liu.seSearch for publications in DiVA
Change search
Link to record
Permanent link

Direct link
BETA
Nilsson, Ulf
Publications (10 of 26) Show all publications
Emanuelsson, P. & Nilsson, U. (2008). A Comparative Study of Industrial Static Analysis Tools. Electronical Notes in Theoretical Computer Science, 217
Open this publication in new window or tab >>A Comparative Study of Industrial Static Analysis Tools
2008 (English)In: Electronical Notes in Theoretical Computer Science, ISSN 1571-0661, E-ISSN 1571-0661, Vol. 217Article in journal (Refereed) Published
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-40840 (URN)10.1016/j.entcs.2008.06.039 (DOI)54292 (Local ID)54292 (Archive number)54292 (OAI)
Available from: 2009-10-10 Created: 2009-10-10 Last updated: 2018-01-13
Emanuelsson, P. & Nilsson, U. (2008). A Comparative Study of Industrial Static Analysis Tools (extended version). Linköping: Linköping University Electronic Press
Open this publication in new window or tab >>A Comparative Study of Industrial Static Analysis Tools (extended version)
2008 (English)Report (Other academic)
Abstract [en]

Almost all software contains defects. Some defects are found easily while others are never found, typically because they emerge seldom or not at all. Some defects that emerge relatively often even go unnoticed simply because they are not perceived as errors or are not suffciently severe. Software defects may give rise to several types of errors, ranging from logical/functional ones (the program sometimes computes incorrect values) to runtime errors (the program typically crashes), or resource leaks (performance of the program degrades possibly until the program freezes or crashes). Programs may also contain subtle security vulnerabilities that can be exploited by malicious attackers to gain control over computers.    Fixing defects that suddenly emerge can be extremely costly in particular if found at the end of the development cycle, or worse: after deployment. Many simple defects in modern programming languages can be found by modern compilers, e.g. in statically typed languages. But the predominating method for finding defects is testing. Testing has the potential of finding most types of defects, however, testing is costly and no amount of testing will find all defects. Testing is also problematic because it can be applied only to executable code, i.e. rather late in the development process. Alternatives to testing, such as data°ow analysis and formal verification, have been known since the 1970s but have not gained widespread acceptance outside academia|that is, until recently; lately several commercial tools for detecting runtime error conditions at compile time have emerged. The tools build on static analysis and can be used to find runtime errors as well as resource leaks and even some security vulnerabilities statically, i.e. without executing the code. This paper is a survey and comparison of three market leading static analysis tools: PolySpace Verifier, Coverity Prevent and Klocwork K7. The list is by no means exhaustive, and the list of competitors is steadily increasing, but the three tools represent state-of-the-art in the field at the moment.

The main objective of this study is (1) to identify significant static analysis functionality provided by the tools, but not addressed in a normal compiler, and (2) to survey the underlying supporting technology. The goal is not to provide a ranking of the tools; nor is it to provide a comprehensive survey of all functionality provided by the tools. Providing such a ranking is problematic for at least two reasons: Static analysis is generally only part of the functionality provided by the tool; for instance, Klocwork K7 supports both refactoring and software metrics which are not supported by the two other tools. Even if restricting attention only to static analysis functionality the tools provide largely non-overlapping functionality. Secondly, even when the tools seemingly provide the same functionality (e.g. detection of dereferencing of null pointers) their solutions are often not comparable; each tool typically finds defects which are not found by any of the other tools.

Studying the internals of commercial and proprietary tools is not without problems|in particular, it is impossible to get full information about technical solutions. However, some technical information is publicly available in manuals and white papers; some of the tools also originate from academic tools which have been extensively described in research journals and conference proceedings. While technical solutions may have changed since then, we believe that such information is still largely valid. We have also consulted representatives from all three providers with the purpose to validate our descriptions of the tools. Still it must be pointed out that the descriptions of suggested technical solutions is subject to a certain amount of guessing in some respects.

