High Performance Static Analysis for Industry

Authors:
Mark Bradley;Franck Cassez;Ansgar Fehnker;Thomas Given-Wilson;Ralf Huuck
Affiliations:
NICTA University of New South Wales Sydney, Australia;NICTA University of New South Wales Sydney, Australia;NICTA University of New South Wales Sydney, Australia;NICTA University of New South Wales Sydney, Australia;NICTA University of New South Wales Sydney, Australia
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2012

Citing 8
Cited 1

Compilers: principles, techniques, and tools

Compilers: principles, techniques, and tools
Structural Properties of XPath Fragments

ICDT '03 Proceedings of the 9th International Conference on Database Theory
Model Checking Software at Compile Time

TASE '07 Proceedings of the First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering
Principles of Model Checking (Representation and Mind Series)

Principles of Model Checking (Representation and Mind Series)
Precise fixpoint computation through strategy iteration

ESOP'07 Proceedings of the 16th European conference on Programming
SATABS: SAT-Based predicate abstraction for ANSI-C

TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Counterexample guided path reduction for static program analysis

Concurrency, Compositionality, and Correctness
A Survey of Automated Techniques for Formal Software Verification

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Software model checking for people who love automata

CAV'13 Proceedings of the 25th international conference on Computer Aided Verification

Quantified Score

Hi-index	0.00

Visualization

Abstract

Static source code analysis for software bug detection has come a long way since its early beginnings as a compiler technology. However, with the introduction of more sophisticated algorithmic techniques, such as model checking and constraint solving, questions about performance are a major concern. In this work we present an empirical study of our industrial strength source code analysis tool Goanna that uses a model checking core for static analysis of C/C++ code. We present the core technology and abstraction mechanism with a focus on performance, as guided by experience from having analyzed millions of lines of code. In particular, we present results from our recent study within the NIST/DHS SAMATE program. The results show that, maybe surprisingly, formal verification techniques can be used successfully in practical industry applications scaling roughly linearly, even for millions of lines of code.