Advertisement

Automated Software Engineering

, Volume 16, Issue 2, pp 263–290 | Cite as

On temporal path conditions in dependence graphs

  • Andreas Lochbihler
  • Gregor Snelting
Article
  • 80 Downloads

Abstract

Program dependence graphs are a well-established device to represent possible information flow in a program. Path conditions in dependence graphs have been proposed to express more detailed circumstances of a particular flow; they provide precise necessary conditions for information flow along a path or chop in a dependence graph. Ordinary boolean path conditions, however, cannot express temporal properties, e.g. that for a specific flow it is necessary that some condition holds, and later another specific condition holds.

In this contribution, we introduce temporal path conditions, which extend ordinary path conditions by temporal operators in order to express temporal dependencies between conditions for a flow. We present motivating examples, generation and simplification rules, application of model checking to generate witnesses for a specific flow, and a case study. We prove the following soundness property: if a temporal path condition for a path is satisfiable, then the ordinary boolean path condition for the path is satisfiable. The converse does not hold, indicating that temporal path conditions are more precise.

Keywords

Program dependence graph Path condition Temporal logic Security analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ammons, G., Bodik, R., Larus, J.R.: Mining specifications. In: Symposium on Principles of Programming Languages, pp. 4–16 (2002) Google Scholar
  2. Ball, T., Rajamani, S.K.: Bebop: a path-sensitive interprocedural dataflow engine. In: Workshop on Program Analysis for Software Tools and Engineering, pp. 97–103 (2001) Google Scholar
  3. Ball, T., Rajamani, S.K.: The SLAM project: debugging system software via static analysis. In: Symposium on Principles of Programming Languages, pp. 1–3 (2002) Google Scholar
  4. Canfora, G., Cimitile, A., De Lucia, A.: Conditioned program slicing. Inf. Softw. Technol. 30, 595–607 (1998) CrossRefGoogle Scholar
  5. Cimatti, A., Clarke, E.M., Giunchiglia, F., Roveri, M.: NuSMV: A new symbolic model verifier. In: International Conference on Computer Aided Verification. Lect. Notes Comp. Sci., vol. 1633, pp. 495–499. Springer, Berlin (1999) CrossRefGoogle Scholar
  6. Clarke, Jr., E.M., Grumberg, O., Peled, D.A.: Model Checking. The MIT Press, Cambridge (2000) Google Scholar
  7. Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Păsăreanu, C.S., Robby, Zheng, H.: Bandera: Extracting finite-state models from Java source code. In: International Conference on Software Engineering, pp. 439–448 (2000) Google Scholar
  8. Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13(4), 451–490 (1991) CrossRefGoogle Scholar
  9. Darvas, A., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: International Conference on Security in Pervasive Computing. Lect. Notes Comp. Sci., vol. 3450, pp. 193–209. Springer, Berlin (2005) Google Scholar
  10. Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: Prog. Lang. Des. Implement., pp. 57–68. (2002) Google Scholar
  11. Dhurjati, D., Das, M., Yang, Y.: Path-sensitive dataflow analysis with iterative refinement. In: Static Analysis Symposium. Lect. Notes Comp. Sci., vol. 4134, pp. 425–442. Springer, Berlin (2006) CrossRefGoogle Scholar
  12. Dwyer, M.B., Hatcliff, J., Joehanes, R., Laubach, S., Păsăreanu, C.S., Robby, Visser, W., Zheng, H.: Tool-supported program abstraction for finite-state verification. In: International Conference on Software Engineering, pp. 177–187 (2001) Google Scholar
  13. Fischer, J., Jhala, R., Majumdar, R.: Joining dataflow with predicates. In: Found. Softw. Eng., pp. 227–236 (2005) Google Scholar
  14. Hammer, C., Krinke, J., Snelting, G.: Information flow control for Java based on path conditions in dependence graphs. In: International Symposium on Secure Software Engineering, pp. 87–96 (2006) Google Scholar
  15. Hampapuram, H., Yang, Y., Das, M.: Symbolic path simulation in path-sensitive dataflow analysis. In: Workshop on Program Analysis for Software Tools and Engineering, pp. 52–58 (2005) Google Scholar
  16. Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003) Google Scholar
  17. Hong, H.S., Cha, S.D., Lee, I., Sokolsky, O., Ural, H.: Data flow testing as model checking. In: International Conference on Software Engineering, pp. 232–242 (2003) Google Scholar
  18. Krinke, J.: Advanced slicing of sequential and concurrent programs. PhD thesis, Universität Passau (2003) Google Scholar
  19. Lochbihler, A.: Temporal path conditions in dependence graphs. Master’s thesis, Universität Passau (2006) Google Scholar
  20. Lochbihler, A., Snelting, G.: On temporal path conditions in dependence graphs. In: International Working Conference on Source Code Analysis and Manipulation, pp. 49–58 (2007) Google Scholar
  21. McMillan, K.L.: Symbolic model checking. PhD thesis, Carnegie Mellon University (1992) Google Scholar
  22. Ranganath, V.P., Amtoft, T., Banerjee, A., Hatcliff, J., Dwyer, M.B.: A new foundation for control dependence and slicing for modern program structures. ACM Trans. Program. Lang. Syst. 29(5), 27 (2007) CrossRefGoogle Scholar
  23. Robschink, T.: Pfadbedingungen in Abhängigkeitsgraphen und ihre Anwendung in der Softwaresicherheitstechnik. PhD thesis, Universität Passau (2005) Google Scholar
  24. Robschink, T., Snelting, G.: Efficient path conditions in dependence graphs. In: International Conference on Software Engineering, pp. 478–488 (2002) Google Scholar
  25. Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003) CrossRefGoogle Scholar
  26. Snelting, G.: Combining slicing and constraint solving for validation of measurement software. In: Static Analysis Symposium. Lect. Notes Comp. Sci., vol. 1145, pp. 332–348. Springer, Berlin (1996) Google Scholar
  27. Snelting, G., Robschink, T., Krinke, J.: Efficient path conditions in dependence graphs for software safety analysis. ACM Trans. Softw. Eng. Methodol. 15(4), 410–457 (2006) CrossRefGoogle Scholar
  28. Tip, F.: A survey of program slicing techniques. J. Program. Lang. 3(3), 121–189 (1995) Google Scholar
  29. Xie, Y., Chou, A.: Path sensitive program analysis using Boolean satisfiability. Technical report, Stanford University (2002) Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2009

Authors and Affiliations

  1. 1.Lehrstuhl ProgrammierparadigmenUniversität Karlsruhe (TH)KarlsruheGermany

Personalised recommendations