Customizing Static Analysis using Codesearch
Abstract
Static analysis is a growing application of software engineering, leading to a range of essential security tools, bug-finding tools, as well as software verification. Recent years show an increase of universal static analysis tools that validate a range of properties and allow customizing parts of the scanner to validate additional properties or "static analysis rules". A commonly used language to describe a range of static analysis applications is Datalog. Unfortunately, the language is still non-trivial to use, leading to analysis that is difficult to implement in a precise but performant way. In this work, we aim to make building custom static analysis tools much easier for developers, while at the same time, providing a familiar framework for application security and static analysis experts. Our approach introduces a language called StarLang, a variant of Datalog which only includes programs with a fast runtime by the means of having low time complexity of its decision procedure.
- Publication:
-
arXiv e-prints
- Pub Date:
- April 2024
- DOI:
- 10.48550/arXiv.2404.12747
- arXiv:
- arXiv:2404.12747
- Bibcode:
- 2024arXiv240412747H
- Keywords:
-
- Computer Science - Programming Languages;
- Computer Science - Logic in Computer Science;
- Computer Science - Software Engineering
- E-Print:
- 34 pages, 2 figures