skip to main content
article

Static error detection using semantic inconsistency inference

Published:10 June 2007Publication History
Skip Abstract Section

Abstract

Inconsistency checking is a method for detecting software errors that relies only on examining multiple uses of a value. We propose that inconsistency inference is best understood as a variant of the older and better understood problem of type inference. Using this insight, we describe a precise and formal framework for discovering inconsistency errors. Unlike previous approaches to the problem, our technique for finding inconsistency errors is purely semantic and can deal with complex aliasing and path-sensitive conditions. We have built a nullde reference analysis of C programs based on semantic inconsistency inference and have used it to find hundreds of previously unknown null dereference errors in widely used C programs.

References

  1. A. Aiken, E. Wimmers, and T. K. Lakshman. Soft typing with conditional types. In Proceedings of the Symposium on Principles of Programming Languages, pages 163--173, 1994. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. T. Ball and S. Rajamani. The SLAM project: Debugging system software via static analysis. In Proc. of the Symp. on Principles of Prog. Languages, pages 1--3, January 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. D. Beyer, T. Henzinger, R. Jhala, and R. Majumdar. Checking memory safety with Blast. In Proc. of the Conf. on Fundamental Approaches to Software Engineering, pages 2--18, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. R. Cartwright and M. Fagan. Soft typing. In Proc. of the Conf. on Prog. Language Design and Implementation, pages 278--292, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In Proc. of the Conf. on Prog. Language Design and Implementation, pages 57--68, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. Engler, D. Chen, S. Hallem, A. Chou, and B. Chelf. Bugs as deviant behavior: A general approach to inferring errors in systems code. Operating Systems Review, 35(5):57--72, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. D. Evans. Static detection of dynamic memory errors. In Proc. of the Conf. on Prog. Language Design and Implementation, pages 44--53, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. M. Faehndrich and K. Rustan M. Leino. Declaring and checking non-null types in an object-oriented language. In Proc. of the Conf. on Object-Oriented Programing, Systems, Languages and Applications, pages 302--312, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. C. Flanagan, R. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Proc. of the Conf. on Prog. Language Design and Implementation, pages 234--245, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. J. Foster, M. Faehndrich, and A. Aiken. A theory of type qualifiers. In Proc. of the Conf. on Prog. Language Design and Implementation, pages 192--203, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. B. Hackett and A. Aiken. How is aliasing used in systems software? In Proceedings of the ACM International Symposium on Foundations of Software Engineering, pages 69--80, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. D. Hovemeyer and W. Pugh. Finding bugs is easy. SIGPLAN Not., 39(12):92--106, December 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. D. Hovemeyer, J. Spacco, and W. Pugh. Evaluating and tuning a static analysis to find null pointer bugs. In Proc. of the Workshop on Program Analysis for Software Tools and Engineering, pages 13--19, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. Jhala and K. McMillan. Interpolant-based transition relation approximation. In Proc. of the International Conf. on Computer Aided Verification, pages 39--51, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. M. Naik and J. Palsberg. A type system equivalent to a model checker. In Proc. of the European Symp. on Prog., pages 374--388, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. G. Necula, S. McPeak, and W. Weimer. CCured: Type-safe retrofitting of legacy code. In Proc. of the Symp. on Principles of Prog. Languages, pages 128--139, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. F. Pessaux and X. Leroy. Type-based analysis of uncaught exceptions. In Proc. of the Symp. on Principles of Prog. Languages, pages 276-- 290, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. K. Yi and S. Ryu. Towards a cost-effective estimation of uncaught exceptions in SML programs. In Proc. of the International Symp. on Static Analysis, pages 98--113, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Static error detection using semantic inconsistency inference

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 42, Issue 6
        Proceedings of the 2007 PLDI conference
        June 2007
        491 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/1273442
        Issue’s Table of Contents
        • cover image ACM Conferences
          PLDI '07: Proceedings of the 28th ACM SIGPLAN Conference on Programming Language Design and Implementation
          June 2007
          508 pages
          ISBN:9781595936332
          DOI:10.1145/1250734

        Copyright © 2007 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 10 June 2007

        Check for updates

        Qualifiers

        • article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!