Testing Static Analyzers with Randomly Generated Programs [chapter]

Pascal Cuoq, Benjamin Monate, Anne Pacalet, Virgile Prevosto, John Regehr, Boris Yakobowski, Xuejun Yang
2012 Lecture Notes in Computer Science  
Static analyzers should be correct. We used the random Cprogram generator Csmith, initially intended to test C compilers, to test parts of the Frama-C static analysis platform. Although Frama-C was already relatively mature at that point, fifty bugs were found and fixed during the process, in the front-end (AST elaboration and typechecking) and in the value analysis, constant propagation and slicing plug-ins. Several bugs were also found in Csmith, even though it had been extensively tested and
more » ... had been used to find numerous bugs in compilers. Part of this work has been conducted during the ANR-funded U3CAT project.
doi:10.1007/978-3-642-28891-3_12 fatcat:56wsztwsbnejdp26tm4olshw7a