Filters








96,088 Hits in 2.9 sec

SMT-Based False Positive Elimination in Static Program Analysis [chapter]

Maximilian Junker, Ralf Huuck, Ansgar Fehnker, Alexander Knapp
2012 Lecture Notes in Computer Science  
Central to our approach is to view static analysis as a model checking problem, to iteratively compute infeasible sub-paths of infeasible paths using SMT solvers, and refine our models by adding observer  ...  Static program analysis for bug detection in large C/C++ projects typically uses a high-level abstraction of the original program under investigation.  ...  In the world of static program analysis, however, there is no good notion of automatic iterative refinement.  ... 
doi:10.1007/978-3-642-34281-3_23 fatcat:3s72vjsbc5gxtci562kczw5t3y

Practical lock/unlock pairing for concurrent programs

Hyoun Kyu Cho, T. Kelly, Yin Wang, S. Lafortune, Hongwei Liao, S. Mahlke
2013 Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)  
For languages where critical sections are not lexically scoped, e.g., C/C++, static analysis often fails to pair up lock and unlock calls correctly.  ...  Our method first applies a conservative inter-procedural path-sensitive dataflow analysis to pair up all lock and unlock calls.  ...  The authors would like to thank our shepherd (James Tuck) and the anonymous reviewers for their time, suggestions, and valuable feedback.  ... 
doi:10.1109/cgo.2013.6494990 dblp:conf/cgo/ChoKWLLM13 fatcat:mv3dntqat5gp7pieti72v32nxi

Automatic Property Checking for Software: Past, Present and Future

S.K. Rajamani
2006 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06)  
The static analyzer then looks for code paths that drive the state machine to the bad states. • Engineering tradeoffs.  ...  Recently, we have proposed a new algorithm that does counterexample driven refinement using both static analysis and testing techniques [18] .  ... 
doi:10.1109/ase.2006.24 dblp:conf/kbse/Rajamani06 fatcat:nvlqfkt7v5gfnbeecw4edea6fq

The design of SafeJML, a specification language for SCJ with support for WCET specification

Ghaith Haddad, Faraz Hussain, Gary T. Leavens
2010 Proceedings of the 8th International Workshop on Java Technologies for Real-Time and Embedded Systems - JTRES '10  
When our design of the SafeJML is implemented, it will help check the correctness of detailed designs, including timing for real-time systems written in SCJ.  ...  SafeJML extends the Java Modeling Language (JML) to allow specification and checking of both functional and timing constraints for SCJ programs.  ...  The authors also thank Ales Plesk and Purdue team for their support and help.  ... 
doi:10.1145/1850771.1850793 dblp:conf/jtres/HaddadHL10 fatcat:z77nmdj2ifhodhskpda5ojnyuq

Calysto

Domagoj Babic, Alan J. Hu
2008 Proceedings of the 13th international conference on Software engineering - ICSE '08  
to the leading, less precise, static-analysis-based tool for similar properties.  ...  Many techniques exist, trading-off varying levels of automation, thoroughness of coverage of program behavior, precision of analysis, and scalability to large code bases.  ...  Finally, we would like to thank Alex Aiken, Isil Dillig, Tom Dillig, and Peter Hawkins for helpful and timely answers on using Saturn properly and the status of the Saturn project.  ... 
doi:10.1145/1368088.1368118 dblp:conf/icse/BabicH08 fatcat:k7qsybu4dbavnmwskxlyiyhybm

A Smart Fuzzer for x86 Executables

Andrea Lanzi, Lorenzo Martignoni, Mattia Monga, Roberto Paleari
2007 Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007)  
While conventional fuzzing uses random input to discover crash conditions, smart fuzzing restricts the input space by using a preliminary static analysis of the program, then refined by monitoring each  ...  In other words, the search is driven by a mix of static and dynamic analysis in order to lead the execution path to selected corner cases that are the most likely to expose vulnerabilities, thus improving  ...  Acknowledgments We would like to thank the anonymous reviewers for their useful suggestions and comments on this paper.  ... 
doi:10.1109/sess.2007.1 dblp:conf/icse/LanziMMP07 fatcat:62z5ozk63jcf5mcow3erv5vwbu

Combining Constraint Programming and Abstract Interpretation for Value Analysis of Floating-point Programs

Olivier Ponsini, Claude Michel, Michel Rueher
2012 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation  
interpretation-based value analysis is a classical approach for verifying programs with floating-point computations.  ...  In this paper, we introduce a hybrid approach that combines abstract interpretation and constraint programming techniques in a single static and automatic analysis.  ...  More precisely, we propose to combine abstract interpretation and constraint programming techniques in a single static and automatic analysis to avoid the combinatorial explosion of the number of paths  ... 
doi:10.1109/icst.2012.175 dblp:conf/icst/PonsiniMR12 fatcat:q277ai5vcze5toqun6g75ghyvy

A Survey of Automated Techniques for Formal Software Verification

Vijay D'Silva, Daniel Kroening, Georg Weissenbacher
2008 IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems  
This paper surveys algorithms that perform automatic static analysis of software to detect programming errors or prove their absence.  ...  The three techniques considered are static analysis with abstract domains, model checking, and bounded model checking.  ...  Wahl for their helpful input.  ... 
doi:10.1109/tcad.2008.923410 fatcat:2cfyumxa6bglpai7jpvhqr5yyu

