dc.description.abstract | Source code is rich with signs carrying meaning that is incomprehensible to a
compiler, but important to the human programmer. For instance, a compiler does
not understand that a variable named privateKey contains confidential data
and therefore must be treated with extra care, or that an array populated by a
cryptographically secure random number generator has properties that set it apart
from other arrays. I present two static analyses that explicitly model such latent
meaning, and use it to find bugs. Both analyses are simple; my aim is not to beat
the precision of state-of-the-art techniques, but rather to argue that much can be
done using simple techniques. To support this claim, I demonstrate the effectiveness
of both analyses on test cases from a well-known test suite and a selection
of other examples. Further, I argue that the analyses generalise to applications
beyond those I investigate. I have implemented the analyses in a proof-of-concept
tool, which I contribute as free and open source software. | |