WO2000072153A1 - Weakest precondition analysis for computer programs - Google Patents

Weakest precondition analysis for computer programs Download PDF

Info

Publication number
WO2000072153A1
WO2000072153A1 PCT/US2000/014051 US0014051W WO0072153A1 WO 2000072153 A1 WO2000072153 A1 WO 2000072153A1 US 0014051 W US0014051 W US 0014051W WO 0072153 A1 WO0072153 A1 WO 0072153A1
Authority
WO
WIPO (PCT)
Prior art keywords
analysis
computer program
computer
candidates
defective
Prior art date
Application number
PCT/US2000/014051
Other languages
French (fr)
Inventor
Charles L. Mitchell
Mark L. Hall
Original Assignee
Microsoft Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corporation filed Critical Microsoft Corporation
Priority to AU50382/00A priority Critical patent/AU5038200A/en
Publication of WO2000072153A1 publication Critical patent/WO2000072153A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3608Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation

Definitions

  • This invention relates generally to analysis of computer programs for defects, and more particularly an improved weakest precondition analysis of computer programs for such defects.
  • a computer-implemented method includes first identifying a set of candidates of a computer program that are potentially defective, via a predetermined data flow analysis.
  • data flow analysis is coextensive with the terms program analysis and program structure analysis, such that either can be substituted for the term data flow analysis.
  • program analysis and program structure analysis such that either can be substituted for the term data flow analysis.
  • each of these candidates is examined via a weakest precondition analysis to determine whether the candidate actually is defective.
  • the invention includes systems, methods, computers, and computer- readable media of varying scope. Besides the embodiments, advantages and aspects of the invention described here, the invention also includes other embodiments, advantages and aspects, as will become apparent by reading and studying the drawings and the following description. BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 2 shows a block diagram of a method according to an embodiment of the invention.
  • FIG. 1 The description of FIG. 1 is intended to provide a brief, general description of suitable computer hardware and a suitable computing environment in conjunction with which the invention may be implemented.
  • the invention is described in the general context of computer-executable instructions, such as program modules, being executed by a computer, such as a personal computer.
  • program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types.
  • program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types.
  • the invention may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PC's, minicomputers, mainframe computers, and the like.
  • the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in both local and remote memory storage devices.
  • the exemplary hardware and operating environment of FIG. 1 for implementing the invention includes a general purpose computing device in the form of a computer 20, including a processing unit 21, a system memory 22, and a system bus 23 that operatively couples various system components include the system memory to the processing unit 21.
  • CPU central-processing unit
  • parallel processing environment commonly referred to as a parallel processing environment.
  • the computer 20 may be a conventional computer, a distributed computer, or any other type of computer; the invention is not so limited.
  • the system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
  • the system memory may also be referred to as simply the memory, and includes read only memory (ROM) 24 and random access memory (RAM) 25.
  • ROM read only memory
  • RAM random access memory
  • a basic input/output system (BIOS) 26 containing the basic routines that help to transfer information between elements within the computer 20, such as during start-up, is stored in ROM 24.
  • the computer 20 further includes a hard disk drive 27 for reading from and writing to a hard disk, not shown, a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to a removable optical disk 31 such as a CD ROM or other optical media.
  • the hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical disk drive interface 34, respectively.
  • the drives and their associated computer-readable media provide nonvolatile storage of computer-readable instructions, data structures, program modules and other data for the computer 20.
  • the computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as remote computer 49. These logical connections are achieved by a communication device coupled to or a part of the computer 20; the invention is not limited to a particular type of communications device.
  • the remote computer 49 may be another computer, a server, a router, a network PC, a client, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 20, although only a memory storage device 50 has been illustrated in FIG. 1.
  • the logical connections depicted in FIG. 1 include a local- area network (LAN) 51 and a wide-area network (WAN) 52.
  • LAN local- area network
  • WAN wide-area network
  • the computer 20 When used in a LAN-networking environment, the computer 20 is connected to the local network 51 through a network interface or adapter 53, which is one type of communications device.
  • the computer 20 When used in a WAN-networking environment, the computer 20 typically includes a modem 54, a type of communications device, or any other type of communications device for establishing communications over the wide area network 52, such as the Internal.
  • the modem 54 which may be internal or external, is connected to the system bus 23 via the serial port interface 46.
  • program modules depicted relative to the personal computer 20, or portions thereof may be stored in the remote memory storage device. It is appreciated that the network connections shown are exemplary and other means of and communications devices for establishing a communications link between the computers may be used.
  • the computer in conjunction with which embodiments of the invention may be practiced may be a conventional computer, a distributed computer, or any other type of computer; the invention is not so limited.
  • a computer typically includes one or more processing units as its processor, and a computer-readable medium such as a memory.
