Abstract
Static analysis by Abstract Interpretation is a promising way for conducting formal verification of large software applications. In spite of recent successes in the verification of aerospace codes, this approach has limited industrial applicability due to the level of expertise required to engineer static analyzers. In this paper we investigate a pragmatic approach that consists of focusing on the most critical components of the application first. In this approach the user provides a description of the usage of functionalities in the critical component via a simple specification language, which is used to drive a fully automated static analysis engine. We present experimental results of the application of this approach to the verification of absence of buffer overflows in a critical library of the OpenSSH distribution.
- Coverity. http://www.coverity.com.Google Scholar
- Klocwork. http://www.klocwork.com.Google Scholar
- Open ssh. http://www.openssh.org.Google Scholar
- Polyspace verifier. http://www.mathworks.com/products/polyspace.Google Scholar
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI'03), pages 196--207. ACM Press, June 7--14 2003. Google Scholar
Digital Library
- G. Brat and A. Venet. Precise and scalable static program analysis of NASA flight software. In Proceedings of the 2005 IEEE Aerospace Conference, 2005.Google Scholar
Cross Ref
- P. Cousot. The calculational design of a generic abstract interpreter. In M. Broy and R. Steinbrüggen, editors, Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam, 1999.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the 4th Symposium on Principles of Programming Languages, pages 238--353, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Conference Record of the Sixth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 269--282. ACM Press, New York, NY, 1979. Google Scholar
Digital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTRÉE Analyser. In Proceedings of the European Symposium on Programming (ESOP'05), volume 3444 of Lecture Notes in Computer Science, pages 21--30, 2005. Google Scholar
Digital Library
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In Conference Record of the Fifth Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pages 84--97. ACM Press, New York, NY, 1978. Google Scholar
Digital Library
- A. Miné. Relational abstract domains for the detection of floating-point run-time errors. In ESOP'04, volume 2986 of LNCS, pages 3--17. Springer, 2004.Google Scholar
- A. Venet and G. Brat. Precise and efficient static array bound checking for large embedded C programs. In Proceedings of the International Conference on Programming Language Design and Implementation, pages 231--242, 2004. Google Scholar
Digital Library
Index Terms
A practical approach to formal software verification by static analysis
Recommendations
Selective X-Sensitive Analysis Guided by Impact Pre-Analysis
We present a method for selectively applying context-sensitivity during interprocedural program analysis. Our method applies context-sensitivity only when and where doing so is likely to improve the precision that matters for resolving given queries. ...
Pushdown control-flow analysis for free
POPL '16Traditional control-flow analysis (CFA) for higher-order languages introduces spurious connections between callers and callees, and different invocations of a function may pollute each other's return flows. Recently, three distinct approaches have been ...
An algorithmic mitigation of large spurious interprocedural cycles in static analysis
We present a simple algorithmic extension of the approximate call-strings approach to mitigate substantial performance degradation caused by spurious interprocedural cycles. Spurious interprocedural cycles are, in a realistic setting, the key reasons ...






Comments