Saturn: A SAT-Based Tool for Bug Detection

Saturn is a boolean satisfiability (SAT) based framework for static bug detection. It targets software written in C and is designed to support a wide range of property checkers. The goal of the Saturn project is to realize SAT’s potential for precise checking on very large software systems. Intraprocedurally, Saturn uses a bit-level representation to faithfully model common program constructs. Interprocedurally, it employs a summary-based modular analysis to infer and simulate function behavior. In practice, this design provides great precision where needed, while maintaining observed linear scaling behavior to arbitrarily large software code bases. We have demonstrated the effectiveness of our approach by building a lock analyzer for Linux, which found hundreds of previously unknown errors with a lower false positive rate than previous efforts [16]. The rest of the paper is organized as follows. Section 2 gives an overview of the Saturn analysis framework. Section 3 describes the modeling of common program constructs in Saturn. Section 4 describes the lock checker for Linux. We discuss related work in Section 5 and our conclusions in Section 6.