Type refinement for static analysis of JavaScript

Vineeth Kashyap, John Sarracino, John Wagner, Ben Wiedermann, Ben Hardekopf
2013 Proceedings of the 9th symposium on Dynamic languages - DLS '13  
To demonstrate the effectiveness of type refinement, we implement a static analysis tool for reporting potential type-errors in JavaScript programs.  ...  Static analysis of JavaScript has proven useful for a variety of purposes, including optimization, error checking, security auditing, program refactoring, and more.  ...  Kuefner, and Kevin Gibbons for their help in developing the static analysis infrastructure and its formal description. This work was supported by NSF CCF-1117165.  ... 
doi:10.1145/2508168.2508175 dblp:conf/dls/KashyapSWWH13 fatcat:hbjg32anjrc53kxxcx5drxtc44

Model checking dataflow for malicious input

Ansgar Fehnker, Ralf Huuck, Wolf Rödiger
2011 Proceedings of the Workshop on Embedded Systems Security - WESS '11  
We illustrate our approach with a number of analysis examples taken from existing open source C/C++ projects.  ...  The advantages of this approach are that tainted data can be tracked from its source to its application point, a precise path through the source code can be computed, speed and precision can be custom-tuned  ...  We briefly summarize: CTL allows path quantifiers A and E, and the temporal operators G, F, X, and U. The (state)  ... 
doi:10.1145/2072274.2072278 fatcat:xc62r2iv5veotg4foes3nfhbde

Backward propagation of code refinements on transformational code generation environments

Victor Guana, Eleni Stroulia
2013 2013 7th International Workshop on Traceability in Emerging Forms of Software Engineering (TEFSE)  
Our conceptual framework is based on static and symbolic execution analysis, and aims to contribute to the maintenance and evolution challenges of model-driven development.  ...  It advocates the modeling of common and variable features in software-system families with domain-specific languages, and the specification of transformation compositions for successively refining the  ...  ACKNOWLEDGEMENTS We would like to thank Suzette Person from NASA Langley for her helpful guidance on exploring differential symbolic execution techniques.  ... 
doi:10.1109/tefse.2013.6620155 dblp:conf/icse/GuanaS13 fatcat:q2vi3hrqwrcpvlhl5fz37qbtji

Trends in Formal Verification Techniques for C-based Hardware Designs

Masahiro Fujita
2009 IPSJ Transactions on System LSI Design Methodology  
Since there can be large numbers of execution paths in large design descriptions, various techniques to reduce the numbers of execution paths to be examined are incorporated.  ...  Since simple model checking does not work well for large descriptions, automatic abstractions or reductions of descriptions and their refinements are integrated with model checking methods such that reasonably  ...  For efficient static checking, the length of execution paths must be kept small and that is the reason why the analysis must be very local.  ... 
doi:10.2197/ipsjtsldm.2.2 fatcat:jyb4gt5lizdkvjrr6e2r3oig4y

InvGen: An Efficient Invariant Generator [chapter]

Ashutosh Gupta, Andrey Rybalchenko
2009 Lecture Notes in Computer Science  
InvGen's unique feature is in its use of dynamic analysis to make invariant generation order of magnitude more efficient. 1 See [5] for the syntax of transition relations.  ...  In this paper we present InvGen, an automatic linear arithmetic invariant generator for imperative programs.  ...  Table 1 shows the effect of static and dynamic analysis when dealing with the constructed examples. Random input We developed a tool for the generation of random program.  ... 
doi:10.1007/978-3-642-02658-4_48 fatcat:efvq2tef6rgdvjzvsezrbq4tli

Efficient Runtime Policy Enforcement Using Counterexample-Guided Abstraction Refinement [chapter]

Matthew Fredrikson, Richard Joiner, Somesh Jha, Thomas Reps, Phillip Porras, Hassen Saïdi, Vinod Yegneswaran
2012 Lecture Notes in Computer Science  
We developed a novel analysis, which builds on abstraction-refinement techniques, to derive a set of runtime policy checks to enforce a given policy-as well as their placement in the code.  ...  By introducing a rewriting step before runtime enforcement, we are able to perform static analysis to optimize the code introduced to track the policy state.  ...  The validation of counterexamples and learning of new predicates can be disabled altogether, which establishes the baseline effectiveness of static analysis without abstraction refinement.  ... 
doi:10.1007/978-3-642-31424-7_39 fatcat:u2q5phxmqvappiq5iioy3damqe

Predicting program execution times by analyzing static and dynamic program paths

Chang Yun Park
1993 Real-time systems  
We introduce a formal path model for dynamic path analysis, where user execution information is represented by a set of program paths.  ...  The basic prediction technique is a static analysis based on simple timing schema for source-level language constructs, which gives accurate predictions in many cases.  ...  Special thanks to Becky Callison and Sitaram Raju for their very careful reading of this paper.  ... 
doi:10.1007/bf01088696 fatcat:bdwmekcnxreotiqdcvercdriwa
« Previous Showing results 1 — 15 out of 96,088 results