skip to main content
research-article

Design and implementation of sparse global analyses for C-like languages

Authors Info & Claims
Published:11 June 2012Publication History
Skip Abstract Section

Abstract

In this article we present a general method for achieving global static analyzers that are precise, sound, yet also scalable. Our method generalizes the sparse analysis techniques on top of the abstract interpretation framework to support relational as well as non-relational semantics properties for C-like languages. We first use the abstract interpretation framework to have a global static analyzer whose scalability is unattended. Upon this underlying sound static analyzer, we add our generalized sparse analysis techniques to improve its scalability while preserving the precision of the underlying analysis. Our framework determines what to prove to guarantee that the resulting sparse version should preserve the precision of the underlying analyzer.

We formally present our framework; we present that existing sparse analyses are all restricted instances of our framework; we show more semantically elaborate design examples of sparse non-relational and relational static analyses; we present their implemen- tation results that scale to analyze up to one million lines of C programs. We also show a set of implementation techniques that turn out to be critical to economically support the sparse analysis process.

References

  1. X. Allamigeon, W. Godard, and C. Hymans. Static analysis of string manipulations in critical embedded C programs. In SAS, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 binary executables. In CC, 2004.Google ScholarGoogle ScholarCross RefCross Ref
  3. M. Berndl, O. Lhotak, F. Qian, L. Hendren, and N. Umanee. Points-to analysis using bdds. In PLDI, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In PLDI, 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. R. E. Bryant. Graph-based algorithms for boolean function manipulation. IEEETC, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. D. R. Chase, M. Wegman, and F. K. Zadeck. Analysis of pointers and structures. In PLDI, 1990. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J.-D. Choi, R. Cytron, and J. Ferrante. Automatic construction of sparse data flow evaluation graphs. In POPL, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. F. C. Chow, S. Chan, S.-M. Liu, R. Lo, and M. Streich. Effective representation of aliases and indirect memory operations in ssa form. In CC, 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, 1979. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. P. Cousot and R. Cousot. Abstract interpretation frameworks. J. Log. Comput., 1992.Google ScholarGoogle Scholar
  12. P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, 1978. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, and X. Rival. Why does astrée scale up? Formal Methods in System Design, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. R. K. Cytron and J. Ferrante. Efficiently computing-nodes on-the fly. TOPLAS, 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. D. M. Dhamdhere, B. K. Rosen, and F. K. Zadeck. How to analyze large programs efficiently and informatively. In PLDI, 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. I. Dillig, T. Dillig, and A. Aiken. Sound, complete and scalable pathsensitive analysis. In PLDI, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. I. Dillig, T. Dillig, and A. Aiken. Precise reasoning for programs using containers. In POPL, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. B. Hardekopf and C. Lin. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In PLDI, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. B. Hardekopf and C. Lin. Semi-sparse flow-sensitive pointer analysis. In POPL, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. B. Hardekopf and C. Lin. Flow-sensitive pointer analysis for millions of lines of code. In CGO, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. M. Hind and A. Pioli. Assessing the effects of flow-sensitivity on pointer alias analyses. In SAS, 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. B. Jeannet and A. Miné. Apron: A library of numerical abstract domains for static analysis. In CAV, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Y. Jhee, M. Jin, Y. Jung, D. Kim, S. Kong, H. Lee, H. Oh, D. Park, and K. Yi. Abstract interpretation + impure catalysts: Our Sparrow experience. Presentation at the Workshop of the 30 Years of Abstract Interpretation, San Francisco, ropas.snu.ac.kr/\char'\ kwang/paper/30yai-08.pdf, January 2008.Google ScholarGoogle Scholar
  24. R. Johnson and K. Pingali. Dependence-based program analysis. In PLDI, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Y. Jung and K. Yi. Practical memory leak detector based o parameterized procedural summaries. In ISMM, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Y. Jung, J. Kim, J. Shin, and K. Yi. Taming false alarms from a domain-unaware C analyzer by a bayesian statistical post analysis. In SAS, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. C. Lattner, A. Lenharth, and V. Adve. Making Context-Sensitive Points-to Analysis with Heap Cloning Practical For The Real World. In PLDI, 2007. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. W. Lee, W. Lee, and K. Yi. Sound non-statistical clustering of static analysis alarms. In VMCAI, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. L. Li, C. Cifuentes, and N. Keynes. Boosting the performance of flowsensitive points-to analysis using value flow. In FSE, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. J. Lind-Nielson. BuDDy, a binary decision diagram package.Google ScholarGoogle Scholar
  31. MathWorks. Polyspace embedded software verification. http:// www.mathworks.com/products/polyspace/index.html.Google ScholarGoogle Scholar
  32. M. Might and O. Shivers. Improving flow analyses via ÀCFA: Abstract garbage collection and counting. In ICFP, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. A. Milanova, A. Rountev, and B. G. Ryder. Precise and efficient call graph construction for c programs with function pointers. Journal of Automated Software Engineering, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. A. Miné. The Octagon Abstract Domain. HOSC, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. H. Oh. Large spurious cycle in global static analyses and its algorithmic mitigation. In APLAS, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. H. Oh and K. Yi. An algorithmic mitigation of large spurious interprocedural cycles in static analysis. SPE, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. H. Oh and K. Yi. Access-based localization with bypassing. In APLAS, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. H. Oh, L. Brutschy, and K. Yi. Access analysis-based tight localization of abstract memories. In VMCAI, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. G. Ramalingam. On sparse evaluation representations. Theoretical Computer Science, 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. J. H. Reif and H. R. Lewis. Symbolic evaluation and the global value graph. In POPL, 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. N. Rinetzky, J. Bauer, T. Reps, M. Sagiv, and R. Wilhelm. A semantics for procedure local heaps and its abstractions. In POPL, 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. T. B. Tok, S. Z. Guyer, and C. Lin. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In CC, 2006. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. A. Venet and G. Brat. Precise and efficient static array bound checking for large embedded c programs. In PLDI, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. TOPLAS, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. H. Yang, O. Lee, J. Berdine, C. Calcagno, B. Cook, D. Distefano, and P. O'Hearn. Scalable shape analysis for systems code. In CAV, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. H. Yu, J. Xue,W. Huo, X. Feng, and Z. Zhang. Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. In CGO, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. M. Zitser, D. E. S. Group, and T. Leek. Testing static analysis tools using exploitable buffer overflows from open source code. In FSE, 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Design and implementation of sparse global analyses for C-like languages

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Published in

        cover image ACM SIGPLAN Notices
        ACM SIGPLAN Notices  Volume 47, Issue 6
        PLDI '12
        June 2012
        534 pages
        ISSN:0362-1340
        EISSN:1558-1160
        DOI:10.1145/2345156
        Issue’s Table of Contents
        • cover image ACM Conferences
          PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and Implementation
          June 2012
          572 pages
          ISBN:9781450312059
          DOI:10.1145/2254064

        Copyright © 2012 ACM

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 11 June 2012

        Check for updates

        Qualifiers

        • research-article

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!