Skip to main content
SpringerLink
Log in

Doomed program points

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Any programming error that can be revealed before compiling a program saves precious time for the programmer. While integrated development environments already do a good job by detecting, e.g., data-flow abnormalities, current static analysis tools suffer from false positives (“noise”) or require strong user interaction.

We propose to avoid this deficiency by defining a new class of errors. A program fragment is doomed if its execution will inevitably fail, regardless of which state it is started in. We use a formal verification method to identify such errors fully automatically and, most significantly, without producing noise. We report on experiments with a prototype tool.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ayewah N, Pugh W, Morgenthaler JD, Penix J, Zhou Y (2007) Evaluating static analysis defect warnings on production software. In: Workshop on program analysis for software tools and engineering, PASTE’07. ACM, New York, pp 1–8

    Google Scholar 

  2. Ball T, Kupferman O, Yorsh G (2005) Abstraction for falsification. In: Computer aided verification, CAV’05. LNCS, vol 3576. Springer, Berlin, pp 67–81

    Chapter  Google Scholar 

  3. Barnett M, Leino KRM (2005) Weakest-precondition of unstructured programs. In: Workshop on program analysis for software tools and engineering, PASTE’05. ACM, New York, pp 82–87

    Chapter  Google Scholar 

  4. Barnett M, Chang B-YE, DeLine R, Jacobs B, Leino KRM (2005) Boogie: a modular reusable verifier for object-oriented programs. In: Formal methods for components and objects: 4th international symposium, FMCO’05. LNCS, vol 4111. Springer, Berlin, pp 364–387

    Chapter  Google Scholar 

  5. Barnett M, Leino KRM, Schulte W (2005) The Spec# programming system: an overview. In: CASSIS 2004, construction and analysis of safe, secure and interoperable smart devices. LNCS, vol 3362. Springer, Berlin, pp 49–69

    Chapter  Google Scholar 

  6. Beer I, Ben-David S, Eisner C, Rodeh Y (1997) Efficient detection of vacuity in actl formulas. In: Computer aided verification, CAV’97. Springer, Berlin, pp 279–290

    Google Scholar 

  7. Bornat R (2000) Proving pointer programs in Hoare logic

  8. Burstall RM (1972) Some techniques for proving correctness of programs which alter data structures. Mach Learn 7

  9. Clarke EM, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In: International conference on tools and algorithms for the construction and analysis of systems, TACAS’04. LNCS, vol 2988. Springer, Berlin, pp 168–176

    Chapter  Google Scholar 

  10. Cohen E, Moskal M, Schulte W, Tobies S (2000) A practical verification methodology for concurrent programs. Technical report MSR-TR-2009-15, Microsoft Research

  11. Cytron R, Ferrante J, Rosen BK, Wegman MN, Zadeck FK (1991) Efficiently computing static single assignment form and the control dependence graph. ACM Trans Program Lang Syst 13(4):451–490

    Article  Google Scholar 

  12. Dijkstra EW (1976) A discipline of programming. Prentice Hall, Englewood Cliffs

    MATH  Google Scholar 

  13. Ernie Cohen MD, Hillebrand M, Leinenbach D, Moskal M, Santen T, Schulte W, Tobies S (2009) VCC: a practical system for verifying concurrent C. In: Theorem proving in higher order logics, TPHOLs’09, pp 23–42

    Chapter  Google Scholar 

  14. Evans D, Larochelle D (2002) Improving security using extensible lightweight static analysis. IEEE Softw 19(1):42–51

    Article  Google Scholar 

  15. Filliâtre J-C, Marché C (2007) The Why/Krakatoa/Caduceus platform for deductive program verification. In: Computer aided verification, CAV’07, pp 173–177

    Chapter  Google Scholar 

  16. Flanagan C, Saxe JB (2001) Avoiding exponential explosion: generating compact verification conditions. In: Annual ACM symposium on the principles of programming languages, POPL’01. ACM, New York, pp 193–205

    Google Scholar 

  17. Flanagan C, Leino KRM, Lillibridge M, Nelson G, Saxe JB, Stata R (2002) Extended static checking for Java. In: ACM conference on programming language design and implementation, PLDI’02. ACM, New York, pp 234–245

    Google Scholar 

  18. Godefroid P, Nori AV, Rajamani SK, Tetali S (2010) Compositional may-must program analysis: unleashing the power of alternation. In: Annual ACM symposium on the principles of programming languages, POPL’10. ACM, New York, pp 43–56

    Chapter  Google Scholar 

  19. Gulavani BS, Henzinger TA, Kannan Y, Nori AV, Rajamani SK (2006) Synergy: a new algorithm for property checking. In: Symposium on the foundations of software engineering, FSE’06. ACM, New York, pp 117–127

