Automated Software Engineering

, Volume 15, Issue 1, pp 3–33 | Cite as

A portable compiler-integrated approach to permanent checking

Article

Abstract

Program checking is now a mature technology, but is not yet used on a large scale. We identify one cause of this gap in the decoupling of checking tools from the everyday development tools. To radically change the situation, we explore the integration of simple user-defined checks into the core of every development process: the compiler. The checks we implement express constrained reachability queries in the control flow graph taking the form “from x to y avoiding z”, where x, y, and z are native code patterns containing a blend of syntactic, semantic and dataflow information. Compiler integration enables continuous checking throughout development, but also a pervasive propagation of checking technology. This integration poses some interesting challenges, including tight bounds on the acceptable overhead, but in turn opens up new perspectives. Factorizing analyses between checking and compiling improves both the efficiency and the expressiveness of the checks.

Keywords

Extensible compilers User-defined checks 

References

  1. Abraxas Software, Inc. CodeCheck, http://www.abxsoft.com
  2. Ashcraft, K., Engler, D.: Using programmer-written compiler extensions to catch security holes. In Proc. IEEE Symp. on Security and Privacy, May 2002 Google Scholar
  3. Back, G., Engler, D.: MJ—a system for constructing bug-finding analyses for Java. Technical report, Stanford University (September 2003) Google Scholar
  4. Ball, T., Rajamani, S.: The SLAM toolkit. In: Proceedings of the 13th International Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 2102 (2001) Google Scholar
  5. Barnett, M., Leino, K., Schulte, W.: In: CASSIS 2004. Lecture Notes in Computer Science, vol. 3362. Springer, New York (2004) Google Scholar
  6. Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G., Leino, K., Poll, E.: An overview of JML tools and applications. In: Arts, T., Fokkink, W. (eds.) Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS 03). Electronic Notes in Theoretical Computer Science (ENTCS), vol. 80. Elsevier, Amsterdam (2003) Google Scholar
  7. Checkstyle: Open-source project at SourceForge.net, http://checkstyle.sourceforge.net
  8. Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), Washington, DC, November 2002 Google Scholar
  9. Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.: An empirical study of operating system errors. In 18th Symp. Operating Systems Principles (SOSP), Oct. 2001 Google Scholar
  10. Cobleigh, J., Clarke, L., Osterweil, L.: FLAVERS: a finite state verification technique for software systems. IBM Syst. J. 41(1) (2002) Google Scholar
  11. Crew, R.: ASTLOG: a language for examining abstract syntax trees. In: USENIX Conference on Domain-Specific Languages, October 1997 Google Scholar
  12. Das, M., Lerner, S., Seigle, M.: Esp: path-sensitive program verification in polynomial time. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI), Jan. 2002 Google Scholar
  13. Devanbu, P.: GENOA—a customizable, front-end-retargetable source code analysis framework. ACM Trans. Softw. Eng. Methodol. (TOSEM) 8(2) (April 1999) Google Scholar
  14. Engler, D., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: Proc. of 4th Symposium on Operating System Design and Implementation (OSDI), San Diego, October 2000 Google Scholar
  15. Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19(1) (January 2002) Google Scholar
  16. Field, J., Goyal, D., Ramalingam, G., Yahav, E.: Typestate verification: abstraction techniques and complexity results. In: Proc. of SAS’03. Lecture Notes in Computer Science, vol. 2694, pp. 439–462. Springer, New York (2003) Google Scholar
  17. Foster, J., Fähndrich, M., Aiken, A.: A theory of type qualifiers. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Atlanta, Georgia, May 1999 Google Scholar
  18. Foster, J., Terauchi, T., Aiken, A.: Flow-sensitive type qualifiers. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Berlin, Germany, June 2002 Google Scholar
  19. Geay, E., Yahav, E., Fink, S.: Continuous code-quality assurance with SAFE. In: Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation, Charleston, South Carolina, January 2006, PEPM ’06, pp. 145–149. ACM, New York (2006) CrossRefGoogle Scholar
  20. Gramma Tech. CodeSurfer Path Inspector: http://www.grammatech.com
  21. Griswold, W., Atkinson, D., McCurdy, C.: Fast, flexible syntactic pattern matching and processing. In: 4th International Workshop on Program Comprehension, 1996 Google Scholar
  22. Henzinger, T., Jhala, R., Majumdar, R., Necula, G., Sutre, G., Weimer, W.: Temporal-safety proofs for systems code. In: Proc. of the 14th International Conference on Computer-Aided Verification (CAV). Lecture Notes in Computer Science, vol. 2404. Springer, New York (2002) Google Scholar
  23. Henzinger, T., Jhala, R., Majumdar, R., Sanvido, M.: Extreme model checking. In: Proceedings of the International Symposium on Verification: Theory and Practice. Lecture Notes in Computer Science, vol. 2772. Springer, New York (2004) Google Scholar
  24. Liu, Y., Rothamel, T., Yu, F., Stoller, S., Hu, N.: Parametric regular path queries. ACM SIGPLAN Not. 39(6) (PLDI) (May 2004) Google Scholar
  25. Martin, M., Livshits, B., Lam, M.: Finding application errors and security flaws using PQL: a program query language. In: Proceedings of the 20th Annual ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA), 2005 Google Scholar
  26. Merill, J.: GENERIC and GIMPLE: a new tree representation for entire functions. In: Proc. of the GCC 2003 Summit Google Scholar
  27. Mygcc prototype: http://mygcc.free.fr
  28. Olender, K., Osterweil, L.: Cesar: a static sequencing constraint analyzer. ACM SIGSOFT Softw. Eng. Notes 14(8) (December 1989) Google Scholar
  29. Open-source project, Splint.: http://www.splint.org
  30. PMD: Open-source project at SourceForge.net. http://pmd.sourceforge.net/
  31. Reps, T.: Program analysis via graph reachability. Inf. Softw. Technol. 40(11–12) (November/December 1998) Google Scholar
  32. Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Global value numbers and redundant computations. In: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1988 Google Scholar
  33. Visser, W., Havelund, K., Brat, G., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. J. 10(2) (April 2003) Google Scholar
  34. Volanschi, N.: Condate: a proto-language at the confluence between checking and compiling. In: Eighth ACM-SIGPLAN International Symposium on Principles and Practice of Declarative Programming (PPDP), 2006 Google Scholar
  35. Volanschi, N., Rinderknecht, C.: Unparsed patterns: easy user-extensibility of program manipulation tools. In: ACM SIGPLAN 2008 Workshop on Partial Evaluation and Program Manipulation (PEPM ’08) (January 2008, to appear) Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2007

Authors and Affiliations

  1. 1.PoissyFrance

Personalised recommendations