Skip to main content
SpringerLink
Log in

A Survey on Static Analysis and Model Checking

  • Conference paper
International Joint Conference SOCO’14-CISIS’14-ICEUTE’14

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 299))

Abstract

The error detection in software is a problem that causes the loss of large amount of money in updates and patches. Many programmers spend their time correcting code instead of programming new features for their applications. This makes early detection of software errors become essential. Both in the fields of static analysis and model checking, great advances are being made to find errors in the software before the products are released. Although model checking techniques are more dedicated to find malware, it can be adapted for errors in the software. In this article we will discuss the techniques used today for the search of patterns and vulnerabilities within the software to know what are the possible solutions to this issue. We examine the problem from the point of view of their algorithms and their effectiveness in finding bugs. Although there are similar surveys, none of them addresses the comparison of best static analysis algorithms against the best mathematical logic languages for model checking, two fields that are becoming very important in the search for errors in software.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alur, R., de Alfaro, L., Henzinger, T.A., Mang, F.Y.C.: Automating Modular Verification. In: Baeten, J.C.M., Mauw, S. (eds.) CONCUR 1999. LNCS, vol. 1664, p. 82. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  2. ARC, http://altarica.labri.fr/wp/?page_id=32 (last accessed February 20, 2014)

  3. Balakrishnan, G., Reps, T.: Analyzing memory accesses in x86 executables. In: Duesterwald, E. (ed.) CC 2004. LNCS, vol. 2985, pp. 5–23. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Balakrishnan, G., Reps, T., Melski, D., Teitelbaum, T.: WYSINWYX: What You See Is Not What You eXecute. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 202–213. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Ben-Ari, M., Pnueli, A., Manna, Z.: The temporal logic of branching time. Acta Informatica 20(3), 207–226 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  6. Christodorescu, M., Jha, S., Seshia, S.A., Song, D., Bryant, R.E.: Semantics-aware malware detection. In: Proc. IEEE Symposium on Security and Privacy, pp. 32–46 (2005)

    Google Scholar 

  7. Christodorescu, M., Jha, S.: Static analysis of executables to detect malicious patterns. Wisconsin Univ-Madison dept of Computer Sciences (2006)

    Google Scholar 

  8. Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logics of Programs. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1982)

    Chapter  Google Scholar 

  9. Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems 8(2), 244 (1986)

    Article  MATH  Google Scholar 

  10. Clarke, E.M., Grumberg, O.: Avoiding the state explosion problem in temporal logic model checking. In: Proceedings of the Sixth Annual ACM Symposium on Principles of Distributed Computing, pp. 294–303. ACM (December 1987)

    Google Scholar 

  11. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Progress on the state explosion problem in model checking. In: Wilhelm, R. (ed.) Informatics: 10 Years Back, 10 Years Ahead. LNCS, vol. 2000, pp. 176–194. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. CodeSurfer, http://www.grammatech.com/research/technologies/codesurfer (last accessed February 20, 2014)

  13. Cousot, P.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN, pp. 238–252 (1977)

    Google Scholar 

  14. Cousot, P., Cousot, R.: Refining Model Checking by Abstract Interpretation. Automated Software Engineering Journal 6(1), 69–95 (1999)

    Article  Google Scholar 

  15. Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of program. Communications of the ACM, 453–457 (1975)

    Google Scholar 

  16. D’Silva, V., Kroening, D., Weissenbacher, G.: A survey of automated techniques for formal software verification. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 27(7), 1165–1178 (2008)

    Article  Google Scholar 

  17. Emerson, E.A., Clarke, E.M.: Characterizing correctness properties of parallel programs using fixpoints. In: de Bakker, J., van Leeuwen, J. (eds.) Automata, Languages and Programming. LNCS, vol. 85, pp. 169–181. Springer, Heidelberg (1980)

    Chapter  Google Scholar 

  18. Emerson, E.A., Halpern, J.Y.: Decisions procedures and expressiveness in the temporal logic of branching time. In: Handbook of Theorical Computer Science, vol. B: Formal models and Semantics. Elsevier (1985)

    Google Scholar 

  19. Emerson, E.A., Halpern, J.Y.: Sometimes and not never revisited: on branching versus linear time temporal logic. Journal of the ACM (JACM) 33(1), 151–178 (1986)

    Article  MATH  MathSciNet  Google Scholar 

  20. Engler, D., Musuvathi, M.: Static analysis versus software model checking for bug finding. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 191–210. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  21. F.L.I.R.T., https://www.hex-rays.com/products/ida/tech/flirt/index.shtml (last accessed February 20, 2014)

