Abstract
In this article we present a general method for achieving global static analyzers that are precise, sound, yet also scalable. Our method generalizes the sparse analysis techniques on top of the abstract interpretation framework to support relational as well as non-relational semantics properties for C-like languages. We first use the abstract interpretation framework to have a global static analyzer whose scalability is unattended. Upon this underlying sound static analyzer, we add our generalized sparse analysis techniques to improve its scalability while preserving the precision of the underlying analysis. Our framework determines what to prove to guarantee that the resulting sparse version should preserve the precision of the underlying analyzer.
We formally present our framework; we present that existing sparse analyses are all restricted instances of our framework; we show more semantically elaborate design examples of sparse non-relational and relational static analyses; we present their implemen- tation results that scale to analyze up to one million lines of C programs. We also show a set of implementation techniques that turn out to be critical to economically support the sparse analysis process.
- X. Allamigeon, W. Godard, and C. Hymans. Static analysis of string manipulations in critical embedded C programs. In SAS, 2006. Google Scholar
Digital Library
- G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 binary executables. In CC, 2004.Google Scholar
Cross Ref
- M. Berndl, O. Lhotak, F. Qian, L. Hendren, and N. Umanee. Points-to analysis using bdds. In PLDI, 2003. Google Scholar
Digital Library
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safety-critical software. In PLDI, 2003. Google Scholar
Digital Library
- R. E. Bryant. Graph-based algorithms for boolean function manipulation. IEEETC, 1986. Google Scholar
Digital Library
- D. R. Chase, M. Wegman, and F. K. Zadeck. Analysis of pointers and structures. In PLDI, 1990. Google Scholar
Digital Library
- J.-D. Choi, R. Cytron, and J. Ferrante. Automatic construction of sparse data flow evaluation graphs. In POPL, 1991. Google Scholar
Digital Library
- F. C. Chow, S. Chan, S.-M. Liu, R. Lo, and M. Streich. Effective representation of aliases and indirect memory operations in ssa form. In CC, 1996. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In POPL, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. In POPL, 1979. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation frameworks. J. Log. Comput., 1992.Google Scholar
- P. Cousot and N. Halbwachs. Automatic discovery of linear restraints among variables of a program. In POPL, 1978. Google Scholar
Digital Library
- P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, and X. Rival. Why does astrée scale up? Formal Methods in System Design, 2009. Google Scholar
Digital Library
- R. K. Cytron and J. Ferrante. Efficiently computing-nodes on-the fly. TOPLAS, 1995. Google Scholar
Digital Library
- D. M. Dhamdhere, B. K. Rosen, and F. K. Zadeck. How to analyze large programs efficiently and informatively. In PLDI, 1992. Google Scholar
Digital Library
- I. Dillig, T. Dillig, and A. Aiken. Sound, complete and scalable pathsensitive analysis. In PLDI, 2008. Google Scholar
Digital Library
- I. Dillig, T. Dillig, and A. Aiken. Precise reasoning for programs using containers. In POPL, 2011. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. The ant and the grasshopper: fast and accurate pointer analysis for millions of lines of code. In PLDI, 2007. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. Semi-sparse flow-sensitive pointer analysis. In POPL, 2009. Google Scholar
Digital Library
- B. Hardekopf and C. Lin. Flow-sensitive pointer analysis for millions of lines of code. In CGO, 2011. Google Scholar
Digital Library
- M. Hind and A. Pioli. Assessing the effects of flow-sensitivity on pointer alias analyses. In SAS, 1998. Google Scholar
Digital Library
- B. Jeannet and A. Miné. Apron: A library of numerical abstract domains for static analysis. In CAV, 2009. Google Scholar
Digital Library
- Y. Jhee, M. Jin, Y. Jung, D. Kim, S. Kong, H. Lee, H. Oh, D. Park, and K. Yi. Abstract interpretation + impure catalysts: Our Sparrow experience. Presentation at the Workshop of the 30 Years of Abstract Interpretation, San Francisco, ropas.snu.ac.kr/\char'\ kwang/paper/30yai-08.pdf, January 2008.Google Scholar
- R. Johnson and K. Pingali. Dependence-based program analysis. In PLDI, 1993. Google Scholar
