Loading…
Verifying Correct Usage of Context-Free API Protocols (Extended Version)
Several real-world libraries (e.g., reentrant locks, GUI frameworks, serialization libraries) require their clients to use the provided API in a manner that conforms to a context-free specification. Motivated by this observation, this paper describes a new technique for verifying the correct usage o...
Saved in:
| Published in: | arXiv.org 2020-10 |
|---|---|
| Main Authors: | , , |
| Format: | Article |
| Language: | English |
| Subjects: | |
| Online Access: | Get full text |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| cited_by | |
|---|---|
| cites | |
| container_end_page | |
| container_issue | |
| container_start_page | |
| container_title | arXiv.org |
| container_volume | |
| creator | Ferles, Kostas Stephens, Jon Dillig, Isil |
| description | Several real-world libraries (e.g., reentrant locks, GUI frameworks, serialization libraries) require their clients to use the provided API in a manner that conforms to a context-free specification. Motivated by this observation, this paper describes a new technique for verifying the correct usage of context-free API protocols. The key idea underlying our technique is to over-approximate the program's feasible API call sequences using a context-free grammar (CFG) and then check language inclusion between this grammar and the specification. However, since this inclusion check may fail due to imprecision in the program's CFG abstraction, we propose a novel refinement technique to progressively improve the CFG. In particular, our method obtains counterexamples from CFG inclusion queries and uses them to introduce new non-terminals and productions to the grammar while still over-approximating the program's relevant behavior. We have implemented the proposed algorithm in a tool called CFPChecker and evaluate it on 10 popular Java applications that use at least one API with a context-free specification. Our evaluation shows that CFPChecker is able to verify correct usage of the API in clients that use it correctly and produces counterexamples for those that do not. We also compare our method against three relevant baselines and demonstrate that CFPChecker enables verification of safety properties that are beyond the reach of existing tools. |
| format | article |
| fullrecord | <record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2452251375</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2452251375</sourcerecordid><originalsourceid>FETCH-proquest_journals_24522513753</originalsourceid><addsrcrecordid>eNqNi8EKgkAURYcgSMp_GGhTC8HeONk2RLGdi2orok9RZF7NG8H-Phd9QKsL55y7Eh4odQouEcBG-MxDGIZwjkFr5Yn8ibZvP73pZELWYu3kg6sOJbULMA5nF2QWUV6LmywsOappZHlIZ4emwUYuf-7JHHdi3VYjo__brdhn6T3Jg5el94TsyoEmaxZVQqQB9EnFWv1XfQHNujr_</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2452251375</pqid></control><display><type>article</type><title>Verifying Correct Usage of Context-Free API Protocols (Extended Version)</title><source>Publicly Available Content Database (Proquest) (PQ_SDU_P3)</source><creator>Ferles, Kostas ; Stephens, Jon ; Dillig, Isil</creator><creatorcontrib>Ferles, Kostas ; Stephens, Jon ; Dillig, Isil</creatorcontrib><description>Several real-world libraries (e.g., reentrant locks, GUI frameworks, serialization libraries) require their clients to use the provided API in a manner that conforms to a context-free specification. Motivated by this observation, this paper describes a new technique for verifying the correct usage of context-free API protocols. The key idea underlying our technique is to over-approximate the program's feasible API call sequences using a context-free grammar (CFG) and then check language inclusion between this grammar and the specification. However, since this inclusion check may fail due to imprecision in the program's CFG abstraction, we propose a novel refinement technique to progressively improve the CFG. In particular, our method obtains counterexamples from CFG inclusion queries and uses them to introduce new non-terminals and productions to the grammar while still over-approximating the program's relevant behavior. We have implemented the proposed algorithm in a tool called CFPChecker and evaluate it on 10 popular Java applications that use at least one API with a context-free specification. Our evaluation shows that CFPChecker is able to verify correct usage of the API in clients that use it correctly and produces counterexamples for those that do not. We also compare our method against three relevant baselines and demonstrate that CFPChecker enables verification of safety properties that are beyond the reach of existing tools.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Algorithms ; Application programming interface ; Clients ; Context ; Grammar ; Graphical user interface ; Libraries ; Specifications</subject><ispartof>arXiv.org, 2020-10</ispartof><rights>2020. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2452251375?