Article

Runtime instrumentation for precise flow-sensitive type analysis

Authors:

Etienne Kneuss,

Philippe Suter,

Viktor KuncakAuthors Info & Claims

RV'10: Proceedings of the First international conference on Runtime verification

Pages 300 - 314

Published: 01 November 2010 Publication History

Abstract

We describe a combination of runtime information and static analysis for checking properties of complex and configurable systems. The basic idea of our approach is to 1) let the program execute and thereby read the important dynamic configuration data, then 2) invoke static analysis from this runtime state to detect possible errors that can happen in the continued execution. This approach improves analysis precision, particularly with respect to types of global variables and nested data structures. It also enables the resolution of modules that are loaded based on dynamically computed information.

We describe an implementation of this approach in a tool that statically computes possible types of variables in PHP applications, including detailed types of nested maps (arrays). PHP is a dynamically typed language; PHP programs extensively use nested value maps, as well as 'include' directives whose arguments are dynamically computed file names. We have applied our analysis tool to over 50'000 lines of PHP code, including the popular DokuWiki software, which has a plug-in architecture. The analysis identified 200 problems in the code and in the type hints of the original source code base. Some of these problems can cause exploits, infinite loops, and crashes. Our experiments show that dynamic information simplifies the development of the analysis and decreases the number of false alarms compared to a purely static analysis approach.

References

[1]

Aiken, A., Wimmers, E.L., Lakshman, T.K.: Soft typing with conditional types. In: POPL (1994).

Digital Library

[2]

Chandra, S., Reps, T.: Physical type checking for C. In: Workshop on Program analysis for software tools and engineering, PASTE (1999).

Digital Library

[3]

Chase, D.R., Wegman, M., Zadeck, F.K.: Analysis of pointers and structures. In: PLDI (1990).

Digital Library

[4]

Patrick Cousot. Types as abstract interpretations. In POPL, 1997.

Digital Library

[5]

Fagan, M.: Soft Typing: An Approach to Type Checking for Dynamically Typed Languages. PhD thesis, Rice University (1992).

Digital Library

[6]

Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.: Compositional must program analysis: unleashing the power of alternation. In: POPL (2010).

Digital Library

[7]

Huang, Y.-W., Yu, F., Hang, C., Tsai, C.-H., Lee, D.T., Kuo, S.-Y.: Securing web application code by static analysis and runtime protection. In: WWW (2004).

Digital Library

[8]

Jensen, S.H., Møller, A., Thiemann, P.: Type analysis for JavaScript. In: Palsberg, J., Su, Z. (eds.) Static Analysis. LNCS, vol. 5673, pp. 238-255. Springer, Heidelberg (2009).

Digital Library

[9]

Jhala, R., Majumdar, R., Xu, R.-G.: State of the union: Type inference via craig interpolation. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 553-567. Springer, Heidelberg (2007).

Digital Library

[10]

Jovanovic, N., Kruegel, C., Kirda, E.: Pixy: A static analysis tool for detecting web application vulnerabilities. In: IEEE Symp. Security and Privacy (2006).

Digital Library

[11]

Komondoor, R., Ramalingam, G., Chandra, S., Field, J.: Dependent types for program understanding. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 157-173. Springer, Heidelberg (2005).

Digital Library

[12]

Pasareanu, C.S., Mehlitz, P.C., Bushnell, D.H., Gundy-Burlet, K., Lowry, M.R., Person, S., Pape, M.: Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In: ISSTA (2008).

[13]

Strom, R.E., Yemini, S.: Typestate: A programming language concept for enhancing software reliability. In: IEEE TSE (January 1986).

Digital Library

[14]

Wassermann, G., Su, Z.: Sound and precise analysis of web applications for injection vulnerabilities. In: PLDI (2007).

Digital Library

[15]

Yabandeh, M., Kneževic, N., Kostic, D., Kuncak, V.: Predicting and preventing inconsistencies in deployed distributed systems. ACM Transactions on Computer Systems 28(1) (2010).

Digital Library

[16]

Yorsh, G., Ball, T., Sagiv, M.: Testing, abstraction, theorem proving: better together? In: ISSTA, pp. 145-156 (2006).

Digital Library

Cited By

Xu ZLiu PZhang XXu BZimmermann TCleland-Huang JSu Z(2016)Python predictive analysis for bug detectionProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2950290.2950357(121-132)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/2950290.2950357
Xu ZZhang XChen LPei KXu BZimmermann TCleland-Huang JSu Z(2016)Python probabilistic type inference with natural language supportProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2950290.2950343(607-618)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/2950290.2950343
Schäfer MSridharan MDolby JTip F(2013)Dynamic determinacy analysisACM SIGPLAN Notices10.1145/2499370.246216848:6(165-174)Online publication date: 16-Jun-2013
https://dl.acm.org/doi/10.1145/2499370.2462168
Show More Cited By

Recommendations

Flow-sensitive type qualifiers
PLDI '02: Proceedings of the ACM SIGPLAN 2002 conference on Programming language design and implementation

We present a system for extending standard type systems with flow-sensitive type qualifiers. Users annotate their programs with type qualifiers, and inference checks that the annotations are correct. In our system only the type qualifiers are modeled ...
Flow-sensitive type qualifiers

We present a system for extending standard type systems with flow-sensitive type qualifiers. Users annotate their programs with type qualifiers, and inference checks that the annotations are correct. In our system only the type qualifiers are modeled ...
Flow-Sensitive Type Qualifiers

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

RV'10: Proceedings of the First international conference on Runtime verification

November 2010

491 pages

ISBN:3642166113

Editors:
Howard Barringer
University of Manchester, UK
,
Ylies Falcone
IRISA, INRIA, Rennes, France
,
Bernd Finkbeiner
Saarland University, Saarücken, Germany
,
Klaus Havelund
Jet Propulsion Laboratory, Pasadena, CA
,
Insup Lee
University of Pennsylvania, Philadelphia, PA

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 01 November 2010

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 11 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Xu ZLiu PZhang XXu BZimmermann TCleland-Huang JSu Z(2016)Python predictive analysis for bug detectionProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2950290.2950357(121-132)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/2950290.2950357
Xu ZZhang XChen LPei KXu BZimmermann TCleland-Huang JSu Z(2016)Python probabilistic type inference with natural language supportProceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering10.1145/2950290.2950343(607-618)Online publication date: 1-Nov-2016
https://dl.acm.org/doi/10.1145/2950290.2950343
Schäfer MSridharan MDolby JTip F(2013)Dynamic determinacy analysisACM SIGPLAN Notices10.1145/2499370.246216848:6(165-174)Online publication date: 16-Jun-2013
https://dl.acm.org/doi/10.1145/2499370.2462168
Schäfer MSridharan MDolby JTip FBoehm HFlanagan C(2013)Dynamic determinacy analysisProceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/2491956.2462168(165-174)Online publication date: 16-Jun-2013
https://dl.acm.org/doi/10.1145/2491956.2462168
Darulova EKuncak V(2011)Trustworthy numerical computation in ScalaACM SIGPLAN Notices10.1145/2076021.204809446:10(325-344)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2076021.2048094
Darulova EKuncak VLopes CFisher K(2011)Trustworthy numerical computation in ScalaProceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications10.1145/2048066.2048094(325-344)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2048066.2048094
Kneuss ESuter PKuncak VRoman Gvan der Hoek A(2010)PhantmProceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering10.1145/1882291.1882355(373-374)Online publication date: 7-Nov-2010
https://dl.acm.org/doi/10.1145/1882291.1882355

View Options

View options

Figures

Tables

Media

View Table of Conten