K. A. Chibisov, R. A. Buchatskiy, A. D. Timonin, V. I. Lazar, D. M. Zhurikhin, A. A. Belevancev, “TSAR: tool for static analyzers ranking”, Proceedings of ISP RAS, 2025, Volume 37, Issue 2,Pages <nobr>79

TSAR: tool for static analyzers ranking

K. A. Chibisov^a, R. A. Buchatskiy^a, A. D. Timonin^ba, V. I. Lazar^b, D. M. Zhurikhin^ca, A. A. Belevancev^ca

^a Ivannikov Institute for System Programming of the RAS
^b Moscow Institute of Physics and Technology
^c Lomonosov Moscow State University

Abstract: The article presents a new tool, TSAR, designed for evaluating the effectiveness of static analyzers. TSAR includes three main components: a static analyzer assessment system, a test generator based on the Common Weakness Enumeration (CWE), and code transformation mechanisms (mutators) to challenge the analyzers. The assessment system identifies weaknesses in static analysis tools, while the test generator creates specific cases based on known vulnerabilities. Code transformations create complex structures that complicate analysis and intended to test the analyzers' ability in detecting real vulnerabilities. This tool provides researchers and developers with an opportunity for a deeper assessment of the quality of software static analyzers for their further improvement.

Keywords: static analysis, tests, test generator, transformations, CWE, MLIR, LLVM, clang, cppcheck, Juliet, clang static analyzer, clang-tidy

DOI: 10.15514/ISPRAS-2025-37(2)-6