  22. Frama-C, http://frama-c.com/ (last accessed February 20, 2014)

  23. Hoare, C.A.R.: An Axiomatic Basis for Computer Programming. Commun. ACM 12 (1969)

    Google Scholar 

  24. Holzman, G.J.: Design and validation of computer protocols. Prentice-Hall (1990)

    Google Scholar 

  25. IDA Pro, https://www.hex-rays.com/products/ida/ (last accessed February 20, 2014)

  26. Java+ITP, http://maude.cs.uiuc.edu/tools/javaitp/ (last accessed February 20, 2014)

  27. Kinder, J., Katzenbeisser, S., Schallhart, C., Veith, H.: Detecting malicious code by model checking. In: Julisch, K., Kruegel, C. (eds.) DIMVA 2005. LNCS, vol. 3548, pp. 174–187. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  28. Konur, S.: A survey on temporal logics. arXiv preprint (2010)

    Google Scholar 

  29. Kozen, D.: Result on the Propositional μ-calculus. Journal of Theoretical Computer Science 27, 333–354 (1983)

    Article  MATH  MathSciNet  Google Scholar 

  30. Leveson, N.: An Investigation of the Therac-25 Accidents. IEEE Computer 26, 18–41 (1993)

    Article  Google Scholar 

  31. Lions, J.L.: ARIANE 5, Flight 501 Failure (1993), http://www.di.unito.it/~damiani/ariane5rep.html (last accessed February 20, 2014)

  32. Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems. Springer (1991)

    Google Scholar 

  33. mCRL2, http://www.mcrl2.org/ (last accessed February 20, 2014)

  34. NuSMV, http://nusmv.fbk.eu/ (last accessed February 20, 2014)

  35. Pnueli, A.: The temporal logic of programs. In: Foundations of Computer Science 18th (1977)

    Google Scholar 

  36. Predator, http://www.fit.vutbr.cz/research/groups/verifit/tools/predator/ (last accessed February 20, 2014)

  37. Queille, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) International Symposium on Programming. LNCS, vol. 137, pp. 337–351. Springer, Heidelberg (1982)

    Chapter  Google Scholar 

  38. Reynolds, J.: Automatic computation of data set definitions. Science (1967)

    Google Scholar 

  39. Song, F., Touili, T.: Efficient malware detection using model-checking. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 418–433. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  40. Song, F., Touili, T.: PoMMaDe: pushdown model-checking for malware detection. In: Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering, pp. 607–610. ACM (August 2013)

    Google Scholar 

  41. SPIN, http://spinroot.com/spin/whatispin.html (last accessed February 20, 2014)

  42. The First Computer Bug, http://www.history.navy.mil/photos/images/h96000/h96566kc.htm (last accessed February 20, 2014)

Download references

Author information

Authors and Affiliations

  1. Deustotech Computing, University of Deusto, Avenida de las Universidades 24, 48007, Bilbao, Spain

    Iván García-Ferreira, Carlos Laorden, Igor Santos & Pablo García Bringas

Authors
  1. Iván García-Ferreira
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Carlos Laorden
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pablo García Bringas
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Iván García-Ferreira .

Editor information

Editors and Affiliations

  1. DeustoTech Computing, University of Deusto, Bilbao, Spain

    José Gaviria de la Puerta

  2. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Iván García Ferreira

  3. DeustoTech Computing, University of Deusto, Bilbao, Spain

    Pablo Garcia Bringas

  4. German Workforce ADL Partnership Laboratory, Waltershausen, Germany

    Fanny Klett

  5. Scientific Network for Innovation and Research Excellence, Machine Intelligence Research Labs (MIR Labs), Washington, USA

    Ajith Abraham

  6. Department of Computer Science, University of Sao Paulo at Sao Carlos, Sao Carlos, Brazil

    André C.P.L.F. de Carvalho

  7. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Álvaro Herrero

  8. Department of Civil Engineering Escuela Politénica Superior, University of Burgos, Burgos, Spain

    Bruno Baruque

  9. Departamento de Enxeñeria Industrial, Escuela Universitaria Politécnica, University of Salamanca, Salamanca, Spain and University of Coruña, La Coruña, Spain

    Héctor Quintián

  10. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

García-Ferreira, I., Laorden, C., Santos, I., Bringas, P.G. (2014). A Survey on Static Analysis and Model Checking. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_44

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07995-0_44

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07994-3

  • Online ISBN: 978-3-319-07995-0

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation