This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Using Redundancies to Find Errors
October 2003 (vol. 29 no. 10)
pp. 915-928

Abstract—Programmers generally attempt to perform useful work. If they performed an action, it was because they believed it served some purpose. Redundant operations violate this belief. However, in the past, redundant operations have been typically regarded as minor cosmetic problems rather than serious errors. This paper demonstrates that, in fact, many redundancies are as serious as traditional hard errors (such as race conditions or null pointer dereferences). We experimentally test this idea by writing and applying five redundancy checkers to a number of large open source projects, finding many errors. We then show that, even when redundancies are harmless, they strongly correlate with the presence of traditional hard errors. Finally, we show how flagging redundant operations gives a way to detect mistakes and omissions in specifications. For example, a locking specification that binds shared variables to their protecting locks can use redundancies to detect missing bindings by flagging critical sections that include no shared state.

[1] A.V. Aho, R. Sethi, and J.D. Ullman, Compilers: Principles, Techniques, and Tools. Addison-Wesley, 1986.
[2] A. Aiken, M. Fahndrich, and Z. Su, Detecting Races in Relay Ladder Logic Programs Proc. First Int'l Conf. Tools and Algorithms for the Construction and Analysis of Systems, Apr. 1998.
[3] K. Ashcraft and D.R. Engler, Using Programmer-Written Compiler Extensions to Catch Security Holes Proc. IEEE Symp. Security and Privacy, May 2002.
[4] T. Ball and S.K. Rajamani, Automatically Validating Temporal Safety Properties of Interfaces Proc. SPIN 2001 Workshop Model Checking of Software, May 2001.
[5] W.R. Bush, J.D. Pincus, and D.J. Sielaff, A Static Analyzer for Finding Dynamic Programming Errors Software: Practice and Experience, vol. 30, no. 7, pp. 775-802, June 2000.
[6] G. Casella and R.L. Berger, Statistical Inference. Pacific Grove, Calif.: Wadsworth Group, 2002.
[7] F.T. Chan and T.Y. Chen, AIDA A Dynamic Data Flow Anomaly Detection System for Pascal Programs Software: Practice and Experience, vol. 17, no. 3, pp. 227-239, Mar. 1987.
[8] A. Chou, J. Yang, B. Chelf, S. Hallem, and D.R. Engler, An Empirical Study of Operating Systems Errors Proc. 18th ACM Symp. Operating Systems Principles, Oct. 2001.
[9] R. DeLine and M. Fahndrich, Enforcing High-Level Protocols in Low-Level Software Proc. ACM SIGPLAN 2001 Conf. Programming Language Design and Implementation, June 2001.
[10] D.R. Engler and K. Ashcraft, RacerX: Effective, Static Detection of Race Conditions and Deadlocks Proc. 19th ACM Symp. Operating Systems Principles, Oct. 2003.
[11] D.R. Engler, D.Y. Chen, S. Hallem, A. Chou, and B. Chelf, Bugs as Deviant Behavior: A General Approach to Inferring Errors in Systems Code Proc. 18th ACM Symp. Operating Systems Principles, pp. 57-72, Oct. 2001.
[12] D. Evans, J. Guttag, J. Horning, and Y.M. Tan, LCLint: A Tool for Using Specifications to Check Code Proc. Second ACM SIGSOFT Symp. Foundations of Software Eng., pp. 87-96, Dec. 1994.
[13] C. Flanagan, M.R.K. Leino, M. Lillibridge, C. Nelson, J. Saxe, and R. Stata, Extended Static Checking for Java Proc. SIGPLAN '02 Conf. Programming Language Design and Implementation, pp. 234-245, June 2002.
[14] D. Freedman, R. Pisani, and R. Purves, Statistics, third ed. W.W. Norton&Co., Sept. 1997.
[15] S. Hallem, B. Chelf, Y. Xie, and D.R. Engler, A System and Language for Building System-Specific, Static Analyses Proc. ACM SIGPLAN 2002 Conf. Programming Language Design and Implementation, pp. 69-82, June 2002.
[16] J.C. Huang, Detection of Data Flow Anomaly through Program Instrumentation IEEE Trans. Software Eng., vol. 5, no. 3, pp. 226-236, May 1979.
[17] K. Kennedy, Program Flow Analysis: Theory and Applications. S. Muchnick and N. Jones, eds., pp. 5-54, Prentice-Hall, 1981.
[18] J. Knoop, O. Rüthing, and B. Steffen, Lazy Code Motion Proc. SIGPLAN '92 Conf. Programming Language Design and Implementation, pp. 224-234, June 1992.
[19] J. Knoop, O. Rüthing, and B. Steffen, Partial Dead Code Elimination Proc. SIGPLAN '94 Conf. Programming Language Design and Implementation, pp. 147-158, June 1994.
[20] E. Morel and C. Renvoise, Global Optimization by Suppression of Partial Redundancies Comm. ACM, vol. 22, no. 2, pp. 96-103, Feb. 1979.
[21] E. Morel and C. Renvoise, Program Flow Analysis: Theory and Applications. S. Muchnick and N. Jones, eds., pp. 160-188, Prentice-Hall, 1981.
[22] L.J. Osterweil and L.D. Fosdick, DAVE A Validation Error Detection and Documentation System for Fortran Programs Software: Practice and Experience, vol. 6, no. 4, pp. 473-486, Dec. 1976.
[23] S. Savage, M. Burrows, G. Nelson, P. Sobalvarro, and T.E. Anderson, Eraser: A Dynamic Data Race Detector for Multithreaded Programming ACM Trans. Computer Systems, vol. 15, no. 4, pp. 391-411, Nov. 1997.
[24] N. Sterling, WARLOCK A Static Data Race Analysis Tool Proc. USENIX Winter Technical Conf., pp. 97-106, Jan. 1993.
[25] D. Wagner, J. Foster, E. Brewer, and A. Aiken, A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities Proc. 2000 Network and Distributed Systems Security Conf., Feb. 2000.

Index Terms:
Extensible compilation, error detection, program redundancy, software quality.
Citation:
Yichen Xie, Dawson Engler, "Using Redundancies to Find Errors," IEEE Transactions on Software Engineering, vol. 29, no. 10, pp. 915-928, Oct. 2003, doi:10.1109/TSE.2003.1237172
Usage of this product signifies your acceptance of the Terms of Use.