research-article

Almost-correct specifications: a modular semantic framework for assigning confidence to warnings

Authors:

Sam Blackshear,

Shuvendu K. LahiriAuthors Info & Claims

ACM SIGPLAN Notices, Volume 48, Issue 6

Pages 209 - 218

https://doi.org/10.1145/2499370.2462188

Published: 16 June 2013 Publication History

Abstract

Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments allowed by unconstrained or partial specifications. The inability to preclude overly adversarial environments makes such checkers less attractive to developers and severely limits the adoption of such tools in the development cycle.

In this work, we propose a parameterized framework for prioritizing the assertion failures reported by a modular verifier, with the goal of suppressing warnings from overly demonic environments. We formalize it almost-correct specifications as the minimal weakening of an angelic specification (over a set of predicates) that precludes any dead code intraprocedurally. Our work is inspired by and generalizes some aspects of semantic inconsistency detection. Our formulation allows us to lift this idea to a general class of warnings. We have developed a prototype acspec, which we use to explore a few instantiations of the framework and report preliminary findings on a diverse set of C benchmarks.

References

[1]

M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Construction and Analysis of Safe, Secure and Interoperable Smart Devices, LNCS, 2005.

Digital Library

[2]

A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM, 53(2):66--75, Feb. 2010.

Digital Library

[3]

J. Condit, B. Hackett, S. K. Lahiri, and S. Qadeer. Unifying type checking and property checking for low-level code. In Principles of Programming Languages (POPL'09), pages 302--314, 2009.

Digital Library

[4]

P. Cousot and R. Cousot. Abstract interpretation : A Unified Lattice Model for the Static Analysis of Programs by Construction or Approximation of Fixpoints. In Symposium on Principles of Programming Languages (POPL'77). ACM Press, 1977.

Digital Library

[5]

P. Cousot, R. Cousot, M. Fähndrich, and F. Logozzo. Automatic inference of necessary preconditions. In VMCAI, pages 128--148, 2013.

Digital Library

[6]

L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08), 2008.

Digital Library

[7]

R. DeLine and K. R. M. Leino. BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report MSR-TR-2005--70, Microsoft Research, 2005.

[8]

E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM, 1975.

Digital Library

[9]

I. Dillig, T. Dillig, and A. Aiken. Static error detection using semantic inconsistency inference. In Programming Language Design and Implementation (PLDI'07), pages 435--445, 2007.

Digital Library

[10]

I. Dillig, T. Dillig, and A. Aiken. Automated error diagnosis using abductive inference. In Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation, PLDI'12, pages 181--192, New York, NY, USA, 2012. ACM.

Digital Library

[11]

D. R. Engler, D. Y. Chen, and A. Chou. Bugs as inconsistent behavior: A general approach to inferring errors in systems code. In Symposium on Operating Systems Principles (SOSP'01), pages 57--72, 2001.

Digital Library

[12]

C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Programming Language Design and Implementation (PLDI'02), 2002.

Digital Library

[13]

C. Flanagan and J. B. Saxe. Avoiding exponential explosion: generating compact verification conditions. In Symposium on Principles of Programming Languages (POPL'01), pages 193--205. ACM, 2001.

Digital Library

[14]

S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In Computer-Aided Verification (CAV'97).

Digital Library

[15]

J. Hoenicke, K. R. M. Leino, A. Podelski, M. Schäf, and T. Wies. Doomed program points. Formal Methods in System Design, 37(2--3):171--199, 2010.

Digital Library

[16]

S. Joshi, S. K. Lahiri, and A. Lal. Underspecified harnesses and interleaved bugs. In Principles of Programming Languages (POPL'12), pages 19--30. ACM, 2012.

Digital Library

[17]

T. Kremenek and D. R. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In Static Analysis Symposium (SAS'03), LNCS 2694, pages 295--315, 2003.

Digital Library

[18]

T. Kremenek, P. Twohey, G. Back, A. Y. Ng, and D. R. Engler. From uncertainty to belief: Inferring the specification within. In OSDI, 2006.

Digital Library

[19]

S. K. Lahiri, R. Nieuwenhuis, and A. Oliveras. Smt techniques for fast predicate abstraction. In Computer Aided Verification (CAV'06), Lecture Notes in Computer Science, 2006.

Digital Library

[20]

NIST SAMATE Benchmarks. http://samate.nist.gov/SRD/testsuite.php.

[21]

A. Tomb and C. Flanagan. Detecting inconsistencies via universal reachability analysis. In International Symposium on Software Testing and Analysis (ISSTA'12), 2012.

Digital Library

Cited By

Choi YNam J(2023)WINE: Warning miner for improving bug findersInformation and Software Technology10.1016/j.infsof.2022.107109155(107109)Online publication date: Mar-2023
https://doi.org/10.1016/j.infsof.2022.107109
Lahiri SPotanin A(2022)Verification of Programs with Concealed ComponentsCompanion Proceedings of the 2022 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3563768.3565551(43-46)Online publication date: 29-Nov-2022
https://dl.acm.org/doi/10.1145/3563768.3565551
Lahiri SRoy SRyu SSmaragdakis Y(2022)Almost correct invariants: synthesizing inductive invariants by fuzzing proofsProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534381(352-364)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3533767.3534381
Show More Cited By

Index Terms

Almost-correct specifications: a modular semantic framework for assigning confidence to warnings

Recommendations

Almost-correct specifications: a modular semantic framework for assigning confidence to warnings
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation

Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments ...
Efficient Verification of Sequential and Concurrent C Programs

There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...
Verification of Multi-Agent Systems via Predicate Abstraction against ATLK Specifications
AAMAS '16: Proceedings of the 2016 International Conference on Autonomous Agents & Multiagent Systems

We present a predicate abstraction technique for the verification of multi-agent systems against specifications defined in the epistemic logic ATLK, interpreted on a three-valued semantics. We reduce an infinite-state multi-agent program to a finite ...

Comments

Information & Contributors

Information

Published In

cover image ACM SIGPLAN Notices

ACM SIGPLAN Notices Volume 48, Issue 6

PLDI '13

June 2013

515 pages

ISSN:0362-1340

EISSN:1558-1160

DOI:10.1145/2499370

Issue’s Table of Contents

PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation
June 2013
546 pages
ISBN:9781450320146
DOI:10.1145/2491956
General Chair:
Hans-J. Boehm
HP Labs
,
Program Chair:
Cormac Flanagan
University of California, Santa Cruz

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 June 2013

Published in SIGPLAN Volume 48, Issue 6

Check for updates

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

31
Total Citations
View Citations
244
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Choi YNam J(2023)WINE: Warning miner for improving bug findersInformation and Software Technology10.1016/j.infsof.2022.107109155(107109)Online publication date: Mar-2023
https://doi.org/10.1016/j.infsof.2022.107109
Lahiri SPotanin A(2022)Verification of Programs with Concealed ComponentsCompanion Proceedings of the 2022 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3563768.3565551(43-46)Online publication date: 29-Nov-2022
https://dl.acm.org/doi/10.1145/3563768.3565551
Lahiri SRoy SRyu SSmaragdakis Y(2022)Almost correct invariants: synthesizing inductive invariants by fuzzing proofsProceedings of the 31st ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3533767.3534381(352-364)Online publication date: 18-Jul-2022
https://dl.acm.org/doi/10.1145/3533767.3534381
Pick LFedyukovich GGupta A(2021)Unbounded Procedure Summaries from Bounded EnvironmentsVerification, Model Checking, and Abstract Interpretation10.1007/978-3-030-67067-2_14(291-324)Online publication date: 12-Jan-2021
https://doi.org/10.1007/978-3-030-67067-2_14
Kahsai TNavas JJovanović DSchäf M(2015)Finding Inconsistencies in Programs with LoopsProceedings of the 20th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning - Volume 945010.1007/978-3-662-48899-7_35(499-514)Online publication date: 24-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-662-48899-7_35
Das ALahiri SLal ALi Y(2015)Angelic Verification: Precise Verification Modulo UnknownsComputer Aided Verification10.1007/978-3-319-21690-4_19(324-342)Online publication date: 16-Jul-2015
https://doi.org/10.1007/978-3-319-21690-4_19
DiVincenzo JMcCormack IZimmerman CGouni HGorenburg JRamos-Dávila JZhang MSunshine JTanter ÉAldrich J(2024)Gradual C0: Symbolic Execution for Gradual VerificationACM Transactions on Programming Languages and Systems10.1145/370480846:4(1-57)Online publication date: 5-Dec-2024
https://dl.acm.org/doi/10.1145/3704808
Wu RHe YHuang JWang CTang WShi QXiao XZhang CRoychoudhury APaiva AAbreu RStorey M(2024)LibAlchemy: A Two-Layer Persistent Summary Design for Taming Third-Party Libraries in Static Bug-Finding SystemsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639132(1-13)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639132
Choi YNam J(2023)WINEInformation and Software Technology10.1016/j.infsof.2022.107109155:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.infsof.2022.107109
Muske TSerebrenik A(2022)Survey of Approaches for Postprocessing of Static Analysis AlarmsACM Computing Surveys10.1145/349452155:3(1-39)Online publication date: 3-Feb-2022
https://dl.acm.org/doi/10.1145/3494521
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents