Automatic API Usage Rule Extraction for Software Model Checking

The need to manually specify temporal properties of software systems is a major barrier to wider adoption of software model checking, because the specification of software temporal properties is a difficult, time-consuming, and error-prone process. To solve this problem, we propose to automatically extract temporal specifications from code. Our approach uses a model checker to check a set of API usage rule candidates against known good programs using that API, and identifies valid rules based on model checking results. These valid rules can be used to verify new programs through the same model checking process. We tested our approach by extracting API usage rules from C programs using BLAST. We successfully extracted OpenSSL API usage rules from three OpenSSL applications in product release and used them to verify an OpenSSL application in beta release.