Finding bugs in software with a constraint solver
Massachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Daniel N. Jackson.
MetadataShow full item record
We present a static technique for finding bugs in object-oriented procedures. It is capable of checking complex user-defined structural properties - that is, of the configuration of objects on the heap - and generates counterexample traces with no false alarms. It is modular, requires no user-provided abstractions, and is fully automatic. It is based on the Alloy modelling language and analyzer. The method relies on a three-step translation: from code to a formula in Alloy, which is a first-order relational logic, then to a propositional formula, and finally to conjunctive normal form. An off-the-shelf SAT solver is then used to find a solution that constitutes a counterexample. Modularity comes at the price of intermediate specifications. To minimize such annotations, the analysis contains a suite of optimizations that allow checking larger procedures with fewer annotations. The optimizations are based on a special treatment of relations that are known to be functional, and target all steps of the translation to CNF. Their effect is demonstrated with a prototype tool that can handle a subset of Java, by analyzing real code.
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2004.Includes bibliographical references (p. 99-101).
DepartmentMassachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.
Massachusetts Institute of Technology
Electrical Engineering and Computer Science.