ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Putting static analysis to work for verification: A case study
Full text PdfPdf (513 KB)
Source International Symposium on Software Testing and Analysis archive
Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis table of contents
Portland, Oregon, United States
Pages: 26 - 38  
Year of Publication: 2000
ISBN:1-58113-266-2
Also published in ...
Authors
Tal Lev-Ami  Tel-Aviv Univ., Tel-Aviv, Israel
Thomas Reps  Comp. Sci. Dept., Univ. of Wisconsin, Madison, WI
Mooly Sagiv  Dept. of Comp. Sci., Tel-Aviv Univ., Tel-Aviv, Israel
Reinhard Wilhelm  Informatik, Univ. of Saarlandes, Saarbrucken, Germany
Sponsor
SIGSOFT: ACM Special Interest Group on Software Engineering
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 102,   Citation Count: 15
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues   peer to peer  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/347324.348031
What is a DOI?

ABSTRACT

A method for finding bugs in code is presented. For given small numbers j and k, the code of a procedure is translated into a rela-tional formula whose models represent all execution traces that involve at most j heap cells and k loop iterations. This formula is conjoined with the negation of the procedure's specification. The models of the resulting formula, obtained using a constraint solver, are counterexamples: executions of the code that violate the specification.The method can analyze millions of executions in seconds, and thus rapidly expose quite subtle flaws. It can accommodate calls to procedures for which specifications but no code is avail-able. A range of standard properties (such as absence of null pointer dereferences) can also be easily checked, using prede-fined specifications.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
François Bourdoncle, Abstract debugging of higher-order imperative languages, Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation, p.46-55, June 21-25, 1993, Albuquerque, New Mexico, United States
 
2
Randal E. Bryant, Graph-based algorithms for Boolean function manipulation, IEEE Transactions on Computers, v.35 n.8, p.677-691, Aug. 1986  [doi>10.1109/TC.1986.1676819]
3
David R. Chase , Mark Wegman , F. Kenneth Zadeck, Analysis of pointers and structures, Proceedings of the ACM SIGPLAN 1990 conference on Programming language design and implementation, p.296-310, June 1990, White Plains, New York, United States
 
4
T.E.Cheatham,Jr.,G.H.Holloway,and J.A.Townley. Symbolic evaluation and the analysis of programs.IEEE Trans. on Softw. Eng.,5(4):402 -417,1979.
 
5
Edmund M. Clarke, Jr. , Orna Grumberg , Doron A. Peled, Model checking, MIT Press, Cambridge, MA, 2000
6
James C. Corbett, Using shape analysis to reduce finite-state models of concurrent Java programs, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.1, p.51-93, Jan. 2000  [doi>10.1145/332740.332741]
7
Patrick Cousot , Radhia Cousot, Systematic design of program analysis frameworks, Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.269-282, January 29-31, 1979, San Antonio, Texas  [doi>10.1145/567752.567778]
 
8
L.P.Deutsch.An Interactive Program Verifier PhDthesis,Univ.of California,Berkeley,CA,1973.
 
9
Edsger Wybe Dijkstra, A Discipline of Programming, Prentice Hall PTR, Upper Saddle River, NJ, 1997
 
10
Nurit Dor , Michael Rodeh , Shmuel Sagiv, Checking Cleanness in Linked Lists, Proceedings of the 7th International Symposium on Static Analysis, p.115-134, June 29-July 01, 2000
11
Matthew B. Dwyer , Lori A. Clarke, Data flow analysis for verifying properties of concurrent programs, Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering, p.62-75, December 06-09, 1994, New Orleans, Louisiana, United States
 
12
Will Dean Gillett, Iterative global flow techniques for detecting program anomalies., 1977
 
13
David Gries, The Science of Programming, Springer-Verlag New York, Inc., Secaucus, NJ, 1987
14
C. A. R. Hoare, An axiomatic basis for computer programming, Communications of the ACM, v.12 n.10, p.576-580, Oct. 1969  [doi>10.1145/363235.363259]
 
15
C.A.R.Hoare.Recursive data structures.Int. J. of Comp. and Inf. Sci.,4(2):105 -132,1975.
16
Jakob L. Jensen , Michael E. Jørgensen , Michael I. Schwartzbach , Nils Klarlund, Automatic verification of pointer programs using monadic second-order logic, Proceedings of the ACM SIGPLAN 1997 conference on Programming language design and implementation, p.226-234, June 16-18, 1997, Las Vegas, Nevada, United States
 
17
James Cornelius King, A program verifier, 1970
 
18
T.Lev-Ami.TVLA:A framework for Kleene based static analysis.Master 's thesis,Tel-Aviv University,2000. Available at http://www.math.tau.ac.il/ ~tla.
 
19
Tal Lev-Ami , Shmuel Sagiv, TVLA: A System for Implementing Static Analyses, Proceedings of the 7th International Symposium on Static Analysis, p.280-301, June 29-July 01, 2000
 
20
Kenneth L. McMillan, Symbolic Model Checking, Kluwer Academic Publishers, Norwell, MA, 1993
 
21
J.M.Morris.Assignment and linked data structures.In M.Broy and G.Schmidt,editors,Theoretical Founda-tions of Programming Methodology pages 35 -41.D.Reidel Publishing Co.,Boston,MA,1982.
 
