ABSTRACT
A central task for a program analysis concerns how to efficiently find a program abstraction that keeps only information relevant for proving properties of interest. We present a new approach for finding such abstractions for program analyses written in Datalog. Our approach is based on counterexample-guided abstraction refinement: when a Datalog analysis run fails using an abstraction, it seeks to generalize the cause of the failure to other abstractions, and pick a new abstraction that avoids a similar failure. Our solution uses a boolean satisfiability formulation that is general, complete, and optimal: it is independent of the Datalog solver, it generalizes the failure of an abstraction to as many other abstractions as possible, and it identifies the cheapest refined abstraction to try next. We show the performance of our approach on a pointer analysis and a typestate analysis, on eight real-world Java benchmark programs.
- T. Ball and S. Rajamani. The SLAM project: Debugging system software via static analysis. In POPL, 2002. Google ScholarDigital Library
- T. Beyene, C. Popeea, and A. Rybalchenko. Solving existentially quantified Horn clauses. In CAV, 2013. Google ScholarDigital Library
- A. Biere, A. Cimatti, E. Clarke, and Y. Zhu. Symbolic model checking without BDDs. In TACAS, 1999. Google ScholarDigital Library
- N. Bjørner, K. McMillan, and A. Rybalchenko. On solving universally quantified Horn clauses. In SAS, 2013.Google ScholarCross Ref
- M. Bravenboer and Y. Smaragdakis. Strictly declarative specification of sophisticated points-to analyses. In OOPSLA, 2009. Google ScholarDigital Library
- S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. In ICSE, 2003. Google ScholarDigital Library
- E. Clarke, A. Gupta, J. Kukula, and O. Shrichman. SAT based abstraction-refinement using ILP and machine learning techniques. In CAV, 2002. Google ScholarDigital Library
- E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement for symbolic model checking. JACM, 50 (5), 2003. Google ScholarDigital Library
- S. Fink, E. Yahav, N. Dor, G. Ramalingam, and E. Geay. Effective typestate verification in the presence of aliasing. ACM TOSEM, 17(2), 2008. Google ScholarDigital Library
- S. Grebenshchikov, A. Gupta, N. Lopes, C. Popeea, and A. Rybalchenko. HSF(C): A software verifier based on Horn clauses. In TACAS, 2012. Google ScholarDigital Library
- T. Henzinger, R. Jhala, R. Majumdar, and K. McMillan. Abstractions from proofs. In POPL, 2004. Google ScholarDigital Library
- K. Hoder, N. Bjørner, and L. de Moura. μZ - an efficient engine for fixed points with constraints. In CAV, 2011. Google ScholarDigital Library
- M. Janota. MiFuMax --- a literate MaxSat solver, 2013.Google Scholar
- B. Jaumard and B. Simeone. On the complexity of the maximum satisfiability problem for Horn formulas. IPL, 26(1):1--4, 1987. Google ScholarDigital Library
- G. Kastrinis and Y. Smaragdakis. Hybrid context sensitivity for points-to analysis. In PLDI, 2013. Google ScholarDigital Library
- O. Lhoták and L. Hendren. Jedd: a BDD-based relational extension of Java. In PLDI, 2004. Google ScholarDigital Library
- P. Liang and M. Naik. Scaling abstraction refinement via pruning. In PLDI, 2011. Google ScholarDigital Library
- V. Manquinho, J. M. Silva, and J. Planes. Algorithms for weighted boolean optimization. In SAT, 2009. Google ScholarDigital Library
- A. Milanova, A. Rountev, and B. Ryder. Parameterized object sensitivity for points-to and side-effect analyses for Java. In ISSTA, 2002. Google ScholarDigital Library
- J. Quielle and J. Sifakis. Specification and verification of concurrent systems in CESAR. In Proceedings of the 5th Intl. Symp. on Programming, 1982. Google ScholarDigital Library
- T. Reps, S. Horwitz, and M. Sagiv. Precise interprocedural dataflow analysis via graph reachability. In POPL, 1995. Google ScholarDigital Library
- Y. Smaragdakis and M. Bravenboer. Using Datalog for fast and easy program analysis. In Datalog 2.0 Workshop, 2010. Google ScholarDigital Library
- Y. Smaragdakis, M. Bravenboer, and O. Lhoták. Pick your contexts well: Understanding object-sensitivity. In POPL, 2013. Google ScholarDigital Library
- J. Whaley and M. Lam. Cloning-based context-sensitive pointer alias analysis using binary decision diagrams. In PLDI, 2004. Google ScholarDigital Library
- J. Whaley, D. Avots, M. Carbin, and M. Lam. Using Datalog with binary decision diagrams for program analysis. In APLAS, 2005. Google ScholarDigital Library
- X. Zhang, M. Naik, and H. Yang. Finding optimum abstractions in parametric dataflow analysis. In PLDI, 2013. Google ScholarDigital Library
Index Terms
- On abstraction refinement for program analyses in Datalog
Recommendations
On abstraction refinement for program analyses in Datalog
PLDI '14A central task for a program analysis concerns how to efficiently find a program abstraction that keeps only information relevant for proving properties of interest. We present a new approach for finding such abstractions for program analyses written in ...
Analyzing Program Analyses
POPL '15: Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming LanguagesWe want to prove that a static analysis of a given program is complete, namely, no imprecision arises when asking some query on the program behavior in the concrete (ie, for its concrete semantics) or in the abstract (ie, for its abstract interpretation)...
Scaling abstraction refinement via pruning
PLDI '11Many static analyses do not scale as they are made more precise. For example, increasing the amount of context sensitivity in a k-limited pointer analysis causes the number of contexts to grow exponentially with k. Iterative refinement techniques can ...
Comments