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25752,37011,44589</link.rule.ids></links><search><creatorcontrib>Ferles, Kostas</creatorcontrib><creatorcontrib>Stephens, Jon</creatorcontrib><creatorcontrib>Dillig, Isil</creatorcontrib><title>Verifying Correct Usage of Context-Free API Protocols (Extended Version)</title><title>arXiv.org</title><description>Several real-world libraries (e.g., reentrant locks, GUI frameworks, serialization libraries) require their clients to use the provided API in a manner that conforms to a context-free specification. Motivated by this observation, this paper describes a new technique for verifying the correct usage of context-free API protocols. The key idea underlying our technique is to over-approximate the program's feasible API call sequences using a context-free grammar (CFG) and then check language inclusion between this grammar and the specification. However, since this inclusion check may fail due to imprecision in the program's CFG abstraction, we propose a novel refinement technique to progressively improve the CFG. In particular, our method obtains counterexamples from CFG inclusion queries and uses them to introduce new non-terminals and productions to the grammar while still over-approximating the program's relevant behavior. We have implemented the proposed algorithm in a tool called CFPChecker and evaluate it on 10 popular Java applications that use at least one API with a context-free specification. Our evaluation shows that CFPChecker is able to verify correct usage of the API in clients that use it correctly and produces counterexamples for those that do not. We also compare our method against three relevant baselines and demonstrate that CFPChecker enables verification of safety properties that are beyond the reach of existing tools.</description><subject>Algorithms</subject><subject>Application programming interface</subject><subject>Clients</subject><subject>Context</subject><subject>Grammar</subject><subject>Graphical user interface</subject><subject>Libraries</subject><subject>Specifications</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2020</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNi8EKgkAURYcgSMp_GGhTC8HeONk2RLGdi2orok9RZF7NG8H-Phd9QKsL55y7Eh4odQouEcBG-MxDGIZwjkFr5Yn8ibZvP73pZELWYu3kg6sOJbULMA5nF2QWUV6LmywsOappZHlIZ4emwUYuf-7JHHdi3VYjo__brdhn6T3Jg5el94TsyoEmaxZVQqQB9EnFWv1XfQHNujr_</recordid><startdate>20201019</startdate><enddate>20201019</enddate><creator>Ferles, Kostas</creator><creator>Stephens, Jon</creator><creator>Dillig, Isil</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20201019</creationdate><title>Verifying Correct Usage of Context-Free API Protocols (Extended Version)</title><author>Ferles, Kostas ; Stephens, Jon ; Dillig, Isil</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_24522513753</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2020</creationdate><topic>Algorithms</topic><topic>Application programming interface</topic><topic>Clients</topic><topic>Context</topic><topic>Grammar</topic><topic>Graphical user interface</topic><topic>Libraries</topic><topic>Specifications</topic><toplevel>online_resources</toplevel><creatorcontrib>Ferles, Kostas</creatorcontrib><creatorcontrib>Stephens, Jon</creatorcontrib><creatorcontrib>Dillig, Isil</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection (Proquest) (PQ_SDU_P3)</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content Database (Proquest) (PQ_SDU_P3)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ferles, Kostas</au><au>Stephens, Jon</au><au>Dillig, Isil</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Verifying Correct Usage of Context-Free API Protocols (Extended Version)</atitle><jtitle>arXiv.org</jtitle><date>2020-10-19</date><risdate>2020</risdate><eissn>2331-8422</eissn><abstract>Several real-world libraries (e.g., reentrant locks, GUI frameworks, serialization libraries) require their clients to use the provided API in a manner that conforms to a context-free specification. Motivated by this observation, this paper describes a new technique for verifying the correct usage of context-free API protocols. The key idea underlying our technique is to over-approximate the program's feasible API call sequences using a context-free grammar (CFG) and then check language inclusion between this grammar and the specification. However, since this inclusion check may fail due to imprecision in the program's CFG abstraction, we propose a novel refinement technique to progressively improve the CFG. In particular, our method obtains counterexamples from CFG inclusion queries and uses them to introduce new non-terminals and productions to the grammar while still over-approximating the program's relevant behavior. We have implemented the proposed algorithm in a tool called CFPChecker and evaluate it on 10 popular Java applications that use at least one API with a context-free specification. Our evaluation shows that CFPChecker is able to verify correct usage of the API in clients that use it correctly and produces counterexamples for those that do not. We also compare our method against three relevant baselines and demonstrate that CFPChecker enables verification of safety properties that are beyond the reach of existing tools.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext |
| identifier | EISSN: 2331-8422 |
| ispartof | arXiv.org, 2020-10 |
| issn | 2331-8422 |
| language | eng |
| recordid | cdi_proquest_journals_2452251375 |
| source | Publicly Available Content Database (Proquest) (PQ_SDU_P3) |
| subjects | Algorithms Application programming interface Clients Context Grammar Graphical user interface Libraries Specifications |
| title | Verifying Correct Usage of Context-Free API Protocols (Extended Version) |
| url | http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T12%3A56%3A55IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Verifying%20Correct%20Usage%20of%20Context-Free%20API%20Protocols%20(Extended%20Version)&rft.jtitle=arXiv.org&rft.au=Ferles,%20Kostas&rft.date=2020-10-19&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2452251375%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_24522513753%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2452251375&rft_id=info:pmid/&rfr_iscdi=true |