On Software Safety, Security, and Abstract Interpretation
Static code analysis can be applied to show compliance to coding guidelines, and to demonstrate the absence of critical programming errors, including runtime errors and data races. In recent years, security concerns have become more and more relevant for safety-critical systems, not least due to the increasing importance of highly-automated driving and pervasive connectivity. While in the past, sound static analyzers have been primarily applied to demonstrate classical safety properties they are well suited also to address data safety, and to discover security vulnerabilities. This article gives an overview and discusses practical experience.
This work was funded within the project ARAMiS II by the German Federal Ministry for Education and Research with the funding ID 01—S16025. The responsibility for the content remains with the authors.
- 1.Assaf, M., Naumann, D.A., Signoles, J., Totel, E., Tronel, F.: Hypercollecting semantics and its application to static analysis of information flow. CoRR abs/1608.01654 (2016). http://arxiv.org/abs/1608.01654. Accessed Sep 2017
- 3.Kästner, D., Miné, A., Mauborgne, L., Rival, X., Feret, J., Cousot, P., Schmidt, A., Hille, H., Wilhelm, S., Ferdinand, C.: Finding all potential runtime errors and data races in automotive software. In: SAE World Congress 2017. SAE International (2017)Google Scholar
- 4.Kästner, D., Mauborgne, L., Ferdinand, C.: Detecting safety- and security-relevant programming defects by sound static analysis. In: Falk, R., Steve Chan, J.C.B. (eds.) The Second International Conference on Cyber-Technologies and Cyber-Systems (CYBER 2017). IARIA Conferences, vol. 2, pp. 26–31. IARIA XPS Press (2017)Google Scholar
- 6.Miné, A., Delmas, D.: Towards an industrial use of sound static analysis for the verification of concurrent embedded avionics software. In: Proceedings of the 15th International Conference on Embedded Software (EMSOFT 2015), pp. 65–74. IEEE CS Press, October 2015Google Scholar