Object-oriented type inference
OOPSLA '91 Conference proceedings on Object-oriented programming systems, languages, and applications
Accurate static estimators for program optimization
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Interprocedural may-alias analysis for pointers: beyond k-limiting
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
A Practical Approach to Programming With Assertions
IEEE Transactions on Software Engineering
Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Model checking
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Proving termination with multiset orderings
Communications of the ACM
Symbolic execution and program testing
Communications of the ACM
Change impact analysis for object-oriented programs
PASTE '01 Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
How to write system-specific, static checkers in metal
Proceedings of the 2002 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Intrusion Detection via Static Analysis
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Program termination analysis in polynomial time
ACM Transactions on Programming Languages and Systems (TOPLAS)
Goanna: Syntactic Software Model Checking
ATVA '08 Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis
Automatic Bug Detection in Microcontroller Software by Static Program Analysis
SOFSEM '09 Proceedings of the 35th Conference on Current Trends in Theory and Practice of Computer Science
Interprocedural Pointer Analysis in Goanna
Electronic Notes in Theoretical Computer Science (ENTCS)
VSTTE'12 Proceedings of the 4th international conference on Verified Software: theories, tools, experiments
Innovations in Systems and Software Engineering
Precise range analysis on large industry code
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
| Hi-index | 0.00 |
Tools based on static analysis can be used to find defects in programs. Tools that do shallow analyses based on pattern matching have existed since the 1980's and although they can analyze large programs they have the drawback of producing a massive amount of warnings that have to be manually analyzed to see if they are real defects or not. Recent technology advances has brought forward tools that do deeper analyses that discover more defects and produce a limited amount of false warnings. These tools can still handle large industrial applications with millions lines of code. This article surveys the underlying supporting technology of three state-of-the-art static analysis tools. The survey relies on information in research articles and manuals, and includes the types of defects checked for (such as memory management, arithmetics, security vulnerabilities), soundness, value and aliasing analyses, incrementality and IDE integration. This survey is complemented by practical experiences from evaluations at the Ericsson telecom company.