828 research outputs found
Variability Abstractions: Trading Precision for Speed in Family-Based Analyses (Extended Version)
Family-based (lifted) data-flow analysis for Software Product Lines (SPLs) is
capable of analyzing all valid products (variants) without generating any of
them explicitly. It takes as input only the common code base, which encodes all
variants of a SPL, and produces analysis results corresponding to all variants.
However, the computational cost of the lifted analysis still depends inherently
on the number of variants (which is exponential in the number of features, in
the worst case). For a large number of features, the lifted analysis may be too
costly or even infeasible. In this paper, we introduce variability abstractions
defined as Galois connections and use abstract interpretation as a formal
method for the calculational-based derivation of approximate (abstracted)
lifted analyses of SPL programs, which are sound by construction. Moreover,
given an abstraction we define a syntactic transformation that translates any
SPL program into an abstracted version of it, such that the analysis of the
abstracted SPL coincides with the corresponding abstracted analysis of the
original SPL. We implement the transformation in a tool, reconfigurator that
works on Object-Oriented Java program families, and evaluate the practicality
of this approach on three Java SPL benchmarks.Comment: 50 pages, 10 figure
A Non-Null Annotation Inferencer for Java Bytecode
We present a non-null annotations inferencer for the Java bytecode language.
We previously proposed an analysis to infer non-null annotations and proved it
soundness and completeness with respect to a state of the art type system. This
paper proposes extensions to our former analysis in order to deal with the Java
bytecode language. We have implemented both analyses and compared their
behaviour on several benchmarks. The results show a substantial improvement in
the precision and, despite being a whole-program analysis, production
applications can be analyzed within minutes
Recommended from our members
Combining Static and Dynamic Analysis for Bug Detection and Program Understanding
This work proposes new combinations of static and dynamic analysis for bug detection and program understanding. There are 3 related but largely independent directions: a) In the area of dynamic invariant inference, we improve the consistency of dynamically discovered invariants by taking into account second-order constraints that encode knowledge aboutinvariants; the second-order constraints are either supplied by the programmer or vetted by the programmer (among candidate constraints suggested automatically); b) In the area of testing dataflow (esp. map-reduce) programs, our tool, SEDGE, achieves higher testing coverage by leveraging existinginput data and generalizing them using a symbolic reasoning engine (a powerful SMT solver); c) In the area of bug detection, we identify and present the concept of residual investigation: a dynamic analysis that serves as theruntime agent of a static analysis. Residual investigation identifies with higher certainty whether an error reported by the static analysis is likely true
Data-Flow Analysis for Multi-Core Computing Systems: A Reminder to Reverse Data-Flow Analysis
The increasing demands for highly performant, proven correct, easily
maintainable, extensible programs together with the continuous
growth of real-world programs strengthen the pressure for powerful and
scalable program analyses for program development and code
generation. Multi-core computing systems offer new chances for
enhancing the scalability of program analyses, if the additional
computing power offered by these systems can be used
effectively. This, however, poses new challenges on the analysis
side. In principle, it requires program analyses which can be easily
parallelized and mapped to multi-core architectures. In this paper we
remind to reverse data-flow analysis, which has been introduced
and investigated in the context of demand-driven data-flow analysis,
as one such class of program analyses which is particularly suitable
for this
Compositional semantics of dataflow networks with query-driven communication of exact values
We develop and study the concept of dataflow process networks as used for exampleby Kahn to suit exact computation over data types related to real numbers, such as continuous functions and geometrical solids. Furthermore, we consider communicating these exact objectsamong processes using protocols of a query-answer nature as introduced in our earlier work. This enables processes to provide valid approximations with certain accuracy and focusing on certainlocality as demanded by the receiving processes through queries. We define domain-theoretical denotational semantics of our networks in two ways: (1) directly, i. e. by viewing the whole network as a composite process and applying the process semantics introduced in our earlier work; and (2) compositionally, i. e. by a fixed-point construction similarto that used by Kahn from the denotational semantics of individual processes in the network. The direct semantics closely corresponds to the operational semantics of the network (i. e. it iscorrect) but very difficult to study for concrete networks. The compositional semantics enablescompositional analysis of concrete networks, assuming it is correct. We prove that the compositional semantics is a safe approximation of the direct semantics. Wealso provide a method that can be used in many cases to establish that the two semantics fully coincide, i. e. safety is not achieved through inactivity or meaningless answers. The results are extended to cover recursively-defined infinite networks as well as nested finitenetworks. A robust prototype implementation of our model is available
Improving static analyses of C programs with conditional predicates
Extended version of the FMICS 2014 paperInternational audienceStatic code analysis is increasingly used to guarantee the absence of undesirable behaviors in industrial programs. Designing sound analyses is a continuing trade-off between precision and complexity. Notably, dataflow analyses often perform overly wide approximations when two control-flow paths meet, by merging states from each path.This paper presents a generic abstract interpretation based framework to enhance the precision of such analyses on join points. It relies on predicated domains, that preserve and reuse information valid only inside some branches of the code. Our predicates are derived from conditional statements, and postpone the loss of information.The work has been integrated into Frama-C, a C source code analysis platform. Experiments on real generated code show that our approach scales, and improves significantly the precision of the existing analyses of Frama-C
Improving static analyses of C programs with conditional predicates
Best paper awardInternational audienceStatic code analysis is increasingly used to guarantee the absence of undesirable behaviors in industrial programs. Designing sound analyses is a continuing trade-off between precision and complexity. Notably, dataflow analyses often perform overly wide approximations when two control-flow paths meet, by merging states from each path. This paper presents a generic abstract interpretation based framework to enhance the precision of such analyses on join points. It relies on predicated domains, that preserve and reuse information valid only inside some branches of the code. Our predicates are derived from conditionals statements, and postpone the loss of information. The work has been integrated into Frama-C, a C source code analysis platform. Experiments on real code show that our approach scales, and improves significantly the precision of the existing analyses of Frama-C
Value Partitioning: A Lightweight Approach to Relational Static Analysis for JavaScript
In static analysis of modern JavaScript libraries, relational analysis at key locations is critical to provide sound and useful results. Prior work addresses this challenge by the use of various forms of trace partitioning and syntactic patterns, which is fragile and does not scale well, or by incorporating complex backwards analysis. In this paper, we propose a new lightweight variant of trace partitioning named value partitioning that refines individual abstract values instead of entire abstract states. We describe how this approach can effectively capture important relational properties involving dynamic property accesses, functions with free variables, and predicate functions. Furthermore, we extend an existing JavaScript analyzer with value partitioning and demonstrate experimentally that it is a simple, precise, and efficient alternative to the existing approaches for analyzing widely used JavaScript libraries
Data Flow Analysis in the Presence of Correlated Calls
This thesis presents a technique to improve the precision of data-flow analyses on object-oriented programs in the presence of correlated calls. We say that two method calls are correlated if they are polymorphic (have multiple targets) and are invoked on the same object. Correlated calls are problematic because they can make existing data-flow analyses consider certain infeasible data-flow paths as valid. This leads to loss in precision of the analysis solution.
We show how infeasible paths can be eliminated for Inter-procedural Finite Distributive Subset (IFDS) problems, a large class of data-flow analysis problems. We show how the precision of IFDS problems can be improved in the presence of correlated calls, by using the Inter-procedural Distributive Environment (IDE) algorithm to eliminate infeasible paths. Using IDE, we eliminate the infeasible paths and obtain a more precise result for the original IFDS problem.
Our analysis is implemented in Scala, using the WALA framework for static program analysis on Java bytecode
- …