Deriving specialized program analyses for certifying component-client conformance

We are concerned with the problem of statically certifying (verifying) whether the client of a software component conforms to the component's constraints for correct usage. We show how conformance certification can be efficiently carried out in a staged fashion for certain classes of first-order safety (FOS) specifications, which can express relationship requirements among potentially unbounded collections of runtime objects. In the first stage of the certification process, we systematically derive an abstraction that is used to model the component state during analysis of arbitrary clients. In general, the derived abstraction will utilize first-order predicates, rather than the propositions often used by model checkers. In the second stage, the generated abstraction is incorporated into a static analysis engine to produce a certifier. In the final stage, the resulting certifier is applied to a client to conservatively determine whether the client violates the component's constraints. Unlike verification approaches that analyze a specification and client code together, our technique can take advantage of computationally-intensive symbolic techniques during the abstraction generation phase, without affecting the performance of client analysis. Using as a running example the Concurrent Modification Problem (CMP), which arises when certain classes defined by the Java Collections Framework are misused, we describe several different classes of certifiers with varying time/space/precision tradeoffs. Of particular note are precise, polynomial-time, flow- and context-sensitive certifiers for certain classes of FOS specifications and client programs. Finally, we evaluate a prototype implementation of a certifier for CMP on a variety of test programs. The results of the evaluation show that our approach, though conservative, yields very few "false alarms," with acceptable performance.

[1]  Barbara G. Ryder,et al.  Pointer-induced aliasing: a problem classification , 1991, POPL '91.

[2]  Robert DeLine,et al.  Enforcing high-level protocols in low-level software , 2001, PLDI '01.

[3]  Mark N. Wegman,et al.  Analysis of pointers and structures , 1990, SIGP.

[4]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[5]  Neil D. Jones,et al.  A flexible approach to interprocedural data flow analysis and programs with recursive data structures , 1982, POPL '82.

[6]  Eran Yahav,et al.  Verifying safety properties of concurrent Java programs using 3-valued logic , 2001, POPL '01.

[7]  Alan Fekete,et al.  Lightweight Analysis of Object Interactions , 2001, TACS.

[8]  Mark Allen Weiss,et al.  Data structures and problem solving using Java , 1997, SIGA.

[9]  Patrick Chan,et al.  The Java Class Libraries: Supplement for the Java 2 Platform , 1999 .

[10]  Mooly Sagiv,et al.  Deriving specialized heap analyses for verifying component-client conformance , 2001 .

[11]  Laurie J. Hendren,et al.  Optimizing Java Bytecode Using the Soot Framework: Is It Feasible? , 2000, CC.

[12]  Noam Rinetzky,et al.  Interprocedural Shape Analysis for Recursive Programs , 2001, CC.

[13]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[14]  Reinhard Wilhelm,et al.  Solving shape-analysis problems in languages with destructive updating , 1998, TOPL.

[15]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[16]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[17]  David Grove,et al.  Optimization of Object-Oriented Programs Using Static Class Hierarchy Analysis , 1995, ECOOP.

[18]  K. Rustan M. Leino,et al.  ESC/Java User's Manual , 2000 .

[19]  Roberto Giacobazzi,et al.  Making abstract interpretations complete , 2000, JACM.

[20]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[21]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[22]  Saumya K. Debray,et al.  On the complexity of flow-sensitive dataflow analyses , 2000, POPL '00.

[23]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[24]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[25]  Paul N. Hilfinger,et al.  Analysis of recursive types in an imperative language , 1994 .

[26]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[27]  Shmuel Sagiv,et al.  TVLA: A System for Implementing Static Analyses , 2000, SAS.

[28]  John Banning,et al.  : An Efficient , 2022 .

[29]  Patrick Cousot,et al.  Semantic foundations of program analysis , 1981 .

[30]  Hassen Saïdi,et al.  Model Checking Guided Abstraction and Analysis , 2000, SAS.

[31]  Daniel Jackson,et al.  Finding bugs with a constraint solver , 2000, ISSTA '00.

[32]  Ken Kennedy,et al.  Interprocedural side-effect analysis in linear time , 1988, PLDI '88.