Advertisement

The SAFE Experience

  • Eran YahavEmail author
  • Stephen Fink

Abstract

We present an overview of the techniques developed under the SAFE project. The goal of SAFE was to create a practical lightweight framework to verify simple properties of realistic Java applications. The work on SAFE covered a lot of ground, starting from typestate verification techniques, through inference of typestate specifications, checking for absence of null derefences, automatic resource disposal, and an attempt at modular typestate analysis. In many ways, SAFE represents a modern incarnation of early ideas on the use of static analysis for software reliability. SAFE went a long way in making these ideas applicable to real properties of real software, but applying them at the scale of modern framework-intensive software remains a challenge. We are encouraged by our experience with SAFE, and believe that the technique developed in SAFE can serve as a solid basis for future work on practical verification technology.

Keywords

Software Reliability Abstract Domain Abstract History Access Path Program Language Design 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    Alur R, Cerny P, Madhusudan P, Nam W (2005) Synthesis of interface specifications for java classes. SIGPLAN Not. (40)1:98–109 CrossRefGoogle Scholar
  2. [2]
    Ammons G, Bodik R, Larus JR (2002) Mining specifications. In: POPL ’02: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages Google Scholar
  3. [3]
    Andersen LO (1994) Program Analysis and Specialization for the C Programming Language. Dissertation, DIKU, Univ. of Copenhagen Google Scholar
  4. [4]
    Ashcraft K, Engler D (2002) Using programmer-written compiler extensions to catch security holes. In: Proc. IEEE Symp. on Security and Privacy Google Scholar
  5. [5]
    Ball T, Rajamani SK (2001) Automatically validating temporal safety properties of interfaces. In: SPIN 2001: SPIN Workshop Google Scholar
  6. [6]
    Chase D, Wegman M, Zadek K (1990) Analysis of pointers and structures. In: Proc. ACM Conf. on Programming Language Design and Implementation. Google Scholar
  7. [7]
    Cook JE, Wolf AL (1998) Discovering models of software processes from event-based data. ACM Trans. Softw. Eng. Methodol. 7(3):215–249. CrossRefGoogle Scholar
  8. [8]
    Corbett J, Dwyer M, Hatcliff J, Pasareanu C, Robby, Laubach S, Zheng H (2000) Bandera: Extracting finite-state models from Java source code. In: Proc. Intl. Conf. on Software Eng. Google Scholar
  9. [9]
    Cousot P, Cousot R (1979) Systematic design of program analysis frameworks. In: Proc. ACM Symp. on Principles of Programming Languages Google Scholar
  10. [10]
    Das M (2000) Unification-based pointer analysis with directional assignments. In: Conference on Programming Language Design and Implementation (PLDI) Google Scholar
  11. [11]
    Das M, Lerner S, Seigle M (2002) Esp: Path-sensitive program verification in polynomial time. In: Proc. ACM Conf. on Programming Language Design and Implementation Google Scholar
  12. [12]
    DeLine R, Fähndrich M (2001) Enforcing high-level protocols in low-level software. In: Proc. ACM Conf. on Programming Language Design and Implementation Google Scholar
  13. [13]
    Dillig I, Dillig T, Yahav E, Chandra S (2008) The CLOSER: Automating resource management in Java. In: ISMM ’08: International Symposium on Memory Management Google Scholar
  14. [14]
    Dwyer MB, Clarke LA (1994) Data flow analysis for verifying properties of concurrent programs. In: Proc. Second ACM SIGSOFT Symp. on Foundations of Software Engineering Google Scholar
  15. [15]
    Engler D, Chen DY, Hallem S, Chou A, Chelf B (2001) Bugs as deviant behavior: a general approach to inferring errors in systems code. In: SOSP ’01: Proceedings of the eighteenth ACM symposium on Operating systems principles Google Scholar
  16. [16]
    Ernst MD, Cockrell J, Griswold WG, Notkin D (2001) Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering 27(2):99–123 CrossRefGoogle Scholar
  17. [17]
    Field J, Goyal D, Ramalingam G, Yahav E (2003) Typestate verification: Abstraction techniques and complexity results. In: SAS ’03: 10th International Static Analysis Symposium Google Scholar
  18. [18]
    Fink S, Yahav E, Dor N, Ramalingam G, Geay E (2006) Effective typestate verification in the presence of aliasing. In: ISSTA ’06: Proceedings of the 2006 international symposium on Software testing and analysis (Best paper award) Google Scholar
  19. [19]
    Fink SJ, Yahav E, Dor N, Ramalingam G, Geay E (2008) Effective typestate verification in the presence of aliasing. ACM Transactions on Software Engineering and Methodology 17(2):1–34. CrossRefGoogle Scholar
