Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities II

(Extended Abstract)
  • George Chatzieleftheriou
  • Apostolos Chatzopoulos
  • Panagiotis Katsaros
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8803)


A large number of tools that automate the process of finding errors in programs has recently emerged in the software development community. Many of them use static analysis as the main method for analyzing and capturing faults in the source code. Static analysis is deployed as an approximation of the programs’ runtime behavior with inherent limitations regarding its ability to detect actual code errors. It belongs to the class of computational problems which are undecidable [2]. For any such analysis, the major issues are: (1) the programming language of the source code where the analysis is applied (2) the type of errors to be detected (3) the effectiveness of the analysis and (4) the efficiency of the analysis.


static analysis software security benchmark tests 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Chatzieleftheriou, G., Katsaros, P.: Test-Driving Static Analysis Tools in Search of C Code vulnerabilities. In: Proc. of the 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops, COMPSACW 2011 (2011)Google Scholar
  2. 2.
    Landi, W.: Undecidability of static analysis. ACM Lett. Program. Lang. Syst. 1(4), 323–337 (1992)CrossRefGoogle Scholar
  3. 3.
    Evans, D., Larochelle, D.: Improving Security Using Extensible Lightweight Static Analysis. IEEE Softw. 19(1), 42–51 (2002)CrossRefGoogle Scholar
  4. 4.
    Holzmann, G.J.: Static source code checking for user-defined properties. In: Proc. IDPT, vol. 2 (2002)Google Scholar
  5. 5.
    Cppcheck - A Tool for static C/C++ static code analysis, http://sourceforge.net/apps/mediawiki/cppcheck
  6. 6.
    Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: A software analysis perspective. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Parasoft C++ Test, http://www.parasoft.com/
  8. 8.
    One, A.: Smashing the stack for fun and profit. Phrack Magazine 7(49), 14–16 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • George Chatzieleftheriou
    • 1
  • Apostolos Chatzopoulos
    • 1
  • Panagiotis Katsaros
    • 1
  1. 1.Department of InformaticsAristotle University of ThessalonikiThessalonikiGreece

Personalised recommendations