Skip to main content

Testing Static Analyzers with Randomly Generated Programs

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNPSE,volume 7226)

Abstract

Static analyzers should be correct. We used the random C-program generator Csmith, initially intended to test C compilers, to test parts of the Frama-C static analysis platform. Although Frama-C was already relatively mature at that point, fifty bugs were found and fixed during the process, in the front-end (AST elaboration and type-checking) and in the value analysis, constant propagation and slicing plug-ins. Several bugs were also found in Csmith, even though it had been extensively tested and had been used to find numerous bugs in compilers.

Keywords

  • Formal Method
  • Interpreter Mode
  • Manual Reduction
  • Singleton State
  • Abstract Interpreter

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Part of this work has been conducted during the ANR-funded U3CAT project.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Brummayer, R., Biere, A.: Fuzzing and delta-debugging SMT solvers. In: Proceedings of the 7th International Workshop on Satisfiability Modulo Theories, SMT 2009. ACM, New York (2009)

    Google Scholar 

  2. Cachera, D., Pichardie, D.: Comparing Techniques for Certified Static Analysis. In: The NASA Formal Methods Symposium, NFM (2009)

    Google Scholar 

  3. Delmas, D., Cuoq, P., Moya Lamiel, V., Duprat, S.: Fan-C, a Frama-C plug-in for data flow verification. In: ERTS2 (to appear, 2012)

    Google Scholar 

  4. Delseny, H.: Formal Methods for Avionics Software Verification. Open-DO Conference, presentation (2010), http://www.open-do.org/2010/04/28/formal-versus-agile-survival-of-the-fittest-herve-delseny/

  5. International Organization for Standardization: ISO/IEC 9899:TC3: Programming Languages—C (2007), http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf

  6. McKeeman, W.M.: Differential testing for software. Digital Technical Journal 10(1), 100–107 (1998)

    Google Scholar 

  7. Pariente, D., Ledinot, E.: Formal Verification of Industrial C Code using Frama-C: a Case Study. In: FoVeOOS (2010)

    Google Scholar 

  8. Woodcock, J., Larsen, P.G., Bicarregui, J., Fitzgerald, J.S.: Formal methods: Practice and experience. ACM Computing Surveys 41(4) (2009)

    Google Scholar 

  9. Yang, X., Chen, Y., Eide, E., Regehr, J.: Finding and understanding bugs in C compilers. In: PLDI, San Jose, CA, USA (June 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cuoq, P. et al. (2012). Testing Static Analyzers with Randomly Generated Programs. In: Goodloe, A.E., Person, S. (eds) NASA Formal Methods. NFM 2012. Lecture Notes in Computer Science, vol 7226. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28891-3_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28891-3_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28890-6

  • Online ISBN: 978-3-642-28891-3

  • eBook Packages: Computer ScienceComputer Science (R0)