|
| 1 | +# This CITATION.cff file was generated with cffinit. |
| 2 | +# Visit https://bit.ly/cffinit to generate yours today! |
| 3 | + |
| 4 | +cff-version: 1.2.0 |
| 5 | +title: QLStat |
| 6 | +message: >- |
| 7 | + Analyze Real World Project Batch with Declarative Static |
| 8 | + Analysis based on CodeQL |
| 9 | +type: software |
| 10 | +authors: |
| 11 | + - given-names: Qingwei |
| 12 | + family-names: Li |
| 13 | + email: lqw332664203@ustc.edu.cn |
| 14 | + affiliation: University of Science and Technology of China |
| 15 | + orcid: 'https://orcid.org/0009-0002-3888-2435' |
| 16 | + - given-names: Boyao |
| 17 | + family-names: Ding |
| 18 | + email: via@mail.ustc.edu.cn |
| 19 | + affiliation: University of Science and Technology of China |
| 20 | + orcid: 'https://orcid.org/0009-0009-4208-7961' |
| 21 | + - orcid: 'https://orcid.org/0000-0001-6638-6442' |
| 22 | + affiliation: University of Science and Technology of China |
| 23 | + email: yuzhang@ustc.edu.cn |
| 24 | + given-names: Yu |
| 25 | + family-names: Zhang |
| 26 | + - orcid: 'https://orcid.org/0009-0005-7061-1178' |
| 27 | + given-names: Jinbao |
| 28 | + family-names: Chen |
| 29 | + email: zkd18cjb@mail.ustc.edu.cn |
| 30 | + affiliation: University of Science and Technology of China |
| 31 | +identifiers: |
| 32 | + - type: doi |
| 33 | + value: 10.13328/j.cnki.jos.007464 |
| 34 | +repository-code: 'https://github.com/s4plus/QLStat' |
| 35 | +abstract: >- |
| 36 | + The Go programming language (Golang), as an emerging |
| 37 | + programming language, achieves efficient automatic memory |
| 38 | + management through compile-time escape analysis and |
| 39 | + runtime garbage collection. It also provides built-in data |
| 40 | + types such as interface, slice, and map, which |
| 41 | + significantly enhance development efficiency and program |
| 42 | + performance. However, these features also introduce memory |
| 43 | + performance and safety challenges that differ from those |
| 44 | + in traditional languages like C/C++. This study uses |
| 45 | + static code analysis to empirically study memory |
| 46 | + performance and safety problems in Go programs. The |
| 47 | + framework PatStat, designed based on CodeQL, is employed |
| 48 | + to analyze open-source repositories on GitHub. This |
| 49 | + framework uses the declarative language QL to examine code |
| 50 | + patterns related to memory performance in open-source |
| 51 | + repositories, facilitating both manual summarization and |
| 52 | + automatic detection of memory safety problems. The |
| 53 | + research covers memory access characteristics and patterns |
| 54 | + of memory safety problems. An analysis of 996 Go |
| 55 | + open-source projects, updated within the past year, |
| 56 | + reveals that field accesses and dereference operations |
| 57 | + account for significant portions of memory access in Go |
| 58 | + programs, at 25.44% and 17.63%, respectively. This |
| 59 | + indicates the importance of field sensitivity and |
| 60 | + points-to analysis in Go program analysis and |
| 61 | + optimization. Moreover, implicit memory allocation |
| 62 | + resulting from Go’s unique interface type conversions is |
| 63 | + another key area for optimization. Through manual analysis |
| 64 | + of 130 Issues involving memory leaks, invalid memory |
| 65 | + addresses or null pointer dereferences, and dangling |
| 66 | + pointers, the study identifies 10 Issue patterns, noting |
| 67 | + that dangling pointer problems are rare in Go. These |
| 68 | + Issues typically require around 30 days for resolution but |
| 69 | + often demand only a few dozen lines of code changes. The |
| 70 | + findings offer insights for optimizing Go programs and |
| 71 | + mitigating memory safety concerns. Furthermore, a linter |
| 72 | + is developed to detect the Issue pattern, which involves |
| 73 | + the assignment of a slice expression that may lead to |
| 74 | + memory leaks. This tool identifies 6 Issues in real-world |
| 75 | + projects, one of which receives positive feedback. |
| 76 | +keywords: |
| 77 | + - Go |
| 78 | + - memory performance |
| 79 | + - static code analysis |
| 80 | + - memory safety |
| 81 | + - empirical study |
| 82 | +license: Apache-2.0 |
0 commit comments