Varieties of Static Analyzers: A Comparison with ASTREE

We discuss the characteristic properties of ASTREE, an automatic static analyzer for proving the absence of runtime errors in safety-critical real-time synchronous control command C programs, and compare it with a variety of other program analysis tools.

[1]  G. Morrisett,et al.  Cyclone : A Type-Safe Dialect of C ∗ , 2004 .

[2]  K. Rustan M. Leino,et al.  An Extended Static Checker for Modular-3 , 1998, CC.

[3]  Xavier Leroy,et al.  Formal certification of a compiler back-end or: programming a compiler with a proof assistant , 2006, POPL '06.

[4]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[5]  Xavier Rival,et al.  Abstract Interpretation-Based Certification of Assembly Code , 2002, VMCAI.

[6]  Alexander Aiken,et al.  Banshee: A Scalable Constraint-Based Analysis Toolkit , 2005, SAS.

[7]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[8]  Antoine Miné Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics , 2006, LCTES '06.

[9]  Amir Pnueli,et al.  The Code Validation Tool (CVT) , 1998, International Journal on Software Tools for Technology Transfer (STTT).

[10]  Claude Marché,et al.  Multi-prover Verification of C Programs , 2004, ICFEM.

[11]  William Pugh,et al.  Static analysis of upper and lower bounds on dependences and parallelism , 1994, TOPL.

[12]  Gerard J. Holzmann,et al.  UNO: Static Source Code Checking for User-Defined Properties 1 , 2002 .

[13]  David Hovemeyer,et al.  Evaluating and tuning a static analysis to find null pointer bugs , 2005, PASTE '05.

[14]  Antoine Miné,et al.  Relational Abstract Domains for the Detection of Floating-Point Run-Time Errors , 2004, ESOP.

[15]  Robin Milner,et al.  A Theory of Type Polymorphism in Programming , 1978, J. Comput. Syst. Sci..

[16]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[17]  Jérôme Feret,et al.  The Arithmetic-Geometric Progression Abstract Domain , 2005, VMCAI.

[18]  Hassen Saïdi,et al.  Verifying Invariants Using theorem Proving , 1996, CAV.

[19]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[20]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[21]  Naveen Kumar,et al.  Transparent debugging of dynamically instrumented programs , 2005, CARN.

[22]  Thomas A. Henzinger,et al.  Checking Memory Safety with Blast , 2005, FASE.

[23]  David Monniaux,et al.  The Parallel Implementation of the Astrée Static Analyzer , 2005, APLAS.

[24]  Matthew B. Dwyer,et al.  Domain-specific Model Checking Using The Bogor Framework , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[25]  William R. Bush,et al.  A static analyzer for finding dynamic programming errors , 2000, Softw. Pract. Exp..

[26]  Michael E. Fagan Design and Code Inspections to Reduce Errors in Program Development , 1976, IBM Syst. J..

[27]  Patrice Godefroid,et al.  Software Model Checking: The VeriSoft Approach , 2005, Formal Methods Syst. Des..

[28]  Xavier Rival,et al.  Trace Partitioning in Abstract Interpretation Based Static Analyzers , 2005, ESOP.

[29]  Alexander Aiken,et al.  Polymorphic versus Monomorphic Flow-Insensitive Points-to Analysis for C , 2000, SAS.

[30]  Leslie Hatton Safer C: Developing for High-Integrity and Safety-Critical Systems , 1995 .

[31]  Matthew B. Dwyer,et al.  Translating Java for Multiple Model Checkers: The Bandera Back-End , 2005, Formal Methods Syst. Des..

[32]  Patrick Cousot,et al.  Combination of Abstractions in the ASTRÉE Static Analyzer , 2006, ASIAN.

[33]  Alain Deutsch,et al.  STATIC VERIFICATION OF DYNAMIC PROPERTIES , 2003 .

[34]  Matthieu Martel An Overview of Semantics for the Validation of Numerical Programs , 2005, VMCAI.

[35]  Laurie A. Williams,et al.  On the value of static analysis for fault detection in software , 2006, IEEE Transactions on Software Engineering.

[36]  Jérôme Feret,et al.  Static Analysis of Digital Filters , 2004, ESOP.

[37]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[38]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[39]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[40]  George C. Necula,et al.  CCured: type-safe retrofitting of legacy software , 2005, TOPL.

[41]  Xavier Rival,et al.  Symbolic transfer function-based approaches to certified compilation , 2004, POPL.

[42]  David Monniaux Compositional Analysis of Floating-Point Linear Numerical Filters , 2005, CAV.

[43]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[44]  George C. Necula,et al.  SafeDrive: safe and recoverable extensions using language-based techniques , 2006, OSDI '06.

[45]  Antoine Miné,et al.  Symbolic Methods to Enhance the Precision of Numerical Abstract Domains , 2006, VMCAI.

[46]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[47]  Patrick Cousot,et al.  Design and Implementation of a Special-Purpose Static Program Analyzer for Safety-Critical Real-Time Embedded Software , 2002, The Essence of Computation.

[48]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[49]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .

[50]  Jean-Christophe Filliâtre,et al.  Formal Verification of Floating-Point Programs , 2007, 18th IEEE Symposium on Computer Arithmetic (ARITH '07).

[51]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[52]  Xavier Leroy,et al.  Coinductive big-step operational semantics , 2006, Inf. Comput..

[53]  N. Nagappan,et al.  Static analysis tools as early indicators of pre-release defect density , 2005, Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005..

[54]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[55]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[56]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[57]  Yu Guo,et al.  First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering, TASE 2007, June 5-8, 2007, Shanghai, China , 2007, TASE.

[58]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[59]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[60]  Hosik Choi,et al.  An empirical study on classification methods for alarms from a bug-finding static C analyzer , 2007, Inf. Process. Lett..

[61]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[62]  Nicholas Nethercote,et al.  Valgrind: a framework for heavyweight dynamic binary instrumentation , 2007, PLDI '07.

[63]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[64]  David Evans,et al.  Statically Detecting Likely Buffer Overflow Vulnerabilities , 2001, USENIX Security Symposium.

[65]  Laurent Mauborgne,et al.  Astrée: verification of absence of run-time error , 2004, IFIP Congress Topical Sessions.

[66]  Jean Souyris,et al.  Applying Formal Proof Techniques to Avionics Software: A Pragmatic Approach , 1999, World Congress on Formal Methods.

[67]  Daniel Kroening,et al.  ANSI-C Bounded Model Checker User Manual , 2003 .

[68]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[69]  Antoine Miné,et al.  A Few Graph-Based Relational Numerical Abstract Domains , 2002, SAS.

[70]  Roman Manevich,et al.  TVLA: A system for generating abstract interpreters , 2004, IFIP Congress Topical Sessions.