Demand interprocedural dataflow analysis
SIGSOFT '95 Proceedings of the 3rd ACM SIGSOFT symposium on Foundations of software engineering
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Verification by augmented finitary abstraction
Information and Computation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Bebop: A Symbolic Model Checker for Boolean Programs
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
Abstraction-based deductive-algorithmic verification of reactive systems
Abstraction-based deductive-algorithmic verification of reactive systems
Test input generation with java PathFinder
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Termination proofs for systems code
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
EXE: automatically generating inputs of death
Proceedings of the 13th ACM conference on Computer and communications security
SYNERGY: a new algorithm for property checking
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Sound, complete and scalable path-sensitive analysis
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
EMSOFT '08 Proceedings of the 8th ACM international conference on Embedded software
Program Analysis with Dynamic Precision Adjustment
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Demand-driven compositional symbolic execution
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
YASM: a software model-checker for verification and refutation
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
An empirical study of optimizations in YOGI
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
SAS'10 Proceedings of the 17th international conference on Static analysis
FITE: future integrated testing environment
Proceedings of the FSE/SDP workshop on Future of software engineering research
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Formal Methods in System Design
Runtime instrumentation for precise flow-sensitive type analysis
RV'10 Proceedings of the First international conference on Runtime verification
A decade of software model checking with SLAM
Communications of the ACM
Theoretical aspects of compositional symbolic execution
FASE'11/ETAPS'11 Proceedings of the 14th international conference on Fundamental approaches to software engineering: part of the joint European conferences on theory and practice of software
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Automatic partial loop summarization in dynamic test generation
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Statically validating must summaries for incremental compositional dynamic test generation
SAS'11 Proceedings of the 18th international conference on Static analysis
Invisible invariants and abstract interpretation
SAS'11 Proceedings of the 18th international conference on Static analysis
An abstraction-refinement framework for trigger querying
SAS'11 Proceedings of the 18th international conference on Static analysis
A lightweight approach for loop summarization
ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
Efficient loop navigation for symbolic execution
ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
There's plenty of room at the bottom: analyzing and verifying machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Lazy annotation for program testing and verification
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Directed proof generation for machine code
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Abstract analysis of symbolic executions
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Learning component interfaces with may and must abstractions
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
Formal testing for separation assurance
Annals of Mathematics and Artificial Intelligence
On the integration of software testing and formal analysis
Empirical Software Engineering and Verification
Whale: an interpolation-based algorithm for inter-procedural verification
VMCAI'12 Proceedings of the 13th international conference on Verification, Model Checking, and Abstract Interpretation
Automated error diagnosis using abductive inference
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Parallelizing top-down interprocedural analyses
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
From under-approximations to over-approximations and back
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Software regression as change of input partitioning
Proceedings of the 34th International Conference on Software Engineering
Unbounded symbolic execution for program verification
RV'11 Proceedings of the Second international conference on Runtime verification
Software model checking via IC3
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Alternate and learn: finding witnesses without looking all over
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
ICTAC'12 Proceedings of the 9th international conference on Theoretical Aspects of Computing
Predicate analysis with block-abstraction memoization
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Information reuse for multi-goal reachability analyses
ESOP'13 Proceedings of the 22nd European conference on Programming Languages and Systems
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Underapproximation of procedure summaries for integer programs
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
State of the art: Dynamic symbolic execution for automated test generation
Future Generation Computer Systems
Reasoning about nondeterminism in programs
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Redundant state detection for dynamic symbolic execution
USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference
Toward a verifiable software dataplane
Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks
Bias-variance tradeoffs in program analysis
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
| Hi-index | 0.02 |
Program analysis tools typically compute two types of information: (1) may information that is true of all program executions and is used to prove the absence of bugs in the program, and (2) must information that is true of some program executions and is used to prove the existence of bugs in the program. In this paper, we propose a new algorithm, dubbed SMASH, which computes both may and must information compositionally . At each procedure boundary, may and must information is represented and stored as may and must summaries, respectively. Those summaries are computed in a demand driven manner and possibly using summaries of the opposite type. We have implemented SMASH using predicate abstraction (as in SLAM) for the may part and using dynamic test generation (as in DART) for the must part. Results of experiments with 69 Microsoft Windows 7 device drivers show that SMASH can significantly outperform may-only, must-only and non-compositional may-must algorithms. Indeed, our empirical results indicate that most complex code fragments in large programs are actually often either easy to prove irrelevant to the specific property of interest using may analysis or easy to traverse using directed testing. The fine-grained coupling and alternation of may (universal) and must (existential) summaries allows SMASH to easily navigate through these code fragments while traditional may-only, must-only or non-compositional may-must algorithms are stuck in their specific analyses.