Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
Principles of Program Analysis
Principles of Program Analysis
Specification and verification of concurrent systems in CESAR
Proceedings of the 5th Colloquium on International Symposium on Programming
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
SABER: smart analysis based error reduction
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Evaluating and tuning a static analysis to find null pointer bugs
PASTE '05 Proceedings of the 6th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Evaluating static analysis defect warnings on production software
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Varieties of Static Analyzers: A Comparison with ASTREE
TASE '07 Proceedings of the First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering
Model Checking Software at Compile Time
TASE '07 Proceedings of the First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering
A Comparative Study of Industrial Static Analysis Tools
Electronic Notes in Theoretical Computer Science (ENTCS)
Precise fixpoint computation through strategy iteration
ESOP'07 Proceedings of the 16th European conference on Programming
SATABS: SAT-Based predicate abstraction for ANSI-C
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Counterexample guided path reduction for static program analysis
Concurrency, Compositionality, and Correctness
| Hi-index | 0.00 |
Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.