GoannaSMT – A Static Analyzer with SMT-based Refinement
نویسندگان
چکیده
We present an industrial strength static analysis tool for automated bug detection in C/C++ source code called GoannaSMT. The underlying technology of GoannaSMT is an automata-based approach to static analysis, where high-level syntactic source code abstractions are subjected to a custom-built explicit state model checker. Resulting error traces are then subjected to an SMT solver in a path-refinement loop for closer inspection of their feasibility. As a result GoannaSMT is highly precise while at the same time scaling to millions of lines of code. We present the core technology, architecture, and experiences.
منابع مشابه
SMT-Based False Positive Elimination in Static Program Analysis
Static program analysis for bug detection in large C/C++ projects typically uses a high-level abstraction of the original program under investigation. As a result, so-called false positives are often inevitable, i.e., warnings that are not true bugs. In this work we present a novel abstraction refinement approach to automatically investigate and eliminate such false positives. Central to our ap...
متن کاملComputing All Implied Equalities via SMT-Based Partition Refinement
Consequence finding is used in many applications of deduction. This paper develops and evaluates a suite of optimized SMT-based algorithms for computing equality consequences over arbitrary formulas and theories supported by SMT solvers. It is inspired by an application in the SLAYER analyzer, where our new algorithms are commonly 10–100x faster than simpler algorithms. The main idea is to incr...
متن کاملRefinement types in Jolie
Jolie is the first language for microservices and it is currently dynamically type checked. This paper considers the opportunity to integrate dynamic and static type checking with the introduction of refinement types, verified via SMT solver. The integration of the two aspects allows a scenario where the static verification of internal services and the dynamic verification of (potentially malic...
متن کاملSMT-Based and Disjunctive Relational Abstract Domains for Static Analysis
Abstract Interpretation is a theory of sound approximation of program semantics. In recent decades, it has been widely and successfully applied to the static analysis of computer programs. In this thesis, we will work on abstract domains, one of the key concepts in abstract interpretation, which aim at automatically collecting information about the set of all possible values of the program vari...
متن کاملTrace Partitioning in Abstract Interpretation Based Static Analyzers
When designing a tractable static analysis, one usually needs to approximate the trace semantics. This paper proposes a systematic way of regaining some knowledge about the traces by performing the abstraction over a partition of the set of traces instead of the set itself. This systematic refinement is not only theoretical but tractable: we give automatic procedures to build pertinent partitio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012