  • the computer may also include a communications device such as a network adapter or a modem, so that it is able to communicatively couple other computers.
  • Method In this section of the detailed description, a computer-implemented method according to an embodiment of the invention is described. The method may be the evaluate method as described in the previous section of the detailed description, in one embodiment. The description is provided in reference to FIG. 2.
  • the method is desirably realized at least in part as one or more programs running on a computer — that is, as a program executed from a computer- readable medium such as a memory by a processor of a computer.
  • the programs are desirably storable on a computer-readable medium such as a floppy disk or a CD-ROM, for distribution and installation and execution on another (suitably equipped) computer.
  • a source code of a computer program is received as input (that is, data representing the source code).
  • the source code is a textual description of a computer program — human-readable program statements written in a high-level or assembly language that are not directly readable by a computer.
  • the source code may be written in any type of computer language, such as C, C++, Java, Visual Basic, etc.
  • the source code may be stored on a hard disk drive, or another storage device, such that it is received as input by reading the code from the storage device, or it may be directly entered by a user on an input device of the computer such as a keyboard, or it may be received over a communication device, such as a modem or network adapter card, from another computer.
  • an intermediate form of the computer program is generated from the source code representation of the computer program input in 199. It is noted, however, that 200 is not required in all embodiments of the invention.
  • Such intermediate forms of computer programs include byte code representations (in the case of a computer program where the source code is written in Java), flow graph representations, and tree-based representations, as known to those of ordinary skill within the art.
  • a set of candidates of the computer program that are potentially defective is identified, by conducting a predetermined data flow analysis.
  • the predetermined data flow analysis is in one embodiment performed based on the intermediate form of the computer program generated in 200, although the invention is not necessarily so limited.
  • the set of candidates identified is for a predetermined type of defect.
  • a computer program may wish to seek all parts of the computer program that may contribute to performance bottlenecks when running the computer program.
  • the term candidate refers to a piece or section of the computer program that the predetermined data flow analysis has identified as potentially defective, as the latter term is defined by the computer programmer (e.g., a piece of section of the program is "defective" if it contributes to a performance bottleneck).
  • the predetermined data flow analysis in 202 in one embodiment, generally cannot with certainty determine whether a given candidate is actually defective; rather, it can only determine whether a given candidate is potentially defective. In other words, the predetermined data flow analysis "weeds out" those pieces, parts and sections of the computer program that are with certainty not defective, and instead identifies only those candidates of the program that may be defective. Desirably, the predetermined data flow analysis is a relatively quick analysis, as compared to, for example, weakest precondition analysis. It provides an initial screening of the computer program to determine candidates that are potentially defective, such that a subsequent analysis that may take longer to perform can be conducted against only those candidates, and not the entire program, as will be described in conjunction with 204.
  • the predetermined data flow analysis in 202 is not limited by the invention.
  • the analysis conducted in 202 is static single assignment analysis, whereas in another embodiment, the analysis is partial redundancy analysis, and both of these analyses are known in the art.
  • Static Single Assignment analysis is a program representation and analysis technique that ties all definitions of program variables with the locations of their use, using factoring (known as Phi- functions) to drastically reduce the amount of memory overhead required.
  • Partial Redundancy Analysis is a technique whereby certain Boolean equations regarding the "availability” and “partial availability” of computed program values are tracked for every program statement.
  • the system includes a set of computer programs 300, and three types of code of a computer program: the source code 302. the intermediate form 304, and the executable code 306. Each of these types of code may be stored as data on the same or different computer-readable media of a computer, such as a hard disk drive, random-access memory (RAM), etc.
  • the programs 300 include an editor program 308, a compiler program 310, and an analysis mechanism 312. Each of these programs is listed as separate for illustrative purposes only; in actuality, they may be separate from one another, or part of the same computer program.
  • the system of FIG. 3 may in one embodiment be a computer, such as the computer described in conjunction with FIG. 1, such that the computer includes a processor or processors, as known within the art. In another embodiment, the system of FIG. 3 may be such that each of the set of programs 300 is implemented in hardware, as opposed to software, as is desirably the case.
  • the analysis mechanism 312 identifies a set of candidates of the computer program that are potentially defective, via a predetermined data flow analysis, and then examines each of these candidates via a weakest precondition analysis, to determine whether each candidate actually is defective — as has been described in the previous section of the detailed description.
  • the analysis mechanism 312 identifies the set of candidates of the computer program that are potentially defective based on the intermediate form 304 thereof.
  • the editor 308 indicates within the source code 302 representation of the computer program each candidate determined to actually be defective by the analysis mechanism 312 — for example, by highlighting the section of source code corresponding to each defective candidate.

