Automatically Tailoring Static Analysis to Custom Usage Scenarios

In recent years, there has been significant progress in the development and industrial adoption of static analyzers. Such analyzers typically provide a large, if not huge, number of configurable options controlling the precision and performance of the analysis. A major hurdle in integrating static analyzers in the software-development life cycle is tuning their options to custom usage scenarios, such as a particular code base or certain resource constraints. In this paper, we propose a technique that automatically tailors a static analyzer, specifically an abstract interpreter, to the code under analysis and any given resource constraints. We implement this technique in a framework called TAILOR, which we use to perform an extensive evaluation on real-world benchmarks. Our experiments show that the configurations generated by TAILOR are vastly better than the default analysis options, vary significantly depending on the code under analysis, and most remain tailored to several subsequent code versions.

[1]  André Carlos Ponce de Leon Ferreira de Carvalho,et al.  Hyper-Parameter Tuning of a Decision Tree Induction Algorithm , 2016, 2016 5th Brazilian Conference on Intelligent Systems (BRACIS).

[2]  David Monniaux,et al.  Stratified Static Analysis Based on Variable Dependencies , 2011, NSAD@SAS.

[3]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[4]  Guillaume Brat,et al.  Precise and efficient static array bound checking for large embedded C programs , 2004, PLDI '04.

[5]  Alexander Aiken,et al.  From invariant checking to invariant inference using randomized search , 2014, Formal Methods Syst. Des..

[6]  Patrick Cousot,et al.  Refining Model Checking by Abstract Interpretation , 2004, Automated Software Engineering.

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  Christophe G. Giraud-Carrier,et al.  Informing the Use of Hyperparameter Optimization Through Metalearning , 2017, 2017 IEEE International Conference on Data Mining (ICDM).

[9]  Yoshua Bengio,et al.  Random Search for Hyper-Parameter Optimization , 2012, J. Mach. Learn. Res..

[10]  Christian Bird,et al.  What developers want and need from program analysis: An empirical study , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[11]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[12]  Peter W. O'Hearn,et al.  Moving Fast with Software Verification , 2015, NFM.

[13]  Antoine Miné Field-sensitive value analysis of embedded C programs with union types and pointer arithmetics , 2006, LCTES '06.

[14]  Aaron Klein,et al.  Hyperparameter Optimization , 2017, Encyclopedia of Machine Learning and Data Mining.

[15]  Bertrand Jeannet,et al.  Widening with Thresholds for Programs with Complex Control Graphs , 2011, ATVA.

[16]  Sagar Chaki,et al.  Boxes: A Symbolic Abstract Domain of Boxes , 2010, SAS.

[17]  Andrew Ruef,et al.  Evaluating Design Tradeoffs in Numeric Static Analysis for Java , 2018, ESOP.

[18]  Manuel Fähndrich,et al.  Static Contract Checking with Abstract Interpretation , 2010, FoVeOOS.

[19]  Valentin Wüstholz,et al.  Bounded Abstract Interpretation , 2016, SAS.

[20]  Jorge A. Navas,et al.  The SeaHorn Verification Framework , 2015, CAV.

[21]  Cristiano Calcagno,et al.  Infer: An Automatic Program Verifier for Memory Safety of C Programs , 2011, NASA Formal Methods.

[22]  Kevin Leyton-Brown,et al.  Auto-WEKA: combined selection and hyperparameter optimization of classification algorithms , 2012, KDD.

[23]  Zhendong Su,et al.  Achieving high coverage for floating-point code via unconstrained programming , 2017, PLDI.

[24]  Patrick Cousot,et al.  A static analyzer for large safety-critical software , 2003, PLDI.

[25]  Hakjoo Oh,et al.  Data-driven context-sensitivity for points-to analysis , 2017, Proc. ACM Program. Lang..

[26]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[27]  Philippe Granger Static analysis of arithmetical congruences , 1989 .

[28]  C. D. Gelatt,et al.  Optimization by Simulated Annealing , 1983, Science.

[29]  Bor-Yuh Evan Chang,et al.  Abstract Interpretation with Alien Expressions and Heap Structures , 2005, VMCAI.

[30]  Hongseok Yang,et al.  Learning a Variable-Clustering Strategy for Octagon from Labeled Data Generated by a Static Analysis , 2016, SAS.

[31]  Aaron Klein,et al.  Practical Hyperparameter Optimization for Deep Learning , 2018, International Conference on Learning Representations.

[32]  Patrick Cousot,et al.  Abstract interpretation , 1996, CSUR.

[33]  Gianluca Amato,et al.  Experimental Evaluation of Numerical Domains for Inferring Ranges , 2018, Electron. Notes Theor. Comput. Sci..

[34]  Hongseok Yang,et al.  Adaptive Static Analysis via Learning with Bayesian Optimization , 2018, ACM Trans. Program. Lang. Syst..

[35]  Jorge A. Navas,et al.  Simple and precise static analysis of untrusted Linux kernel extensions , 2019, PLDI.

[36]  Jorge A. Navas,et al.  An Abstract Domain of Uninterpreted Functions , 2016, VMCAI.

[37]  Zhendong Su,et al.  Mathematical Execution: A Unified Approach for Testing Numerical Code , 2016, ArXiv.

[38]  Patrick Cousot,et al.  Combination of Abstractions in the ASTRÉE Static Analyzer , 2006, ASIAN.

[39]  Andreas Krause,et al.  Predicting Program Properties from "Big Code" , 2015, POPL.

[40]  Markus Püschel,et al.  Fast Numerical Program Analysis with Reinforcement Learning , 2018, CAV.

[41]  Hakjoo Oh,et al.  Design and implementation of sparse global analyses for C-like languages , 2012, PLDI.

[42]  Hongseok Yang,et al.  Resource-Aware Program Analysis Via Online Abstraction Coarsening , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[43]  R. Giacobazzi,et al.  A2I: Abstract2 Interpretation , 2019 .

[44]  Axel Simon,et al.  Widening as Abstract Domain , 2013, NASA Formal Methods.

[45]  Hakjoo Oh,et al.  Machine-Learning-Guided Selectively Unsound Static Analysis , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE).

[46]  Jorge A. Navas,et al.  IKOS: A Framework for Static Analysis Based on Abstract Interpretation , 2014, SEFM.

[47]  Jorge A. Navas,et al.  A Context-Sensitive Memory Model for Verification of C/C++ Programs , 2017, SAS.

[48]  Antoine Miné,et al.  A Few Graph-Based Relational Numerical Abstract Domains , 2002, SAS.

[49]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[50]  Michael Karr,et al.  Affine relationships among variables of a program , 1976, Acta Informatica.

[51]  N. Metropolis,et al.  Equation of State Calculations by Fast Computing Machines , 1953, Resonance.

[52]  Antoine Miné,et al.  Symbolic Methods to Enhance the Precision of Numerical Abstract Domains , 2006, VMCAI.

[53]  Patrick Cousot,et al.  Static determination of dynamic properties of programs , 1976 .