Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++

Into the Woods: Experiences from Building a Dataflow Analysis Framework for C/C++

연구 분야: Strategies

학회: 2021 IEEE 21st International Working Conference on Source Code Analysis and Manipulation (SCAM)

While traditional static analysis—albeit its complexity—is a topic that is well understood, we especially struggle when it comes to implementing its concepts. Designing and modeling software that implements static analysis is a challenging task. However, developing usable static analysis implementations and providing toolboxes to researchers and practitioners is key to advance the overall progress in this field. This paper reports on the lessons learned from developing the PhASAR and Soot static data-flow analysis frameworks. We present some of the key mistakes of our first implementations of PhASAR and their corrections. From those corrections we distill guidelines that will be helpful to static analysis developers and their users. In our work, we identified modularity as the key guiding principle supported—directly or indirectly—by virtually all other guidelines.