1782:
2336:
2356:
2346:
852:, to model the effect that every statement has on the state of an abstract machine (i.e., it 'executes' the software based on the mathematical properties of each statement and declaration). This abstract machine over-approximates the behaviours of the system: the abstract system is thus made simpler to analyze, at the expense of
709:
A study in 2012 by VDC Research reported that 28.7% of the embedded software engineers surveyed use static analysis tools and 39.7% expect to use them within 2 years. A study from 2010 found that 60% of the interviewed developers in
European research projects made at least use of their basic IDE
767:
Analysis that takes into account the business/mission layer terms, rules and processes that are implemented within the software system for its operation as part of enterprise or program/mission layer activities. These elements are implemented without being limited to one specific technology or
1314:
Prause, Christian R., René Reiners, and
Silviya Dencheva. "Empirical study of tool support in highly distributed research projects." Global Software Engineering (ICGSE), 2010 5th IEEE International Conference on. IEEE, 2010
1180:, ERTS2010.org, Toulouse, France: Patrick Briand, Martin Brochet, Thierry Cambois, Emmanuel Coutenceau, Olivier Guetta, Daniel Mainberte, Frederic Mondot, Patrick Munier, Loic Noury, Philippe Spozio, Frederic Retailleau.
1279:// FAA, Certification Authorities Software Team (CAST), January, 2002: "Verification. A combination of both static and dynamic analyses should be specified by the applicant/developer and applied to the software."
1216:
737:
measurement and assessment. This document on "How to
Deliver Resilient, Secure, Efficient, and Easily Changed IT Systems in Line with CISQ Recommendations" describes three levels of software analysis.
658:
can be described as forms of static analysis. Deriving software metrics and static analysis are increasingly deployed together, especially in creation of embedded systems, by defining so-called
937:
Data-driven static analysis leverages extensive codebases to infer coding rules and improve the accuracy of the analysis. For instance, one can use all Java open-source packages available on
750:
Analysis that takes into account interactions between unit programs to get a more holistic and semantic view of the overall program in order to find issues and avoid obvious false positives.
636:
The sophistication of the analysis performed by tools varies from those that only consider the behaviour of individual statements and declarations, to those that include the complete
564:
673:
code. For example, the following industries have identified the use of static code analysis as a means of improving the quality of increasingly sophisticated and complex software:
1272:
1169:
768:
programming language and in many cases are distributed across multiple languages, but are statically extracted and analyzed for system understanding for mission assurance.
518:
822:: there is no mechanical method that can always answer truthfully whether an arbitrary program may or may not exhibit runtime errors. This result dates from the works of
818:
language), finding all possible run-time errors in an arbitrary program (or more generally any kind of violation of a specification on the final result of a program) is
941:
to learn good analysis strategies. The rule inference can use machine learning techniques. It is also possible to learn from a large amount of past fixes and warnings.
1347:
1238:
1212:
485:
1194:
1703:
557:
977:
756:
Analysis that takes into account the interactions between unit programs, but without being limited to one specific technology or programming language.
1327:
M. Howard and S. Lipner. The
Security Development Lifecycle: SDL: A Process for Developing Demonstrably More Secure Software. Microsoft Press, 2006.
1316:
327:
640:
of a program in their analysis. The uses of the information obtained from the analysis vary from highlighting possible coding errors (e.g., the
1514:
Proceedings of the 2015 ACM SIGPLAN International
Conference on Object-Oriented Programming, Systems, Languages, and Applications - OOPSLA 2015
1008:
475:
1663:
1644:
1495:
550:
450:
191:
604:
The term is usually applied to analysis performed by an automated tool, with human analysis typically being called "program understanding",
470:
1428:
714:
508:
1781:
1269:
1166:
1596:
Ayewah, Nathaniel; Hovemeyer, David; Morgenthaler, J. David; Penix, John; Pugh, William (2008). "Using Static
Analysis to Find Bugs".
1332:
856:(not every property true of the original system is true of the abstract system). If properly done, though, abstract interpretation is
417:
181:
1958:
1530:
1013:
905:
284:
1511:
Oh, Hakjoo; Yang, Hongseok; Yi, Kwangkeun (2015). "Learning a strategy for adapting a program analysis via bayesian optimisation".
