A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Applying Static Analysis to Large-Scale, Multi-Threaded Java Programs
ASWEC '01 Proceedings of the 13th Australian Conference on Software Engineering
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
LLVM: A Compilation Framework for Lifelong Program Analysis & Transformation
Proceedings of the international symposium on Code generation and optimization: feedback-directed and runtime optimization
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Secure Coding in C and C++ (SEI Series in Software Engineering)
Secure Coding in C and C++ (SEI Series in Software Engineering)
Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
IEEE Security and Privacy
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Refining buffer overflow detection via demand-driven path-sensitive analysis
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
User-input dependence analysis via graph reachability
User-input dependence analysis via graph reachability
Goanna: a static model checker
FMICS'06/PDMC'06 Proceedings of the 11th international workshop, FMICS 2006 and 5th international workshop, PDMC conference on Formal methods: Applications and technology
Program analysis for bug detection using parfait: invited talk
Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation
BegBunch: benchmarking for C bug detection tools
Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2009)
The life and death of statically detected vulnerabilities: An empirical study
Information and Software Technology
Towards a unified fault-detection benchmark
Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Practical and effective symbolic analysis for buffer overflow detection
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Static deep error checking in large system applications using parfait
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Scalable and incremental software bug detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
| Hi-index | 0.00 |
We present the design of Parfait, a static layered program analysis framework for bug checking, designed for scalability and precision by improving false positive rates and scale to millions of lines of code. The Parfait framework is inherently parallelizable and makes use of demand driven analyses. In this paper we provide an example of several layers of analyses for buffer overflow, summarize our initial implementation for C, and provide preliminary results. Results are quantified in terms of correctly-reported, false positive and false negative rates against the NIST SAMATE synthetic benchmarks for C code.