High performance static analysis for industry

Mark Bradley*, Franck Cassez, Ansgar Fehnker, Thomas Given-Wilson, Ralf Huuck

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

10 Citations (Scopus)
27 Downloads (Pure)

Abstract

Static source code analysis for software bug detection has come a long way since its early beginnings as a compiler technology. However, with the introduction of more sophisticated algorithmic techniques, such as model checking and constraint solving, questions about performance are a major concern. In this work we present an empirical study of our industrial strength source code analysis tool Goanna that uses a model checking core for static analysis of C/C++ code. We present the core technology and abstraction mechanism with a focus on performance, as guided by experience from having analyzed millions of lines of code. In particular, we present results from our recent study within the NIST/DHS SAMATE program. The results show that, maybe surprisingly, formal verification techniques can be used successfully in practical industry applications scaling roughly linearly, even for millions of lines of code. Crown

Original languageEnglish
Pages (from-to)3-14
Number of pages12
JournalElectronic Notes in Theoretical Computer Science
Volume289
DOIs
Publication statusPublished - 6 Dec 2012
Externally publishedYes

Bibliographical note

Copyright the Author(s) 2012. Version archived for private and non-commercial use with the permission of the author/s and according to publisher conditions. For further rights please contact the publisher.

Keywords

  • C/C++
  • model checking
  • SAMATE
  • static analysis
  • tools
  • Validation
  • verification

Fingerprint

Dive into the research topics of 'High performance static analysis for industry'. Together they form a unique fingerprint.

Cite this