Counterexample Guided Path Reduction for Static Program Analysis

Fehnker, Ansgar; Huuck, Ralf; Seefried, Sean

doi:10.1007/978-3-642-11512-7_20

Cited by 6 publications

(3 citation statements)

References 12 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Computing the complement of a nondeterministic automaton would involve first creating its deterministic equivalent, which can have exponential size compared with the non-deterministic automaton. We avoid directly constructing the complement of the observer and instead implement the complementation by adding a fairness constraint in the model checker [14]. The fairness constraint in our case forbids that the observer enters state Infeasible.…”

Section: Implementing Observersmentioning

confidence: 99%

See 1 more Smart Citation

SMT-Based False Positive Elimination in Static Program Analysis

Junker

Huuck

Fehnker

et al. 2012

Formal Methods and Software Engineering

Self Cite

View full text Add to dashboard Buy / Rent full text

Abstract. Static program analysis for bug detection in large C/C++ projects typically uses a high-level abstraction of the original program under investigation. As a result, so-called false positives are often inevitable, i.e., warnings that are not true bugs. In this work we present a novel abstraction refinement approach to automatically investigate and eliminate such false positives. Central to our approach is to view static analysis as a model checking problem, to iteratively compute infeasible sub-paths of infeasible paths using SMT solvers, and refine our models by adding observer automata to exclude such paths. Based on this new framework we present an implementation of the approach into the static analyzer Goanna and discuss a number of real-life experiments on larger C code projects, demonstrating that we were able to remove most false positives automatically.

show abstract

Section: Implementing Observersmentioning

confidence: 99%

“…Counter-example based path refinement with observers for static program analysis has been introduced by Fehnker et al [14]. This work was based on using interval abstract interpretation to refute infeasible paths.…”

Section: Related Workmentioning

confidence: 99%

SMT-Based False Positive Elimination in Static Program Analysis

Junker

Huuck

Fehnker

et al. 2012

Formal Methods and Software Engineering

Self Cite

View full text Add to dashboard Buy / Rent full text

show abstract

“…A standard way to add more precision is counter-example guided abstraction refinement (CEGAR), as used in [11,5]. In earlier work [10] we developed a different approach computing a precise least solution of an interval equation system, which is computationally faster, at the expense of some precision. The main idea is to subject counter-examples to an interval abstract interpretation and check for the feasibility of that path.…”

Section: Abstraction Refinementmentioning

confidence: 99%

Model checking dataflow for malicious input

Fehnker

Huuck

Rödiger

2011

Proceedings of the Workshop on Embedded Systems Security

Self Cite

View full text Add to dashboard Buy / Rent full text

Many embedded systems today are no longer isolated control units, but are fully fledged miniature desktops with their own kernel and sometimes operating system networked with the outside world. This opens up a whole new set of security issues previously not known to embedded systems. One example is potentially malicious input that exploits source code weaknesses leading to critical mission failures. In this paper we propose a new automated malicious input detection approach that works on a staged application of traditional tainted dataflow analysis and syntactic software model checking. The advantages of this approach are that tainted data can be tracked from its source to its application point, a precise path through the source code can be computed, speed and precision can be custom-tuned by automated refinement, and the approach is flexible to deal with real-life security threats. We illustrate our approach with a number of analysis examples taken from existing open source C/C++ projects.

show abstract

Counterexample Guided Path Reduction for Static Program Analysis

Cited by 6 publications

References 12 publications

SMT-Based False Positive Elimination in Static Program Analysis

SMT-Based False Positive Elimination in Static Program Analysis

Model checking dataflow for malicious input

Contact Info

Product

Resources

About