Precisely which code is analysed by control-flag?

[JZacaroli]

I am running this and seems to be working nicely so far, so thanks! I would just like to clarify precisely which code statements are being analysed by the software in its current state.

Am I right in thinking that it is only looking at code contained within the () parentheses of if statements? I.e. in the following code, only cond1 and cond2 would be analysed:

if (cond1) {
    statement1();
} else if (cond2) {
    statement2();
}

Also, are if statements the only control structures that are supported at the moment?

[jgottschlich]

Hi @JZacaroli -

First, thank you so much for looking into and using ControlFlag! We greatly appreciate your support. :)

Second, your understanding of ControlFlag (CF) is precisely correct for the current implementation. CF currently only analyzes if conditional expressions for anomalous code. The reason for this is many-fold, however, we plan to add support for all other control flow expressions (e.g., for loops, while loops, etc.) soon.

One of the reasons we initially targeted if statements is because we had seen from various programming language surveys that a large number of the defects in code come from incorrectly written if conditionals (i.e., incorrect Boolean logic). That said, this is just the beginning of CF. In the coming months, we plan to add support for all control flow expressions as well as instruction-by-instruction analysis (e.g., double free bugs, out of bounds array accesses, etc.).

However, as you probably already know, part of what makes it challenging to detect all these different types of defects is that we need to ensure that CF is computationally tractable in its solution space. If we exceed what is practical for computational tractability, we likely won't be able to help anyone, no matter how advanced CF is.

Does that make sense?

That aside, in our next round of features, we plan to do some much needed optimization of the core system as well as adding support for other critical control expressions.

If you have suggestions on other features you believe we should be prioritizing, please let us know.

Thank you again for using ControlFlag and for your feedback!

Best,
The ControlFlag Team

[JZacaroli]

Thanks so much!

When more control expressions are added, will it be possible to run the scan and specify the control structures to analyse? From my perspective it would be nice to not have to scan and sift through results for if expressions again. (Or perhaps this could just be solved by a more sophisticated regex on the output logs?)

[jgottschlich]

Hi @JZacaroli - I think this is a great idea. I'm going to list this as a feature enhancement.

Feature idea: once multiple control expressions are supported, allow user to choose which control structures they would like to analyze (e.g., if's, for's, while's, etc.).

Feature idea: improve the regular expression sophistication in the output logs so users can more precise search for the types of control structure issues they are concerned with.