1371:
1294:
1049:
2380:
877:
407:
402:
158:
2057:
1236:
Computer based safety systems - technical guidance for assessing software aspects of digital computer based protection systems,
791:) whose results are obtained purely through the use of rigorous mathematical methods. The mathematical techniques used include
536:
2218:
2072:
1766:
1731:
1403:
919:
718:
427:
140:
120:
710:
built-in static analyzers. However, only about 10% employed an additional other (and perhaps more advanced) analysis tool.
2390:
2308:
928:, as used to derive mathematical expressions representing the value of mutated variables at particular points in the code.
701:
Automotive & Machines (functional safety features form an integral part of each automotive product development phase,
337:
226:
216:
166:
1344:
2271:
1790:
1741:
681:
513:
241:
206:
57:
2246:
2165:
332:
304:
744:
Analysis that takes place within a specific program or subroutine, without connecting to the context of that program.
1696:
648:
that mathematically prove properties about a given program (e.g., its behaviour matches that of its specification).
2276:
1996:
1023:
885:
881:
455:
299:
186:
176:
115:
2359:
1317:
https://ieeexplore.ieee.org/Xplore/login.jsp?url=%2Fielx5%2F5581168%2F5581493%2F05581551.pdf&authDecision=-203
2385:
2349:
2339:
1867:
1689:
1048:
Wichmann, B. A.; Canning, A. A.; Clutterbuck, D. L.; Winsbarrow, L. A.; Ward, N. J.; Marsh, D. W. R. (Mar 1995).
688:
670:
221:
201:
2190:
1988:
1189:
695:
598:
362:
231:
211:
1921:
687:
Nuclear software: In the UK the Office for
Nuclear Regulation (ONR) recommends the use of static analysis on
2150:
1906:
972:
849:
804:
730:
490:
372:
251:
125:
2293:
2288:
2091:
1810:
1605:
889:
792:
432:
342:
294:
236:
2119:
2018:
1512:
1245:
949:
Static analyzers produce warnings. For certain types of warnings, it is possible to design and implement
1916:
1822:
1815:
1270:
Position Paper CAST-9. Considerations for
Evaluating Safety Engineering Approaches to Software Assurance
800:
641:
605:
289:
256:
72:
62:
1201:(PDF), Benjamin Livshits, section 7.3 "Static Techniques for Security". Stanford doctoral thesis, 2006.
2086:
2081:
1968:
1844:
1832:
1761:
950:
915:
901:
860:(every property true of the abstract system can be mapped to a true property of the original system).
665:
A growing commercial use of static analysis is in the verification of properties of software used in
617:
352:
196:
130:
97:
77:
38:
2001:
1610:
2098:
1933:
1805:
982:
842:). As with many undecidable questions, one can still attempt to give useful approximate solutions.
796:
655:
613:
347:
266:
92:
2067:
2008:
1978:
1963:
1928:
1827:
1771:
1726:
1623:
1536:
1138:"Just enough semantics: An information theoretic approach for IR-based software bug localization"
1137:
1118:
925:
863:
465:
1432:
2182:
1756:
1659:
1640:
1575:
1526:
1491:
1328:
1110:
839:
788:
2129:
2028:
1953:
1862:
1712:
1615:
1567:
1518:
1483:
1149:
1102:
1064:
1018:
819:
734:
677:
594:
578:
422:
385:
367:
357:
82:
2233:
2023:
1943:
1852:
1456:
1351:
1276:
1198:
1173:
1003:
835:
815:
811:
666:
651:
309:
261:
145:
67:
721:(SDLs) such as the SDL defined by Microsoft and a common practice in software companies.
1672:
1364:
1290:
1072:
601:, which is performed on programs during their execution in the integrated environment.
2251:
2210:
2134:
2062:
2042:
1948:
1911:
1877:
1746:
911:
866:, a lattice-based technique for gathering information about the possible set of values;
778:
645:
1482:. EASE '21. New York, NY, USA: Association for Computing Machinery. pp. 272–277.
953:
techniques. For example, Logozzo and Ball have proposed automated remediations for C#
620:
are also used. In most cases the analysis is performed on some version of a program's
2374:
1938:
1872:
1736:
873:
827:
823:
52:
1627:
1540:
1476:"Open Data-driven Usability Improvements of Static Code Analysis and its Challenges"
1354:. In GI Sicherheit 2014. Lecture Notes in Informatics, 228, pages 91-101, GI, 2014.
2298:
2281:
2124:
1751:
1122:
1089:
Egele, Manuel; Scholte, Theodoor; Kirda, Engin; Kruegel, Christopher (2008-03-05).
