Semantics with applications: a formal introduction
Semantics with applications: a formal introduction
Symbolic Execution of Program Paths Involving Pointer and Structure Variables
QSIC '04 Proceedings of the Quality Software, Fourth International Conference
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Symbolic path simulation in path-sensitive dataflow analysis
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A Test Data Generation Tool for Unit Testing of C Programs
QSIC '06 Proceedings of the Sixth International Conference on Quality Software
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Hi-index | 0.00 |
Automatic bug finding with static analysis requires precise tracking of different memory object values. This paper describes a memory modeling method for static analysis of C programs. It is particularly suitable for precise path-sensitive analyses, e.g., symbolic execution. It can handle almost all kinds of C expressions, including arbitrary levels of pointer dereferences, pointer arithmetic, composite array and struct data types, arbitrary type casts, dynamic memory allocation, etc. It maps aliased lvalue expressions to the identical object without extra alias analysis. The model has been implemented in the Clang static analyzer and enhanced the analyzer a lot by enabling it to have precise value tracking ability.