STANSE: Bug-Finding Framework for C Programs

Obdrž, Jan; Ji,; Slabý, í; Trtík, Marek

doi:10.1007/978-3-642-25929-6_16

Cited by 3 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It implements an interprocedural dataflow algorithm based on [32] for error detection and an abstract simulation pruning algorithm for false positives suppression. Stanse [29], a static analysis tool also uses state machines for description of checked program properties. The description is based on parametrised abstract syntax trees.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Symbiotic: Synergy of Instrumentation, Slicing, and Symbolic Execution

Slaby

Strejček

Trtík

2013

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

We introduce a novel technique for finding real errors in programs. The technique is based on a synergy of three well-known methods: metacompilation, slicing, and symbolic execution. More precisely, we instrument a given program with a code that tracks runs of state machines representing various kinds of errors. Next we slice the program to reduce its size without affecting runs of state machines. And then we symbolically execute the sliced program. Depending on the kind of symbolic execution, the technique can be applied as a stand-alone bug finding technique, or to weed out some false positives from an output of another bug-finding tool. We provide several examples demonstrating the practical applicability of our technique.

show abstract

Section: Related Workmentioning

confidence: 99%

“…Metacompilation employs a dedicated language for description of state machines called Metal. The idea of error specification using state machines appears in several tools including the original implementation of metacompilation called xgcc [26], Esp [11] or Stanse [29].…”

Section: ö øùöò Dst ;mentioning

confidence: 99%

Symbiotic: Synergy of Instrumentation, Slicing, and Symbolic Execution

Slaby

Strejček

Trtík

2013

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…It implements an interprocedural dataflow algorithm based on [29] for error detection and an abstract simulation pruning algorithm for false positives suppression. Stanse [27], a static analysis tool also uses state machines for description of checked program properties. The description is based on parametrised abstract syntax trees.…”

Section: Related Workmentioning

confidence: 99%

“…This formalism is simple and still flexible enough to describe many often studied program properties including locking policy in concurrent programs, null-pointer dereferences, resource allocations, and resource leaks. FSM specification is therefore used in many static program analysis tools like xgcc [24], SLAM [4], SDV [3], Blast [5], ESP [14], or Stanse [27]. All the mentioned tools produce false positives, i.e.…”

Section: Introductionmentioning

confidence: 99%

Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution

Slaby

Strejček

Trtík

2012

Formal Methods for Industrial Critical Systems

Self Cite

View full text Add to dashboard Cite

Abstract. We introduce a novel technique for checking properties described by finite state machines. The technique is based on a synergy of three well-known methods: instrumentation, program slicing, and symbolic execution. More precisely, we instrument a given program with a code that tracks runs of state machines representing various properties. Next we slice the program to reduce its size without affecting runs of state machines. And then we symbolically execute the sliced program to find real violations of the checked properties, i.e. real bugs. Depending on the kind of symbolic execution, the technique can be applied as a stand-alone bug finding technique, or to weed out some false positives from an output of another bug-finding tool. We provide several examples demonstrating the practical applicability of our technique.

show abstract