Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

The PVS-Studio analyzer is gradually becoming more complicated but these changes can be hardly described in a Release-history. For example, this year we have consistently implemented symbolic computations in the analyzer. This is why it was agreed to write a note on algorithms and technologies, which PVS-Studio now uses to search for errors and potential vulnerabilities.

Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

by Andrey Karpov

From the article:

Here a mixture of technologies is working: data flow analysis, symbolic execution, and automatic method annotation (we will cover this technology in the next section). The analyzer sees that X variable is used in the Div function as a divisor. On this basis, a special annotation is built for the Div function. Further it is taken into account that in the function a range of values [0..4] is passed as the X argument. The analyzer comes to a conclusion that a division by 0 has to occur.

Add a Comment

Comments are closed.

Comments (0)

There are currently no comments on this entry.