SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement

Authors:
Gogul Balakrishnan;Sriram Sankaranarayanan;Franjo Ivančić;Ou Wei;Aarti Gupta
Affiliations:
NEC Laboratories America, Princeton, USA;NEC Laboratories America, Princeton, USA;NEC Laboratories America, Princeton, USA;University of Toronto,;NEC Laboratories America, Princeton, USA
Venue:
SAS '08 Proceedings of the 15th international symposium on Static Analysis
Year:
2008

Citing 19
Cited 4

Abstract debugging of higher-order imperative languages

PLDI '93 Proceedings of the ACM SIGPLAN 1993 conference on Programming language design and implementation
Verification of Real-Time Systems using Linear Relation Analysis

Formal Methods in System Design - Special issue on computer aided verification (CAV 93)
Refining data flow information using infeasible paths

ESEC '97/FSE-5 Proceedings of the 6th European SOFTWARE ENGINEERING conference held jointly with the 5th ACM SIGSOFT international symposium on Foundations of software engineering
ESP: path-sensitive program verification in polynomial time

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
The Octagon Abstract Domain

WCRE '01 Proceedings of the Eighth Working Conference on Reverse Engineering (WCRE'01)
Joining dataflow with predicates

Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Model Checking C Programs Using F-SOFT

ICCD '05 Proceedings of the 2005 International Conference on Computer Design
Widening operators for powerset domains

International Journal on Software Tools for Technology Transfer (STTT)
Detecting large number of infeasible paths through recognizing their patterns

Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
Algorithms for Computing Minimal Unsatisfiable Subsets of Constraints

Journal of Automated Reasoning
Static analysis in disjunctive numerical domains

SAS'06 Proceedings of the 13th international conference on Static Analysis
Path-Sensitive dataflow analysis with iterative refinement

SAS'06 Proceedings of the 13th international conference on Static Analysis
Trace partitioning in abstract interpretation based static analyzers

ESOP'05 Proceedings of the 14th European conference on Programming Languages and Systems
Understanding the origin of alarms in ASTRÉE

SAS'05 Proceedings of the 12th international conference on Static Analysis
Discovery of minimal unsatisfiable subsets of constraints using hitting set dualization

PADL'05 Proceedings of the 7th international conference on Practical Aspects of Declarative Languages
Counterexample driven refinement for abstract interpretation

TACAS'06 Proceedings of the 12th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Fixpoint-guided abstraction refinements

SAS'07 Proceedings of the 14th international conference on Static Analysis
Program analysis using symbolic ranges

SAS'07 Proceedings of the 14th international conference on Static Analysis

Loop refinement using octagons and satisfiability

SSV'10 Proceedings of the 5th international conference on Systems software verification
Precise control flow reconstruction using boolean logic

EMSOFT '11 Proceedings of the ninth ACM international conference on Embedded software
Evolutionary generation of test data for many paths coverage based on grouping

Journal of Systems and Software
SMT-based false positive elimination in static program analysis

ICFEM'12 Proceedings of the 14th international conference on Formal Engineering Methods: formal methods and software engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a technique for detecting semantically infeasible paths in programs using abstract interpretation. Our technique uses a sequence of path-insensitive forward and backward runs of an abstract interpreter to infer paths in the control flow graph that cannot be exercised in concrete executions of the program.We then present a syntactic language refinement (SLR) technique that automatically excludes semantically infeasible paths from a program during static analysis. SLR allows us to iteratively prove more properties. Specifically, our technique simulates the effect of a path-sensitive analysis by performing syntactic language refinement over an underlying path-insensitive static analyzer. Finally, we present experimental results to quantify the impact of our technique on an abstract interpreter for C programs.