The rest of the report is organized as follows: In Section 2 we define what we mean by the term static analysis and survey some elementary concepts and preconditions; in particular, the trade off between precision and analysis time. Section 3 contains a description of basic principles of static analysis. In Sections 4{6 we survey the static analysis functionality provided by PolySpace Verifier/Desktop, Coverity Prevent and Klocwork K7 focusing in particular on the support for the C and C++ programming languages. Section 7 addresses the complementary issue of programming guidelines such as those of The Motor Software Reliability Association (MISRA). Section 8 contains a qualitative comparison of the three tools summing up their relative merits and shortcomings. The section also surveys several industrial evaluations of the tools over time at Ericsson, in particular involving the products from Coverity and Klocwork. Section 9 contains conclusions.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2008. p. 34
Series
Technical reports in Computer and Information Science, ISSN 1654-7233 ; 3
National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-58013 (URN)
Available from: 2010-07-16 Created: 2010-07-16 Last updated: 2010-08-12Bibliographically approved
Lawesson, D., Nilsson, U. & Klein, I. (2005). An Approach to Post Mortem Diagnosability Analysis for Interacting Finite State Systems. In: Proceedings of the 3rd Workshop on Model Checking and Artificial Intelligence (MoChArt '05). Paper presented at 3rd Workshop on Model Checking and Artificial Intelligence (MoChArt '05), San Francisco, CA, USA, August, 2005 (pp. 139-153). , 149(2)
Open this publication in new window or tab >>An Approach to Post Mortem Diagnosability Analysis for Interacting Finite State Systems
2005 (English)In: Proceedings of the 3rd Workshop on Model Checking and Artificial Intelligence (MoChArt '05), 2005, Vol. 149, no 2, p. 139-153Conference paper, Published paper (Refereed)
Abstract [en]

We present a model based approach to diagnosability analysis for interacting ¯nitestate systems where fault isolation is deferred until the system comes to a stand-still. Local abstractions of the system model are used to alleviate the state spaceexplosion. Pairs of closely coupled automata are merged and replaced by a sin-gle automaton with an equivalently behavior as seen from the rest of the system;interaction between the merged automata is internalized and the new equivalentautomaton is subsequently abstracted from internal behavior irrelevant to fault iso-lation. In moderately concurrent systems these steps can often be iterated until thesystem consists of a single automaton providing a compact encoding of all possiblefault scenarios of the original model. We illustrate how the resulting abstractioncan be used as a basis for post mortem diagnosability analysis.

Keywords
Diagnosability analysis, Fault isolation, Local abstraction, Discrete event systems
National Category
Computer Sciences Control Engineering
Identifiers
urn:nbn:se:liu:diva-32435 (URN)10.1016/j.entcs.2005.07.031 (DOI)18337 (Local ID)18337 (Archive number)18337 (OAI)
Conference
3rd Workshop on Model Checking and Artificial Intelligence (MoChArt '05), San Francisco, CA, USA, August, 2005
Available from: 2009-10-09 Created: 2009-10-09 Last updated: 2018-01-13
Andersson, K., Lindblad, E., Mårdsjö Blume, K., Nilsson, U., Philipsson, A. & Sundkvist, M. (2005). Livet som doktorand vid Linköpings universitet: Resultat från en enkätundersökning våren 2004. Linköping: Linköping University Electronic Press
Open this publication in new window or tab >>Livet som doktorand vid Linköpings universitet: Resultat från en enkätundersökning våren 2004
Show others...
2005 (Swedish)Report (Other academic)
Abstract [sv]

I maj 2004 genomfördes en enkätundersökning som riktades till alla doktorander vid Linköpings universitet. De frågeområden som enkäten behandlade inkluderade doktorandens bakgrund och nuvarande status; handledningssituationen samt forsknings- och arbetsmiljö; upplevd särbehandling; forskarutbildningskurser och seminarier; pedagogisk utveckling och undervisning, samt ett antal frågor om hur doktoranden såg på sin forskarutbildning, sin egen insats och på framtiden. Dessutom fanns möjlighet att i fritext ange vad som var positivt respektive negativt med utbildningen, samt att ge förslag på vad som borde förändras och bevaras.

Enkäten sändes till de cirka 1 360 personer vars e-postadresser var tillgängliga. Närmare 70 %, eller över 900 personer, svarade på enkäten; i ungefär samma omfattning på samtliga fakulteter. Ungefär 5 % uppgav inte någon fakultetstillhörighet. Cirka 45 % av de svarande angav att de var kvinnor, medan 52 % angav att de var män. Det var dock stora variationer i könsfördelningen på fakultetsnivå. Kvinnornas medianålder var något högre än männens, och åldersspridningen var störst på Hälsouniversitetet (HU). Doktoranderna vid Linköpings tekniska högskola (LiTH) var i genomsnitt yngst och en mindre andel av dem, jämfört med övriga, hade hemmavarande barn. Det var en högre andel kvinnor än män som hade hemmavarande barn. Ungefär tre av fyra bodde i Norrköping eller Linköping; en högre andel på LiTH, och en lägre andel på Filosofisk fakultet (Fil fak) och Utbildningsvetenskap (UV).

Drygt hälften av alla som svarade på frågan hade genomfört hälften eller mindre av sin forskarutbildning. Att vara antagen till licentiatexamen var betydligt vanligare på LiTH (ca 12 %) än på övriga fakulteter. Drygt en fjärdedel av de svarande deltog i någon forskarskola. Det vanligast skälet till att ha gjort ett längre uppehåll var föräldraledighet (8 %) följt av förvärvsarbete (5 %).

Den vanligaste formen av försörjning var doktorandanställning, men det fanns stora skillnader mellan fakulteterna/motsvarande. HU hade lägst andel. En tredjedel av doktoranderna där hade istället klinisk tjänst. Drygt 80 % av de forskarstuderande vid LiTH hade doktorandanställning. Att enbart ha utbildningsbidrag var sällsynt på samtliga fakulteter, medan kombinationen utbildningsbidrag och assistenttjänst förekom; och då mest frekvent vid HU (drygt 12 %). Den vanligaste uppgivna aktivitetsgraden oavsett fakultet var mellan 90 och 100 % (cirka 25 % av de svarande) medan det på HU fanns en andel – nära 20 % – med mycket låg aktivitetsgrad (0–10 %).

Doktoranderna var tämligen nöjda med sin utbildning. På en femgradig skala där 5 stod för ”mycket bra” och 1 ”mycket dålig” hamnade medelbetyget på forskarutbildningen på 3,65. Doktoranderna på Filosofisk fakultet och LiTH satte ett något högre betyg, men variationerna mellan fakulteterna var små. Betyget på den egna insatsen sattes av de allra flesta något lägre, medelvärdet var 3,60 på samma skala. De mer detaljerade frågorna om handledning och avhandlingsarbete hade i flera fall högre medelvärde: Handledarens intresse för doktorandens forskning, handledarens läsning av texter, förekomsten av konstruktiv kritik och doktorandens förtroende för handledaren låg nära värdet 4 på den femgradiga skalan. Lägre medelvärden gavs på frågan om handledaren underlättar för doktoranden att få kontakt med andra forskare. Tiden som användes för handledning skiftade en del mellan fakulteterna, men sammanfattningsvis fick cirka 80 % av alla doktorander 1–10 timmar handledning per månad. Filosofisk fakultet och Utbildningsvetenskap hamnade oftare i den nedre delen av intervallet och LiTH samt HU i den högre delen. Uppfattningen att tiden som gavs svarade mot behovet skiftade. Mest nöjda med tidens omfattning var doktoranderna på Utbildningsvetenskap; minst nöjd var man på LiTH.

På frågorna om forskarutbildningskurser hamnade medelvärdena lägre än på frågorna om handledning. Det var liten skillnad mellan forskarskoledoktorander och övriga på dessa frågor.

Rent allmänt var alla mycket nöjda med sin forsknings- och arbetsmiljö. Genomgående fick frågorna inom det området högt medelbetyg, med undantag för dem som rörde tillgången till nationella och framför allt internationella forskarnätverk. Den sociala miljön i doktorandgruppen skattades högre än densamma på institutionen i sin helhet.

Enkäten innehöll även frågor om upplevd positiv och negativ särbehandling. Cirka 50 personer, med få undantag kvinnor, instämde i att de upplevt negativ särbehandling på grund av kön (svarade 4 eller 5 på den femgradiga skalan). Ingen fakultet utmärkte sig i detta avseende.

Institutioner med en jämn könsfördelning föreföll ha färre fall av upplevd negativ särbehandling. De som upplevt negativ särbehandling på grund av etnisk bakgrund, sexuell läggning eller social bakgrund var färre till antalet. Även positiv särbehandling hade upplevts – antalet svar var av samma storleksordning som för negativ särbehandling. Spridningen över fakulteter och institutioner var även här stor.

Efter disputationen kunde ungefär 70 % tänka sig en postdoc-period utomlands. Huvudskälet till att inte vilja åka var vanligen hänsyn till familjen, det vill säga situationen för barn och partner. Omkring hälften såg sina möjligheter som goda eller mycket goda att få ett arbete direkt efter examen.

Place, publisher, year, edition, pages
Linköping: Linköping University Electronic Press, 2005. p. 75
Series
Linköping Electronic Articles on Academic Policies and Trends, ISSN 1402-0319, E-ISSN 1651-3304 ; 6
National Category
Social Sciences
Identifiers
urn:nbn:se:liu:diva-61348 (URN)91-85299-84-7 (ISBN)
Available from: 2010-11-15 Created: 2010-11-15 Last updated: 2018-02-19Bibliographically approved
Ducassé, M., Nilsson, U. & Seipel, D. (2004). Proceedings of the First International Workshop on Teaching Logic Programming: TeachLP 2004.
Open this publication in new window or tab >>Proceedings of the First International Workshop on Teaching Logic Programming: TeachLP 2004
2004 (English)Book (Other academic)
Abstract [en]

Following the panel discussion at the International Conference on Logic Programming 2003 in Mumbai, India, the first international workshop on Teaching Logic Programming, TeachLP 2004, was held in Saint Malo, France, on 8–9 September 2004. The meeting ran as a workshop in conjunction with the 2004 International Conference on Logic Programming, held on September 6–10, 2004.

Logic Programming (LP) and Constraint Logic Programming (CLP) are powerful programming paradigms, but hard to learn without sufficient assistance. To further spread the technology it should be taught to a broader range of computer science students. The aim of the workshop was to investigate what is currently taught and how; what should be taught and why.

Publisher
p. 94
Series
Linköping electronic conference proceedings, ISSN 1650-3740 ; 12
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-23070 (URN)2459 (Local ID)2459 (Archive number)2459 (OAI)
Available from: 2009-10-07 Created: 2009-10-07 Last updated: 2018-01-13Bibliographically approved
Lawesson, D., Nilsson, U. & Klein, I. (2003). Fault Isolation in Discrete Event Systems by Obervational Abstraction. In: IEEE Conf on Decision and Control CDC,2003.
Open this publication in new window or tab >>Fault Isolation in Discrete Event Systems by Obervational Abstraction
2003 (English)In: IEEE Conf on Decision and Control CDC,2003, 2003Conference paper, Published paper (Refereed)
National Category
Computer Sciences
Identifiers
urn:nbn:se:liu:diva-22119 (URN)1221 (Local ID)1221 (Archive number)1221 (OAI)
Available from: 2009-10-07 Created: 2009-10-07 Last updated: 2018-01-13
Lawesson, D., Nilsson, U. & Klein, I. (2003). Fault Isolation in Discrete Event Systems by Observational Abstraction. In: Proceedings of the 42nd IEEE Conference on Decision and Control. Paper presented at 42nd IEEE Conference on Decision and Control, Maui, HI, USA, December, 2003 (pp. 5118-5123 vol.5).
Open this publication in new window or tab >>Fault Isolation in Discrete Event Systems by Observational Abstraction
2003 (English)In: Proceedings of the 42nd IEEE Conference on Decision and Control, 2003, p. 5118-5123 vol.5Conference paper, Published paper (Refereed)
Abstract [en]

We propose a method for fault isolation in discrete event systems such as object oriented control systems, where the observations are the logged error messages. The method is based on automatic abstraction that preserves only the behavior relevant to fault isolation. In this way we avoid the state space explosion, and a model checker can be used to reason about the temporal properties of the system. The result is a fault isolation table that maps possible error logs to isolated faults, and fault isolation thus reduces to table lookup. The fault isolation table can also be used as an analysis tool at the design level to find both faults that cannot be isolated as well as redundant error messages.

