Customizing Static Analysis using Codesearch
Avi Hayoun, Veselin Raychev, Jack Hair
TL;DR
This paper introduces StarLang, a simplified and efficient variant of Datalog, to facilitate easier development of customizable static analysis tools for security and verification tasks.
Contribution
The paper presents StarLang, a new language that simplifies and accelerates the creation of custom static analysis tools by reducing complexity and runtime overhead.
Findings
StarLang enables faster static analysis rule implementation.
It maintains a balance between expressiveness and performance.
Developers can build custom tools more easily and efficiently.
Abstract
Static analysis is a growing application of software engineering, leading to a range of essential security tools, bug-finding tools, as well as software verification. Recent years show an increase of universal static analysis tools that validate a range of properties and allow customizing parts of the scanner to validate additional properties or "static analysis rules". A commonly used language to describe a range of static analysis applications is Datalog. Unfortunately, the language is still non-trivial to use, leading to analysis that is difficult to implement in a precise but performant way. In this work, we aim to make building custom static analysis tools much easier for developers, while at the same time, providing a familiar framework for application security and static analysis experts. Our approach introduces a language called StarLang, a variant of Datalog which only includes…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSoftware Engineering Research · Software System Performance and Reliability · Software Testing and Debugging Techniques