Abstract

Improved weakest conditions analysis. In one embodiment, a computer-implemented method including first identifying a set of candidates of a computer program that are potentially defective, via a predetermined data flow analysis. In one embodiment, the predetermined data flow analysis may be a static single assignment analysis, or a partial redundancy analysis. Next, each of these candidates is examined via a weakest precondition analysis to determine whether the candidate actually is defective. The end result is a faster analysis, because the weakest precondition analysis is only performed on those candidates that are deemed potentially defective by the initial predetermined data flow analysis performed.

Description

WEAKEST PRECONDITION ANALYSIS FOR COMPUTER PROGRAMS
FIELD OF THE INVENTION
This invention relates generally to analysis of computer programs for defects, and more particularly an improved weakest precondition analysis of computer programs for such defects.
BACKGROUND OF THE INVENTION Computer programs have become increasingly complex. A modern-day application program, such as a word processing program, developed for an operating system having a graphical user interface, such as a version of Microsoft Windows, can take many years to develop, with the joint efforts of a team of programmers. As a result, computer program analysis to identify defects in a program before it is released to the general public has become increasingly more important. Sophisticated analysis techniques have become available, to allow programmers to identify defects in their programs that may hinder the performance of the programs, or may even cause the programs to crash, reducing their reliability. One such computer program analysis technique is known as weakest precondition analysis. This is a type of program analysis that precisely tracks the algebraic properties of program variables (typically expressed as functions of other program variables) both before and after every statement in the program being analyzed. It is much more powerful than other program analysis techniques which keep track of only very simple properties of program variables (e.g. whether the variable contains a constant value).
A disadvantage with weakest precondition analysis, however, is that it generally requires a large amount of computer memory to analyze large programs, and thus may also require long periods of time to conduct the analysis. This reduces its usefulness for programmers, to the extent that they may not use weakest precondition analysis because of its time and memory constraints. For these and other reasons, there is a need for the present invention. SUMMARY OF THE INVENTION The invention provides for a considerable reduction in the time and memory required to analyze computer programs using weakest precondition analysis of computer programs. In one embodiment, a computer-implemented method includes first identifying a set of candidates of a computer program that are potentially defective, via a predetermined data flow analysis. As used herein, the term data flow analysis is coextensive with the terms program analysis and program structure analysis, such that either can be substituted for the term data flow analysis. Next, each of these candidates is examined via a weakest precondition analysis to determine whether the candidate actually is defective.
In this manner, embodiments of the invention provide for improved weakest precondition analysis. The weakest precondition analysis is not conducted over the entire computer program, but rather as to only those candidates within the computer program that have already been determined to be potentially defective. Desirably, the predetermined data flow analysis to determine such potentially defective candidates is a much quicker analysis than weakest precondition analysis. Thus, the initial identification of a set of candidates that are potentially defective means that the weakest precondition analysis will only be run as to those candidates that may be defective — and not, in other words, as to those candidates that are for certain not defective (as determined by the predetermined data flow analysis). This results in an analysis of the computer program that is relatively fast, but still utilizes weakest precondition analysis.
The invention includes systems, methods, computers, and computer- readable media of varying scope. Besides the embodiments, advantages and aspects of the invention described here, the invention also includes other embodiments, advantages and aspects, as will become apparent by reading and studying the drawings and the following description. BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows a diagram of the hardware and operating environment in conjunction with which embodiments of the invention may be practiced;
FIG. 2 shows a block diagram of a method according to an embodiment of the invention; and,
FIG. 3 shows a block diagram of a system according to one embodiment of the invention.
