Journal Article10.1109/MS.2004.1293079
Righting software
James R. Larus,Thomas Ball,Manuvir Das,Robert DeLine,Manuel Fähndrich,J. Pincus,Sriram K. Rajamani,Ramanathan Venkatapathy +7 more
TL;DR: Microsoft Research has developed two generations of correctness tools, some of which Microsoft developers already use to find and correct bugs and can improve software development by systematically detecting programming errors.
read more
Abstract: What tools do we use to develop and debug software? Most of us rely on a full-screen editor to write code, a compiler to translate it, a source-level debugger to correct it, and a source-code control system to archive and share it. These tools originated in the 1970s, when the change from batch to interactive programming stimulated the development of innovative languages, tools, environments, and other utilities we take for granted. Microsoft Research has developed two generations of tools, some of which Microsoft developers already use to find and correct bugs. These correctness tools can improve software development by systematically detecting programming errors.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Modeling and Discovering Vulnerabilities with Code Property Graphs
Fabian Yamaguchi,Nico Golde,Daniel Arp,Konrad Rieck +3 more
- 18 May 2014
TL;DR: This paper introduces a novel representation of source code called a code property graph that merges concepts of classic program analysis, namely abstract syntax trees, control flow graphs and program dependence graphs, into a joint data structure that enables it to elegantly model templates for common vulnerabilities with graph traversals that can identify buffer overflows, integer overflOWS, format string vulnerabilities, or memory disclosures.
Formal methods: Practice and experience
TL;DR: The state of the art in the industrial use of formal methods is described, concentrating on their increasing use at the earlier stages of specification and design, by comparing the situation in 2009 with the most significant surveys carried out over the last 20 years.
Perracotta: mining temporal API rules from imperfect traces
Jinlin Yang,David Evans,Deepali Bhardwaj,Thirumalesh Bhat,Manuvir Das +4 more
- 28 May 2006
TL;DR: Why scaling dynamic inference techniques has proven difficult is identified, and solutions that enable a dynamic inference technique to scale to large programs and work effectively with the imperfect traces typically available in industrial scenarios are introduced.
Software Vulnerability Analysis and Discovery Using Machine-Learning and Data-Mining Techniques: A Survey
TL;DR: An extensive review of the many different works in the field of software vulnerability analysis and discovery that utilize machine-learning and data-mining techniques that utilize both advantages and shortcomings in this domain is provided.
370
On the value of static analysis for fault detection in software
TL;DR: In this article, the authors analyzed static analysis faults and test and customer-reported failures for three large-scale industrial software systems developed at Nortel Networks and found that automated static analysis is effective at identifying assignment and checking faults, allowing the later software production phases to focus on more complex, functional, and algorithmic faults.
References
Extended static checking for Java
Cormac Flanagan,K. Rustan M. Leino,Mark Lillibridge,Greg Nelson,James B. Saxe,Raymie Stata +5 more
- 17 May 2002
TL;DR: The Extended Static Checker for Java (ESC/Java) is introduced, an experimental compile-time program checker that finds common programming errors and provides programmers with a simple annotation language with which programmer design decisions can be expressed formally.
Extended Static Checking for Java
Greg Nelson
- 12 Jul 2004
TL;DR: The talk provides an overview and demonstration of an Extended Static Checker for the Java programming language, a program checker that finds errors statically but has a much more accurate semantic model than existing static checkers like type checkers and data flow analysers.
1.1K
The SLAM project: debugging system software via static analysis
Thomas Ball,Sriram K. Rajamani +1 more
- 01 Jan 2002
TL;DR: This work has successfully applied the SLAM toolkit to Windows XP device drivers, to both validate behavior and find defects in their usage of kernel APIs.
ESP: path-sensitive program verification in polynomial time
Manuvir Das,Sorin Lerner,Mark C. Seigle +2 more
- 17 May 2002
TL;DR: This paper presents a new algorithm for partial program verification that runs in polynomial time and space, and shows that property simulation scales to large programs and is accurate enough to verify meaningful properties.
Lint, a C Program Checker
S. C. Johnson,Murray Hill +1 more
- 01 Jan 1978
TL;DR: This document discusses the use of lint, gives an overview of the implementa- tion, and gives some hints on the writing of machine independent C code.
397
Related Papers (5)
John Viega,J.T. Bloch,Y. Kohno,Gary McGraw +3 more
- 11 Dec 2000
Arash Baratloo,Navjot Singh,Timothy Tsai +2 more
- 18 Jun 2000
Todd Austin,Scott E. Breach,Gurindar S. Sohi +2 more
- 01 Jun 1994