Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers
Compilers: principles, techniques, and tools
Compilers: principles, techniques, and tools
A safe approximate algorithm for interprocedural aliasing
PLDI '92 Proceedings of the ACM SIGPLAN 1992 conference on Programming language design and implementation
Context-sensitive interprocedural points-to analysis in the presence of function pointers
PLDI '94 Proceedings of the ACM SIGPLAN 1994 conference on Programming language design and implementation
Efficient context-sensitive pointer analysis for C programs
PLDI '95 Proceedings of the ACM SIGPLAN 1995 conference on Programming language design and implementation
Static detection of dynamic memory errors
PLDI '96 Proceedings of the ACM SIGPLAN 1996 conference on Programming language design and implementation
Compositional pointer and escape analysis for Java programs
Proceedings of the 14th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Effective synchronization removal for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Chaff: engineering an efficient SAT solver
Proceedings of the 38th annual Design Automation Conference
Automatically validating temporal safety properties of interfaces
SPIN '01 Proceedings of the 8th international SPIN workshop on Model checking of software
Finding bugs with a constraint solver
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow-sensitive type qualifiers
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Efficient conflict driven learning in a boolean satisfiability solver
Proceedings of the 2001 IEEE/ACM international conference on Computer-aided design
Behavioral consistency of C and verilog programs using bounded model checking
Proceedings of the 40th annual Design Automation Conference
Checking and inferring local non-aliasing
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A practical flow-sensitive and context-sensitive C and C++ memory leak detector
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Static analysis for bug finding in systems software
Static analysis for bug finding in systems software
Predicate Abstraction of ANSI-C Programs Using SAT
Formal Methods in System Design
Low-overhead memory leak detection using adaptive statistical profiling
ASPLOS XI Proceedings of the 11th international conference on Architectural support for programming languages and operating systems
Region-based shape analysis with tracked locations
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Finding bugs efficiently with a SAT solver
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Verifying dereference safety via expanding-scope analysis
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Inferring Congruence Equations Using SAT
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Towards Abstraction for DynAlloy Specifications
ICFEM '08 Proceedings of the 10th International Conference on Formal Methods and Software Engineering
Implicit Flows: Can't Live with `Em, Can't Live without `Em
ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
A decision procedure for subset constraints over regular languages
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Symbolic Analysis via Semantic Reinterpretation
Proceedings of the 16th International SPIN Workshop on Model Checking Software
Demand-driven memory leak detection based on flow- and context-sensitive pointer analysis
Journal of Computer Science and Technology
Integration of verification methods for program systems
Programming and Computing Software
An Incremental Approach to Scope-Bounded Checking Using a Lightweight Formal Method
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Program analysis via satisfiability modulo path programs
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
SherLog: error diagnosis by connecting clues from run-time logs
Proceedings of the fifteenth edition of ASPLOS on Architectural support for programming languages and operating systems
A complete bounded model checking algorithm for pushdown systems
HVC'07 Proceedings of the 3rd international Haifa verification conference on Hardware and software: verification and testing
Analysis of invariants for efficient bounded verification
Proceedings of the 19th international symposium on Software testing and analysis
Practical and effective symbolic analysis for buffer overflow detection
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
SPIN'10 Proceedings of the 17th international SPIN conference on Model checking software
Loop refinement using octagons and satisfiability
SSV'10 Proceedings of the 5th international conference on Systems software verification
A memory model for static analysis of C programs
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Static program analysis of large embedded code base: an experience
Proceedings of the 4th India Software Engineering Conference
Modular bug detection with inertial refinement
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Generating analyses for detecting faults in path segments
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Debugging the data plane with anteater
Proceedings of the ACM SIGCOMM 2011 conference
Static deep error checking in large system applications using parfait
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
A dataflow analysis to improve SAT-based bounded program verification
SEFM'11 Proceedings of the 9th international conference on Software engineering and formal methods
Efficient and formal generalized symbolic execution
Automated Software Engineering
Object model construction for inheritance in c++ and its applications to program analysis
CC'12 Proceedings of the 21st international conference on Compiler Construction
Static memory leak detection using full-sparse value-flow analysis
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Interprocedural path-sensitive resource leaks detection for C programs
Proceedings of the Fourth Asia-Pacific Symposium on Internetware
Path sensitive static analysis of web applications for remote code execution vulnerability detection
Proceedings of the 2013 International Conference on Software Engineering
Marple: Detecting faults in path segments using automatically generated analyses
ACM Transactions on Software Engineering and Methodology (TOSEM) - In memoriam, fault detection and localization, formal methods, modeling and design
Scalable and incremental software bug detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
| Hi-index | 0.00 |
This article presents Saturn, a general framework for building precise and scalable static error detection systems. Saturn exploits recent advances in Boolean satisfiability (SAT) solvers and is path sensitive, precise down to the bit level, and models pointers and heap data. Our approach is also highly scalable, which we achieve using two techniques. First, for each program function, several optimizations compress the size of the Boolean formulas that model the control flow and data flow and the heap locations accessed by a function. Second, summaries in the spirit of type signatures are computed for each function, allowing interprocedural analysis without a dramatic increase in the size of the Boolean constraints to be solved. We have experimentally validated our approach by conducting two case studies involving a Linux lock checker and a memory leak checker. Results from the experiments show that our system scales well, parallelizes well, and finds more errors with fewer false positives than previous static error detection systems.