TY - JOUR AU - Umann, Kristóf AU - Horváth, Gábor AU - Porkoláb, Zoltán TI - Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses using Dataflow Analyses JF - ACTA CYBERNETICA J2 - ACTA CYBERN-SZEGED VL - 26 PY - 2024 IS - 3 SP - 713 EP - 747 PG - 35 SN - 0324-721X DO - 10.14232/actacyb.299805 UR - https://m2.mtmt.hu/api/publication/35150471 ID - 35150471 AB - The lack of sound, concise and comprehensive error reports emitted by a static analysis tool can cause increased fixing cost, bottleneck at the availability of experts and even may undermine the trust in static analysis as a method. This paper presents novel techniques to improve the quality of bug reports for static analysis tools that employ symbolic execution. With the combination of data and control dependency analysis, we can identify the relevance of particular code snippets that were previously missing from the report. We demonstrated the benefits of our approach by implementing an improved bug report generator algorithm for the Clang Static Analyzer. After being tested by the open source community our solution became enabled by default in the tool. LA - English DB - MTMT ER - TY - JOUR AU - Horváth, Gábor AU - Kovács, Réka Nikolett AU - Szalay, Richárd AU - Porkoláb, Zoltán TI - Implementing and Executing Static Analysis using LLVM and CodeChecker JF - LECTURE NOTES IN COMPUTER SCIENCE J2 - LNCS VL - 11916 PY - 2024 SN - 0302-9743 UR - https://m2.mtmt.hu/api/publication/34849725 ID - 34849725 AB - Static analysis is a method to analyse the source code without executing it. It is widely used to find bugs and code smells in industrial software. Among other methods, the most important techniques are the one based on the abstract syntax tree and the one performing symbolic execution. Both of these methods found their role in modern software development as they have different advantages and limitations. In this tutorial, we present two problems from the C++ programming language: the elimination of redundant pointers; and how can we deal with dangling pointers originated from the misuse of the std::string class. These two issues have different theoretical backgrounds and finding them requires different implementation techniques. We will provide a step-by-step guide to implement the checkers – software to identify the aforementioned problems –, one is based on the abstract syntax analysis method, the other will explore the possibilities of the symbolic execution. The methods are explained in great detail and supported by code examples. We intend this tutorial both for architects of static analysis tools and for those developers who want to understand the advantages and the constraints of the individual methods. LA - English DB - MTMT ER - TY - JOUR AU - Horváth, Gábor AU - Kovács, Réka Nikolett AU - Porkoláb, Zoltán TI - Scaling Symbolic Execution to Large Software Systems JF - LECTURE NOTES IN COMPUTER SCIENCE J2 - LNCS VL - 11916 PY - 2024 SN - 0302-9743 UR - https://m2.mtmt.hu/api/publication/34849724 ID - 34849724 LA - English DB - MTMT ER - TY - BOOK AU - Kovács, Réka Nikolett AU - Horváth, Gábor AU - Porkoláb, Zoltán TI - Detecting lifetime errors of std::string view objects in C++ PY - 2024 UR - https://m2.mtmt.hu/api/publication/34849102 ID - 34849102 LA - English DB - MTMT ER - TY - BOOK AU - Umann, Kristóf AU - Porkoláb, Zoltán AU - Horváth, Gábor TI - Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses Using Dataflow Analyses PY - 2022 SP - 4 UR - https://m2.mtmt.hu/api/publication/34019576 ID - 34019576 AB - The lack of sound, concise and comprehensive error reports emitted by a static analysis tool can cause increased fixing cost, bottleneck at the availability of experts and even may undermine the trust in static analysis as a method. This paper presents novel techniques to improve the quality of bug reports for static analysis tools that employ symbolic execution. With the combination of data and control dependency analysis, we can identify the relevance of particular code snippets that were previously missing from the report. We demonstrated the benefits of our approach by implementing an improved bug report generator algorithm for the Clang Static Analyzer. After being tested by the open source community our solution became