Program Analysis

Static analysis allows checking of interesting properties of a program without actually executing them. It will analyze the program’s behavior along all of its execution paths, which means that the analysis cannot forget program behavior. The static analysis thus yields an over-approximation of all the possible behavior that a program can emit. Static analysis has numerous advantages: early detection of vulnerabilities and bugs possible, the program does not need to be executed, analysis of only parts of a program possible, etc. We apply static analysis to find bugs and security vulnerabilities and use it as a basis for advanced program optimizations. GaZAR primarily focuses on data-flow analysis and builds on top of PhASAR (https://phasar.org/) and LLVM (https://llvm.org/). Depending on our customer’s concrete use case, we can also employ symbolic execution and similar techniques. To solve custom refactoring tasks, we use analyses and transformations based on the abstract syntax tree; of course, we offer customized solutions and build our refactoring tools on top of Clang’s (https://clang.llvm.org/) infrastructure.

The dynamic analysis allows for inspecting programs during their execution. However, in contrast to its static counterpart, it can only analyze a subset of a program’s possible execution paths. It thus is an under-approximation of all the possible behavior that a program can emit. It allows for determining runtime properties of the program under analysis. The advantages of dynamic analysis, among others, include great flexibility, the possibility to validate the results of static analysis, or to reveal outcomes that a static analysis declared as false negatives. Dynamic analysis can be used to guarantee specific security properties and to analyze a program’s performance. GaZAR allows our customers to analyze and instrument their applications according to their needs. We enable our customers to guarantee certain desired program properties and gain valuable insights into concrete program behavior.

Based on a program analysis’ results (static and/or dynamic) we are able to detect bugs, programming mistakes, security vulnerabilities and fix them. In addition, we are able to use program analysis as a basis for program optimizations and automated refactorings. This enables us to harden your application, improve its code quality, and enhance its performance. Depending on the concrete use case we also develop hybrid analyses that combine the best of both worlds.