DETAILED DESCRIPTION In the following detailed description of exemplary embodiments of the invention, reference is made to the accompanying drawings which form a part hereof, and in which is shown by way of illustration specific exemplary embodiments in which the invention may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the invention, and it is to be understood that other embodiments may be utilized and that logical, mechanical, electrical and other changes may be made without departing from the spirit or scope of the present invention. The following detailed description is, therefore, not to be taken in a limiting sense, and the scope of the present invention is defined only by the appended claims. Hardware and Operating Environment Referring to FIG. 1, a diagram of the hardware and operating environment in conjunction with which embodiments of the invention may be practiced is shown. The description of FIG. 1 is intended to provide a brief, general description of suitable computer hardware and a suitable computing environment in conjunction with which the invention may be implemented. Although not required, the invention is described in the general context of computer-executable instructions, such as program modules, being executed by a computer, such as a personal computer. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. Moreover, those skilled in the art will appreciate that the invention may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PC's, minicomputers, mainframe computers, and the like. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote memory storage devices. The exemplary hardware and operating environment of FIG. 1 for implementing the invention includes a general purpose computing device in the form of a computer 20, including a processing unit 21, a system memory 22, and a system bus 23 that operatively couples various system components include the system memory to the processing unit 21. There may be only one or there may be more than one processing unit 21 , such that the processor of computer 20 comprises a single central-processing unit (CPU), or a plurality of processing units, commonly referred to as a parallel processing environment. The computer 20 may be a conventional computer, a distributed computer, or any other type of computer; the invention is not so limited. The system bus 23 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. The system memory may also be referred to as simply the memory, and includes read only memory (ROM) 24 and random access memory (RAM) 25. A basic input/output system (BIOS) 26, containing the basic routines that help to transfer information between elements within the computer 20, such as during start-up, is stored in ROM 24. The computer 20 further includes a hard disk drive 27 for reading from and writing to a hard disk, not shown, a magnetic disk drive 28 for reading from or writing to a removable magnetic disk 29, and an optical disk drive 30 for reading from or writing to a removable optical disk 31 such as a CD ROM or other optical media. The hard disk drive 27, magnetic disk drive 28, and optical disk drive 30 are connected to the system bus 23 by a hard disk drive interface 32, a magnetic disk drive interface 33, and an optical disk drive interface 34, respectively. The drives and their associated computer-readable media provide nonvolatile storage of computer-readable instructions, data structures, program modules and other data for the computer 20. It should be appreciated by those skilled in the art that any type of computer-readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, Bernoulli cartridges, random access memories (RAMs), read only memories (ROMs), and the like, may be used in the exemplary operating environment.
A number of program modules may be stored on the hard disk, magnetic disk 29, optical disk 31, ROM 24, or RAM 25, including an operating system 35, one or more application programs 36, other program modules 37, and program data 38. A user may enter commands and information into the personal computer 20 through input devices such as a keyboard 40 and pointing device 42. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 21 through a serial port interface 46 that is coupled to the system bus, but may be connected by other interfaces, such as a parallel port, game port, or a universal serial bus (USB). A monitor 47 or other type of display device is also connected to the system bus 23 via an interface, such as a video adapter 48. In addition to the monitor, computers typically include other peripheral output devices (not shown), such as speakers and printers. The computer 20 may operate in a networked environment using logical connections to one or more remote computers, such as remote computer 49. These logical connections are achieved by a communication device coupled to or a part of the computer 20; the invention is not limited to a particular type of communications device. The remote computer 49 may be another computer, a server, a router, a network PC, a client, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 20, although only a memory storage device 50 has been illustrated in FIG. 1. The logical connections depicted in FIG. 1 include a local- area network (LAN) 51 and a wide-area network (WAN) 52. Such networking environments are commonplace in office networks, enterprise-wide computer networks, intranets and the Internal, which are all types of networks.
