Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities II
A large number of tools that automate the process of finding errors in programs has recently emerged in the software development community. Many of them use static analysis as the main method for analyzing and capturing faults in the source code. Static analysis is deployed as an approximation of the programs’ runtime behavior with inherent limitations regarding its ability to detect actual code errors. It belongs to the class of computational problems which are undecidable . For any such analysis, the major issues are: (1) the programming language of the source code where the analysis is applied (2) the type of errors to be detected (3) the effectiveness of the analysis and (4) the efficiency of the analysis.
Keywordsstatic analysis software security benchmark tests
Unable to display preview. Download preview PDF.
- 1.Chatzieleftheriou, G., Katsaros, P.: Test-Driving Static Analysis Tools in Search of C Code vulnerabilities. In: Proc. of the 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops, COMPSACW 2011 (2011)Google Scholar
- 4.Holzmann, G.J.: Static source code checking for user-defined properties. In: Proc. IDPT, vol. 2 (2002)Google Scholar
- 5.Cppcheck - A Tool for static C/C++ static code analysis, http://sourceforge.net/apps/mediawiki/cppcheck
- 7.Parasoft C++ Test, http://www.parasoft.com/
- 8.One, A.: Smashing the stack for fun and profit. Phrack Magazine 7(49), 14–16 (1996)Google Scholar