Abstract
A large number of tools that automate the process of finding errors in programs has recently emerged in the software development community. Many of them use static analysis as the main method for analyzing and capturing faults in the source code. Static analysis is deployed as an approximation of the programs’ runtime behavior with inherent limitations regarding its ability to detect actual code errors. It belongs to the class of computational problems which are undecidable [2]. For any such analysis, the major issues are: (1) the programming language of the source code where the analysis is applied (2) the type of errors to be detected (3) the effectiveness of the analysis and (4) the efficiency of the analysis.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Chatzieleftheriou, G., Katsaros, P.: Test-Driving Static Analysis Tools in Search of C Code vulnerabilities. In: Proc. of the 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops, COMPSACW 2011 (2011)
Landi, W.: Undecidability of static analysis. ACM Lett. Program. Lang. Syst. 1(4), 323–337 (1992)
Evans, D., Larochelle, D.: Improving Security Using Extensible Lightweight Static Analysis. IEEE Softw. 19(1), 42–51 (2002)
Holzmann, G.J.: Static source code checking for user-defined properties. In: Proc. IDPT, vol. 2 (2002)
Cppcheck - A Tool for static C/C++ static code analysis, http://sourceforge.net/apps/mediawiki/cppcheck
Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: A software analysis perspective. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012)
Parasoft C++ Test, http://www.parasoft.com/
One, A.: Smashing the stack for fun and profit. Phrack Magazine 7(49), 14–16 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chatzieleftheriou, G., Chatzopoulos, A., Katsaros, P. (2014). Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities II. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. Specialized Techniques and Applications. ISoLA 2014. Lecture Notes in Computer Science, vol 8803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45231-8_39
Download citation
DOI: https://doi.org/10.1007/978-3-662-45231-8_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45230-1
Online ISBN: 978-3-662-45231-8
eBook Packages: Computer ScienceComputer Science (R0)