Lund University Publications

Compositional dataflow analysis via abstract transition systems

• Mark

Bronevetsky, Greg ; Burke, Michael G. ; Aananthakrishnan, Sriram ; Reichenbach, Christoph ^LU ; Jisheng, Zhao and Sarkar, Vivek

Abstract

Fully precise static analysis of program behavior is undecidable in theory and infeasible in practice. While individual static analyses can prove specialized invariants about program behavior or resolve narrow ambiguities, real programs are complex composites of many different abstractions and programming patterns. State-of-the-art approaches to program analysis thus generally rely on composite analyses, which combine multiple distinct program analyses, each focused on specific aspects of rogram behavior. However, the diversity of static analysis techniques, implementation strategies, information representations, and the variation in the forms of abstraction that each analysis requires and produces makes analysis composition a challenging... (More)

Fully precise static analysis of program behavior is undecidable in theory and infeasible in practice. While individual static analyses can prove specialized invariants about program behavior or resolve narrow ambiguities, real programs are complex composites of many different abstractions and programming patterns. State-of-the-art approaches to program analysis thus generally rely on composite analyses, which combine multiple distinct program analyses, each focused on specific aspects of rogram behavior. However, the diversity of static analysis techniques, implementation strategies, information representations, and the variation in the forms of abstraction that each analysis requires and produces makes analysis composition a challenging task. In practice analysis developers either customize the coupling of pairs of analyses, where an analysis that wants information from analysis A develops logic to access A’s API, or they define specific abstraction layers that enumerate and thus restrict the forms of information that the analyses may communicate. This paper proposes an approach to composing multiple static analyses that is applicable to any static analysis, enables arbitrary analyses to be composed, and facilitates information haring independently of the analyses’ internal abstractions or even their abstract domains. It introduces a portable interface based on abstract transition systems, an abstraction over execution traces, that may be used in the implementation of any analysis. This interface allows any client (a tool or another analysis) to query any analysis’ results without any knowledge of the analysis’ internal abstractions or implementation details, or restrictions on the categories of information that may be communicated. The interface supports the sequential composition of analysis passes, but also more ‘tight’ forms of composition in which multiple analyses cooperatively compute a mutual fixed point, without necessarily being aware of each other. Our overall approach (a) lowers the bar of entry for constructing new composable analyses, enabling analysis writers to build highly specialized analyses that expose domain-specific insights but depend on other supporting analyses, (b) significantly reduces the effort needed to integrate specialized and general analyses into composite analyses. To examine the practicality of our approach, we have implemented a prototype analysis composition framework on top of the ROSE compiler framework for C++. We illustrate our approach on three textbook analyses (points-to, constant propagation/folding, and unreachable code), plus a fourth (domain-specific) analysis for the Message Passing Interface (MPI) API. tight analysis composition that allows individual analyses that are unaware of each other to mutually and Our experiments emonstrate that our prototype can scale to program verification tasks from the RERS 2017 verification challenge. (Less)