research-article

Dual analysis for proving safety and finding bugs

Authors:

Corneliu Popeea,

Wei-Ngan ChinAuthors Info & Claims

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

Pages 2137 - 2143

https://doi.org/10.1145/1774088.1774538

Published: 22 March 2010 Publication History

Abstract

Program bugs remain a major challenge for software developers and various tools have been proposed to help with their localization and elimination. Most present-day tools are based either on over-approximating techniques that can prove safety but may report false positives, or on under-approximating techniques that can find real bugs but with possible false negatives. In this paper, we propose a dual static analysis that is based on only over-approximation. Its main novelty is to concurrently derive conditions that lead to either success or failure outcomes and thus we provide a comprehensive solution for both proving safety and finding real program bugs. We have proven the soundness of our approach and have implemented a prototype system that is validated by a set of experiments.

References

[1]

T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN Workshop, pages 103--122, 2001.

Digital Library

[2]

B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In PLDI, 2003.

Digital Library

[3]

P. Cousot and R. Cousot. Modular static program analysis. In CC, 2002.

Digital Library

[4]

P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In ACM POPL, pages 84--96, 1978.

Digital Library

[5]

J. J. Dongarra, P. Luszczek, and A. Petitet. The LINPACK benchmark: Past, present, and future. Concurrency and Computation: Practice and Experience, 15:1--18, 2003.

[6]

P. Godefroid. Model checking for programming languages using VeriSoft. In ACM POPL, 1997.

Digital Library

[7]

P. Godefroid, N. Klarlund, and K. Sen. DART: Directed Automated Random Testing. In PLDI, 2005.

Digital Library

[8]

B. S. Gulavani, T. A. Henzinger, Y. Kannan, A. V. Nori, and S. K. Rajamani. SYNERGY: A new algorithm for property checking. In ACM FSE, 2006.

Digital Library

[9]

S. Gulwani, S. Srivastava, and R. Venkatesan. Program analysis as constraint solving. In ACM PLDI, pages 281--292, 2008.

Digital Library

[10]

T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In ACM POPL, 2002.

Digital Library

[11]

K. Ku, T. E. Hart, M. Chechik, and D. Lie. A buffer overflow benchmark for software model checkers. In ASE, 2007.

Digital Library

[12]

K. Marriott and H. Søndergaard. Bottom-up dataflow analysis of normal logic programs. J. Log. Program., 13(2&3), 1992.

Digital Library

[13]

G. C. Necula, S. McPeak, S. P. Rahul, and W. Weimer. CIL: Intermediate language and tools for analysis and transformation of C programs. In CC, 2002.

Digital Library

[14]

National Institute of Standards and Technology. Java SciMark benchmark for scientific computing. http://math.nist.gov/scimark2/.

[15]

C. S. Pasareanu, R. Pelánek, and W. Visser. Concrete model checking with abstract matching and refinement. In CAV, pages 52--66, 2005.

Digital Library

[16]

C. Popeea and W. N. Chin. Inferring disjunctive postconditions. In ASIAN CS Conference, 2006.

Digital Library

[17]

C. Popeea, D. N. Xu, and W. N. Chin. A practical and precise inference and specializer for array bound checks elimination. In ACM SIGPLAN PEPM, 2008.

Digital Library

[18]

W. Pugh. The Omega Test: A fast practical integer programming algorithm for dependence analysis. Communications of the ACM, 8:102--114, 1992.

Digital Library

[19]

X. Rival. Understanding the origin of alarms in ASTRÉE. In SAS, 2005.

Digital Library

[20]

S. Sankaranarayanan, F. Ivancic, I. Shlyakhter, and A. Gupta. Static analysis in disjunctive numerical domains. In SAS, 2006.

Digital Library

[21]

N. Suzuki and K. Ishihata. Implementation of an array bound checker. In ACM POPL, pages 132--143, 1977.

Digital Library

Cited By

Boutonnet RHalbwachs N(2019)Disjunctive Relational Abstract Interpretation for Interprocedural Program AnalysisVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-11245-5_7(136-159)Online publication date: 11-Jan-2019
https://doi.org/10.1007/978-3-030-11245-5_7
Minh Hai Nguyen Thien Binh Nguyen Thanh Tho Quan Ogawa M(2013)A Hybrid Approach for Control Flow Graph Construction from Binary Code2013 20th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC.2013.132(159-164)Online publication date: Dec-2013
https://doi.org/10.1109/APSEC.2013.132
Popeea CChin W(2013)Dual analysis for proving safety and finding bugsScience of Computer Programming10.1016/j.scico.2012.07.00478:4(390-411)Online publication date: 1-Apr-2013
https://dl.acm.org/doi/10.1016/j.scico.2012.07.004
Show More Cited By

Index Terms

Dual analysis for proving safety and finding bugs

Recommendations

Dual analysis for proving safety and finding bugs

Program bugs remain a major challenge for software developers and various tools have been proposed to help with their localisation and elimination. Most present-day tools are based either on over-approximating techniques that can prove safety but may ...
Finding bugs is easy
OOPSLA '04: Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications

Many techniques have been developed over the years to automatically find bugs in software. Often, these techniques rely on formal methods and sophisticated program analysis. While these techniques are valuable, they can be difficult to apply, and they ...
Finding more null pointer bugs, but not too many
PASTE '07: Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering

In the summer of 2006, the FindBugs project was challenged to improve the null pointer analysis in FindBugs so that we could find more null pointer bugs. In particular, we were challenged to try to do as well as a publicly available analysis by ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '10: Proceedings of the 2010 ACM Symposium on Applied Computing

March 2010

2712 pages

ISBN:9781605586397

DOI:10.1145/1774088

Conference Chairs:
Sung Y. Shin
South Dakota State University
,
Sascha Ossowski
University Rey Juan Carlos, Spain
,
Michael Schumacher
University of Applied Sciences Western Switzerland, Switzerland
,
Program Chairs:
Mathew J. Palakal
Indiana University Purdue University
,
Chih-Cheng Hung
Southern Polytechnic State University

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 March 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Agency for Science, Technology and Research

Conference

SAC'10

Sponsor:

SIGAPP

SAC'10: The 2010 ACM Symposium on Applied Computing

March 22 - 26, 2010

Sierre, Switzerland

Acceptance Rates

SAC '10 Paper Acceptance Rate 364 of 1,353 submissions, 27%;

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
141
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Boutonnet RHalbwachs N(2019)Disjunctive Relational Abstract Interpretation for Interprocedural Program AnalysisVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-11245-5_7(136-159)Online publication date: 11-Jan-2019
https://doi.org/10.1007/978-3-030-11245-5_7
Minh Hai Nguyen Thien Binh Nguyen Thanh Tho Quan Ogawa M(2013)A Hybrid Approach for Control Flow Graph Construction from Binary Code2013 20th Asia-Pacific Software Engineering Conference (APSEC)10.1109/APSEC.2013.132(159-164)Online publication date: Dec-2013
https://doi.org/10.1109/APSEC.2013.132
Popeea CChin W(2013)Dual analysis for proving safety and finding bugsScience of Computer Programming10.1016/j.scico.2012.07.00478:4(390-411)Online publication date: 1-Apr-2013
https://dl.acm.org/doi/10.1016/j.scico.2012.07.004
Le QSharma ACraciun FChin W(2013)Towards Complete Specifications with an Error CalculusNASA Formal Methods10.1007/978-3-642-38088-4_20(291-306)Online publication date: 2013
https://doi.org/10.1007/978-3-642-38088-4_20
Cousot PCousot RFähndrich MLogozzo F(2013)Automatic Inference of Necessary PreconditionsProceedings of the 14th International Conference on Verification, Model Checking, and Abstract Interpretation - Volume 773710.1007/978-3-642-35873-9_10(128-148)Online publication date: 20-Jan-2013
https://dl.acm.org/doi/10.1007/978-3-642-35873-9_10

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten