Just use your regular build command with svace build
tool.
Svace will launch and monitor the build process and collect
all the necessary data for the analysis.
When the build phase is completed run svace analyze
tool to start
the analysis phase. Svace will perform lightweight AST checks and then
will proceed to the main path– and context–sensitive interprocedural
analysis of your code and produce some useful warnings.
Now you can import analysis results to Svace history storage. We provide a graphical web-based interface for reviewing warnings, comparing different runs, and hiding false warnings in subsequent runs on the same code.
At the build phase, Svace monitors regular build process and detects particular events (e.g. invocations of a compiler, linker, archiver, etc.) for supported languages. Svace can analyze programs that are built on Intel x86/x86-64 Linux/Windows, ARM/ARM64 architectures. Popular C/C++ compilers for Linux and Windows are supported as well as a range of compilers for embedded systems.
Using a detailed original build process description Svace employs its own compiler to produce an IR suitable for the analysis purposes from your source code.
IR that was obtained on the previous stage is first processed by the lightweight language–specific analyzers that look for simple coding errors.
During the main analysis phase, Svace utilizes DFA–like approach to perform an intraprocedural flow–sensitive analysis. Svace also uses static symbolic execution for path–sensitive analysis. The latter allows Svace to detect certain kinds of errors, that occur only on a specific program path.
For the interprocedural analysis, Svace uses function summaries, generated by the intraprocedural analysis. First, Svace engine constructs a program call graph. The main analysis phase is a single call graph traversal: callers are analyzed after callees. The engine utilizes the summary when it processes function calls (instead of revisiting callee's body), so it never analyzes the same function twice.
Svace stores the results of the analysis in a database. We provide a graphical web-based interface for reviewing them. The interface allows marking the warnings as true or false positives. Your decision will be applied to the same warning for the subsequent analysis runs on the same code automatically.