Abstract
This paper describes an evaluation of static source code analyzers. The purpose of the evaluation was to determine their adequacy for use in developing realtime embedded software for aviation electronics where the use of development tools and methods is controlled by a federal regulatory agency. It describes the motivation for the evaluation, results, and conclusions.
- Zitser, Lippman, Leek, "Testing Static Analysis Tools Using Exploitable Buffer Overflows From Open Source Code", ACM Foundations of Software Engineering 12, 2004, available at http://www.ll.mit.edu/IST/pubs/04_TestingStatic_Zitser.pdf Google Scholar
Digital Library
- Kratkiewicz, Lippmann, "A Taxonomy of Buffer Overflows for Evaluating Static and Dynamic Software Testing Tools", Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics, National Institute of Standards and Technology, February 2006, pp. 44--51Google Scholar
- Michaud, et al, "Verification Tools for Software Security Bugs", Proceedings of the Static Analysis Summit, National Institute of Standards and Technology, July 2006, available at http://samate.nist.gov/docs/Google Scholar
- Newsham, Chess, "ABM: A Prototype for Benchmarking Source Code Analyzers", Proceedings of Workshop on Software Security Assurance Tools, Techniques, and Metrics, National Institute of Standards and Technology, February 2006, pp. 52--59Google Scholar
- Forristal, "Review: Source-Code Assessment Tools Kill Bugs Dead", Secure Enterprise, December 1, 2005, http://www.ouncelabs.com/secure_enterprise.htmlGoogle Scholar
- Committee on Certifiably Dependable Software Systems, Software Certification and Dependability, The National Academies Press, 2004, pp. 11--12Google Scholar
- Common Weakness Enumeration, http://cve.mitre.org/cwe/index.html#graphicalGoogle Scholar
- Chelf, Measuring Software Quality: A Study Of Open Source Software, posted March 2006 at http://www.coverity.com/library/pdf/open_source_quality_report.pdfGoogle Scholar
- Software Considerations in Airborne Systems and Equipment Certification RTCA DO-178B, December 1, 1992Google Scholar
- SAMATE Reference Dataset, National Institute of Standards and Technology, http://samate.nist.gov/SRD/Google Scholar
Index Terms
Evaluation of static source code analyzers for avionics software development
Recommendations
On development of a framework for massive source code analysis using static code analyzers
CEE-SECR '17: Proceedings of the 13th Central & Eastern European Software Engineering Conference in RussiaAuthors describe architecture and implementation of an automated source code analyzing system which uses pluggable static code analyzers. The paper presents a module for gathering and analyzing the source code massively in a detailed manner. Authors ...
Static program analysis of embedded executable assembly code
CASES '04: Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systemsWe consider the problem of automatically checking if coding standards have been followed in the development of embedded applications. The problem arises from practical considerations because DSP chip manufacturers (in our case Texas Instruments) want ...
Systematic approaches for increasing soundness and precision of static analyzers
SOAP 2017: Proceedings of the 6th ACM SIGPLAN International Workshop on State Of the Art in Program AnalysisBuilding static analyzers for modern programming languages is difficult. Often soundness is a requirement, perhaps with some well-defined exceptions, and precision must be adequate for producing useful results on realistic input programs. Formally ...






Comments