Proceedings ArticleDOI
Parfait: designing a scalable bug checker
Cristina Cifuentes,Bernhard Scholz +1 more
- pp 4-11
TLDR
The design of Parfait is presented, a static layered program analysis framework for bug checking, designed for scalability and precision by improving false positive rates and scale to millions of lines of code.Abstract:
We present the design of Parfait, a static layered program analysis framework for bug checking, designed for scalability and precision by improving false positive rates and scale to millions of lines of code. The Parfait framework is inherently parallelizable and makes use of demand driven analyses.In this paper we provide an example of several layers of analyses for buffer overflow, summarize our initial implementation for C, and provide preliminary results. Results are quantified in terms of correctly-reported, false positive and false negative rates against the NIST SAMATE synthetic benchmarks for C code.read more
Citations
More filters
Proceedings ArticleDOI
S2E: a platform for in-vivo multi-path analysis of software systems
TL;DR: S2E's use in developing practical tools for comprehensive performance profiling, reverse engineering of proprietary software, and bug finding for both kernel-mode and user-mode binaries is demonstrated.
Verification, Model Checking and Abstract Interpretation
TL;DR: This chapter contains sections titled: Organizing Committee, Motivations and Goals, Contributions, Proceedings.
Proceedings ArticleDOI
BegBunch: benchmarking for C bug detection tools
Cristina Cifuentes,Christian Hoermann,Nathan Robert Albert Keynes,Lian Li,Simon Long,Erica Mealy,Michael Mounteney,Bernhard Scholz +7 more
TL;DR: Two benchmark suites that allow developers and users to evaluate accuracy and scalability of a given tool are presented: two suites contain buggy, mature open source code and a harness accompanies each benchmark suite to compute automatically qualitative and quantitative performance of a bug detection tool.
Proceedings ArticleDOI
User-Input Dependence Analysis via Graph Reachability
TL;DR: A static program analysis for computing user-input dependencies is introduced and can be used as a pre-processing filter to a static bug checking tool for identifying bugs that can potentially be exploited as security vulnerabilities.
Journal ArticleDOI
Static analysis of source code security
Gabriel Diaz,Juan Ramón Bermejo +1 more
TL;DR: An objective assessment results following a well-defined and repeatable methodology that analyzes the performance detecting security vulnerabilities of static analysis tools, in terms of vulnerabilities coverage and effectiveness for detecting the highest number of vulnerabilities having few false positives is provided.
References
More filters
Proceedings ArticleDOI
LLVM: a compilation framework for lifelong program analysis & transformation
Chris Lattner,Vikram Adve +1 more
TL;DR: The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.
Proceedings ArticleDOI
Lazy abstraction
TL;DR: This work presents an algorithm for model checking safety properties using lazy abstraction and describes an implementation of the algorithm applied to C programs and provides sufficient conditions for the termination of the method.
Proceedings ArticleDOI
The SLAM project: debugging system software via static analysis
Thomas Ball,Sriram K. Rajamani +1 more
TL;DR: This work has successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
Proceedings ArticleDOI
Finding bugs is easy
David Hovemeyer,William Pugh +1 more
TL;DR: It is found that even well tested code written by experts contains a surprising number of obvious bugs and that simple automatic techniques can be effective at countering the impact of both ordinary mistakes and misunderstood language features.
Journal ArticleDOI
Model Checking JAVA Programs Using Java Pathfinder
TL;DR: An effort to formally analyze, using Spin, a multi-threaded operating system for the Deep-Space 1 space craft, and of previous work in applying existing model checkers and theorem provers to real applications.
Related Papers (5)
LLVM: a compilation framework for lifelong program analysis & transformation
Chris Lattner,Vikram Adve +1 more