CoBOT: Static C/C++ bug detection in the presence of incomplete code

Publication Type:
Conference Proceeding
Proceedings - International Conference on Software Engineering, 2018, pp. 385 - 388
Issue Date:
Filename Description Size
icpc18.pdfPublished version704.18 kB
Adobe PDF
Full metadata record
© 2018 Authors. To obtain precise and sound results, most of existing static analyzers require whole program analysis with complete source code. However, in reality, the source code of an application always interacts with many third-party libraries, which are often not easily accessible to static analyzers. Worse still, more than 30% of legacy projects [1] cannot be compiled easily due to complicated configuration environments (e.g., third-party libraries, compiler options and macros), making ideal "whole-program analysis" unavailable in practice. This paper presents CoBOT [2], a static analysis tool that can detect bugs in the presence of incomplete code. It analyzes function APIs unavailable in application code by either using function summarization or automatically downloading and analyzing the corresponding library code as inferred from the application code and its configuration files. The experiments show that CoBOT is not only easy to use, but also effective in detecting bugs in real-world programs with incomplete code. Our demonstration video is at:
Please use this identifier to cite or link to this item: