Article

Deriving specialized program analyses for certifying component-client conformance

Authors:

Alex Warshavsky,

Mooly SagivAuthors Info & Claims

PLDI '02: Proceedings of the ACM SIGPLAN 2002 conference on Programming language design and implementation

Pages 83 - 94

https://doi.org/10.1145/512529.512540

Published: 17 May 2002 Publication History

Abstract

We are concerned with the problem of statically certifying (verifying) whether the client of a software component conforms to the component's constraints for correct usage. We show how conformance certification can be efficiently carried out in a staged fashion for certain classes of first-order safety (FOS) specifications, which can express relationship requirements among potentially unbounded collections of runtime objects. In the first stage of the certification process, we systematically derive an abstraction that is used to model the component state during analysis of arbitrary clients. In general, the derived abstraction will utilize first-order predicates, rather than the propositions often used by model checkers. In the second stage, the generated abstraction is incorporated into a static analysis engine to produce a certifier. In the final stage, the resulting certifier is applied to a client to conservatively determine whether the client violates the component's constraints. Unlike verification approaches that analyze a specification and client code together, our technique can take advantage of computationally-intensive symbolic techniques during the abstraction generation phase, without affecting the performance of client analysis. Using as a running example the Concurrent Modification Problem (CMP), which arises when certain classes defined by the Java Collections Framework are misused, we describe several different classes of certifiers with varying time/space/precision tradeoffs. Of particular note are precise, polynomial-time, flow- and context-sensitive certifiers for certain classes of FOS specifications and client programs. Finally, we evaluate a prototype implementation of a certifier for CMP on a variety of test programs. The results of the evaluation show that our approach, though conservative, yields very few "false alarms," with acceptable performance.

References

[1]

T. Ball, R. Majumdar, T. Millstein, and S. Rajamani. Automatic predicate abstraction of C programs. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation, pages 203--213, June 2001]]

Digital Library

[2]

T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In SPIN 2001: SPIN Workshop, LNCS 2057, pages 103--122, 2001]]

Digital Library

[3]

J. Banning. An efficient way to find the side effects of procedure calls and the aliases of variables. In Proc. ACM Symp. on Principles of Programming Languages, pages 29--41, New York, NY, 1979. ACM Press]]

Digital Library

[4]

Canvas project. http://www.research.ibm.com/menage/canvas/]]

[5]

P. Chan, R. Lee, and D. Kramer. The Java™ Class Libraries, Second Edition, Vol. 1, Supplement for the Java™ 2 Platform Standard Edition, v1.2, pages 296--325 Addison-Wesley, 1999]]

Digital Library

[6]

D. Chase, M. Wegman, and F. Zadeck. Analysis of pointers and structures. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation, pages 296--310, New York, NY, 1990. ACM Press]]

Digital Library

[7]

E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In Proc. Computer Aided Verification, pages 154--169, 2000]]

Digital Library

[8]

K. D. Cooper and K. Kennedy. Interprocedural side-effect analysis in linear time. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation, pages 57--66, New York, NY, 1988. ACM Press]]

Digital Library

[9]

J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera : Extracting finite-state models from Java source code. In Proc. 22nd Intl. Conf. on Software Engineering, pages 439--448, June 2000]]

Digital Library

[10]

P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In Proc. ACM Symp. on Principles of Programming Languages, pages 269--282, New York, NY, 1979. ACM Press]]

Digital Library

[11]

P. Cousot. Semantic foundations of program analysis. In S. Muchnick and N. Jones, editors, Program Flow Analysis: Theory and Applications, chapter~10, pages 303--342. Prentice-Hall, Englewood Cliffs, NJ, 1981]]

[12]

J. Dean, D. Grove, and C. Chambers. Optimization of object-oriented programs using static class hierarchy analysis. Technical Report TR 94-12-01, Washington University, 1994. Also published in ECOOP'95 conference proceedings]]

Digital Library

[13]

R. DeLine and M. Fähndrich. Enforcing high-level protocols in low-level software. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation, pages 59--69, June 2001]]

Digital Library

[14]

E. W. Dijkstra. A Discipline of programing. Prentice-Hall, 1976]]

Digital Library

[15]

C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for ESC/Java. Technical Report 2000-003, Compaq Systems Research Center, 2000]]

[16]

E. Gamma, R. Helm, R. Johnson, and J. Vlissides. Design Patterns. Addison-Wesley, Reading, MA, 1995]]

Digital Library

[17]

R. Giacobazzi, F. Ranzato, and F. Scozzari. Making abstract interpretations complete. J. ACM, 47(2):361--416, Mar. 2000]]

Digital Library

[18]

S. Graf and H. Saidi. Construction of abstract state graphs with PVS. In In Proceedings of the 9th Conference on Computer-Aided Verification (CAV'97), pages 72--83, Haifa, Israel, June 1997]]

Digital Library

[19]

D. Jackson and A. Fekete. Lightweight analysis of object interactions. In Proc. Intl. Symp. on Theoretical Aspects of Computer Software, Sendai, Japan, October 2001]]

Digital Library

[20]

D. Jackson and M. Vaziri. Finding bugs with a constraint solver. In Proc. Intl. Symp. on Software Testing and Analysis, Portland, OR, August 2000]]

Digital Library

[21]

N. Jones and S. Muchnick. A flexible approach to interprocedural data flow analysis and programs with recursive data structures. In Proc. ACM Symp. on Principles of Programming Languages, pages 66--74, New York, NY, 1982. ACM Press]]

Digital Library

[22]

Kaffe. http://rpmfind.net/tools/Kaffe, 2001]]

[23]

W. Landi and B. G. Ryder. Pointer-induced aliasing: A problem classification. In Proc. ACM Symp. on Principles of Programming Languages, pages 93--103, New York, NY, 1991. ACM Press]]

Digital Library

[24]

G. T. Leavens. The Java Modeling Language (JML). http://www.cs.iastate.edu/~leavens/JML.html]]

[25]

K. R. M. Leino, G. Nelson, and J. B. Saxe. ESC/Java user's manual. Technical Note 2000-002, Compaq Systems Research Center, October 2000]]

[26]

T. Lev-Ami and M. Sagiv. TVLA: A framework for Kleene based static analysis. In J. Palsberg, editor, Proc. Static Analysis Symp., volume 1824 of Lecture Notes in Computer Science, pages 280--301. Springer-Verlag, 2000]]

Digital Library

[27]

R. Muth and S. Debray. On the complexity of flow-sensitive dataflow analyses. In Proc. ACM Symp. on Principles of Programming Languages, pages 67--80, New York, NY, 2000. ACM Press]]

Digital Library

[28]

F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag, 2001]]

Digital Library

[29]

G. Ramalingam, A. Warshavsky, J. Field, and M. Sagiv. Deriving specialized heap analyses for verifying component-client conformance. Technical Report RC22145, IBM T.J. Watson Research Center, 2001]]

[30]

T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In Proc. ACM Symp. on Principles of Programming Languages, pages 49--61, 1995]]

Digital Library

[31]

N. Rinetskey and M. Sagiv. Interprocedural shape analysis for recursive programs. In R. Wilhelm, editor, Proc. Intl. Conf. on Compiler Construction, volume 2027 of LNCS, pages 133--149. Springer-Verlag, 2001]]

Digital Library

[32]

N. Rinetzky. Interprocedural shape analysis. Master's thesis, Technion-Israel Institute of Technology, Haifa, Israel, Dec. 2000]]

[33]

M. Sagiv, T. Reps, and R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. ACM Trans. Prog. Lang. Syst., 20(1):1--50, Jan. 1998]]

Digital Library

[34]

M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Proc. ACM Symp. on Principles of Programming Languages, pages 105--118, 1999]]

Digital Library

[35]

H. Saïdi. Model checking guided abstraction and analysis. In J. Palsberg, editor, Proc. Static Analysis Symp., volume 1824 of Lecture Notes in Computer Science, pages 377--389. Springer-Verlag, 2000]]

Digital Library

[36]

R. Vallée-Rai, E. Gagnon, L.Hendren, P. Lam, P.Pominville, and V. Sundaresan. Optimizing Java bytecode using the Soot framework: Is it feasible? In Proc. Intl. Conf. on Compiler Construction, pages 18--34, Mar. 2000]]

Digital Library

[37]

E. Y.-B. Wang. Analysis of Recursive Types in an Imperative Language. PhD thesis, Univ. of Calif., Berkeley, CA, 1994]]

Digital Library

[38]

A. Warshavsky. http://www.math.tau.ac.il/~walex, 2001]]

[39]

M. A. Weiss. Data Structures and Problem Solving Using Java. Addison-Wesley, second edition, 2001]]

Digital Library

[40]

E. Yahav. Verifying safety properties of concurrent Java programs using 3-valued logic. In Proc. ACM Symp. on Principles of Programming Languages, pages 27--40, 2001]]

Digital Library

Cited By

Pottier FBertot YVafeiadis V(2017)Verifying a hash table and its iterators in higher-order separation logicProceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs10.1145/3018610.3018624(3-16)Online publication date: 16-Jan-2017
https://dl.acm.org/doi/10.1145/3018610.3018624
Kulenovic MDonko D(2014)A survey of static code analysis methods for security vulnerabilities detection2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)10.1109/MIPRO.2014.6859783(1381-1386)Online publication date: May-2014
https://doi.org/10.1109/MIPRO.2014.6859783
Arnold MVechev MYahav E(2011)QVMACM Transactions on Software Engineering and Methodology10.1145/2063239.206324121:1(1-35)Online publication date: 1-Dec-2011
https://dl.acm.org/doi/10.1145/2063239.2063241
Show More Cited By

Index Terms

Deriving specialized program analyses for certifying component-client conformance
1. Theory of computation
  1. Logic
  2. Semantics and reasoning
    1. Program reasoning
      1. Program analysis
    2. Program semantics

Recommendations

Deriving specialized program analyses for certifying component-client conformance

We are concerned with the problem of statically certifying (verifying) whether the client of a software component conforms to the component's constraints for correct usage. We show how conformance certification can be efficiently carried out in a staged ...
Formal Verification for C Program

Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The ...
Model Checking of Component Protocol Conformance -- Optimizations by Reducing False Negatives

In past years, a number of works considered behavioral protocols of components and discussed approaches for automatically checking of compatibality of protocols (protocol conformance) in component-based systems. The approaches are usually model-checking ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

PLDI '02: Proceedings of the ACM SIGPLAN 2002 conference on Programming language design and implementation

June 2002

338 pages

ISBN:1581134630

DOI:10.1145/512529

General Chair:
Jens Knoop
Universität Dortmund, Germany
,
Program Chair:
Laurie J. Hendren
McGill University, Canada

ACM SIGPLAN Notices Volume 37, Issue 5
May 2002
326 pages
ISSN:0362-1340
EISSN:1558-1160
DOI:10.1145/543552
Issue’s Table of Contents

Copyright © 2002 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 May 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

PLDI02

Sponsor:

SIGPLAN

PLDI02: ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation

June 17 - 19, 2002

Berlin, Germany

Acceptance Rates

PLDI '02 Paper Acceptance Rate 28 of 169 submissions, 17%;

Overall Acceptance Rate 406 of 2,067 submissions, 20%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

69
Total Citations
View Citations
511
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 09 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pottier FBertot YVafeiadis V(2017)Verifying a hash table and its iterators in higher-order separation logicProceedings of the 6th ACM SIGPLAN Conference on Certified Programs and Proofs10.1145/3018610.3018624(3-16)Online publication date: 16-Jan-2017
https://dl.acm.org/doi/10.1145/3018610.3018624
Kulenovic MDonko D(2014)A survey of static code analysis methods for security vulnerabilities detection2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO)10.1109/MIPRO.2014.6859783(1381-1386)Online publication date: May-2014
https://doi.org/10.1109/MIPRO.2014.6859783
Arnold MVechev MYahav E(2011)QVMACM Transactions on Software Engineering and Methodology10.1145/2063239.206324121:1(1-35)Online publication date: 1-Dec-2011
https://dl.acm.org/doi/10.1145/2063239.2063241
Bierhoff KHirschfeld RVisser E(2011)Automated program verification made SYMPLARProceedings of the 10th SIGPLAN symposium on New ideas, new paradigms, and reflections on programming and software10.1145/2048237.2048242(19-32)Online publication date: 22-Oct-2011
https://dl.acm.org/doi/10.1145/2048237.2048242
Gonthier GZiliani BNanevski ADreyer D(2011)How to make ad hoc proof automation less ad hocACM SIGPLAN Notices10.1145/2034574.203479846:9(163-175)Online publication date: 19-Sep-2011
https://dl.acm.org/doi/10.1145/2034574.2034798
Magalhães Jde Haas W(2011)Functional modelling of musical harmonyACM SIGPLAN Notices10.1145/2034574.203479746:9(156-162)Online publication date: 19-Sep-2011
https://dl.acm.org/doi/10.1145/2034574.2034797
Devriese DPiessens F(2011)On the bright side of type classesACM SIGPLAN Notices10.1145/2034574.203479646:9(143-155)Online publication date: 19-Sep-2011
https://dl.acm.org/doi/10.1145/2034574.2034796
Lee YZitnick CCohen M(2011)ShadowDrawACM Transactions on Graphics10.1145/2010324.196492230:4(1-10)Online publication date: 25-Jul-2011
https://dl.acm.org/doi/10.1145/2010324.1964922
Dillig IDillig TAiken ABall TSagiv M(2011)Precise reasoning for programs using containersProceedings of the 38th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages10.1145/1926385.1926407(187-200)Online publication date: 26-Jan-2011
https://dl.acm.org/doi/10.1145/1926385.1926407
Pouchet LBondhugula UBastoul CCohen ARamanujam JSadayappan PVasilache N(2011)Loop transformationsACM SIGPLAN Notices10.1145/1925844.192644946:1(549-562)Online publication date: 26-Jan-2011
https://dl.acm.org/doi/10.1145/1925844.1926449
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents