The public defence of the thesis takes place on Monday May 19th, 2025 at 09:00 in M:J

Thesis title: Fully Declarative Specification of Static Code Checkers

Author: Alexandru Dura, Department of Computer Science, Lund University

Faculty opponent: Senior Research Scientist Julia Lawall, Inria-Whisper

Examination Committee:

• Professor Martin Monperrus, Royal Institute of Technology
• Associate Professor Magnus Madsen, Aarhus University, Denmark
• Associate Professor Eva Brugisser (Darulová), Uppsala University
• Deputy: Professor Jacek Malec, Lund University

Session chair: Senior Lecturer Michael Doggett, Lund

Supervisors:

• Senior Lecturer Christoph Reichenbach, Lund University
• Senior Lecturer Emma Söderberg, Lund University

Location: M:J, M-building, Ole Römers väg 1F, Lund, Sweden

For download: https://portal.research.lu.se/sv/publications/fully-declarative-specification-of-static-code-checkers

Abstract

Static code checkers are tools that help software engineers by automatically finding defects without executing the programs. These tools contain a set of detectors that rely on static program analyses to find common programming defects or to enforce coding guidelines.

While existing code checker frameworks package a rich collection of detectors, aimed at common bug defects, the effort to adapt these detectors to specific project needs is not trivial. In their definition, the detectors rely on checker-specific program representations and auxiliary data structures, which incurs a high up-front cost for customization attempts.

Being encoded in a general-purpose programming language, the detectors inherit the evaluation model of the host programming language. This precludes the adoption of evaluation schemes that fit the dynamics of the project, such as incremental evaluation or caching of partial results.

In this thesis we address the hindrances to adaptability in current checker frameworks by combining two declarative techniques: syntactic pattern matching and logic programming in Datalog. We use syntactic pattern matching to identify the program fragments that are of interest for a detector and Datalog logical rules to enable non-local reasoning between these fragments of interest. Syntactic patterns allow us to decouple the detector specification from the internal representations of programs, while the use of Datalog-style rules enables the adoption of alternative evaluation modes, such as incremental evaluation.

We materialize our techniques in declarative specification languages and runtimes that facilitate the construction of declarative static code checking frameworks for the C and Java languages. We show that these declarative specification languages enable concise description of bug detectors, while achieving analysis quality and runtime performance that is comparable with established frameworks.