997:
135:
1429:"A Formal Methods-based verification approach to medical device software analysis"
1396:
1153:
2114:
1973:
1365:"OMG Whitepaper | CISQ - Consortium for Information & Software Quality"
869:
831:
637:
625:
621:
609:
17:
2200:
2195:
967:
1579:
1555:
1114:
2261:
2077:
1857:
1571:
1522:
1487:
1106:
1028:
992:
897:
702:
87:
1475:
1090:
1068:
733:) published a study regarding the types of software analysis required for
2160:
893:
845:
Some of the implementation techniques of formal static analysis include:
784:
460:
412:
397:
392:
1619:
597:
of computer programs performed without executing them, in contrast with
2155:
2013:
1676:
1091:"A survey on automated dynamic malware-analysis techniques and tools"
938:
171:
1191:
Improving
Software Security with Precise Static and Runtime Analysis
1178:
Proceedings: Embedded Real Time
Software and Systems 2010 Conference
684:(FDA) has identified the use of static analysis for medical devices.
2223:
1681:
1675:
International Winter School on Semantics and Applications 2003, by
1397:"A Survey of Automated Techniques for Formal Software Verification"
2313:
2303:
987:
880:. There is tool support for some programming languages (e.g., the
246:
2266:
2241:
1136:
Khatiwada, Saket; Tushev, Miroslav; Mahmoud, Anas (2018-01-01).
480:
1685:
1654:
Flemming Nielson; Hanne R. Nielson; Chris Hankin (2004-12-10).
876:
with a set of logical rules for reasoning rigorously about the
1345:
Deploying Static Application Security Testing on a Large Scale
2256:
1457:"Learning from other's mistakes: Data-driven code analysis"
1291:"Automated Defect Prevention for Embedded Software Quality"
1474:
Söderberg, Emma; Church, Luke; Höst, Martin (2021-06-21).
783:
Formal methods is the term applied to the analysis of
760:
A further level of software analysis can be defined.
27:
Analysis of computer programs without executing them
2232:
2209:
2181:
2174:
2143:
2107:
2050:
2041:
1987:
1897:
1890:
1843:
1798:
1789:
1719:
1635:Brian Chess, Jacob West (Fortify Software) (2007).
717:(SAST) is also used. SAST is an important part of
1480:Evaluation and Assessment in Software Engineering
904:) plugin for the C language extended with ACSL (
1556:"Modular and verified automatic program repair"
1554:Logozzo, Francesco; Ball, Thomas (2012-11-15).
1213:"Infusion Pump Software Safety Research at FDA"
1673:"Abstract interpretation and static analysis,"
713:In the application security industry the name
1697:
1167:"Software Quality Objectives for Source Code"
558:
8:
1658:(1999 (corrected 2004) ed.). Springer.
1050:"Industrial Perspective on Static Analysis"
624:, and, in other cases, on some form of its
2355:
2345:
2178:
2047:
1894:
1795:
1704:
1690:
1682:
669:computer systems and locating potentially
565:
551:
29:
1609:
1431:. Embedded Systems Design. Archived from
978:Formal semantics of programming languages
1451:
1449:
814:, it is possible to prove that (for any
1637:Secure Programming with Static Analysis
1040:
694:Aviation software (in combination with
37:
1009:List of tools for static code analysis
810:By a straightforward reduction to the
519:Electrical and electronics engineering
918:or may be reduced to finite state by
7:
1395:Vijay D’Silva; et al. (2008).
1142:Information and Software Technology
715:static application security testing
25:
906:ANSI/ISO C Specification Language
445:Standards and bodies of knowledge
2354:
2344:
2335:
2334:
1780:
1343:Achim D. Brucker and Uwe Sodan.
1215:. Food and Drug Administration.
878:correctness of computer programs
1409:from the original on 2016-03-04
1377:from the original on 2013-12-28
1297:from the original on 2012-04-11
1239:"Computer based safety systems"
1219:from the original on 2010-09-01
719:Security Development Lifecycles
537:Outline of software development
1656:Principles of Program Analysis
914:, considers systems that have
1:
1154:10.1016/j.infsof.2017.08.012
1057:Software Engineering Journal
682:Food and Drug Administration
2058:Curry–Howard correspondence
1289:VDC Research (2012-02-01).
933:Data-driven static analysis
660:software quality objectives
2407:
1427:Jones, Paul (2010-02-09).
