LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Variations on the Common Subexpression Problem
Journal of the ACM (JACM)
Model checking
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Type-based race detection for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A unified approach to global program optimization
POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Construction of Abstract State Graphs with PVS
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Using Programmer-Written Compiler Extensions to Catch Security Holes
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
How to write system-specific, static checkers in metal
Proceedings of the 2002 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Using redundancies to find errors
Proceedings of the 10th ACM SIGSOFT symposium on Foundations of software engineering
From symptom to cause: localizing errors in counterexample traces
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Using redundancies to find errors
ACM SIGSOFT Software Engineering Notes
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A practical flow-sensitive and context-sensitive C and C++ memory leak detector
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Debugging temporal specifications with concept analysis
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Design and Implementation of a Fine-Grained Software Inspection Tool
IEEE Transactions on Software Engineering
ARCHER: using symbolic, path-sensitive analysis to detect memory access errors
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
RacerX: effective, static detection of race conditions and deadlocks
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Automatic detection and repair of errors in data structures
OOPSLA '03 Proceedings of the 18th annual ACM SIGPLAN conference on Object-oriented programing, systems, languages, and applications
Incremental execution of transformation specifications
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SELF: a transparent security extension for ELF binaries
Proceedings of the 2003 workshop on New security paradigms
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Improving data-flow analysis with path profiles
ACM SIGPLAN Notices - Best of PLDI 1979-1999
Parametric regular path queries
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Consistency analysis of authorization hook placement in the Linux security modules framework
ACM Transactions on Information and System Security (TISSEC)
Modular Verification of Software Components in C
IEEE Transactions on Software Engineering
Generating Tests from Counterexamples
Proceedings of the 26th International Conference on Software Engineering
iWatcher: Efficient Architectural Support for Software Debugging
Proceedings of the 31st annual international symposium on Computer architecture
Software validation via scalable path-sensitive value flow analysis
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
SABER: smart analysis based error reduction
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
Invited talk: the blast query language for software verification
PPDP '04 Proceedings of the 6th ACM SIGPLAN international conference on Principles and practice of declarative programming
Invited talk: the blast query language for software verification
Proceedings of the 2004 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Exstatic: a generic static checker applied to documentation systems
Proceedings of the 22nd annual international conference on Design of communication: The engineering of quality documentation
Validating structural properties of nested objects
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
PSE: explaining program failures via postmortem static analysis
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Correlation exploitation in error ranking
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Using build-integrated static checking to preserve correctness invariants
Proceedings of the 11th ACM conference on Computer and communications security
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ACM SIGPLAN Notices
Efficient and flexible architectural support for dynamic monitoring
ACM Transactions on Architecture and Code Optimization (TACO)
Data structure repair using goal-directed reasoning
Proceedings of the 27th international conference on Software engineering
Improving software security with a C pointer analysis
Proceedings of the 27th international conference on Software engineering
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Context-sensitive program analysis as database queries
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Lightweight object specification with typestates
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
DynaMine: finding common error patterns by mining software revision histories
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Adding trace matching with free variables to AspectJ
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Continuous code-quality assurance with SAFE
Proceedings of the 2006 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
CP-Miner: Finding Copy-Paste and Related Bugs in Large-Scale Software Code
IEEE Transactions on Software Engineering
Refinement-based context-sensitive points-to analysis for Java
Proceedings of the 2006 ACM SIGPLAN conference on Programming language design and implementation
Static detection of leaks in polymorphic containers
Proceedings of the 28th international conference on Software engineering
Proceedings of the 28th international conference on Software engineering
HeapMon: a helper-thread approach to programmable, automatic, and low-overhead memory bug detection
IBM Journal of Research and Development
The case for analysis preserving language transformation
Proceedings of the 2006 international symposium on Software testing and analysis
Inference and enforcement of data structure consistency specifications
Proceedings of the 2006 international symposium on Software testing and analysis
DSD-Crasher: a hybrid analysis tool for bug finding
Proceedings of the 2006 international symposium on Software testing and analysis
A framework for implementing pluggable type systems
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Software partitioning for effective automated unit testing
EMSOFT '06 Proceedings of the 6th ACM & IEEE International conference on Embedded software
Flow-insensitive type qualifiers
ACM Transactions on Programming Languages and Systems (TOPLAS)
Compositional dynamic test generation
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Thorough static analysis of device drivers
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
A static aspect language for checking design rules
Proceedings of the 6th international conference on Aspect-oriented software development
Saturn: A scalable framework for error detection using Boolean satisfiability
ACM Transactions on Programming Languages and Systems (TOPLAS) - Special issue on POPL 2005
A framework for the static verification of api calls
Journal of Systems and Software
Flashback: a lightweight extension for rollback and deterministic replay for software debugging
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Using SCL to Specify and Check Design Intent in Source Code
IEEE Transactions on Software Engineering
Goal-Directed Reasoning for Specification-Based Data Structure Repair
IEEE Transactions on Software Engineering
Thirty years is long enough: getting beyond C
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
CP-Miner: a tool for finding copy-paste and related bugs in operating system code
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
Using web application construction frameworks to protect against code injection attacks
Proceedings of the 2007 workshop on Programming languages and analysis for security
Rx: Treating bugs as allergies—a safe method to survive software failures
ACM Transactions on Computer Systems (TOCS)
/*icomment: bugs or bad comments?*/
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Modular typestate checking of aliased objects
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
Tracking bad apples: reporting the origin of null and undefined value errors
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
From uncertainty to belief: inferring the specification within
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Effective memory protection using dynamic tainting
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Securing web applications with static and dynamic information flow tracking
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Hang analysis: fighting responsiveness bugs
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Hotcomments: how to make program comments more useful?
