Provably correct control flow graphs from Java bytecode programs with exceptions

  • Afshin Amighi
  • Pedro de Carvalho Gomes
  • Dilian Gurov
  • Marieke Huisman
Regular Paper

Abstract

We present an algorithm for extracting control flow graphs from Java bytecode that captures normal as well as exceptional control flow. We prove its correctness, in the sense that the behaviour of the extracted control flow graph is a sound over-approximation of the behaviour of the original program. This makes control flow graphs suitable for performing various static analyses, such as model checking of temporal safety properties. Analysing exceptional control flow for Java bytecode is difficult because of the stack-based nature of the language. We therefore develop the extraction in two stages. In the first, we abstract away from the complications arising from exceptional flows, and relativize the extraction on an oracle that is able to look into the stack and predict the exceptions that can be raised at each instruction. This idealized algorithm provides a specification for concrete extraction algorithms, which have to provide a suitable implementation for the oracle. We prove correctness of the idealized algorithm by means of behavioural simulation. In the second stage, we develop a concrete extraction algorithm that consists of two phases. In the first phase, the program is transformed into a BIR program, a stack-less intermediate representation of Java bytecode, from which the control flow graph is extracted in the second phase. We use this intermediate format because it provides the information needed to implement the oracle, and since it gives rise to more compact graphs. We show that the behaviour of the control flow graph extracted via the intermediate representation is a sound over-approximation of the behaviour of the graph extracted by the direct, idealized algorithm, and thus of the original program. The concrete extraction algorithm is implemented as the ConFlEx tool. A number of test cases are performed to evaluate the efficiency of the algorithm.

