ABSTRACT
Programmers using complex libraries and frameworks are faced with the difficult task of ensuring that their implementations comply with complex and informally described rules for proper sequencing of API calls. Recent advances in static and dynamic techniques for checking explicit specifications of program typestate properties have shown promise in addressing this challenge. Unfortunately, static typestate analyses are limited in their scalability and dynamic analyses can suffer from significant run-time overhead. In this paper, we present an approach that exploits information calculated by flow-sensitive static typestate analyses to reformulate the original analysis problem as a residual dynamic typestate analysis. We demonstrate that residual analyses retain the error reporting of unoptimized dynamic analysis while offering the potential for significantly reducing analysis cost
- H. Agrawal. Efficient coverage testing using global dominator graphs. In Works. on Prog. Anal. for Softw. Tools and Eng., pages 11--20, 1999. Google ScholarDigital Library
- M. Arnold and B. G. Ryder. A framework for reducing the cost of instrumented code. In Conf. on Prog. Lang. Design and Impl., pages 168--179, 2001. Google ScholarDigital Library
- E. Bodden, L. Hendren, and O. Lhotak. A staged static program analysis to improve the performance of runtime monitoring. In 21st Euro. Conf. on Obj.-Oriented Prog., 2007. Google ScholarDigital Library
- R. Bodik, R. Gupta, and V. Sarkar. Abcd: eliminating array bounds checks on demand. In Conf. on Prog. Lang. Design and Impl., pages 321--333, 2000. Google ScholarDigital Library
- M. d'Amorim and K. Havelund. Event-based runtime verification of Java programs. In Int'l. W. Dyn. Anal., 2005. Google ScholarDigital Library
- N. Dor, S. Adams, M. Das, and Z. Yang. Software validation via scalable path-sensitive value flow analysis. In Int'l. Symp. Softw. Test. Anal., pages 12--22, 2004. Google ScholarDigital Library
- M. Dwyer, G. Avrunin, and J. Corbett. Patterns in Property Specifications for Finite-state Verification. In Int'l. Conf. on Softw. Eng., May 1999. Google ScholarDigital Library
- M. Dwyer, A. Kinneer, and S. Elbaum. Adaptive online program analysis. In Int'l. Conf. on Softw. Eng., May 2007. Google ScholarDigital Library
- M. B. Dwyer, L. A. Clarke, J. M. Cobleigh, and G. Naumovich. Flow analysis for verifying properties of concurrent software systems. ACM Trans. Softw. Eng. Methodol., 13(4):359--430, 2004. Google ScholarDigital Library
- S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. In Int'l. Symp. Softw. Test. Anal., pages 133--144, 2006. Google ScholarDigital Library
- C. Flanagan. Hybrid type checking. In Symp. on Principles of Prog. Lang., pages 245--256, 2006. Google ScholarDigital Library
- S. L. Graham, P. B. Kessler, and M. K. Mckusick. Gprof: A call graph execution profiler. In Symp. on Compiler Construction, pages 120--126, 1982. Google ScholarDigital Library
- K. Havelund and G. Roşu. An overview of the runtime verification tool Java PathExplorer. Formal Meth. Sys. Design, 24(2):189--215, 2004. Google ScholarDigital Library
- M. Kim, M. Viswanathan, S. Kannan, I. Lee, and O. V. Sokolsky. Java-MaC: A run-time assurance approach for Java programs. Formal Meth. Sys. Design, 24(2):129--155, 2004. Google ScholarDigital Library
- A. Kinneer, M. Dwyer, and G. Rothermel. Sofya: Supporting rapid development of dynamic program analyses for java. In Int'l. Conf. on Softw. Eng., May 2007. Google ScholarDigital Library
- B. Liblit, A. Aiken, and A. Zheng. Distributed program sampling. In Conf. on Prog. Lang. Design and Impl., pages 141--154, 2003.Google Scholar
- S. P. Midkiff, J. E. Moreira, and M. Snir. Optimizing array reference checking in java programs. IBM Syst. J., 37(3):409--453, 1998. Google ScholarDigital Library
- R. Sekar, V. Venkatakrishnan, S. Basu, S. Bhatkar, and D. C. DuVarney. Model-carrying code: a practical approach for safe execution of untrusted applications. In 16th Symp. on Op. Sys. Principles, pages 15--28, 2003. Google ScholarDigital Library
- http://sofya.unl.edu.Google Scholar
- R. E. Strom and S. Yemini. Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Softw. Eng., 12(1):157--171, 1986. Google ScholarDigital Library
- R. Vallée-Rai. SOOT: A Java bytecode optimization framework. Master's thesis, School of Computer Science, McGill University, Montreal, Canada., Oct 2000.Google Scholar
Index Terms
Residual dynamic typestate analysis exploiting static analysis: results to reformulate and reduce the cost of dynamic analysis
Recommendations
Machine-Learning-Guided Typestate Analysis for Static Use-After-Free Detection
ACSAC '17: Proceedings of the 33rd Annual Computer Security Applications ConferenceTypestate analysis relies on pointer analysis for detecting temporal memory safety errors, such as use-after-free (UAF). For large programs, scalable pointer analysis is usually imprecise in analyzing their hard "corner cases", such as infeasible paths, ...
The Clara framework for hybrid typestate analysis
A typestate property describes which operations are available on an object or a group of inter-related objects, depending on this object's or group's internal state, the typestate. Researchers in the field of static analysis have devised static program ...
Region-based shape analysis with tracked locations
POPL '05: Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThis paper proposes a novel approach to shape analysis: using local reasoning about individual heap locations instead of global reasoning about entire heap abstractions. We present an inter-procedural shape analysis algorithm for languages with ...
Comments