Julia L. Lawall,
Julien Brunel,
Nicolas Palix,
René Rydhof Hansen,
Henrik Stuart,
and Gilles Muller.
WYSIWIB: exploiting fine-grained program structure in a scriptable API-usage protocol-finding process.
Software: Practice and Experience,
43(1):67-92,
January 2013.
ISSN: 1097-024X.
Keyword(s): Linux,
bug finding,
program analysis.
Abstract: |
Bug-finding tools rely on specifications of what is correct or incorrect code. As it is difficult for a tool developer or user to anticipate all possible specifications, strategies for inferring specifications have been proposed. These strategies obtain probable specifications by observing common characteristics of code or execution traces, typically focusing on sequences of function calls. To counter the observed high rate of false positives, heuristics have been proposed for ranking or pruning the results. These heuristics, however, can result in false negatives, especially for rarely used functions. In this paper, we propose an alternate approach to specification inference, in which the user guides the inference process using patterns of code that reflect the user's understanding of the conventions and design of the targeted software project. We focus on specifications describing the correct usage of API functions, which we refer to as API protocols. Our approach builds on the Coccinelle program matching and transformation tool, which allows a user to construct patterns that reflect the structure of the code to be matched. We evaluate our approach on the source code of the Linux kernel, which defines a very large number of API functions with varying properties. Linux is also critical software, implying that fixing even bugs involving rarely used protocols is essential. In our experiments, we use our approach to find over 3000 potential API protocols, with an estimated false positive rate of under 15% and use these protocols to find over 360 bugs in the use of API functions. Copyright © 2012 John Wiley & Sons, Ltd. |
@ARTICLE{SPE:SPE2013,
AUTHOR = {Julia L. Lawall and Julien Brunel and Nicolas Palix and René Rydhof Hansen and Henrik Stuart and Gilles Muller},
JOURNAL = {Software: Practice and Experience},
MONTH = {January},
OPTNOTE = {},
NUMBER = {1},
PAGES = {67-92},
PUBLISHER = {John Wiley & Sons, Ltd},
TITLE = {WYSIWIB: exploiting fine-grained program structure in a scriptable API-usage protocol-finding process},
VOLUME = {43},
YEAR = {2013},
ABSTRACT = {Bug-finding tools rely on specifications of what is correct or incorrect code. As it is difficult for a tool developer or user to anticipate all possible specifications, strategies for inferring specifications have been proposed. These strategies obtain probable specifications by observing common characteristics of code or execution traces, typically focusing on sequences of function calls. To counter the observed high rate of false positives, heuristics have been proposed for ranking or pruning the results. These heuristics, however, can result in false negatives, especially for rarely used functions. In this paper, we propose an alternate approach to specification inference, in which the user guides the inference process using patterns of code that reflect the user's understanding of the conventions and design of the targeted software project. We focus on specifications describing the correct usage of API functions, which we refer to as API protocols. Our approach builds on the Coccinelle program matching and transformation tool, which allows a user to construct patterns that reflect the structure of the code to be matched. We evaluate our approach on the source code of the Linux kernel, which defines a very large number of API functions with varying properties. Linux is also critical software, implying that fixing even bugs involving rarely used protocols is essential. In our experiments, we use our approach to find over 3000 potential API protocols, with an estimated false positive rate of under 15% and use these protocols to find over 360 bugs in the use of API functions. Copyright © 2012 John Wiley & Sons, Ltd.},
DOI = {10.1002/spe.2102},
OPTISBN = {},
ISSN = {1097-024X},
KEYWORDS = {Linux, bug finding, program analysis},
URL = {http://dx.doi.org/10.1002/spe.2102},
OPTURL-PUBLISHER = {}
}