Path-Sensitive Inference of Function Precedence Protocols
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Static specification inference using predicate mining
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
/*icomment: bugs or bad comments?*/
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Automatic inference of stationary fields: a generalization of java's final fields
Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Symbolic mining of temporal specifications
Proceedings of the 30th international conference on Software engineering
Protocol Inference Using Static Path Profiles
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Javert: fully automatic mining of general temporal properties from dynamic traces
Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering
Graph-based mining of multiple object usage patterns
Proceedings of the the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
A factor graph model for software bug finding
IJCAI'07 Proceedings of the 20th international joint conference on Artifical intelligence
Static extraction of program configuration options
Proceedings of the 33rd International Conference on Software Engineering
Checking conformance of a producer and a consumer
Proceedings of the 19th ACM SIGSOFT symposium and the 13th European conference on Foundations of software engineering
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
Inferring specifications for resources from natural language API documentation
Automated Software Engineering
BLR-D: applying bilinear logistic regression to factored diagnosis problems
SLAML '11 Managing Large-scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques
BLR-D: applying bilinear logistic regression to factored diagnosis problems
ACM SIGOPS Operating Systems Review
Statically checking API protocol conformance with mined multi-object specifications
Proceedings of the 34th International Conference on Software Engineering
Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Software—Practice & Experience
Towards fully automatic placement of security sanitizers and declassifiers
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Almost-correct specifications: a modular semantic framework for assigning confidence to warnings
Proceedings of the 34th ACM SIGPLAN conference on Programming language design and implementation
Inferring likely mappings between APIs
Proceedings of the 2013 International Conference on Software Engineering
Scalable and incremental software bug detection
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Hi-index | 0.00 |
Automatic tools for finding software errors require a set of specifications before they can check code: if they do not know what to check, they cannot find bugs. This paper presents a novel framework based on factor graphs for automatically inferring specifications directly from programs. The key strength of the approach is that it can incorporate many disparate sources of evidence, allowing us to squeeze significantly more information from our observations than previously published techniques. We illustrate the strengths of our approach by applying it to the problem of inferring what functions in C programs allocate and release resources. We evaluated its effectiveness on five codebases: SDL, OpenSSH, GIMP, and the OS kernels for Linux and Mac OS X (XNU). For each codebase, starting with zero initially provided annotations, we observed an inferred annotation accuracy of 80-90%, with often near perfect accuracy for functions called as little as five times. Many of the inferred allocator and deallocator functions are functions for which we both lack the implementation and are rarely called-in some cases functions with at most one or two callsites. Finally, with the inferred annotations we quickly found both missing and incorrect properties in a specification used by a commercial static bug-finding tool.