WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process1. (16th January 2012)
- Record Type:
- Journal Article
- Title:
- WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process1. (16th January 2012)
- Main Title:
- WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process1
- Authors:
- Lawall, Julia L.
Brunel, Julien
Palix, Nicolas
Hansen, René Rydhof
Stuart, Henrik
Muller, Gilles - Abstract:
- <abstract abstract-type="main" id="spe2102-abs-0001"> <title>SUMMARY</title> <p id="spe2102-para-0003">Bug‐finding tools rely on specifications of what is correct or incorrect code. As it is difficult for a tool developer or user to anticipate all possible specifications, strategies for inferring specifications have been proposed. These strategies obtain probable specifications by observing common characteristics of code or execution traces, typically focusing on sequences of function calls. To counter the observed high rate of false positives, heuristics have been proposed for ranking or pruning the results. These heuristics, however, can result in false negatives, especially for rarely used functions. In this paper, we propose an alternate approach to specification inference, in which the user guides the inference process using patterns of code that reflect the user's understanding of the conventions and design of the targeted software project. We focus on specifications describing the correct usage of API functions, which we refer to as API protocols. Our approach builds on the Coccinelle program matching and transformation tool, which allows a user to construct patterns that reflect the structure of the code to be matched. We evaluate our approach on the source code of the Linux kernel, which defines a very large number of API functions with varying properties. Linux is also critical software, implying that fixing even bugs involving rarely used protocols is essential.<abstract abstract-type="main" id="spe2102-abs-0001"> <title>SUMMARY</title> <p id="spe2102-para-0003">Bug‐finding tools rely on specifications of what is correct or incorrect code. As it is difficult for a tool developer or user to anticipate all possible specifications, strategies for inferring specifications have been proposed. These strategies obtain probable specifications by observing common characteristics of code or execution traces, typically focusing on sequences of function calls. To counter the observed high rate of false positives, heuristics have been proposed for ranking or pruning the results. These heuristics, however, can result in false negatives, especially for rarely used functions. In this paper, we propose an alternate approach to specification inference, in which the user guides the inference process using patterns of code that reflect the user's understanding of the conventions and design of the targeted software project. We focus on specifications describing the correct usage of API functions, which we refer to as API protocols. Our approach builds on the Coccinelle program matching and transformation tool, which allows a user to construct patterns that reflect the structure of the code to be matched. We evaluate our approach on the source code of the Linux kernel, which defines a very large number of API functions with varying properties. Linux is also critical software, implying that fixing even bugs involving rarely used protocols is essential. In our experiments, we use our approach to find over 3000 potential API protocols, with an estimated false positive rate of under 15% and use these protocols to find over 360 bugs in the use of API functions. Copyright © 2012 John Wiley &amp; Sons, Ltd.</p> </abstract> … (more)
- Is Part Of:
- Software, practice & experience. Volume 43:Number 1(2013)
- Journal:
- Software, practice & experience
- Issue:
- Volume 43:Number 1(2013)
- Issue Display:
- Volume 43, Issue 1 (2013)
- Year:
- 2013
- Volume:
- 43
- Issue:
- 1
- Issue Sort Value:
- 2013-0043-0001-0000
- Page Start:
- 67
- Page End:
- 92
- Publication Date:
- 2012-01-16
- Subjects:
- Computer software -- Periodicals
Computer programming -- Periodicals
Computer programs -- Periodicals
005.3 - Journal URLs:
- http://onlinelibrary.wiley.com/ ↗
- DOI:
- 10.1002/spe.2102 ↗
- Languages:
- English
- ISSNs:
- 0038-0644
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 8321.453000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 4099.xml