Write a Blog >>
ICSE 2020
Mon 5 - Sun 11 October 2020 Yongsan-gu, Seoul, South Korea
Wed 7 Oct 2020 14:00 - 14:20 at TBD6 - Software Verification

In object-oriented languages, constructors often have a combination of required and optional formal parameters. It is tedious and inconvenient for programmers to write a constructor by hand for each combination. The multitude of constructors is error-prone for clients, and client code is difficult to read due to the large number of constructor parameters. Therefore, programmers often use design patters that enable more flexible object construction - the builder pattern, dependency injection, or factory methods.

However, these design patterns can be \emph{too} flexible: not all combinations of logical parameters lead to the construction of well-formed objects. When a client uses the builder pattern to construct an object, the compiler does not check that a valid set of values was provided. Incorrect use of builders can cause security vulnerabilities, run-time crashes, and other problems.

This work shows how to statically verify uses of object construction, such as the builder pattern. Using a simple specification language, programmers specify which combinations of logical arguments are permitted. Our compile-time analysis detects client code that may construct objects unsafely. Our analysis is based on a special case of typestate checking that modularly reasons about accumulations of method calls. It scales to industrial programs. We evaluated it on over 9 million lines of code, discovering defects which include previously-unknown security vulnerabilities and potential null-pointer violations in heavily-used open-source codebases. It has a low false positive rate and low annotation burden.

Wed 7 Oct

14:00 - 15:40: Paper Presentations - Software Verification at TBD6
icse-2020-papers14:00 - 14:20
Martin KelloggUniversity of Washington, Seattle, Manli RanUniversity of California, Riverside, Manu SridharanUniversity of California Riverside, Martin SchäfAmazon Web Services, USA, Michael D. ErnstUniversity of Washington, USA
Demonstrations14:20 - 14:30
Kush JainThe University of Texas at Austin, Karl PalmskogUniversity of Texas at Austin, Ahmet CelikFacebook, Inc., Emilio Jesús Gallego AriasINRIA, Milos GligoricThe University of Texas at Austin
icse-2020-New-Ideas-and-Emerging-Results14:30 - 14:40
Jude AnilTCS Research, Sumanth PrabhuTCS Research, Kumar MadhukarTCS Innovation Labs (TRDDC), R Venkatesh
icse-2020-papers14:40 - 15:00
Alexandra BugariuETH Zurich, Peter MüllerETH Zurich
icse-2020-Software-Engineering-in-Practice15:00 - 15:20
Nathan ChongAmazon, Byron CookAmazon, Konstantinos KallasUniversity of Pennsylvania, Kareem KhazemAmazon, Felipe R. MonteiroAmazon Web Services, Daniel Schwartz-NarbonneAmazon, n.n., Serdar TasiranAmazon, n.n., Michael TautschnigAmazon Web Services, Mark R. TuttleAmazon
Demonstrations15:20 - 15:30
Zhenbang ChenCollege of Computer, National University of Defense Technology, Changsha, PR China, Hengbiao YuNational University of Defense Technology, Xianjin FuNational University of Defense Technology, Ji WangSchool of Computer, National University of Defense Technology, China
icse-2020-New-Ideas-and-Emerging-Results15:30 - 15:40
Alyas AlmaawiThe University of Texas at Austin, Nima DiniUniversity of Texas at Austin, Cagdas YelenThe University of Texas at Austin, Milos GligoricThe University of Texas at Austin, Sasa MisailovicUniversity of Illinois at Urbana-Champaign, Sarfraz KhurshidUniversity of Texas at Austin