22
Glenford J. Myers, Art of Software Testing, John Wiley & Sons, Inc., New York, NY, 1979
 
23
Kurt M. Olender , Leon J. Osterweil, Cecil: A Sequencing Constraint Language for Automatic Static Analysis Generation, IEEE Transactions on Software Engineering, v.16 n.3, p.268-280, March 1990  [doi>10.1109/32.48935]
24
Kurt M. Olender , Leon J. Osterweil, Interprocedural static analysis of sequencing constraints, ACM Transactions on Software Engineering and Methodology (TOSEM), v.1 n.1, p.21-52, Jan. 1992  [doi>10.1145/125489.122822]
 
25
M.Sagiv,T.Reps,and R.Wilhelm.Parametric shape analysis via 3-valued logic.Tech.Rep.TR- 1383,Comp.Sci.Dept.,Univ.of Wisconsin,Madison, WI,August 1998.(Revised March 2000.)Available at "http://www.cs.wisc.edu/wpis/papers/parametric.ps ".
26
Mooly Sagiv , Thomas Reps , Reinhard Wilhelm, Parametric shape analysis via 3-valued logic, Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.105-118, January 20-22, 1999, San Antonio, Texas, United States  [doi>10.1145/292540.292552]
27
Bjarne Steensgaard, Points-to analysis in almost linear time, Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.32-41, January 21-24, 1996, St. Petersburg Beach, Florida, United States  [doi>10.1145/237721.237727]
28
Norihisa Suzuki , Kiyoshi Ishihata, Implementation of an array bound checker, Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.132-143, January 17-19, 1977, Los Angeles, California  [doi>10.1145/512950.512963]
 
29
M.Tamir.ADI:Automatic derivation of invariants.IEEE Trans. on Softw. Eng.,6(1):40 -48,1990.
30
Ben Wegbreit, The synthesis of loop predicates, Communications of the ACM, v.17 n.2, p.102-113, Feb. 1974  [doi>10.1145/360827.360850]

CITED BY  15
Thi Viet Nga Nguyen , François Irigoin, Efficient and effective array bound checking, ACM Transactions on Programming Languages and Systems (TOPLAS), v.27 n.3, p.527-570, May 2005
Dierk Johannes , Raimund Seidel , Reinhard Wilhelm, Algorithm animation using shape analysis: visualising abstract executions, Proceedings of the 2005 ACM symposium on Software visualization, May 14-15, 2005, St. Louis, Missouri
Sascha A. Parduhn , Raimund Seidel , Reinhard Wilhelm, Algorithm visualization using concrete and abstract shape graphs, Proceedings of the 4th ACM symposium on Software visuallization, September 16-17, 2008, Ammersee, Germany
 
Jeff Bogda , Ambuj Singh, Can a shape analysis work at run-time?, Proceedings of the JavaTM Virtual Machine Research and Technology Symposium on JavaTM Virtual Machine Research and Technology Symposium, p.2-2, April 23-24, 2001, Monterey, California
Noam Rinetzky , Jörg Bauer , Thomas Reps , Mooly Sagiv , Reinhard Wilhelm, A semantics for procedure local heaps and its abstractions, ACM SIGPLAN Notices, v.40 n.1, p.296-309, January 2005
Bor-Yuh Evan Chang , Xavier Rival, Relational inductive shape analysis, ACM SIGPLAN Notices, v.43 n.1, January 2008
Martin Rinard , Cristian Cadar , Huu Hai Nguyen, Exploring the acceptability envelope, Companion to the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications, October 16-20, 2005, San Diego, CA, USA
Brian Hackett , Radu Rugina, Region-based shape analysis with tracked locations, ACM SIGPLAN Notices, v.40 n.1, p.310-323, January 2005
 
Ran Shaham , Eran Yahav , Elliot K. Kolodner , Mooly Sagiv, Establishing local temporal heap safety properties with applications to compile-time memory management, Science of Computer Programming, v.58 n.1-2, p.264-289, October 2005
Anders Møller , Michael I. Schwartzbach, The pointer assertion logic engine, ACM SIGPLAN Notices, v.36 n.5, p.221-231, May 2001
Mooly Sagiv , Thomas Reps , Reinhard Wilhelm, Parametric shape analysis via 3-valued logic, ACM Transactions on Programming Languages and Systems (TOPLAS), v.24 n.3, p.217-298, May 2002
Greta Yorsh , Thomas Reps , Mooly Sagiv , Reinhard Wilhelm, Logical characterizations of heap abstractions, ACM Transactions on Computational Logic (TOCL), v.8 n.1, p.5-es, January 2007
 
Sarfraz Khurshid , Darko Marinov, TestEra: Specification-Based Testing of Java Programs Using SAT, Automated Software Engineering, v.11 n.4, p.403-434, October 2004
Karen Zee , Viktor Kuncak , Martin Rinard, Full functional verification of linked data structures, ACM SIGPLAN Notices, v.43 n.6, June 2008
Michael Hind, Pointer analysis: haven't we solved this problem yet?, Proceedings of the 2001 ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering, p.54-61, June 2001, Snowbird, Utah, United States

INDEX TERMS

Primary Classification:
  F. Theory of Computation
  F.3 LOGICS AND MEANINGS OF PROGRAMS

Additional Classification:
  D. Software
  D.2 SOFTWARE ENGINEERING
      D.2.4 Software/Program Verification
          Subjects: Correctness proofs


General Terms:
Algorithms, Design, Measurement, Performance, Reliability, Theory, Verification


Keywords:
alloy language, constraint solvers, detecting bugs, model checking, relational formulas, static analysis, testing

Collaborative Colleagues:
Tal Lev-Ami: colleagues
Thomas Reps: colleagues
Mooly Sagiv: colleagues
Reinhard Wilhelm: colleagues

Peer to Peer - Readers of this Article have also read:
This Article has also been published in:

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player