Open AccessJournal Article
Static analysis versus software model checking for bug finding
Dawson Engler,Madanlal Musuvathi +1 more
TLDR
This paper describes experiences with software model checking after several years of using static analysis to find errors, finding that expectations were often wrong.Abstract:
This paper describes experiences with software model checking after several years of using static analysis to find errors. We initially thought that the trade-off between the two was clear: static analysis was easy but would mainly find shallow bugs, while model checking would require more work but would be strictly better – it would find more errors, the errors would be deeper, and the approach would be more powerful. These expectations were often wrong.read more
Citations
More filters
Proceedings ArticleDOI
Automatic creation of SQL Injection and cross-site scripting attacks
TL;DR: This work presents a technique for finding security vulnerabilities in Web applications by analyzing the input to the application to access or modify user data and execute malicious code.
Book ChapterDOI
Execution generated test cases: how to make systems code crash itself
Cristian Cadar,Dawson Engler +1 more
TL;DR: This paper presents a technique that uses code to automatically generate its own test cases at run time by using a combination of symbolic and concrete execution.
Proceedings Article
Model Checking One Million Lines of C Code.
Hao Chen,Drew Dean,David Wagner +2 more
TL;DR: This paper reports on the practical experience using MOPS, a tool for software model checking security-critical applications, and demonstrates for the first time that model checking is practical and useful for detecting security weaknesses at large scale in real-time applications.
Journal ArticleDOI
DSD-Crasher: A hybrid analysis tool for bug finding
TL;DR: DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis that yields benefits compared to past two-step combinations in the literature, and in the evaluation with third-party applications, it demonstrates higher precision over tools that lack a dynamic step and higher efficiency over tools That lack a static step.
Proceedings ArticleDOI
DSD-Crasher: a hybrid analysis tool for bug finding
TL;DR: DSD-Crasher is a bug finding tool that follows a three-step approach to program analysis that yields benefits compared to past two-step combinations in the literature, and demonstrates higher precision over tools that lack a dynamic step and higher efficiency over tools That lack a static step.
References
More filters
Ad hoc On-Demand Distance Vector (AODV) Routing
TL;DR: A logging instrument contains a pulsed neutron source and a pair of radiation detectors spaced along the length of the instrument to provide an indication of formation porosity which is substantially independent of the formation salinity.
Journal ArticleDOI
The model checker SPIN
TL;DR: An overview of the design and structure of the verifier, its theoretical foundation, and an overview of significant practical applications are given.
Journal ArticleDOI
Model checking programs
TL;DR: A verification and testing environment for Java, called Java PathFinder (JPF), which integrates model checking, program analysis and testing, and uses state compression to handle big states and partial order and symmetry reduction, slicing, abstraction, and runtime analysis techniques to reduce the state space.
Proceedings ArticleDOI
Bandera: extracting finite-state models from Java source code
James C. Corbett,Matthew B. Dwyer,John Hatcliff,Shawn Laubach,Corina S. Păsăreanu,Robby,Hongjun Zheng +6 more
TL;DR: An integrated collection of program analysis and transformation components, called Bandera, that enables the automatic extraction of safe, compact finite-state models from program source code.
Proceedings ArticleDOI
Model checking for programming languages using VeriSoft
TL;DR: This paper discusses how model checking can be extended to deal directly with "actual" descriptions of concurrent systems, e.g., implementations of communication protocols written in programming languages such as C or C++, and introduces a new search technique that is suitable for exploring the state spaces of such systems.