Systematic software development using VDM
Systematic software development using VDM
Larch: languages and tools for formal specification
Larch: languages and tools for formal specification
Aspect: detecting bugs with abstract dependences
ACM Transactions on Software Engineering and Methodology (TOSEM)
A practical soft type system for scheme
ACM Transactions on Programming Languages and Systems (TOPLAS)
Object-oriented software construction (2nd ed.)
Object-oriented software construction (2nd ed.)
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
Notable design patterns for domain-specific languages
Journal of Systems and Software
Enforcing high-level protocols in low-level software
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
Communications of the ACM
Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
The SLAM project: debugging system software via static analysis
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Component Software: Beyond Object-Oriented Programming
Component Software: Beyond Object-Oriented Programming
MOPS: an infrastructure for examining security properties of software
Proceedings of the 9th ACM conference on Computer and communications security
ATEC '02 Proceedings of the General Track of the annual conference on USENIX Annual Technical Conference
Modular verification of software components in C
Proceedings of the 25th International Conference on Software Engineering
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
ITS4: A static vulnerability scanner for C and C++ code
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
ICSE '81 Proceedings of the 5th international conference on Software engineering
TestEra: A Novel Framework for Automated Testing of Java Programs
Proceedings of the 16th IEEE international conference on Automated software engineering
DrScheme: a programming environment for Scheme
Journal of Functional Programming
An Overview of the Runtime Verification Tool Java PathExplorer
Formal Methods in System Design
A technique for finding storage allocation errors in C-language programs
ACM SIGPLAN Notices
SABER: smart analysis based error reduction
ISSTA '04 Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
A Comparison of Bug Finding Tools for Java
ISSRE '04 Proceedings of the 15th International Symposium on Software Reliability Engineering
Check 'n' crash: combining static checking and testing
Proceedings of the 27th international conference on Software engineering
Jungloid mining: helping to navigate the API jungle
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
An overview of JML tools and applications
International Journal on Software Tools for Technology Transfer (STTT) - Special section on formal methods for industrial critical systems
Combining test case generation and runtime verification
Theoretical Computer Science - Abstract state machines and high-level system design and analysis
IEEE Software
Design and code inspections to reduce errors in program development
IBM Systems Journal
Monitoring Interfaces for Faults
Electronic Notes in Theoretical Computer Science (ENTCS)
ESC/Java2: uniting ESC/Java and JML
CASSIS'04 Proceedings of the 2004 international conference on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices
Static Program Analysis for Java Card Applets
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
A type system for regular expressions
Proceedings of the 14th Workshop on Formal Techniques for Java-like Programs
Explicating SDKs: uncovering assumptions underlying secure authentication and authorization
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.00 |
A number of tools can statically check program code to identify commonly encountered bug patterns. At the same time, programs are increasingly relying on external apis for performing the bulk of their work: the bug-prone program logic is being fleshed-out, and many errors involve tricky subroutine calls to the constantly growing set of external libraries. Extending the static analysis tools to cover the available apis is an approach that replicates scarce human effort across different tools and does not scale. Instead, we propose moving the static api call verification code into the api implementation, and distributing the verification code together with the library proper. We have designed a framework for providing static verification code together with Java classes, and have extended the FindBugs static analysis tool to check the corresponding method invocations. To validate our approach we wrote verification tests for 100 different methods, and ran FindBugs on 6.9 million method invocations on what amounts to about 13 million lines of production-quality code. In the set of 55 thousand method invocations that could potentially be statically verified our approach identified 800 probable errors.