In object-oriented languages, constructors often have a combination of required and optional formal parameters. It is tedious and inconvenient for programmers to write a constructor by hand for each combination. The multitude of constructors is error-prone for clients, and client code is difficult to read due to the large number of constructor parameters. Therefore, programmers often use design patters that enable more flexible object construction - the builder pattern, dependency injection, or factory methods.
However, these design patterns can be \emph{too} flexible: not all combinations of logical parameters lead to the construction of well-formed objects. When a client uses the builder pattern to construct an object, the compiler does not check that a valid set of values was provided. Incorrect use of builders can cause security vulnerabilities, run-time crashes, and other problems.
This work shows how to statically verify uses of object construction, such as the builder pattern. Using a simple specification language, programmers specify which combinations of logical arguments are permitted. Our compile-time analysis detects client code that may construct objects unsafely. Our analysis is based on a special case of typestate checking that modularly reasons about accumulations of method calls. It scales to industrial programs. We evaluated it on over 9 million lines of code, discovering defects which include previously-unknown security vulnerabilities and potential null-pointer violations in heavily-used open-source codebases. It has a low false positive rate and low annotation burden.
Sat 11 JulDisplayed time zone: (UTC) Coordinated Universal Time change
16:05 - 17:05 | A29-Code Analysis and VerificationTechnical Papers / New Ideas and Emerging Results at Goguryeo Chair(s): Elena Sherman Boise State University | ||
16:05 12mTalk | Heaps'n Leaks: How Heap Snapshots Improve Android Taint AnalysisTechnical Technical Papers Manuel Benz University of Paderborn, Erik Krogh Kristensen GitHub, Linghui Luo Paderborn University, Germany, Nataniel Borges Jr. CISPA Helmholtz Center for Information Security, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Andreas Zeller CISPA Helmholtz Center for Information Security Media Attached File Attached | ||
16:17 12mTalk | Verifying Object ConstructionTechnical Technical Papers Martin Kellogg University of Washington, Seattle, Manli Ran University of California, Riverside, Manu Sridharan University of California Riverside, Martin Schäf Amazon Web Services, USA, Michael D. Ernst University of Washington, USA | ||
16:29 6mTalk | Predictive Constraint Solving and AnalysisNIER New Ideas and Emerging Results Alyas Almaawi The University of Texas at Austin, Nima Dini University of Texas at Austin, Cagdas Yelen The University of Texas at Austin, Milos Gligoric The University of Texas at Austin, Sasa Misailovic University of Illinois at Urbana-Champaign, Sarfraz Khurshid University of Texas at Austin, USA | ||
16:35 12mTalk | When APIs are Intentionally Bypassed: An Exploratory Study of API WorkaroundsTechnical Technical Papers Pre-print | ||
16:47 12mTalk | Demystify Official API Usage Directives with Crowdsourced API Misuse Scenarios, Erroneous Code Examples and PatchesTechnical Technical Papers Xiaoxue Ren Zhejiang University, Zhenchang Xing Australia National University, Jiamou Sun Australian National University, Xin Xia Monash University, JianLing Sun Zhejiang University |