A framework for the static verification of api calls

Spinellis, Diomidis; Λουρίδας, Πάνος

doi:10.1016/j.jss.2006.09.040

Cited by 13 publications

(9 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They used a formal language to define properties of the API and employed model checking to check for potential violations. Spinellis and Louridas in [11] proposed a framework for static verification of API calls as a complementary tool to runtime verification. In our previous work [12] an approach was proposed toward automatic generation of the RTM system; this includes modelling and verifying the RTM system independent of its interactions with application and device layers.…”

Section: Discussionmentioning

confidence: 99%

Verifying Cross-Layer Interactions Through Formal Model-Based Assertion Generation

Fathabadi

Dalvandi

Butler

et al. 2020

IEEE Embedded Syst. Lett.

View full text Add to dashboard Cite

Cross-layer runtime management (RTM) frameworks for embedded systems provide a set of standard APIs for communication between different system layers (i.e. RTM, applications and device) and simplify the development process by abstracting these layers. Integration of independently developed components of the system is an error-prone process that requires careful verification. In this paper, we propose a formal approach to integration testing through automatic generation of runtime assertions in order to test the implementation of the APIs. Our approach involves a formal model of the APIs, developed using the Event-B formal method which is automatically translated to a set of assertions and embedded in the existing implementation of APIs. The embedded assertions are used at runtime to check the correctness of the integration. 1

show abstract

Section: Discussionmentioning

confidence: 99%

Verifying Cross-Layer Interactions Through Formal Model-Based Assertion Generation

Fathabadi

Dalvandi

Butler

et al. 2020

IEEE Embedded Syst. Lett.

View full text Add to dashboard Cite

show abstract

“…The analysis does not consider libraries (i.e., part of a program that can be used by other parts in various ways). Spinellis and Louridas [SL07] discuss how adjunct verification code needs to be associated with API's to facilitate analysis. The verification code effectively models the application; but is restricted to each method in the API using pre/post conditions.…”

Section: Related Workmentioning

confidence: 99%

Combining type-analysis with points-to analysis for analyzing Java library source-code

Allen¹,

Krishnan²,

Scholz³

2015

Proceedings of the 4th ACM SIGPLAN International Workshop on State of the Art in Program Analysis

View full text Add to dashboard Cite

The predominant work in static program analysis is focused on whole program analysis assuming that the whole program is present at analysis time and the only unknowns are program inputs. However, for library designers it is of paramount importance to perform semantic checks via static program analysis tools without the presence of an application. The literature offers only little research on partial program analysis for object-oriented programming languages including Java. Analyzing libraries statically requires novel abstractions for all possible applications that are not known a-priori.In this work, we present a static program analysis technique that reasons about the state of the library by approximating the behaviour of all possible applications. The key contribution is (1) the combination of type-analysis with points-to analysis and (2) the development of a most-general application (MGA) as a type, which represents the interaction of the library with all possible applications.

show abstract

“…Spinellis and Louridas [30] extended FindBugs to better verify API call arguments, and found that FindBugs "contained a number of tests for the replace methods that were incorrect".…”

Section: Other Practical Toolsmentioning

confidence: 99%

A type system for regular expressions

Spishak

Dietl

Ernst

2012

Proceedings of the 14th Workshop on Formal Techniques for Java-Like Programs

View full text Add to dashboard Cite

Regular expressions are used to match and extract text. It is easy for developers to make syntactic mistakes when writing regular expressions, because regular expressions are often complex and different across programming languages. Such errors result in exceptions at run time, and there is currently no static support for preventing them.This paper describes practical experience designing and using a type system for regular expressions. This type system validates regular expression syntax and capturing group usage at compile time instead of at run time -ensuring the absence of PatternSyntaxExceptions from invalid syntax and IndexOutOfBoundsExceptions from accessing invalid capturing groups.Our implementation is publicly available and supports the full Java language. In an evaluation on five open-source Java applications (480kLOC), the type system was easy to use, required less than one annotation per two thousand lines, and found 56 previouslyunknown bugs.

show abstract

A framework for the static verification of api calls

Cited by 13 publications

References 47 publications

Verifying Cross-Layer Interactions Through Formal Model-Based Assertion Generation

Verifying Cross-Layer Interactions Through Formal Model-Based Assertion Generation

Combining type-analysis with points-to analysis for analyzing Java library source-code

A type system for regular expressions

Contact Info

Product

Resources

About