How to Build Static Checking Systems Using Orders of Magnitude Less Code

Abstract

Modern static bug finding tools are complex. They typically consist of hundreds of thousands of lines of code, and most of them are wedded to one language (or even one compiler). This complexity makes the systems hard to understand, hard to debug, and hard to retarget to new languages, thereby dramatically limiting their scope. This paper reduces checking system complexity by addressing a fundamental assumption, the assumption that checkers must depend on a full-blown language specification and compiler front end. Instead, our program checkers are based on drastically incomplete language grammars ("micro-grammars") that describe only portions of a language relevant to a checker. As a result, our implementation is tiny-roughly 2500 lines of code, about two orders of magnitude smaller than a typical system. We hope that this dramatic increase in simplicity will allow people to use more checkers on more systems in more languages.

Document Details

Document Type
Pub Defense Publication
Publication Date
Mar 25, 2016
Source ID
10.1145/2954679.2872364

Entities

People

  • Andres Nötzli
  • Dawson Engler
  • Fraser Brown

Organizations

  • Defense Advanced Research Projects Agency
  • Stanford University

Tags

Fields of Study

  • Computer science

Readers

  • Computational Linguistics
  • Parallel and Distributed Computing.
  • Strategic Security Studies