An approach to static-dynamic software analysis

Pablo Gonzalez-de-Aledo; Pablo Sanchez; Ralf Huuck

doi:10.1007/978-3-319-29510-7_13

An approach to static-dynamic software analysis

Pablo Gonzalez-de-Aledo^*, Pablo Sanchez, Ralf Huuck

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

3 Citations (Scopus)

Abstract

Safety-critical software in industry is typically subjected to both dynamic testing as well as static program analysis. However, while testing is expensive to scale, static analysis is prone to false positives and/or false negatives. In this work we propose a solution based on a combination of static analysis to zoom into potential bug candidates in large code bases and symbolic execution to confirm these bugs and create concrete witnesses. Our proposed approach is intended to maintain scalability while improving precision and as such remedy the shortcomings of each individual solution. Moreover, we developed the SEEKFAULT tool that creates local symbolic execution targets from static analysis bug candidates and evaluate its effectiveness on the SV-COMP loop benchmarks. We show that a conservative tuning can achieve a 98% detecting rate in that benchmark while at the same time reducing false positive rates by around 50% compared to a singular static analysis approach.

Original language	English
Title of host publication	Formal techniques for safety-critical systems
Subtitle of host publication	4th International Workshop, FTSCS 2015 Paris, France, November 6-7, 2015 revised selected papers
Editors	Cyrille Artho, Peter Csaba Ölveczky
Place of Publication	Swizerland
Publisher	Springer, Springer Nature
Pages	225-240
Number of pages	16
ISBN (Electronic)	9783319295107
ISBN (Print)	9783319295091
DOIs	https://doi.org/10.1007/978-3-319-29510-7_13
Publication status	Published - 2016
Externally published	Yes
Event	4th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2015 - Paris, France Duration: 6 Nov 2015 → 7 Nov 2015

Publication series

Name	Communications in Computer and Information Science
Volume	596
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Other

Other	4th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2015
Country/Territory	France
City	Paris
Period	6/11/15 → 7/11/15

Access to Document

10.1007/978-3-319-29510-7_13

Cite this

Gonzalez-de-Aledo, P., Sanchez, P., & Huuck, R. (2016). An approach to static-dynamic software analysis. In C. Artho, & P. C. Ölveczky (Eds.), Formal techniques for safety-critical systems: 4th International Workshop, FTSCS 2015 Paris, France, November 6-7, 2015 revised selected papers (pp. 225-240). (Communications in Computer and Information Science; Vol. 596). Springer, Springer Nature. https://doi.org/10.1007/978-3-319-29510-7_13

Gonzalez-de-Aledo, Pablo ; Sanchez, Pablo ; Huuck, Ralf. / An approach to static-dynamic software analysis. Formal techniques for safety-critical systems: 4th International Workshop, FTSCS 2015 Paris, France, November 6-7, 2015 revised selected papers. editor / Cyrille Artho ; Peter Csaba Ölveczky. Swizerland : Springer, Springer Nature, 2016. pp. 225-240 (Communications in Computer and Information Science).

@inproceedings{bedbbef5a9224a71b690d5014e5f9808,

title = "An approach to static-dynamic software analysis",

abstract = "Safety-critical software in industry is typically subjected to both dynamic testing as well as static program analysis. However, while testing is expensive to scale, static analysis is prone to false positives and/or false negatives. In this work we propose a solution based on a combination of static analysis to zoom into potential bug candidates in large code bases and symbolic execution to confirm these bugs and create concrete witnesses. Our proposed approach is intended to maintain scalability while improving precision and as such remedy the shortcomings of each individual solution. Moreover, we developed the SEEKFAULT tool that creates local symbolic execution targets from static analysis bug candidates and evaluate its effectiveness on the SV-COMP loop benchmarks. We show that a conservative tuning can achieve a 98% detecting rate in that benchmark while at the same time reducing false positive rates by around 50% compared to a singular static analysis approach.",

author = "Pablo Gonzalez-de-Aledo and Pablo Sanchez and Ralf Huuck",

year = "2016",

doi = "10.1007/978-3-319-29510-7_13",

language = "English",

isbn = "9783319295091",

series = "Communications in Computer and Information Science",

publisher = "Springer, Springer Nature",

pages = "225--240",

editor = "Cyrille Artho and {\"O}lveczky, {Peter Csaba}",

booktitle = "Formal techniques for safety-critical systems",

address = "United States",

note = "4th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2015 ; Conference date: 06-11-2015 Through 07-11-2015",

