The Humane Bugfinder : Modular Static Analysis Using a SAT Solver

Assertion checking is a widely used technique to discover inconsistencies between specified behavior and actual implementation behavior. A modular, static analysis approach that is suitable for component-based systems is introduced. In the first stage of this approach, using only specifications of reused components and internal assertions in the implementation code (e.g., loop invariants), assertions for verification of correctness are generated. In the second stage, error hypotheses are generated as Boolean formulae— an idea inspired by results on scope restriction from the model checking community. The generated formulae are such that a satisfiable assignment not only indicates an error but provides a directly human-readable trace of a witness to the bug. An example checked using an existing SAT solver suggests that the approach is promising from the practical standpoint.

[1]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[2]  Cliff B. Jones,et al.  Systematic software development using VDM , 1986, Prentice Hall International Series in Computer Science.

[3]  Bruce W. Weide,et al.  Copying and Swapping: Influences on the Design of Reusable Software Components , 1991, IEEE Trans. Software Eng..

[4]  Bruce Weide,et al.  Component-based software using RESOLVE , 1994, SOEN.

[5]  Jeffrey M. Voas Quality Time: How Assertions Can Increase Test Effectiveness , 1997, IEEE Softw..

[6]  Murali Sitaraman,et al.  On the Practical Need for Abstraction Relations to Verify Abstract Data Type Representations , 1997, IEEE Trans. Software Eng..

[7]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[8]  Stephen H. Edwards,et al.  A framework for detecting interface violations in component-based software , 1998, Proceedings. Fifth International Conference on Software Reuse (Cat. No.98TB100203).

[9]  Andrew Duncan,et al.  Adding Contracts to Java with Handshake , 1998 .

[10]  Bruce W. Weide,et al.  Experience report: using RESOLVE/C++ for commercial software , 2000, SIGSOFT '00/FSE-8.

[11]  Gregory Kulczycki,et al.  Reasoning about Software-Component Behavior , 2000, ICSR.

[12]  Daniel Jackson,et al.  Finding bugs with a constraint solver , 2000, ISSTA '00.

[13]  Matthias Felleisen,et al.  Behavioral contracts and behavioral subtyping , 2001, ESEC/FSE-9.

[14]  M. Moskewicz,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[15]  Bruce W. Weide,et al.  Specification and Verification with References , 2001 .

[16]  Wolfgang Küchlin,et al.  PaSAT - Parallel SAT-Checking with Lemma Exchange: Implementation and Applications , 2001, Electron. Notes Discret. Math..

[17]  Andreas Kaiser A SAT-based propositional prover for consistency checking of automotive product data , 2001 .

[18]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002 .

[19]  Bruce W. Weide Component‐Based Systems , 2002 .

[20]  M. Sitaraman,et al.  Modular Verification of Performance Constraints , 2003 .

[21]  Yoonsik Cheon,et al.  A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[22]  Nikolai Tillmann,et al.  Serious Specification for Composing Components , 2003 .