Program Analysis is Harder than Verification: A Computability Perspective

Cousot, Patrick; Giacobazzi, Roberto; Ranzato, Francesco

doi:10.29007/6psr

Cited by 5 publications

(4 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Over the years, there has always been the intuition that program analysis was harder than verification: given a program, the aim of the former is to derive invariants for each program point, the one of the latter is instead to check whether a certain property holds for the given input program. Recently, this concept has been formalized from a computability point of view [41], confirming this belief. Therefore, our approach, placed in the context of static analysis of string manipulation programs, has goals that are hardly comparable with the solutions proposed in the context of verification, such as those cited above.…”

Section: Analysis Vs Verificationmentioning

confidence: 64%

Static Analysis for ECMAScript String Manipulation Programs

Arceri

Mastroeni

2020

Applied Sciences

View full text Add to dashboard Cite

In recent years, dynamic languages, such as JavaScript or Python, have been increasingly used in a wide range of fields and applications. Their tricky and misunderstood behaviors pose a great challenge for static analysis of these languages. A key aspect of any dynamic language program is the multiple usage of strings, since they can be implicitly converted to another type value, transformed by string-to-code primitives or used to access an object-property. Unfortunately, string analyses for dynamic languages still lack precision and do not take into account some important string features. In this scenario, more precise string analyses become a necessity. The goal of this paper is to place a first step for precisely handling dynamic language string features. In particular, we propose a new abstract domain approximating strings as finite state automata and an abstract interpretation-based static analysis for the most common string manipulating operations provided by the ECMAScript specification. The proposed analysis comes with a prototype static analyzer implementation for an imperative string manipulating language, allowing us to show and evaluate the improved precision of the proposed analysis.

show abstract

Section: Analysis Vs Verificationmentioning

confidence: 64%

Static Analysis for ECMAScript String Manipulation Programs

Arceri

Mastroeni

2020

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…As observed by Floyd [14], invariants represent properties of recursive definitions as well as of iterative commands and, as pointed out by Edsger Wybe Dijkstra [20], finding strong enough invariants is the main challenge in proving program correctness, due to the undecidability of program termination. In their very essence, program analysis and program verification correspond precisely to automatically derive -i.e., through an algorithm -an invariant which is strong enough to let us prove statically -i.e., at compile-time or anyway before program execution -that some expected or desired property holds at run-time [21]. Major examples of program properties that can be statically inferred by automatically deriving program invariants are the absence of bugs -the so-called safety program properties -and the information on program variables used for code optimization in program compilation, such as liveness and constancy of variables as derived by classical data-flow analysis.…”

Section: Ieee Annals Of the History Of Computingmentioning

confidence: 99%

History of Abstract Interpretation

Giacobazzi

Ranzato

2022

IEEE Annals Hist. Comput.

Self Cite

View full text Add to dashboard Cite

We trace the roots of abstract interpretation and its role as a foundational principle to understand and design static program analysis and verification methods. Starting from the historical roots of formal methods and static program analysis, we show how abstract interpretation evolved and influenced the way we reason about program correctness in different programming languages and how this method shaped the literature and the practice in program analysis in the last 45 years.

show abstract

“…We adapt the general definition of static program verifier of Cousot et al [7,Definition 4.3] to our framework. Given a program property P ⊆ N to check, a static program verifier is a total recursive function V : N → {0, 1}, which is sound when for all p ∈ N, V(p) = 1 ⇒ p ∈ P , while V is precise if the reverse implication also holds, i.e., when V(p) = 1 ⇔ p ∈ P holds.…”

Section: An Application To Static Program Verifiersmentioning

confidence: 99%

“…For instance, even some programs with an exponential lower bound will be wrongly classified by V as programs that do not meet a cubic lower bound. ◀As shown by Cousot et al[7, Theorem 5.4], precise static verifiers cannot be designed (unless for trivial program properties). The examples above prove that, additionally, we cannot have any certain information on an input program p whenever the output of a sound (and imprecise) verifier for p is 0.…”

mentioning

confidence: 99%

Intensional Kleene and Rice Theorems for Abstract Program Semantics

Baldan¹,

Ranzato²,

Zhang³

2021

Preprint

Self Cite

View full text Add to dashboard Cite

Classical results in computability theory, notably Rice's theorem, focus on the extensional content of programs, namely, on the partial recursive functions that programs compute. Later and more recent work investigated intensional generalisations of such results that take into account the way in which functions are computed, thus affected by the specific programs computing them. In this paper, we single out a novel class of program semantics based on abstract domains of program properties that are able to capture nonextensional aspects of program computations, such as their asymptotic complexity or logical invariants, and allow us to generalise some foundational computability results such as Rice's Theorem and Kleene's Second Recursion Theorem to these semantics. In particular, it turns out that for this class of abstract program semantics, any nontrivial abstract property is undecidable and every decidable overapproximation necessarily includes an infinite set of false positives which covers all values of the semantic abstract domain.

show abstract

Program Analysis is Harder than Verification: A Computability Perspective

Cited by 5 publications

References 26 publications

Static Analysis for ECMAScript String Manipulation Programs

Static Analysis for ECMAScript String Manipulation Programs

History of Abstract Interpretation

Intensional Kleene and Rice Theorems for Abstract Program Semantics

Contact Info

Product

Resources

About