title: "Automatic Inference and Enforcement of Data Structure Consistency Specifications"
authors: Brian Demsky, Michael D. Ernst, Philip J. Guo, Stephen McCamant, Jeff H. Perkins, Martin Rinard
venue: International Symposium on Software Testing and Analysis (ISSTA)
year: 2006
tweet: Automatically finding invariants and repairing data structures can prevent buggy code from crashing
abstract: >
Corrupt data structures are an
important cause of unacceptable program execution. Data structure
repair (which eliminates inconsistencies by updating corrupt data
structures to conform to consistency constraints) promises to enable
many programs to continue to execute acceptably in the face of
otherwise fatal data structure corruption errors. A key issue is
obtaining an accurate and comprehensive data structure consistency
specification.
We present a new technique for obtaining data structure consistency
specifications for data structure repair. Instead of requiring the
developer to manually generate such specifications, our approach
automatically generates candidate data structure consistency
properties using the Daikon invariant detection tool. The developer
then reviews these properties, potentially rejecting or generalizing
overly specific properties to obtain a specification suitable for
automatic enforcement via data structure repair.
We have implemented this approach and applied it to three sizable
benchmark programs: CTAS (an air-traffic control system), BIND (a
widely-used Internet name server) and Freeciv (an interactive game).
Our results indicate that (1) automatic constraint generation produces
constraints that enable programs to execute successfully through data
structure consistency errors, (2) compared to manual specification,
automatic generation can produce more comprehensive sets of
constraints that cover a larger range of data structure consistency
properties, and (3) reviewing the properties is relatively
straightforward and requires substantially less programmer effort than
manual generation, primarily because it reduces the need to examine
the program text to understand its operation and extract the relevant
consistency constraints. Moreover, when evaluated by a hostile third
party "Red Team" contracted to evaluate the effectiveness of the
technique, our data structure inference and enforcement tools
successfully prevented several otherwise fatal attacks.
bibtex: >
@inproceedings{DemskyInferISSTA2006,
author = {Demsky, Brian and Ernst, Michael D. and Guo, Philip J. and McCamant, Stephen and Perkins, Jeff H. and Rinard, Martin},
title = {Inference and Enforcement of Data Structure Consistency Specifications},
booktitle = {Proceedings of the 2006 International Symposium on Software Testing and Analysis},
series = {ISSTA '06},
year = {2006},
isbn = {1-59593-263-1},
location = {Portland, Maine, USA},
pages = {233--244},
numpages = {12},
url = {http://doi.acm.org/10.1145/1146238.1146266},
doi = {10.1145/1146238.1146266},
acmid = {1146266},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {data structure repair, dynamic invariant detection},
}