Buscar

Estamos realizando la búsqueda. Por favor, espere...

An approach to static-dynamic software analysis

Abstract: Safety-critical software in industry is typically subjected to both dynamic testing as well as static program analysis. However, while testing is expensive to scale, static analysis is prone to false positives and/or false negatives. In this work we propose a solution based on a combination of static analysis to zoom into potential bug candidates in large code bases and symbolic execution to confirm these bugs and create concrete witnesses. Our proposed approach is intended to maintain scalability while improving precision and as such remedy the shortcomings of each individual solution. Moreover, we developed the SEEKFAULT tool that creates local symbolic execution targets from static analysis bug candidates and evaluate its effectiveness on the SV-COMP loop benchmarks. We show that a conservative tuning can achieve a 98 % detecting rate in that benchmark while at the same time reducing false positive rates by around 50 % compared to a singular static analysis approach.

Otras comunicaciones del congreso o articulos relacionados con autores/as de la Universidad de Cantabria

 Autoría: Gonzalez-de-Aledo P., Sanchez P., Huuck R.,

 Congreso: International Workshop on Formal Techniques for Safety-Critical Systems: FTSCS (4º : 2015 : París)

 Editorial: Springer Verlag

 Año de publicación: 2016

 Nº de páginas: 16

 Tipo de publicación: Comunicación a Congreso

 DOI: 10.1007/978-3-319-29510-7_13

 ISSN: 1865-0929

 Proyecto español: TEC2011-28666-C04-02

 Url de la publicación: https://doi.org/10.1007/978-3-319-29510-7_13

Autoría

PABLO GONZALEZ DE ALEDO MARUGAN

HUUCK, RALF