| 摘要 |
An exemplary method includes performing a first static analysis to locate elements within a program and instrumenting the program to enable a subsequent dynamic analysis based on the located elements. The method includes executing the instrumented program and performing during execution analysis to determine individual sets of statements in the program affected by a corresponding element. The method includes partitioning the sets of statements into partitions based on one or more considerations, each partition including one or more of the elements. The method includes performing a second static analysis on the partitions of the program to produce results and outputting the results. The method may be performed for, e.g., security (e.g., taint) analysis, buffer overflow analysis, and typestate analysis. Apparatus and program products are also disclosed. |
| 主权项 |
1. A method, comprising:
performing a first static analysis on a program to locate source statements within the program that are data flow seeding statements for a type of static analysis to be performed in a second static analysis; instrumenting the program to enable a subsequent dynamic analysis based on the located data flow seeding statements; executing the instrumented program and performing, during execution, the dynamic analysis to determine individual sets of statements in the program affected by execution of the instrumented program starting at a corresponding data flow seeding statement; partitioning the data flow seeding statements into partitions based on the sets of statements and one or more considerations, each partition comprising one or more of the data flow seeding statements, wherein the data flow seeding statements in each of the partitions are different; performing a second static analysis of the program based on the partitions to produce results indicating any errors for the type of static analysis performed in the second static analysis, at least by:
selecting one of the partitions, performing a static analysis of the program at least by, for all of the data flow seeding statements in the selected partition, starting at each of the data flow seeding statements in the selected partition, and following a first data flow from the data flow seeding statement through additional statements in the program and to an endpoint of the first data flow, wherein the endpoint is based on a the type of the second static analysis; andselecting a different one of the partitions, and performing another, subsequent static analysis of the program at least by, for all of the data flow seeding statements in the different partition, starting at each of the data flow seeding statements in the different partition, and following a second data flow from the data flow seeding statement through additional statements in the program and to an endpoint of the second data flow, wherein the second data flow is different from the first data flow, wherein the endpoint is based on the type of the second static analysis, and wherein the subsequent static analysis reuses analysis elements of analysis provided by the static analysis performed using the previously selected partition; and outputting the results. |
