Abstract
The software analysis community has made a lot of progress in creating software tools for detecting defects and performing proofs of shallow properties of programs. We are witnessing the birth of a virtuous cycle between software tools and their consumers and I, for one, am very excited about this. We understand much better how to engineer program analyses to scale to large code bases and deal with the difficult problem of false errors and reducing their number. We understand better the tradeoffs in sound vs. unsound analyses. The software tools developed and applied over the last eight years have had impact. This list of tools includes Blast [HJMS02], CCured [NMW02], CQual [FTA02], ESC/Java [FLL + 02], ESP [DLS02], Feaver [Hol00], MAGIC [CCG + 04], MC [HCXE02], MOPS [CDW04], Prefast [LBD+04], Prefix [BPS00], SLAM [BR01], Splint [EL02] and Verisoft [God97], to name a few.
This bottom-up approach to improving code quality will continue to be successful because it deals with a concrete artifact (programs) that people produce, has great economic impact and longevity. Furthermore, because many of the tools listed above are specification-based, they are easy to extend to new classes of bugs. Finally, a lot of the science to support the development of these tools has been done; there is now before us a long road of engineering to make these tools truly useful and useable by a wide audience.
Chapter PDF
References
Bush, W.R., Pincus, J.D., Sielaff, D.J.: A static analyzer for finding dynamic programming errors. Software-Practice and Experience 30(7), 775–802 (2000)
Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, Springer, Heidelberg (2001)
Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. TSE: Transactions on Software Engineering 30(6), 388–402 (2004)
Chen, H., Dean, D., Wagner, D.: Model checking one million lines of C code. In: NDSS: Network and Distributed System Security Symposium, pp. 171–185 (2004)
Das, M., Lerner, S., Seigle, M.: ESP: path-sensitive program verifica-tion in polynomial time. In: PLDI 2002: Programming language design and implementation, pp. 57–68. ACM, New York (2002)
Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Software 19(1), 42–51 (2002)
Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for java. In: PLDI 2002: Programming Language Design and Implementation, pp. 234–245. ACM, New York (2002)
Foster, J.S., Terauchi, T., Aiken, A.: Flow-sensitive type qualifiers. In: PLDI 2002: Programming language design and implementation, pp. 1–12. ACM, New York (2002)
Godefroid, P.: Model checking for programming languages using Verisoft. In: POPL 1997: Principles of Programming Languages, pp. 174–186. ACM, New York (1997)
Hallem, S., Chelf, B., Xie, Y., Engler, D.: Asystem and language for building system-specific, static analyses. In: PLDI 2002: Programming Lan-guage Design and Implementation, pp. 69–82. ACM, New York (2002)
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: POPL 2002, pp. 58–70. ACM Press, New York (2002)
Hunt, G.C., Larus, J.R.: Singularity design motivation. Technical Report MSR-TR-2004-105, Microsoft Research (December 2004)
Holzmann, G.J.: Logic verification of ANSI-C code with Spin. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 131–147. Springer, Heidelberg (2000)
Larus, J.R., Ball, T., Das, M., DeLine, R., Fahndrich, M., Pincus, J., Ra-jamani, S.K., Venkatapathy, R.: Righting software. IEEE Software 21(3), 92–100 (2004)
Necula, G., McPeak, S., Weimer, W.: CCured: Type-safe retrofitting of legacy code. In: POPL 2002, pp. 128–139. ACM, New York (2002)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Ball, T. (2008). The Verified Software Challenge: A Call for a Holistic Approach to Reliability. In: Meyer, B., Woodcock, J. (eds) Verified Software: Theories, Tools, Experiments. VSTTE 2005. Lecture Notes in Computer Science, vol 4171. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69149-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-69149-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69147-1
Online ISBN: 978-3-540-69149-5
eBook Packages: Computer ScienceComputer Science (R0)