1024:Software quality assurance
882:SPARK programming language
776:
689:reactor protection systems
300:Software quality assurance
2330:
1778:
612:. In the last of these,
599:dynamic program analysis
285:Configuration management
2381:Static program analysis
1907:Abstract interpretation
1572:10.1145/2398857.2384626
1523:10.1145/2814270.2814309
1488:10.1145/3463274.3463808
1402:. Transactions On CAD.
1107:10.1145/2089125.2089126
973:Documentation generator
850:Abstract interpretation
805:abstract interpretation
731:Object Management Group
583:static program analysis
509:Artificial intelligence
1000:(now ISO 25000 series)
890:Java Modeling Language
793:denotational semantics
764:Mission/Business Level
433:Infrastructure as code
279:Supporting disciplines
1816:Categorical semantics
1095:ACM Computing Surveys
1069:10.1049/sej.1995.0010
951:automated remediation
801:operational semantics
618:software walkthroughs
606:program comprehension
290:Deployment management
2391:Software engineering
1762:Runtime verification
1517:. pp. 572–588.
902:weakest precondition
110:Paradigms and models
39:Software development
2019:Invariant inference
1767:Safety and liveness
1620:10.1109/MS.2008.130
1560:ACM SIGPLAN Notices
983:Formal verification
834:in the 1930s (see:
797:axiomatic semantics
656:reverse engineering
614:software inspection
33:Part of a series on
2183:Constraint solvers
2009:Concolic execution
1964:Symbolic execution
1772:Undefined behavior
1727:Control-flow graph
1639:. Addison-Wesley.
1461:www.slideshare.net
1350:2014-10-21 at the
1275:2013-10-06 at the
1251:on January 4, 2013
1211:FDA (2010-09-08).
1197:2011-06-05 at the
1172:2015-06-04 at the
926:Symbolic execution
864:Data-flow analysis
428:Release automation
305:Project management
2368:
2367:
2326:
2325:
2322:
2321:
2037:
2036:
1886:
1885:
1665:978-3-540-65410-0
1646:978-0-321-42477-8
1497:978-1-4503-9053-8
789:computer hardware
591:static simulation
575:
574:
466:ISO/IEC standards
16:(Redirected from
2398:
2386:Program analysis
2358:
2357:
2348:
2347:
2338:
2337:
2234:Proof assistants
2179:
2048:
1895:
1868:Rewriting system
1863:Process calculus
1796:
1784:
1713:Program analysis
1706:
1699:
1692:
1683:
1677:David A. Schmidt
1669:
1650:
1631:
1613:
1584:
1583:
1551:
1545:
1544:
1508:
1502:
1501:
1471:
1465:
1464:
1463:. 13 April 2015.
1453:
1444:
1443:
1441:
1440:
1435:on July 10, 2011
1424:
1418:
1417:
1415:
1414:
1408:
1401:
1392:
1386:
1385:
1383:
1382:
1376:
1369:
1361:
1355:
1341:
1335:
1325:
1319:
1312:
1306:
1305:
1303:
1302:
1293:. VDC Research.
1286:
1280:
1267:
1261:
1260:
1258:
1256:
1250:
1244:. Archived from
1243:
1234:
1228:
1227:
1225:
1224:
1208:
1202:
1187:
1181:
1164:
1158:
1157:
1133:
1127:
1126:
1086:
1080:
1079:
1077:
1071:. Archived from
1054:
1045:
1019:Software quality
747:Technology Level
735:software quality
696:dynamic analysis
678:Medical software
652:Software metrics
579:computer science
567:
560:
553:
514:Computer science
423:Build automation
30:
21:
2406:
2405:
2401:
2400:
2399:
2397:
2396:
2395:
2371:
2370:
2369:
2364:
2318:
2228:
2205:
2170:
2144:Data structures
2139:
2103:
2033:
2024:Program slicing
1983:
1882:
1853:Lambda calculus
1839:
1785:
1776:
1737:Hyperproperties
1715:
1710:
1666:
1653:
1647:
1634:
1611:10.1.1.187.8985
1595:
1592:
1590:Further reading
1587:
1566:(10): 133–146.
