Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
An Enabling Framework for Master-Worker Applications on the Computational Grid
HPDC '00 Proceedings of the 9th IEEE International Symposium on High Performance Distributed Computing
Buffer overrun detection using linear programming and static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Static analysis tools as early indicators of pre-release defect density
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
Static specification inference using predicate mining
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
An overview of the saturn project
PASTE '07 Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
From uncertainty to belief: inferring the specification within
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
The software model checker Blast: Applications to software engineering
International Journal on Software Tools for Technology Transfer (STTT)
Randoop: feedback-directed random testing for Java
Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion
MapReduce: simplified data processing on large clusters
Communications of the ACM - 50th anniversary issue: 1958 - 2008
Sound, complete and scalable path-sensitive analysis
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Parfait: designing a scalable bug checker
Proceedings of the 2008 workshop on Static analysis
Spin model checker, the: primer and reference manual
Spin model checker, the: primer and reference manual
Towards a more efficient static software change impact analysis method
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
A few billion lines of code later: using static analysis to find bugs in the real world
Communications of the ACM
Proceedings of the 19th international symposium on Software testing and analysis
GULFSTREAM: staged static analysis for streaming JavaScript applications
WebApps'10 Proceedings of the 2010 USENIX conference on Web application development
Parallel inclusion-based points-to analysis
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
EigenCFA: accelerating flow analysis with GPUs
Proceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Distributed and predictable software model checking
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
A decade of software model checking with SLAM
Communications of the ACM
Practical change impact analysis based on static program slicing for industrial software systems
Proceedings of the 33rd International Conference on Software Engineering
Two for the price of one: a model for parallel and incremental computation
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Parallelizing top-down interprocedural analyses
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Fully automatic and precise detection of thread safety violations
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Efficient bottom-up heap analysis for symbolic path-based data access summaries
Proceedings of the Tenth International Symposium on Code Generation and Optimization
Extending static analysis by mining project-specific rules
Proceedings of the 34th International Conference on Software Engineering
Modular and verified automatic program repair
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Maple: a coverage-driven testing tool for multithreaded programs
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Trace driven dynamic deadlock detection and reproduction
Proceedings of the 19th ACM SIGPLAN symposium on Principles and practice of parallel programming
| Hi-index | 0.00 |
An important, but often neglected, goal of static analysis for detecting bugs is the ability to show defects to the programmer quickly. Unfortunately, existing static analysis tools scale very poorly, or are shallow and cannot find complex interprocedural defects. Previous attempts at reducing the analysis time by adding more resources (CPU, memory) or by splitting the analysis into multiple sub-analyses based on defect detection capabilities resulted in limited/negligible improvements. We present a technique for parallel and incremental static analysis using top-down, bottom-up and global specification inference based around the concept of a work unit, a self-contained atom of analysis input, that deterministically maps to its output. A work unit contains both abstract and concrete syntax to analyze, a supporting fragment of the class hierarchy, summarized interprocedural behavior, and defect reporting information, factored to ensure a high level of reuse when analyzing successive versions incrementally. Work units are created and consumed by an analysis master process that coordinates the multiple analysis passes, the flow of information among them, and incrementalizes the computation. Meanwhile, multiple analysis worker processes use abstract interpretation to compute work unit results. Process management and interprocess communication is done by a general-purpose computation distributor layer. We have implemented our approach and our experimental results show that using eight processor cores, we can perform complete analysis of code bases with millions of lines of code in a few hours, and even faster after incremental changes to that code. The analysis is thorough and accurate: it usually reports about one crash-causing defect per thousand lines of code, with a false positive rate of 10--20%