WO2010031731A1 - Method of analyzing a computer program - Google Patents

Method of analyzing a computer program Download PDF

Info

Publication number
WO2010031731A1
WO2010031731A1 PCT/EP2009/061752 EP2009061752W WO2010031731A1 WO 2010031731 A1 WO2010031731 A1 WO 2010031731A1 EP 2009061752 W EP2009061752 W EP 2009061752W WO 2010031731 A1 WO2010031731 A1 WO 2010031731A1
Authority
WO
WIPO (PCT)
Prior art keywords
action
antecedent
dependency rule
consequent
dependency
Prior art date
Application number
PCT/EP2009/061752
Other languages
French (fr)
Inventor
Ravikanth Kandula
Chinmay Narayan
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to EP09782871A priority Critical patent/EP2329375A1/en
Publication of WO2010031731A1 publication Critical patent/WO2010031731A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3608Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/40Transformation of program code
    • G06F8/41Compilation
    • G06F8/43Checking; Contextual analysis
    • G06F8/433Dependency analysis; Data or control flow analysis

Definitions

  • the present invention relates to a method, a computer- readable media and a system for analyzing a computer program.
  • a compiler produces an object program from the source code of a computer program.
  • static code analyzers have been used.
  • the static code analyzers are limited to detecting errors related to programming language semantics and pragmatics.
  • the static code analyzers are incapable of detecting errors due to the violation of dependencies between statements of a computer program, as this requires knowledge of the computer program' s internal organization, logic and flow. Violation of dependencies results into run time errors when a pre-condition or a postcondition of a statement of a program is not satisfied.
  • Dependencies between statements can be temporal as well as protocol related.
  • the temporal dependency errors are induced as a result of ignorance of certain necessary actions, such as performing an unguarded update of shared data, attempting an update on a resource without first acquiring it, non release of resources, and the like.
  • the protocol related dependency errors are induced as a result of use of incompatible actions, such as, use of new with free is C++, and the like.
  • the above object is achieved by a method and a computer- readable media for analyzing a computer program, wherein the method comprises receiving a dependency rule as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly, analyzing the program using a dataflow analyzer to determine if there is a violation of the dependency rule and providing an indication of an error based on the violation of the dependency rule.
  • the reception of a dependency rule as an input enables a user to specify the dependencies between statements of a computer program.
  • the use of dataflow analyzer to analyze if there is a violation of the dependency rule enables the method to be used with existing program analyses frameworks.
  • the dependency rule comprises an antecedent, an action, and a consequent, wherein the antecedent is a pre-condition that should be satisfied for the safe execution of the action the antecedent is associated with, the action is the statement in the source code whose safe execution depends on the antecedent, and the consequent is a result of the successful execution of the action.
  • the antecedent and the consequent specify a precondition and a post-condition respectively that specify a user' s knowledge that should be satisfied for the safe execution of an action.
  • the antecedent and the consequent are defined using a variant of first order predicate calculus. This enables a user to specify the antecedent and consequent in a general, intuitive, and powerful manner.
  • the analyzing of the program using the dataflow analyzer comprises generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code, performing a data flow analysis upon the node intermediate representation, determining if the action of the node matches with the action of the of the dependency rule and determining if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule.
  • Determining if the action of the node violates the dependency rule only if the action of the node matches with the action of the dependency rule enables in determining violation of dependencies of only that action of the node matching the action of the dependency rule.
  • the determination if the action of the node violates the dependency rule comprises instantiating the antecedent of the dependency rule based on a variable of the action of the node wherein the instantiation of the antecedent results into a ground instance of the antecedent, validating the instantiated antecedent against information stored in a fact base list, wherein the information stored in the fact base list comprises the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail, and the instantiation of the consequent results into a ground instance of the consequent, and identifying the action of the node to violate the dependency rule if the validation of the instantiated antecedent fails.
  • the validation of the instantiated antecedent against information stored in a fact base list enables determining if a pre-condition for at a given point in the program is satisfied or not.
  • the method further comprises updating the fact base list with the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail.
  • the fact base list enables storing available facts at run-time of the program analysis .
  • Another embodiment includes, a system for analyzing a computer program, comprising a receiving module for receiving a dependency rule as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly, an analyzing sub-system comprising a dataflow analyzer to determine if there is a violation of the dependency rule, and an indicator for providing an indication of an error based on the violation of the dependency rule.
  • the analyzing sub-system comprises an intermediate representation generator for generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code.
  • the intermediate representation provides advantages in analyzing and optimization the source code of the computer program.
  • the analyzing sub-system comprises a comparator to determine if the action of the node matches with the action of the of the dependency rule, and a dependency analyzer to determine if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule.
  • the comparator enables in determining if the action of the node matches with the action of the dependency rule.
  • the dependency analyzer determines if the action of the node violates the dependency rule.
  • the comparator and the dependency analyzer advantageously can be used with a dataflow analyzer.
  • FIG 1 depicts a representative hardware environment for practicing the embodiments herein,
  • FIG 2 illustrates a schematic block diagram of a system for detecting dependency errors in a computer program
  • FIG 3 illustrates an example of a computer program
  • FIG 4 illustrates an example of a computer program to describe the association of an antecedent and a consequent with an action
  • FIG 5a illustrates an example of a source code of a computer program
  • FIG 5b illustrates a CFG representation of the source code of FIG 5a
  • FIG 6 with references to 1 through 5b is a flow diagram illustrating a method of analyzing a computer program according to an embodiment herein.
  • FIG 1 depicts a representative hardware environment for practicing the embodiments herein.
  • the system comprises at least one processor or central processing unit (CPU) 101.
  • the CPU 101 is interconnected via bus 102 to various devices such as a memory 103, input/output (I/O) controller 104, and user interface controller 105.
  • the memory 103 may be volatile (such as random access memory (RAM) etc., non- volatile (read only memory (ROM), flash memory devices etc.,) or a combination of the two.
  • RAM random access memory
  • ROM read only memory
  • flash memory devices etc.
  • the memory 103 is used to store instructions and data for use by the CPU 101.
  • the I/O controller 104 can connect to peripheral devices, such as CD drives 107 and hard drives 108, or other program storage devices that are readable by the system.
