CoBOT: Static C/C++ Bug Detection in the Presence of Incomplete Code
| Title | CoBOT: Static C/C++ Bug Detection in the Presence of Incomplete Code |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Gao, Qing, Ma, Sen, Shao, Sihao, Sui, Yulei, Zhao, Guoliang, Ma, Luyao, Ma, Xiao, Duan, Fuyao, Deng, Xiao, Zhang, Shikun, Chen, Xianglong |
| Conference Name | Proceedings of the 26th Conference on Program Comprehension |
| Publisher | ACM |
| ISBN Number | 978-1-4503-5714-2 |
| Keywords | bug detection, composability, Human Behavior, incomplete code, pubcrawl, Resiliency, static analysis, static code analysis |
| Abstract | To obtain precise and sound results, most of existing static analyzers require whole program analysis with complete source code. However, in reality, the source code of an application always interacts with many third-party libraries, which are often not easily accessible to static analyzers. Worse still, more than 30% of legacy projects [1] cannot be compiled easily due to complicated configuration environments (e.g., third-party libraries, compiler options and macros), making ideal "whole-program analysis" unavailable in practice. This paper presents CoBOT [2], a static analysis tool that can detect bugs in the presence of incomplete code. It analyzes function APIs unavailable in application code by either using function summarization or automatically downloading and analyzing the corresponding library code as inferred from the application code and its configuration files. The experiments show that CoBOT is not only easy to use, but also effective in detecting bugs in real-world programs with incomplete code. Our demonstration video is at: https://youtu.be/bhjJp3e7LPM. |
| URL | https://dl.acm.org/citation.cfm?doid=3196321.3196367 |
| DOI | 10.1145/3196321.3196367 |
| Citation Key | gao_cobot:_2018 |