Skip to main content

Fade to grey: Tuning static program analysis


Ansgar Fehnker, Ralf Huuck, Sean Seefried and Michael Tapp



Static program analysis complements traditional dynamic testing by discovering generic patterns and relations in source code, which indicate software deficiencies such as memory corruption, unexpected program behavior and memory leaks. Since static program analysis builds on approximations of a program's concrete behavior there is often a trade-off between reporting potential bugs that might be the result of an over-approximation and silently suppressing those defects in that grey area. While this trade-off is less important for small files it has severe implications when facing large software packages, i.e., 1,000,000 LoC and more. In this work we report on experiences with using our static C/C++ analyzer Goanna on such large software systems, motivate why a flexible property specification language is vital, and present a number of decisions that had to be made to select the right checks as well as a sensible reporting strategy. We illustrate our findings by empirical data obtained from regularly analyzing the Firefox source code.

BibTeX Entry

    author           = {Fehnker, Ansgar and Huuck, Ralf and Seefried, Sean and Tapp, Michael},
    editor           = {{Einar Johnsen \& Volker Stolz}},
    month            = aug,
    year             = {2009},
    keywords         = {static analysis, goanna, software verification, case study},
    address          = {Kuala Lumpur},
    title            = {Fade to Grey: Tuning Static Program Analysis},
    booktitle        = {3rd International Workshop on Harnessing Theories for Tool Support in Software},
    publisher        = {UNU-IIST}


Served by Apache on Linux on seL4.