title: "Automatic Inference and Enforcement of Data Structure Consistency Specifications"
authors: Brian Demsky, Michael D. Ernst, Philip J. Guo, Stephen McCamant, Jeff H. Perkins, Martin Rinard
venue: International Symposium on Software Testing and Analysis (ISSTA)
year: 2006

tweet: Automatically finding invariants and repairing data structures can prevent buggy code from crashing

abstract: >
  Corrupt data structures are an
  important cause of unacceptable program execution. Data structure
  repair (which eliminates inconsistencies by updating corrupt data
  structures to conform to consistency constraints) promises to enable
  many programs to continue to execute acceptably in the face of
  otherwise fatal data structure corruption errors. A key issue is
  obtaining an accurate and comprehensive data structure consistency
  specification.
  <br/><br/>
  We present a new technique for obtaining data structure consistency
  specifications for data structure repair. Instead of requiring the
  developer to manually generate such specifications, our approach
  automatically generates candidate data structure consistency
  properties using the Daikon invariant detection tool. The developer
  then reviews these properties, potentially rejecting or generalizing
  overly specific properties to obtain a specification suitable for
  automatic enforcement via data structure repair.
  <br/><br/>
  We have implemented this approach and applied it to three sizable
  benchmark programs: CTAS (an air-traffic control system), BIND (a
  widely-used Internet name server) and Freeciv (an interactive game).
  Our results indicate that (1) automatic constraint generation produces
  constraints that enable programs to execute successfully through data
  structure consistency errors, (2) compared to manual specification,
  automatic generation can produce more comprehensive sets of
  constraints that cover a larger range of data structure consistency
  properties, and (3) reviewing the properties is relatively
  straightforward and requires substantially less programmer effort than
  manual generation, primarily because it reduces the need to examine
  the program text to understand its operation and extract the relevant
  consistency constraints.  Moreover, when evaluated by a hostile third
  party "Red Team" contracted to evaluate the effectiveness of the
  technique, our data structure inference and enforcement tools
  successfully prevented several otherwise fatal attacks.

bibtex: >
  @inproceedings{DemskyInferISSTA2006,
   author = {Demsky, Brian and Ernst, Michael D. and Guo, Philip J. and McCamant, Stephen and Perkins, Jeff H. and Rinard, Martin},
   title = {Inference and Enforcement of Data Structure Consistency Specifications},
   booktitle = {Proceedings of the 2006 International Symposium on Software Testing and Analysis},
   series = {ISSTA '06},
   year = {2006},
   isbn = {1-59593-263-1},
   location = {Portland, Maine, USA},
   pages = {233--244},
   numpages = {12},
   url = {http://doi.acm.org/10.1145/1146238.1146266},
   doi = {10.1145/1146238.1146266},
   acmid = {1146266},
   publisher = {ACM},
   address = {New York, NY, USA},
   keywords = {data structure repair, dynamic invariant detection},
  }