skip to main content
10.1145/1953355.1953368acmotherconferencesArticle/Chapter ViewAbstractPublication PagesisecConference Proceedingsconference-collections
short-paper

Static program analysis of large embedded code base: an experience

Published: 24 February 2011 Publication History

Abstract

Static program analysis is widely used in property checking of software systems, especially safety and mission critical embedded systems. Most of these efforts check for violation of only standard properties such as array index out of bound, overflow/underflow and so on. However, our studies have shown that checking for these standard properties only captures less than 10% of all the defects detectable through static analysis. The remaining defects can be detected by checking for domain specific (custom) properties. We have applied two static analysis tools (TCS Embedded Code Analyzer and Saturn), varying in their analysis techniques, over a large embedded code base to check for a particular custom property. The code base consisted of 10 million lines of code (LOC) and belonged to the automotive domain. The custom property (semaphore consistency) to be verified was chosen after a detailed causal analysis of the history of various defects encountered in the code base. Here, we present our experience with this effort -- key problems encountered, solutions provided and results obtained. Our experience shows that static analysis of very large code bases is practically feasible and is a value-add in software quality assurance.

References

[1]
Y. Xie and A. Aiken, May 2007, Saturn: A Scalable Framework for Error Detection using Boolean Satisfiability. ACM Transactions on Programming Languages and Systems, Vol. 29, No. 3, Article 16
[2]
http://www.coverity.com/products/static-analysis-defects-found.html
[3]
Al Bessey, Ken Block, Ben Chelf, Andy Chou, Bryan Fulton, Seth Hallem, Charles Henri-Gros, Asya Kamsky, Scott McPeak and Dawson Engler, February 2010, A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World. Communications of the ACM, Volume 53, Issue 2.
[4]
http://www.mathworks.com/products/polyspaceclientc/description3.html
[5]
http://www.klocwork.com/products/insight/klocwork-truepath/
[6]
http://www.parasoft.com/jsp/products/cpptest.jsp?itemId=47#data_flow_analysis
[7]
http://www.grammatech.com/products/codesonar/smashproof_analysis.html
[8]
http://splint.org/
[9]
http://www.astree.ens.fr/
[10]
http://mtc.epfl.ch/software-tools/blast/index-epfl.php
[11]
Greta Yorsh, Eran Yahav, Satish Chandra, January 7--12, 2008, Generating Precise and Concise Procedure Summaries, POPL '08, San Francisco, California, USA.
[12]
http://www.tcs.com/resources/brochures/Pages/TCS_Embedded_Code_Analyzer.aspx

Cited By

View all
  • (2024)Fast and Precise Interval Analysis on Industry code2024 IEEE 35th International Symposium on Software Reliability Engineering Workshops (ISSREW)10.1109/ISSREW63542.2024.00049(67-72)Online publication date: 28-Oct-2024
  • (2024)Learning Strategies Using Boolean Program Metrics to Verify Industrial Code2024 IEEE International Conference on Software Maintenance and Evolution (ICSME)10.1109/ICSME58944.2024.00076(719-729)Online publication date: 6-Oct-2024
  • (2023)VeriFuzz 1.4: Checking for (Non-)termination (Competition Contribution)Tools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-30820-8_42(594-599)Online publication date: 22-Apr-2023
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ISEC '11: Proceedings of the 4th India Software Engineering Conference
February 2011
229 pages
ISBN:9781450305594
DOI:10.1145/1953355
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

  • Computer Society of India: Computer Society of India

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 February 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. embedded application
  2. large code base
  3. precision
  4. static program analysis

Qualifiers

  • Short-paper

Conference

ISEC '11
Sponsor:
  • Computer Society of India
ISEC '11: Indian Software Engineering Conference
February 24 - 27, 2011
Kerala, Thiruvananthapuram, India

Acceptance Rates

Overall Acceptance Rate 76 of 315 submissions, 24%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)21
  • Downloads (Last 6 weeks)3
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Fast and Precise Interval Analysis on Industry code2024 IEEE 35th International Symposium on Software Reliability Engineering Workshops (ISSREW)10.1109/ISSREW63542.2024.00049(67-72)Online publication date: 28-Oct-2024
  • (2024)Learning Strategies Using Boolean Program Metrics to Verify Industrial Code2024 IEEE International Conference on Software Maintenance and Evolution (ICSME)10.1109/ICSME58944.2024.00076(719-729)Online publication date: 6-Oct-2024
  • (2023)VeriFuzz 1.4: Checking for (Non-)termination (Competition Contribution)Tools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-30820-8_42(594-599)Online publication date: 22-Apr-2023
  • (2023)VeriAbsL: Scalable Verification by Abstraction and Strategy Prediction (Competition Contribution)Tools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-30820-8_41(588-593)Online publication date: 22-Apr-2023
  • (2022)Program Transformations for Precise Analysis of Enterprise Information Systems2022 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER)10.1109/SANER53432.2022.00020(68-72)Online publication date: Mar-2022
  • (2022)VeriFuzz: Good Seeds for Fuzzing (Competition Contribution)Fundamental Approaches to Software Engineering10.1007/978-3-030-99429-7_20(341-346)Online publication date: 29-Mar-2022
  • (2021)VeriAbs: A Tool for Scalable Verification by Abstraction (Competition Contribution)Tools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-72013-1_32(458-462)Online publication date: 23-Mar-2021
  • (2020)Techniques for Efficient Automated Elimination of False Positives2020 IEEE 20th International Working Conference on Source Code Analysis and Manipulation (SCAM)10.1109/SCAM51674.2020.00035(259-263)Online publication date: Sep-2020
  • (2020)VeriAbs : Verification by Abstraction and Test Generation (Competition Contribution)Tools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-030-45237-7_25(383-387)Online publication date: 17-Apr-2020
  • (2020)Difficult XSS Code Patterns for Static Code Analysis ToolsComputer Security10.1007/978-3-030-42051-2_9(123-139)Online publication date: 21-Feb-2020
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media