Static analysis for software assurance: soundness, scalability and adaptiveness

Authors:
Arnaud J. Venet;Michael R. Lowry
Affiliations:
Carnegie Mellon University, Pittsburgh, PA & NASA Ames Research Center, Moffett Field, CA, USA;NASA Ames Research Center, Moffett Field, CA, USA
Venue:
Proceedings of the FSE/SDP workshop on Future of software engineering research
Year:
2010

Citing 14
Cited 0

The SLAM project: debugging system software via static analysis

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lazy abstraction

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automatic discovery of linear restraints among variables of a program

POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic

ACM Transactions on Programming Languages and Systems (TOPLAS)
Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs

SAS '96 Proceedings of the Third International Symposium on Static Analysis
TVLA: A System for Implementing Static Analyses

SAS '00 Proceedings of the 7th International Symposium on Static Analysis
The Octagon Abstract Domain

WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Precise and efficient static array bound checking for large embedded C programs

Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
A Sound Floating-Point Polyhedra Abstract Domain

APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
Abstract Simulation: A Static Analysis of Simulink Models

ICESS '09 Proceedings of the 2009 International Conference on Embedded Software and Systems
The arithmetic-geometric progression abstract domain

VMCAI'05 Proceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation
The ASTREÉ analyzer

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Abstraction refinement via inductive learning

CAV'05 Proceedings of the 17th international conference on Computer Aided Verification

Quantified Score

Hi-index	0.00

Visualization

Abstract

Standard approaches to software assurance are either process-based or test-based. We propose to include static analysis by Abstract interpretation to the software development cycle. Static analysis by Abstract Interpretation provides a high level of assurance as well as ground-truth evidence in support of its findings. Successes in the verification of large industrial codes demonstrate the readiness of this technology. However, in order to be practical in real development environments, static analysis must be able to scale and yield few false positives without the need for expert hand-tuning. We present a research agenda to reach this goal based on the development of adaptive static analysis algorithms.