  • peripheral devices such as CD drives 107 and hard drives 108, or other program storage devices that are readable by the system.
  • an operating system for the computer system 100 as well as an application program is stored onto the hard drive 108.
  • the operating system runs on the CPU 101 and is used to coordinate and provide control of various components within system 100.
  • the system 100 can read the inventive instructions on the hard drive 108 and load them onto the memory 103 for execution by the CPU 101.
  • the user interface controller 105 can connect to a keyboard 109, mouse 110, speaker 111, microphone 112, display device 113 and/or other user interface devices such as a touch screen device (not shown) to the bus 102 to gather user input and also to provide system output to the user.
  • FIG 2 illustrates a schematic block diagram of a system for detecting dependency errors in a computer program.
  • the system 120 comprises a receiving module 122 and an analyzing subsystem 124.
  • the receiving module 122 comprises one or more dependency rules which provide dependencies between statements of the program.
  • the analyzing sub-system 124 comprises an intermediate representation generator 126, a dataflow analyzer 128, a comparator 130, a dependency analyzer 132, and an indicator 134.
  • the receiving module 122 receives the dependency rules as input.
  • the dependency rules may be provided to the receiving module 122 as an input by a user.
  • the reception of the dependency rule as an input from the user facilitates the integration of the user's knowledge with the dataflow analyzer 128. This increases the effectiveness of the dataflow analyzer 128.
  • the user is a computer programmer.
  • the user can be an individual other than a computer programmer. Referring now to FIG 3, an example of a program snippet is illustrated.
  • a function strcpy () is called at statement 4 of the program.
  • the function strcpy () expects a user to allocate a memory segment of suitable size and pass a pointer to the memory segment as the first argument.
  • the dataflow analyzer 128 is aided by the user for updating its state and verifying pre-conditions according to the embodiments described below.
  • the dependency rule typically, comprises conditions required to be satisfied for the computer program to be executed correctly.
  • the dependency rule may be a tuple of the form (a, ⁇ , ⁇ ) where:
  • a is an antecedent, wherein the antecedent is a condition for the safe execution of the action the antecedent is associated with,
  • is an action, wherein the action is a statement in the program, whose safe execution depends on the antecedent, x is a consequent that follows as a result of successful execution of ⁇ .
  • the antecedent and the consequent are logical conditions associated with the action.
  • the action is the e statement whose safe execution is of concern.
  • the antecedent is the pre-condition that should be necessarily satisfied for the safe execution of the action
  • the consequent is the post-condition that may be assumed to hold after the execution of an action.
  • the antecedent and the consequent may be provided to the dataflow analyzer 128 during program analyses.
  • the antecedent is a necessary, but not a sufficient condition for the safe execution of the computer program.
  • a suitable antecedent and consequent may be associated.
  • every action needs to have an antecedent as well as a consequent associated with it, and one of these could be missing. When both are missing, an action neither has a directly discernible effect on some succeeding statement nor does it mandate its execution.
  • statement 1 comprising new is an action as the safe execution of statement 1 is of concern.
  • statements 2 and 3 comprising delete are actions.
  • the antecedent and consequent associated with the actions new and delete are shown in the table provided below:
  • variable x For the safe execution of new, the antecedent requires that the variable x be assigned the newly created object if the variable is not currently pointing to any allocated memory. The consequent of new states that the variable x of this action, will now point to a valid memory location created as the result of the action new.
  • the antecedent requires that the memory to be deleted is indeed currently allocated and that it was created earlier through a new. Following the successful completion of delete, the consequent may be assumed to be true. It states that this memory is no longer allocated.
  • a program statement may be associated with either an antecedent or a consequent or both. Antecedents and consequents themselves are expressed in a variant of first- order predicate logic.
  • the intermediate representation generator 126 generates an intermediate representation FG of the computer program from a source code of the computer program.
  • the intermediate representation of the source code comprises one or more nodes comprising at least one statement of the source code.
  • the intermediate representation may be, but not limited to, a control flow graph or an abstract syntax tree, and the like.
  • the intermediate representation generator 126 is a control flow graph generator, then a control flow graph is generated.
  • Each node in a control graph is a basic block comprising at least one statement of the source code.
  • FIG 5a illustrates a source code of a computer program.
  • the source code of FIG 5a is provided to the intermediate representation generator 126 of FIG 2, which according to an embodiment is a control flow graph generator.
  • FIG 5b illustrates a control flow graph representation of the source code of FIG 5a.
  • Each of the nodes 140 of the control flow graph is a basic block 142a through 142c.
  • a basic block is generally defined with one or more intermediate program statements with no embedded control flow, e.g., no intervening entry or exit point.
  • a basic block in a control flow graph represents a set of statements with no branching statements.
  • the basic blocks 142a through 142c comprises statements with no interleaving entry or exit points.
  • FIG 5a and FIG 5b the control flow graph generated by the intermediate representation generator 126 is provided to the dataflow analyzer 128.
  • the dataflow analyzer 128 capable of data flow analyses may be augmented to perform dependency analyses in order to detect dependency errors. This requires the integration of the antecedents and consequents with the data flow analyses and may be realized in the following ways:
  • the integration of the dataflow analyses with the antecedent and the consequent provides the advantage of the dataflow analyzer 128 being able to invoke the antecedent and the consequent during program analyses and not during a program execution.
  • the dataflow analyzer 128 performs dataflow analyses of each of the basic blocks 142a through 142c the control flow graph to infer properties of variables at each of the basic blocks 142 a through 142c. While performing the dataflow analyses, the dataflow analyzer 128 invokes the comparator 130. Typically, the comparator 130 is invoked whenever a new statement of the basic blocks 142a through 142c is encountered during dataflow analyses. The comparator 130 determines if the actions of the basic blocks 142a through 142c matches with the action of the dependency rule. If the action of any one of the basic blocks 142a through 142c matches with the action of the dependency rule, the comparator 130 invokes the dependency analyzer 132.
  • the dependency analyzer 132 analyses the control flow graph of the computer program along the flow of control by aggregating dependency information provided to the receiving module 122 through antecedents and consequents. Typically, the dependency analyzer 132 reads the dependency rule from the receiving module 122 and determines if the action of the current basic block violates a dependency rule read from the receiving module 122.
  • the dependency analyzer 132 determines the violation of the dependency by instantiating the antecedent of the dependency rule of which the action matched with the action of the basic block being analyzed with a corresponding variable of the action of the basic block.
  • the instantiation of the antecedent creates a ground instance of the antecedent.
  • the dependency analyzer 132 validates the ground instance of the instantiated antecedent against information stored in a fact base list.
