Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Interprocedural conditional branch elimination
Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementation
A practical framework for demand-driven interprocedural data flow analysis
ACM Transactions on Programming Languages and Systems (TOPLAS)
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Demand-driven pointer analysis
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
ICSE '81 Proceedings of the 5th international conference on Software engineering
Tracking pointers with path and context sensitivity for bug detection in C programs
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Practical memory leak detection using guarded value-flow analysis
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Calysto: scalable and precise extended static checking
Proceedings of the 30th international conference on Software engineering
Marple: a demand-driven path-sensitive buffer overflow detector
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
LEAKPOINT: pinpointing the causes of memory leaks
Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering - Volume 1
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Memory leak analysis by contradiction
SAS'06 Proceedings of the 13th international conference on Static Analysis
Challenges in defining a programming language for provably correct dynamic analyses
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
Proceedings of the 2013 International Conference on Software Engineering
| Hi-index | 0.00 |
Although static bug detectors are extensively applied, there is a cost in using them. One challenge is that static analysis often reports a large number of false positives but little diagnostic information. Also, individual bug detectors need to be built in response to new types of faults, and tuning a static tool for precision and scalability is time-consuming. This paper presents a novel frame-work that automatically generates scalable, interprocedural, path-sensitive analyses to detect user-specified faults. The framework consists of a specification technique that expresses faults and information needed for their detection, a scalable, path-sensitive algorithm, and a generator that unifies the two. The analysis produced identifies not only faults but also the path segments where the root causes of a fault are located. The generality of the framework is accomplished for both data- and control-centric faults. We implemented our framework and generated fault detectors for identifying buffer overflows, integer violations, null-pointer dereferences and memory leaks. We experimentally demonstrate that the generated analyses scales to large deployed software, and its detection capability is comparable to tools that target a specific type of fault. In our experiments, we identify a total of 146 faults of the four types. While the length of path segments for the majority of faults is 1--4 procedures, we are able to detect faults deeply embedded in the code across 35 procedures.