Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Fully Declarative Specification of Static Code Checkers

Dura, Alexandru LU orcid (2025)
Abstract
Static code checkers are tools that help software engineers by automatically finding defects without executing the programs. These tools contain a set of detectors that rely on static program analyses to find common programming defects or to enforce coding guidelines.

While existing code checker frameworks package a rich collection of detectors, aimed at common bug defects, the effort to adapt these detectors to specific project needs is not trivial. In their definition, the detectors rely on checker-specific program representations and auxiliary data structures, which incurs a high up-front cost for customization attempts. Being encoded in a general-purpose programming language, the detectors inherit the evaluation model of the... (More)
Static code checkers are tools that help software engineers by automatically finding defects without executing the programs. These tools contain a set of detectors that rely on static program analyses to find common programming defects or to enforce coding guidelines.

While existing code checker frameworks package a rich collection of detectors, aimed at common bug defects, the effort to adapt these detectors to specific project needs is not trivial. In their definition, the detectors rely on checker-specific program representations and auxiliary data structures, which incurs a high up-front cost for customization attempts. Being encoded in a general-purpose programming language, the detectors inherit the evaluation model of the host programming language. This precludes the adoption of evaluation schemes that fit the dynamics of the project, such as incremental evaluation or caching of partial results.

In this thesis we address the hindrances to adaptability in current checker frameworks by combining two declarative techniques: syntactic pattern matching and logic programming in Datalog. We use syntactic pattern matching to identify the program fragments that are of interest for a detector and Datalog logical rules to enable non-local reasoning between these fragments of interest. Syntactic patterns allow us to decouple the detector specification from the internal representations of programs, while the use of Datalog-style rules enables the adoption of alternative evaluation modes, such as incremental evaluation.

We materialize our techniques in declarative specification languages and runtimes that facilitate the construction of declarative static code checking frameworks for the C and Java languages. We show that these declarative specification languages enable concise description of bug detectors, while achieving analysis quality and runtime performance that is comparable with established frameworks. (Less)
Please use this url to cite or link to this publication:
author
supervisor
opponent
  • Dr. Lawall, Julia, Inria-Whisper, France.
organization
publishing date
type
Thesis
publication status
published
subject
pages
151 pages
publisher
Department of Computer Science, Lund University
defense location
Lecture Hall M:J, building M, Ole Römers väg 1F, Faculty of Engineering LTH, Lund University, Lund.
defense date
2025-05-19 09:00:00
ISBN
978-91-8104-532-1
978-91-8104-531-4
language
English
LU publication?
yes
id
66fadae7-a832-4ca6-8c71-8344e6509475
date added to LUP
2025-04-23 09:55:41
date last changed
2025-06-17 11:01:15
@phdthesis{66fadae7-a832-4ca6-8c71-8344e6509475,
  abstract     = {{Static code checkers are tools that help software engineers by automatically finding defects without executing the programs. These tools contain a set of detectors that rely on static program analyses to find common programming defects or to enforce coding guidelines.<br/><br/>While existing code checker frameworks package a rich collection of detectors, aimed at common bug defects, the effort to adapt these detectors to specific project needs is not trivial. In their definition, the detectors rely on checker-specific program representations and auxiliary data structures, which incurs a high up-front cost for customization attempts. Being encoded in a general-purpose programming language, the detectors inherit the evaluation model of the host programming language. This precludes the adoption of evaluation schemes that fit the dynamics of the project, such as incremental evaluation or caching of partial results.<br/><br/>In this thesis we address the hindrances to adaptability in current checker frameworks by combining two declarative techniques: syntactic pattern matching and logic programming in Datalog. We use syntactic pattern matching to identify the program fragments that are of interest for a detector and Datalog logical rules to enable non-local reasoning between these fragments of interest. Syntactic patterns allow us to decouple the detector specification from the internal representations of programs, while the use of Datalog-style rules enables the adoption of alternative evaluation modes, such as incremental evaluation.<br/><br/>We materialize our techniques in declarative specification languages and runtimes that facilitate the construction of declarative static code checking frameworks for the C and Java languages. We show that these declarative specification languages enable concise description of bug detectors, while achieving analysis quality and runtime performance that is comparable with established frameworks.}},
  author       = {{Dura, Alexandru}},
  isbn         = {{978-91-8104-532-1}},
  language     = {{eng}},
  month        = {{04}},
  publisher    = {{Department of Computer Science, Lund University}},
  school       = {{Lund University}},
  title        = {{Fully Declarative Specification of Static Code Checkers}},
  url          = {{https://lup.lub.lu.se/search/files/217740677/thesis.pdf}},
  year         = {{2025}},
}