Abstract
We introduce Verification Modulo Versions (VMV), a new static analysis technique for reducing the number of alarms reported by static verifiers while providing sound semantic guarantees. First, VMV extracts semantic environment conditions from a base program P. Environmental conditions can either be sufficient conditions (implying the safety of P) or necessary conditions (implied by the safety of P). Then, VMV instruments a new version of the program, P', with the inferred conditions. We prove that we can use (i) sufficient conditions to identify abstract regressions of P' w.r.t. P; and (ii) necessary conditions to prove the relative correctness of P' w.r.t. P. We show that the extraction of environmental conditions can be performed at a hierarchy of abstraction levels (history, state, or call conditions) with each subsequent level requiring a less sophisticated matching of the syntactic changes between P' and P. Call conditions are particularly useful because they only require the syntactic matching of entry points and callee names across program versions. We have implemented VMV in a widely used static analysis and verification tool. We report our experience on two large code bases and demonstrate a substantial reduction in alarms while additionally providing relative correctness guarantees.
- R. Alur, P. Černý, P. Madhusudan, and W. Nam. Synthesis of interface specifications for java classes. In POPL, 2005. Google Scholar
Digital Library
- G. Ammons, R. Bodík, and J. R. Larus. Mining specifications. In POPL, 2002. Google Scholar
Digital Library
- G. Barthe, J. M. Crespo, and C. Kunz. Relational verification using product programs. In FM, 2011. Google Scholar
Digital Library
- A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. R. Engler. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM, 53(2), 2010. Google Scholar
Digital Library
- S. Blackshear and S. K. Lahiri. Almost-correct specifications: a modular semantic framework for assigning confidence to warnings. In PLDI, 2013. Google Scholar
Digital Library
- M. Bouaziz, F. Logozzo, and M. Fähndrich. Inference of necessary field conditions with abstract interpretation. In APLAS, 2012.Google Scholar
Cross Ref
- P. Cousot. Constructive design of a hierarchy of semantics of a transition system by abstract interpretation. Theor. Comput. Sci., 277(1-2), 2002. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation frameworks. J. Log. Comput., 2(4):511--547, 1992.Google Scholar
- P. Cousot, R. Cousot, M. Fähndrich, and F. Logozzo. Automatic inference of necessary preconditions. In VMCAI, 2013.Google Scholar
Digital Library
- P. Cousot, R. Cousot, and F. Logozzo. A parametric segmentation functor for fully automatic and scalable array content analysis. In POPL, 2011. Google Scholar
Digital Library
- P. Cousot, R. Cousot, and F. Logozzo. Precondition inference from intermittent assertions and application to contracts on collections. In VMCAI, 2011. Google Scholar
Digital Library
- P. Cousot, R. Cousot, F. Logozzo, and M. Barnett. An abstract interpretation framework for refactoring with application to extract methods with contracts. In OOPSLA, 2012. Google Scholar
Digital Library
- Coverity. Coverity static analysis verification engine. http://www.coverity.com/products/coverity-save.html.Google Scholar
- E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM, 18(8), 1975. Google Scholar
Digital Library
- M. Fähndrich, M. Barnett, and F. Logozzo. Embedded contract languages. In ACM SAC, 2010. Google Scholar
Digital Library
- M. Fähndrich and F. Logozzo. Static contract checking with abstract interpretation. In FoVeOOS, 2010.Google Scholar
- R. Giacobazzi, F. Ranzato, and F. Scozzari. Making abstract interpretations complete. J. ACM, 47(2):361--416, 2000. Google Scholar
Digital Library
- GrammaTech. CodeSonar. http://www.grammatech.com/ codesonar.Google Scholar
- T. A. Henzinger, R. Jhala, and R. Majumdar. Permissive interfaces. In ESEC/FSE-13, 2005. Google Scholar
Digital Library
- D. Hovemeyer and W. Pugh. Finding bugs is easy. SIGPLAN Not., 39(12), 2004. Google Scholar
Digital Library
- S. Joshi, S. K. Lahiri, and A. Lal. Underspecified harnesses and interleaved bugs. In POPL, 2012. Google Scholar
Digital Library
- Klocwork. Klocwork inspect. http://www.klocwork.com/products.Google Scholar
- S. K. Lahiri, K. L. McMillan, R. Sharma, and C. Hawblitzel. Differential assertion checking. In FSE, 2013. Google Scholar
Digital Library
- S. K. Lahiri, K. Vaswani, and C. A. R. Hoare. Differential static analysis: opportunities, applications, and challenges. In FoSER, 2010. Google Scholar
Digital Library
- V. Laviron and F. Logozzo. Subpolyhedra: A (more) scalable approach to infer linear inequalities. In VMCAI, 2009. Google Scholar
Digital Library
- W. Lee, W. Lee, and K. Yi. Sound non-statistical clustering of static analysis alarms. In VMCAI, 2012. Google Scholar
Digital Library
- F. Logozzo. Automatic inference of class invariants. In VMCAI, 2004.Google Scholar
Cross Ref
- F. Logozzo and M. Fähndrich. Pentagons: a weakly relational abstract domain for the efficient validation of array accesses. In SAC, 2008. Google Scholar
Digital Library
- F. Logozzo and M. Fähndrich. Checking compatibility of bit sizes in floating point comparison operations. In 3rd workshop on Numerical and Symbolic Abstract Domains, ENTCS, 2011.Google Scholar
- Mathworks. Polyspace verifier. http://www.mathworks.com/products/polyspace/.Google Scholar
- Y. Moy. Sufficient preconditions for modular assertion checking. In VMCAI, 2008. Google Scholar
Digital Library
- Y. Wei, C. A. Furia, N. Kazmin, and B. Meyer. Inferring better contracts. In ICSE, 2011. Google Scholar
Digital Library
Index Terms
Verification modulo versions: towards usable verification
Recommendations
Verification modulo versions: towards usable verification
PLDI '14: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and ImplementationWe introduce Verification Modulo Versions (VMV), a new static analysis technique for reducing the number of alarms reported by static verifiers while providing sound semantic guarantees. First, VMV extracts semantic environment conditions from a base ...
Verifying dereference safety via expanding-scope analysis
ISSTA '08: Proceedings of the 2008 international symposium on Software testing and analysisThis paper addresses the challenging problem of verifying the safety of pointer dereferences in real Java programs. We provide an automatic approach to this problem based on a sound interprocedural analysis. We present a staged expanding-scope algorithm ...
Selective X-Sensitive Analysis Guided by Impact Pre-Analysis
We present a method for selectively applying context-sensitivity during interprocedural program analysis. Our method applies context-sensitivity only when and where doing so is likely to improve the precision that matters for resolving given queries. ...







Comments