Galois transformers and modular abstract interpreters: reusable metatheory for program analysis

We propose a novel, unified approach to the development of compositional symbolic execution tools, bridging the gap between classical symbolic execution and compositional program reasoning based on separation logic. Using this approach, we build JaVerT 2.0, a symbolic analysis tool for JavaScript that follows the language semantics without simplifications. JaVerT 2.0 supports whole-program symbolic testing, verification, and, for the first time, automatic compositional testing based on bi-abduction. The meta-theory underpinning JaVerT 2.0 is developed modularly, streamlining the proofs and informing the implementation. Our explicit treatment of symbolic execution errors allows us to give meaningful feedback to the developer during wholeprogram symbolic testing and guides the inference of resource of the bi-abductive execution. We evaluate the performance of JaVerT 2.0 on a number of JavaScript data-structure libraries, demonstrating: the scalability of our whole-program symbolic testing; an improvement over the state-of-the-art in JavaScript verification; and the feasibility of automatic compositional testing for JavaScript.

Section: Overviewmentioning

confidence: 52%

JaVerT 2.0: compositional symbolic execution for JavaScript

Santos

Maksimovic

Sampaio

et al. 2019

“…These arrow transformers are well-known and we borrowed their definition from the arrow transformer libraries arrows and atl on Hackage. 2 Furthermore, some of these arrow transformers appeared in form of monad transformers in [Darais et al 2017[Darais et al , 2015], which we took inspiration from. Environment Components To implement environment components, we created the type class ArrowEnv with an operation getEnv to fetch an environment, localEnv to set a new environment in a local context, extendEnv to extend the given environment with a new binding and lookup to look up a binding in the current environment: Based on this interface, we created two components for environments.…”

Section: Analysis Componentsmentioning

confidence: 99%

“…The idea of composing static analyses from modular components has also been explored by Darais et al [2015]. The authors also propose to share code between concrete and abstract interpreter.…”

Section: Related Workmentioning

confidence: 99%

Sound and reusable components for abstract interpretation

Keidel

Erdweg

2019

interpretation is a methodology for defining sound static analysis. Yet, building sound static analyses for modern programming languages is difficult, because these static analyses need to combine sophisticated abstractions for values, environments, stores, etc. However, static analyses often tightly couple these abstractions in the implementation, which not only complicates the implementation, but also makes it hard to decide which parts of the analyses can be proven sound independently from each other. Furthermore, this coupling makes it hard to combine soundness lemmas for parts of the analysis to a soundness proof of the complete analysis. To solve this problem, we propose to construct static analyses modularly from reusable analysis components. Each analysis component encapsulates a single analysis concern and can be proven sound independently from the analysis where it is used. We base the design of our analysis components on arrow transformers, which allows us to compose analysis components. This composition preserves soundness, which guarantees that a static analysis is sound, if all its analysis components are sound. This means that analysis developers do not have to worry about soundness as long as they reuse sound analysis components. To evaluate our approach, we developed a library of 13 reusable analysis components in Haskell. We use these components to define a k-CFA analysis for PCF and an interval and reaching definition analysis for a While language. CCS Concepts: • Software and its engineering → Automated static analysis; • Theory of computation → Proof theory.

“…Galois transformers and modular abstract interpreters by Darais et al [2015] represent a systematic way to construct monadic abstract interpreters. Galois transformers are monad transformers, whose monadic operations can be proven sound with respect to each other.…”

Section: Related Workmentioning

confidence: 99%

Compositional soundness proofs of abstract interpreters

Keidel

Poulsen

Erdweg

2018

interpretation is a technique for developing static analyses. Yet, proving abstract interpreters sound is challenging for interesting analyses, because of the high proof complexity and proof effort. To reduce complexity and effort, we propose a framework for abstract interpreters that makes their soundness proof compositional. Key to our approach is to capture the similarities between concrete and abstract interpreters in a single shared interpreter, parameterized over an arrow-based interface. In our framework, a soundness proof is reduced to proving reusable soundness lemmas over the concrete and abstract instances of this interface; the soundness of the overall interpreters follows from a generic theorem. To further reduce proof effort, we explore the relationship between soundness and parametricity. Parametricity not only provides us with useful guidelines for how to design non-leaky interfaces for shared interpreters, but also provides us soundness of shared pure functions as free theorems. We implemented our framework in Haskell and developed a k-CFA analysis for PCF and a tree-shape analysis for Stratego. We were able to prove both analyses sound compositionally with manageable complexity and effort, compared to a conventional soundness proof. CCS Concepts: • Software and its engineering → Automated static analysis; • Theory of computation → Proof theory;