Path-Sensitive Inference of Function Precedence Protocols

Function precedence protocols define ordering relations among function calls in a program. In some instances, precedence protocols are well-understood (e.g., a call to pthread_mutex_init must always be present on all program paths before a call to pthread_mutex_lock). Oftentimes, however, these protocols are neither well- documented, nor easily derived. As a result, protocol violations can lead to subtle errors that are difficult to identify and correct. In this paper, we present CHRONICLER, a tool that applies scalable inter-procedural path-sensitive static analysis to automatically infer accurate function precedence protocols. Chronicler computes precedence relations based on a program's control-flow structure, integrates these relations into a repository, and analyzes them using sequence mining techniques to generate a collection of feasible precedence protocols. Deviations from these protocols found in the program are tagged as violations, and represent potential sources of bugs. We demonstrate CHRONICLER's effectiveness by deriving protocols for a collection of benchmarks ranging in size from 66 K to 2 M lines of code. Our results not only confirm the existence of bugs in these programs due to precedence protocol violations, but also highlight the importance of path sensitivity on accuracy and scalability.

[1]  Zhenmin Li,et al.  PR-Miner: automatically extracting implicit programming rules and detecting violations in large software code , 2005, ESEC/FSE-13.

[2]  Benjamin Livshits,et al.  DynaMine: finding common error patterns by mining software revision histories , 2005, ESEC/FSE-13.

[3]  Ramakrishnan Srikant,et al.  Mining sequential patterns , 1995, Proceedings of the Eleventh International Conference on Data Engineering.

[4]  Fei Xie,et al.  Automatic Creation of Environment Models via Training , 2004, TACAS.

[5]  George C. Necula,et al.  Mining Temporal Specifications for Error Detection , 2005, TACAS.

[6]  Kajal T. Claypool,et al.  XSnippet: mining For sample code , 2006, OOPSLA '06.

[7]  Steven P. Reiss,et al.  Encoding program executions , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[8]  Patrice Godefroid,et al.  Compositional dynamic test generation , 2007, POPL '07.

[9]  Jan Vitek,et al.  Improving software assurance using lightweight static analysis , 2006 .

[10]  James R. Larus,et al.  Mining specifications , 2002, POPL '02.

[11]  Pavol Cerný,et al.  Synthesis of interface specifications for Java classes , 2005, POPL '05.

[12]  Jakob Rehof,et al.  Summarizing procedures in concurrent programs , 2004, POPL.

[13]  Manuvir Das,et al.  Perracotta: mining temporal API rules from imperfect traces , 2006, ICSE.

[14]  William G. Griswold,et al.  Dynamically discovering likely program invariants to support program evolution , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[15]  Paul Anderson,et al.  Design and Implementation of a Fine-Grained Software Inspection Tool , 2003, IEEE Trans. Software Eng..

[16]  Monica S. Lam,et al.  Automatic extraction of object-oriented component interfaces , 2002, ISSTA '02.

[17]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[18]  J. J. Whelan 5th international conference on software engineering , 1981, SOEN.

[19]  Dawson R. Engler,et al.  Bugs as deviant behavior: a general approach to inferring errors in systems code , 2001, SOSP.

[20]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[21]  Johannes Gehrke,et al.  MAFIA: A Performance Study of Mining Maximal Frequent Itemsets , 2003, FIMI.

[22]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[23]  Steven S. Muchnick,et al.  Advanced Compiler Design and Implementation , 1997 .

[24]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[25]  Dawson R. Engler,et al.  From uncertainty to belief: inferring the specification within , 2006, OSDI '06.

[26]  Rakesh Agarwal,et al.  Fast Algorithms for Mining Association Rules , 1994, VLDB 1994.

[27]  Rastislav Bodík,et al.  Jungloid mining: helping to navigate the API jungle , 2005, PLDI '05.