SMT-Based Refutation of Spurious Bug Reports in the Clang Static Analyzer
We describe and evaluate a bug refutation extension for the Clang Static Analyzer (CSA) that addresses the limitations of the existing built-in constraint solver. In particular, we complement CSA’s existing heuristics that remove spurious bug reports. We encode the path constraints produced by CSA as Satisfiability Modulo Theories (SMT) problems, use SMT solvers to precisely check them for satisfiability, and remove bug reports whose associated path constraints are unsatisfiable. Our refutation extension refutes spurious bug reports in 8 out of 12 widely used open-source applications; on average, it refutes ca. 7% of all bug reports, and never refutes any true bug report. It incurs only negligible performance overheads, and on average adds 1.2% to the runtime of the full Clang/LLVM toolchain. A demonstration is available at https://www.youtube.com/watch?v=ylW5iRYNsGA.
Wed 29 May Times are displayed in time zone: Eastern Time (US & Canada) change
11:00 - 12:30
|SMOKE: Scalable Path-Sensitive Memory Leak Detection for Millions of Lines of CodeTechnical Track|
Gang FanHong Kong University of Science and Technology, Rongxin WuDepartment of Computer Science and Engineering, The Hong Kong University of Science and Technology, Qingkai ShiHong Kong University of Science and Technology, Xiao XiaoSourcebrella Inc., Jinguo ZhouSourcebrella Inc., Charles ZhangThe Hong Kong University of Science and TechnologyPre-print
|Resource-aware Program Analysis via Online Abstraction CoarseningTechnical Track|
|SMT-Based Refutation of Spurious Bug Reports in the Clang Static AnalyzerDemos|