R. Huuck - Academia.edu (original) (raw)
Papers by R. Huuck
Lecture Notes in Computer Science, 1997
We investigate the relationship between timed c/e systems 4] and timed automata 2]. We provide an... more We investigate the relationship between timed c/e systems 4] and timed automata 2]. We provide an e ective function that associates to each timed c/e system an \equivalent" timed automaton. Equivalence has to be understood here as describing essentially the same real{time behaviors. A bene t from providing such a function is that analysis tools developed for timed automata can now be applied to analyze timed c/e systems. We also prove that timed automata can be translated into equivalent timed c/e systems.
Electronic Proceedings in Theoretical Computer Science, 2012
ABSTRACT This volume contains the papers accepted at the 7th Systems Software Verification Confer... more ABSTRACT This volume contains the papers accepted at the 7th Systems Software Verification Conference (SSV 2012), held in Sydney, November 28-30, 2012. The aim of SSV workshops and conference series is to bring together researchers and developers from both academia and industry who are facing real software and real problems with the goal of finding real, applicable solutions.
Innovations in Systems and Software Engineering, 2012
ABSTRACT Model checking and static analysis are traditionally seen as two separate approaches to ... more ABSTRACT Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.
Lecture Notes in Computer Science, 2010
In this work we introduce counterexample guided path reduction based on interval constraint solvi... more In this work we introduce counterexample guided path reduction based on interval constraint solving for static program analysis. The aim of this technique is to reduce the number of false positives by reducing the number of feasible paths in the abstraction iteratively. Given a counterexample, a set of observers is computed which exclude infeasible paths in the next iteration. This approach combines ideas from counterexample guided abstraction refinement for software verification with static analysis techniques that employ interval constraint solving. The advantage is that the analysis becomes less conservative than static analysis, while it benefits from the fact that interval constraint solving deals naturally with loops. We demonstrate that the proposed approach is effective in reducing the number of false positives, and compare it to other static checkers for C/C++ program analysis.
Lecture Notes in Computer Science, 2009
In this work we introduce a novel approach for removing false positives in static program analysi... more In this work we introduce a novel approach for removing false positives in static program analysis. We present an incremental algorithm that investigates paths to failure locations with respect to feasibility. The feasibility test it done by interval constraint solving over a semantic abstraction of program paths. Sets of infeasible paths can be ruled out by enriching the analysis incrementally with observers. Much like counterexample guided abstraction refinement for software verification our approach enables to start static program analysis with a coarse syntactic abstraction and use richer semantic information to rule out false positives when necessary and possible. Moreover, we present our implementation in the Goanna static analyzer and compare it to other tools for C/C++ program analysis.
Lecture Notes in Computer Science, 2008
Goanna is an industrial-strength static analysis tool used in academia and industry alike to find... more Goanna is an industrial-strength static analysis tool used in academia and industry alike to find bugs in C/C++ programs. Unlike existing approaches Goanna uses the off-the-shelf NuSMV model checker as its core analysis engine on a syntactic flow-sensitive program abstraction. The CTL-based model checking approach enables a high degree of flexibility in writing checks, scales to large number of checks, and can scale to large code bases. Moreover, the tool incorporates techniques from constraint solving, classical data flow analysis and a CEGAR inspired counterexample based path reduction. In this paper we describe Goanna's core technology, its features and the relevant techniques, as well as our experiences of using Goanna on large code bases such as the Firefox web browser.
Sequential function charts (SFCs) are defined as a modeling language in the IEC 1131-3 standard [... more Sequential function charts (SFCs) are defined as a modeling language in the IEC 1131-3 standard [1] and can be used to structure and drive programmable logic controllers (PLCs). It includes interesting concepts as hierarchy, history variables and priority. As the typical application area of this language is the control of industrial processes, it is obvious that safety and reliability is a crucial goal for systems using SFCs. In this work we give an abstract formal model for SFCs and present a method to automatically verify properties concerning the safety of such systems using the model checking tool SMV (Symbolic Model Verifier) .
Lecture Notes in Computer Science, 1997
We investigate the relationship between timed c/e systems 4] and timed automata 2]. We provide an... more We investigate the relationship between timed c/e systems 4] and timed automata 2]. We provide an e ective function that associates to each timed c/e system an \equivalent" timed automaton. Equivalence has to be understood here as describing essentially the same real{time behaviors. A bene t from providing such a function is that analysis tools developed for timed automata can now be applied to analyze timed c/e systems. We also prove that timed automata can be translated into equivalent timed c/e systems.
