Sequence Containers (SC) in the C++ Standard Template Library (STL), such as the \texttt{vector}, are widely used in large-scale projects for their maintainability and flexibility. However, accessing the elements in an SC is bug-prone, as such operations will not check their boundaries during compilation or execution, which can lead to memory errors, such as buffer overflow problems. And these bugs are difficult to detect with available static analyzers, since the size of SCs and the target of iterators cannot be precisely tracked without a cooperative model for them.
To address this problem, we propose a combined model of SC sizes and iterator targets by tracking them simultaneously through a set of meta-operations extracted from corresponding method calls, and report improper operations according to three bug patterns. We implement the approach as a static analyzer, \textit{Scasa}, on the top of the Clang Static Analyzer (CSA) framework, and evaluate its effectiveness and efficiency against CSA and other state-of-the-art static analyzers on a benchmark composed of 2230 manually created code snippets and eight popular open-source C++ projects with a lot of SC usage. The experimental results reveal that \textit{Scasa} effectively identifies nearly all inherent bugs within the manual code snippets and generates 125 reports for these projects (with a time loss of 5–85%) where 72 reports are marked as correct with a manual revision. And to further confirm these correct reports, we also select some important ones for developers. These results show that accessing elements of SCs is bug-prone, and cooperatively tracking SC sizes and iterator targets can accurately detect these bugs with acceptable overhead.
Thu 31 OctDisplayed time zone: Pacific Time (US & Canada) change
13:30 - 15:00 | Bug detection and predictionResearch Papers / Journal-first Papers at Compagno Chair(s): Tim Menzies North Carolina State University | ||
13:30 15mTalk | Towards Effective Static Type-Error Detection for Python Research Papers | ||
13:45 15mTalk | Detecting Element Accessing Bugs in C++ Sequence Containers Research Papers | ||
14:00 15mTalk | Concretely Mapped Symbolic Memory Locations for Memory Error Detection Journal-first Papers Haoxin Tu Singapore Management University, Singapore, Lingxiao Jiang Singapore Management University, Jiaqi Hong Independent Researcher, Xuhua Ding Singapore Management University, He Jiang Dalian University of Technology | ||
14:15 15mTalk | NeuroJIT: Improving Just-In-Time Defect Prediction Using Neurophysiological and Empirical Perceptions of Modern Developers Research Papers |