Unleashing the power of static analysis

Authors:
Manuvir Das
Affiliations:
Program Analysis Group, Center for Software Excellence, Microsoft Corporation
Venue:
SAS'06 Proceedings of the 13th international conference on Static Analysis
Year:
2006

Citing 9
Cited 1

Precise interprocedural dataflow analysis via graph reachability

POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors

Software—Practice & Experience
Unification-based pointer analysis with directional assignments

PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
CSSV: towards a realistic tool for statically detecting all buffer overflows in C

PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Software validation via scalable path-sensitive value flow analysis

ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Modular checking for buffer overflows in the large

Proceedings of the 28th international conference on Software engineering

Modeling and analyzing the interaction of C and C++ strings

FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software

Quantified Score

Hi-index	0.00

Visualization

Abstract

The last few years have seen a surge of activity in the static analysis community on the application of static analysis to program verification and defect detection. Researchers have long believed in the benefit of exposing and fixing potential defects in a program before it is ever run, especially when the program can be made correct by construction, as in the case of compiler-enforced type systems. But every static analysis tool (other than a compiler's type checker) ever built, no matter how precise, suffers from the same fatal flaw in the eyes of the programmer: Defect reports do not come with known user scenarios that expose the defects. Therefore, programmers have been loathe to examine and fix defect reports produced by static analysis tools as a routine part of the software development process. In spite of recent advancements in analysis techniques, there are no papers we are aware of that report programmers fixing more than a few dozen defects.