Program Analysis

Static Program Analysis

Static analysis allows one to check interesting properties of a program without actually executing them. The program’s behavior will be analyzed along all of its execution path which meas that no program behavior can be forgotten. Static analysis thus yields an over-approximation of all the possible behavior that a program can emitted. Static analysis has numerous advantages: early detection of vulnerabilities and bugs possible, program does not need to be executed, analysis of only parts of a program possible, etc. We apply static analysis to find bugs and security vulnerabilities, and use it as a basis for advanced program optimizations. GaZAR especially focuses on data-flow analysis and builds on top of PhASAR (https://phasar.org/) and LLVM (https://llvm.org/). Depending on our customers concrete use case we are also able to employ symbolic execution and similar techniques. To solve custom refactoring tasks we use analyses and transformations based on the abstract syntax tree; of course, we offer customized solutions and build our refactoring tools on top of Clang’s (https://clang.llvm.org/) infrastructure.

Dynamic Program Analysis

Dynamic analysis allows for inspecting programs during their execution. In contrast to its static counterpart, however, it can only analyse a subset of all possible execution paths of a program. Dynamic analysis thus is an under-approximation of all the possible behavior that a program can emit. It allows for determining runtime properties of the program under analysis. The advantages of dynamic analysis, among others, include great flexibility, the possibility to validate the results of a static analysis or to reveal results that a static analysis declared as false negatives. Dynamic analysis can be used to guarantee certain security properties and to analyze a program’s performance. GaZAR allows our customers to analyze and instrument their applications according to their needs. We enable our customers to guarantee certain desired program properties and allow for gaining valuable insights into the concrete program behavior.

Applications

Based on a program analysis’ results (static and/or dynamic) we are able to detect bugs, programming mistakes, security vulnerabilities and fix them. In addition, we are able to use program analysis as a basis for program optimizations and automated refactorings. This enables us to harden your application, improve its code quality, and enhance its performance. Depending on the concrete use case we also develop hybrid analyses that combine the best of both worlds.