Digital Library
- Y. Jung and K. Yi. Practical memory leak detector based o parameterized procedural summaries. In ISMM, 2008. Google Scholar
Digital Library
- Y. Jung, J. Kim, J. Shin, and K. Yi. Taming false alarms from a domain-unaware C analyzer by a bayesian statistical post analysis. In SAS, 2005. Google Scholar
Digital Library
- C. Lattner, A. Lenharth, and V. Adve. Making Context-Sensitive Points-to Analysis with Heap Cloning Practical For The Real World. In PLDI, 2007. Google Scholar
Digital Library
- W. Lee, W. Lee, and K. Yi. Sound non-statistical clustering of static analysis alarms. In VMCAI, 2012. Google Scholar
Digital Library
- L. Li, C. Cifuentes, and N. Keynes. Boosting the performance of flowsensitive points-to analysis using value flow. In FSE, 2011. Google Scholar
Digital Library
- J. Lind-Nielson. BuDDy, a binary decision diagram package.Google Scholar
- MathWorks. Polyspace embedded software verification. http:// www.mathworks.com/products/polyspace/index.html.Google Scholar
- M. Might and O. Shivers. Improving flow analyses via ÀCFA: Abstract garbage collection and counting. In ICFP, 2006. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Precise and efficient call graph construction for c programs with function pointers. Journal of Automated Software Engineering, 2004. Google Scholar
Digital Library
- A. Miné. The Octagon Abstract Domain. HOSC, 2006. Google Scholar
Digital Library
- H. Oh. Large spurious cycle in global static analyses and its algorithmic mitigation. In APLAS, 2009. Google Scholar
Digital Library
- H. Oh and K. Yi. An algorithmic mitigation of large spurious interprocedural cycles in static analysis. SPE, 2010. Google Scholar
Digital Library
- H. Oh and K. Yi. Access-based localization with bypassing. In APLAS, 2011. Google Scholar
Digital Library
- H. Oh, L. Brutschy, and K. Yi. Access analysis-based tight localization of abstract memories. In VMCAI, 2011. Google Scholar
Digital Library
- G. Ramalingam. On sparse evaluation representations. Theoretical Computer Science, 2002. Google Scholar
Digital Library
- J. H. Reif and H. R. Lewis. Symbolic evaluation and the global value graph. In POPL, 1977. Google Scholar
Digital Library
- N. Rinetzky, J. Bauer, T. Reps, M. Sagiv, and R. Wilhelm. A semantics for procedure local heaps and its abstractions. In POPL, 2005. Google Scholar
Digital Library
- T. B. Tok, S. Z. Guyer, and C. Lin. Efficient flow-sensitive interprocedural data-flow analysis in the presence of pointers. In CC, 2006. Google Scholar
Digital Library
- A. Venet and G. Brat. Precise and efficient static array bound checking for large embedded c programs. In PLDI, 2004. Google Scholar
Digital Library
- M. N. Wegman and F. K. Zadeck. Constant propagation with conditional branches. TOPLAS, 1991. Google Scholar
Digital Library
- H. Yang, O. Lee, J. Berdine, C. Calcagno, B. Cook, D. Distefano, and P. O'Hearn. Scalable shape analysis for systems code. In CAV, 2008. Google Scholar
Digital Library
- H. Yu, J. Xue,W. Huo, X. Feng, and Z. Zhang. Level by level: making flow- and context-sensitive pointer analysis scalable for millions of lines of code. In CGO, 2010. Google Scholar
Digital Library
- M. Zitser, D. E. S. Group, and T. Leek. Testing static analysis tools using exploitable buffer overflows from open source code. In FSE, 2004. Google Scholar
Digital Library
Index Terms
Design and implementation of sparse global analyses for C-like languages
Recommendations
Design and implementation of sparse global analyses for C-like languages
PLDI '12: Proceedings of the 33rd ACM SIGPLAN Conference on Programming Language Design and ImplementationIn this article we present a general method for achieving global static analyzers that are precise, sound, yet also scalable. Our method generalizes the sparse analysis techniques on top of the abstract interpretation framework to support relational as ...
Global Sparse Analysis Framework
In this article, we present a general method for achieving global static analyzers that are precise and sound, yet also scalable. Our method, on top of the abstract interpretation framework, is a general sparse analysis technique that supports ...
Selective X-Sensitive Analysis Guided by Impact Pre-Analysis
We present a method for selectively applying context-sensitivity during interprocedural program analysis. Our method applies context-sensitivity only when and where doing so is likely to improve the precision that matters for resolving given queries. ...







Comments