skip to main content
research-article

A practical approach to formal software verification by static analysis

Published:01 April 2008Publication History
Skip Abstract Section

Abstract

Static analysis by Abstract Interpretation is a promising way for conducting formal verification of large software applications. In spite of recent successes in the verification of aerospace codes, this approach has limited industrial applicability due to the level of expertise required to engineer static analyzers. In this paper we investigate a pragmatic approach that consists of focusing on the most critical components of the application first. In this approach the user provides a description of the usage of functionalities in the critical component via a simple specification language, which is used to drive a fully automated static analysis engine. We present experimental results of the application of this approach to the verification of absence of buffer overflows in a critical library of the OpenSSH distribution.

References

  1. Coverity. http://www.coverity.com.Google ScholarGoogle Scholar
  2. Klocwork. http://www.klocwork.com.Google ScholarGoogle Scholar
  3. Open ssh. http://www.openssh.org.Google ScholarGoogle Scholar
  4. Polyspace verifier. http://www.mathworks.com/products/polyspace.Google ScholarGoogle Scholar
  5. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI'03), pages 196--207. ACM Press, June 7--14 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. G. Brat and A. Venet. Precise and scalable static program analysis of NASA flight software. In Proceedings of the 2005 IEEE Aerospace Conference, 2005.Google ScholarGoogle ScholarCross RefCross Ref
  7. P. Cousot. The calculational design of a generic abstract interpreter. In M. Broy and R. Steinbrüggen, editors, Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam, 1999.Google ScholarGoogle Scholar
  8. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th Symposium on Principles of Programming Languages, pages 238--353, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Conference Record of the Sixth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 269--282. ACM Press, New York, NY, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTRÉE Analyser. In Proceedings of the European Symposium on Programming (ESOP'05), volume 3444 of Lecture Notes in Computer Science, pages 21--30, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In Conference Record of the Fifth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 84--97. ACM Press, New York, NY, 1978. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. A. Miné. Relational abstract domains for the detection of floating-point run-time errors. In ESOP'04, volume 2986 of LNCS, pages 3--17. Springer, 2004.Google ScholarGoogle Scholar
  13. A. Venet and G. Brat. Precise and efficient static array bound checking for large embedded C programs. In Proceedings of the International Conference on Programming Language Design and Implementation, pages 231--242, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. A practical approach to formal software verification by static analysis

    Recommendations

    Comments

    Login options

    Check if you have access through your login credentials or your institution to get full access on this article.

    Sign in

    Full Access

    PDF Format

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader
    About Cookies On This Site

    We use cookies to ensure that we give you the best experience on our website.

    Learn more

    Got it!