}

Gonzalez-de-Aledo, P, Sanchez, P & Huuck, R 2016, An approach to static-dynamic software analysis. in C Artho & PC Ölveczky (eds), Formal techniques for safety-critical systems: 4th International Workshop, FTSCS 2015 Paris, France, November 6-7, 2015 revised selected papers. Communications in Computer and Information Science, vol. 596, Springer, Springer Nature, Swizerland , pp. 225-240, 4th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2015, Paris, France, 6/11/15. https://doi.org/10.1007/978-3-319-29510-7_13

An approach to static-dynamic software analysis. / Gonzalez-de-Aledo, Pablo; Sanchez, Pablo; Huuck, Ralf.

Formal techniques for safety-critical systems: 4th International Workshop, FTSCS 2015 Paris, France, November 6-7, 2015 revised selected papers. ed. / Cyrille Artho; Peter Csaba Ölveczky. Swizerland : Springer, Springer Nature, 2016. p. 225-240 (Communications in Computer and Information Science; Vol. 596).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - An approach to static-dynamic software analysis

AU - Gonzalez-de-Aledo, Pablo

AU - Sanchez, Pablo

AU - Huuck, Ralf

PY - 2016

Y1 - 2016

N2 - Safety-critical software in industry is typically subjected to both dynamic testing as well as static program analysis. However, while testing is expensive to scale, static analysis is prone to false positives and/or false negatives. In this work we propose a solution based on a combination of static analysis to zoom into potential bug candidates in large code bases and symbolic execution to confirm these bugs and create concrete witnesses. Our proposed approach is intended to maintain scalability while improving precision and as such remedy the shortcomings of each individual solution. Moreover, we developed the SEEKFAULT tool that creates local symbolic execution targets from static analysis bug candidates and evaluate its effectiveness on the SV-COMP loop benchmarks. We show that a conservative tuning can achieve a 98% detecting rate in that benchmark while at the same time reducing false positive rates by around 50% compared to a singular static analysis approach.

AB - Safety-critical software in industry is typically subjected to both dynamic testing as well as static program analysis. However, while testing is expensive to scale, static analysis is prone to false positives and/or false negatives. In this work we propose a solution based on a combination of static analysis to zoom into potential bug candidates in large code bases and symbolic execution to confirm these bugs and create concrete witnesses. Our proposed approach is intended to maintain scalability while improving precision and as such remedy the shortcomings of each individual solution. Moreover, we developed the SEEKFAULT tool that creates local symbolic execution targets from static analysis bug candidates and evaluate its effectiveness on the SV-COMP loop benchmarks. We show that a conservative tuning can achieve a 98% detecting rate in that benchmark while at the same time reducing false positive rates by around 50% compared to a singular static analysis approach.

UR - http://www.scopus.com/inward/record.url?scp=84959018631&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-29510-7_13

DO - 10.1007/978-3-319-29510-7_13

M3 - Conference proceeding contribution

AN - SCOPUS:84959018631

SN - 9783319295091

T3 - Communications in Computer and Information Science

SP - 225

EP - 240

BT - Formal techniques for safety-critical systems

A2 - Artho, Cyrille

A2 - Ölveczky, Peter Csaba

PB - Springer, Springer Nature

CY - Swizerland

T2 - 4th International Workshop on Formal Techniques for Safety-Critical Systems, FTSCS 2015

Y2 - 6 November 2015 through 7 November 2015

ER -

Gonzalez-de-Aledo P, Sanchez P, Huuck R. An approach to static-dynamic software analysis. In Artho C, Ölveczky PC, editors, Formal techniques for safety-critical systems: 4th International Workshop, FTSCS 2015 Paris, France, November 6-7, 2015 revised selected papers. Swizerland : Springer, Springer Nature. 2016. p. 225-240. (Communications in Computer and Information Science). https://doi.org/10.1007/978-3-319-29510-7_13

An approach to static-dynamic software analysis

Abstract

Publication series

Other

Access to Document

Other files and links

Fingerprint

Cite this