1553:
1552:
1548:
1533:
1510:
1509:
1505:
1498:
1473:
1472:
1468:
1455:
1454:
1447:
1438:
1436:
1426:
1425:
1421:
1412:
1410:
1406:
1399:
1394:
1393:
1389:
1380:
1378:
1374:
1367:
1363:
1362:
1358:
1352:Wayback Machine
1342:
1338:
1326:
1322:
1313:
1309:
1300:
1298:
1288:
1287:
1283:
1277:Wayback Machine
1268:
1264:
1254:
1252:
1248:
1241:
1237:
1235:
1231:
1222:
1220:
1210:
1209:
1205:
1199:Wayback Machine
1188:
1184:
1174:Wayback Machine
1165:
1161:
1135:
1134:
1130:
1101:(2): 6:1–6:42.
1088:
1087:
1083:
1075:
1052:
1047:
1046:
1042:
1038:
1033:
1004:Lint (software)
963:
947:
935:
836:Halting problem
816:Turing complete
812:halting problem
781:
775:
727:
667:safety-critical
634:
587:static analysis
585:(also known as
571:
542:
541:
532:
524:
523:
504:
496:
495:
446:
438:
437:
388:
378:
377:
323:
315:
314:
310:User experience
280:
272:
271:
162:
151:
150:
111:
103:
102:
48:
47:Core activities
28:
23:
22:
18:Static analyzer
15:
12:
11:
5:
2404:
2402:
2394:
2393:
2388:
2383:
2373:
2372:
2366:
2365:
2363:
2362:
2352:
2342:
2331:
2328:
2327:
2324:
2323:
2320:
2319:
2317:
2316:
2311:
2306:
2301:
2296:
2291:
2286:
2285:
2284:
2274:
2269:
2264:
2259:
2254:
2249:
2244:
2238:
2236:
2230:
2229:
2227:
2226:
2221:
2215:
2213:
2207:
2206:
2204:
2203:
2198:
2193:
2187:
2185:
2176:
2172:
2171:
2169:
2168:
2163:
2158:
2153:
2147:
2145:
2141:
2140:
2138:
2137:
2132:
2127:
2122:
2117:
2111:
2109:
2105:
2104:
2102:
2101:
2096:
2095:
2094:
2084:
2075:
2070:
2065:
2063:Loop invariant
2060:
2054:
2052:
2045:
2043:Formal methods
2039:
2038:
2035:
2034:
2032:
2031:
2026:
2021:
2016:
2011:
2006:
2005:
2004:
2002:Taint tracking
1993:
1991:
1985:
1984:
1982:
1981:
1976:
1971:
1966:
1961:
1956:
1951:
1949:Model checking
1946:
1941:
1936:
1931:
1926:
1925:
1924:
1914:
1909:
1903:
1901:
1892:
1888:
1887:
1884:
1883:
1881:
1880:
1878:Turing machine
1875:
1870:
1865:
1860:
1855:
1849:
1847:
1841:
1840:
1838:
1837:
1836:
1835:
1830:
1820:
1819:
1818:
1808:
1802:
1800:
1793:
1787:
1786:
1779:
1777:
1775:
1774:
1769:
1764:
1759:
1757:Rice's theorem
1754:
1749:
1747:Path explosion
1744:
1739:
1734:
1729:
1723:
1721:
1717:
1716:
1711:
1709:
1708:
1701:
1694:
1686:
1680:
1679:
1670:
1664:
1651:
1645:
1632:
1591:
1588:
1586:
1585:
1546:
1531:
1503:
1496:
1466:
1445:
1419:
1387:
1356:
1336:
1333:978-0735622142
1320:
1307:
1281:
1262:
1229:
1203:
1182:
1159:
1128:
1081:
1078:on 2011-09-27.
