Underspecified harnesses and interleaved bugs
Static assertion checking of open programs requires setting up a precise harness to capture
the environment assumptions. For instance, a library may require a file handle to be properly
initialized before it is passed into it. A harness is used to set up or specify the appropriate
preconditions before invoking methods from the program. In the absence of a precise
harness, even the most precise automated static checkers are bound to report numerous
false alarms. This often limits the adoption of static assertion checking in the hands of a user …
the environment assumptions. For instance, a library may require a file handle to be properly
initialized before it is passed into it. A harness is used to set up or specify the appropriate
preconditions before invoking methods from the program. In the absence of a precise
harness, even the most precise automated static checkers are bound to report numerous
false alarms. This often limits the adoption of static assertion checking in the hands of a user …
Static assertion checking of open programs requires setting up a precise harness to capture the environment assumptions. For instance, a library may require a file handle to be properly initialized before it is passed into it. A harness is used to set up or specify the appropriate preconditions before invoking methods from the program. In the absence of a precise harness, even the most precise automated static checkers are bound to report numerous false alarms. This often limits the adoption of static assertion checking in the hands of a user.
In this work, we explore the possibility of automatically filtering away (or prioritizing) warnings that result from imprecision in the harness. We limit our attention to the scenario when one is interested in finding bugs due to concurrency. We define a warning to be an interleaved bug when it manifests on an input for which no sequential interleaving produces a warning. As we argue in the paper, limiting a static analysis to only consider interleaved bugs greatly reduces false positives during static concurrency analysis in the presence of an imprecise harness.
We formalize interleaved bugs as a differential analysis between the original program and its sequential version and provide various techniques for finding them. Our implementation CBugs demonstrates that the scheme of finding interleaved bugs can alleviate the need to construct precise harnesses while checking real-life concurrent programs.
ACM Digital Library