ITR: Software Design Rules

ITR：软件设计规则

• 批准号: 0326227
• 负责人: Monica Lam
• 金额: $ 130万
• 依托单位: Stanford University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-10-01 至 2007-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0326227&HistoricalAwards=false
• 关键词: ITR; Software; Design; Rules

ABSTRACT0326227Monica LamStanford USoftware reliability is one of the most important problems in computer science. A single operating systemerror can crash a machine. A single security hole can compromise the integrity of an entire system or, assoftware and its errors is replicated, the integrity of entire networks. This proposal focuses on practicaltechniques to prevent such software errors. Its approach is based on the insight that software is governedby many design rules, from general ones that programs should not overrun their buffers, to application specific rules such as a begin-transaction must be invoked before a commit-transaction in a database,and low-level rules, such as the input strings to strncpy should not overlap. Unlike specifications such asloop invariants, pre-conditions and post-conditions that pertain to particular lines of code, design rules aremore powerful, succinct, and are applicable to large amounts of code in the program. While design rules arepervasive, in practice they are neither well documented nor automatically enforced, yet programmers needto understand and obey them to write correct programs.Intellectual Merit. The goal of this work is to make design rules first-class objects. They should beexplicitly part of program design, form a core part of the intellectual framework of system implementors, and be effectively supported by techniques that have teeth. This proposal provides a comprehensive approach to reach these goals. It is expected to make the following major contributions:1. General theory of design rules in software development. It will provide a deeper understanding of howsoftware is governed by design rules, what these rules are, and how they can be used in practice. Theintent is to teach this concept to all computer science students.2. Automatic design rule inference. Real systems have thousands of design rules, buried in millions oflines of code. Expecting programmers to reliably specify all rules is unrealistic. Depending on them todo so is dangerous since an omitted rule will not be checked. This research will develop techniques toautomatically extract design rules from code. It uses the fact that the same rule is obeyed many timesin a program, allowing it to be inferred by observing regularities in the program's static and dynamicbehavior. The challenge in the approach is inferring subtle patterns from noisy behavior. This researchwill develop a general theory of design rule extraction.3. Programming tools for design rules. This research will develop practical tools that automatically extractdesign rules, check programs for design-rule violations, and also enforce design rules in programs.While the work will support general-purpose software, it will also pay particular attention to tools fordetecting both security and non-deterministic errors (such as race conditions).4. Fundamental static program analysis. Design-rule conformance testing requires sophisticated programanalysis. This research is expected to advance the state of the art in program analyses of contextsensitivepointer aliases and object invariants.5. Software model checking of design rules. Some rules require deeper analysis than static analysis canprovide. This research will support such rules by developing a software model checker that checksactual implementation code (rather than an abstracted specification of it) against programmer-suppliedinvariants or other implementations.6. Testing based on design rules. This research intends to improve testing by leveraging expressed andextracted design rules to guide test coverage, test selection and test generation.

Monica LamStanford USoftware可靠性是计算机科学中最重要的问题之一。一个单一的操作系统错误就可能使一台机器崩溃。一个单一的安全漏洞可能会危及整个系统的完整性，或者，随着软件及其错误的复制，整个网络的完整性。这项建议侧重于防止此类软件错误的实用技术。它的方法基于这样一种见解，即软件受许多设计规则的控制，从程序不应溢出缓冲区的一般规则，到应用程序特定的规则，如Begin-Transaction必须在数据库中的提交事务之前调用，以及低级规则，如strncpy的输入字符串不应重叠。与与特定代码行有关的循环不变量、前置条件和后置条件等规范不同，设计规则更强大、更简洁，并且适用于程序中的大量代码。虽然设计规则无处不在，但在实践中，它们既没有得到很好的文档记录，也没有自动执行，然而程序员需要理解和遵守它们才能编写正确的程序。这项工作的目标是使设计规则成为一流的对象。它们应该明确地成为程序设计的一部分，形成系统实施者智能框架的核心部分，并得到有牙齿的技术的有效支持。这项提议为实现这些目标提供了一种全面的方法。本文的主要贡献如下：1.软件开发中设计规则的一般理论。它将提供对软件如何由设计规则管理的更深入的理解，这些规则是什么，以及它们如何在实践中使用。其目的是将这一概念传授给所有计算机科学专业的学生。自动设计规则推理。真正的系统有数以千计的设计规则，隐藏在数百万行代码中。指望程序员可靠地指定所有规则是不现实的。依赖它们这样做是危险的，因为省略的规则将不会被检查。这项研究将开发从代码中自动提取设计规则的技术。它利用同一规则在程序中被多次遵守的事实，允许通过观察程序的静态和动态行为中的规则来推断它。这种方法的挑战是从嘈杂的行为中推断出微妙的模式。本研究将为设计规则提取提供一般的理论基础。设计规则的编程工具。这项研究将开发实用的工具，自动提取设计规则，检查程序是否违反设计规则，并在程序中强制执行设计规则。在支持通用软件的同时，它也将特别关注用于检测安全性和不确定性错误(如竞争条件)的工具。基本的静态程序分析。设计规则一致性测试需要复杂的程序分析。这项研究有望推动上下文敏感指针别名和对象不变量程序分析的发展。设计规则的软件模型检查。有些规则需要比静态分析所能提供的更深入的分析。这项研究将通过开发一个软件模型检查器来支持这种规则，该检查器将根据程序员提供的不变量或其他实现来检查实际实现代码(而不是它的抽象规范)。根据设计规则进行测试。本研究旨在通过利用表达的和抽象的设计规则来指导测试覆盖、测试选择和测试生成来改进测试。