1 / 8

HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems

HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems S. Tucker Taft CTO, SofCheck, Inc., Burlington, MA, USA. Outline. Advanced Static Analysis for Correctness and Security Checking Formal Proof Model Checking

Download Presentation

HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HCSSAS Capabilities and Limitations of Static Error Detection in Software for Critical Systems S. Tucker Taft CTO, SofCheck, Inc., Burlington, MA, USA

  2. Outline • Advanced Static Analysis for Correctness and Security Checking • Formal Proof • Model Checking • Flow Analysis, Abstract Interpretation, Symbolic Execution • Future Challenges and Directions

  3. Advanced Static Analysis • Correctness and Security Checking • Not just “style” checking • Application-specific Correctness and Security relative to formal specification of application • Or • Application-independent Correctness / Meaningfulness / Run-Time-Failure-Free-ness / Security relative to language specification • Discovery of Properties?

  4. Formal Proof • Traditionally seen as proving (partial or total) correctness relative to formal application specification • Generally not fully automated, can get “stuck” on loops and recursion needing human intervention to suggest invariants • Progress is being made on achieving lights out proof systems • Reputation for only being able to handle small systems • Some > 100KLOC systems have now been “proved” correct • Hoare Verification Grand Challenge • Push the envelope on automated formal verification • Formal proof systems can be used to prove application-independent properties • Freedom from run-time exceptions

  5. Model Checking • Derived from work on hardware verification • Examines entire state space to verify predicate • Requires significant approximations to handle enormous software state space • E.g. Transform into Boolean program • Can have challenges in finding multiple kinds of errors in a single analysis • Can be used effectively on design-level model of system

  6. Flow Analysis • Many names • Control and Data Flow Analysis • Abstract Interpretation • Symbolic Execution • Strong heritage in optimizing compiler technology • Alias Analysis • Static Single Assignment • Value and Range Propagation • Scalable Interprocedural Analysis • Iterative algorithms to achieve fix point • Necessary and appropriate approximations • Sound or unsound (false positives vs. false negatives) • Flexibility allows orientation toward discovery of properties; e.g: • Discover preconditions of algorithms as-built that ensure no run-time failures • Discover maximum stack or heap usage

  7. Future Challenges and Directions • False Negatives and False Positives • Too many of either makes diagnostic test useless • Fighting against the Halting problem • Due to approximations and pragmatics • Loops and recursion make approximations inevitable • Example of Boring Positive: Failures due to overflow of 32-bit counter • Of course it depends on anticipated lifetime of individual invocation of system • Think Y2K • Incremental analysis • Handle larger, evolving systems in “developer” time • Provide what if analysis • Systems of systems • Multiple programming languages • Extra-language communication mechanisms • Static Timing and Performance Analysis • Automated identification of bottlenecks • Related to discovery of properties

  8. Tucker Taft tucker.taft@sofcheck.com +1 (781) 750-8068 x220 11 Cypress Drive Burlington, MA 01803-4907

More Related