Static program analysis has been proven useful to virtually any company that builds their own software product. Static analysis is used to automatically detect bugs and security breaches, and aids compiler optimization.
While there are relatively light-weight analysis approaches that conduct syntactic checks on the target program, and which are able to analyze even million lines of code in minutes, analysis approaches that compute semantic properties of a program are more heavy-weight. Many interesting static analysis problems, such as data-flow, shape, or typestate analysis require detailed, inter-procedural semantic program information. To solve these analysis problems, detailed abstractions are required that involve complex data-flow solvers, complex analysis domains, and oftentimes multiple different, potentially interleaving, helper analysis.
For many real-world sized target programs, detailed abstractions that are necessary to solve those more heavy-weight analysis problems lead to high runtime and memory requirements. This makes it almost impossible to integrate such analyses into software development processes, let alone compilers. Actual solutions to analysis problems are often undecidable, forcing analysis developers to resort to approximations. In addition, the complex concepts and algorithms that are required to solve analyses that reason about semantic properties of a program are one of the reasons that lead to restricted supply of static-analysis implementations that are able to solve those kinds of problems.
GaZAR’s Static Program Analysis as a Service (SPAS) provides a layer of abstraction that handles all of the above problems for you. We at GaZAR are currently developing a prototype. Users of GaZAR’s SPAS register their software project and choose which kind of program analyses they wish to run on their projects, when to run them, and how to consume the analyses’ results. SPAS’s features support for the major versioning systems such as Github and Gitlab. Users only need to add their repository and SPAS will take care of understanding the project. SPAS will then run the analyses that are interesting to you and your company on the software product under analysis. While companies that are interested in detecting potential code injection vulnerabilities may wish to run a taint analysis that detects data flows from sensitive data sources to sinks that may not leak that data, other companies that are interested in maximum program performance may wish to run the heaviest optimizations to make the program as run as fast as possible. These kinds of analysis scenarios are possible since GaZAR’s team comprises various experts in the fields of program analysis, programming languages and compilers. We are able to run such interesting, heavy-weight analyses that would otherwise challenge any developer machine in terms of running times and memory usage by solving our analyses in the cloud. Our users specify when they would like the analyses to run. That way our users can match the analyses to their companies’ internal workflow. Program analyses can be solved overnight or with every single commit to the project in a matter of minutes. Our analyses are perfectly scalable and can make use of the virtually unlimited computing resources available in the cloud. Once the analyses’s results are available, our users can access them in a way that is most useful to them. Result reports can be (re)viewed online or they can be loaded into your developers’ favorite IDEs to be mapped and actioned on the source code. The results can even be used as a basis for further SPAS-based heavy program optimization in an -O4 manner.
GaZAR’s Static Program Analysis as a Service platform not only allows for running our custom-developed analyses but your own analyses and analyses developed by third-parties, too.
You are interested in GaZAR’s Static Program Analysis as a Service, wish to tell us what is interesting to your company and what features are most important to you, or even wish to use our prototype for analyzing your software product? Then please fill out the form at https://docs.google.com/forms/d/e/1FAIpQLSctb5W3qhrSI_JIB4zu_fjOsxbYJLw-ujIfslWiN6vKEdf9ZA/viewform.
We appreciate your time and your feedback.