ABSTRACT
Assertions are helpful in program analysis, such as software testing and verification. The most challenging part of automatically recommending assertions is to design the assertion patterns and to insert assertions in proper locations. In this paper, we develop Weak-Assert1, a weakness-oriented assertion recommendation toolkit for program analysis of C code. A weakness-oriented assertion is an assertion which can help to find potential program weaknesses. Weak-Assert uses well-designed patterns to match the abstract syntax trees of source code automatically. It collects significant messages from trees and inserts assertions into proper locations of programs. These assertions can be checked by using program analysis techniques. The experiments are set up on Juliet test suite and several actual projects in Github. Experimental results show that Weak-Assert helps to find 125 program weaknesses in 26 actual projects. These weaknesses are confirmed manually to be triggered by some test cases.
The address of the abstract demo video is: https://youtu.be/_RWC4GJvRWc
- Roy Budhai, Brian Chen, Teresa Su, and Sheldon Sequeira. 2016. Testing application code changes using a state assertion framework. (2016).Google Scholar
- Montgomery Carter, Shaobo He, Jonathan Whitaker, and Michael Emmi. 2017. SMACK software verification toolchain. In Ieee/acm International Conference on Software Engineering Companion. 589--592. Google ScholarDigital Library
- Yao Hua Dong and Ji Dong Peng. 2010. The Realization of Page Load-stress Testing with LoadRunner. Journal of Jiangxi University of Science & Technology (2010).Google Scholar
- Github. {n. d.}. Github. https://github.com/. ({n. d.}).Google Scholar
- Thomas A Henzinger, Ranjit Jhala, Rupak Majumdar, and Grégoire Sutre. 2003. Software verification with BLAST. In Model Checking Software. Springer, 235--239. Google ScholarDigital Library
- Matthew Hicks, Cynthia Sturton, Samuel T King, and Jonathan M Smith. 2015. Specs: A lightweight runtime mechanism for protecting software from security-critical processor bugs. ACM SIGPLAN Notices 50, 4 (2015), 517--529. Google ScholarDigital Library
- Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Computing Surveys (CSUR) 41, 4 (2009), 21. Google ScholarDigital Library
- Yu Jiang, Hehua Zhang, Han Liu, William Hung, Xiaoyu Song, Ming Gu, and Jiaguang Sun. 2014. System reliability calculation based on the run-time analysis of ladder program. IEEE Transactions on Industrial Electronics (2014).Google Scholar
- Nick Langley. 2003. Winrunner automates app testing. Computer Weekly (2003).Google Scholar
- Erik Linstead, Paul Rigor, Sushil Bajracharya, Cristina Lopes, and Pierre F Baldi. 2008. Mining internet-scale software repositories. In Advances in neural information processing systems. 929--936. Google ScholarDigital Library
- H. Pham Long, Ly Ly Tran Thi, and Jun Sun. 2017. Assertion Generation through Active Learning. In Ieee/acm International Conference on Software Engineering Companion. 155--157. Google ScholarDigital Library
- Robert A Martin. 2007. Common weakness enumeration. Mitre Corporation (2007).Google Scholar
- NIST. {n. d.}. Software Assurance Reference Dataset. https://samate.nist.gov/SRD/testsuite.php. ({n. d.}).Google Scholar
- S. Schaub and B.A. Malloy. 2014. Comprehensive analysis of C++ applications using the libClang API. (2014).Google Scholar
- Shobha Vasudevan, David Sheridan, Sanjay Patel, and David Tcheng. 2010. Gold-Mine: Automatic assertion generation using data mining and static analysis. 46, 2 (2010), 626--629. Google ScholarDigital Library
- Cong Wang, Fei He, Xiaoyu Song, Yu Jiang, Ming Gu, and Jiaguang Sun. 2017. Assertion Recommendation for Formal Program Verification. In Computer Software and Applications Conference. 154--159.Google Scholar
- Hehua Zhang, Yu Jiang, William NN Hung, Xiaoyu Song, Ming Gu, and Jiaguang Sun. 2014. Symbolic analysis of programmable logic controllers. IEEE Trans. Comput. 63, 10 (2014), 2563--2575. Google ScholarDigital Library
- Rui Zhang, Natalie Stanley, Christopher Griggs, Andrew Chi, and Cynthia Sturton. 2017. Identifying Security Critical Properties for the Dynamic Verification of a Processor. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 541--554. Google ScholarDigital Library
Index Terms
Weak-assert: a weakness-oriented assertion recommendation toolkit for program analysis
Recommendations
Learning to assert yourself
This is a review of Creating Assertion-Based IP(by Harry D. Foster and Adam C. Krolnik)—a tutorial on creating assertion-based verification IP for real designs, applicable to various classes of design blocks found in today's systems. This book uses the ...
A Formally Verified Sorting Certifier
In this paper, we describe the use of the certification-trail technique as the basis of a hybrid framework for building formally verified software systems. Our technique involves formally verifying only a part of a software system; however, the ...
Test data as an aid in proving program correctness
Proofs of program correctness tend to be long and tedious, whereas testing, though useful in detecting errors, usually does not guarantee correctness. This paper introduces a technique whereby test data can be used in proving program correctness. In ...
Comments