research-article

Canalyze: a static bug-finding tool for C programs

Authors:

Zhenbo Xu,

Jian Zhang,

Zhongxing Xu,

Jiteng WangAuthors Info & Claims

ISSTA 2014: Proceedings of the 2014 International Symposium on Software Testing and Analysis

Pages 425 - 428

https://doi.org/10.1145/2610384.2628050

Published: 21 July 2014 Publication History

Get Access

Abstract

Symbolic analysis is a commonly used approach for static bug finding. It usually performs a precise path-by-path symbolic simulation from program inputs. A major challenge is its scalability and precision on interprocedural analysis. The former limits the application to large programs. The latter may lead to many false alarms.

This paper presents a flexible, scalable and practical static bug detection tool, called Canalyze, for C programs. The flexibility is embodied in our modular design that supports different precision-level constraint solvers and interprocedural analyses. Based on these options, one can enable the less precise options to achieve a more scalable analysis or the more time-consuming options to perform a more precise analysis. Our tool is also practical to analyze real-world applications. It has been applied to some industry systems and open source programs like httpd, lighttpd, etc. And hundreds of newly found bugs were confirmed by the maintainers of our benchmarks.

References

[1]

R. Brummayer and A. Biere. Boolector: An eﬃcient SMT solver for bit-vectors and arrays. In Proc. of TACAS, pages 174–177, 2009.

Digital Library

Google Scholar

[2]

C. Cadar, D. Dunbar, and D. Engler. Klee: unassisted and automatic generation of high-coverage tests for complex systems programs. In Proc. of OSDI, 2008.

Digital Library

Google Scholar

[3]

C. Cadar, P. Godefroid, S. Khurshid, C. S. Păsăreanu, K. Sen, N. Tillmann, and W. Visser. Symbolic execution for software testing in practice: Preliminary assessment. In Proc. of ICSE, pages 1066–1071, 2011.

Digital Library

Google Scholar

[4]

W. Le and M. Soffa. Marple: a demand-driven path-sensitive buffer overflow detector. In Proc. of FSE, pages 272–282, 2008.

Digital Library

Google Scholar

[5]

W. Le and M. Soffa. Generating analyses for detecting faults in path segments. In Proc. of ISSTA, 2011.

Digital Library

Google Scholar

[6]

H. Palikareva and C. Cadar. Multi-solver support in symbolic execution. In Proc. of CAV, pages 53–68, 2013.

Digital Library

Google Scholar

[7]

Y. Xie and A. Aiken. Scalable error detection using Boolean satisfiability. In Proc. of POPL, pages 351–363, 2005.

Digital Library

Google Scholar

[8]

Y. Xie, A. Chou, and D. Engler. ARCHER: Using symbolic, path-sensitive analysis to detect memory access errors. In Proc. of ESEC/FSE, pages 327–336, 2003.

Digital Library

Google Scholar

Cited By

View all

Ma XYan JYan JZhang JChristakis MPradel M(2024)Panda: A Concurrent Scheduler for Compiler-Based ToolsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3685311(1871-1875)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3685311
Qiujun ZWeinan JShuhua ZYu SLishuang Z(2023)Research on the Quality of Automotive Electronic Software Based on Code Checking2023 5th International Conference on Artificial Intelligence and Computer Applications (ICAICA)10.1109/ICAICA58456.2023.10405475(210-214)Online publication date: 28-Nov-2023
https://doi.org/10.1109/ICAICA58456.2023.10405475
Li RLiang HLiu LMa XQu RYan JZhang J(2020)GTFuzz: Guard Token Directed Grey-Box Fuzzing2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC50213.2020.00027(160-170)Online publication date: Dec-2020
https://doi.org/10.1109/PRDC50213.2020.00027
Show More Cited By

Index Terms

Canalyze: a static bug-finding tool for C programs

Recommendations

Interprocedural pointer alias analysis

We present practical approximation methods for computing and representing interprocedural aliases for a program written in a language that includes pointers, reference parameters, and recursion. We present the following contributions: (1) a framework ...
An algorithmic mitigation of large spurious interprocedural cycles in static analysis

We present a simple algorithmic extension of the approximate call-strings approach to mitigate substantial performance degradation caused by spurious interprocedural cycles. Spurious interprocedural cycles are, in a realistic setting, the key reasons ...
Precise and efficient integration of interprocedural alias information into data-flow analysis

