Showing papers by "Cristina Cifuentes published in 2009"

BegBunch: benchmarking for C bug detection tools

Abstract: Benchmarks for bug detection tools are still in their infancy. Though in recent years various tools and techniques were introduced, little effort has been spent on creating a benchmark suite and a harness for a consistent quantitative and qualitative performance measurement. For assessing the performance of a bug detection tool and determining which tool is better than another for the type of code to be looked at, the following questions arise: 1) how many bugs are correctly found, 2) what is the tool's average false positive rate, 3) how many bugs are missed by the tool altogether, and 4) does the tool scale.In this paper we present our contribution to the C bug detection community: two benchmark suites that allow developers and users to evaluate accuracy and scalability of a given tool. The two suites contain buggy, mature open source code; bugs are representative of "real world" bugs. A harness accompanies each benchmark suite to compute automatically qualitative and quantitative performance of a bug detection tool.BegBunch has been tested to run on the Solaris™, Mac OS X and Linux operating systems. We show the generality of the harness by evaluating it with our own Parfait and three publicly available bug detection tools developed by others.

System and method for overflow detection using symbolic analysis

Abstract: A method for demand-driven symbolic analysis involves obtaining a section of code comprising an instruction from a source code file and determining a critical variable in the section of code and data dependencies related to the critical variable. The method further involves iteratively computing a symbolic value representing a range of values of the critical variable according to the data dependencies, determining a set of control predicates relevant to the critical variable at the instruction, refining the range of values according to the set of control predicates to generate a second range of values for the symbolic value, and reporting an error when the second range of values exceeds a predetermined value.

Program analysis for bug detection using parfait: invited talk

Abstract: The goal of the Parfait project is to find bugs in C source code in a scalable and precise way. To this end, Parfait was designed as a framework with layers of sound program analyses, multiple layers per bug type, to identify bugs in a program more quickly and accurately.Parfait also aims to identify security bugs, i.e., bugs that may be exploited by a malicious user. To this end, an optional pre-processing step is available to reduce the scope of potential bugs of interest.To evaluate Parfait's precision and recall, we have developed BegBunch, a bug benchmarking suite that contains existing synthetic benchmarks and samples of bugs ("bug kernels") taken from open source code.