Towards Vulnerability Discovery Using Extended Compile-time Analysis

Exploitable vulnerabilities, are often, an outcome of semantic bugs in a programu0027s software implementation. Since analyzing large codebases for detecting semantic bugs is hard, there is a reliance on software testing for uncovering defects. Compiler-driven program analyzers such as the Clang Static Analyzer are promising, but a local outlook limits their potential. In this paper, we propose an extended compile-time analysis framework for detecting potentially security-critical defects in object-oriented code, and evaluate the proposal against large codebases. Our framework, that we call Melange, non-intrusively retrofits a two-stage analysis pipeline into a codebaseu0027s build system. Melange complements software testing: It empowers developers to fix defects during active software development. Our analyzer scales up to large codebases and has, thus far, reported known vulnerabilities in Chromium source code.