ABSTRACT
It is widely believed that program analysis can be more closely targeted to the needs of programmers if the program is accompanied by further redundant documentation. This may include regression test suites, API protocol usage, and code contracts. To this should be added the largest and most redundant text of all: the previous version of the same program. It is the differences between successive versions of a legacy program already in use which occupy most of a programmer's time. Although differential analysis in the form of equivalence checking has been quite successful for hardware designs, it has not received as much attention in the static program analysis community.
This paper briefly summarizes the current state of the art in differential static analysis for software, and suggests a number of promising applications. Although regression test generation has often been thought of as the ultimate goal of differential analysis, we highlight several other applications that can be enabled by differential static analysis. This includes equivalence checking, semantic diffing, differential contract checking, summary validation, invariant discovery and better debugging. We speculate that differential static analysis tools have the potential to be widely deployed on the developer's toolbox despite the fundamental stumbling blocks that limit the adoption of static analysis.
- R. E. Bryant. Graph-based algorithms for Boolean function manipulation. IEEE Transactions on Computers, C-35(8):677--691, August 1986. Google ScholarDigital Library
- Formality. Available at http://www.synopsys.com/Tools/Verification/ FormalEquivalence/Pages/Formality.aspx.Google Scholar
- P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Programming Language Design and Implementation (PLDI '05), pages 213--223. ACM, 2005. Google ScholarDigital Library
- B. Godlin and O. Strichman. Regression verification. In DAC, pages 466--471, 2009. Google ScholarDigital Library
- K. J. Hoffman, P. Eugster, and S. Jagannathan. Semantics-aware trace analysis. In PLDI, 2009. Google ScholarDigital Library
- D. Jackson and D. A. Ladd. Semantic diff: A tool for summarizing the effects of modifications. In ICSM, pages 243--252, 1994. Google ScholarDigital Library
- M. Kawaguchi, S. K. Lahiri, and H. Rebelo. Conditional equivalence. Technical Report MSR-TR-2010-119, Microsoft Research, 2010.Google Scholar
- M. Kim and D. Notkin. Discovering and representing systematic code changes. In ICSE, pages 309--319, 2009. Google ScholarDigital Library
- S. K. Lahiri and S. Qadeer. Back to the future: revisiting precise program verification using SMT solvers. In Principles of Programming Languages (POPL '08), pages 171--182, 2008. Google ScholarDigital Library
- D. Notkin. Longitudinal program analysis. In PASTE, page 1. ACM, 2002. Google ScholarDigital Library
- S. Person, M. B. Dwyer, S. G. Elbaum, and C. S. Pasareanu. Differential symbolic execution. In SIGSOFT FSE, pages 226--237, 2008. Google ScholarDigital Library
- D. Qi, A. Roychoudhury, Z. Liang, and K. Vaswani. Darwin: an approach for debugging evolving programs. In ESEC/SIGSOFT FSE, 2009. Google ScholarDigital Library
- Satisfiability Modulo Theories Library (SMT-LIB). Available at http://goedel.cs.uiowa.edu/smtlib/.Google Scholar
- A. Srivastava and J. Thiagarajan. Effectively prioritizing tests in development environment. In ISSTA, pages 97--106, 2002. Google ScholarDigital Library
- K. Taneja, T. Xie, N. Tillmann, J. de Halleux, and W. Schulte. Guided path exploration for regression test generation. In ICSE Companion, pages 311--314. IEEE, 2009.Google ScholarCross Ref
Index Terms
- Differential static analysis: opportunities, applications, and challenges
Recommendations
Differential assertion checking
ESEC/FSE 2013: Proceedings of the 2013 9th Joint Meeting on Foundations of Software EngineeringPrevious version of a program can be a powerful enabler for program analysis by defining new relative specifications and making the results of current program analysis more relevant. In this paper, we describe the approach of differential assertion ...
Combined Static and Dynamic Analysis
Static analysis is usually faster than dynamic analysis but less precise. Therefore it is often desirable to retain information from static analysis for run-time verification, or to compare the results of both techniques. However, this requires writing ...
A Survey of Parametric Static Analysis
Understanding program behaviors is important to verify program properties or to optimize programs. Static analysis is a widely used technique to approximate program behaviors via abstract interpretation. To evaluate the quality of static analysis, ...
Comments