Generation And Verification Of Software Robustness Properties Through Static Analysis

No Thumbnail Available

Date

2006-01-06

Journal Title

Series/Report No.

Journal ISSN

Volume Title

Publisher

Abstract

Increasing reliance on computers calls for the need of robust software especially in critical applications such as those used in military, hospital etc. Traditional software testing techniques focus on functionality and ignore stressful conditions and exception handling. Poor programming practices may lead to critical software robustness failures resulting in memory corruption, application crashes and file system failures. Such robustness failures can be detected by many static analysis tools. However the difficulty in using existing tools is that they require users to provide robustness properties which need to be checked. Currently these properties which require source code and interface level information are mostly manually specified. This work proposes an FSA Generator framework that automatically generates concrete properties. Users only need to specify high level generic properties in simple finite state machines. The framework converts these generic properties into concrete language specific properties using source code information from a pattern database and interface level information from an API specification database. The automated cost effective generation of concrete properties makes static analysis scalable and efficient. Experimental evaluation using the generated properties and a static checker has found numerous robustness bugs in more than ten open source packages.

Description

Keywords

static analysis, AST, API, generic, violations, FSA, properties, concrete, robustness

Citation

Degree

MS

Discipline

Computer Science

Collections