skip to main content
research-article

Specification Inference Using Context-Free Language Reachability

Published:14 January 2015Publication History
Skip Abstract Section

Abstract

We present a framework for computing context-free language reachability properties when parts of the program are missing. Our framework infers candidate specifications for missing program pieces that are needed for verifying a property of interest, and presents these specifications to a human auditor for validation. We have implemented this framework for a taint analysis of Android apps that relies on specifications for Android library methods. In an extensive experimental study on 179 apps, our tool performs verification with only a small number of queries to a human auditor.

Skip Supplemental Material Section

Supplemental Material

p553-sidebyside.mpg

References

  1. A. Aiken, S. Bugrara, I. Dillig, T. Dillig, B. Hackett, P. Hawkins. An overview of the Saturn project. In PASTE, 43--48, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. K. Ali, O. Lhoták. Averroes: whole-program analysis without the whole program. In ECOOP, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. R. Alur, P. Černy, P. Madhusudan, W. Nam. Synthesis of interface specifications for Java classes. In POPL, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. G. Ammons, R. Bodík, J. Larus. Mining specifications. In POPL, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. L. Traon, D. Octeau, P. McDaniel. FlowDroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. In PLDI, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. T. Ball, S. Rajamani. The SLAM project: debugging system software via static analysis. In POPL, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. N. Beckman, A. Nori. Probabilistic, modular and scalable inference of typestate specifications. In PLDI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. W. Enck, P. Gilbert, B. Chun, L. Cox, J. Jung, P. McDaniel, A. Sheth. TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. A. P. Fuchs, A. Chaudhuri, J. S. Foster. SCanDroid: automated security certification of Android applications. In IEEE Symposium on Security and Privacy, 2010.Google ScholarGoogle Scholar
  10. D. Greenfieldboyce, J. S. Foster. Type qualifier inference in Java. In OOPSLA, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Kodumal, A. Aiken. Banshee: a scalable constraint-based analysis toolkit. In SAS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. Kodumal, A. Aiken. Regularly annotated set constraints. In PLDI, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. J. Kodumal, A. Aiken. The set constraint/CFL reachability connection in practice. In PLDI, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. Knuth. A generalization of Dijkstra's algorithm. In Information Processing Letters, 6(1):1--5, 1977.Google ScholarGoogle ScholarCross RefCross Ref
  15. T. Kremenek, P. Twohey, G. Back, A. Ng, D. Engler. From uncertainty to belief: inferring the specification within. In OSDI, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. B. Livshits, A. V. Nori, S. K. Rajamani, A. Banerjee. Merlin: specification inference for explicit information flow problems. In PLDI, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. B. Livshits, M. S. Lam. Finding security vulnerabilities in Java applications with static analysis. In USENIX Security Symposium, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. B. Livshits, M. S. Lam. Tracking pointers with path and context sensitivity for bug detection in C programs. In FSE, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. D. Melski, T. Reps. Interconvertibility of a class of set constraints and context-free language reachability. In Theoretical Computer Science, 248(1):29--98, 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. M. Naik, A. Aiken, J. Whaley. Effective static race detection for Java. In PLDI, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. J. W. Nimmer, M. D. Ernst. Automatic generation of program specifications. In ISSTA, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. K. Ramanathan, A. Grama, S. Jagannathan. Static specification inference using predicate mining. In PLDI, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. T. Reps. Program analysis via graph reachability. In ILPS, 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. T. Reps, S. Horwitz, M. Sagiv. Precise interprocedural data flow analysis via graph reachability. In POPL, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. S. Shoham, E. Yahav, S. Fink, M. Pistoia. Static specification mining using automata-based abstractions. In ISSTA, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. M. Sridharan, D. Gopan, L. Shan, R. Bodik. Demand-driven points-to analysis for Java. In OOPSLA, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. M. Sridharan, S. Artzi, M. Pistoia, S. Guarnieri, O. Tripp, R. Berg. F4F: taint analysis of framework-based web applications. In OOPSLA, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. M. Sridharan, R. Bodik. Refinement-based context-sensitive points-to analysis for Java. In PLDI, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. O. Tripp, M. Pistoia, S. J. Fink, M. Sridharan, O. Weisman. TAJ: effective taint analysis of web applications. In PLDI, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. R. Vallée-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam, V. Sundaresan. Soot: a Java bytecode optimization framework. In CASCON, 1999.Google ScholarGoogle Scholar
  31. J. Whaley, M. S. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In OOPSLA, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Y. Xie, A. Aiken. Static detection of security vulnerabilities in scripting languages. In USENIX Security Symposium, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. J. Yang, D. Evans, D. Bhardwaj, T. Bhat, M. Das. Perracotta: mining temporal API rules from imperfect traces. In ICSE, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. H. Zhu, T. Dillig, I. Dillig. Automated inference of library specifications for source-sink property verification. In APLAS, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Specification Inference Using Context-Free Language Reachability

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        • Published in

          cover image ACM SIGPLAN Notices
          ACM SIGPLAN Notices  Volume 50, Issue 1
          POPL '15
          January 2015
          682 pages
          ISSN:0362-1340
          EISSN:1558-1160
          DOI:10.1145/2775051
          • Editor:
          • Andy Gill
          Issue’s Table of Contents
          • cover image ACM Conferences
            POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
            January 2015
            716 pages
            ISBN:9781450333009
            DOI:10.1145/2676726

          Copyright © 2015 ACM

          Publisher

          Association for Computing Machinery

          New York, NY, United States

          Publication History

          • Published: 14 January 2015

          Check for updates

          Qualifiers

          • research-article

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!