The University of Queensland Homepage
UQ HomepageSearch UQFind all Contacts at UQStudy Options at UQEvents at UQUQ MapsUQ LibraryLink to my.UQ
School of ITEE ITEE Main Website
      





 Static Analysis Projects

Correlation of Bug Data with Code Complexity and Age

The Parfait (see below) UI provides a view that summarizes bug information from a large project by means of clouds (either files that are the most buggy or by bug-type) and bar charts. This project extends that view to summarize other interesting data from a large project, such as complexity of the code and how it correlates to where the bugs are, as well as age of the code (as measured by revision control system logs) and how it correlates to buggy code. The Parfait UI is written in JavaScript and runs through a web browser.

Program analysis for concurrency bugs

The Parfait framework currently supports the detection of various types of memory-related bugs: buffer read/write overflows, memory leaks, double frees, etc. This project is for the extension of the framework to support concurrency bugs, i.e., develop data flow or symbolic analysis algorithms to find bugs such as data races and lock conditions. The code to be analysed is C/C++ code.

Automatic generation of test cases from a bug

The Parfait tool finds various bugs in code, a good percentage of the reported bugs are real bugs, few are false positives. The aim of this project is to generate test cases automatically for a given proposed bug by the tool, in order to then use the test case as a way of identifying some false positives reported by Parfait.

Inconsistency checking

An inconsistency checker is a tool that walks source code and determines which invariants (conventions) are used in the code. It then automates the checking of such invariants. For example, if the code shows that every time a lock is used a free is done, the code would flag any instance of code where a lock is used but never freed.

Model checking as a tool for finding or verifying bugs

Model checking is a technique based on temporal logic that can be used to verify properties about a system. In this project, the aim would be to use model checking as part of Parfait to find bugs, as well as use the model checker to determine if a particular bug reported by Parfait is a false positive (as the model checker can find a path that exposes the bug or lack of bug).

Automatic creation of exploits

Given bugs that have user-input dependencies, the aim of this project is to automatically create exploits for such bugs.

Parfait

The Parfait project at Sun Labs is a bug-checking project that looks into scalable program analysis as it relates to bug-checking of C/C++ source code. Parfait is built on top of LLVM, an open source low-level virtual machine supported by Apple. As such, Parfait analyses LLVM intermediate code (LLVM bytecode) using a variety of program analyses such as data flow analysis, partial evaluation and abstract interpretation, to determine where bugs in the source code lie.
© 2002-2009 The University of Queensland, Brisbane, Australia
ABN 63 942 912 684
CRICOS Provider No: 00025B

This is a personal web area hosted on a University of Queensland web server.
Please be advised that this web page is not officially endorsed by The University of Queensland.
The University accepts no responsibility or liability for the contents of this area.

Last Updated: 27 February, 2009, 1:20pm