Static Analysis Argumentation

Evaluation of the efficacy of static analysis tooling for C and the Rust compiler in catching software errors pre-runtime.

• Static Analysis Argumentation
  • C static analysis tooling
  • Rust tooling
  • C examples
    • alias.c
    • constant.c
    • pattern.c
    • thread.c
  • Rust examples
    • alias.rs
    • constant.rs
    • pattern.rs
    • thread.rs
  • Usage
    • C
    • Rust
  • Results

C static analysis tooling

• scan-build
• cppcheck
• flawfinder
• flint++
• frama-c
• oclint
• scan-build clang
• splint
• vera++

Rust tooling

• rustc

C examples

alias.c

Dangerous aliasing behavior resulting in unsafe memory access.

constant.c

Discarding type qualification resulting in unsafe memory access.

pattern.c

Ambiguity of enumerations resulting in unsafe memory access.

thread.c

Data race resulting in unsafe memory access.

Rust examples

alias.rs

An attempt to implement the dangerous behavior of the corresponding alias.c.

constant.rs

An attempt to implement the dangerous behavior of the corresponding constant.c.

pattern.rs

An attempt to implement the dangerous behavior of the corresponding pattern.c.

thread.rs

An attempt to implement the dangerous behavior of the corresponding thread.c.

Usage

C

Each of the C examples should compile with gcc or clang. They should also result in a Segmentation fault report. Because access to the intentionally corrupted data represents undefined behavior, they may not always crash. Running any example a few times will likely reproduce the crash if the first try doesn't.

Rust

Each of the examples should fail to compile with rustc

Results

See ./report-alias.txt, ./report-const.txt, ./report-pattern.txt, ./report-thread.txt for result details for each example.

See ./report-alias_no_ptr_arithmetic.txt for results on alias example without pointer arithmetic.