When used in a LAN-networking environment, the computer 20 is connected to the local network 51 through a network interface or adapter 53, which is one type of communications device. When used in a WAN-networking environment, the computer 20 typically includes a modem 54, a type of communications device, or any other type of communications device for establishing communications over the wide area network 52, such as the Internal. The modem 54, which may be internal or external, is connected to the system bus 23 via the serial port interface 46. In a networked environment, program modules depicted relative to the personal computer 20, or portions thereof, may be stored in the remote memory storage device. It is appreciated that the network connections shown are exemplary and other means of and communications devices for establishing a communications link between the computers may be used. The hardware and operating environment in conjunction with which embodiments of the invention may be practiced has been described. The computer in conjunction with which embodiments of the invention may be practiced may be a conventional computer, a distributed computer, or any other type of computer; the invention is not so limited. Such a computer typically includes one or more processing units as its processor, and a computer-readable medium such as a memory. The computer may also include a communications device such as a network adapter or a modem, so that it is able to communicatively couple other computers. Method In this section of the detailed description, a computer-implemented method according to an embodiment of the invention is described. The method may be the evaluate method as described in the previous section of the detailed description, in one embodiment. The description is provided in reference to FIG. 2. The method is desirably realized at least in part as one or more programs running on a computer — that is, as a program executed from a computer- readable medium such as a memory by a processor of a computer. The programs are desirably storable on a computer-readable medium such as a floppy disk or a CD-ROM, for distribution and installation and execution on another (suitably equipped) computer.
Referring now to FIG. 2, in 199, a source code of a computer program is received as input (that is, data representing the source code). The source code is a textual description of a computer program — human-readable program statements written in a high-level or assembly language that are not directly readable by a computer. The source code may be written in any type of computer language, such as C, C++, Java, Visual Basic, etc. The source code may be stored on a hard disk drive, or another storage device, such that it is received as input by reading the code from the storage device, or it may be directly entered by a user on an input device of the computer such as a keyboard, or it may be received over a communication device, such as a modem or network adapter card, from another computer. The invention is not so limited. It is noted that the other steps/acts of the method, as described below, do not necessarily require code; the invention itself is only limited as by the appended claims. In 200, an intermediate form of the computer program is generated from the source code representation of the computer program input in 199. It is noted, however, that 200 is not required in all embodiments of the invention. Such intermediate forms of computer programs include byte code representations (in the case of a computer program where the source code is written in Java), flow graph representations, and tree-based representations, as known to those of ordinary skill within the art.
In 202, a set of candidates of the computer program that are potentially defective is identified, by conducting a predetermined data flow analysis. The predetermined data flow analysis is in one embodiment performed based on the intermediate form of the computer program generated in 200, although the invention is not necessarily so limited. Generally, the set of candidates identified is for a predetermined type of defect. For example, a computer program may wish to seek all parts of the computer program that may contribute to performance bottlenecks when running the computer program. The term candidate refers to a piece or section of the computer program that the predetermined data flow analysis has identified as potentially defective, as the latter term is defined by the computer programmer (e.g., a piece of section of the program is "defective" if it contributes to a performance bottleneck).
The predetermined data flow analysis in 202, in one embodiment, generally cannot with certainty determine whether a given candidate is actually defective; rather, it can only determine whether a given candidate is potentially defective. In other words, the predetermined data flow analysis "weeds out" those pieces, parts and sections of the computer program that are with certainty not defective, and instead identifies only those candidates of the program that may be defective. Desirably, the predetermined data flow analysis is a relatively quick analysis, as compared to, for example, weakest precondition analysis. It provides an initial screening of the computer program to determine candidates that are potentially defective, such that a subsequent analysis that may take longer to perform can be conducted against only those candidates, and not the entire program, as will be described in conjunction with 204.
The predetermined data flow analysis in 202 is not limited by the invention. In one embodiment, the analysis conducted in 202 is static single assignment analysis, whereas in another embodiment, the analysis is partial redundancy analysis, and both of these analyses are known in the art. However, the invention is not so limited. Static Single Assignment analysis is a program representation and analysis technique that ties all definitions of program variables with the locations of their use, using factoring (known as Phi- functions) to drastically reduce the amount of memory overhead required.
Partial Redundancy Analysis is a technique whereby certain Boolean equations regarding the "availability" and "partial availability" of computed program values are tracked for every program statement.
Next, in 204, each of the set of candidates identified in 202 is examined via a weakest precondition analysis, to determine whether each candidate is actually defective. Weakest precondition analysis has been described in the background section, and is known in the art. Thus, in 204, the set of candidates identified in 202 as potentially defective is subjected to a stronger, more accurate analysis to narrow the set of candidates to those that are actually defective. Because the weakest precondition analysis is relatively slower to conduct, it is thus only subjected to candidates that the weaker, faster data flow analysis in 202 has flagged as potentially defective. Candidates that are for certain not defective, as indicated by the analysis in 202, are not subjected to weakest precondition analysis in 204, thus saving time and memory, and providing embodiments of the invention with advantages over the prior art.
Finally, in 206, the candidates determined to actually be defective in 204 are output (that is, the data representing such candidates). In one embodiment, these candidates are displayed on a display device — for example, in the context of an editor program for developers to write source code of the computer program, the corresponding part of the source code to a given defective candidate of the program is highlighted for the developer. In another embodiment, the candidates are printed on a printer, for inspection and study by the developer. The invention is not so limited, however. System In this section of the detailed description, a system according to an embodiment of the invention is described. The system can in one embodiment be implemented on a computer as is described in the previous section. Further, description of the system of one embodiment is made in reference to FIG. 3. Referring now to FIG. 3, a system according to one embodiment of the invention is shown. The system includes a set of computer programs 300, and three types of code of a computer program: the source code 302. the intermediate form 304, and the executable code 306. Each of these types of code may be stored as data on the same or different computer-readable media of a computer, such as a hard disk drive, random-access memory (RAM), etc. The programs 300 include an editor program 308, a compiler program 310, and an analysis mechanism 312. Each of these programs is listed as separate for illustrative purposes only; in actuality, they may be separate from one another, or part of the same computer program. The system of FIG. 3 may in one embodiment be a computer, such as the computer described in conjunction with FIG. 1, such that the computer includes a processor or processors, as known within the art. In another embodiment, the system of FIG. 3 may be such that each of the set of programs 300 is implemented in hardware, as opposed to software, as is desirably the case.
The editor 308 is that program in which the source code 302 representation of a computer program is able to be created and modified, for example, by a programmer. The compiler 310 compiles the source code 302 representation of the computer program to the executable form 306 thereof; in one specific embodiment, it also generates an intermediate form 304 of the program, as has been described in the previous section of the detailed description. Generally, the executable form 306 refers to machine code that can be directly executed by the system=s processor, but also can refer to assembly language source code or a varation of machine code, as those of ordinary skill within the art can appreciate. The analysis mechanism 312 identifies a set of candidates of the computer program that are potentially defective, via a predetermined data flow analysis, and then examines each of these candidates via a weakest precondition analysis, to determine whether each candidate actually is defective — as has been described in the previous section of the detailed description. In the embodiment where the compiler 310 generates an intermediate form 304 of the program, the analysis mechanism 312 identifies the set of candidates of the computer program that are potentially defective based on the intermediate form 304 thereof. Furthermore, in one embodiment, the editor 308 indicates within the source code 302 representation of the computer program each candidate determined to actually be defective by the analysis mechanism 312 — for example, by highlighting the section of source code corresponding to each defective candidate.
Conclusion Improved weakest condition analysis has been described. Although specific embodiments have been illustrated and described herein, it will be appreciated by those of ordinary skill in the art that any arrangement which is calculated to achieve the same purpose may be substituted for the specific embodiments shown. This application is intended to cover any adaptations or variations of the present invention. Therefore, it is manifestly intended that this invention be limited only by the following claims and equivalents thereof.

Claims

What is claimed is:
1. A computer-implemented method for analyzing a computer program comprising: identifying a set of candidates of the computer program that are potentially defective via a predetermined data flow analysis; and, examining each of the set of candidates via a weakest precondition analysis to determine whether the candidate actually is defective.
2. The method of claim 1, further initially comprising generating an intermediate form of the computer program from a source code representation of the computer program such that identification of the set of candidates of the computer program is conducted based on the intermediate form of the computer program.
3. The method of claim 2, wherein the intermediate form comprises one of: a byte code representation, a flow graph representation, and a tree-based representation.
4. The method of claim 1, wherein the set of candidates identified is for a predetermined type of defect.
5. The method of claim 1, wherein the predetermined data flow analysis comprises one of: static single assignment analysis and partial redundancy analysis.
6. The method of claim 1, further comprising: initially receiving data representing a computer program; and, outputting data representing each candidate determined to actually be defective.
7. The method of claim 6, wherein outputting data comprises one of: printing the data on a printer and outputting the data on a display device.
8. A computerized system comprising: an editor in which a source code representation of a computer program is able to be created and modified; a compiler program to compile the computer program from the source code representation thereof to an executable form thereof; and, an analysis mechanism to identify a set of candidates of the computer program that are potentially defective via a predetermined data flow analysis, and examine each of the set of candidates via a weakest precondition analysis to determine whether the candidate actually is defective.
9. The system of claim 8, wherein the compiler program is further to generate an intermediate form of the computer program from the source code representation thereof, and the analysis mechanism is to identify the set of candidates of the computer program based on the intermediate form thereof.
10. The system of claim 8, wherein the predetermined data flow analysis comprises one of: static single assignment analysis and partial redundancy analysis.
11. The system of claim 8, wherein the editor is to indicate within the source code representation of the computer program each candidate determined to actually be defective by the analysis mechanism.
12. A computer comprising: a processor; a computer-readable medium; data stored on the medium and representing a source code representation of a computer program; data stored on the medium and representing a executable form of the computer program; an editor program executed by the processor from the medium in which the source code representation of the computer program is able to be created and modified; a compiler program executed by the processor from the medium to compile the computer program from the source code representation thereof to the executable form thereof; and, an analysis program executed by the processor from the medium to identify a set of candidates of the computer program that are potentially defective via a predetermined data flow analysis, and examine each of the set of candidates via a weakest precondition analysis to determine whether the candidate actually is defective.
13. The computer of claim 12, wherein the compiler program is further to generate an intermediate form of the computer program from the source code representation thereof, and the analysis mechanism is to identify the set of candidates of the computer program based on the intermediate form thereof.
14. The computer of claim 12, wherein the predetermined data flow analysis comprises one of: static single assignment analysis and partial redundancy analysis.
15. The computer of claim 12, wherein the editor is to indicate within the source code representation of the computer program each candidate determined to actually be defective by the analysis mechanism.
16. A computer-readable medium having a computer program stored thereon to cause a computer to perform a method comprising: identifying a set of candidates of the computer program that are potentially defective via a predetermined data flow analysis; and, examining each of the set of candidates via a weakest precondition analysis to determine whether the candidate actually is defective.
17. The medium of claim 16, wherein the method further initially comprising generating an intermediate form of the computer program from a source code representation of the computer program such that identification of the set of candidates of the computer program is conducted based on the intermediate form of the computer program.
18. The medium of claim 16, wherein the set of candidates identified is for a predetermined type of defect.
19. The medium of claim 16, wherein the predetermined data flow analysis comprises one of: static single assignment analysis and partial redundancy analysis.
20. The medium of claim 16, further comprising: initially receiving data representing a computer program; and, outputting data representing each candidate determined to actually be defective.
21. A computerized system comprising: means for identifying a set of candidates of a computer program that are potentially defective via a predetermined data flow analysis; and means for examining each of the set of candidates via a weakest precondition analysis to determine whether the candidate actually is defective.
22. The computer system of claim 21 wherein the set of candidates comprises program variables.
23. The computer system of claim 21 and further comprising means for generating an intermediate form of the computer program from a source code representation of the computer program such that identification of the set of candidates of the computer program is conducted based on the intermediate form of the computer program.
24. The computer system of claim 21 wherein the predetermined data flow analysis comprises one of: static single analysis and partial redundancy analysis.
PCT/US2000/014051 1999-05-21 2000-05-22 Weakest precondition analysis for computer programs WO2000072153A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU50382/00A AU5038200A (en) 1999-05-21 2000-05-22 Weakest precondition analysis for computer programs

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/316,684 1999-05-21
US09/316,684 US6374368B1 (en) 1999-05-21 1999-05-21 Weakest precondition analysis

Publications (1)

Publication Number Publication Date
WO2000072153A1 true WO2000072153A1 (en) 2000-11-30

Family

ID=23230189

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/014051 WO2000072153A1 (en) 1999-05-21 2000-05-22 Weakest precondition analysis for computer programs

Country Status (3)

Country Link
US (1) US6374368B1 (en)
AU (1) AU5038200A (en)
WO (1) WO2000072153A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7024661B2 (en) * 2000-01-07 2006-04-04 Hewlett-Packard Development Company, L.P. System and method for verifying computer program correctness and providing recoverable execution trace information
US6810495B2 (en) * 2001-03-30 2004-10-26 International Business Machines Corporation Method and system for software rejuvenation via flexible resource exhaustion prediction
US7120898B2 (en) 2003-06-26 2006-10-10 Microsoft Corporation Intermediate representation for multiple exception handling models
US7685581B2 (en) * 2003-06-27 2010-03-23 Microsoft Corporation Type system for representing and checking consistency of heterogeneous program components during the process of compilation
US7146606B2 (en) * 2003-06-26 2006-12-05 Microsoft Corporation General purpose intermediate representation of software for software development tools
US7305666B2 (en) * 2003-07-23 2007-12-04 Microsoft Corporation Description language for an extensible compiler and tools infrastructure
US7707566B2 (en) 2003-06-26 2010-04-27 Microsoft Corporation Software development infrastructure
US7559050B2 (en) * 2003-06-30 2009-07-07 Microsoft Corporation Generating software development tools via target architecture specification
US7086041B2 (en) * 2003-06-27 2006-08-01 Microsoft Corporation Extensible type system for representing and checking consistency of program components during the process of compilation
US7788652B2 (en) * 2003-06-27 2010-08-31 Microsoft Corporation Representing type information in a compiler and programming tools framework
US8516452B2 (en) * 2009-12-08 2013-08-20 International Business Machines Corporation Feedback-directed call graph expansion
US9507945B2 (en) 2013-04-01 2016-11-29 The Johns Hopkins University Method and apparatus for automated vulnerability detection

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0685792A1 (en) * 1994-06-01 1995-12-06 AT&T Corp. Model checking with state space reduction
US5822588A (en) * 1995-06-09 1998-10-13 Sun Microsystem, Inc. System and method for checking the use of synchronization locks in a multi-threaded target program

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6029002A (en) * 1995-10-31 2000-02-22 Peritus Software Services, Inc. Method and apparatus for analyzing computer code using weakest precondition
US5987252A (en) * 1997-09-19 1999-11-16 Digital Equipment Corporation Method and apparatus for statically analyzing a computer program for data dependencies

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0685792A1 (en) * 1994-06-01 1995-12-06 AT&T Corp. Model checking with state space reduction
US5822588A (en) * 1995-06-09 1998-10-13 Sun Microsystem, Inc. System and method for checking the use of synchronization locks in a multi-threaded target program

Also Published As

Publication number Publication date
US6374368B1 (en) 2002-04-16
AU5038200A (en) 2000-12-12

Similar Documents

Publication Publication Date Title
US7526758B2 (en) Execution failure investigation using static analysis
US7484205B2 (en) Preprocessor-based source code instrumentation
US6820256B2 (en) System and method for whole-system program analysis
Hanenberg An experiment about static and dynamic type systems: Doubts about the positive impact of static type systems on development time
US6662359B1 (en) System and method for injecting hooks into Java classes to handle exception and finalization processing
Burdy et al. An overview of JML tools and applications
Whaley et al. Automatic extraction of object-oriented component interfaces
US5742754A (en) Software testing apparatus and method
US8132156B2 (en) Methods and systems for testing tool with comparative testing
US7353427B2 (en) Method and apparatus for breakpoint analysis of computer programming code using unexpected code path conditions
US20080276223A1 (en) Dynamic Source Code Analyzer
Lindahl et al. Detecting software defects in telecom applications through lightweight static analysis: A war story
US20040054991A1 (en) Debugging tool and method for tracking code execution paths
US6374368B1 (en) Weakest precondition analysis
Sotirov Automatic vulnerability detection using static source code analysis
JP2006185211A (en) Program analysis system, test execution device, and analysis method and program thereof
US10599852B2 (en) High performance software vulnerabilities detection system and methods
KR20030042319A (en) Method of parallel loop transformation for on-the-fly race detection in parallel program
US7322026B2 (en) Scoring assertions
US5764883A (en) System and method for checking for dynamic resource misuse in a computer program
US20070142929A1 (en) Specifying optional and default values for method parameters
Anderson et al. TESLA: temporally enhanced system logic assertions
Burgess The automated generation of test cases for compilers
Tasiran et al. Location pairs: a test coverage metric for shared-memory concurrent programs
Chen et al. Testing and verification of compilers (Dagstuhl Seminar 17502)

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP