A framework for the static verification of api calls

Journal of Systems and Software

Volumn 80, Issue 7, 2007, Pages 1156-1168

  Spinellis, Diomidis ^a   Louridas, Panagiotis ^a  

^a ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

api; FindBugs; Library; Programming by contract; Static analysis

Indexed keywords

COMPUTER SOFTWARE; COMPUTER VIRUSES; DIGITAL LIBRARIES; ERROR ANALYSIS; STATIC ANALYSIS; VERIFICATION;

FINDBUGS; PROGRAM CODE; PROGRAM LOGIC; PROGRAMMING BY CONTRACT;

CODES (SYMBOLS);

EID: 34248582382     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2006.09.040     Document Type: Article

References (53)

1. Arnold K., Gosling J., and Holmes D. The Java Programming Language. fourth ed. (2005), Addison-Wesley, Boston, MA
2. Artho C., Barringer H., Goldberg A., Havelund K., Khurshid S., Lowry M., Pasareanu C., Rosu G., Sen K., Visser W., and Washington R. Combining test case generation and runtime verification. Theor. Comput. Sci. 336 2-3 (2005) 209-234
3. Ball, T., Rajamani, S.K., 2002. The SLAM project: debugging system software via static analysis. In: POPL'02: Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 1-3.
4. Ball, T., Cook, B., Levin, V., Rajamani, S.K., 2004. SLAM and static driver verifier: technology transfer of formal methods inside Microsoft. Tech. Rep. MSR-TR-2004-08, Microsoft Research, Redmond, WA.
5. Barach D.R., Taenzer D.H., and Wells R.E. A technique for finding storage allocation errors in C-language programs. SIGPLAN Notices 17 7 (1982) 32-38
6. Barringer, H., Finkbeiner, B., Gurevich, Y., Sipma, H.B. (Eds.), 2006. Proceedings of the Fifth Workshop on Runtime Verification (RV 2005). Electronic Notes in Theoretical Computer Science, 144(4).
7. Beck K., and Gamma E. Test infected: programmers love writing tests. Java Report 3 7 (1998) 37-50
8. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X., 2003. A static analyzer for large safety-critical software. In: PLDI'03: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 196-207.
9. Burdy L., Cheon Y., Cok D.R., Ernst M.D., Kiniry J.R., Leavens G.T., Leino K.R.M., and Poll E. An overview of JML tools and applications. Int. J. Software Tools Technol. Transfer 7 3 (2005) 212-232
10. Bush W.R., Pincus J.D., and Sielaff D.J. A static analyzer for finding dynamic programming errors. Software-Pract. Exp. 30 7 (2000) 775-802
11. Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H., 2003. Modular verification of software components in C. In: ICSE'03: Proceedings of the 25th International Conference on Software Engineering, pp. 385-395.
12. Chen, H., Wagner, D., 2002. MOPS: an infrastructure for examining security properties of software. In: CCS'02: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 235-244.
13. Cok D.R., and Kiniry J.R. ESC/Java2: Uniting ESC/Java and JML-progress and issues in building and using ESC/Java2. In: Barthe G., Burdy L., Huisman M., et al. (Eds). Construction and Analysis of Safe, Secure, and Interoperable Smart Devices: International Workshop, CASSIS 2004. Lecture Notes in Computer Science vol. 3362 (2004), Springer-Verlag 108-129
14. Copeland T. PMD Applied (2005), Centennial Books
15. Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Pǎsǎreanu, C.S., Robby, Zheng, H., 2000. Bandera: extracting finite-state models from Java source code. In: ICSE'00: Proceedings of the 22nd International Conference on Software engineering, pp. 439-448.
16. Cousot, P., Cousot, R., 1977. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: POPL'77: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238-252.
17. Csallner, C., Smaragdakis, Y., 2005. Check 'n' crash: Combining static checking and testing. In: ICSE'05: Proceedings of the 27th International Conference on Software Engineering, pp. 422-431.
18. Dahm M. Byte code engineering. In: Cap C.H. (Ed). JIT'99, Java-Informations-Tage 1999 (1999), Springer-Verlag 267-277
19. Das, M., Lerner, S., Seigle, M., 2002. ESP: Path-sensitive program verification in polynomial time. In: PLDI'02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp. 57-68.
20. DeLine, R., Fähndrich, M., 2001. Enforcing high-level protocols in low-level software. In: PLDI'01: Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation, pp. 59-69.
21. DeLine, R., Fähndrich, M., 2004. The Fugue protocol checker: Is your software Baroque? Tech. Rep. MSR-TR-2004-07, Microsoft Research, Redmond, WA.
22. Engler, D., Chen, D.Y., Hallem, S., Chou, A., Chelf, B., 2001. Bugs as deviant behavior: A general approach to inferring errors in systems code. In: SOSP'01: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, pp. 57-72.
23. Evans D., and Larochelle D. Improving security using extensible lightweight static analysis. IEEE Software 19 1 (2002) 42-51
24. Fagan M.E. Design and code inspections to reduce errors in program development. IBM Syst. J. 15 3 (1976) 182-211
25. Findler R.B., Clements J., Flanagan C., Flatt M., Krishnamurthi S., Steckler P., and Felleisen M. DrScheme: a programming environment for Scheme. J. Funct. Program. 12 2 (2002) 159-182
26. Flanagan, C., Leino, K.R.M., 2001. Houdini, an annotation assistant for ESC/Java. In: FME'01: Proceedings of the International Symposium of Formal Methods Europe on Formal Methods for Increasing Software Productivity, pp. 500-517.
27. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R., 2002. Extended static checking for Java. In: PLDI'02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp. 234-245.
28. In: Guttag J.V., and Horning J.J. (Eds). Larch: Languages and Tools for Formal Specification (1993), Springer-Verlag
29. Hallem, S., Chelf, B., Xie, Y., Engler, D., 2002. A system and language for building system-specific, static analyses. In: PLDI'02: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp. 69-82.
30. Havelund K., and Roşu G. An overview of the runtime verification tool Java PathExplorer. Formal Methods Syst. Design 24 2 (2004) 189-215
31. Hovemeyer, D., Pugh, W., 2004. Finding bugs is easy. In: OOPSLA'04: Companion to the 19th Annual ACM SIGPLAN Conference on Object-Oriented Programming Systems, Languages, and Applications, pp. 132-136.
32. Jackson D. Aspect: detecting bugs with abstract dependences. ACM Trans. Software Eng. Methodol. 4 2 (1995) 109-145
33. Jim, T., Morrisett, G., Grossman, D., Hicks, M., Cheney, J., Wang, Y., 2002. Cyclone: a safe dialect of C. In: USENIX Annual Technical Conference, pp. 275-288.
34. JLint, 2004. JLint. Available online .
35. Johnson, S., 1977. Lint, a C program checker. Computer Science Technical Report 65, Bell Laboratories, Murray Hill, NJ.
36. Johnson S.C., and Lesk M.E. Language development tools. Bell Syst. Technical J. 56 6 (1987) 2155-2176
37. Jones C. Systematic Software Development using VDM (1990), Prentice-Hall, Englewood Cliffs, NJ
38. Kiczales G., Hilsdale E., Hugunin J., Kersten M., Palm J., and Griswold W. Getting started with ASPECTJ. Commun. ACM 44 10 (2001) 59-65
39. Larus J.R., Ball T., Das M., DeLine R., Fähndrich M., Pincus J., Rajamani S.K., and Venkatapathy R. Righting software. IEEE Software 21 3 (2004) 92-100
40. Leavens, G.T., Baker, A.T., Ruby, C., 2005. Preliminary design of JML: A behavioral interface specification for Java. Tech. Rep. TR #98-06-rev28, Department of Computer Science, University of Iowa, Ames, IA.
41. Lindahl T., and Sagonas K. Detecting software defects in telecom applications through lightweight static analysis: a war story. APLAS 2004: Second Asian Symposium on Programming Languages and Systems. Lecture Notes in Computer Science vol. 3302 (2004), Springer 91-106
42. Mandelin, D., Xu, L., Bodík, R., Kimelman, D., 2005. Jungloid mining: helping to navigate the api jungle. In: PLDI'05: Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 48-61.
43. Marinov, D., Khurshid, S., 2001. TestEra: A novel framework for automated testing of Java programs. In: ASE'01: Proceedings of the 16th IEEE International Conference on Automated Software Engineering. IEEE Computer Society, Washington, DC, USA, p. 22.
44. Meyer B. Object-Oriented Software Construction. second ed. (1997), Prentice Hall PTR, Upper Saddle River, NJ
45. Pnueli A., Zaks A., and Zuck L.D. Monitoring interfaces for faults. Electron. Notes Theor. Comput. Sci. 144 4 (2006) 73-89
46. Reimer, D., Schonberg, E., Srinivas, K., Srinivasan, H., Alpern, B., Johnson, R.D., Kershenbaum, A., Koved, L., 2004. SABER: Smart analysis based error reduction. In: ISSTA'04: Proceedings of the 2004 ACM SIGSOFT International Symposium on Software Testing and Analysis, pp. 243-251.
47. Rutar, N., Almazan, C.B., Foster, J.S., 2004. A comparison of bug finding tools for Java. In: ISSRE'04: Proceedings of the 15th International Symposium on Software Reliability Engineering (ISSRE'04), pp. 245-256.
48. Spinellis D. Notable design patterns for domain specific languages. J. Syst. Software 56 1 (2001) 91-99
49. Spinellis D. Code Quality: The Open Source Perspective (2006), Addison-Wesley, Boston, MA
50. Szyperski C. Component Software: Behind Object-Oriented Programming. second ed. (2002), Addison-Wesley, Reading, MA
51. Viega, J., Bloch, J.T., Kohno, Y., McGraw, G., 2000. ITS4: A static vulnerability scanner for C and C++ code. In: ACSAC'00: Proceedings of the 16th Annual Computer Security Applications Conference, p. 257.
52. Weiser, M., 1981. Program slicing. In: ICSE'81: Proceedings of the 5th International Conference on Software Engineering, pp. 439-449.
53. Wright A.K., and Cartwright R. A practical soft type system for Scheme. ACM Trans. Prog. Lang. Syst. 19 1 (1997) 87-152