  20. [20]
    Flanagan C, Leino KRM, Lillibridge M, Nelson G, Saxe JB, Stata R (2002) Extended static checking for java. In: Proc. ACM Conf. on Programming Language Design and Implementation Google Scholar
  21. [21]
    Fosdick LD, Osterweil LJ (1976) Data flow analysis in software reliability. ACM Comput. Surv. 8 (Reprinted as Chapter 5) Google Scholar
  22. [22]
    Foster JS, Terauchi T, Aiken A (2002) Flow-sensitive type qualifiers. In: Proc. ACM Conf. on Programming Language Design and Implementation Google Scholar
  23. [23]
    Hangal S, Lam MS (2002) Tracking down software bugs using automatic anomaly detection. In: Proc. 24th International Conference on Software Engineering Google Scholar
  24. [24]
    Heintze N, Tardieu O (2001) Ultra-fast aliasing analysis using CLA: A million lines of C code in a second. In: Conference on Programming Language Design and Implementation Google Scholar
  25. [25]
    Livshits VB, Zimmermann T (2005) Dynamine: Finding common error patterns by mining software revision histories. In: Proc. 13th ACM SIGSOFT International Symposium on the Foundations of Software Engineering Google Scholar
  26. [26]
    Loginov A, Yahav E, Chandra S, Fink S, Rinetzky N, Nanda MG (2008) Verifying dereference safety via expanding-scope analysis. In: ISSTA ’08: International Symposium on Software Testing and Analysis Google Scholar
  27. [27]
    Nanda MG, Grothoff C, Chandra S (2005) Deriving object typestates in the presence of inter-object references. In: OOPSLA ’05: Proceedings of the 20th annual ACM SIGPLAN conference on Object oriented programming, systems, languages, and applications Google Scholar
  28. [28]
    Naumovich G, Avrunin GS, Clarke LA (1999) Data flow analysis for checking properties of concurrent java programs. In: Proc. Intl. Conf. on Software Eng. Google Scholar
  29. [29]
    Naumovich G, Clarke LA, Osterweil LJ, Dwyer MB (1997) Verification of concurrent software with FLAVERS. In: Proc. Intl. Conf. on Software Eng. Google Scholar
  30. [30]
    Ramalingam G, Warshavsky A, Field J, Goyal D, Sagiv M (2002) Deriving specialized program analyses for certifying component-client conformance. In: Proc. ACM Conf. on Programming Language Design and Implementation Google Scholar
  31. [31]
    Rountev A, Ryder BG, Landi W (1999) Data-flow analysis of program fragments. In: ESEC / SIGSOFT FSE Google Scholar
  32. [32]
    Sagiv M, Reps T, Wilhelm R (2002) Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3):217–298. CrossRefGoogle Scholar
  33. [33]
    Shaham R, Yahav E, Kolodner EK, Sagiv M (2003) Establishing local temporal heap safety properties with applications to compile-time memory management. In: SAS ’03: 10th International Static Analysis Symposium Google Scholar
  34. [34]
    Shoham S, Yahav E, Fink S, Pistoia M (2007) Static specification mining using automata-based abstractions. In: ISSTA ’07: Proceedings of the 2007 international symposium on Software testing and analysis (Best paper award) Google Scholar
  35. [35]
    Shoham S, Yahav E, Fink S, Pistoia M (2008) Static specification mining using automata-based abstractions. IEEE Transactions on Software Engineering (TSE) 34(5) Google Scholar
  36. [36]
    Steensgaard B (1996) Points-to analysis in almost linear time. In: Conference record of OPL ’96, 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages Google Scholar
  37. [37]
    Strom RE, Yemini S (1986) Typestate: A programming language concept for enhancing software reliability. IEEE Trans. Software Eng. 12(1):157–171 Google Scholar
  38. [38]
    Weimer W, Necula G (2005) Mining temporal specifications for error detection. In: TACAS Google Scholar
  39. [39]
    Whaley J, Martin M, Lam M (2002) Automatic extraction of object-oriented component interfaces. In: Proceedings of the International Symposium on Software Testing and Analysis Google Scholar
  40. [40]
    Whaley J, Martin MC, Lam MS (2002) Automatic extraction of object-oriented component interfaces. In: Proceedings of the International Symposium on Software Testing and Analysis Google Scholar
  41. [41]
    Yang J, Evans D, Bhardwaj D, Bhat T, Das M (2006) Perracotta: mining temporal API rules from imperfect traces. In: ICSE ’06: Proceeding of the 28th international conference on software engineering Google Scholar
  42. [42]
    Yorsh G, Yahav E, Chandra S (2008) Generating precise and concise procedure summaries. In: POPL ’08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  1. 1.TechnionHaifaIsrael

Personalised recommendations