    Google Scholar 

  20. Hayes IJ, Fidge CJ, Lermer K (2001) Semantic characterisation of dead control-flow paths. IEE Proc, Softw 148(6):175–186

    Article  Google Scholar 

  21. Henzinger TA, Jhala R, Majumdar R, Sutre G (2003) Software verification with BLAST. In: Model checking software, 10th international SPIN workshop. LNCS, vol 2648. Springer, Berlin, pp 235–239

    Google Scholar 

  22. Hillebrand MA, Leinenbach DC (2009) Formal verification of a reader-writer lock implementation in c. Electron Notes Theor Comput Sci 254:123–141

    Article  Google Scholar 

  23. Hoenicke J, Leino KRM, Podelski A, Schäf M, Wies T (2009) It’s doomed; we can prove it. In: International symposium on formal methods, FM’09, pp 338–353

    Google Scholar 

  24. Hovemeyer D, Pugh W (2007) Finding more null pointer bugs, but not too many. In: Workshop on program analysis for software tools and engineering, PASTE’07. ACM, New York, pp 9–14

    Google Scholar 

  25. Hovemeyer D, Spacco J, Pugh W (2006) Evaluating and tuning a static analysis to find null pointer bugs. Softw Eng Notes 31(1):13–19

    Article  Google Scholar 

  26. Immerman N, Rabinovich A, Reps T, Sagiv M, Yorsh G (2004) The boundary between decidability and undecidability for transitive-closure logics. In: Computer science logic, CSL’04, pp 160–174

    Chapter  Google Scholar 

  27. Janota M, Grigore R, Moskal M (2007) Reachability analysis for annotated code. In: Specification and verification of component-based systems, SAVCBS’07. ACM, New York, pp 23–30

    Google Scholar 

  28. Janssen J, Corporaal H (1997) Making graphs reducible with controlled node splitting. ACM Trans Program Lang Syst 19(6):1031–1052

    Article  Google Scholar 

  29. Kuncak V (2007) Modular data structure verification. PhD thesis, EECS Department, Massachusetts Institute of Technology

  30. Leino KRM (2005) Efficient weakest preconditions. Inf Process Lett 93(6):281–288

    Article  MATH  MathSciNet  Google Scholar 

  31. Leino KRM This is Boogie 2. Manuscript KRML 178, June 2008. Available at http://research.microsoft.com/~leino/papers.html

  32. Lengauer T, Tarjan RE (1979) A fast algorithm for finding dominators in a flowgraph. ACM Trans Program Lang Syst 1(1):121–141

    Article  MATH  Google Scholar 

  33. Luckham DC, Suzuki N (1979) Verification of array, record, and pointer operations in Pascal. ACM Trans Program Lang Syst 1(2):226–244

    Article  MATH  Google Scholar 

  34. Manna Z, Pnueli A (1995) Temporal verification of reactive systems: safety. Springer, Berlin

    Google Scholar 

  35. Nelson G (1989) A generalization of Dijkstra’s calculus. ACM Trans Program Lang Syst 11(4):517–561

    Article  Google Scholar 

  36. Prosser RT (1959) Applications of Boolean matrices to the analysis of flow diagrams. In: IRE-AIEE-ACM’59, Eastern. ACM, New York, pp 133–138

    Chapter  Google Scholar 

  37. Samer M, Veith H (2007) On the notion of vacuous truth. In: Proceedings of the 14th international conference on logic for programming, artificial intelligence and reasoning, LPAR’07. Springer, Berlin, pp 2–14

    Chapter  Google Scholar 

  38. Shelekhov VI, Kuksenko SV (1999) On the practical static checker of semantic run-time errors. In: Asia pacific software engineering conference, APSEC, p 434

    Google Scholar 

  39. Technologies P (2004) PolySpace for C. Documentation

  40. Yorsh G, Ball T, Sagiv M (2006) Testing, abstraction, theorem proving: better together! In: International symposium on software testing and analysis, ISSTA’06. ACM, New York, pp 145–156

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Freiburg, Freiburg im Breisgau, Germany

    Jochen Hoenicke, Andreas Podelski & Martin Schäf

  2. Microsoft Research, Redmond, WA, USA

    K. Rustan M. Leino

  3. Institute of Science and Technology, Klosterneuburg, Austria

    Thomas Wies

Authors
  1. Jochen Hoenicke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. Rustan M. Leino
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Podelski
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Martin Schäf
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Thomas Wies
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thomas Wies.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hoenicke, J., Leino, K.R.M., Podelski, A. et al. Doomed program points. Form Methods Syst Des 37, 171–199 (2010). https://doi.org/10.1007/s10703-010-0102-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-010-0102-0

Keywords

Search

Navigation