Article

From uncertainty to belief: inferring the specification within

Authors:

Dawson EnglerAuthors Info & Claims

OSDI '06: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7

Page 12

Published: 06 November 2006 Publication History

Publisher Site

Abstract

Automatic tools for finding software errors require a set of specifications before they can check code: if they do not know what to check, they cannot find bugs. This paper presents a novel framework based on factor graphs for automatically inferring specifications directly from programs. The key strength of the approach is that it can incorporate many disparate sources of evidence, allowing us to squeeze significantly more information from our observations than previously published techniques.

We illustrate the strengths of our approach by applying it to the problem of inferring what functions in C programs allocate and release resources. We evaluated its effectiveness on five codebases: SDL, OpenSSH, GIMP, and the OS kernels for Linux and Mac OS X (XNU). For each codebase, starting with zero initially provided annotations, we observed an inferred annotation accuracy of 80-90%, with often near perfect accuracy for functions called as little as five times. Many of the inferred allocator and deallocator functions are functions for which we both lack the implementation and are rarely called-in some cases functions with at most one or two callsites. Finally, with the inferred annotations we quickly found both missing and incorrect properties in a specification used by a commercial static bug-finding tool.

Cited By

View all

Lu KPakki AWu QHeninger NTraynor P(2019)Detecting missing-check bugs via semantic- and context-aware criticalness and constraints inferencesProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361461(1769-1786)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361461
Eberhardt JSteffen SRaychev VVechev MMcKinley KFisher K(2019)Unsupervised learning of API aliasing specificationsProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314640(745-759)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314640
Bastani OSharma RAiken ALiang P(2018)Active learning of points-to specificationsACM SIGPLAN Notices10.1145/3296979.319238353:4(678-692)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3296979.3192383
Show More Cited By

Recommendations

From uncertainty to belief: inferring the specification within
OSDI '06: Proceedings of the 7th symposium on Operating systems design and implementation

Automatic tools for finding software errors require a set of specifications before they can check code: if they do not know what to check, they cannot find bugs. This paper presents a novel framework based on factor graphs for automatically inferring ...
Tractable Bayesian learning of tree belief networks

In this paper we present decomposable priors , a family of priors over structure and parameters of tree belief nets for which Bayesian learning with complete observations is tractable, in the sense that the posterior is also decomposable and can be ...
Norm-product belief propagation: primal-dual message-passing for approximate inference

Inference problems in graphical models can be represented as a constrained optimization of a free-energy function. In this paper, we treat both forms of probabilistic inference, estimating marginal probabilities of the joint distribution and finding the ...

Comments

Information & Contributors

Information

Published In

OSDI '06: Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7

November 2006

53 pages

Publisher

USENIX Association

United States

Publication History

Published: 06 November 2006

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

43
Total Citations
View Citations
2
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Lu KPakki AWu QHeninger NTraynor P(2019)Detecting missing-check bugs via semantic- and context-aware criticalness and constraints inferencesProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361461(1769-1786)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361461
Eberhardt JSteffen SRaychev VVechev MMcKinley KFisher K(2019)Unsupervised learning of API aliasing specificationsProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314640(745-759)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314640
Bastani OSharma RAiken ALiang P(2018)Active learning of points-to specificationsACM SIGPLAN Notices10.1145/3296979.319238353:4(678-692)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3296979.3192383
Zhao JAlbarghouthi ARastogi VJha SOcteau DLeavens GGarcia APăsăreanu C(2018)Neural-augmented static analysis of Android communicationProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3236024.3236066(342-353)Online publication date: 26-Oct-2018
https://dl.acm.org/doi/10.1145/3236024.3236066
Bian PLiang BShi WHuang JCai YLeavens GGarcia APăsăreanu C(2018)NAR-miner: discovering negative association rules from code for bug detectionProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3236024.3236032(411-422)Online publication date: 26-Oct-2018
https://dl.acm.org/doi/10.1145/3236024.3236032
Bastani OSharma RAiken ALiang PFoster JGrossman D(2018)Active learning of points-to specificationsProceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3192366.3192383(678-692)Online publication date: 11-Jun-2018
https://dl.acm.org/doi/10.1145/3192366.3192383
Mangal RZhang XKamath ANori ANaik M(2016)Scaling relational inference using proofs and refutationsProceedings of the Thirtieth AAAI Conference on Artificial Intelligence10.5555/3016100.3016362(3278-3286)Online publication date: 12-Feb-2016
https://dl.acm.org/doi/10.5555/3016100.3016362
Bichsel BRaychev VTsankov PVechev MWeippl EKatzenbeisser SKruegel CMyers AHalevi S(2016)Statistical Deobfuscation of Android ApplicationsProceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security10.1145/2976749.2978422(343-355)Online publication date: 24-Oct-2016
https://dl.acm.org/doi/10.1145/2976749.2978422
Xu ZZhang XChen LPei KXu BZimmermann TCleland-Huang JSu Z(2016)Python probabilistic type inference with natural language supportProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2950290.2950343(607-618)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/2950290.2950343
Bastani OAnand SAiken A(2015)Interactively verifying absence of explicit information flows in Android appsACM SIGPLAN Notices10.1145/2858965.281427450:10(299-315)Online publication date: 23-Oct-2015
https://dl.acm.org/doi/10.1145/2858965.2814274
Show More Cited By

Cited By

Index Terms

Recommendations