Model checking driven static analysis for the real world: designing and tuning large scale bug detection

Ansgar Fehnker, Ralf Huuck

Research output: Contribution to journalArticleAcademicpeer-review

6 Citations (Scopus)

Abstract

Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.
Original languageEnglish
Pages (from-to)45-56
Number of pages12
JournalInnovations in systems and software engineering
Volume9
Issue number1
DOIs
Publication statusPublished - 2013
Externally publishedYes

Fingerprint

Model checking
Static analysis
Tuning
Web browsers
Data storage equipment

Cite this

@article{912e3f73d1ff4ccc8a703cd9a8550d72,
title = "Model checking driven static analysis for the real world: designing and tuning large scale bug detection",
abstract = "Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.",
author = "Ansgar Fehnker and Ralf Huuck",
year = "2013",
doi = "10.1007/s11334-012-0192-5",
language = "English",
volume = "9",
pages = "45--56",
journal = "Innovations in systems and software engineering",
issn = "1614-5046",
publisher = "Springer",
number = "1",

}

Model checking driven static analysis for the real world: designing and tuning large scale bug detection. / Fehnker, Ansgar; Huuck, Ralf.

In: Innovations in systems and software engineering, Vol. 9, No. 1, 2013, p. 45-56.

Research output: Contribution to journalArticleAcademicpeer-review

TY - JOUR

T1 - Model checking driven static analysis for the real world: designing and tuning large scale bug detection

AU - Fehnker, Ansgar

AU - Huuck, Ralf

PY - 2013

Y1 - 2013

N2 - Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.

AB - Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.

U2 - 10.1007/s11334-012-0192-5

DO - 10.1007/s11334-012-0192-5

M3 - Article

VL - 9

SP - 45

EP - 56

JO - Innovations in systems and software engineering

JF - Innovations in systems and software engineering

SN - 1614-5046

IS - 1

ER -