Abstract
Program checking is now a mature technology, but is not yet used on a large scale. We identify one cause of this gap in the decoupling of checking tools from the everyday development tools. To radically change the situation, we explore the integration of simple user-defined checks into the core of every development process: the compiler. The checks we implement express constrained reachability queries in the control flow graph taking the form “from x to y avoiding z”, where x, y, and z are native code patterns containing a blend of syntactic, semantic and dataflow information. Compiler integration enables continuous checking throughout development, but also a pervasive propagation of checking technology. This integration poses some interesting challenges, including tight bounds on the acceptable overhead, but in turn opens up new perspectives. Factorizing analyses between checking and compiling improves both the efficiency and the expressiveness of the checks.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Abraxas Software, Inc. CodeCheck, http://www.abxsoft.com
Ashcraft, K., Engler, D.: Using programmer-written compiler extensions to catch security holes. In Proc. IEEE Symp. on Security and Privacy, May 2002
Back, G., Engler, D.: MJ—a system for constructing bug-finding analyses for Java. Technical report, Stanford University (September 2003)
Ball, T., Rajamani, S.: The SLAM toolkit. In: Proceedings of the 13th International Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 2102 (2001)
Barnett, M., Leino, K., Schulte, W.: In: CASSIS 2004. Lecture Notes in Computer Science, vol. 3362. Springer, New York (2004)
Burdy, L., Cheon, Y., Cok, D., Ernst, M., Kiniry, J., Leavens, G., Leino, K., Poll, E.: An overview of JML tools and applications. In: Arts, T., Fokkink, W. (eds.) Eighth International Workshop on Formal Methods for Industrial Critical Systems (FMICS 03). Electronic Notes in Theoretical Computer Science (ENTCS), vol. 80. Elsevier, Amsterdam (2003)
Checkstyle: Open-source project at SourceForge.net, http://checkstyle.sourceforge.net
Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), Washington, DC, November 2002
Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.: An empirical study of operating system errors. In 18th Symp. Operating Systems Principles (SOSP), Oct. 2001
Cobleigh, J., Clarke, L., Osterweil, L.: FLAVERS: a finite state verification technique for software systems. IBM Syst. J. 41(1) (2002)
Crew, R.: ASTLOG: a language for examining abstract syntax trees. In: USENIX Conference on Domain-Specific Languages, October 1997
Das, M., Lerner, S., Seigle, M.: Esp: path-sensitive program verification in polynomial time. In Proc. ACM SIGPLAN Conf. on Programming Language Design and Implementation (PLDI), Jan. 2002
Devanbu, P.: GENOA—a customizable, front-end-retargetable source code analysis framework. ACM Trans. Softw. Eng. Methodol. (TOSEM) 8(2) (April 1999)
Engler, D., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: Proc. of 4th Symposium on Operating System Design and Implementation (OSDI), San Diego, October 2000
Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Softw. 19(1) (January 2002)
Field, J., Goyal, D., Ramalingam, G., Yahav, E.: Typestate verification: abstraction techniques and complexity results. In: Proc. of SAS’03. Lecture Notes in Computer Science, vol. 2694, pp. 439–462. Springer, New York (2003)
FindBugs: http://findbugs.sourceforge.net/
Foster, J., Fähndrich, M., Aiken, A.: A theory of type qualifiers. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Atlanta, Georgia, May 1999
Foster, J., Terauchi, T., Aiken, A.: Flow-sensitive type qualifiers. In: ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Berlin, Germany, June 2002
Geay, E., Yahav, E., Fink, S.: Continuous code-quality assurance with SAFE. In: Proceedings of the 2006 ACM SIGPLAN Symposium on Partial Evaluation and Semantics-Based Program Manipulation, Charleston, South Carolina, January 2006, PEPM ’06, pp. 145–149. ACM, New York (2006)
Gramma Tech. CodeSurfer Path Inspector: http://www.grammatech.com
Griswold, W., Atkinson, D., McCurdy, C.: Fast, flexible syntactic pattern matching and processing. In: 4th International Workshop on Program Comprehension, 1996
Henzinger, T., Jhala, R., Majumdar, R., Necula, G., Sutre, G., Weimer, W.: Temporal-safety proofs for systems code. In: Proc. of the 14th International Conference on Computer-Aided Verification (CAV). Lecture Notes in Computer Science, vol. 2404. Springer, New York (2002)
Henzinger, T., Jhala, R., Majumdar, R., Sanvido, M.: Extreme model checking. In: Proceedings of the International Symposium on Verification: Theory and Practice. Lecture Notes in Computer Science, vol. 2772. Springer, New York (2004)
Liu, Y., Rothamel, T., Yu, F., Stoller, S., Hu, N.: Parametric regular path queries. ACM SIGPLAN Not. 39(6) (PLDI) (May 2004)
Martin, M., Livshits, B., Lam, M.: Finding application errors and security flaws using PQL: a program query language. In: Proceedings of the 20th Annual ACM SIGPLAN Conference on Object Oriented Programming Systems Languages and Applications (OOPSLA), 2005
MC bug viewer. http://metacomp.stanford.edu
Merill, J.: GENERIC and GIMPLE: a new tree representation for entire functions. In: Proc. of the GCC 2003 Summit
Mygcc prototype: http://mygcc.free.fr
Olender, K., Osterweil, L.: Cesar: a static sequencing constraint analyzer. ACM SIGSOFT Softw. Eng. Notes 14(8) (December 1989)
Open-source project, Splint.: http://www.splint.org
PMD: Open-source project at SourceForge.net. http://pmd.sourceforge.net/
Reps, T.: Program analysis via graph reachability. Inf. Softw. Technol. 40(11–12) (November/December 1998)
Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Global value numbers and redundant computations. In: Proceedings of the 15th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 1988
Visser, W., Havelund, K., Brat, G., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. J. 10(2) (April 2003)
Volanschi, N.: Condate: a proto-language at the confluence between checking and compiling. In: Eighth ACM-SIGPLAN International Symposium on Principles and Practice of Declarative Programming (PPDP), 2006
Volanschi, N., Rinderknecht, C.: Unparsed patterns: easy user-extensibility of program manipulation tools. In: ACM SIGPLAN 2008 Workshop on Partial Evaluation and Program Manipulation (PEPM ’08) (January 2008, to appear)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Volanschi, N. A portable compiler-integrated approach to permanent checking. Autom Softw Eng 15, 3–33 (2008). https://doi.org/10.1007/s10515-007-0022-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10515-007-0022-4