A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Dynamically Discovering Likely Program Invariants to Support Program Evolution
IEEE Transactions on Software Engineering - Special issue on 1999 international conference on software engineering
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Automatic extraction of object-oriented component interfaces
ISSTA '02 Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs
CC '02 Proceedings of the 11th International Conference on Compiler Construction
Understanding belief propagation and its generalizations
Exploring artificial intelligence in the new millennium
Bug isolation via remote program sampling
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A practical flow-sensitive and context-sensitive C and C++ memory leak detector
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Debugging temporal specifications with concept analysis
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
MECA: an extensible, expressive system and language for statically checking security properties
Proceedings of the 10th ACM conference on Computer and communications security
Static analysis for bug finding in systems software
Static analysis for bug finding in systems software
Efficient incremental algorithms for dynamic detection of likely invariants
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
PSE: explaining program failures via postmortem static analysis
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Synthesis of interface specifications for Java classes
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Scalable error detection using boolean satisfiability
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Scalable statistical bug isolation
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Context- and path-sensitive memory leak detection
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
DynaMine: finding common error patterns by mining software revision histories
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Perracotta: mining temporal API rules from imperfect traces
Proceedings of the 28th international conference on Software engineering
Mining temporal specifications for error detection
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Factor graphs and the sum-product algorithm
IEEE Transactions on Information Theory
Mining API patterns as partial orders from source code: from usage scenarios to specifications
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Context-based detection of clone-related bugs
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
Towards easing the diagnosis of bugs in OS code
Proceedings of the 4th workshop on Programming languages and operating systems
Dynamic inference of likely data preconditions over predicates by tree learning
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
SNIFF: A Search Engine for Java Using Free-Form Queries
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic generation of library bindings using static analysis
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic dimension inference and checking for object-oriented programs
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Proceedings of the sixth conference on Computer systems
Probabilistic, modular and scalable inference of typestate specifications
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Finding resource-release omission faults in Linux
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
Configuration coverage in the analysis of large-scale system software
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
BLOCK: a black-box approach for detection of state violation attacks towards web applications
Proceedings of the 27th Annual Computer Security Applications Conference
Finding resource-release omission faults in Linux
ACM SIGOPS Operating Systems Review
Configuration coverage in the analysis of large-scale system software
ACM SIGOPS Operating Systems Review
Understanding linux feature distribution
Proceedings of the 2012 workshop on Modularity in Systems Software
What is my program doing? program dynamics in programmer's terms
RV'11 Proceedings of the Second international conference on Runtime verification
Toward general diagnosis of static errors
Proceedings of the 41st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages
| Hi-index | 0.00 |
Automatic tools for finding software errors require a set of specifications before they can check code: if they do not know what to check, they cannot find bugs. This paper presents a novel framework based on factor graphs for automatically inferring specifications directly from programs. The key strength of the approach is that it can incorporate many disparate sources of evidence, allowing us to squeeze significantly more information from our observations than previously published techniques. We illustrate the strengths of our approach by applying it to the problem of inferring what functions in C programs allocate and release resources. We evaluated its effectiveness on five codebases: SDL, OpenSSH, GIMP, and the OS kernels for Linux and Mac OS X (XNU). For each codebase, starting with zero initially provided annotations, we observed an inferred annotation accuracy of 80--90%, with often near perfect accuracy for functions called as little asfive times. Many of the inferred allocator and deallocator functions are functions for which we both lack the implementation and are rarely called---in some cases functions with at most one or two callsites. Finally, with the inferred annotations we quickly found both missing and incorrect properties in a specification used by a commercial static bug-finding tool.