Automatically Finding Bugs in Open Source Programs

We consider properties desirable for static analysis tools targeted at finding bugs in the real open source code, and review tools based on various approaches to defect detection. A static analysis tool is described, that includes a framework for flow-sensitive interprocedural dataflow analysis and scales to analysis of large programs. The framework enables implementation of multiple checkers searching for specific bugs, such as null pointer dereference and buffer overflow, abstracting from the checkers details such as alias analysis.

[1]  Benjamin Livshits,et al.  Tracking pointers with path and context sensitivity for bug detection in C programs , 2003, ESEC/FSE-11.

[2]  Ulf Nilsson,et al.  A Comparative Study of Industrial Static Analysis Tools , 2008, SSV.

[3]  Monica S. Lam,et al.  Efficient context-sensitive pointer analysis for C programs , 1995, PLDI '95.

[4]  Dawson R. Engler,et al.  ARCHER: using symbolic, path-sensitive analysis to detect memory access errors , 2003, ESEC/FSE-11.

[5]  Isil Dillig,et al.  Static error detection using semantic inconsistency inference , 2007, PLDI '07.

[6]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[7]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[8]  Richard Lippmann,et al.  Testing static analysis tools using exploitable buffer overflows from open source code , 2004, SIGSOFT '04/FSE-12.

[9]  Michael Hind,et al.  Pointer analysis: haven't we solved this problem yet? , 2001, PASTE '01.

[10]  Yang Meng Tan,et al.  LCLint: a tool for using specifications to check code , 1994, SIGSOFT '94.

[11]  Donglin Liang,et al.  Efficient Computation of Parameterized Pointer Information for Interprocedural Analyses , 2001, SAS.

[12]  Andy Chou,et al.  Bugs as Inconsistent Behavior: A General Approach to Inferring Errors in Systems Code. , 2001, SOSP 2001.

[13]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[14]  Patrick Cousot,et al.  Modular Static Program Analysis , 2002, CC.

[15]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[16]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[17]  Sriram K. Rajamani,et al.  Thorough static analysis of device drivers , 2006, EuroSys.

[18]  David A. Wagner,et al.  This copyright notice must be included in the reproduced paper. USENIX acknowledges all trademarks herein. Detecting Format String Vulnerabilities with Type Qualifiers , 2001 .

[19]  David Hovemeyer,et al.  Finding bugs is easy , 2004, SIGP.

[20]  Gary McGraw,et al.  ITS4: a static vulnerability scanner for C and C++ code , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).