Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Unification-based pointer analysis with directional assignments
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Software validation via scalable path-sensitive value flow analysis
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Modeling and analyzing the interaction of C and C++ strings
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
Hi-index | 0.00 |
The last few years have seen a surge of activity in the static analysis community on the application of static analysis to program verification and defect detection. Researchers have long believed in the benefit of exposing and fixing potential defects in a program before it is ever run, especially when the program can be made correct by construction, as in the case of compiler-enforced type systems. But every static analysis tool (other than a compiler's type checker) ever built, no matter how precise, suffers from the same fatal flaw in the eyes of the programmer: Defect reports do not come with known user scenarios that expose the defects. Therefore, programmers have been loathe to examine and fix defect reports produced by static analysis tools as a routine part of the software development process. In spite of recent advancements in analysis techniques, there are no papers we are aware of that report programmers fixing more than a few dozen defects.