Static Source Code Checking for User-defined Properties
نویسنده
چکیده
Only a small fraction of the output generated by typical static analysis tools tends to reveal serious software defects. There are two main causes for this phenomenon. The first is that the typical static analyzer casts its nets too broadly, reporting everything reportable, rather than what is likely to be a true bug. The second cause is that most static analyzers can check the code for only a fixed set of flaws. We describe a simple source code analyzer, UNO, that tries to remedy these problems. The default properties searched for by UNO are restricted to the most common types of error in C programs: use of uninitialized variables, nil-pointer dereferencing, and out-of-bound array indexing. The checking capabilities of UNO can be extended by the user with the definition of applicationdependent properties, which are written as ANSI-C functions.
منابع مشابه
Automatic Generation of Robustness and Security Properties from Program Source Code
Software robustness and security are critical to dependable operations of computer systems. Robustness and security of software systems are governed by various temporal properties. Static verification has been shown to be effective in checking temporal properties. But manually specifying these properties is cumbersome and requires knowledge of the system and source code. Furthermore, many syste...
متن کاملGenerating and Inferring Interface Properties for Static Analysis
Software robustness and security are critical to dependable operations of computer systems. Robustness and security of software systems are governed by various temporal properties. Static verification has been shown to be effective in checking temporal properties. But manually specifying these properties is cumbersome and requires knowledge of the system and source code. Furthermore, many syste...
متن کاملImproving Computer Security Using Extended Static Checking
We describe a method for finding security flaws in source code by way of static analysis. The method is notable because it allows a user to specify a wide range of security properties while also leveraging a set of predefined common flaws. It works by using an automated theorem prover to analyze verification conditions generated from C source code and a set of specifications that define securit...
متن کاملGoanna - A Static Model Checker
In this work we present Goanna, the first tool that uses an off-the-shelf model checker for the static analysis of C/C++ source code. We outline its architecture and show how syntactic properties can be expressed in CTL. Once the properties have been defined the tool analyses source code automatically and efficiently. We demonstrate its applicability by presenting experimental results on analys...
متن کاملADL2Net v0.8 Reference Manual
ADL2N is a multiplatform tool written in Java that provides an easy generation of behaviour models for the Fractal Component Model. Starting from a component specification written in ADL (Architecture Description Language), this application automatically generates the behaviour model expressed as an Labelled Transition System (in FC2 format). As input, the user should provide the ADL and implem...
متن کامل