Model checking driven static analysis for the real world: designing and tuning large scale bug detection

Ansgar Fehnker, Ralf Huuck*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)


Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.
Original languageEnglish
Pages (from-to)45-56
Number of pages12
JournalInnovations in Systems and Software Engineering
Issue number1
Publication statusPublished - Mar 2013
Externally publishedYes


  • Model checking
  • Static analysis
  • C/C++
  • Goanna tool
  • False positive tuning
  • Case study
  • Firefox


Dive into the research topics of 'Model checking driven static analysis for the real world: designing and tuning large scale bug detection'. Together they form a unique fingerprint.

Cite this