Sound, complete and scalable path-sensitive analysis

Dillig, Işıl; Dillig, Thomas; Aiken, Alex

doi:10.1145/1375581.1375615

Cited by 100 publications

(71 citation statements)

References 22 publications

(13 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An incremental analysis based on incremental specifications such as those found in formal models is presented in [15], while we do not rely on specifications. The notion of summary has been previously used in other contexts [29,13] different from incremental analysis. It is also worth mentioning recent work on incremental analysis [16] which defines an incremental analysis via domain specific solvers, for declarative modeling language based on first-order logic with sets and relations.…”

Section: Related Workmentioning

confidence: 99%

A multi-domain incremental analysis engine and its application to incremental resource analysis

Albert

Fernández

Puebla

et al. 2015

Theoretical Computer Science

View full text Add to dashboard Cite

The aim of incremental analysis is, given a program, its analysis results, and a series of changes to the program, to obtain the new analysis results as efficiently as possible and, ideally, without having to (re-)analyze fragments of code which are not affected by the changes. Incremental analysis can significantly reduce both the time and the memory requirements of analysis. The first contribution of this article is a multi-domain incremental fixed-point algorithm for a sequential Java-like language. The algorithm is multi-domain in the sense that it interleaves the (re-)analysis for multiple domains by taking into account dependencies among them. Importantly, this allows the incremental analyzer to invalidate only those analysis results previously inferred by certain dependent domains. The second contribution is an incremental resource usage analysis which, in its first phase, uses the multi-domain incremental fixed-point algorithm to carry out all global pre-analyses required to infer cost in an interleaved way. Such resource analysis is parametric on the cost metrics one wants to measure (e.g., number of executed instructions, number of objects created, etc.). Besides, we present a novel form of cost summaries which allows us to incrementally reconstruct only those components of cost functions affected by the changes. Experimental results in the costa system show that the proposed incremental analysis provides significant performance gains, ranging from a speedup of 1.48 up to 5.13 times faster than non-incremental analysis.

show abstract

Section: Related Workmentioning

confidence: 99%

A multi-domain incremental analysis engine and its application to incremental resource analysis

Albert

Fernández

Puebla

et al. 2015

Theoretical Computer Science

View full text Add to dashboard Cite

show abstract

“…For example, Saturn [7] is a scalable analysis engine that is both sound and complete with respect to the user-provided abstraction, written in its Calypso language. This framework enables the programmer to manually refine and optimize the abstraction for each specific analysis task.…”

Section: Related Workmentioning

confidence: 99%

“…In general, model checking based tools are precise but do not scale to practical programs [14], while scalable tools using specially designed algorithms are often imprecise [4,6,7]. For example, Saturn [7] is a scalable static analysis engine that is both sound and complete with respect to the userprovided analysis script. Writing a script that is sound and complete with respect to the target program, however, is as difficult as writing an analysis engine itself.…”

Section: Introductionmentioning

confidence: 99%

Practical lock/unlock pairing for concurrent programs

Cho

Kelly

Wang

et al. 2013

Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)

View full text Add to dashboard Cite

In the multicore era, developers face increasing pressure to parallelize their programs. However, building correct and efficient concurrent programs is substantially more difficult than building sequential ones. To address the multicore challenge, numerous tools have been developed to assist multithreaded programmers, including static and dynamic bug detectors, automated bug fixers, and optimization tools. Many of these tools rely on or benefit from the precise identification of critical sections, i.e., sections where the thread of execution holds at least one lock. For languages where critical sections are not lexically scoped, e.g., C/C++, static analysis often fails to pair up lock and unlock calls correctly.In this paper, we propose a practical lock/unlock pairing mechanism that combines static analysis with dynamic instrumentation to identify critical sections in POSIX multithreaded C/C++ programs. Our method first applies a conservative inter-procedural path-sensitive dataflow analysis to pair up all lock and unlock calls. When the static analysis fails, our method makes assumptions about the pairing using common heuristics. These assumptions are checked at runtime using lightweight instrumentation. Our experiments show that only one out of 891 lock/unlock pairs violates our assumptions at runtime and the instrumentation imposes negligible overhead of 3.34% at most, for large open-source server programs. Overall, our mechanism can pair up 98.2% of all locks including 7.1% of them paired speculatively.

show abstract

“…However, there has been a lot of research done in the context of other languages. Examples of approaches to path-sensitive static analysis include [6], [7], [15], [8], [2], [16].…”

Section: State Of the Artmentioning

confidence: 99%

On Security Analysis of PHP Web Applications

Hauzar

Kofroň

2012

2012 IEEE 36th Annual Computer Software and Applications Conference Workshops

View full text Add to dashboard Cite

Abstract-In recent years, focus of business world has been moved towards the Internet. Web applications provide a generous interface non-stop thus offering to malicious users a wide spectrum of possible attacks. Consequently, the security of web applications has become a crucial issue.The state-of-the-art tools for bug discovery in languages used for web-application development, such as PHP, suffer from a relatively high false-positive rate and low coverage of real errors; this is caused mainly by unprecise modeling of dynamic features of such languages and path-insensivity of the tools. In this paper, we will demonstrate weak points of the tools and describe our novel approach to these issues. We will show how our technique handles some of the situations where other tools fail and illustrate it on examples.

show abstract

Sound, complete and scalable path-sensitive analysis

Cited by 100 publications

References 22 publications

A multi-domain incremental analysis engine and its application to incremental resource analysis

A multi-domain incremental analysis engine and its application to incremental resource analysis

Practical lock/unlock pairing for concurrent programs

On Security Analysis of PHP Web Applications

Contact Info

Product

Resources

About