Electronic Proceedings in Theoretical Computer Science, 2012
ABSTRACT This volume contains the papers accepted at the 7th Systems Software Verification Confer... more ABSTRACT This volume contains the papers accepted at the 7th Systems Software Verification Conference (SSV 2012), held in Sydney, November 28-30, 2012. The aim of SSV workshops and conference series is to bring together researchers and developers from both academia and industry who are facing real software and real problems with the goal of finding real, applicable solutions.
Innovations in Systems and Software Engineering, 2012
ABSTRACT Model checking and static analysis are traditionally seen as two separate approaches to ... more ABSTRACT Model checking and static analysis are traditionally seen as two separate approaches to software analysis and verification. In this work we define a model, checking approach for the static analysis of large C/C++ source code bases to detect potential run-time issues such as program crashes, security vulnerabilities and memory leaks. Working on the intersection of software model checking and automated static bug detection for real-life systems, we address a number of issues: how to scale for real-life systems of 1,000,000 LoC or more, how to quickly write new checks, and most importantly how to distinguish between relevant and irrelevant bugs and fine tune the analysis accordingly. We define our model checking-based static analysis approach implemented in our tool Goanna, illustrate a number of design and implementation decisions to obtain practical outcomes and relevant results, and present our findings by empirical data obtained from regularly analyzing large industrial and open source code bases such as the Firefox Web browser.
Lecture Notes in Computer Science, 2010
In this work we introduce counterexample guided path reduction based on interval constraint solvi... more In this work we introduce counterexample guided path reduction based on interval constraint solving for static program analysis. The aim of this technique is to reduce the number of false positives by reducing the number of feasible paths in the abstraction iteratively. Given a counterexample, a set of observers is computed which exclude infeasible paths in the next iteration. This approach combines ideas from counterexample guided abstraction refinement for software verification with static analysis techniques that employ interval constraint solving. The advantage is that the analysis becomes less conservative than static analysis, while it benefits from the fact that interval constraint solving deals naturally with loops. We demonstrate that the proposed approach is effective in reducing the number of false positives, and compare it to other static checkers for C/C++ program analysis.
Lecture Notes in Computer Science, 2009
In this work we introduce a novel approach for removing false positives in static program analysi... more In this work we introduce a novel approach for removing false positives in static program analysis. We present an incremental algorithm that investigates paths to failure locations with respect to feasibility. The feasibility test it done by interval constraint solving over a semantic abstraction of program paths. Sets of infeasible paths can be ruled out by enriching the analysis incrementally with observers. Much like counterexample guided abstraction refinement for software verification our approach enables to start static program analysis with a coarse syntactic abstraction and use richer semantic information to rule out false positives when necessary and possible. Moreover, we present our implementation in the Goanna static analyzer and compare it to other tools for C/C++ program analysis.
Lecture Notes in Computer Science, 2008
Goanna is an industrial-strength static analysis tool used in academia and industry alike to find... more Goanna is an industrial-strength static analysis tool used in academia and industry alike to find bugs in C/C++ programs. Unlike existing approaches Goanna uses the off-the-shelf NuSMV model checker as its core analysis engine on a syntactic flow-sensitive program abstraction. The CTL-based model checking approach enables a high degree of flexibility in writing checks, scales to large number of checks, and can scale to large code bases. Moreover, the tool incorporates techniques from constraint solving, classical data flow analysis and a CEGAR inspired counterexample based path reduction. In this paper we describe Goanna's core technology, its features and the relevant techniques, as well as our experiences of using Goanna on large code bases such as the Firefox web browser.
Sequential function charts (SFCs) are defined as a modeling language in the IEC 1131-3 standard [... more Sequential function charts (SFCs) are defined as a modeling language in the IEC 1131-3 standard [1] and can be used to structure and drive programmable logic controllers (PLCs). It includes interesting concepts as hierarchy, history variables and priority. As the typical application area of this language is the control of industrial processes, it is obvious that safety and reliability is a crucial goal for systems using SFCs. In this work we give an abstract formal model for SFCs and present a method to automatically verify properties concerning the safety of such systems using the model checking tool SMV (Symbolic Model Verifier) .