Missing if else statements using static analysis

Question

Missing if else statements using static analysis

I am trying to catch missing raw conditions for the expression g inside if statements.

First example

if (a < 5) {
    // Do something
} else {
    // handled else condition
}

Second example

if (a < 5) {
    // Do something
} else if (a >= 5){
    // handled else if condition
}

these two examples are true, and all possibilities are processed.

But I'm trying to fulfill conditions like

if ((a < 5) && b > 10) {
    // Do something
} else if ((a >= 5) && (b > 10)){
    // handled else condition
} else if((a < 5) && (b <= 10)) {
    // handled else condition
}

But this condition does not handle all the possibilities and there is no condition

} else if ((a >= 5) && (b <= 10)) {
   // missing condition which is not handled
}

I am trying to find such a vulnerability by static analysis and using an abstract syntax tree of source codes. Is there any algorithm, approach, or any article that is being studied on such a problem?

+3

if-statement static analysis condition abstract-syntax-tree

sctn Feb 17 '11 at 8:19

source share

2 answers

Elian Ebbing · Answer 1 · 2011-02-17T09:09:01+0000

If you have a type code

if(A) { ... }
else if (B) { ... }
else if (C) { ... }

, , , A or B or C true. , , , .

(F1 or F2 or ...) and (G1 or G2 or G3) and (H1 or H2 or H3) ...

(x < c), (x ≤ c), (x > c) (x ≥ c), x - , c - . , :

(x < c1) (x > c2) true, (c1 > c2)
(x < c1) (x ≥ c2) true, (c1 ≥ c2)
(x ≤ c1) (x > c2) true, (c1 ≥ c2)
(x ≤ c1) (x ≥ c2) true, (c1 ≥ c2)

(F1 or F2 or ...). , , .

, .

( if ) . , if(f(x) || g(x)), , f() g() .

Pascal Cuoq · Answer 2 · 2011-02-17T16:52:43+0000

,


if ((a < 5) && b > 10) {
    // Do something
} else if ((a >= 5) && (b > 10)){
    // handled else condition
} else if((a < 5) && (b <= 10)) {
    // handled else condition
}


if ((a < 5) && b > 10) {
    // Do something
} else if ((a >= 5) && (b > 10)){
    // handled else condition
} else if((a < 5) && (b <= 10)) {
    // handled else condition
} else {
/*@ assert false ; */
}

, , , , assert, , , else , , .

, Java ( JML), C ( ACSL) # ( Spe#). , , -, , , , . , , - .

C, Frama-C Jessie:

int a, b;

main(){
  if ((a < 5) && b > 10) {
    // Do something
  } else if ((a >= 5) && (b > 10)){
    // handled else condition
  } else if((a < 5) && (b <= 10)) {
    // handled else condition
  } else {
    /*@ assert \false ; */
  } 
}

, , , . } else if ((a >= 5) && (b <= 10)) {, .

Missing if else statements using static analysis

More articles: