International Static Analysis Symposium

SAS 2008: Static Analysis pp 78-92

Protocol Inference Using Static Path Profiles

  • Murali Krishna Ramanathan
  • Koushik Sen
  • Ananth Grama
  • Suresh Jagannathan
Conference paper

DOI: 10.1007/978-3-540-69166-2_6

Volume 5079 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Ramanathan M.K., Sen K., Grama A., Jagannathan S. (2008) Protocol Inference Using Static Path Profiles. In: Alpuente M., Vidal G. (eds) Static Analysis. SAS 2008. Lecture Notes in Computer Science, vol 5079. Springer, Berlin, Heidelberg

Abstract

Specification inference tools typically mine commonalities among states at relevant program points. For example, to infer the invariants that must hold at all calls to a procedure p requires examining the state abstractions found at all call-sites to p. Unfortunately, existing approaches to building these abstractions require being able to explore all paths (either static or dynamic) to all of p’s call-sites to derive specifications with any measure of confidence. Because programs that have complex control-flow structure may induce a large number of paths, naive path exploration is impractical.

In this paper, we propose a new specification inference technique that allows us to efficiently explore statically all paths to a program point. Our approach builds static path profiles, profile information constructed by a static analysis that accumulates predicates valid along different paths to a program point. To make our technique tractable, we employ a summarization scheme to merge predicates at join points based on the frequency with which they occur on different paths. For example, predicates present on a majority of static paths to all call-sites of any procedure p forms the pre-condition of p.

We have implemented a tool, marga, based on static path profiling. Qualitative analysis of the specifications inferred by marga indicates that it is more accurate than existing static mining techniques, can be used to derive useful specification even for APIs that occur infrequently (statically) in the program, and is robust against imprecision that may arise from examination of infeasible or infrequently occurring dynamic paths. A comparison of the specifications generated using marga with a dynamic specification inference engine based on cute, an automatic unit test generation tool, indicates that marga generates comparably precise specifications with smaller cost.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Murali Krishna Ramanathan
    • 1
  • Koushik Sen
    • 2
  • Ananth Grama
    • 1
  • Suresh Jagannathan
    • 1
  1. 1.Department of Computer SciencePurdue University 
  2. 2.Electrical Engineering and Computer ScienceUniversity of CaliforniaBerkeley