Varieties of static analyzers: A comparison with ASTRÉE

First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering, TASE '07

Volumn , Issue , 2007, Pages 3-17

  Cousot, Patrick ^a   Cousot, Radhia ^b   Feret, Jérôme ^a   Miné, Antoine ^a   Mauborgne, Laurent ^a   Monniaux, David ^c   Rival, Xavier ^a  

^a ECOLE NORMALE SUPÉRIEURE   (France)

^b ECOLE POLYTECHNIQUE   (France)

^c CNRS   (France)

Author keywords

[No Author keywords available]

Indexed keywords

C (PROGRAMMING LANGUAGE); COMPUTER PROGRAM LISTINGS; REAL TIME SYSTEMS;

PROGRAM ANALYSIS TOOLS; RUNTIME ERRORS; STATIC ANALYZER;

ANALOG DIFFERENTIAL ANALYZERS;

EID: 34548815895     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/TASE.2007.55     Document Type: Conference Paper

References (80)

1. T. Ball and S. Rajamani. The SLAM project: debugging system software via static analysis. In 29th ACM Symp. on Principles of Prog. Lang., POPL '02, pp. 1-3, 2002.
2. D. Beyer, T. Henzinger, R. Jhala, and R. Majumdar. Checking memory safety with BLAST. In 8th Int. Conf. on Fundamental Approaches to Soft. Eng., FASE '05, LNCS 3442, pp. 2-18. Springer, 2005.
3. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software. In The Essence of Computation: Complexity, Analysis, Transformation. Essays Dedicated to Neil D. Jones, LNCS 2566, pp. 85-108. Springer, 2002.
4. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A Static Analyzer for Large Safety-Critical Software. In ACM Conf. on Prog. Lang. Design and Impl., PLDI '03, pp. 196-207, 2003.
5. S. Boldo and J.-C. Filliâtre. Formal Verification of Floating-Point Programs. In 18th IEEE Int. Symp. on Computer Arithmetic, ARITH '18, 2007.
6. B. Brew and M. Johnson. Value Lattice Static Analysis, A New Approach to Static Analysis. Dr. Dobbs J., 2001.
7. W. Bush, J. Pincus, and D. Sielaff. A Static Analyzer for Finding Dynamic Programming Errors. Soft. Pract. and Exp., 30(7):775-802, 2000.
8. S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular Verification of Software Components in C. IEEE Trans. on Soft. Eng., 30(6):388-402, 2004.
9. E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample- guided abstraction refinement for symbolic model checking. J. Acm, 50(5):752-794, 2003.
10. E. Clarke and D. Kroening. ANSI-C Bounded Model Checker User Manual. Technical report, School of Computer Science, Carnegie Mellon University, 2006.
11. E. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In Tools and Algorithms for the Construction and Analysis of Systems, TACAS '04, LNCS 2988, pp. 168-176. Springer, 2004.
12. T. Copeland. PMD Applied. Centennial Books, 2005.
13. P. Cousot and R. Cousot. Static determination of dynamic properties of programs. In 2nd Int. Symp. on Programming, pp. 106-130, Paris, France, 1976. Dunod.
14. P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Conf. Rec. 4th ACM Symp. on Principles of Prog. Lang., POPL '77, pp. 238-252, 1977.
15. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Conf. Rec. 6th ACM Symp. on Principles of Prog. Lang., POPL '79, pp. 269-282, 1979.
16. P. Cousot and R. Cousot. Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation. In 4th Int. Symp. Prog. Lang. Implementation and Logic Programming, PLILP'92, LNCS 631, pp. 269-295. Springer, 1992.
17. P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. The ASTRÉE analyser. In 14th European Symp. on Prog. Lang, and Systems, ESOP '05, LNCS 3444, pp. 21-30. Springer, 2005.
18. P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Combination of Abstractions in the ASTRÉE Static Analyzer. In 11th Asian Comp. Sci. Conf., ASIAN 06, LNCS. Springer, 2006.
19. P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In Conf. Rec. 5th ACM Symp. on Principles of Prog. Lang., POPL '78, pp. 84-97, 1978.
20. A. Deutsch. Static Verification Of Dynamic Properties. PolySpace Technologies, www.polyspace.com.
21. D. Engler, D. Y. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code. In 18th ACM Symp. on Operating Systems Principles, 2001.
22. M. Fagan. Design and code inspections to reduce errors in program development. IBM Systems J., 15(3):258-287, 1976.
23. J. Feret. Static Analysis of Digital Filters. In 13th European Symp. on Prog. Lang, and Systems, ESOP '2004, Barcelona, Spain, LNCS 2986, pp. 33-48. Springer, 2004.
24. J. Feret. The Arithmetic-Geometric Progression Abstract Domain. In 6th International Conference on Verification, Model Checking and Abstract Interpretation, VMCAI '2005, Paris, France, LNCS 3385, pp. 42-58. Springer, 2005.
25. J.-C. Filliâtre and C. Marché. Multi-Prover Verification of C Programs. In 6th Int. Conf. on Formal Engineering Methods, ICFEM '04, LNCS 3308, pp. 15-29. Springer, 2004.
26. C. Flanagan, K. M. Leino, M. Lillibridge, G. Nelson, J. Saxe, and R. Stata. Extended static checking for Java. In ACM Conf. on Prog. Lang. Design and Impl., PLDI '02, pp. 234-245, 2002.
27. J. Foster, M. Fähndrich, and A. Aiken. Polymorphic versus Monomorphic Flow-insensitive Points-to Analysis for C. In 7th Int. Sym. on Static Analysis, SAS '00, LNCS 1824, pp. 175-198. Springer, 2000.
28. P. Godefroid. Software Model Checking: The VeriSoft Approach. Formal Methods in System Design, 26(2):77-101, 2005.
29. S. Graf and H. Saïdi. Verifying Invariants Using Theorem Proving. In 8th Int. Conf. on Computer Aided Verification, CAV '97, LNCS 1102, pp. 196-207. Springer, 1996.
30. P. Granger. Static Analysis of Arithmetical Congruences. Int. J. Comput. Math., 30:165-190, 1989.
31. D. Grossman, M. Hicks, T. Jim, and G. Morrisett. Cyclone: a Type-safe Dialect of C. C/C++ Users J., 23(1), 2005.
32. S. Gupta and G. Sreenivasamurthy. Navigating "C" in a "leaky" boat? Try Purify, www-128.ibm.com/developerworks/rational/ library/'06/0822_satish-Giridhar/, 2006.
33. L. Hatten. Safer C: Developing for High-Integrity and Safety-Critical Systems. McGraw-Hill, 1995.
34. T. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Proc. 29th ACM Symp. on Principles of Prog. Lang., POPL '02, pp. 58-70. ACM Press, 2002.
35. G. Holzmann. UNO: Static Source Code Checking for User-Defined Properties. In 6th World Conf. on Integrated Design and Process Technology, IDPT '02, 2002.
36. G. Holzmann. The SPIN MODEL CHECKER, Primer and Reference Manual. Addison-Wesley, Sept. 2003.
37. D. Hovemeyer, J. Spacco, and W. Pugh. Evaluating and tuning a static analysis to find null pointer bugs. In ACM Workshop on Program Analysis For Software Tools and Engineering, PASTE '05, pp. 13-19, 2005.
38. Esterel Technologies. SCADE Suite™, The Standard for the Development of Safety-Critical Embedded Software in the Avionics Industry, www.esterel-technologies.com/products/scade-suite/.
39. Gimpel Software®. PC-lint™/ FlexeLint™ Value Tracking. www.gimpel.com.
40. GrammaTech ®. CodeSonar: A code-analysis tool that identifies complex bugs at compile time, www.grammatech.com/products/codesurfer/.
41. Klocwork®. Klocwork K7™. www.klocwork.com.
42. The MathWorks. Simulink® - Simulation and Model-Based Design. www.mathworks.com/products/ simulink/.
43. Reasoning, Inc. Reasoning inspection service defect data, Tomcat, version 4.1.24. www.reasoning.com/pdf/Tomcat_Defect_Report.pdf, 2003.
44. R. Iosif, M. Dwyer, and J. Hatcliff. Translating Java for Multiple Model Checkers: The Bandera Back-End. Formal Methods in System Design, 26(2):137-180, 2005.
45. ISO/IEC. International standard - Programming languages - C, 1999. Standard 9899:1999.
46. D. Jackson. Software Abstractions: Logic, Language, and Analysis. MIT Press. Cambridge, MA., 2006.
47. B. Jeannet and A. Miné. The Apron Numerical Abstract Domain Library, apron.cri.ensmp.fr/library/.
48. J. Kodumal and A. Aiken. Banshee: A Scalable Constraint-Based Analysis Toolkit. In 7th Int. Sym. on Static Analysis, SAS '07, LNCS 3672, pp. 218-234. Springer, 2005.
49. N. Kumar and R. Peri. Transparent Debugging of Dynamically Instrumented Programs. ACM SIGARCH Computer Architecture News, 33(5):57-62, 2005.
50. D. Larochelle and D. Evans. Statically Detecting Likely Buffer Overflow Vulnerabilities. In 2001 USENIX Security Symposium, Washington, D.C., 2001.
51. K. Leino and G. Nelson. An Extended Static Checker for Modula-3. In 7th Int. Conf. on Compiler Construction, CC '98, LNCS 1383, pp. 302-305. Springer, 1998.
52. X. Leroy. Coinductive Big-Step Operational Semantics. In 15th European Symp. on Prog. Lang, and Systems, ESOP '2006, LNCS 3924, pp. 54-68. Springer, 2006.
53. X. Leroy. Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In Conf. Rec. 33rd ACM Symp. on Principles of Prog. Lang., POPL'06, pp. 42-54, 2006.
54. T. Lev-Ami, R. Manevich, and M. Sagiv. TVLA: A System for Generating Abstract Interpreters. In P. Jacquart, editor, Building the Information Society, chapter 4, pp. 367-376. Kluwer Academic Publishers, Dordrecht, The Netherlands, 2004.
55. M. Martel. An Overview of Semantics for the Validation of Numerical Programs. In 6th Int. Conf. on Verification, Model Checking, and Abstract Interpretation, VMCAI '05, LNCS 3385, pp. 59-77, 2005.
56. L. Mauborgne. ASTRÉE: verification of absence of run-time error. In P. Jacquart, editor, Building the Information Society, chapter 4, pp. 385-392. Kluwer Acad. Pub. Dordrecht, The Netherlands, 2004.
57. L. Mauborgne and X. Rival. Trace Partitioning in Abstract Interpretation Based Static Analyzer. In 14th European Symp. on Prog. Lang, and Systems, ESOP '05, LNCS 3444, pp. 5-20. Springer, 2005.
58. R. Milner. A theory of type polymorphism in programming. J. of Comp. and Sys. Sciences, 17:348-375, 1978.
59. A. Miné. A Few Graph-Based Relational Numerical Abstract Domains. In 9th Int. Symp. on Static Analysis, SAS '02, LNCS 2477, pp. 117-132. Springer, 2002.
60. A. Miné. Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors. In 13th European Symp. on Prog. Lang, and Systems, ESOP '04, LNCS 2986, pp. 3-17. Springer, 2004.
61. A. Miné. The Octagon Abstract Domain. Higher-Order and Symbolic Computation, 19:31-100, 2006.
62. A. Miné. Field-Sensitive Value Analysis of Embedded C Programs with Union Types and Pointer Arithmetics. In ACM Conf. on Languages, Compilers, and Tools for Embedded Systems, LCTES '2006, pp. 54-63, 2006.
