Automated inference of library specifications for source-sink property verification. (English) Zbl 1426.68068

Shan, Chung-chieh (ed.), Programming languages and systems. 11th Asian symposium, APLAS 2013, Melbourne, VIC, Australia, December 9–11, 2013. Proceedings. Berlin: Springer. Lect. Notes Comput. Sci. 8301, 290-306 (2013).
Summary: Many safety properties in program analysis, such as many memory safety and information flow problems, can be formulated as source-sink problems. While there are many existing techniques for checking source-sink properties, the soundness of these techniques relies on all relevant source code being available for analysis. Unfortunately, many programs make use of libraries whose source code is either not available or not amenable to precise static analysis. This paper addresses this limitation of source-sink verifiers through a technique for inferring exactly those library specifications that are needed for verifying the client program. We have applied the proposed technique for tracking explicit information flow in Android applications, and we show that our method effectively identifies the needed specifications of the Android SDK.
For the entire collection see [Zbl 1298.68034].


68N30 Mathematical aspects of software engineering (specification, verification, metrics, requirements, etc.)
68Q60 Specification and verification (program logics, model checking, etc.)
Full Text: DOI