Sound Non-Statistical Clustering of Static Analysis Alarms

Lee, Woosuk; Lee, Wonchan; Kang, Dongok; Heo, Kihong; Oh, Hakjoo; Yi, Kwangkeun

doi:10.1145/3095021

Cited by 22 publications

(30 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An offline meta-analysis can also be done after a program analysis to provide a diagnosis on the output of the analysis. This pattern of meta-analysis has been followed by Cadar and Donaldson [2016] for analysing the absence of false negatives in the results of unsound program analyses and by Lee et al [2017] for designing a methodology for clustering alarms detected by a program analysis according to their sound dependencies.…”

Section: Related Workmentioning

confidence: 99%

“…An early example of this approach for designing relational domains is provided by the offline/static variable packing in the Astrée program analyser as described by [Blanchet et al 2003, Section 7]. More refined offline meta-analyses for octagons are designed in Lee et al 2017;] whereR(ℓ) over-approximates the set of pairs of program variables…”

Section: Offline a 2 I For Designing Relational Abstract Domainsmentioning

confidence: 99%

See 1 more Smart Citation

A²I: abstract² interpretation

Cousot

Ranzato

Giacobazzi

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

The fundamental idea of Abstract 2 Interpretation (A 2 I), also called meta-abstract interpretation, is to apply abstract interpretation to abstract interpretation-based static program analyses. A 2 I is generally meant to use abstract interpretation to analyse properties of program analysers. A 2 I can be either offline or online. Offline A 2 I is performed either before the program analysis, such as variable packing used by the Astrée program analyser, or after the program analysis, such as in alarm diagnosis. Online A 2 I is performed during the program analysis, such as Venet's cofibred domains or Halbwachs et al. 's and Singh et al. 's variable partitioning techniques for fast polyhedra/numerical abstract domains. We formalize offline and online meta-abstract interpretation and illustrate this notion with the design of widenings and the decomposition of relational abstract domains to speed-up program analyses. This shows how novel static analyses can be extracted as meta-abstract interpretations to design efficient and precise program analysis algorithms.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Offline a 2 I For Designing Relational Abstract Domainsmentioning

confidence: 99%

A²I: abstract² interpretation

Cousot

Ranzato

Giacobazzi

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…While Astrée is specialized for analyzing synchronous safety critical embedded softwares, Sparrow is designed for supporting the full set of the C programming language. It uses various analysis techniques such as a general sparse analysis framework [Oh et al 2012] for scalability and alarm clustering [Lee et al 2012b] for convenience. In addition to traditional sensitivities, Sparrow supports a way to use context-sensitivity selectively [Oh et al 2014].…”

Section: Sparrowmentioning

confidence: 99%

A Theoretical Foundation of Sensitivity in an Abstract Interpretation Framework

Kim¹,

Rival

Ryu

2018

ACM Trans. Program. Lang. Syst.

View full text Add to dashboard Cite

xx A Theoretical Foundation of Sensitivity in an Abstract Interpretation FrameworkSE-WON KIM, S-Core 1 XAVIER RIVAL, CNRS, ENS, INRIA Paris-Rocquencourt, PSL* University SUKYOUNG RYU, KAIST Program analyses often utilize various forms of sensitivity such as context sensitivity, call-site sensitivity, and object sensitivity. These techniques all allow for more precise program analyses, that are able to compute more precise program invariants, and to verify stronger properties. Despite the fact that sensitivity techniques are now part of the standard toolkit of static analyses designers and implementers, no comprehensive frameworks allow the description of all common forms of sensitivity. As a consequence, the soundness proofs of static analysis tools involving sensitivity often rely on ad hoc formalization, which are not always carried out in an abstract interpretation framework. Moreover, this also means that opportunities to identify similarities between analysis techniques to better improve abstractions or to tune static analysis tools can easily be missed.In this paper, we present and formalize a framework for the description of sensitivity in static analysis. Our framework is based on a powerful abstract domain construction, and utilizes reduced cardinal power to tie basic abstract predicates to the properties analyses are sensitive to. We formalize this abstraction, and the main abstract operations that are needed to turn it into a generic abstract domain construction. We demonstrate that our approach can allow for a more precise description of program states, and that it can also describe a large set of sensitivity techniques, both when sensitivity criteria are static (known before the analysis) or dynamic (inferred as part of the analysis), and sensitive analysis tuning parameters. Last, we show that sensitivity techniques used in state of the art static analysis tools can be described in our framework.

show abstract

“…Our work resembles to Lee 's work in the sense that both works refine the abstraction by exploiting the information about error state [14]. We are both trying to classify the alarms by their correlate relationship, but Lee 's method is based on a super control flow graph.…”

Section: Related Workmentioning

confidence: 99%

Research of alarm correlations based on static defect detection

et al. 2015

View full text Add to dashboard Cite

Original scientific paper Traditional static defect detection tools can detect software defects and report alarms, but the correlations among alarms are not identified and massive independent alarms are against the understanding. Helping users in the alarm verification task is a major challenge for current static defect detection tools. In this paper, we formally introduce alarm correlations. If the occurrence of one alarm causes another alarm, we say that they are correlated. If one dominant alarm is uniquely correlated with another, we know verifying the first will also verify the others. Guided by the correlation, we can reduce the number of alarms required for verification. Our algorithms are inter-procedural, path-sensitive, and scalable. We present a correlation procedure summary model for inter-procedural alarm correlation calculation. The underlying algorithms are implemented inside our defect detection tools. We chose one common semantic fault as a case study and proved that our method has the effect of reducing 34,23 % of workload. Using correlation information, we are able to automate the alarm verification that previously had to be done manually. Keywords: abstract interpretation; alarm correlations; alarm verification; correlation summary; state slicing Istraživanje korelacija alarma na temelju detekcije statičkog kvaraIzvorni znanstveni članak Tradicionalni alati za detekciju statičkog kvara mogu detektirati kvarove softvera i objaviti alarm, ali korelacije između alarma nisu identificirane i masivni nezavisni alarmi protivni su razumijevanju. Pomaganje korisnicima u verifikaciji alarma predstavlja veliki izazov postojećim alatima za detekciju statičke greške. U ovom radu mi formalno uvodimo korelacije alarma. Ako postojanje jednog alarma uzrokuje drugi, kažemo da su u korelaciji. Ako je jedan dominantni alarm jedinstveno povezan s drugim, znamo da će se verifikacijom jednoga također verificirati drugi. Na osnovu korelacije možemo reducirati broj alarma potrebnih za verifikaciju. Naši su algoritmi inter-proceduralni, osjetljivi na putanju i podesivi (scalable). Mi prikazujemo sumarni model postupka korelacije za računanje inter-proceduralne korelacije alarma. Osnovni algoritmi su implementirani u naše alate za detekciju kvara. Izabrali smo jednu uobičajenu semantičku pogrešku za analizu slučaja i dokazali da naša metoda rezultira smanjenjem radnog opterećenja za 34,23 %. Primjenom korelacijeske informacije možemo automatizirati verifikaciju alarma, što se ranije moralo raditi ručno.

show abstract

Sound Non-Statistical Clustering of Static Analysis Alarms

Cited by 22 publications

References 31 publications

A²I: abstract² interpretation

A²I: abstract² interpretation

A Theoretical Foundation of Sensitivity in an Abstract Interpretation Framework

Research of alarm correlations based on static defect detection

Contact Info

Product

Resources

About