Data-flow analysis is a basis for program optimization and parallelizing transformations. The mechanism of passing reference parameters at call sites generates interprocedural aliases which complicate this analysis. Solutions have been developed for ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ISSTA 2014: Proceedings of the 2014 International Symposium on Software Testing and Analysis

July 2014

460 pages

ISBN:9781450326452

DOI:10.1145/2610384

General Chair:
Corina S. Păsăreanu
NASA Ames, USA
,
Program Chair:
Darko Marinov
University of Illinois at Urbana-Champaign, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 July 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ISSTA '14

Sponsor:

SIGSOFT

ISSTA '14: International Symposium on Software Testing and Analysis

July 21 - 25, 2014

CA, San Jose, USA

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Sponsor:
sigsoft

34th ACM SIGSOFT International Symposium on Software Testing and Analysis

June 25 - 28, 2025

Trondheim , Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

9
Total Citations
View Citations
411
Total Downloads

Downloads (Last 12 months)13
Downloads (Last 6 weeks)1

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Ma XYan JYan JZhang JChristakis MPradel M(2024)Panda: A Concurrent Scheduler for Compiler-Based ToolsProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3685311(1871-1875)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3685311
Qiujun ZWeinan JShuhua ZYu SLishuang Z(2023)Research on the Quality of Automotive Electronic Software Based on Code Checking2023 5th International Conference on Artificial Intelligence and Computer Applications (ICAICA)10.1109/ICAICA58456.2023.10405475(210-214)Online publication date: 28-Nov-2023
https://doi.org/10.1109/ICAICA58456.2023.10405475
Li RLiang HLiu LMa XQu RYan JZhang J(2020)GTFuzz: Guard Token Directed Grey-Box Fuzzing2020 IEEE 25th Pacific Rim International Symposium on Dependable Computing (PRDC)10.1109/PRDC50213.2020.00027(160-170)Online publication date: Dec-2020
https://doi.org/10.1109/PRDC50213.2020.00027
Ge CMa FMa XZhang FHuang PZhang J(2019)Approximating integer solution counting via space quantification for linear constraintsProceedings of the 28th International Joint Conference on Artificial Intelligence10.5555/3367243.3367274(1697-1703)Online publication date: 10-Aug-2019
https://dl.acm.org/doi/10.5555/3367243.3367274
Zhang LZhang DWang CZhao JZhang Z(2019)ART4SQLi: The ART of SQL Injection Vulnerability DiscoveryIEEE Transactions on Reliability10.1109/TR.2019.291028568:4(1470-1489)Online publication date: Dec-2019
https://doi.org/10.1109/TR.2019.2910285
Ma XYan JYan JZhang J(2019)Reorganizing and Optimizing Post-Inspection on Suspicious Bug Reports in Path-Sensitive Analysis2019 IEEE 19th International Conference on Software Quality, Reliability and Security (QRS)10.1109/QRS.2019.00042(260-271)Online publication date: Jul-2019
https://doi.org/10.1109/QRS.2019.00042
Yan DPan LYan RYan JZhang J(2017)Comprehensive Static Analysis for Configurable Software via Combinatorial Instantiation2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC)10.1109/COMPSAC.2017.91(67-74)Online publication date: Jul-2017
https://doi.org/10.1109/COMPSAC.2017.91
Wu XLi LZhang J(2017)Symbolic Execution with Value-Range Analysis for Floating-Point Exception Detection2017 24th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC.2017.6(1-10)Online publication date: Dec-2017
https://doi.org/10.1109/APSEC.2017.6
Wu XXu ZYan DWu TYan JZhang J(2016)The Floating-Point Extension of Symbolic Execution Engine for Bug Detection2016 23rd Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC.2016.045(265-272)Online publication date: 2016
https://doi.org/10.1109/APSEC.2016.045
Ye JZhang CHan XAhn GYung MLi N(2014)POSTERProceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security10.1145/2660267.2662394(1529-1531)Online publication date: 3-Nov-2014
https://dl.acm.org/doi/10.1145/2660267.2662394

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Interprocedural pointer alias analysis

An algorithmic mitigation of large spurious interprocedural cycles in static analysis

Precise and efficient integration of interprocedural alias information into data-flow analysis