63. A. Miné. Symbolic Methods to Enhance the Precision of Numerical Abstract Domains. In 7th Int. Conf. on Verification, Model Checking and Abstract Interpretation VMCAI '06, LNCS 3855, pp. 348-363. Springer, 2006.
64. MISRA (The Motor Industry Software Reliability Association). Guidelines for the use of the C language in vehicle based systems Software, www.misra.org.uk, 1998.
65. D. Monniaux. The Parallel Implementation of the ASTRéE Static Analyzer. In 3rd Asian Symp. on Prog. Lang, and Systems, APLAS '05, LNCS 3780, pp. 86-96. Springer, 2005.
66. D. Monniaux. Compositional Analysis of Floating-Point Linear Numerical Filters. In 17th Int. Conf. on Computer Aided Verification, CAV '05, LNCS 3576, pp. 199-212. Springer, 2005.
67. N. Nagappan and T. Ball. Static analysis tools as early indicators of pre-release defect density. In Proc. 27th ACM SIGSOFT Int. Conf. on Software engineering, pp. 580-586. ACM Press, 2005.
68. G. Necula, J. Condit, M. Harren, S. McPeak, and W. Weimer. CCured: Type-Safe Retrofitting of Legacy Software. ACM Trans. Program. Lang. Syst., 27(3):477-526, 2005.
69. N. Nethercote and J. Seward. Valgrind: A Framework for Heavyweight Dynamic Binary Instrumentation. In ACM Conf. on Prog. Lang. Design and Impl., PLDI '07, 2007.
70. A. Pnueli, O. Shtrichman, and M. Siegel. The Code Validation Tool CVT: Automatic Verification of a Compilation Process. Int. J. on Soft. Tools for Tech. Trans., 2(2):192-201, 1998.
71. W. Pugh and D. Wonnacott. Static Analysis of Upper and Lower Bounds on Dependences and Parallelism. ACM Trans. Program. Lang. Syst., 16(4): 1248-1278, 1994.
72. F. Randimbivololona, J. Souyris, P. Baudin, A. Pacalet, J. Raguideau, and D. Schoen. Applying Formal Proof Techniques to Avionics Software: A Pragmatic Approach. In World Congress on Formal Methods in the Development of Computing Systems, LNCS 1709, pp. 1798-1815. Springer, 1999.
73. X. Rival. Abstract Interpretation Based Certification of Assembly Code. In 4th Int. Conf. on Verification, Model Checking and Abstract Interpretation, VMCAIS '03, LNCS 2575, pp. 41-55. Springer, 2003.
74. X. Rival. Symbolic Transfer Functions-based Approaches to Certified Compilation. In Conf. Rec. 31st ACM Symp. on Principles of Prog. Lang., POPL '01, pp. 1-13, 2004.
75. Robby, M. Dwyer, and J. Hatcliff. Domain-specific Model Checking Using The Bogor Framework. In 21st IEEE/ACM Int. Conf. on Automated Software Engineering, ASE '06, Tokyo, Japan, 2006.
76. A. Venet and G. Brat. Precise and Efficient Static Array Bound Checking for Large Embedded C Programs. In Int. Conf. on Prog. Lang. Design and Impl., PLDI '04, pp. 231-242. ACM Press, 2004.
77. W. Visser, K. Havelund, G. Brat, S. Park, and F. Lerda. Model Checking Programs. Automated Soft. Eng. J., 10(2), 2003.
78. K. Yi, H. Choi, J. Kim, and Y Kim. An Empirical Study on Classification Methods for Alarms from a Bug-Finding Staue C Analyzer. Inf. Proc. Let., 102(2-3):118-123, 2007.
79. J. Zheng, L. Williams, N. Nagappan, W. Snipes, J. Hudepohl, and M. Vouk. On the value of static analysis for fault detection in software. IEEE Trans. on Soft. Eng., 32(4):240-253, 2006.
80. F. Zhou, J. Condit, Z. Anderson, I. Bagrak, R. Ennals, M. Harren, G. Necula, and E. Brewer. SafeDrive: Safe and Recoverable Extensions Using Language-Based Techniques. In Operating System Design and Implementation, OSDI '06. USENIX Assoc., 2006.