Static analysis for software assurance: soundness, scalability and adaptiveness

Standard approaches to software assurance are either process-based or test-based. We propose to include static analysis by Abstract interpretation to the software development cycle. Static analysis by Abstract Interpretation provides a high level of assurance as well as ground-truth evidence in support of its findings. Successes in the verification of large industrial codes demonstrate the readiness of this technology. However, in order to be practical in real development environments, static analysis must be able to scale and yield few false positives without the need for expert hand-tuning. We present a research agenda to reach this goal based on the development of adaptive static analysis algorithms.

[1]  G. Brat,et al.  Precise and Scalable Static Program Analysis of NASA Flight Software , 2005, 2005 IEEE Aerospace Conference.

[2]  Arnaud Venet,et al.  A Scalable Nonuniform Pointer Analysis for Embedded Programs , 2004, SAS.

[3]  Brian A. Davey,et al.  An Introduction to Lattices and Order , 1989 .

[4]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[5]  Arnaud Venet,et al.  Abstract Cofibered Domains: Application to the Alias Analysis of Untyped Programs , 1996, SAS.

[6]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[7]  Antoine Mid The Octagon Abstract Domain , 2001 .

[8]  Michael Barr,et al.  Category theory for computing science , 1995, Prentice Hall International Series in Computer Science.

[9]  I. Moerdijk,et al.  Sheaves in geometry and logic: a first introduction to topos theory , 1992 .

[10]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[11]  Matthieu Martel,et al.  Abstract Simulation: A Static Analysis of Simulink Models , 2009, 2009 International Conference on Embedded Software and Systems.

[12]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[13]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[14]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[15]  Eric Goubault,et al.  Space Software Validation using Abstract Interpretation , 2009 .

[16]  Thomas W. Reps,et al.  Symbolic Implementation of the Best Transformer , 2004, VMCAI.

[17]  Thomas W. Reps,et al.  Abstraction Refinement via Inductive Learning , 2005, CAV.

[18]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[19]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[20]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[21]  Jérôme Feret The Arithmetic-Geometric Progression Abstract Domain , 2005, VMCAI.

[22]  Patrick Cousot,et al.  A Sound Floating-Point Polyhedra Abstract Domain , 2008, APLAS.

[23]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.