1039:
1037:
1034:
1032:
1031:
1026:
1021:
1016:
1014:Shape analysis
1011:
1006:
1001:
995:
990:
985:
980:
975:
970:
964:
962:
959:
946:
943:
934:
931:
930:
929:
923:
912:Model checking
909:
900:, Frama-C WP (
867:
861:
854:incompleteness
840:Rice's theorem
779:Formal methods
777:Main article:
774:
773:Formal methods
771:
770:
769:
765:
758:
757:
754:
751:
748:
745:
742:
726:
723:
707:
706:
699:
692:
685:
646:formal methods
633:
630:
573:
572:
570:
569:
562:
555:
547:
544:
543:
540:
539:
533:
530:
529:
526:
525:
522:
521:
516:
511:
505:
502:
501:
498:
497:
494:
493:
488:
483:
478:
473:
468:
463:
458:
456:IEEE standards
453:
447:
444:
443:
440:
439:
436:
435:
430:
425:
420:
415:
410:
405:
400:
395:
389:
384:
383:
380:
379:
376:
375:
370:
365:
360:
355:
350:
345:
340:
335:
330:
324:
321:
320:
317:
316:
313:
312:
307:
302:
297:
292:
287:
281:
278:
277:
274:
273:
270:
269:
264:
259:
254:
249:
244:
239:
234:
229:
224:
219:
214:
209:
204:
199:
194:
189:
184:
179:
174:
169:
163:
161:and frameworks
157:
156:
153:
152:
149:
148:
143:
138:
133:
128:
123:
118:
112:
109:
108:
105:
104:
101:
100:
95:
90:
85:
80:
75:
70:
65:
60:
55:
49:
46:
45:
42:
41:
35:
34:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
2403:
2392:
2389:
2387:
2384:
2382:
2379:
2378:
2376:
2361:
2353:
2351:
2343:
2341:
2333:
2332:
2329:
2315:
2312:
2310:
2307:
2305:
2302:
2300:
2297:
2295:
2292:
2290:
2287:
2283:
2280:
2279:
2278:
2275:
2273:
2270:
2268:
2265:
2263:
2260:
2258:
2255:
2253:
2250:
2248:
2245:
2243:
2240:
2239:
2237:
2235:
2231:
2225:
2222:
2220:
2217:
2216:
2214:
2212:
2208:
2202:
2199:
2197:
2194:
2192:
2189:
2188:
2186:
2184:
2180:
2177:
2173:
2167:
2164:
2162:
2159:
2157:
2154:
2152:
2149:
2148:
2146:
2142:
2136:
2133:
2131:
2128:
2126:
2123:
2121:
2120:Incorrectness
2118:
2116:
2113:
2112:
2110:
2106:
2100:
2097:
2093:
2090:
2089:
2088:
2087:Specification
2085:
2083:
2079:
2076:
2074:
2071:
2069:
2066:
2064:
2061:
2059:
2056:
2055:
2053:
2049:
2046:
2044:
2040:
2030:
2027:
2025:
2022:
2020:
2017:
2015:
2012:
2010:
2007:
2003:
2000:
1999:
1998:
1995:
1994:
1992:
1990:
1986:
1980:
1977:
1975:
1972:
1970:
1967:
1965:
1962:
1960:
1957:
1955:
1952:
1950:
1947:
1945:
1942:
1940:
1939:Effect system
1937:
1935:
1932:
1930:
1927:
1923:
1920:
1919:
1918:
1915:
1913:
1910:
1908:
1905:
1904:
1902:
1900:
1896:
1893:
1889:
1879:
1876:
1874:
1873:State machine
1871:
1869:
1866:
1864:
1861:
1859:
1856:
1854:
1851:
1850:
1848:
1846:
1842:
1834:
1831:
1829:
1826:
1825:
1824:
1821:
1817:
1814:
1813:
1812:
1809:
1807:
1804:
1803:
1801:
1797:
1794:
1792:
1788:
1783:
1773:
1770:
1768:
1765:
1763:
1760:
1758:
1755:
1753:
1750:
1748:
1745:
1743:
1740:
1738:
1735:
1733:
1730:
1728:
1725:
1724:
1722:
1718:
1714:
1707:
1702:
1700:
1695:
1693:
1688:
1687:
1684:
1678:
1674:
1671:
1667:
1661:
1657:
1652:
1648:
1642:
1638:
1633:
1629:
1625:
1621:
1617:
1612:
1607:
1603:
1599:
1598:IEEE Software
1594:
1593:
1589:
1581:
1577:
1573:
1569:
1565:
1561:
1557:
1550:
1547:
1542:
1538:
1534:
1532:9781450336895
1528:
1524:
1520:
1516:
1515:
1507:
1504:
1499:
1493:
1489:
1485:
1481:
1477:
1470:
1467:
1462:
1458:
1452:
1450:
1446:
1434:
1430:
1423:
1420:
1405:
1398:
1391:
1388:
1373:
1366:
1360:
1357:
1353:
1349:
1346:
1340:
1337:
1334:
1330:
1324:
1321:
1318:
1311:
1308:
1296:
1292:
1285:
1282:
1278:
1274:
1271:
1266:
1263:
1247:
1240:
1233:
1230:
1218:
1214:
1207:
1204:
1200:
1196:
1193:
1192:
1186:
1183:
1179:
1175:
1171:
1168:
1163:
1160:
1155:
1151:
1147:
1143:
1139:
1132:
1129:
1124:
1120:
1116:
1112:
1108:
1104:
1100:
1096:
1092:
1085:
1082:
1074:
1070:
1066:
1062:
1058:
1051:
1044:
1041:
1035:
1030:
1027:
1025:
1022:
1020:
1017:
1015:
1012:
1010:
1007:
1005:
1002:
999:
996:
994:
991:
989:
986:
984:
981:
979:
976:
974:
971:
969:
966:
965:
960:
958:
956:
952:
944:
942:
940:
932:
927:
924:
921:
917:
913:
910:
907:
903:
899:
895:
891:
887:
884:(a subset of
883:
879:
875:
874:formal system
871:
868:
865:
862:
859:
855:
851:
848:
847:
846:
843:
841:
837:
833:
829:
825:
821:
817:
813:
808:
806:
802:
798:
794:
790:
786:
780:
772:
766:
763:
762:
761:
755:
752:
749:
746:
743:
740:
739:
738:
736:
732:
724:
722:
720:
716:
711:
705:, section 8).
