Abstract
The design and implementation of static analyzers has become increasingly systematic. Yet for a given language or analysis feature, it often requires tedious and error prone work to implement an analyzer and prove it sound. In short, static analysis features and their proofs of soundness do not compose well, causing a dearth of reuse in both implementation and metatheory. We solve the problem of systematically constructing static analyzers by introducing Galois transformers: monad transformers that transport Galois connection properties. In concert with a monadic interpreter, we define a library of monad transformers that implement building blocks for classic analysis parameters like context, path, and heap (in)sensitivity. Moreover, these can be composed together independent of the language being analyzed. Significantly, a Galois transformer can be proved sound once and for all, making it a reusable analysis component. As new analysis features and abstractions are developed and mixed in, soundness proofs need not be reconstructed, as the composition of a monad transformer stack is sound by virtue of its constituents. Galois transformers provide a viable foundation for reusable and composable metatheory for program analysis. Finally, these Galois transformers shift the level of abstraction in analysis design and implementation to a level where non-specialists have the ability to synthesize sound analyzers over a number of parameters.
- L. O. Andersen. Program Analysis and Specialization for the C Programming Language. PhD thesis, DIKU, University of Copenhagen, 1994.Google Scholar
- D. R. Chase, M. Wegman, and F. K. Zadeck. Analysis of pointers and structures. PLDI ’90. ACM, 1990. Google Scholar
Digital Library
- P. Cousot. The calculational design of a generic abstract interpreter. In Calculational System Design. NATO ASI Series F. IOS Press, Amsterdam, 1999.Google Scholar
- P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. POPL ’77. ACM, 1977. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Systematic design of program analysis frameworks. POPL ’79. ACM, 1979. Google Scholar
Digital Library
- M. Das, S. Lerner, and M. Seigle. ESP: Path-sensitive program verification in polynomial time. PLDI ’02. ACM, 2002. Google Scholar
Digital Library
- J. Gibbons and R. Hinze. Just do it: Simple monadic equational reasoning. ICFP ’11. ACM, 2011. Google Scholar
Digital Library
- B. Hardekopf, B. Wiedermann, B. Churchill, and V. Kashyap. Widening for Control-Flow. VMCAI ’14. Springer Berlin Heidelberg, 2014.Google Scholar
- M. Hind. Pointer analysis: haven’t we solved this problem yet? PASTE ’01. ACM, 2001. Google Scholar
Digital Library
- N. D. Jones. Flow analysis of lambda expressions (preliminary version). ICALP ’81. Springer-Verlag, 1981. Google Scholar
Digital Library
- G. Kastrinis and Y. Smaragdakis. Hybrid context-sensitivity for points-to analysis. PLDI ’13. ACM, 2013. Google Scholar
Digital Library
- S. Liang, P. Hudak, and M. Jones. Monad transformers and modular interpreters. POPL ’95. ACM, 1995. Google Scholar
Digital Library
- J. Midtgaard. Control-flow analysis of functional programs. ACM Comput. Surv., 2012. Google Scholar
Digital Library
- M. Might and O. Shivers. Improving flow analyses via ΓCFA: Abstract garbage collection and counting. ICFP ’06, 2006. Google Scholar
Digital Library
- A. Milanova, A. Rountev, and B. G. Ryder. Parameterized object sensitivity for points-to analysis for Java. ACM Trans. Softw. Eng. Methodol., 2005. Google Scholar
Digital Library
- E. Moggi. An abstract view of programming languages. Technical report, Edinburgh University, 1989.Google Scholar
- F. Nielson and H. R. Nielson. Infinitary control flow analysis: a collecting semantics for closure analysis. POPL ’97. ACM, 1997. Google Scholar
Digital Library
- F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag, 1999. Google Scholar
Digital Library
- I. Sergey, D. Devriese, M. Might, J. Midtgaard, D. Darais, D. Clarke, and F. Piessens. Monadic abstract interpreters. PLDI ’13. ACM, 2013. Google Scholar
Digital Library
- M. Sharir and A. Pnueli. Two Approaches to Interprocedural Data Flow Analysis, chapter 7. Prentice-Hall, Inc., 1981.Google Scholar
- O. Shivers. Control-flow analysis of higher-order languages. PhD thesis, Carnegie Mellon University, 1991. Google Scholar
Digital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: Understanding object-sensitivity. POPL ’11. ACM, 2011. Google Scholar
Digital Library
- D. Van Horn and M. Might. Abstracting abstract machines. ICFP ’10. ACM, 2010. Google Scholar
Digital Library
Index Terms
Galois transformers and modular abstract interpreters: reusable metatheory for program analysis
Recommendations
Monadic abstract interpreters
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationRecent developments in the systematic construction of abstract interpreters hinted at the possibility of a broad unification of concepts in static analysis. We deliver that unification by showing context-sensitivity, polyvariance, flow-sensitivity, ...
Galois transformers and modular abstract interpreters: reusable metatheory for program analysis
OOPSLA 2015: Proceedings of the 2015 ACM SIGPLAN International Conference on Object-Oriented Programming, Systems, Languages, and ApplicationsThe design and implementation of static analyzers has become increasingly systematic. Yet for a given language or analysis feature, it often requires tedious and error prone work to implement an analyzer and prove it sound. In short, static analysis ...
Constructive Galois connections: taming the Galois connection framework for mechanized metatheory
ICFP 2016: Proceedings of the 21st ACM SIGPLAN International Conference on Functional ProgrammingGalois connections are a foundational tool for structuring abstraction in semantics and their use lies at the heart of the theory of abstract interpretation. Yet, mechanization of Galois connections remains limited to restricted modes of use, ...






Comments