Goanna static analysis at the NIST static analysis tool exposition

In 2010 Red Lizard software participated for the first time in the Static Analysis Tool Exposition (SATE) organized by the National Institute of Standards and Technology (NIST) with the static analysis tool Goanna. The aim of SATE is to advance static analysis research and solutions that detect serious security and quality issues in source code. Goanna is a static analysis solution for the desktop and server, which find detects bugs in C/C++ source code by a combination of static analysis techniques with model checking technology. This report will give a brief introduction to source code analysis with Goanna, it describes how the submission to SATE was prepared, the results that were obtained, and some of the lessons that were learned in the process.

[1]  Ralf Huuck,et al.  Model Checking Software at Compile Time , 2007, First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07).

[2]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[3]  Gabriel M. Kuper,et al.  Structural Properties of XPath Fragments , 2003, ICDT.

[4]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[5]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[6]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[7]  C. Rattray,et al.  Specification and Verification of Concurrent Systems , 1990, Workshops in Computing.