invited-talk

Program analysis for bug detection using parfait: invited talk

Authors:

Cristina Cifuentes,

Nathan Keynes,

Lian Li,

Bernhard ScholzAuthors Info & Claims

PEPM '09: Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation

Pages 7 - 8

https://doi.org/10.1145/1480945.1480947

Published: 19 January 2009 Publication History

Get Access

Abstract

The goal of the Parfait project is to find bugs in C source code in a scalable and precise way. To this end, Parfait was designed as a framework with layers of sound program analyses, multiple layers per bug type, to identify bugs in a program more quickly and accurately.

Parfait also aims to identify security bugs, i.e., bugs that may be exploited by a malicious user. To this end, an optional pre-processing step is available to reduce the scope of potential bugs of interest.

To evaluate Parfait's precision and recall, we have developed BegBunch, a bug benchmarking suite that contains existing synthetic benchmarks and samples of bugs ("bug kernels") taken from open source code.

References

[1]

Alfred V. Aho, Ravi Sethi, and Jeffrey D. Ullman. Compilers. Addison-Wesley, 1986.

Google Scholar

[2]

T. E. Cheatham, G. H. Holloway, and J. A. Townley. Symbolic evaluation and the analysis of programs. IEEE Trans. Softw. Eng., 5 (4): 402--417, 1979.

Digital Library

Google Scholar

[3]

Cristina Cifuentes and Bernhard Scholz. Parfait -- designing a scalable bug checker. In Proceedings of the ACM SIGPLAN Static Analysis Workshop, pages 4--11, 12 June 2008.

Digital Library

Google Scholar

[4]

Cristina Cifuentes, Bernhard Scholz, Michael Mounteney, Erica Mealy, Nathan Keynes, and Lian Li. BegBunch: A benchmarker for C-source bug detection tools. Submitted for publication, January 2009.

Google Scholar

[5]

Yoshihiko Futamura. Partial evaluation of computation process -- an approach to a compiler-compiler. Systems, Computers, Controls, 2: 45--50, 1971.

Google Scholar

[6]

S.C. Johnson. Lint, a C program checker. Technical Report 65, Bell Laboratories, 1978.

Google Scholar

[7]

Kendra Kratkiewicz and Richard Lippmann. Using a diagnostic corpus of C programs to evaluate buffer overflow detection by static analysis tools. In Proc. of Workshop on the Evaluation of Software Defect Detection Tools, June 2005.

Google Scholar

[8]

Chris Lattner and Vikram Adve. LLVM: A compilation framework for lifelong program analysis & transformation. In Proceedings of the 2004 International Symposium on Code Generation and Optimization (CGO'04), Palo Alto, California, March 2004.

Digital Library

Google Scholar

[9]

Shan Lu, Zhenmin Li, Feng Qin, Lin Tan, Pin Zhou, and Yuanyuan Zhou. BugBench: A benchmark for evaluating bug detection tools. In Proc. of Workshop on the Evaluation of Software Defect Detection Tools, June 2005.

Google Scholar

[10]

NIST. National Institute of Standards and Technology SAMATE Reference Dataset (SRD) project. http://samate.nist.gov/SRD, January 2006.

Google Scholar

[11]

Bernhard Scholz, Chenyi Zhang, and Cristina Cifuentes. User-input dependence analysis via graph reachability. In Proceedings of the Eighth IEEE Working Conference on Source Code Analysis and Manipulation, pages 25--34, 28-29 September 2008.

Crossref

Google Scholar

[12]

ISO C 99 Standard -- TC2. ISO/IEC Working Group 14, 9899:TC2 edition, May 2005.

Google Scholar

[13]

Misha Zitser, Richard Lippmann, and Tim Leek. Testing static analysis tools using exploitable buffer overflows from open source code. In Proceedings of the 12th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pages 97--106. ACM Press, 2004.

Digital Library

Google Scholar

Cited By

View all

Stroggylos KMitropoulos DTzermias ZPapadopoulos PRafailidis FSpinellis DIoannidis SKatsaros PSokratis KMichael HTheodoros ADimosthenis AElias CTheodora VMara N(2014)Securing Legacy Code with the TRACER PlatformProceedings of the 18th Panhellenic Conference on Informatics10.1145/2645791.2645796(1-6)Online publication date: 2-Oct-2014
https://dl.acm.org/doi/10.1145/2645791.2645796

Index Terms

Program analysis for bug detection using parfait: invited talk

Recommendations

Effective Bug Triage Based on Historical Bug-Fix Information
ISSRE '14: Proceedings of the 2014 IEEE 25th International Symposium on Software Reliability Engineering

For complex and popular software, project teams could receive a large number of bug reports. It is often tedious and costly to manually assign these bug reports to developers who have the expertise to fix the bugs. Many bug triage techniques have been ...
Detect Related Bugs from Source Code Using Bug Information
COMPSAC '10: Proceedings of the 2010 IEEE 34th Annual Computer Software and Applications Conference

Open source projects often maintain open bug repositories during development and maintenance, and the reporters often point out straightly or implicitly the reasons why bugs occur when they submit them. The comments about a bug are very valuable for ...
Supporting bug investigation using history analysis
ASE '13: Proceedings of the 28th IEEE/ACM International Conference on Automated Software Engineering

In my research, I propose an automated technique to support bug investigation by using a novel analysis of the history of the source code. During the bug-fixing process, developers spend a high amount of manual effort investigating the bug in order to ...

Comments

Information & Contributors

Information

Published In

PEPM '09: Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation

January 2009

208 pages

ISBN:9781605583273

DOI:10.1145/1480945

Program Chairs:
Germán Puebla
Technical University of Madrid, Spain
,
Germán Vidal
Technical University of Valencia, Spain

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 January 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Invited-talk

Conference

PEPM '09

Sponsor:

PEPM '09: Partial Evaluation and Program Manipulation

January 19 - 20, 2009

GA, Savannah, USA

Acceptance Rates

Overall Acceptance Rate 66 of 120 submissions, 55%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
241
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Stroggylos KMitropoulos DTzermias ZPapadopoulos PRafailidis FSpinellis DIoannidis SKatsaros PSokratis KMichael HTheodoros ADimosthenis AElias CTheodora VMara N(2014)Securing Legacy Code with the TRACER PlatformProceedings of the 18th Panhellenic Conference on Informatics10.1145/2645791.2645796(1-6)Online publication date: 2-Oct-2014
https://dl.acm.org/doi/10.1145/2645791.2645796

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Effective Bug Triage Based on Historical Bug-Fix Information

Detect Related Bugs from Source Code Using Bug Information

Supporting bug investigation using history analysis

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations