ABSTRACT
Program bugs remain a major challenge for software developers and various tools have been proposed to help with their localization and elimination. Most present-day tools are based either on over-approximating techniques that can prove safety but may report false positives, or on under-approximating techniques that can find real bugs but with possible false negatives. In this paper, we propose a dual static analysis that is based on only over-approximation. Its main novelty is to concurrently derive conditions that lead to either success or failure outcomes and thus we provide a comprehensive solution for both proving safety and finding real program bugs. We have proven the soundness of our approach and have implemented a prototype system that is validated by a set of experiments.
- T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN Workshop, pages 103--122, 2001. Google ScholarDigital Library
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In PLDI, 2003. Google ScholarDigital Library
- P. Cousot and R. Cousot. Modular static program analysis. In CC, 2002. Google ScholarDigital Library
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In ACM POPL, pages 84--96, 1978. Google ScholarDigital Library
- J. J. Dongarra, P. Luszczek, and A. Petitet. The LINPACK benchmark: Past, present, and future. Concurrency and Computation: Practice and Experience, 15:1--18, 2003.Google ScholarCross Ref
- P. Godefroid. Model checking for programming languages using VeriSoft. In ACM POPL, 1997. Google ScholarDigital Library
- P. Godefroid, N. Klarlund, and K. Sen. DART: Directed Automated Random Testing. In PLDI, 2005. Google ScholarDigital Library
- B. S. Gulavani, T. A. Henzinger, Y. Kannan, A. V. Nori, and S. K. Rajamani. SYNERGY: A new algorithm for property checking. In ACM FSE, 2006. Google ScholarDigital Library
- S. Gulwani, S. Srivastava, and R. Venkatesan. Program analysis as constraint solving. In ACM PLDI, pages 281--292, 2008. Google ScholarDigital Library
- T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In ACM POPL, 2002. Google ScholarDigital Library
- K. Ku, T. E. Hart, M. Chechik, and D. Lie. A buffer overflow benchmark for software model checkers. In ASE, 2007. Google ScholarDigital Library
- K. Marriott and H. Søndergaard. Bottom-up dataflow analysis of normal logic programs. J. Log. Program., 13(2&3), 1992. Google ScholarDigital Library
- G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In CC, 2002. Google ScholarDigital Library
- National Institute of Standards and Technology. Java SciMark benchmark for scientific computing. http://math.nist.gov/scimark2/.Google Scholar
- C. S. Pasareanu, R. Pelánek, and W. Visser. Concrete model checking with abstract matching and refinement. In CAV, pages 52--66, 2005. Google ScholarDigital Library
- C. Popeea and W. N. Chin. Inferring disjunctive postconditions. In ASIAN CS Conference, 2006. Google ScholarDigital Library
- C. Popeea, D. N. Xu, and W. N. Chin. A practical and precise inference and specializer for array bound checks elimination. In ACM SIGPLAN PEPM, 2008. Google ScholarDigital Library
- W. Pugh. The Omega Test: A fast practical integer programming algorithm for dependence analysis. Communications of the ACM, 8:102--114, 1992. Google ScholarDigital Library
- X. Rival. Understanding the origin of alarms in ASTRÉE. In SAS, 2005. Google ScholarDigital Library
- S. Sankaranarayanan, F. Ivancic, I. Shlyakhter, and A. Gupta. Static analysis in disjunctive numerical domains. In SAS, 2006. Google ScholarDigital Library
- N. Suzuki and K. Ishihata. Implementation of an array bound checker. In ACM POPL, pages 132--143, 1977. Google ScholarDigital Library
Index Terms
- Dual analysis for proving safety and finding bugs
Recommendations
Dual analysis for proving safety and finding bugs
Program bugs remain a major challenge for software developers and various tools have been proposed to help with their localisation and elimination. Most present-day tools are based either on over-approximating techniques that can prove safety but may ...
Finding bugs is easy
OOPSLA '04: Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applicationsMany techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. While these techniques are valuable, they can be difficult to apply, and they ...
Finding more null pointer bugs, but not too many
PASTE '07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineeringIn the summer of 2006, the FindBugs project was challenged to improve the null pointer analysis in FindBugs so that we could find more null pointer bugs. In particular, we were challenged to try to do as well as a publicly available analysis by ...
Comments