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Beyond bug-finding: sound program analysis for Linux
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
Practical memory leak detector based on parameterized procedural summaries
Proceedings of the 7th international symposium on Memory management
Evaluating the cost reduction of static code analysis for software security
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
The Verified Software Challenge: A Call for a Holistic Approach to Reliability
Verified Software: Theories, Tools, Experiments
Typestate-like analysis of multiple interacting objects
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
EMSOFT '08 Proceedings of the 8th ACM international conference on Embedded software
Security benchmarking using partial verification
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
AutoISES: automatically inferring security specifications and detecting violations
SS'08 Proceedings of the 17th conference on Security symposium
Path projection for user-centered static analysis tools
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
Understanding customer problem troubleshooting from storage system logs
FAST '09 Proccedings of the 7th conference on File and storage technologies
Formal Verification of C Systems Code
Journal of Automated Reasoning
Demand-driven memory leak detection based on flow- and context-sensitive pointer analysis
Journal of Computer Science and Technology
On the Role of Formal Methods in Software Certification: An Experience Report
Electronic Notes in Theoretical Computer Science (ENTCS)
A few billion lines of code later: using static analysis to find bugs in the real world
Communications of the ACM
Verification of CERT Secure Coding Rules: Case Studies
OTM '09 Proceedings of the Confederated International Conferences, CoopIS, DOA, IS, and ODBASE 2009 on On the Move to Meaningful Internet Systems: Part II
Compositional may-must program analysis: unleashing the power of alternation
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Z-ranking: using statistical analysis to counter the impact of static analysis approximations
SAS'03 Proceedings of the 10th international conference on Static analysis
The verifying compiler: a grand challenge for computing research
CC'03 Proceedings of the 12th international conference on Compiler construction
Automatic coding rule conformance checking using logic programming
PADL'08 Proceedings of the 10th international conference on Practical aspects of declarative languages
End-to-end data integrity for file systems: a ZFS case study
FAST'10 Proceedings of the 8th USENIX conference on File and storage technologies
Scalable and systematic detection of buggy inconsistencies in source code
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Predicting defect priority based on neural networks
ADMA'10 Proceedings of the 6th international conference on Advanced data mining and applications - Volume Part II
Making the common case the only case with anticipatory memory allocation
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Generating analyses for detecting faults in path segments
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Checking conformance of a producer and a consumer
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Inferring data polymorphism in systems code
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Statically validating must summaries for incremental compositional dynamic test generation
SAS'11 Proceedings of the 18th international conference on Static analysis
Making the common case the only case with anticipatory memory allocation
ACM Transactions on Storage (TOS)
Orion: high-precision methods for static error analysis of c and c++ programs
FMCO'05 Proceedings of the 4th international conference on Formal Methods for Components and Objects
cascade: C assertion checker and deductive engine
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Saturn: a SAT-based tool for bug detection
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Incremental algorithms for inter-procedural analysis of safety properties
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
abc: the aspectbench compiler for aspectJ
GPCE'05 Proceedings of the 4th international conference on Generative Programming and Component Engineering
An extensible open-source compiler infrastructure for testing
HVC'05 Proceedings of the First Haifa international conference on Hardware and Software Verification and Testing
STANSE: bug-finding framework for c programs
MEMICS'11 Proceedings of the 7th international conference on Mathematical and Engineering Methods in Computer Science
Automatic parallelization of fine-grained meta-functions on a chip multiprocessor
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
System-specific static code analyses: a case study in the complex embedded systems domain
Software Quality Control
Compositional load test generation for software pipelines
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Model-Based static code analysis for MATLAB models
ISoLA'12 Proceedings of the 5th international conference on Leveraging Applications of Formal Methods, Verification and Validation: technologies for mastering change - Volume Part I
Effective pattern-driven concurrency bug detection for operating systems
Journal of Systems and Software
Verifying systems rules using rule-directed symbolic execution
Proceedings of the eighteenth international conference on Architectural support for programming languages and operating systems
Marple: Detecting faults in path segments using automatically generated analyses
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
Automatic parallelization of fine-grained metafunctions on a chip multiprocessor
ACM Transactions on Architecture and Code Optimization (TACO)
| Hi-index | 0.02 |
This paper presents a novel approach to bug-finding analysis and an implementation of that approach. Our goal is to find as many serious bugs as possible. To do so, we designed a flexible, easy-to-use extension language for specifying analyses and an efficent algorithm for executing these extensions. The language, metal, allows the users of our system to specify a broad class of analyses in terms that resemble the intuitive description of the rules that they check. The system, xgcc, executes these analyses efficiently using a context-sensitive, interprocedural analysis. Our prior work has shown that the approach described in this paper is effective: it has successfully found thousands of bugs in real systems code. This paper describes the underlying system used to achieve these results. We believe that our system is an effective framework for deploying new bug-finding analyses quickly and easily.