Verifying correct usage of context-free API protocols

Several real-world libraries (e.g., reentrant locks, GUI frameworks, serialization libraries) require their clients to use the provided API in a manner that conforms context-free specification. Motivated by this observation, paper describes new technique for verifying correct usage of protocols. The key idea underlying our is over-approximate program’s feasible call sequences using grammar (CFG) and then check language inclusion between However, since may fail due imprecision CFG abstraction, we propose novel refinement progressively improve CFG. In particular, method obtains counterexamples from queries uses them introduce non-terminals productions while still over-approximating relevant behavior. We have implemented proposed algorithm tool called CFPChecker evaluate it on 10 popular Java applications at least one with Our evaluation shows able verify correctly produces those do not. also compare against three baselines demonstrate enables verification safety properties are beyond reach existing tools.