Keywords
Fault isolation, Automatic abstraction, Discrete event dynamical systems
National Category
Engineering and Technology Control Engineering
Identifiers
urn:nbn:se:liu:diva-61717 (URN)10.1109/CDC.2003.1272448 (DOI)0-7803-7924-1 (ISBN)
Conference
42nd IEEE Conference on Decision and Control, Maui, HI, USA, December, 2003
Available from: 2010-11-17 Created: 2010-11-17 Last updated: 2013-03-29
Klein, I., Lawesson, D. & Nilsson, U. (2003). Fault Isolation Using Automatic Abstraction To Avoid State Space Explosion. In: Proceedings of the 2003 Workshop on Model Checking and Artificial Intelligence. Paper presented at 2003 Workshop on Model Checking and Artificial Intelligence, Acapulco, Mexico, August, 2003.
Open this publication in new window or tab >>Fault Isolation Using Automatic Abstraction To Avoid State Space Explosion
2003 (English)In: Proceedings of the 2003 Workshop on Model Checking and Artificial Intelligence, 2003Conference paper, Published paper (Refereed)
Abstract [en]

We propose a fault isolation scheme based on model-checking in order to reason about temporal properties of loosely coupled systems of concurrent processes. To address the problem of state space explosion we advocate an automatic abstraction technique based on a notion of observational equivalence. We statically analyze a system and construct a total function from possible message logs to isolated faults. Thus, fault isolation reduces to table lookup. Tables can be used at design time to find non-diagnosable failures of the system as well as redundant error messages.

Keywords
Faul isolation, Model checking
National Category
Engineering and Technology Control Engineering
Identifiers
urn:nbn:se:liu:diva-61714 (URN)
Conference
2003 Workshop on Model Checking and Artificial Intelligence, Acapulco, Mexico, August, 2003
Available from: 2010-11-17 Created: 2010-11-17 Last updated: 2013-04-10
Klein, I., Lawesson, D. & Nilsson, U. (2003). Model Checking Based Fault Isolation Using Automatic Abstraction. In: Proceedings of the 14th International Workshop on Principles of Diagnosis: . Paper presented at 14th International Workshop on Principles of Diagnosis, Washington, DC, USA, June, 2003 (pp. 113-118).
Open this publication in new window or tab >>Model Checking Based Fault Isolation Using Automatic Abstraction
2003 (English)In: Proceedings of the 14th International Workshop on Principles of Diagnosis, 2003, p. 113-118Conference paper, Published paper (Refereed)
Abstract [en]

We propose a fault isolation scheme based on model checking in order to reason about temporal properties of loosely coupled systems of concurrent processes. To address the problem of state space explosion we advocate an automatic abstraction technique based on a notion of observational equivalence. We statically analyze a system and construct a total function from possible message logs to isolated faults. Thus, fault isolation reduces to table lookup. Tables can be used at design time to find non-diagnosable failures of the system as well as redundant error messages.

Keywords
Fault isolation, Automatic abstraction, Model checking
National Category
Control Engineering
Identifiers
urn:nbn:se:liu:diva-61726 (URN)
Conference
14th International Workshop on Principles of Diagnosis, Washington, DC, USA, June, 2003
Available from: 2010-11-17 Created: 2010-11-17 Last updated: 2013-08-29
Dell'Acqua, P., Nilsson, U. & Pereira, L. (2002). A logic based asynchronous multi-agent system. , 70(5)
Open this publication in new window or tab >>A logic based asynchronous multi-agent system
2002 (English)Conference paper, Published paper (Other academic)
Abstract [en]

We present a logic programming based asynchronous multi-agent system in which agents can communicate with one another, update themselves and each other, abduce hypotheses to explain observations, and use them to generate actions. The knowledge base of the agents is comprised of generalized logic programs, integrity constraints, active rules, and of abducibles. We characterize the interaction among agents via an asynchronous transition rule system, and provide a stable models based semantics. An example is developed to illustrate how our approach works. © 2002 Published by Elsevier Science B.V.

National Category
Engineering and Technology
Identifiers
urn:nbn:se:liu:diva-46898 (URN)10.1016/S1571-0661(04)80589-9 (DOI)
Available from: 2009-10-11 Created: 2009-10-11 Last updated: 2011-01-04
Organisations

Search in DiVA

Show all publications