SPIDER: Specification-based Integration Defect Revealer
share
Modern software design practice implies widespread use in the development of ready-made components, usually designed as external libraries. The undoubted advantages of reusing third-party code can be offset by integration errors that appear in the developed software. The reason for the appearance of such errors is mainly due to misunderstanding or incomplete understanding by the programmer of the details of external libraries such as an internal structure and the subtleties of functioning. The documentation provided with the libraries is often very sparse and describes only the main intended scenarios for the interaction of the program and the library. In this paper, we propose the approach based on the use of formal library specifications, which allows detecting integration errors using static analysis methods. To do this, the external library is described using the LibSL specification language, the resulting description is translated into the internal data structures of the KEX analyzer. The execution of the incorrect scenarios of library usage, such as the incorrect sequence of method calls or the violation of the API function contract, is marked in the program model with special built-in functions of the KEX analyzer. Later, when analyzing the program, KEX becomes able to detect integration errors, since incorrect library usage scenarios are diagnosed as calling marked functions. The proposed approach is implemented as SPIDER (SPecification-based Integration Defect Revealer), which is an extension of the Kex analyzer and has proven its efficiency by detecting integration errors of different classes on several special-made projects, as well as on several projects taken from open repositories.
READ FULL TEXT