704:
700:
697:
693:
690:
686:
683:
679:
676:
675:
674:
672:
668:
663:
661:
657:
653:
649:
647:
643:
639:
631:
629:
627:
623:
619:
615:
611:
607:
602:
600:
596:
592:
588:
584:
580:
568:
563:
561:
556:
554:
549:
548:
546:
545:
538:
535:
534:
528:
527:
520:
517:
515:
512:
510:
507:
506:
500:
499:
492:
489:
487:
484:
482:
479:
477:
474:
472:
469:
467:
464:
462:
459:
457:
454:
452:
449:
448:
442:
441:
434:
431:
429:
426:
424:
421:
419:
416:
414:
411:
409:
406:
404:
401:
399:
396:
394:
391:
390:
387:
382:
381:
374:
371:
369:
366:
364:
361:
359:
356:
354:
351:
349:
346:
344:
341:
339:
336:
334:
331:
329:
326:
325:
319:
318:
311:
308:
306:
303:
301:
298:
296:
295:Documentation
293:
291:
288:
286:
283:
282:
276:
275:
268:
265:
263:
260:
258:
255:
253:
250:
248:
245:
243:
240:
238:
235:
233:
230:
228:
225:
223:
220:
218:
215:
213:
210:
208:
205:
203:
200:
198:
195:
193:
190:
188:
185:
183:
180:
178:
175:
173:
170:
168:
165:
164:
160:
159:Methodologies
155:
154:
147:
144:
142:
139:
137:
134:
132:
129:
127:
124:
122:
119:
117:
114:
113:
107:
106:
99:
96:
94:
91:
89:
86:
84:
81:
79:
76:
74:
71:
69:
66:
64:
61:
59:
56:
54:
53:Data modeling
51:
50:
44:
43:
40:
36:
32:
31:
19:
2282:Isabelle/HOL
2099:Verification
2082:completeness
1974:Type systems
1917:Control flow
1898:
1811:Denotational
1752:Polyvariance
1720:Key concepts
1655:
1636:
1604:(5): 22–29.
1601:
1597:
1563:
1559:
1549:
1513:
1506:
1479:
1469:
1460:
1437:. Retrieved
1433:the original
1422:
1411:. Retrieved
1390:
1379:. Retrieved
1359:
1339:
1323:
1310:
1299:. Retrieved
1284:
1265:
1253:. Retrieved
1246:the original
1232:
1221:. Retrieved
1206:
1190:
1185:
1177:
1162:
1145:
1141:
1131:
1098:
1094:
1084:
1073:the original
1063:(2): 69–75.
1060:
1056:
1043:
954:
948:
936:
916:finite state
857:
853:
844:
809:
782:
759:
753:System Level
728:
712:
708:
664:
659:
650:
635:
603:
590:
586:
582:
576:
413:UML Modeling
408:GUI designer
73:Construction
63:Requirements
2211:Lightweight
2073:Side effect
1969:Termination
1823:Operational
1732:Correctness
945:Remediation
920:abstraction
892:—JML—using
870:Hoare logic
820:undecidable
638:source code
626:object code
622:source code
610:code review
131:Prototyping
126:Incremental
98:Maintenance
78:Engineering
2375:Categories
2166:Union-find
2130:Separation
2068:Refinement
1934:Dependence
1833:Small-step
1742:Invariants
1439:2010-09-09
1413:2015-05-11
1381:2013-10-18
1301:2012-04-10
1223:2010-09-09
1036:References
968:Code audit
888:) and the
741:Unit Level
725:Tool types
671:vulnerable
503:Glossaries
93:Deployment
2262:HOL Light
2092:Languages
2078:Soundness
1997:Data-flow
1979:Typestate
1929:Data-flow
1858:Petri net
1806:Axiomatic
1791:Semantics
1606:CiteSeerX
1580:0362-1340
1148:: 45–57.
