Joining dataflow with predicates

Authors:
Jeffrey Fischer;Ranjit Jhala;Rupak Majumdar
Affiliations:
UC Los Angeles;UC San Diego;UC Los Angeles
Venue:
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Year:
2005

Citing 26
Cited 18

Typestate: A programming language concept for enhancing software reliability

IEEE Transactions on Software Engineering
Constant propagation with conditional branches

ACM Transactions on Programming Languages and Systems (TOPLAS)
Precise interprocedural dataflow analysis via graph reachability

POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Timing verification by successive approximation

Information and Computation
A flexible architecture for building data flow analyzers

Proceedings of the 18th international conference on Software engineering
Refining data flow information using infeasible paths

ESEC '97/FSE-5 Proceedings of the 6th European SOFTWARE ENGINEERING conference held jointly with the 5th ACM SIGSOFT international symposium on Foundations of software engineering
Parametric shape analysis via 3-valued logic

Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors

Software—Practice & Experience
The SLAM project: debugging system software via static analysis

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Lazy abstraction

POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow-sensitive type qualifiers

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time

PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
A unified approach to global program optimization

POPL '73 Proceedings of the 1st annual ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints

POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
A Discipline of Programming

A Discipline of Programming
Systematic design of program analysis frameworks

POPL '79 Proceedings of the 6th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Construction of Abstract State Graphs with PVS

CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
Counterexample-Guided Abstraction Refinement

CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
Expected forms of data flow analyses

Programs as Data Objects, Proceedings of a Workshop
Checking and inferring local non-aliasing

PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Assertion Graphs for Verifying and Synthesizing Programs

Assertion Graphs for Verifying and Synthesizing Programs
Frameworks for precise program analysis

Frameworks for precise program analysis
Abstractions from proofs

Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Flow analysis for verifying properties of concurrent software systems

ACM Transactions on Software Engineering and Methodology (TOSEM)
Scalable error detection using boolean satisfiability

Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
CMC: a pragmatic approach to model checking real code

OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading

Static specification inference using predicate mining

Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Comprehensive path-sensitive data-flow analysis

Proceedings of the 6th annual IEEE/ACM international symposium on Code generation and optimization
Simulation-directed invariant mining for software verification

Proceedings of the conference on Design, automation and test in Europe
SLR: Path-Sensitive Analysis through Infeasible-Path Detection and Syntactic Language Refinement

SAS '08 Proceedings of the 15th international symposium on Static Analysis
Combining predicate and numeric abstraction for software model checking

Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
On temporal path conditions in dependence graphs

Automated Software Engineering
Software model checking

ACM Computing Surveys (CSUR)
WYSINWYX: What you see is not what you eXecute

ACM Transactions on Programming Languages and Systems (TOPLAS)
Configurable software verification: concretizing the convergence of model checking and program analysis

CAV'07 Proceedings of the 19th international conference on Computer aided verification
Analyzing stripped device-driver executables

TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Automatically refining abstract interpretations

TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Exploiting program dependencies for scalable multiple-path symbolic execution

Proceedings of the 19th international symposium on Software testing and analysis
Path-Sensitive dataflow analysis with iterative refinement

SAS'06 Proceedings of the 13th international conference on Static Analysis
Using statically computed invariants inside the predicate abstraction and refinement loop

CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Lazy shape analysis

CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Predicate analysis with BLAST 2.7

TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Conditional model checking: a technique to pass information between verifiers

Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering
Path-Sensitive backward slicing

SAS'12 Proceedings of the 19th international conference on Static Analysis

Quantified Score

Hi-index	0.00

Visualization

Abstract

Dataflow analyses sacrifice path-sensitivity for efficiency and lead to false positives when used for verification. Predicate refinement based model checking methods are path-sensitive but must perform many expensive iterations to find all the relevant facts about a program, not all of which are naturally expressed and analyzed using predicates. We show how to join these complementary techniques to obtain efficient and precise versions of any lattice-based dataflow analysis using predicated lattices. A predicated lattice partitions the program state according to a set of predicates and tracks a lattice element for each partition. The resulting dataflow analysis is more precise than the eager dataflow analysis without the predicates.In addition, we automatically infer predicates to rule out imprecisions. The result is a dataflow analysis that can adaptively refine its precision. We then instantiate this generic framework using a symbolic execution lattice, which tracks pointer and value information precisely. We give experimental evidence that our combined analysis is both more precise than the eager analysis in that it is sensitive enough to prove various properties, as well as much faster than the lazy analysis, as many relevant facts are eagerly computed, thus reducing the number of iterations.This results in an order of magnitude improvement in the running times from a purely lazy analysis.