Keywords

Software verification Static analysis  Program models 

References

  1. 1.
    Allen, F.E.: Control flow analysis. SIGPLAN Not. 5, 1–19 (1970). doi:10.1145/390013.808479 CrossRefGoogle Scholar
  2. 2.
    Amighi, A.: Flow graph extraction for modular verification of java programs. Master’s thesis, KTH Royal Institute of Technology, Stockholm, Sweden (2011). http://www.nada.kth.se/utbildning/grukth/exjobb/rapportlistor/2011/rapporter11/amighi_afshin_11038.pdf. Ref.: TRITA-CSC-E 2011:038
  3. 3.
    Amighi, A., Gomes, PdC, Gurov, D., Huisman, M.: Sound control-flow graph extraction for Java programs with exceptions. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) Software Engineering and Formal Methods, Lecture Notes in Computer Science, vol. 7504, pp. 33–47. Springer, Berlin (2012). doi:10.1007/978-3-642-33826-7_3
  4. 4.
    Armando, A., Costa, G., Merlo, A., Verderame, L.: Enabling byod through secure meta-market. In: Proceedings of the 2014 ACM Conference on Security and Privacy in Wireless & #38; Mobile Networks, WiSec ’14, pp. 219–230. ACM, New York (2014). doi:10.1145/2627393.2627410. http://doi.acm.org/
  5. 5.
    Bacon, D.F., Sweeney, P.F.: Fast static analysis of C++ virtual function calls. In: OOPSLA, pp. 324–341 (1996)Google Scholar
  6. 6.
    Barre, N., Demange, D., Hubert, L., Monfort, V., Pichardie, D.: SAWJA API documentation (2011). http://javalib.gforge.inria.fr/doc/sawja-api/sawja-1.3-doc/api/index.html
  7. 7.
    Burke, M.G., Choi, J.D., Fink, S., Grove, D., Hind, M., Sarkar, V., Serrano, M.J., Sreedhar, V.C., Srinivasan, H., Whaley, J.: The Jalapeño dynamic optimizing compiler for Java. In: Proceedings of the ACM 1999 Conference on Java Grande. JAVA ’99, pp. 129–141. ACM, New York (1999)Google Scholar
  8. 8.
    Choi, J.D., Grove, D., Hind, M., Sarkar, V.: Efficient and precise modeling of exceptions for the analysis of Java programs. SIGSOFT Softw. Eng. Notes 24, 21–31 (1999)CrossRefGoogle Scholar
  9. 9.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Păsăreanu, C.S., Robby, Z.H.: Bandera: extracting finite-state models from java source code. In: Proceedings of the 22nd International Conference on Software Engineering, ICSE ’00, pp. 439–448. ACM, New York (2000). doi:10.1145/337180.337234. http://doi.acm.org/
  10. 10.
    Dean, J., Grove, D., Chambers, C.: Optimization of object-oriented programs using static class hierarchy analysis. In: Proceedings of the 9th European Conference on Object-Oriented Programming, ECOOP, pp. 77–101. Springer, London (1995). http://dl.acm.org/citation.cfm?id=646153.679523
  11. 11.
    Demange, D., Jensen, T., Pichardie, D.: A provably correct stackless intermediate representation for Java bytecode. Tech. Rep. 7021, INRIA Rennes (2009). http://www.irisa.fr/celtique/demange/bir/rr7021-3.pdf Version 3, November 2010
  12. 12.
    Dwyer, M.B., Hatcliff, J., Joehanes, R., Laubach, S., Păsăreanu, C.S., Zheng, H., Visser, W.: Tool-supported program abstraction for finite-state verification. In: Proceedings of the 23rd International Conference on Software Engineering, ICSE ’01, pp. 177–187. IEEE Computer Society, Washington, DC (2001). http://dl.acm.org/citation.cfm?id=381473.381493
  13. 13.
    Freund, S.N., Mitchell, J.C.: A type system for the Java bytecode language and verifier. J. Autom. Reason. 30, 271–321 (2003)CrossRefMATHGoogle Scholar
  14. 14.
    Gomes, P.D.C.: Sound modular extraction of control flow graphs from java bytecode. Licentiate Thesis, KTH Royal Institute of Technology (2012). http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-105275 QC 20121122
  15. 15.
    Gomes, P.D.C., Picoco, A., Amighi, A.: ConFlEx (2012). http://www.csc.kth.se/pedrodcg/conflex
  16. 16.
    Gomes, PdC, Picoco, A., Gurov, D.: Sound control flow graph extraction from incomplete java bytecode programs. In: Gnesi, S., Rensink, A. (eds.) Fundamental Approaches to Software Engineering, Lecture Notes in Computer Science, vol. 8411, pp. 215–229. Springer, Berlin (2014). doi:10.1007/978-3-642-54804-8_15
  17. 17.
    Graa, M., Cuppens-Boulahia, N., Cuppens, F., Cavalli, A.: Formal characterization of illegal control flow in android system. In: 2013 International Conference on Signal-Image Technology Internet-Based Systems (SITIS), pp. 293–300 (2013). doi:10.1109/SITIS.2013.56
  18. 18.
    Gurov, D., Huisman, M., Sprenger, C.: Compositional verification of sequential programs with procedures. Inf. Comput. 206(7), 840–868 (2008)MathSciNetCrossRefMATHGoogle Scholar
  19. 19.
    Hubert, L., Barré, N., Besson, F., Demange, D., Jensen, T., Monfort, V., Pichardie, D., Turpin, T.: Sawja: static analysis workshop for Java. In: Formal Verification of Object-Oriented Software (FoVeOOS ’10), LNCS, vol. 6528, pp. 92–106. Springer, Berlin (2010)Google Scholar
