skip to main content
10.1145/3183440.3183471acmconferencesArticle/Chapter ViewAbstractPublication PagesicseConference Proceedingsconference-collections
demonstration

Weak-assert: a weakness-oriented assertion recommendation toolkit for program analysis

Published:27 May 2018Publication History

ABSTRACT

Assertions are helpful in program analysis, such as software testing and verification. The most challenging part of automatically recommending assertions is to design the assertion patterns and to insert assertions in proper locations. In this paper, we develop Weak-Assert1, a weakness-oriented assertion recommendation toolkit for program analysis of C code. A weakness-oriented assertion is an assertion which can help to find potential program weaknesses. Weak-Assert uses well-designed patterns to match the abstract syntax trees of source code automatically. It collects significant messages from trees and inserts assertions into proper locations of programs. These assertions can be checked by using program analysis techniques. The experiments are set up on Juliet test suite and several actual projects in Github. Experimental results show that Weak-Assert helps to find 125 program weaknesses in 26 actual projects. These weaknesses are confirmed manually to be triggered by some test cases.

The address of the abstract demo video is: https://youtu.be/_RWC4GJvRWc

References

  1. Roy Budhai, Brian Chen, Teresa Su, and Sheldon Sequeira. 2016. Testing application code changes using a state assertion framework. (2016).Google ScholarGoogle Scholar
  2. Montgomery Carter, Shaobo He, Jonathan Whitaker, and Michael Emmi. 2017. SMACK software verification toolchain. In Ieee/acm International Conference on Software Engineering Companion. 589--592. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Yao Hua Dong and Ji Dong Peng. 2010. The Realization of Page Load-stress Testing with LoadRunner. Journal of Jiangxi University of Science & Technology (2010).Google ScholarGoogle Scholar
  4. Github. {n. d.}. Github. https://github.com/. ({n. d.}).Google ScholarGoogle Scholar
  5. Thomas A Henzinger, Ranjit Jhala, Rupak Majumdar, and Grégoire Sutre. 2003. Software verification with BLAST. In Model Checking Software. Springer, 235--239. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Matthew Hicks, Cynthia Sturton, Samuel T King, and Jonathan M Smith. 2015. Specs: A lightweight runtime mechanism for protecting software from security-critical processor bugs. ACM SIGPLAN Notices 50, 4 (2015), 517--529. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Ranjit Jhala and Rupak Majumdar. 2009. Software model checking. ACM Computing Surveys (CSUR) 41, 4 (2009), 21. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Yu Jiang, Hehua Zhang, Han Liu, William Hung, Xiaoyu Song, Ming Gu, and Jiaguang Sun. 2014. System reliability calculation based on the run-time analysis of ladder program. IEEE Transactions on Industrial Electronics (2014).Google ScholarGoogle Scholar
  9. Nick Langley. 2003. Winrunner automates app testing. Computer Weekly (2003).Google ScholarGoogle Scholar
  10. Erik Linstead, Paul Rigor, Sushil Bajracharya, Cristina Lopes, and Pierre F Baldi. 2008. Mining internet-scale software repositories. In Advances in neural information processing systems. 929--936. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. H. Pham Long, Ly Ly Tran Thi, and Jun Sun. 2017. Assertion Generation through Active Learning. In Ieee/acm International Conference on Software Engineering Companion. 155--157. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Robert A Martin. 2007. Common weakness enumeration. Mitre Corporation (2007).Google ScholarGoogle Scholar
  13. NIST. {n. d.}. Software Assurance Reference Dataset. https://samate.nist.gov/SRD/testsuite.php. ({n. d.}).Google ScholarGoogle Scholar
  14. S. Schaub and B.A. Malloy. 2014. Comprehensive analysis of C++ applications using the libClang API. (2014).Google ScholarGoogle Scholar
  15. Shobha Vasudevan, David Sheridan, Sanjay Patel, and David Tcheng. 2010. Gold-Mine: Automatic assertion generation using data mining and static analysis. 46, 2 (2010), 626--629. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Cong Wang, Fei He, Xiaoyu Song, Yu Jiang, Ming Gu, and Jiaguang Sun. 2017. Assertion Recommendation for Formal Program Verification. In Computer Software and Applications Conference. 154--159.Google ScholarGoogle Scholar
  17. Hehua Zhang, Yu Jiang, William NN Hung, Xiaoyu Song, Ming Gu, and Jiaguang Sun. 2014. Symbolic analysis of programmable logic controllers. IEEE Trans. Comput. 63, 10 (2014), 2563--2575. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Rui Zhang, Natalie Stanley, Christopher Griggs, Andrew Chi, and Cynthia Sturton. 2017. Identifying Security Critical Properties for the Dynamic Verification of a Processor. In Proceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, 541--554. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Weak-assert: a weakness-oriented assertion recommendation toolkit for program analysis

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Conferences
        ICSE '18: Proceedings of the 40th International Conference on Software Engineering: Companion Proceeedings
        May 2018
        231 pages
        ISBN:9781450356633
        DOI:10.1145/3183440
        • Conference Chair:
        • Michel Chaudron,
        • General Chair:
        • Ivica Crnkovic,
        • Program Chairs:
        • Marsha Chechik,
        • Mark Harman

        Copyright © 2018 Owner/Author

        Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 27 May 2018

        Check for updates

        Qualifiers

        • demonstration

        Acceptance Rates

        Overall Acceptance Rate276of1,856submissions,15%

        Upcoming Conference

        ICSE 2024

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader