Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Reduction and covering of infinite reachability trees
Information and Computation
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
On-the-fly garbage collection: an exercise in cooperation
Communications of the ACM
Guarded commands, nondeterminacy and formal derivation of programs
Communications of the ACM
CCured: type-safe retrofitting of legacy code
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Model Checking of Unrestricted Hierarchical State Machines
ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
Analysis of Recursive State Machines
CAV '01 Proceedings of the 13th International Conference on Computer Aided Verification
Temporal-Safety Proofs for Systems Code
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
CVC: A Cooperating Validity Checker
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
On Model Checking for Non-Deterministic Infinite-State Systems
LICS '98 Proceedings of the 13th Annual IEEE Symposium on Logic in Computer Science
ISSRE '00 Proceedings of the 11th International Symposium on Software Reliability Engineering
Counterexample-guided abstraction refinement for symbolic model checking
Journal of the ACM (JACM)
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Statically detecting likely buffer overflow vulnerabilities
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Journal of Computer and System Sciences
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Incremental algorithms for inter-procedural analysis of safety properties
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Reducing False Positives by Combining Abstract Interpretation and Bounded Model Checking
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Incremental False Path Elimination for Static Software Analysis
ATVA '09 Proceedings of the 7th International Symposium on Automated Technology for Verification and Analysis
Program model checking via action planning
MoChArt'10 Proceedings of the 6th international conference on Model checking and artificial intelligence
Static deep error checking in large system applications using parfait
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Counterexample guided path reduction for static program analysis
Concurrency, Compositionality, and Correctness
SMT-based false positive elimination in static program analysis
ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering
Hi-index | 0.00 |
We describe the algorithmic and implementation ideas behind a tool, Orion, for finding common programming errors in C and C++ programs using static code analysis. We aim to explore the fundamental trade-off between the cost and the precision of such analyses. Analysis methods that use simple dataflow domains run the risk of producing a high number of false error reports. On the other hand, the use of complex domains reduces the number of false errors, but limits the size of code that can be analyzed. Orion employs a two-level approach: potential errors are identified by an efficient search based on a simple domain; each discovered error path is then scrutinized by a high-precision feasibility analysis aimed at filtering out as many false errors as possible. We describe the algorithms used and their implementation in a GCC-based tool. Experimental results on a number of software programs bear out the expectation that this approach results in a high signal-to-noise ratio of reported errors, at an acceptable cost.