enabled by default in the tool. LA - English DB - MTMT ER - TY - JOUR AU - Horváth, Gábor AU - Kovács, Réka Nikolett AU - Szecsi, Peter TI - Report on the Differential Testing of Static Analyzers JF - ACTA CYBERNETICA J2 - ACTA CYBERN-SZEGED VL - 25 PY - 2022 IS - 4 SP - 781 EP - 795 PG - 15 SN - 0324-721X DO - 10.14232/actacyb.282831 UR - https://m2.mtmt.hu/api/publication/33540927 ID - 33540927 AB - Program faults, best known as bugs, are practically unavoidable in today's ever growing software systems. One increasingly popular way of eliminating them, besides tests, dynamic analysis, and fuzzing, is using static analysis based bug-finding tools. Such tools are capable of finding surprisingly sophisticated bugs automatically by inspecting the source code. Their analysis is usually both unsound and incomplete, but still very useful in practice, as they can find non-trivial problems in a reasonable time (e.g. within hours, for an industrial project) without human intervention Because the problems that static analyzers try to solve are hard, usually intractable, they use various approximations that need to be fine-tuned in order to grant a good user experience (i.e. as many interesting bugs with as few distracting false alarms as possible). For each newly introduced heuristic, this normally happens by performing differential testing of the analyzer on a lot of widely used open source software projects that are known to use related language constructs extensively. In practice, this process is ad hoc, error-prone, poorly reproducible and its results are hard to share. We present a set of tools that aim to support the work of static analyzer developers by making differential testing easier. Our framework includes tools for automatic test suite selection, automated differential experiments, coverage information of increased granularity, statistics collection, metric calculations, and visualizations, all resulting in a convenient, shareable HTML report. LA - English DB - MTMT ER - TY - JOUR AU - Szécsi, Péter György AU - Horváth, Gábor AU - Porkoláb, Zoltán TI - Improved Loop Execution Modeling in the Clang Static Analyzer JF - ACTA CYBERNETICA J2 - ACTA CYBERN-SZEGED VL - 25 PY - 2022 IS - 4 SP - 909 EP - 921 PG - 13 SN - 0324-721X DO - 10.14232/actacyb.283176 UR - https://m2.mtmt.hu/api/publication/32723245 ID - 32723245 AB - The LLVM Clang Static Analyzer is a source code analysis tool which aims to find bugs in C, C++, and Objective-C programs using symbolic execution, i.e. it simulates the possible execution paths of the code. Currently the simulation of the loops is somewhat naive (but efficient), unrolling the loops a predefined constant number of times. However, this approach can result in a loss of coverage in various cases. This study aims to introduce two alternative approaches which can extend the current method and can be applied simultaneously: (1) determining loops worth to fully unroll with applied heuristics, and (2) using a widening mechanism to simulate an arbitrary number of iteration steps. These methods were evaluated on numerous open source projects, and proved to increase coverage in most of the cases. This work also laid the infrastructure for future loop modeling improvements. LA - English DB - MTMT ER - TY - THES AU - Horváth, Gábor TI - Static Analyses for C++ in the Presence of Separate Compilation PB - Eötvös Loránd Tudományegyetem (ELTE) PY - 2021 SP - 162 DO - 10.15476/ELTE.2020.212 UR - https://m2.mtmt.hu/api/publication/32644144 ID - 32644144 LA - English DB - MTMT ER - TY - JOUR AU - Horváth, Gábor AU - Pataki, Norbert TI - IMPROVING THE PRECISION OF FLOW-SENSITIVE LIFETIME ANALYSIS JF - ACTA ELECTROTECHNICA ET INFORMATICA J2 - ACTA ELECTROTECH INF VL - 20 PY - 2020 IS - 4 SP - 10 EP - 18 PG - 9 SN - 1335-8243 DO - 10.15546/aeei-2020-0020 UR - https://m2.mtmt.hu/api/publication/31819027 ID - 31819027 LA - English DB - MTMT ER - TY - CONF AU - Horváth, Gábor AU - Pataki, Norbert ED - Horváth, Zoltán ED - Adrian, Petruşel TI - Synthesizing Same-Language Summaries for Symbolic Execution T2 - Collection of Abstracts PB - Babes-Bolyai Tudományegyetem C1 - Budapest PY - 2020 SP - 78 EP - 79 PG - 2 UR - https://m2.mtmt.hu/api/publication/31622847 ID - 31622847 LA - English DB - MTMT ER -