We present the SATIrE source-to-source analysis framework within the context of ALL-TIMES, a European research and development project aimed at improving and integrating existing tools in the area of timing analysis. Within the project, SATIrE contributes by performing source-level static analysis on C programs and exporting its results for other tools to use. This work gives an overview of SAT...

A practical methodology for compilation of trustworthy real-time programs is introduced. It combines new program development and timing analysis techniques with traditional compilation and assembly technologies .

Teaching formal methods is a challenging task for several reasons. First, both the state-of-the-art knowledge and the tools are rapidly evolving. Second, there are no comprehensive textbooks covering certain topics, especially code analysis. In this paper, we share our experience with teaching two courses. The first is focused on classics of modeling and verification of software and hardware sy...

We present a semantics for architectural specifications in Casl, including an extended static analysis compatible with modeltheoretic requirements. The main obstacle here is the lack of amalgamation for Casl models. To circumvent this problem, we extend the Casl logic by introducing enriched signatures, where subsort embeddings form a category rather than just a preorder. The extended model fun...

In the approximate call-strings-based context-sensitive static analysis, because the number of distinguished contexts is finite, multiple call-contexts are inevitably joined at the entry of a procedure and the output at the exit is propagated to multiple returnsites. We found that these multiple returns frequently create a single large cycle (we call it “butterfly cycle”) covering almost all pa...

Interpretation Based Static Analysis Parameterized by Semantics

Embedded system software timing and power consumption or, in general, execution costs are state and input data dependent. Therefore, formal analysis of such dependencies leads to execution cost intervals rather than single values. These intervals depend on system concurrency, execution paths and process states, as well as on target architecture properties. This paper presents an approach to mod...

Every day, software developers produce complex and featurerich programs. Resulting code bases are so large that single developers cannot entirely understand them, relying on tools to help them write or debug their code. One such tool is static analysis, a method of reasoning about the runtime behavior of a program at compile time to detect bugs automatically. But from code development to report...

Organizational, political, and configuration mistakes in the deployment of a static source code analysis tool can eliminate most of its benefits, even while apparently meeting management goals. A list of pitfalls encountered as a static analysis consultant is presented, with discussion of techniques for avoiding or mitigating them. This article is part of a work in progress, tentatively entitle...

It’s oen useful to ask questions about programs without actually running them. For example, we might want to know if a program contains some class of bugs such as division by zero or memory access errors. For compilers static information is vital for good quality machine code generation. Another class of questions is about cost of running a program. For instance, we might want to know if the p...