Introduction to algorithms
Abstract interpretation and application to logic programs
Journal of Logic Programming
Unification-based pointer analysis with directional assignments
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Ultra-fast aliasing analysis using CLA: a million lines of C code in a second
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Automatic discovery of linear restraints among variables of a program
POPL '78 Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Systematic design of program analysis frameworks
POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Semantic Analysis of Interval Congruences
Proceedings of the International Conference on Formal Methods in Programming and Their Applications
Program Analysis Using Mixed Term and Set Constraints
SAS '97 Proceedings of the 4th International Symposium on Static Analysis
Modular Static Program Analysis
CC '02 Proceedings of the 11th International Conference on Compiler Construction
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Precise Call Graphs for C Programs with Function Pointers
Automated Software Engineering
A practical and precise inference and specializer for array bound checks elimination
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
Flow-insensitive static analysis for detecting integer anomalies in programs
SE'07 Proceedings of the 25th conference on IASTED International Multi-Conference: Software Engineering
Pentagons: a weakly relational abstract domain for the efficient validation of array accesses
Proceedings of the 2008 ACM symposium on Applied computing
Dataflow analysis for concurrent programs using datarace detection
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
A practical approach to formal software verification by static analysis
ACM SIGAda Ada Letters
Symbolic and Abstract Interpretation for C/C++ Programs
Electronic Notes in Theoretical Computer Science (ENTCS)
Towards the Integration of Symbolic and Numerical Static Analysis
Verified Software: Theories, Tools, Experiments
A Unified Approach to Abstract Interpretation, Formal Verification and Testing of C/C++ Modules
Proceedings of the 5th international colloquium on Theoretical Aspects of Computing
Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation
Security benchmarking using partial verification
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
Theoretical Computer Science
Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates
ASE '08 Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering
Filtering false alarms of buffer overflow analysis using SMT solvers
Information and Software Technology
Electronic Notes in Theoretical Computer Science (ENTCS)
Weakly-relational shapes for numeric abstractions: improved algorithms and proofs of correctness
Formal Methods in System Design
An improved tight closure algorithm for integer octagonal constraints
VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
On the relative completeness of bytecode analysis versus source code analysis
CC'08/ETAPS'08 Proceedings of the Joint European Conferences on Theory and Practice of Software 17th international conference on Compiler construction
Non-disjunctive numerical domain for array predicate abstraction
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Pentagons: A weakly relational abstract domain for the efficient validation of array accesses
Science of Computer Programming
Static analysis for software assurance: soundness, scalability and adaptiveness
Proceedings of the FSE/SDP workshop on Future of software engineering research
Distributed and predictable software model checking
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
Static analysis of string manipulations in critical embedded c programs
SAS'06 Proceedings of the 13th international conference on Static Analysis
The parallel implementation of the astrée static analyzer
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Abstract dependences for alarm diagnosis
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Detecting memory access errors with flow-sensitive conditional range analysis
ICESS'05 Proceedings of the Second international conference on Embedded Software and Systems
ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Concrete model checking with abstract matching and refinement
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Understanding the origin of alarms in ASTRÉE
SAS'05 Proceedings of the 12th international conference on Static Analysis
Integrated and automated abstract interpretation, verification and testing of c/c++ modules
Concurrency, Compositionality, and Correctness
DC2: A framework for scalable, scope-bounded software verification
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
Design and implementation of sparse global analyses for C-like languages
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
Static consistency checking for Verilog wire interconnects
Higher-Order and Symbolic Computation
The gauge domain: scalable analysis of linear inequality invariants
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Access-Based Localization for Octagons
Electronic Notes in Theoretical Computer Science (ENTCS)
TreeKs: A Functor to Make Numerical Abstract Domains Scalable
Electronic Notes in Theoretical Computer Science (ENTCS)
Speed and precision in range analysis
SBLP'12 Proceedings of the 16th Brazilian conference on Programming Languages
Dual analysis for proving safety and finding bugs
Science of Computer Programming
Adoption of Model-Based Testing and Abstract Interpretation by a Railway Signalling Manufacturer
International Journal of Embedded and Real-Time Communication Systems
Hi-index | 0.00 |
In this paper we describe the design and implementation of a static array-bound checker for a family of embedded programs: the flight control software of recent Mars missions. These codes are large (up to 280 KLOC), pointer intensive, heavily multithreaded and written in an object-oriented style, which makes their analysis very challenging. We designed a tool called C Global Surveyor (CGS) that can analyze the largest code in a couple of hours with a precision of 80%. The scalability and precision of the analyzer are achieved by using an incremental framework in which a pointer analysis and a numerical analysis of array indices mutually refine each other. CGS has been designed so that it can distribute the analysis over several processors in a cluster of machines. To the best of our knowledge this is the first distributed implementation of static analysis algorithms. Throughout the paper we will discuss the scalability setbacks that we encountered during the construction of the tool and their impact on the initial design decisions.