An approach to static-dynamic software analysis

Pablo Gonzalez-de-Aledo*, Pablo Sanchez, Ralf Huuck

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

3 Citations (Scopus)

Abstract

Safety-critical software in industry is typically subjected to both dynamic testing as well as static program analysis. However, while testing is expensive to scale, static analysis is prone to false positives and/or false negatives. In this work we propose a solution based on a combination of static analysis to zoom into potential bug candidates in large code bases and symbolic execution to confirm these bugs and create concrete witnesses. Our proposed approach is intended to maintain scalability while improving precision and as such remedy the shortcomings of each individual solution. Moreover, we developed the SEEKFAULT tool that creates local symbolic execution targets from static analysis bug candidates and evaluate its effectiveness on the SV-COMP loop benchmarks. We show that a conservative tuning can achieve a 98% detecting rate in that benchmark while at the same time reducing false positive rates by around 50% compared to a singular static analysis approach.

Original languageEnglish
Title of host publicationFormal techniques for safety-critical systems
Subtitle of host publication4th International Workshop, FTSCS 2015 Paris, France, November 6-7, 2015 revised selected papers
EditorsCyrille Artho, Peter Csaba Ölveczky
Place of PublicationSwizerland
PublisherSpringer, Springer Nature
Pages225-240
Number of pages16
ISBN (Electronic)9783319295107
ISBN (Print)9783319295091
DOIs
Publication statusPublished - 2016
Externally publishedYes
Event4th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2015 - Paris, France
Duration: 6 Nov 20157 Nov 2015

Publication series

NameCommunications in Computer and Information Science
Volume596
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Other

Other4th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2015
CountryFrance
CityParis
Period6/11/157/11/15

Fingerprint

Dive into the research topics of 'An approach to static-dynamic software analysis'. Together they form a unique fingerprint.

Cite this