scispace - formally typeset
Search or ask a question
Topic

Static program analysis

About: Static program analysis is a research topic. Over the lifetime, 4285 publications have been published within this topic receiving 84831 citations. The topic is also known as: static code analysis & static analysis.


Papers
More filters
Book
22 Oct 1999
TL;DR: This book is unique in providing an overview of the four major approaches to program analysis: data flow analysis, constraint-based analysis, abstract interpretation, and type and effect systems.
Abstract: Program analysis utilizes static techniques for computing reliable information about the dynamic behavior of programs. Applications include compilers (for code improvement), software validation (for detecting errors) and transformations between data representation (for solving problems such as Y2K). This book is unique in providing an overview of the four major approaches to program analysis: data flow analysis, constraint-based analysis, abstract interpretation, and type and effect systems. The presentation illustrates the extensive similarities between the approaches, helping readers to choose the best one to utilize.

1,955 citations

Proceedings Article
01 Nov 2008
TL;DR: This work presents an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation, and implemented this algorithm in SAGE (Scalable, Automated, Guided Execution), a new tool employing x86 instruction-level tracing and emulation for white box fuzzing of arbitrary file-reading Windows applications.
Abstract: Fuzz testing is an effective technique for finding security vulnerabilities in software Traditionally, fuzz testing tools apply random mutations to well-formed inputs of a program and test the resulting values We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation Our approach records an actual run of the program under test on a well-formed input, symbolically evaluates the recorded trace, and gathers constraints on inputs capturing how the program uses these The collected constraints are then negated one by one and solved with a constraint solver, producing new inputs that exercise different control paths in the program This process is repeated with the help of a code-coverage maximizing heuristic designed to find defects as fast as possible We have implemented this algorithm in SAGE (Scalable, Automated, Guided Execution), a new tool employing x86 instruction-level tracing and emulation for whitebox fuzzing of arbitrary file-reading Windows applications We describe key optimizations needed to make dynamic test generation scale to large input files and long execution traces with hundreds of millions of instructions We then present detailed experiments with several Windows applications Notably, without any format-specific knowledge, SAGE detects the MS07-017 ANI vulnerability, which was missed by extensive blackbox fuzzing and static analysis tools Furthermore, while still in an early stage of development, SAGE has already discovered 30+ new bugs in large shipped Windows applications including image processors, media players, and file decoders Several of these bugs are potentially exploitable memory access violations

1,221 citations

Journal ArticleDOI
TL;DR: This paper calculated the object-oriented metrics given by Chidamber and Kemerer to illustrate how fault-proneness detection of the source code of the open source Web and e-mail suite called Mozilla can be carried out and checked the values obtained against the number of bugs found in its bug database to validate the usefulness of these metrics for fault- proneness prediction.
Abstract: Open source software systems are becoming increasingly important these days. Many companies are investing in open source projects and lots of them are also using such software in their own work. But, because open source software is often developed with a different management style than the industrial ones, the quality and reliability of the code needs to be studied. Hence, the characteristics of the source code of these projects need to be measured to obtain more information about it. This paper describes how we calculated the object-oriented metrics given by Chidamber and Kemerer to illustrate how fault-proneness detection of the source code of the open source Web and e-mail suite called Mozilla can be carried out. We checked the values obtained against the number of bugs found in its bug database - called Bugzilla - using regression and machine learning methods to validate the usefulness of these metrics for fault-proneness prediction. We also compared the metrics of several versions of Mozilla to see how the predicted fault-proneness of the software system changed during its development cycle.

894 citations

Patent
Michel K. Bowman-Amuah1
31 Aug 1999
TL;DR: In this article, a system, method, and article of manufacture are provided for affording consistency in a development architecture framework as components in the framework change, and tools are also provided for managing the different versions of the program code.
Abstract: A system, method, and article of manufacture are provided for affording consistency in a development architecture framework as components in the framework change. A reference program code is provided and a plurality of sets of updated program code are received which represent different versions of the program code. The sets of the updated program code are compared with the reference program code in order to identify information relating to changes and the information is classified in relation to the changes. Tools are also provided for managing the different versions of the program code.

819 citations

Patent
02 Mar 2001
TL;DR: In this article, an automated software production system is provided, in which system requirements are captured, converted into a formal specification, and validated for correctness and completeness, and a translator is provided to automatically generate a complete, robust software application based on the validated formal specification.
Abstract: An automated software production system is provided, in which system requirements are captured, converted into a formal specification, and validated for correctness and completeness. In addition, a translator is provided to automatically generate a complete, robust software application based on the validated formal specification, including user-interface code and error handling code.

797 citations


Network Information
Related Topics (5)
Component-based software engineering
24.2K papers, 461.9K citations
89% related
Software development
73.8K papers, 1.4M citations
87% related
Software construction
36.2K papers, 743.8K citations
86% related
Software system
50.7K papers, 935K citations
86% related
Model checking
16.9K papers, 451.6K citations
84% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202328
202273
2021146
2020170
2019194
2018187