Path-aware analysis of program invariants

Abstract

Ensuring software reliability is a critical problem in the software development process. There are three overarching issues that help improve reliability of complex software systems: (a) availability of specifications that describe important invariants; (b) tools to identify when specifications are violated, and why these violations occur; and (c) the impact of modifications of programs on derived specifications. In this dissertation, we present scalable and efficient path-aware analyses that offer solutions to these three concerns and demonstrate how these solutions lead to improved software reliability. We develop a static path-aware analysis to infer specifications automatically from large software sources. We describe a static inference mechanism for identifying the preconditions that must hold whenever a procedure is called. These preconditions may reflect both dataflow properties (e.g., whenever p is called, variable x must be non-null) as well as control-flow properties (e.g., every call to p must be preceded by a call to q). We derive these preconditions using an inter-procedural path-aware dataflow analysis that gathers predicates at each program point. We apply mining techniques to these predicates to make specification inference robust with respect to errors. This technique also allows us to derive higher-level specifications that abstract structural similarities among predicates (e.g., procedure p is called immediately after a conditional test that checks whether some variable v is non-null). To identify those program statements that influence a specification or assertion, we develop a dynamic path-aware analysis that combines relevant information from multiple paths leading to an assertion point. This path information is encoded as a Boolean formula. The elements of this formula are derived from the predicates in conditional guards found on paths leading to an assertion point. These paths are generated from multiple dynamic runs that pass through the assertion. In addition to describing a test generation mechanism that drives execution through the assertion, we also present a novel representation scheme that coalesces paths using Binary Decision Diagrams (BDDs). Our representation thus allows effective pruning of redundant predicates. Finally, we present a novel solution to the general problem of understanding how specifications are influenced by revisions in program sources. When a revision, even a minor one, does occur, the changes it induces must be tested to ensure that invariants assumed in the original version are not violated unintentionally. In order to avoid testing components that are unchanged across revisions, impact analysis is often used to identify code blocks or functions that are affected by a change. Our approach employs dynamic programming on instrumented traces of different program binaries to identify longest common subsequences in strings generated by these traces. Our formulation allows us to perform impact analysis and also to detect the smallest set of locations within the functions where the effect of the changes actually manifests itself

    Similar works

    Full text

    thumbnail-image

    Available Versions