Typestate-like analysis of multiple interacting objects

This paper presents a static analysis of typestate-like temporal specifications of groups of interacting objects, which are expressed using tracematches. Whereas typestate expresses a temporal specification of one object, a tracematch state may change due to operations on any of a set of related objects bound by the tracematch. The paper proposes a lattice-based operational semantics equivalent to the original tracematch semantics but better suited to static analysis. The paper defines a static analysis that computes precise local points-to sets and tracks the flow of individual objects, thereby enabling strong updates of the tracematch state. The analysis has been proved sound with respect to the semantics. A context-sensitive version of the analysis has been implemented as instances of the IFDS and IDE algorithms. The analysis was evaluated on tracematches used in earlier work and found to be very precise. Remaining imprecisions could be eliminated with more precise modeling of references from the heap and of exceptional control flow.

[1]  Thomas W. Reps,et al.  Precise Interprocedural Dataflow Analysis with Applications to Constant Propagation , 1995, TAPSOFT.

[2]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[3]  Ondrej Lhoták,et al.  Comparing call graphs , 2007, PASTE '07.

[4]  Alexander Aiken,et al.  Flow-sensitive type qualifiers , 2002, PLDI '02.

[5]  Bruno Dufour,et al.  OBJECTIVE QUANTIFICATION OF PROGRAM BEHAVIOUR USING DYNAMIC METRICS , 2004 .

[6]  Amer Diwan,et al.  The DaCapo benchmarks: java benchmarking development and analysis , 2006, OOPSLA '06.

[7]  D. R. Cheriton,et al.  Extending Typestate Analysis to Multiple Interacting Objects , 2008 .

[8]  Grigore Rosu,et al.  Mop: an efficient and generic runtime verification framework , 2007, OOPSLA.

[9]  Robert DeLine,et al.  Typestates for Objects , 2004, ECOOP.

[10]  Ondrej Lhoták,et al.  A Staged Static Program Analysis to Improve the Performance of Runtime Monitoring , 2007, ECOOP.

[11]  Matthew B. Dwyer,et al.  Residual dynamic typestate analysis exploiting static analysis: results to reformulate and reduce the cost of dynamic analysis , 2007, ASE.

[12]  Benjamin Livshits,et al.  Finding application errors and security flaws using PQL: a program query language , 2005, OOPSLA '05.

[13]  Alexander Aiken,et al.  Relational queries over program traces , 2005, OOPSLA '05.

[14]  Deepak Goyal,et al.  Deriving specialized program analyses for certifying component-client conformance , 2002, PLDI '02.

[15]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[16]  Eric Bodden,et al.  Finding programming errors earlier by evaluating runtime monitors ahead-of-time , 2008, SIGSOFT '08/FSE-16.

[17]  Ondrej Lhoták,et al.  abc: an extensible AspectJ compiler , 2005, AOSD '05.

[18]  Radu Rugina,et al.  Region-based shape analysis with tracked locations , 2005, POPL '05.

[19]  Jonathan Aldrich,et al.  Lightweight object specification with typestates , 2005, ESEC/FSE-13.

[20]  Oege de Moor,et al.  Making trace monitors feasible , 2007, OOPSLA.

[21]  Robert E. Strom,et al.  Typestate: A programming language concept for enhancing software reliability , 1986, IEEE Transactions on Software Engineering.

[22]  Dawson R. Engler,et al.  A system and language for building system-specific, static analyses , 2002, PLDI '02.

[23]  Ondrej Lhoták,et al.  Adding trace matching with free variables to AspectJ , 2005, OOPSLA '05.

[24]  Jonathan Aldrich,et al.  Checking Temporal Relations between Multiple Objects , 2008 .

[25]  Calvin Lin,et al.  Error checking with client-driven pointer analysis , 2005, Sci. Comput. Program..

[26]  Jonathan Aldrich,et al.  Modular typestate checking of aliased objects , 2007, OOPSLA.

[27]  Sigmund Cherem,et al.  Compile-time deallocation of individual objects , 2006, ISMM '06.

[28]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[29]  Elnar Hajiyev,et al.  Semantics of static pointcuts in aspectJ , 2007, POPL '07.

[30]  Jonathan Aldrich,et al.  Checking semantic usage of frameworks , 2007, LCSD '07.

[31]  Calvin Lin,et al.  Client-Driven Pointer Analysis , 2003, SAS.

[32]  A. Deutsch,et al.  A storeless model of aliasing and its abstractions using finite representations of right-regular equivalence relations , 1992, Proceedings of the 1992 International Conference on Computer Languages.

[33]  Eran Yahav,et al.  Effective typestate verification in the presence of aliasing , 2006, TSEM.