clang Static Analyzer}, url = {https://m2.mtmt.hu/api/publication/32723245}, author = {Szécsi, Péter György and Horváth, Gábor and Porkoláb, Zoltán}, doi = {10.14232/actacyb.283176}, journal-iso = {ACTA CYBERN-SZEGED}, journal = {ACTA CYBERNETICA}, volume = {25}, unique-id = {32723245}, issn = {0324-721X}, abstract = {The LLVM Clang Static Analyzer is a source code analysis tool which aims to find bugs in C, C++, and Objective-C programs using symbolic execution, i.e. it simulates the possible execution paths of the code. Currently the simulation of the loops is somewhat naive (but efficient), unrolling the loops a predefined constant number of times. However, this approach can result in a loss of coverage in various cases. This study aims to introduce two alternative approaches which can extend the current method and can be applied simultaneously: (1) determining loops worth to fully unroll with applied heuristics, and (2) using a widening mechanism to simulate an arbitrary number of iteration steps. These methods were evaluated on numerous open source projects, and proved to increase coverage in most of the cases. This work also laid the infrastructure for future loop modeling improvements.}, year = {2022}, eissn = {2676-993X}, pages = {909-921}, orcid-numbers = {Szécsi, Péter György/0000-0001-9156-1337; Horváth, Gábor/0000-0002-0834-0996; Porkoláb, Zoltán/0000-0001-6819-0224} } @mastersthesis{MTMT:32644144, title = {Static Analyses for C++ in the Presence of Separate Compilation}, url = {https://m2.mtmt.hu/api/publication/32644144}, author = {Horváth, Gábor}, doi = {10.15476/ELTE.2020.212}, publisher = {Eötvös Loránd University}, unique-id = {32644144}, year = {2021}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996} } @article{MTMT:31819027, title = {IMPROVING THE PRECISION OF FLOW-SENSITIVE LIFETIME ANALYSIS}, url = {https://m2.mtmt.hu/api/publication/31819027}, author = {Horváth, Gábor and Pataki, Norbert}, doi = {10.15546/aeei-2020-0020}, journal-iso = {ACTA ELECTROTECH INF}, journal = {ACTA ELECTROTECHNICA ET INFORMATICA}, volume = {20}, unique-id = {31819027}, issn = {1335-8243}, year = {2020}, eissn = {1338-3957}, pages = {10-18}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996; Pataki, Norbert/0000-0002-7519-3367} } @CONFERENCE{MTMT:31622847, title = {Synthesizing Same-Language Summaries for Symbolic Execution}, url = {https://m2.mtmt.hu/api/publication/31622847}, author = {Horváth, Gábor and Pataki, Norbert}, booktitle = {Collection of Abstracts}, unique-id = {31622847}, year = {2020}, pages = {78-79}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996; Pataki, Norbert/0000-0002-7519-3367} } @inproceedings{MTMT:30846360, title = {Retaining semantic information in the static analysis of real-world software}, url = {https://m2.mtmt.hu/api/publication/30846360}, author = {Horváth, Gábor}, booktitle = {Proceedings Companion of the 2019 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity - SPLASH Companion 2019}, doi = {10.1145/3359061.3361075}, unique-id = {30846360}, year = {2019}, pages = {32-34}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996} } @inproceedings{MTMT:30824520, title = {Detecting C++ Lifetime Errors with Symbolic Execution}, url = {https://m2.mtmt.hu/api/publication/30824520}, author = {Kovács, Réka Nikolett and Horváth, Gábor and Porkoláb, Zoltán}, booktitle = {Proceedings of the 9th Balkan Conference on Informatics - BCI'19}, doi = {10.1145/3351556.3351585}, unique-id = {30824520}, year = {2019}, pages = {1-6}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996; Porkoláb, Zoltán/0000-0001-6819-0224} } @inproceedings{MTMT:30796615, title = {On the Validated Usage of the C++ Standard Template Library}, url = {https://m2.mtmt.hu/api/publication/30796615}, author = {Babati, Bence and Horváth, Gábor and Pataki, Norbert and Attila, Páter-Részeg}, booktitle = {Proceedings of the 9th Balkan Conference on Informatics - BCI'19}, doi = {10.1145/3351556.3351570}, unique-id = {30796615}, year = {2019}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996; Pataki, Norbert/0000-0002-7519-3367} } @inproceedings{MTMT:30796594, title = {Categorization of C++ Classes for Static Lifetime Analysis}, url = {https://m2.mtmt.hu/api/publication/30796594}, author = {Horváth, Gábor and Pataki, Norbert}, booktitle = {Proceedings of the 9th Balkan Conference on Informatics - BCI'19}, doi = {10.1145/3351556.3351559}, unique-id = {30796594}, year = {2019}, orcid-numbers = {Horváth, Gábor/0000-0002-0834-0996; Pataki, Norbert/0000-0002-7519-3367} }