  • the ground instance comprises positive and negative formulas as defined by mathematical logic, for example, a first order logic.
  • the fact base list is stored in a context of the dependency analyzer 132 and comprises the corresponding consequent of the action instantiated with the variable of the action of the basic block being analyzed, if the validation fails.
  • the validation of the ground instance of the instantiated antecedent against information stored in a fact base list is performed by applying standard rules of logic to determine the truth values of conjunctive and disjunctive formulas of the ground instance of the instantiated antecedent.
  • a positive ground atomic formula of the ground instance is evaluated as true if the positive ground atomic formula is present in the fact base list, else it is evaluated as false.
  • a negative ground atomic formula is evaluated to be true if a positive literal of the ground atomic formula is absent in the fact base list, else, it is evaluated as false.
  • the action of the basic block being analyzed is identified to violate the dependency rule whose action the action of the basic block matched.
  • the consequent is instantiated with the variable present in the action to create a ground instance of the consequent.
  • the fact base list in the context of the dependency analyzer 132 is updated with the ground instance of the consequent.
  • the ground instance of the consequent is typically, a ground atomic formula.
  • the dependency analyzer 132 may invoke the indicator 134.
  • the indicator may provide an indication of an error on the violation of the dependency by the action, i.e., the statement.
  • the indicator may provide the indication as a visual representation, for example, display the error on the display device 113 of FIG 1.
  • the indication of the error may also be provided as an audio representation, for example, using the speaker 111.
  • audio representation may not be preferred as it may be as the user is required to make notes of the errors as the same is not visually displayed for the user.
  • the errors may be provided to a printer connected to the computer system 100 of FIG 1 and the printer may provide a print the errors. The user is notified of the errors through the print of the errors.
  • FIG 6 with references to 1 through 5b is a flow diagram illustrating a method of analyzing a computer program according to an embodiment herein.
  • a dependency rule is received as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly.
  • the program is analyzed using a dataflow analyzer 128 to determine if there is a violation of the dependency rule.
  • an indication of an error based on the violation of the dependency rule is provided.
  • the dependency rule comprises an antecedent, an action, and a consequent, wherein the antecedent is a precondition that should be satisfied for the safe execution of the action the antecedent is associated with, the action is the statement in the source code whose safe execution depends on the antecedent, and the consequent is a result of the successful execution of the action.
  • the antecedent and the consequent are defined using a variant of first order predicate calculus.
  • the analyzing of the program using the dataflow analyzer comprises generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code, - performing a data flow analysis upon the node intermediate representation, determining if the action of the node matches with the action of the of the dependency rule, and - determining if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule.
  • the determination if the action of the basic block violates the dependency rule comprises instantiating the antecedent of the dependency rule based on a variable of the action of the node, wherein the instantiation of the antecedent results into a ground instance of the antecedent, validating the instantiated antecedent against information stored in a fact base list, wherein the information stored in the fact base list comprises the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail, and the instantiation of the consequent results into a ground instance of the consequent, and identifying the action of the node to violate the dependency rule if the validation of the instantiated antecedent fails.
  • the method further comprises updating the fact base list with the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail.
  • the present example discusses as to how the above mentioned embodiments can be utilized in determining if a statement of a computer program violates one or more dependency rules.
  • a variable of the type BSTR is to be allocated memory through the function SysAllocString () , and must be de-allocated at the end of its scope using the function SysFreeString () .
  • BSTR y is the action and the typep (BSTR, y) is the consequent.
  • This dependency rule does not contain any antecedent as no antecedent is specified for the same.
  • This dependency rule specifies that the type information related to a variable which may be later used for validating the antecedents .
  • the dependency rules discussed above are specified by the user and provided to the receiving module 122 as an input by the user.
  • the dependency rules provided to the receiving module 122 of Fig 2 are used for determining if a statement of a program violates a dependency.
  • the dataflow analyzer 128 when traversing the computer program invokes the comparator 130 of FIG 2 to determine if the current action being traversed matches to an action of the dependency rule stored in the receiving module 122 of FIG 2.
  • an intermediate representation of a source code of the computer program is provided to the dataflow analyzer 128.
  • the dependency analyzer 132 is invoked by the comparator 120.
  • the dependency analyzer 132 then performs the following:
  • a positive ground atomic formula for example, typep (BSTR, mybstr) of the ground instance is evaluated as true if the positive ground atomic formula is present in the fact base list, else it is evaluated as false.
  • a negative ground atomic formula for example, not allocp (mybstr) is evaluated to be true if a positive literal of the ground atomic formula is absent in the fact base list, else, it is evaluated as false.
  • the consequent is instantiated with the variable present in the action to create a ground instance of the consequent on the action of the statement violating the dependency rule.
  • TD 0U T ⁇ typep (BSTR , mybs tr) ⁇
  • TDi N ⁇ typep (BSTR, mybstr) ⁇
  • TD 0U T ⁇ typep (BSTR,mybstr) , allocp (mybstr) , and genp (SysAllocStrlng,mybstr)
  • the statement 10 matches with the action ENDSCOPE.
  • the action ENDSCOPE is a special action that is used to denote that a variable has reached the end of its scope.
  • TDi N ⁇ typep (BSTR,mybstr) , allocp (mybstr) , and genp (SysAllocString,mybstr) ⁇
  • statement 8 of the program is SysFreeString (mybstr) .
  • the analyses for the same are as follows:
  • TD IN ⁇ typep (BSTR,mybstr), allocp (mybstr) , and genp (SysAllocString,mybstr)
  • Validation of antecedent succeeds as both allocp (mybstr) and genp (SysAllocString, mybstr) are present in the incoming TD ⁇ N ,, ii..ee..,, tthhee iinnccoommiinngg ffaacctt bbaassee lliisstt.
  • TD 0U T ⁇ typep (BSTR,mybstr) ⁇
  • TDi N ⁇ typep (BSTR, mybs tr) ⁇
  • Extending the analyses to function-calls may require that the dataflow analysis is capable of handling inter-procedural analysis .
  • the embodiments described herein enable a user to specify the dependencies between statements of a computer program in a general, intuitive, and powerful manner. Additionally, the use of dataflow analyzer to analyze if there is a violation of the dependency rule enables the method to be used with existing program analyses frameworks.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention relates to a method, a computer readable-media, and an apparatus for analyzing a computer program, wherein the method comprises receiving a dependency rule as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly, analyzing the program using a dataflow analyzer (128) to determine if there is a violation of the dependency rule and providing an indication of an error based on the violation of the dependency rule.

Description

Description
Method of analyzing a computer program
The present invention relates to a method, a computer- readable media and a system for analyzing a computer program.
A compiler produces an object program from the source code of a computer program. To detect programming errors static code analyzers have been used. However, the static code analyzers are limited to detecting errors related to programming language semantics and pragmatics. The static code analyzers are incapable of detecting errors due to the violation of dependencies between statements of a computer program, as this requires knowledge of the computer program' s internal organization, logic and flow. Violation of dependencies results into run time errors when a pre-condition or a postcondition of a statement of a program is not satisfied. Dependencies between statements can be temporal as well as protocol related. The temporal dependency errors are induced as a result of ignorance of certain necessary actions, such as performing an unguarded update of shared data, attempting an update on a resource without first acquiring it, non release of resources, and the like. The protocol related dependency errors are induced as a result of use of incompatible actions, such as, use of new with free is C++, and the like.
Techniques have been proposed for detecting the violation of dependencies. To detect the violation of dependencies it is required that a user's, such as a computer programmer's knowledge be integrated with the static code analyzers. The conventional techniques proposed have the limitation of being too specific to a particular computer program or use state machine based representation to integrate a user' s knowledge with the static code analyzers. It is an object of the invention to detect violation of dependencies between statements of a computer program in a general manner by integrating a user' s knowledge with a dataflow analyses.
The above object is achieved by a method and a computer- readable media for analyzing a computer program, wherein the method comprises receiving a dependency rule as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly, analyzing the program using a dataflow analyzer to determine if there is a violation of the dependency rule and providing an indication of an error based on the violation of the dependency rule.
The reception of a dependency rule as an input enables a user to specify the dependencies between statements of a computer program. The use of dataflow analyzer to analyze if there is a violation of the dependency rule enables the method to be used with existing program analyses frameworks.
According to another embodiment, the dependency rule comprises an antecedent, an action, and a consequent, wherein the antecedent is a pre-condition that should be satisfied for the safe execution of the action the antecedent is associated with, the action is the statement in the source code whose safe execution depends on the antecedent, and the consequent is a result of the successful execution of the action. The antecedent and the consequent specify a precondition and a post-condition respectively that specify a user' s knowledge that should be satisfied for the safe execution of an action.
According to yet another embodiment, the antecedent and the consequent are defined using a variant of first order predicate calculus. This enables a user to specify the antecedent and consequent in a general, intuitive, and powerful manner.
According to yet another embodiment, the analyzing of the program using the dataflow analyzer comprises generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code, performing a data flow analysis upon the node intermediate representation, determining if the action of the node matches with the action of the of the dependency rule and determining if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule. .
Determining if the action of the node violates the dependency rule only if the action of the node matches with the action of the dependency rule, enables in determining violation of dependencies of only that action of the node matching the action of the dependency rule.
According to yet another embodiment, wherein the determination if the action of the node violates the dependency rule comprises instantiating the antecedent of the dependency rule based on a variable of the action of the node wherein the instantiation of the antecedent results into a ground instance of the antecedent, validating the instantiated antecedent against information stored in a fact base list, wherein the information stored in the fact base list comprises the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail, and the instantiation of the consequent results into a ground instance of the consequent, and identifying the action of the node to violate the dependency rule if the validation of the instantiated antecedent fails. The validation of the instantiated antecedent against information stored in a fact base list enables determining if a pre-condition for at a given point in the program is satisfied or not.
According to yet another embodiment, the method further comprises updating the fact base list with the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail. The fact base list enables storing available facts at run-time of the program analysis .
Another embodiment includes, a system for analyzing a computer program, comprising a receiving module for receiving a dependency rule as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly, an analyzing sub-system comprising a dataflow analyzer to determine if there is a violation of the dependency rule, and an indicator for providing an indication of an error based on the violation of the dependency rule.
According to another embodiment, the analyzing sub-system comprises an intermediate representation generator for generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code. The intermediate representation provides advantages in analyzing and optimization the source code of the computer program.
According to yet another embodiment, the analyzing sub-system comprises a comparator to determine if the action of the node matches with the action of the of the dependency rule, and a dependency analyzer to determine if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule. The comparator enables in determining if the action of the node matches with the action of the dependency rule. The dependency analyzer determines if the action of the node violates the dependency rule. The comparator and the dependency analyzer advantageously can be used with a dataflow analyzer.
The present invention is further described hereinafter with reference to illustrated embodiments shown in the accompanying drawings, in which:
FIG 1 depicts a representative hardware environment for practicing the embodiments herein,
FIG 2 illustrates a schematic block diagram of a system for detecting dependency errors in a computer program,
FIG 3 illustrates an example of a computer program,
FIG 4 illustrates an example of a computer program to describe the association of an antecedent and a consequent with an action,
FIG 5a illustrates an example of a source code of a computer program,
FIG 5b illustrates a CFG representation of the source code of FIG 5a, and
FIG 6 with references to 1 through 5b is a flow diagram illustrating a method of analyzing a computer program according to an embodiment herein.
Various embodiments are described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purpose of explanation, numerous specific details are set forth in order to provide a thorough understanding of one or more embodiments. It may be evident that such embodiments may be practiced without these specific details.
FIG 1 depicts a representative hardware environment for practicing the embodiments herein. This schematic drawing illustrates a hardware configuration of an information handling/computer system 100 in accordance with the embodiments herein. The system comprises at least one processor or central processing unit (CPU) 101. The CPU 101 is interconnected via bus 102 to various devices such as a memory 103, input/output (I/O) controller 104, and user interface controller 105. Depending on the type and configuration of the system 100, the memory 103 may be volatile (such as random access memory (RAM) etc., non- volatile (read only memory (ROM), flash memory devices etc.,) or a combination of the two. The memory 103 is used to store instructions and data for use by the CPU 101. The I/O controller 104 can connect to peripheral devices, such as CD drives 107 and hard drives 108, or other program storage devices that are readable by the system. Typically, an operating system for the computer system 100 as well as an application program is stored onto the hard drive 108. The operating system runs on the CPU 101 and is used to coordinate and provide control of various components within system 100. The system 100 can read the inventive instructions on the hard drive 108 and load them onto the memory 103 for execution by the CPU 101. The user interface controller 105 can connect to a keyboard 109, mouse 110, speaker 111, microphone 112, display device 113 and/or other user interface devices such as a touch screen device (not shown) to the bus 102 to gather user input and also to provide system output to the user.
FIG 2 illustrates a schematic block diagram of a system for detecting dependency errors in a computer program. The system 120 comprises a receiving module 122 and an analyzing subsystem 124. The receiving module 122 comprises one or more dependency rules which provide dependencies between statements of the program. The analyzing sub-system 124 comprises an intermediate representation generator 126, a dataflow analyzer 128, a comparator 130, a dependency analyzer 132, and an indicator 134.
The receiving module 122 receives the dependency rules as input. For example, the dependency rules may be provided to the receiving module 122 as an input by a user. The reception of the dependency rule as an input from the user facilitates the integration of the user's knowledge with the dataflow analyzer 128. This increases the effectiveness of the dataflow analyzer 128. Typically, the user is a computer programmer. However, the user can be an individual other than a computer programmer. Referring now to FIG 3, an example of a program snippet is illustrated. A function strcpy () is called at statement 4 of the program. The function strcpy () expects a user to allocate a memory segment of suitable size and pass a pointer to the memory segment as the first argument. It can be seen that the call to mallocO at statement 2 precedes the call to strcpy () at statement 4, and the memory pointer returned by the former call is passed as the first argument in the latter call. Assuming that that the pointer is not freed between the two calls, to be aware of an error, the dataflow analyzer 128 of FIG 2 may be required to:
i. note that a memory segment has been allocated for dtsp, the first argument, when the call to mallocO is encountered, and
ii. verify on encountering strcpy () that its first argument points to a valid memory.
The dataflow analyzer 128 is aided by the user for updating its state and verifying pre-conditions according to the embodiments described below.
Referring again to FIG 2, the dependency rule typically, comprises conditions required to be satisfied for the computer program to be executed correctly. For example, the dependency rule may be a tuple of the form (a,φ,χ) where:
a is an antecedent, wherein the antecedent is a condition for the safe execution of the action the antecedent is associated with,
φ is an action, wherein the action is a statement in the program, whose safe execution depends on the antecedent, x is a consequent that follows as a result of successful execution of φ.
The antecedent and the consequent are logical conditions associated with the action. The action is the e statement whose safe execution is of concern. Typically, the antecedent is the pre-condition that should be necessarily satisfied for the safe execution of the action, and the consequent is the post-condition that may be assumed to hold after the execution of an action. The antecedent and the consequent may be provided to the dataflow analyzer 128 during program analyses. However, it is to be noted that the antecedent is a necessary, but not a sufficient condition for the safe execution of the computer program. Thus, for every action, a suitable antecedent and consequent may be associated. However, every action needs to have an antecedent as well as a consequent associated with it, and one of these could be missing. When both are missing, an action neither has a directly discernible effect on some succeeding statement nor does it mandate its execution.
Referring now to FIG 4, an example of a computer program is illustrated to describe the association of an antecedent and a consequent with an action. In the shown example of FIG 4, statement 1 comprising new is an action as the safe execution of statement 1 is of concern. Similarly, statements 2 and 3 comprising delete are actions. The antecedent and consequent associated with the actions new and delete are shown in the table provided below:
Figure imgf000011_0001
For the safe execution of new, the antecedent requires that the variable x be assigned the newly created object if the variable is not currently pointing to any allocated memory. The consequent of new states that the variable x of this action, will now point to a valid memory location created as the result of the action new.
Similarly, for the safe execution of delete, the antecedent requires that the memory to be deleted is indeed currently allocated and that it was created earlier through a new. Following the successful completion of delete, the consequent may be assumed to be true. It states that this memory is no longer allocated.
A program statement may be associated with either an antecedent or a consequent or both. Antecedents and consequents themselves are expressed in a variant of first- order predicate logic.
Referring now to FIG 2, the intermediate representation generator 126 generates an intermediate representation FG of the computer program from a source code of the computer program. The intermediate representation of the source code comprises one or more nodes comprising at least one statement of the source code. For example, the intermediate representation may be, but not limited to, a control flow graph or an abstract syntax tree, and the like. For example, if the intermediate representation generator 126 is a control flow graph generator, then a control flow graph is generated. Each node in a control graph is a basic block comprising at least one statement of the source code. FIG 5a illustrates a source code of a computer program. The source code of FIG 5a is provided to the intermediate representation generator 126 of FIG 2, which according to an embodiment is a control flow graph generator. FIG 5b illustrates a control flow graph representation of the source code of FIG 5a. Each of the nodes 140 of the control flow graph is a basic block 142a through 142c. A basic block is generally defined with one or more intermediate program statements with no embedded control flow, e.g., no intervening entry or exit point. Typically, a basic block in a control flow graph represents a set of statements with no branching statements. In the shown example of FIG 5b, the basic blocks 142a through 142c comprises statements with no interleaving entry or exit points.
Referring now to FIG 2, FIG 5a and FIG 5b the control flow graph generated by the intermediate representation generator 126 is provided to the dataflow analyzer 128. The dataflow analyzer 128 capable of data flow analyses may be augmented to perform dependency analyses in order to detect dependency errors. This requires the integration of the antecedents and consequents with the data flow analyses and may be realized in the following ways:
i. as a forwards-necessarily analysis for detecting errors resulting from the failure to satisfy necessary pre-conditions, and
ii. as a forwards-possibly analysis for detecting errors resulting from the absence one or more mandatory successor operations.
The integration of the dataflow analyses with the antecedent and the consequent provides the advantage of the dataflow analyzer 128 being able to invoke the antecedent and the consequent during program analyses and not during a program execution. The dataflow analyzer 128 performs dataflow analyses of each of the basic blocks 142a through 142c the control flow graph to infer properties of variables at each of the basic blocks 142 a through 142c. While performing the dataflow analyses, the dataflow analyzer 128 invokes the comparator 130. Typically, the comparator 130 is invoked whenever a new statement of the basic blocks 142a through 142c is encountered during dataflow analyses. The comparator 130 determines if the actions of the basic blocks 142a through 142c matches with the action of the dependency rule. If the action of any one of the basic blocks 142a through 142c matches with the action of the dependency rule, the comparator 130 invokes the dependency analyzer 132.
The dependency analyzer 132 analyses the control flow graph of the computer program along the flow of control by aggregating dependency information provided to the receiving module 122 through antecedents and consequents. Typically, the dependency analyzer 132 reads the dependency rule from the receiving module 122 and determines if the action of the current basic block violates a dependency rule read from the receiving module 122.
The dependency analyzer 132 determines the violation of the dependency by instantiating the antecedent of the dependency rule of which the action matched with the action of the basic block being analyzed with a corresponding variable of the action of the basic block. The instantiation of the antecedent creates a ground instance of the antecedent.
Thereafter, the dependency analyzer 132 validates the ground instance of the instantiated antecedent against information stored in a fact base list. The ground instance comprises positive and negative formulas as defined by mathematical logic, for example, a first order logic. Typically, the fact base list is stored in a context of the dependency analyzer 132 and comprises the corresponding consequent of the action instantiated with the variable of the action of the basic block being analyzed, if the validation fails.
The validation of the ground instance of the instantiated antecedent against information stored in a fact base list is performed by applying standard rules of logic to determine the truth values of conjunctive and disjunctive formulas of the ground instance of the instantiated antecedent. A positive ground atomic formula of the ground instance is evaluated as true if the positive ground atomic formula is present in the fact base list, else it is evaluated as false. A negative ground atomic formula is evaluated to be true if a positive literal of the ground atomic formula is absent in the fact base list, else, it is evaluated as false.
If the validation fails, i.e., it is evaluated as false, then the action of the basic block being analyzed is identified to violate the dependency rule whose action the action of the basic block matched. On the action of the basic block violating the dependency rule, the consequent is instantiated with the variable present in the action to create a ground instance of the consequent. Thereafter, the fact base list in the context of the dependency analyzer 132 is updated with the ground instance of the consequent. The ground instance of the consequent is typically, a ground atomic formula.
On identifying the violation of the dependency rule, the dependency analyzer 132 may invoke the indicator 134. The indicator may provide an indication of an error on the violation of the dependency by the action, i.e., the statement. Typically, the indicator may provide the indication as a visual representation, for example, display the error on the display device 113 of FIG 1. However, the indication of the error may also be provided as an audio representation, for example, using the speaker 111. However, audio representation may not be preferred as it may be as the user is required to make notes of the errors as the same is not visually displayed for the user. In an implementation, the errors may be provided to a printer connected to the computer system 100 of FIG 1 and the printer may provide a print the errors. The user is notified of the errors through the print of the errors. FIG 6 with references to 1 through 5b is a flow diagram illustrating a method of analyzing a computer program according to an embodiment herein. At block 152, a dependency rule is received as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly. Next, at block 154, the program is analyzed using a dataflow analyzer 128 to determine if there is a violation of the dependency rule. Moving now to block 156, an indication of an error based on the violation of the dependency rule is provided.
Preferably, the dependency rule comprises an antecedent, an action, and a consequent, wherein the antecedent is a precondition that should be satisfied for the safe execution of the action the antecedent is associated with, the action is the statement in the source code whose safe execution depends on the antecedent, and the consequent is a result of the successful execution of the action. Moreover, the antecedent and the consequent are defined using a variant of first order predicate calculus. Additionally, the analyzing of the program using the dataflow analyzer comprises generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code, - performing a data flow analysis upon the node intermediate representation, determining if the action of the node matches with the action of the of the dependency rule, and - determining if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule.
Moreover, the determination if the action of the basic block violates the dependency rule comprises instantiating the antecedent of the dependency rule based on a variable of the action of the node, wherein the instantiation of the antecedent results into a ground instance of the antecedent, validating the instantiated antecedent against information stored in a fact base list, wherein the information stored in the fact base list comprises the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail, and the instantiation of the consequent results into a ground instance of the consequent, and identifying the action of the node to violate the dependency rule if the validation of the instantiated antecedent fails.
Additionally, the method further comprises updating the fact base list with the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail.
Example :
The present example discusses as to how the above mentioned embodiments can be utilized in determining if a statement of a computer program violates one or more dependency rules. In the present example, it is considered that a variable of the type BSTR is to be allocated memory through the function SysAllocString () , and must be de-allocated at the end of its scope using the function SysFreeString () .
The table below provides the specifications which capture users, for example the programmer's, intention on how the functions SysAllocString () and SysFreeString () must be used:
Figure imgf000016_0001
Figure imgf000017_0001
Referring to the dependency rule specified in the first row of the table above, i.e., < , BSTR y, typep (BSTR, y) >:
where, BSTR y is the action and the typep (BSTR, y) is the consequent. This dependency rule does not contain any antecedent as no antecedent is specified for the same. This dependency rule specifies that the type information related to a variable which may be later used for validating the antecedents .
Referring to the dependency rule in the second row of the table above, i.e., <typep (BSTR, y) and not allocp (y) , y = SysAllocStrlng (...), allocp (y) and genp (SysAllocStrlng, y)>:
where, typep (BSTR, y) and not allocp (y) is the antecedent, y = SysAllocStrlng (...) is the action, and allocp (y) and genp (SysAllocStrlng, y) is the consequent. This dependency rule guards the action y = SysAllocStrlng (...) from overwriting y, of type BSTR, when already allocated. Its consequent sets the predicates to mark the variable as y as allocated, allocp (y) , through a call to SysAllocStrlng () , genp (SysAllocStrlng) .
Referring now to the dependency rule specified in the third row of the table above, i.e., < allocp (y) and genp (SysAllocString, y) , SysFreeString (y) , not allocp (y) and not genp (SysAllocString y)>:
where, allocp (y) and genp (SysAllocString, y) is the antecedent, SysFreeString (y) is the action, and not allocp (y) and not genp (SysAllocString, y) is the consequent. This rule guards against the de-allocation of unallocated variables of type BSTR or variables of any other type, by the function SysFreeString (). Its consequent sets the predicates that the variable just de-allocated by the call is no longer allocated to valid memory and, consequently has no generator.
Referring now to the dependency rule specified in the fourth row of the above table, i.e., < not typep(y) or not allocp (y), ENDSCOPE (y) , _ >:
where, not typep (y) or not allocp (y) is the antecedent, ENDSCOPE (y) is the action. This dependency rule does not contain any consequent as no consequent is specified for the same. This dependency rule ensures that the memory pointed to by a variable of type BSTR is de-allocated by a call to the function SysFreeString () when the variable goes out of scope.
The dependency rules discussed above are specified by the user and provided to the receiving module 122 as an input by the user.
The dependency rules provided to the receiving module 122 of Fig 2 are used for determining if a statement of a program violates a dependency. Referring now to an example of the computer program of FIG 5a, the dataflow analyzer 128 when traversing the computer program invokes the comparator 130 of FIG 2 to determine if the current action being traversed matches to an action of the dependency rule stored in the receiving module 122 of FIG 2. As explained previously, typically, an intermediate representation of a source code of the computer program is provided to the dataflow analyzer 128. However, for explanation purposes in this example the computer program is referred. If the current action matches with the action of the dependency rule, then the dependency analyzer 132 is invoked by the comparator 120. The dependency analyzer 132 then performs the following:
1. Instantiating the antecedent of the dependency rule of which the action matched with the action being analyzed with a corresponding variable of the action. With respect to the present example, the variable mybstr is instantiated with the antecedent of the dependency rule to obtain a ground instance of the instantiated antecedent:
typep (BSTR,mybstr) and not allocp (mybstr)
2. Validation of the ground instance of the instantiated antecedent against information stored in a fact base list. The validation is performed by applying standard rules of logic to determine the truth values of conjunctive and disjunctive formulas of the ground instance of the instantiated antecedent. A positive ground atomic formula, for example, typep (BSTR, mybstr) of the ground instance is evaluated as true if the positive ground atomic formula is present in the fact base list, else it is evaluated as false. A negative ground atomic formula, for example, not allocp (mybstr) is evaluated to be true if a positive literal of the ground atomic formula is absent in the fact base list, else, it is evaluated as false.
3. The consequent is instantiated with the variable present in the action to create a ground instance of the consequent on the action of the statement violating the dependency rule.
4. Updating the fact base list in the context of the dependency analyzer 132 with the ground instance of the consequent.
The description below provides processing of each step of the program according to the embodiments described herein. Initially, at the start of analysis of the program, TDΣN = { } and TD0UT = { } . The two sets TDΣN and TD0Uτ represent the fact base list before and after the analysis of a statement, respectively. The analysis of the program of FIG 5a is now described in detail.
For the statements 1 to 5 :
TD1N = { }
For statement 6:
TD1N = {}
Instantiated Consequent: typep (BSTR, mybstr)
TD0UT = { typep (BSTR , mybs tr) }
For statement 7 :
TDiN = {typep (BSTR, mybstr)}
Instantiated antecedent: typep (BSTR, mybstr) and not allocp (mybstr)
Validdation of the antecedent: Since allocp (mybstr) is not present in TD1N (i.e., the incoming fact base), not allocp (mybstr) is true. Consequently, the validation succeeds .
Instantiated consequent: allocp (mybstr) and genp (SysAllocStrlng,mybstr)
TD0UT = { typep (BSTR,mybstr) , allocp (mybstr) , and genp (SysAllocStrlng,mybstr) For the statements 8 to 9:
Since the dependency rules specified by the user has no action matching free fj and return, the comparator 130 returns control to the dataflow analyzer 128. Consequently, TDΣN and TD0UT do not change for statements 8 to 9.
For statement 10:
The statement 10 matches with the action ENDSCOPE. The action ENDSCOPE is a special action that is used to denote that a variable has reached the end of its scope.
TDiN = { typep (BSTR,mybstr) , allocp (mybstr) , and genp (SysAllocString,mybstr) }
Instantiated antecedent: not typep (BSTR,mybstr) or not allocp (mybstr)
Validation of antecedent: Both not typep (BSTR,mybstr) and not allocp (mybstr) evaluate to false, as the positive literals the instantiated antecedent contain are present in the fact base list. The validation hence fails, indicating an error.
For further detailed explanation of the program of FIG 5a, for an example it is considered that statement 8 of the program is SysFreeString (mybstr) . The analyses for the same are as follows:
TDIN = {typep (BSTR,mybstr), allocp (mybstr) , and genp (SysAllocString,mybstr)
Instantiated antecedent: allocp (mybstr) and genp (SysAllocString, mybstr)
Validation of antecedent: Validation of the instantiated antecedent succeeds as both allocp (mybstr) and genp (SysAllocString, mybstr) are present in the incoming TDΣN ,, ii..ee..,, tthhee iinnccoommiinngg ffaacctt bbaassee lliisstt.
TD0UT = {typep (BSTR,mybstr)}
Thereafter, subsequently, when statement 10 is processed:
TDiN = { typep (BSTR, mybs tr) }
Validation of the instantiated antecedent: not typep (BSTR,mybstr) or not allocp (mybstr) succeeds. Hence, no error is indicated.
The present example does not discuss multiple paths arising from conditionals, loops and function calls as the same have not been included for providing easy understanding. However, the same may be addressed by defining the analyses as:
forwards necessarily analysis to validate if pre-conditions are satisfied along all paths leading to the statement.
forwards possibly analysis to validate if a post-conditions are not satisfied along at least one path following the statement .
Extending the analyses to function-calls may require that the dataflow analysis is capable of handling inter-procedural analysis .
The embodiments described herein enable a user to specify the dependencies between statements of a computer program in a general, intuitive, and powerful manner. Additionally, the use of dataflow analyzer to analyze if there is a violation of the dependency rule enables the method to be used with existing program analyses frameworks.
While this invention has been described in detail with reference to certain preferred embodiments, it should be appreciated that the present invention is not limited to those precise embodiments. Rather, in view of the present disclosure which describes the current best mode for practicing the invention, many modifications and variations would present themselves, to those of skill in the art without departing from the scope and spirit of this invention. The scope of the invention is, therefore, indicated by the following claims rather than by the foregoing description. All changes, modifications, and variations coming within the meaning and range of equivalency of the claims are to be considered within their scope.

Claims

Patent Claims:
1. A method of analyzing a computer program, comprising:
- receiving a dependency rule as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly,
- analyzing the program using a dataflow analyzer (128) to determine if there is a violation of the dependency rule, and
- providing an indication of an error based on the violation of the dependency rule.
2. The method according to claim 1, wherein the dependency rule comprises an antecedent, an action, and a consequent, wherein the antecedent is a pre-condition that should be satisfied for the safe execution of the action the antecedent is associated with, the action is the statement in the source code whose safe execution depends on the antecedent, and the consequent is a result of the successful execution of the action .
3. The method according to claim 2, wherein the antecedent and the consequent are defined using a variant of first order predicate calculus.
4. The method according to claim 3, wherein the analyzing of the program using the dataflow analyzer comprises:
- generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code,
- performing a data flow analysis upon the node intermediate representation, - determining if the action of the node matches with the action of the of the dependency rule, and - determining if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule.
5. The method according to claim 4, wherein the determination if the action of the node violates the dependency rule comprises :
- instantiating the antecedent of the dependency rule based on a variable of the action of the node, wherein the instantiation of the antecedent results into a ground instance of the antecedent,
- validating the instantiated antecedent against information stored in a fact base list, wherein the information stored in the fact base list comprises the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail, and the instantiation of the consequent results into a ground instance of the consequent, and
- identifying the action of the node to violate the dependency rule if the validation of the instantiated antecedent fails.
6. The method according to claim 5, further comprising updating the fact base list with the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail.
7. A computer-readable media containing a computer that is executable by a processor to perform the method recited in claims 1 to 5.
8. A system for analyzing a computer program, comprising:
-a receiving module (122) for receiving a dependency rule as an input, wherein the dependency rule provides dependencies between statements of a source code of the program and comprises conditions to be satisfied for a respective statement of the source code to be executed correctly , -an analyzing sub-system (124) comprising a dataflow analyzer to determine if there is a violation of the dependency rule, and
- an indicator (134) for providing an indication of an error based on the violation of the dependency rule.
9. The system according to claim 8, wherein the dependency rule comprises an antecedent, an action, and a consequent, wherein the antecedent is a pre-condition that should be satisfied for the safe execution of the action the antecedent is associated with, the action is the statement in the source code whose safe execution depends on the antecedent, and the consequent is a result of the successful execution of the action .
10. The system according to the claims 8 or 9, wherein the antecedent and the consequent are defined using a variant of first order predicate calculus.
11. The system according to claim 10, wherein the analyzing sub-system (124) comprises an intermediate representation generator (126) for generating an intermediate representation from the source code of the computer program, wherein the intermediate representation comprises a node comprising a statement of the source code.
12. The system according to any of the claims 8 to 11, wherein the analyzing sub-system (124) comprises:
- a comparator (130) to determine if the action of the node matches with the action of the of the dependency rule, and
- a dependency analyzer (132) to determine if the action of the node violates the dependency rule if the action of the node matches with the action of the dependency rule.
13. The system according to claim 12, wherein the dependency analyzer (132) is configured to:
-instantiate the antecedent of the dependency rule based on a variable of the action of the node, wherein the instantiation of the antecedent results into a ground instance of the antecedent,
- validate the instantiated antecedent against information stored in a fact base list, wherein the information stored in the fact base list comprises the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail, and the instantiation of the consequent results into a ground instance of the consequent, and - identify the action of the node to violate the dependency rule if the validation of the instantiated antecedent fails.
14. The system method according to claim 13, wherein the dependency analyzer is further configured to updating the fact base list with the consequent instantiated based on the variable if the validation of the instantiated antecedent does not fail.
PCT/EP2009/061752 2008-09-22 2009-09-10 Method of analyzing a computer program WO2010031731A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP09782871A EP2329375A1 (en) 2008-09-22 2009-09-10 Method of analyzing a computer program

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN1621/KOL/2008 2008-09-22
IN1621KO2008 2008-09-22

Publications (1)

Publication Number Publication Date
WO2010031731A1 true WO2010031731A1 (en) 2010-03-25

Family

ID=41259223

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2009/061752 WO2010031731A1 (en) 2008-09-22 2009-09-10 Method of analyzing a computer program

Country Status (2)

Country Link
EP (1) EP2329375A1 (en)
WO (1) WO2010031731A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10437815B2 (en) * 2016-09-02 2019-10-08 Accenture Global Solutions Limited Identification of code object dependencies
WO2023191882A1 (en) * 2022-03-30 2023-10-05 Microsoft Technology Licensing, Llc. Scalable behavioral interface specification checking

Non-Patent Citations (9)

* Cited by examiner, † Cited by third party
Title
ANDREW IRELAND ET AL: "An Integrated Approach to High Integrity Software Verification", JOURNAL OF AUTOMATED REASONING, KLUWER ACADEMIC PUBLISHERS, DO, vol. 36, no. 4, 29 September 2006 (2006-09-29), pages 379 - 410, XP019465865, ISSN: 1573-0670 *
BICARREGUI J C ET AL: "The verified software repository: a step towards the verifying compiler", FORMAL ASPECTS OF COMPUTING ; APPLICABLE FORMAL METHODS, SPRINGER-VERLAG, LO, vol. 18, no. 2, 8 February 2006 (2006-02-08), pages 143 - 151, XP019418741, ISSN: 1433-299X *
CHESS B V ET AL: "Improving Computer Security Using Extended Static Checking", PROCEEDINGS 2002 IEEE SYMPOSIUM ON SECURITY AND PRIVACY - 12-15 MAY 2002 - BERKELEY, CA, USA; [PROCEEDINGS OF THE IEEE SYMPOSIUM ON SECURITY AND PRIVACY], IEEE COMPUT. SOC - LOS ALAMITOS, CA, USA, 1 January 2002 (2002-01-01), pages 160 - 173, XP002991596, ISBN: 978-0-7695-1543-4 *
DATABASE INSPEC [online] THE INSTITUTION OF ELECTRICAL ENGINEERS, STEVENAGE, GB; May 2005 (2005-05-01), DETLEFS D ET AL: "Simplify: a theorem prover for program checking", Database accession no. 8591306 *
DEHARBE D ET AL: "Light-weight theorem proving for debugging and verifying units of code", SOFTWARE ENGINEERING AND FORMAL METHODS, 2003.PROCEEDINGS. FIRST INTER NATIONAL CONFERENCE ON SEPT. 22-27, 2003, PISCATAWAY, NJ, USA,IEEE, 22 September 2003 (2003-09-22), pages 220 - 228, XP010660586, ISBN: 978-0-7695-1949-4 *
DETLEFS D ET AL: "Simplify: a theorem prover for program checking", JOURNAL OF THE ACM ACM USA, vol. 52, no. 3, May 2005 (2005-05-01), USA, pages 365 - 473, XP002554946, ISSN: 0004-5411 *
JESPER BENGTSON ET AL: "Refinement Types for Secure Implementations", COMPUTER SECURITY FOUNDATIONS SYMPOSIUM, 2008. CSF '08. IEEE 21ST, IEEE, PISCATAWAY, NJ, USA, 23 June 2008 (2008-06-23), pages 17 - 32, XP031281637, ISBN: 978-0-7695-3182-3 *
JOHNSON R ET AL: "DEPENDENCE-BASED PROGRAM ANALYSIS", ACM SIGPLAN NOTICES, ACM, ASSOCIATION FOR COMPUTING MACHINERY, NEW YORK, NY, US, vol. 28, no. 6, 1 June 1993 (1993-06-01), pages 78 - 89, XP000380801 *
NIC VOLANSCHI: "A portable compiler-integrated approach to permanent checking", AUTOMATED SOFTWARE ENGINEERING, KLUWER ACADEMIC PUBLISHERS, BO, vol. 15, no. 1, 27 November 2007 (2007-11-27), pages 3 - 33, XP019569721, ISSN: 1573-7535 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10437815B2 (en) * 2016-09-02 2019-10-08 Accenture Global Solutions Limited Identification of code object dependencies
WO2023191882A1 (en) * 2022-03-30 2023-10-05 Microsoft Technology Licensing, Llc. Scalable behavioral interface specification checking

Also Published As

Publication number Publication date
EP2329375A1 (en) 2011-06-08

Similar Documents

Publication Publication Date Title
Carbonneaux et al. Compositional certified resource bounds
US8516443B2 (en) Context-sensitive analysis framework using value flows
Snelting et al. Efficient path conditions in dependence graphs for software safety analysis
Rodrigues et al. A fast and low-overhead technique to secure programs against integer overflows
Bonakdarpour et al. Monitoring hyperproperties by combining static analysis and runtime verification
JP2022505340A (en) Systems and methods for dynamically identifying data arguments and instrumenting source code
Lawall et al. WYSIWIB: A declarative approach to finding API protocols and bugs in Linux code
KR20090017598A (en) Iterative static and dynamic software analysis
Bulej et al. Unit testing performance with stochastic performance logic
Giachino et al. Deadlock analysis of unbounded process networks
Arroyo et al. An user configurable clang static analyzer taint checker
EP3752945B1 (en) Automatic generation of patches for security violations
Perez et al. Generating predicate callback summaries for the android framework
Graf Information Flow Control with System Dependence Graphs-Improving Modularity, Scalability and Precision for Object Oriented Languages
Ranganath et al. Pruning interference and ready dependence for slicing concurrent java programs
Feng et al. EXPLORER: query-and demand-driven exploration of interprocedural control flow properties
Tomb et al. Detecting inconsistencies via universal reachability analysis
Lawall et al. WYSIWIB: exploiting fine‐grained program structure in a scriptable API‐usage protocol‐finding process
Radoi et al. Effective techniques for static race detection in java parallel loops
EP2329375A1 (en) Method of analyzing a computer program
Sen et al. Online efficient predictive safety analysis of multithreaded programs
Entrup et al. ARA: Automatic Instance-Level Analysis in Real-Time Systems
Li Combining Static and Dynamic Analysis for Bug Detection and Program Understanding
Kersten et al. Improving coverage of test cases generated by symbolic pathfinder for programs with loops
Li et al. Detecting undefined behaviors in CUDA C

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09782871

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2009782871

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE