TY - BOOK AU - Umann, Kristóf AU - Porkoláb, Zoltán AU - Horváth, Gábor TI - Uncovering Hidden Dependencies: Constructing Intelligible Path Witnesses Using Dataflow Analyses PY - 2022 SP - 4 UR - https://m2.mtmt.hu/api/publication/34019576 ID - 34019576 AB - The lack of sound, concise and comprehensive error reports emitted by a static analysis tool can cause increased fixing cost, bottleneck at the availability of experts and even may undermine the trust in static analysis as a method. This paper presents novel techniques to improve the quality of bug reports for static analysis tools that employ symbolic execution. With the combination of data and control dependency analysis, we can identify the relevance of particular code snippets that were previously missing from the report. We demonstrated the benefits of our approach by implementing an improved bug report generator algorithm for the Clang Static Analyzer. After being tested by the open source community our solution became enabled by default in the tool. LA - English DB - MTMT ER - TY - JOUR AU - Horváth, Gábor AU - Kovács, Réka Nikolett AU - Szecsi, Peter TI - Report on the Differential Testing of Static Analyzers JF - ACTA CYBERNETICA J2 - ACTA CYBERN-SZEGED VL - 25 PY - 2022 IS - 4 SP - 781 EP - 795 PG - 15 SN - 0324-721X DO - 10.14232/actacyb.282831 UR - https://m2.mtmt.hu/api/publication/33540927 ID - 33540927 AB - Program faults, best known as bugs, are practically unavoidable in today's ever growing software systems. One increasingly popular way of eliminating them, besides tests, dynamic analysis, and fuzzing, is using static analysis based bug-finding tools. Such tools are capable of finding surprisingly sophisticated bugs automatically by inspecting the source code. Their analysis is usually both unsound and incomplete, but still very useful in practice, as they can find non-trivial problems in a reasonable time (e.g. within hours, for an industrial project) without human intervention Because the problems that static analyzers try to solve are hard, usually intractable, they use various approximations that need to be fine-tuned in order to grant a good user experience (i.e. as many interesting bugs with as few distracting false alarms as possible). For each newly introduced heuristic, this normally happens by performing differential testing of the analyzer on a lot of widely used open source software projects that are known to use related language constructs extensively. In practice, this process is ad hoc, error-prone, poorly reproducible and its results are hard to share. We present a set of tools that aim to support the work of static analyzer developers by making differential testing easier. Our framework includes tools for automatic test suite selection, automated differential experiments, coverage information of increased granularity, statistics collection, metric calculations, and visualizations, all resulting in a convenient, shareable HTML report. LA - English DB - MTMT ER - TY - JOUR AU - Szécsi, Péter György AU - Horváth, Gábor AU - Porkoláb, Zoltán TI - Improved Loop Execution Modeling in the Clang Static Analyzer JF - ACTA CYBERNETICA J2 - ACTA CYBERN-SZEGED VL - 25 PY - 2022 IS - 4 SP - 909 EP - 921 PG - 13 SN - 0324-721X DO - 10.14232/actacyb.283176 UR - https://m2.mtmt.hu/api/publication/32723245 ID - 32723245 AB - The LLVM Clang Static Analyzer is a source code analysis tool which aims to find bugs in C, C++, and Objective-C programs using symbolic execution, i.e. it simulates the possible execution paths of the code. Currently the simulation of the loops is somewhat naive (but efficient), unrolling the loops a predefined constant number of times. However, this approach can result in a loss of coverage in various cases. This study aims to