research-article

Dual analysis for proving safety and finding bugs

Authors:
Corneliu Popeea

Max Planck Institute for Software Systems (MPI-SWS)

Max Planck Institute for Software Systems (MPI-SWS)
View Profile

,
Wei-Ngan Chin

National University of Singapore

National University of Singapore
View Profile

SAC '10: Proceedings of the 2010 ACM Symposium on Applied ComputingMarch 2010Pages 2137–2143https://doi.org/10.1145/1774088.1774538

Published:22 March 2010Publication History

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

Pages 2137–2143

ABSTRACT

Program bugs remain a major challenge for software developers and various tools have been proposed to help with their localization and elimination. Most present-day tools are based either on over-approximating techniques that can prove safety but may report false positives, or on under-approximating techniques that can find real bugs but with possible false negatives. In this paper, we propose a dual static analysis that is based on only over-approximation. Its main novelty is to concurrently derive conditions that lead to either success or failure outcomes and thus we provide a comprehensive solution for both proving safety and finding real program bugs. We have proven the soundness of our approach and have implemented a prototype system that is validated by a set of experiments.

References

T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN Workshop, pages 103--122, 2001. Google ScholarDigital Library
B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In PLDI, 2003. Google ScholarDigital Library
P. Cousot and R. Cousot. Modular static program analysis. In CC, 2002. Google ScholarDigital Library
P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In ACM POPL, pages 84--96, 1978. Google ScholarDigital Library
J. J. Dongarra, P. Luszczek, and A. Petitet. The LINPACK benchmark: Past, present, and future. Concurrency and Computation: Practice and Experience, 15:1--18, 2003.Google ScholarCross Ref
P. Godefroid. Model checking for programming languages using VeriSoft. In ACM POPL, 1997. Google ScholarDigital Library
P. Godefroid, N. Klarlund, and K. Sen. DART: Directed Automated Random Testing. In PLDI, 2005. Google ScholarDigital Library
B. S. Gulavani, T. A. Henzinger, Y. Kannan, A. V. Nori, and S. K. Rajamani. SYNERGY: A new algorithm for property checking. In ACM FSE, 2006. Google ScholarDigital Library
S. Gulwani, S. Srivastava, and R. Venkatesan. Program analysis as constraint solving. In ACM PLDI, pages 281--292, 2008. Google ScholarDigital Library
T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In ACM POPL, 2002. Google ScholarDigital Library
K. Ku, T. E. Hart, M. Chechik, and D. Lie. A buffer overflow benchmark for software model checkers. In ASE, 2007. Google ScholarDigital Library
K. Marriott and H. Søndergaard. Bottom-up dataflow analysis of normal logic programs. J. Log. Program., 13(2&3), 1992. Google ScholarDigital Library
G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In CC, 2002. Google ScholarDigital Library
National Institute of Standards and Technology. Java SciMark benchmark for scientific computing. http://math.nist.gov/scimark2/.Google Scholar
C. S. Pasareanu, R. Pelánek, and W. Visser. Concrete model checking with abstract matching and refinement. In CAV, pages 52--66, 2005. Google ScholarDigital Library
C. Popeea and W. N. Chin. Inferring disjunctive postconditions. In ASIAN CS Conference, 2006. Google ScholarDigital Library
C. Popeea, D. N. Xu, and W. N. Chin. A practical and precise inference and specializer for array bound checks elimination. In ACM SIGPLAN PEPM, 2008. Google ScholarDigital Library
W. Pugh. The Omega Test: A fast practical integer programming algorithm for dependence analysis. Communications of the ACM, 8:102--114, 1992. Google ScholarDigital Library
X. Rival. Understanding the origin of alarms in ASTRÉE. In SAS, 2005. Google ScholarDigital Library
S. Sankaranarayanan, F. Ivancic, I. Shlyakhter, and A. Gupta. Static analysis in disjunctive numerical domains. In SAS, 2006. Google ScholarDigital Library
N. Suzuki and K. Ishihata. Implementation of an array bound checker. In ACM POPL, pages 132--143, 1977. Google ScholarDigital Library

Index Terms

Dual analysis for proving safety and finding bugs

Recommendations

Dual analysis for proving safety and finding bugs

Program bugs remain a major challenge for software developers and various tools have been proposed to help with their localisation and elimination. Most present-day tools are based either on over-approximating techniques that can prove safety but may ...
Read More
Finding bugs is easy
OOPSLA '04: Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications

Many techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. While these techniques are valuable, they can be difficult to apply, and they ...
Read More
Finding more null pointer bugs, but not too many
PASTE '07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

In the summer of 2006, the FindBugs project was challenged to improve the null pointer analysis in FindBugs so that we could find more null pointer bugs. In particular, we were challenged to try to do as well as a publicly available analysis by ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing
March 2010
2712 pages
ISBN:9781605586397
DOI:10.1145/1774088
Conference Chairs:
Sung Y. Shin
South Dakota State University
,
Sascha Ossowski
University Rey Juan Carlos, Spain
,
Michael Schumacher
University of Applied Sciences Western Switzerland, Switzerland
,
Program Chairs:
Mathew J. Palakal
Indiana University Purdue University
,
Chih-Cheng Hung
Southern Polytechnic State University
Copyright © 2010 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 22 March 2010
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
numerical domains
static analysis
Qualifiers
- research-article
Conference

Acceptance Rates
SAC '10 Paper Acceptance Rate364of1,353submissions,27%Overall Acceptance Rate1,650of6,669submissions,25%
More
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 5
  Total Citations
  View Citations
- 141
  Total Downloads
- Downloads (Last 12 months)3
- Downloads (Last 6 weeks)1
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Dual analysis for proving safety and finding bugs

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

ABSTRACT

References

Cited By

Index Terms

Recommendations

Dual analysis for proving safety and finding bugs

Finding bugs is easy

Finding more null pointer bugs, but not too many