4 Finding Format String Bugs

In Section 2 we described the basic workings of the cqual tool. In this section we discuss extensions to make the basic tool sound in the presence of type casts and variable argument functions, and to decrease false positives by using the programmer's knowledge about the program being analyzed.