introduce two alternative approaches which can extend the current method and can be applied simultaneously: (1) determining loops worth to fully unroll with applied heuristics, and (2) using a widening mechanism to simulate an arbitrary number of iteration steps. These methods were evaluated on numerous open source projects, and proved to increase coverage in most of the cases. This work also laid the infrastructure for future loop modeling improvements. LA - English DB - MTMT ER - TY - THES AU - Horváth, Gábor TI - Static Analyses for C++ in the Presence of Separate Compilation PB - Eötvös Loránd Tudományegyetem (ELTE) PY - 2021 SP - 162 DO - 10.15476/ELTE.2020.212 UR - https://m2.mtmt.hu/api/publication/32644144 ID - 32644144 LA - English DB - MTMT ER - TY - JOUR AU - Horváth, Gábor AU - Pataki, Norbert TI - IMPROVING THE PRECISION OF FLOW-SENSITIVE LIFETIME ANALYSIS JF - ACTA ELECTROTECHNICA ET INFORMATICA J2 - ACTA ELECTROTECH INF VL - 20 PY - 2020 IS - 4 SP - 10 EP - 18 PG - 9 SN - 1335-8243 DO - 10.15546/aeei-2020-0020 UR - https://m2.mtmt.hu/api/publication/31819027 ID - 31819027 LA - English DB - MTMT ER - TY - CONF AU - Horváth, Gábor AU - Pataki, Norbert ED - Horváth, Zoltán ED - Adrian, Petruşel TI - Synthesizing Same-Language Summaries for Symbolic Execution T2 - Collection of Abstracts PB - Babes-Bolyai Tudományegyetem C1 - Budapest PY - 2020 SP - 78 EP - 79 PG - 2 UR - https://m2.mtmt.hu/api/publication/31622847 ID - 31622847 LA - English DB - MTMT ER - TY - CHAP AU - Horváth, Gábor TI - Retaining semantic information in the static analysis of real-world software T2 - Proceedings Companion of the 2019 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity - SPLASH Companion 2019 PB - ACM Press CY - New York, New York SN - 9781450369923 PY - 2019 SP - 32 EP - 34 PG - 3 DO - 10.1145/3359061.3361075 UR - https://m2.mtmt.hu/api/publication/30846360 ID - 30846360 N1 - 3in(EFOP-3.6.2-16-2017-00013) Támogató: EFOP Innovatív Informatikai és Infokommunikációs Megoldásokat Megalapozó Tematikus Kutatási Együttműködések LA - English DB - MTMT ER - TY - CHAP AU - Kovács, Réka Nikolett AU - Horváth, Gábor AU - Porkoláb, Zoltán ED - Eleftherakis, G. ED - Lazarova, M. ED - Aleksieva-Petrova, A. ED - Tasheva, A. TI - Detecting C++ Lifetime Errors with Symbolic Execution T2 - Proceedings of the 9th Balkan Conference on Informatics - BCI'19 PB - Association for Computing Machinery CY - New York, New York SN - 9781450371933 PY - 2019 SP - 1 EP - 6 PG - 6 DO - 10.1145/3351556.3351585 UR - https://m2.mtmt.hu/api/publication/30824520 ID - 30824520 LA - English DB - MTMT ER - TY - CHAP AU - Babati, Bence AU - Horváth, Gábor AU - Pataki, Norbert AU - Attila, Páter-Részeg ED - Eleftherakis, G. ED - Lazarova, M. ED - Aleksieva-Petrova, A. ED - Tasheva, A. TI - On the Validated Usage of the C++ Standard Template Library T2 - Proceedings of the 9th Balkan Conference on Informatics - BCI'19 PB - Association for Computing Machinery CY - New York, New York SN - 9781450371933 PY - 2019 PG - 8 DO - 10.1145/3351556.3351570 UR - https://m2.mtmt.hu/api/publication/30796615 ID - 30796615 LA - English DB - MTMT ER - TY - CHAP AU - Horváth, Gábor AU - Pataki, Norbert ED - Eleftherakis, G. ED - Lazarova, M. ED - Aleksieva-Petrova, A. ED - Tasheva, A. TI - Categorization of C++ Classes for Static Lifetime Analysis T2 - Proceedings of the 9th Balkan Conference on Informatics - BCI'19 PB - Association for Computing Machinery CY - New York, New York SN - 9781450371933 PY - 2019 PG - 7 DO - 10.1145/3351556.3351559 UR - https://m2.mtmt.hu/api/publication/30796594 ID - 30796594 N1 - 3in(EFOP-3.6.2-16-2017-00013) Támogató: EFOP Innovatív Informatikai és Infokommunikációs Megoldásokat Megalapozó Tematikus Kutatási Együttműködések LA - English DB - MTMT ER -