1115:0360-0300
1029:SonarQube
993:ISO 26262
898:ESC/Java2
729:The OMG (
703:ISO 26262
680:: The US
644:tool) to
632:Rationale
593:) is the
322:Practices
146:Waterfall
121:Cleanroom
88:Debugging
58:Processes
2360:Glossary
2340:Category
2277:Isabelle
2161:Hashcons
2135:Temporal
2051:Concepts
1891:Analyses
1828:Big-step
1628:20646690
1541:13940725
1404:Archived
1372:Archived
1348:Archived
1295:Archived
1273:Archived
1217:Archived
1195:Archived
1170:Archived
998:ISO 9126
961:See also
894:ESC/Java
785:software
595:analysis
531:Outlines
461:ISO 9001
403:Profiler
398:Debugger
393:Compiler
368:Stand-up
2350:Outline
2156:E-graph
2029:Testing
2014:Fuzzing
1989:Dynamic
1954:Pointer
1255:May 15,
1176:(PDF).
1123:1863333
955:cccheck
202:Lean SD
141:V model
83:Testing
2125:Linear
2108:Logics
1944:Escape
1899:Static
1845:Models
1662:
1643:
1626:
1608:
1578:
1539:
1529:
1494:
1331:
1121:
1113:
939:GitHub
832:Turing
824:Church
803:, and
476:SWEBOK
197:Kanban
172:DevOps
136:Spiral
68:Design
2314:Twelf
2304:NuPRL
2299:Mizar
2272:Idris
2219:Alloy
2175:Tools
2115:Hoare
1959:Shape
1912:Alias
1799:Types
1624:S2CID
1537:S2CID
1407:(PDF)
1400:(PDF)
1375:(PDF)
1368:(PDF)
1249:(PDF)
1242:(PDF)
1119:S2CID
1076:(PDF)
1053:(PDF)
988:FX-87
858:sound
828:Gödel
787:(and
608:, or
471:PMBOK
386:Tools
247:SEMAT
242:Scrum
116:Agile
2294:LEGO
2289:Lean
2267:HOL4
2247:Agda
2242:ACL2
2224:TLA+
2080:and
1922:kCFA
1660:ISBN
1641:ISBN
1576:ISSN
1527:ISBN
1492:ISBN
1329:ISBN
1257:2013
1111:ISSN
908:) ).
896:and
872:, a
838:and
830:and
654:and
642:lint
616:and
486:IREB
481:ITIL
451:CMMI
328:ATDD
237:SAFe
207:LeSS
182:DSDM
2309:PVS
2252:Coq
2201:SMT
2196:SAT
2191:CHC
2151:BDD
1616:doi
1568:doi
1519:doi
1484:doi
1150:doi
1103:doi
1065:doi
886:Ada
589:or
577:In
491:OMG
418:IDE
373:TDD
363:SBE
353:DDD
338:CCO
333:BDD
257:TSP
252:TDD
232:RUP
227:RAD
222:PSP
217:MSF
212:MDD
192:IID
187:FDD
177:DAD
167:ASD
2377::
2257:F*
1622:.
1614:.
1602:25
1600:.
1574:.
1564:47
1562:.
1558:.
1535:.
1525:.
1490:.
1478:.
1459:.
1448:^
1370:.
1146:93
1144:.
1140:.
1117:.
1109:.
1099:44
1097:.
1093:.
1061:10
1059:.
1055:.
957:.
826:,
807:.
799:,
795:,
698:).
662:.
628:.
581:,
358:PP
348:CD
343:CI
267:XP
262:UP
1705:e
1698:t
1691:v
1668:.
1649:.
1630:.
1618::
1582:.
1570::
1543:.
1521::
1500:.
1486::
1442:.
1416:.
1384:.
1304:.
1259:.
1226:.
1156:.
1152::
1125:.
1105::
1067::
922:;
691:.
566:e
559:t
552:v
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.