skip to main content
research-article

Almost-correct specifications: a modular semantic framework for assigning confidence to warnings

Published:16 June 2013Publication History
Skip Abstract Section

Abstract

Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments allowed by unconstrained or partial specifications. The inability to preclude overly adversarial environments makes such checkers less attractive to developers and severely limits the adoption of such tools in the development cycle.

In this work, we propose a parameterized framework for prioritizing the assertion failures reported by a modular verifier, with the goal of suppressing warnings from overly demonic environments. We formalize it almost-correct specifications as the minimal weakening of an angelic specification (over a set of predicates) that precludes any dead code intraprocedurally. Our work is inspired by and generalizes some aspects of semantic inconsistency detection. Our formulation allows us to lift this idea to a general class of warnings. We have developed a prototype acspec, which we use to explore a few instantiations of the framework and report preliminary findings on a diverse set of C benchmarks.

References

  1. M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Construction and Analysis of Safe, Secure and Interoperable Smart Devices, LNCS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM, 53(2):66--75, Feb. 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. J. Condit, B. Hackett, S. K. Lahiri, and S. Qadeer. Unifying type checking and property checking for low-level code. In Principles of Programming Languages (POPL'09), pages 302--314, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. P. Cousot and R. Cousot. Abstract interpretation : A Unified Lattice Model for the Static Analysis of Programs by Construction or Approximation of Fixpoints. In Symposium on Principles of Programming Languages (POPL'77). ACM Press, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. P. Cousot, R. Cousot, M. Fähndrich, and F. Logozzo. Automatic inference of necessary preconditions. In VMCAI, pages 128--148, 2013.Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08), 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. R. DeLine and K. R. M. Leino. BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report MSR-TR-2005--70, Microsoft Research, 2005.Google ScholarGoogle Scholar
  8. E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM, 1975. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. I. Dillig, T. Dillig, and A. Aiken. Static error detection using semantic inconsistency inference. In Programming Language Design and Implementation (PLDI'07), pages 435--445, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. I. Dillig, T. Dillig, and A. Aiken. Automated error diagnosis using abductive inference. In Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation, PLDI'12, pages 181--192, New York, NY, USA, 2012. ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. D. R. Engler, D. Y. Chen, and A. Chou. Bugs as inconsistent behavior: A general approach to inferring errors in systems code. In Symposium on Operating Systems Principles (SOSP'01), pages 57--72, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Programming Language Design and Implementation (PLDI'02), 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Flanagan and J. B. Saxe. Avoiding exponential explosion: generating compact verification conditions. In Symposium on Principles of Programming Languages (POPL'01), pages 193--205. ACM, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In Computer-Aided Verification (CAV'97). Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. J. Hoenicke, K. R. M. Leino, A. Podelski, M. Schäf, and T. Wies. Doomed program points. Formal Methods in System Design, 37(2--3):171--199, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. S. Joshi, S. K. Lahiri, and A. Lal. Underspecified harnesses and interleaved bugs. In Principles of Programming Languages (POPL'12), pages 19--30. ACM, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. T. Kremenek and D. R. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In Static Analysis Symposium (SAS'03), LNCS 2694, pages 295--315, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. T. Kremenek, P. Twohey, G. Back, A. Y. Ng, and D. R. Engler. From uncertainty to belief: Inferring the specification within. In OSDI, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. S. K. Lahiri, R. Nieuwenhuis, and A. Oliveras. Smt techniques for fast predicate abstraction. In Computer Aided Verification (CAV'06), Lecture Notes in Computer Science, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. NIST SAMATE Benchmarks. http://samate.nist.gov/SRD/testsuite.php.Google ScholarGoogle Scholar
  21. A. Tomb and C. Flanagan. Detecting inconsistencies via universal reachability analysis. In International Symposium on Software Testing and Analysis (ISSTA'12), 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Almost-correct specifications: a modular semantic framework for assigning confidence to warnings

            Recommendations

            Comments

            Login options

            Check if you have access through your login credentials or your institution to get full access on this article.

            Sign in

            Full Access

            • Published in

              cover image ACM SIGPLAN Notices
              ACM SIGPLAN Notices  Volume 48, Issue 6
              PLDI '13
              June 2013
              515 pages
              ISSN:0362-1340
              EISSN:1558-1160
              DOI:10.1145/2499370
              Issue’s Table of Contents
              • cover image ACM Conferences
                PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation
                June 2013
                546 pages
                ISBN:9781450320146
                DOI:10.1145/2491956

              Copyright © 2013 ACM

              Publisher

              Association for Computing Machinery

              New York, NY, United States

              Publication History

              • Published: 16 June 2013

              Check for updates

              Qualifiers

              • research-article

            PDF Format

            View or Download as a PDF file.

            PDF

            eReader

            View online with eReader.

            eReader
            About Cookies On This Site

            We use cookies to ensure that we give you the best experience on our website.

            Learn more

            Got it!