SMT-based refutation of spurious bug reports in the clang static analyzer
SMT-based refutation of spurious bug reports in the clang static analyzer
We describe and evaluate a bug refutation extension for the Clang Static Analyzer (CSA) that addresses the limitations of the existing built-in constraint solver. In particular, we complement CSA's current heuristics for removing spurious bug reports. We encode the path constraints produced by CSA as Satisfiability Modulo Theories (SMT) problems, use SMT solvers to precisely check them for satisfiability, and remove bug reports whose associated path constraints are unsatisfiable. Our refutation extension refutes spurious bug reports in 8 out of 12 widely used open-source applications; on average, it refutes ca. 7% of all bug reports, and never refutes any true bug report. It incurs only negligible performance overheads, and on average adds 1.2% to the runtime of the full Clang/LLVM toolchain. A demonstration is available at https://www.youtube.com/watch?v=ylW5iRYNsGA
11-14
Gadelha, Mikhail R.
e4fe9e2a-ea00-4542-856b-3c083e7e003a
Steffinlongo, Enrico
3d79c5bb-e1e1-4071-8a9d-580736505063
Cordeiro, Lucas
fc7cb054-f39e-4013-9faa-a471bd006596
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Nicole, Denis
0aca6dd1-833f-4544-b7a4-58fb91c7395a
May 2019
Gadelha, Mikhail R.
e4fe9e2a-ea00-4542-856b-3c083e7e003a
Steffinlongo, Enrico
3d79c5bb-e1e1-4071-8a9d-580736505063
Cordeiro, Lucas
fc7cb054-f39e-4013-9faa-a471bd006596
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Nicole, Denis
0aca6dd1-833f-4544-b7a4-58fb91c7395a
Gadelha, Mikhail R., Steffinlongo, Enrico, Cordeiro, Lucas, Fischer, Bernd and Nicole, Denis
(2019)
SMT-based refutation of spurious bug reports in the clang static analyzer.
In ICSE '19 Proceedings of the 2019 IEEE/ACM 41st International Conference on Software Engineering: Companion Proceedings.
IEEE Press.
.
(doi:10.1109/ICSE-Companion.2019.00026).
Record type:
Conference or Workshop Item
(Paper)
Abstract
We describe and evaluate a bug refutation extension for the Clang Static Analyzer (CSA) that addresses the limitations of the existing built-in constraint solver. In particular, we complement CSA's current heuristics for removing spurious bug reports. We encode the path constraints produced by CSA as Satisfiability Modulo Theories (SMT) problems, use SMT solvers to precisely check them for satisfiability, and remove bug reports whose associated path constraints are unsatisfiable. Our refutation extension refutes spurious bug reports in 8 out of 12 widely used open-source applications; on average, it refutes ca. 7% of all bug reports, and never refutes any true bug report. It incurs only negligible performance overheads, and on average adds 1.2% to the runtime of the full Clang/LLVM toolchain. A demonstration is available at https://www.youtube.com/watch?v=ylW5iRYNsGA
Text
SMT-based refutation of spurious bug reports in the clang static analyzer
Restricted to Repository staff only
Request a copy
More information
Accepted/In Press date: 29 October 2018
Published date: May 2019
Additional Information:
arXiv is AM
Venue - Dates:
41st International Conference on Software Engineering, , Montreal, Canada, 2019-05-25 - 2019-05-31
Identifiers
Local EPrints ID: 433144
URI: http://eprints.soton.ac.uk/id/eprint/433144
PURE UUID: 608d4a3a-e5d7-47d9-a05b-06e3e7f7581e
Catalogue record
Date deposited: 09 Aug 2019 16:30
Last modified: 16 Mar 2024 03:17
Export record
Altmetrics
Contributors
Author:
Mikhail R. Gadelha
Author:
Enrico Steffinlongo
Author:
Lucas Cordeiro
Author:
Bernd Fischer
Author:
Denis Nicole
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics