Article

Inference and enforcement of data structure consistency specifications

Authors:
Brian Demsky

University of California at Irvine, Irvine, CA

University of California at Irvine, Irvine, CA
View Profile

,
Michael D. Ernst

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA
View Profile

,
Philip J. Guo

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA
View Profile

,
Stephen McCamant

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA
View Profile

,
Jeff H. Perkins

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA
View Profile

,
Martin Rinard

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA

MIT Computer Science and Artificial Intelligence Lab, Cambridge, MA
View Profile

ISSTA '06: Proceedings of the 2006 international symposium on Software testing and analysisJuly 2006Pages 233–244https://doi.org/10.1145/1146238.1146266

Published:21 July 2006Publication History

ISSTA '06: Proceedings of the 2006 international symposium on Software testing and analysis

Pages 233–244

ABSTRACT

Corrupt data structures are an important cause of unacceptable program execution. Data structure repair (which eliminates inconsistencies by updating corrupt data structures to conform to consistency constraints) promises to enable many programs to continue to execute acceptably in the face of otherwise fatal data structure corruption errors. A key issue is obtaining an accurate and comprehensive data structure consistency specification. We present a new technique for obtaining data structure consistency specifications for data structure repair. Instead of requiring the developer to manually generate such specifications, our approach automatically generates candidate data structure consistency properties using the Daikon invariant detection tool. The developer then reviews these properties, potentially rejecting or generalizing overly specific properties to obtain a specification suitable for automatic enforcement via data structure repair. We have implemented this approach and applied it to three sizable benchmark programs: CTAS (an air-traffic control system), BIND (a widely-used Internet name server) and Freeciv (an interactive game). Our results indicate that (1) automatic constraint generation produces constraints that enable programs to execute successfully through data structure consistency errors, (2) compared to manual specification, automatic generation can produce more comprehensive sets of constraints that cover a larger range of data structure consistency properties, and (3) reviewing the properties is relatively straightforward and requires substantially less programmer effort than manual generation, primarily because it reduces the need to examine the program text to understand its operation and extract the relevant consistency constraints. Moreover, when evaluated by a hostile third party "Red Team" contracted to evaluate the effectiveness of the technique, our data structure inference and enforcement tools successfully prevented several otherwise fatal attacks.

References

C. Boyapati, S. Khurshid, and D. Marinov. Korat: automated testing based on Java predicates. In Proceedings of the 2002 ACM SIGSOFT International Symposium on Software Testing and Analysis, 2002.]] Google ScholarDigital Library
G. Candea and A. Fox. Recursive restartability: Turning the reboot sledgehammer into a scalpel. In HotOS-VIII, pages 110--115, May 2001.]] Google ScholarDigital Library
S. Ceri, P. Fraternali, S. Paraboschi, and L. Tanca. Automatic generation of production rules for integrity maintenance. ACM Transactions on Database Systems, 19(3), September 1994.]] Google ScholarDigital Library
S. Ceri and J. Widom. Deriving production rules for constraint maintenance. In Very Large Data Bases, pages 566--577, 1990.]] Google ScholarDigital Library
J. Choi, K. Lee, A. Loginov, R. O'Callahan, V. Sarkar, and M. Sridharan. Efficient and precise datarace detection for multithreaded object-oriented programs. In Proceedings of the SIGPLAN '02 Conference on Programming Languages Design and Implementation, 2002.]] Google ScholarDigital Library
J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera: Extracting finite-state models from Java source code. In Proceedings of the 22nd International Conference on Software Engineering, 2000.]] Google ScholarDigital Library
P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proceedings of the Fourth Annual ACM Symposium on Principles of Programming Languages, pages 238--252, Los Angeles, CA, 1977.]] Google ScholarDigital Library
Center-TRACON automation system. http://www.ctas.arc.nasa.gov/.]]Google Scholar
D. Litman and A. Mishra and P. Patel-Schneider. Modeling dynamic collections of interdependent objects using path-based rules. In Proceedings of the 12th Annual Conference on Object-Oriented Programming Systems, Languages and Applications, October 1997.]] Google ScholarDigital Library
M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. In Proceedings of the SIGPLAN '02 Conference on Programming Languages Design and Implementation, 2002.]] Google ScholarDigital Library
B. Demsky, C. Cadar, D. Roy, and M. Rinard. Efficient specification-assisted error localization. In Proceedings of the Second International Workshop on Dynamic Analysis, May 2004.]]Google ScholarCross Ref
B. Demsky and M. Rinard. Automatic detection and repair of errors in data structures. In Annual Conference on Object-Oriented Programming Systems, Languages and Applications, October 2003.]] Google ScholarDigital Library
B. Demsky and M. Rinard. Data structure repair using goal-directed reasoning. In Proceedings of the 27th International Conference on Software Engineering, 2005.]] Google ScholarDigital Library
N. Dor, M. Rodeh, and M. Sagiv. CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI), 2003.]] Google ScholarDigital Library
M. D. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin. Dynamically discovering likely program invariants to support program evolution. IEEE Transactions on Software Engineering, 27(2):99--123, Feb. 2001. A previous version appeared in ICSE '99, Proceedings of the 21st International Conference on Software Engineering, pages 213--224, Los Angeles, CA, USA, May 19-21, 1999.]] Google ScholarDigital Library
M. D. Ernst, A. Czeisler, W. G. Griswold, and D. Notkin. Quickly detecting relevant program invariants. In ICSE 2000, Proceedings of the 22nd International Conference on Software Engineering, pages 449--458, Limerick, Ireland, June 7-9, 2000.]] Google ScholarDigital Library
J. Gray and A. Reuter. Transaction Processing: Concepts and Techniques. Morgan Kaufmann, 1993.]] Google ScholarDigital Library
T. Griffin, H. Trickey, and C. Tuckey. Generating update constraints from PRL5.0 specifications. Preliminary report presented at AT&T Database Day, Sept. 1992.]]Google Scholar
P. J. Guo. Fjalar: A dynamic analysis framework for C and C++ programs. http://pag.csail.mit.edu/fjalar/.]]Google Scholar
P. J. Guo, J. H. Perkins, S. McCamant, and M. D. Ernst. Dynamic inference of abstract types. In ISSTA 2006, Proceedings of the 2006 International Symposium on Software Testing and Analysis, Portland, ME, USA, July 18-20, 2006.]] Google ScholarDigital Library
N. Gupta, L. Jagadeesan, E. Koutsofios, and D. Weiss. Auditdraw: Generating audits the FAST way. In Proceedings of the 19th International Conference on Software Engineering, 1997.]]Google ScholarCross Ref
S. Hallem, B. Chelf, Y. Xie, and D. Engler. A system and language for building system-specific, static analyses. In Proceedings of the SIGPLAN '02 Conference on Programming Languages Design and Implementation, 2002.]] Google ScholarDigital Library
G. Haugk, F. Lax, R. Royer, and J. Williams. The 5ESS(TM) switching system: Maintenance capabilities. AT&T Technical Journal, 64(6 part 2):1385--1416, July-August 1985.]]Google Scholar
R. Hoover. Incremental computation as a programming abstraction. In Proceedings of the SIGPLAN '92 Conference on Programming Languages Design and Implementation, 1992.]] Google ScholarDigital Library
M. K. Johnson. Whitepaper: Red Hat's new journaling file system: ext3. http://www.redhat.com/support/wpapers/redhat/ext3/index.html, 2001.]]Google Scholar
V. Kuncak, H. H. Nguyen, and M. Rinard. An algorithm for deciding BAPA: Boolean Algebra with Presburger Arithmetic. In 20th International Conference on Automated Deduction, CADE-20, Tallinn, Estonia, July 2005.]] Google ScholarDigital Library
D. A. Ladd and J. C. Ramming. Two application languages in software production. In Proceedings of the 1994 USENIX Symposium on Very High Level Language, October 1994.]] Google ScholarDigital Library
G. Lopez. The Design and Implementation of Kaleidoscope, A Constraint Imperative Programming Language. PhD thesis, University of Washington, April 1997.]] Google ScholarDigital Library
A. Mishra, J. Ros, A. Singhal, G. Weiss, D. Litman, P. Patel-Schneider, D. Dvorak, and J. Crawford. R++: Using rules in object-oriented designs. In Proceedings of the 11th Annual Conference on Object-Oriented Programming Systems, Languages and Applications, July 1996.]]Google Scholar
S. Mourad and D. Andrews. On the reliability of the IBM MVS/XA operating system. Transactions on Software Engineering, September 1987.]] Google ScholarDigital Library
D. A. Patterson, A. Brown, P. Broadwell, G. Candea, M. Chen, J. Cutler, P. Enriquez, A. Fox, E. Kiciman, M. Merzbacher, D. Oppenheimer, N. Sastry, W. Tetzlaff, J. Traupman, and N. Treuhaft. Recovery-oriented computing (ROC): Motivation, definition, techniques, and case studies. Technical Report UCB//CSD-02-1175, UC Berkeley Computer Science, March 15, 2002.]] Google ScholarDigital Library
M. Rinard, C. Cadar, D. Dumitran, D.M. Roy, T. Leu, and J. William S. Beebee. Enhancing server availability and security through failure-oblivious computing. In Proceedings of the 6th Symposium on Operating Systems Design and Implementation, 2004.]] Google ScholarDigital Library
M. Rosenblum and J. Ousterhout. The design and implementation of a log-structured file system. In Symposium on Operating Systems Principles, Oct. 1991.]] Google ScholarDigital Library
S. D. Urban and L. M. Delcambre. Constraint analysis: A design process for specifying operations on objects. IEEE Transactions on Knowledge and Data Engineering, 2(4), December 1990.]] Google ScholarDigital Library
D. Wagner, J. S. Foster, E. A. Brewer, and A. Aiken. A first step towards automated detection of buffer overrun vulnerabilities. In Proceedings of the Year 2000 Network and Distributed System Security Symposium, 2000.]]Google Scholar
Y. M. Wang, Y. Huang, K. P. Vo, P. Y. Chung, and C. Kintala. Checkpointing and its applications. In Proceedings of the 25th Fault-Tolerant Computing Symposium, 2005.]] Google ScholarDigital Library
T. Wies, V. Kuncak, P. Lam, A. Podelski, and M. Rinard. Field constraint analysis. In Proc. Int. Conf. Verification, Model Checking, and Abstract Interpratation, 2006.]] Google ScholarDigital Library

Index Terms

Inference and enforcement of data structure consistency specifications
1. Software and its engineering
  1. Software creation and management
    1. Software verification and validation
      1. Software defect analysis
        Software testing and debugging
  2. Software notations and tools
    1. General programming languages
      1. Language features

Recommendations

Data structure repair using goal-directed reasoning
ICSE '05: Proceedings of the 27th international conference on Software engineering

Data structure repair is a promising technique for enabling programs to execute successfully in the presence of otherwise fatal data structure corruption errors. Previous research in this field relied on the developer to write a specification to ...
Read More
Automatic detection and repair of errors in data structures
Special Issue: Proceedings of the OOPSLA '03 conference

We present a system that accepts a specification of key data structure consistency constraints, then dynamically detects and repairs violations of these constraints, enabling the program to continue to execute productively even in the face of otherwise ...
Read More
Contract-based data structure repair using alloy
ECOOP'10: Proceedings of the 24th European conference on Object-oriented programming

Contracts and specifications have long been used in object-oriented design, programming and testing to enhance reliability before software deployment. However, the use of specifications in deployed software is commonly limited to runtime checking where ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ISSTA '06: Proceedings of the 2006 international symposium on Software testing and analysis
July 2006
274 pages
ISBN:1595932631
DOI:10.1145/1146238
General Chair:
Lori Pollock
University of Delaware, USA
,
Program Chair:
Mauro Pezzè
Università degli Studi di Milano Bicocca, Italy
Copyright © 2006 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 21 July 2006
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
data structure repair
dynamic invariant detection
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate58of213submissions,27%
Upcoming Conference
ISSTA '24

Sponsor:

sigsoft

33rd ACM SIGSOFT International Symposium on Software Testing and Analysis

September 16 - 20, 2024

Vienna , Austria
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 100
  Total Citations
  View Citations
- 527
  Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)0
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Inference and enforcement of data structure consistency specifications

ISSTA '06: Proceedings of the 2006 international symposium on Software testing and analysis

ABSTRACT

References

Cited By

Index Terms

Recommendations

Data structure repair using goal-directed reasoning

Automatic detection and repair of errors in data structures

Contract-based data structure repair using alloy