摘要:
In this paper, we present an automatic compiler-based approach for detecting programming errors. Our system uses a configurable and scalable whole-program dataflow analysis engine driven by highlevel programmer-written annotations. We show that our system can automatically detect a wide range of programmer errors in C programs, including improper use of libraries, information leaks, and security vulnerabilities. We show that the aggressive compiler analysis that our system performs yields precise results. Further, our system detects a wide range of errors with greater scalability than previous automatic approaches. For one important class of security vulnerabilities, our system automatically finds all known errors in five medium to large C programs without producing any false positives.
展开