Detecting Software Defects in Telecom Applications Through Lightweight Static Analysis: A War Story

In safety-critical and high-reliability systems, software development and maintenance are costly endeavors. The cost can be reduced if software errors can be identified through automatic tools such as program analyzers and compile-time software checkers. To this effect, this paper describes the architecture and implementation of a software tool that uses lightweight static analysis to detect discrepancies (i.e., software defects such as exception-raising code or hidden failures) in large commercial telecom applications written in Erlang. Our tool, starting from virtual machine bytecode, discovers, tracks, and propagates type information which is often implicit in Erlang programs, and reports warnings when a variety of type errors and other software discrepancies are identified. Since the analysis currently starts from bytecode, it is completely automatic and does not rely on any user annotations. Moreover, it is effective in identifying software defects even in cases where source code is not available, and more specifically in legacy software which is often employed in high-reliability systems in operation, such as telecom switches. We have applied our tool to a handful of real-world applications, each consisting of several hundred thousand lines of code, and describe our experiences and the effectiveness of our techniques.

[1]  EvansDavid,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002 .

[2]  Mikael Pettersson,et al.  A high performance Erlang system , 2000, PPDP '00.

[3]  Joe Armstrong,et al.  Concurrent programming in ERLANG , 1993 .

[4]  Prateek Mishra,et al.  Declaration-free type checking , 1985, POPL.

[5]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[6]  Lee Naish,et al.  The NU-Prolog Debugging Environment , 1989, ICLP.

[7]  Matthias Felleisen,et al.  DrScheme: a programming environment for Scheme , 2002, J. Funct. Program..

[8]  Fiffi Hellstrand,et al.  AXD 301: A new generation ATM switching system , 1999, Comput. Networks.

[9]  Dawson R. Engler,et al.  Static Analysis versus Software Model Checking for Bug Finding , 2004, VMCAI.

[10]  Kent Boortz,et al.  World-class product certification using Erlang , 2002, ACM SIGPLAN Notices.

[11]  Sven-Olof Nyström A soft-typing system for Erlang , 2003, ERLANG '03.

[12]  Philip Wadler,et al.  A practical subtyping system for Erlang , 1997, ICFP '97.

[13]  Mikael Pettersson,et al.  The HiPE/x86 Erlang Compiler: System Description and Performance Evaluation , 2002, FLOPS.

[14]  Manuel V. Hermenegildo,et al.  Program Development Using Abstract Interpretation (And The Ciao System Preprocessor) , 2003, SAS.

[15]  David Evans,et al.  Improving Security Using Extensible Lightweight Static Analysis , 2002, IEEE Softw..

[16]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[17]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[18]  Claes Wikström,et al.  Concurrent programming in ERLANG (2nd ed.) , 1996 .

[19]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.