  20. 20.
    Huisman, M., Aktug, I., Gurov, D.: Program models for compositional verification. In: International Conference on Formal Engineering Methods (ICFEM ’08), LNCS, vol. 5256, pp. 147–166. Springer, Berlin (2008)Google Scholar
  21. 21.
    Huisman, M., Gurov, D.: CVPP: A tool set for compositonal verification of control-flow safety properties. In: Formal Verification of Object-Oriented Software (FoVeOOS ’10), LNCS, vol. 6528, pp. 107–121. Springer, Berlin (2010)Google Scholar
  22. 22.
    Jiang, S., Jiang, Y.: An analysis approach for testing exception handling programs. SIGPLAN Not. 42, 3–8 (2007)Google Scholar
  23. 23.
    Jo, J.W., Chang, B.M.: Constructing control flow graph for Java by decoupling exception flow from normal flow. In: ICCSA (1), pp. 106–113 (2004)Google Scholar
  24. 24.
    Kiefer, S., Schwoon, S., Suwimonteerabuth, D.: Moped—a model-checker for pushdown systems (2005). http://www.informatik.uni-stuttgart.de/fmi/szs/tools/moped/
  25. 25.
    King, J.C.: Symbolic execution and program testing. Commun. ACM 19(7), 385–394 (1976). doi:10.1145/360248.360252 MathSciNetCrossRefMATHGoogle Scholar
  26. 26.
    Kozen, D.: Results on the propositional \(\mu \)-calculus. Theor. Comput. Sci. 27, 333–354 (1983)MathSciNetCrossRefMATHGoogle Scholar
  27. 27.
    Lindholm, T., Yellin, F., Bracha, G., Buckley, A.: The Java Virtual Machine Specification. java se 7 edition. Tech. Rep. JSR-000924, Oracle (2012)Google Scholar
  28. 28.
    Mihancea, P., Minea, M.: Jmodex: Model extraction for verifying security properties of web applications. In: IEEE Conference on Software Maintenance, Reengineering and Reverse Engineering (CSMR-WCRE), pp. 450–453 (2014). doi:10.1109/CSMR-WCRE.2014.6747216
  29. 29.
    Milner, R.: Communicating and Mobile Systems: the \(\pi \)-Calculus, chap. 6. Cambridge University Press, New York (1999)Google Scholar
  30. 30.
    Pnueli, A.: The temporal logic of programs. In: 18th Annual Symposium on Foundations of Computer Science, pp. 46–57. IEEE, New York (1977). doi:10.1109/SFCS.1977.32
  31. 31.
    Schwoon, S.: Model-checking pushdown systems. Ph.D. thesis, Technische Universität München (2002)Google Scholar
  32. 32.
    Sinha, S., Harrold, M.J.: Criteria for testing exception-handling constructs in Java programs. In: Proceedings of the IEEE International Conference on Software Maintenance, ICSM ’99, pp. 265–276. IEEE Computer Society, New York (1999)Google Scholar
  33. 33.
    Sinha, S., Harrold, M.J.: Analysis and testing of programs with exception handling constructs. IEEE Trans. Softw. Eng. 26, 849–871 (2000). doi:10.1109/32.877846 CrossRefGoogle Scholar
  34. 34.
    Soleimanifard, S., Gurov, D.: Algorithmic verification of procedural programs in the presence of code variability. In: Post-Proceedings of the 11th International Symposium on Formal Aspects of Component Software (FACS’14), Lecture Notes in Computer Science, vol. 8997. Springer, Berlin (2014)Google Scholar
  35. 35.
    Soleimanifard, S., Gurov, D., Huisman, M.: ProMoVer Web Interface (2012). http://www.csc.kth.se/siavashs/ProMoVer
  36. 36.
    Soleimanifard, S., Gurov, D., Huisman, M.: Procedure-modular specification and verification of temporal safety properties. Software & Systems Modeling, pp. 1–18 (2013). doi:10.1007/s10270-013-0321-0. http://dx.doi.org/
  37. 37.
    Spoto, F.: Precise null-pointer analysis. Softw. Syst. Model. 10(2), 219–252 (2011). doi:10.1007/s10270-009-0132-5 CrossRefGoogle Scholar
  38. 38.
    Sundaresan, V., Hendren, L., Razafimahefa, C., Vallée-Rai, R., Lam, P., Gagnon, E., Godin, C.: Practical virtual method call resolution for java. In: Proceedings of the 15th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, OOPSLA ’00, pp. 264–280. ACM, New York (2000). doi:10.1145/353171.353189. http://doi.acm.org/
  39. 39.
    Vallée-Rai, R., Hendren, L., Sundaresan, V., Lam, P., Gagnon, E. Co, P.: Soot—A Java Optimization Framework. In: CASCON ’99, pp. 125–135 (1999). http://www.sable.mcgill.ca/soot/
  40. 40.
    Watson, T.J.: IBM: Libraries for Analysis (Wala) (2012). http://wala.sourceforge.net/
  41. 41.
    Zhao, J.: Analyzing control flow in Java bytecode. In: Proceedings of the 16th Conference of Japan Society for Software Science and Technology, pp. 313–316 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Afshin Amighi
    • 1
  • Pedro de Carvalho Gomes
    • 2
  • Dilian Gurov
    • 2
  • Marieke Huisman
    • 1
  1. 1.University of TwenteEnschedeThe Netherlands
  2. 2.KTH Royal Institute of TechnologyStockholmSweden

Personalised recommendations