Skip to main content
SpringerLink
Log in
Book cover

International Symposium On Leveraging Applications of Formal Methods, Verification and Validation

ISoLA 2014: Leveraging Applications of Formal Methods, Verification and Validation. Specialized Techniques and Applications pp 486–488Cite as

Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities II

(Extended Abstract)

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8803))

Abstract

A large number of tools that automate the process of finding errors in programs has recently emerged in the software development community. Many of them use static analysis as the main method for analyzing and capturing faults in the source code. Static analysis is deployed as an approximation of the programs’ runtime behavior with inherent limitations regarding its ability to detect actual code errors. It belongs to the class of computational problems which are undecidable [2]. For any such analysis, the major issues are: (1) the programming language of the source code where the analysis is applied (2) the type of errors to be detected (3) the effectiveness of the analysis and (4) the efficiency of the analysis.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Chatzieleftheriou, G., Katsaros, P.: Test-Driving Static Analysis Tools in Search of C Code vulnerabilities. In: Proc. of the 2011 IEEE 35th Annual Computer Software and Applications Conference Workshops, COMPSACW 2011 (2011)

    Google Scholar 

  2. Landi, W.: Undecidability of static analysis. ACM Lett. Program. Lang. Syst. 1(4), 323–337 (1992)

    Article  Google Scholar 

  3. Evans, D., Larochelle, D.: Improving Security Using Extensible Lightweight Static Analysis. IEEE Softw. 19(1), 42–51 (2002)

    Article  Google Scholar 

  4. Holzmann, G.J.: Static source code checking for user-defined properties. In: Proc. IDPT, vol. 2 (2002)

    Google Scholar 

  5. Cppcheck - A Tool for static C/C++ static code analysis, http://sourceforge.net/apps/mediawiki/cppcheck

  6. Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: A software analysis perspective. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  7. Parasoft C++ Test, http://www.parasoft.com/

  8. One, A.: Smashing the stack for fun and profit. Phrack Magazine 7(49), 14–16 (1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Informatics, Aristotle University of Thessaloniki, 54124, Thessaloniki, Greece

    George Chatzieleftheriou, Apostolos Chatzopoulos & Panagiotis Katsaros

Authors
  1. George Chatzieleftheriou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Apostolos Chatzopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Panagiotis Katsaros
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Limerick, Ireland

    Tiziana Margaria

  2. TU Dortmund, Germany

    Bernhard Steffen

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chatzieleftheriou, G., Chatzopoulos, A., Katsaros, P. (2014). Test-Driving Static Analysis Tools in Search of C Code Vulnerabilities II. In: Margaria, T., Steffen, B. (eds) Leveraging Applications of Formal Methods, Verification and Validation. Specialized Techniques and Applications. ISoLA 2014. Lecture Notes in Computer Science, vol 8803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45231-8_39

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-45231-8_39

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-45230-1

  • Online ISBN: 978-3-662-45231-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation