ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
Precise range analysis on large industry code
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
| Hi-index | 0.00 |
Array index out of bound is a common but critical vulnerability, which may crash the software system at runtime and results in irreparable damage, particularly in safety-critical systems. Use of static analysis for checking this vulnerability is the common approach to prevent it from occurring. Numbers of tools based on static analysis technique are available. This paper presents an evaluation of five such static analysis tools used for detection of this vulnerability. Among them, two are commercial tools Polyspace, Coverity; one is an academic tool ARCHER and the other two are open source tools UNO and CBMC. These tools have been evaluated with respect to four factors, namely, precision, scalability, soundness and execution time. Main objective of this study is to understand the techniques used to check properties similar to array index out of bound access in C code and to share our findings on the pros and cons of the different approaches.